Setting Up A Raspberry Pi

Installing the Operating System on an SD Card

To set up an operating system for your Raspberry Pi, you have various options, and one of the popular choices is Raspbian, the official distribution from raspberrypi.org. Raspbian comes in two versions: the full version and the Lite version. The Lite version is a good starting point as it can be easily upgraded with additional software packages as needed. The full version includes more software that you may not necessarily require.

To get started, download the Raspberry Pi Imager from the raspberrypi.org website and install it on your computer. Once installed, open the application and click on “Choose OS” on the first screen. From the list of distributions, select “Raspberry Pi OS Lite (32-bit)” under “Raspberry Pi OS (Other).” Then, insert your SD card into your computer and click on “Choose SD card” to select the inserted SD card. Finally, click on “write” to begin the installation process. The installation of Raspbian Lite typically takes around three minutes, while the full Raspbian version may take approximately ten minutes. Once the process is completed, you will have a bootable disk with Raspbian.

There are two convenient methods to access your Raspberry Pi without a keyboard or monitor: through the serial port console or via WiFi and SSH. To access the Pi through the serial port, you will need a USB-to-serial adapter. This method is generally more reliable as it does not rely on network access, but it does require the adapter. On the other hand, to access the Pi through WiFi and SSH, you need to configure the Pi to connect to the same network as your personal computer.

To enable SSH access using either the serial port or WiFi, there are a few files you need to be aware of: config.txt, ssh, and wpa_supplicant.conf. You can create and edit these files on your boot disk before powering up the Pi. Once you have created the boot disk, remove it from your computer and re-insert it. Open the config.txt file in a text editor to make the necessary configurations.

Enabling Serial Port Access

Starting from the 2017-04-10 release of Raspbian, the Pi’s serial terminal is no longer enabled by default. If you want to access the Pi via a serial terminal, you’ll need to make a modification to the config.txt file on your boot disk. To do this, follow these steps:

  1. Insert the boot disk (SD card) into your computer.
  2. Locate the config.txt file on the boot disk and open it in a text editor.
  3. Scroll to the end of the file and add the following line:
enable_uart=1

UART stands for Universal Asynchronous Receiver-Transmitter, which is essentially an asynchronous serial port. Enabling the serial port on your Raspberry Pi is as simple as adding the enable_uart=1 line to the config.txt file on the boot disk, as mentioned earlier. Now, let’s see how you can connect to the hardware to use the serial port:

  1. Make sure your Raspberry Pi is powered off.
  2. Connect a USB-to-serial adapter to your computer.
  3. Use jumper wires to connect the adapter’s RXD pin to the Pi’s TXD pin and the adapter’s TXD pin to the Pi’s RXD pin.
  4. Connect the ground (GND) pin on the adapter to any ground pin (e.g., pin 6) on the Pi.
  5. Plug in the USB-to-serial adapter to your computer.

With the hardware connected, you can now access the Pi’s serial console using a terminal emulator program on your computer. Configure the terminal emulator with the following settings:

  • Baud rate: 115200
  • Data bits: 8
  • Parity: None
  • Stop bits: 1
  • Flow control: None

Once the terminal emulator is set up, you can power on the Raspberry Pi. You should see the boot messages and the command prompt appearing in the terminal emulator window. You have successfully connected to the Pi’s serial port and can interact with it through the serial console.

Making a New User

To create a new user and encrypt the password for the userconf.txt file, follow these steps:

  1. Open a terminal on your POSIX computer (MacOS, Linux, Unix) or Windows Subsystem for Linux (WSL) on Windows.
  2. Type the following command to generate the encrypted password:
  1. You will be prompted to enter the password you want to encrypt. Enter your desired password and press Enter.
  2. The command will output the encrypted representation of the password.
  3. Now, create a new file called userconf.txt in the boot partition of the SD card (the part visible when the SD card is mounted on your computer).
  4. Open the userconf.txt file in a text editor and add a single line of text in the following format:
  1. Replace “username” with your desired username and “encrypted_password” with the encrypted password obtained from the previous step.
  2. Save the userconf.txt file.

Make sure to never include an unencrypted password in the userconf.txt file. By following these steps, you have created a new user with an encrypted password for your Raspberry Pi.

 echo 'mypassword' | openssl passwd -1 -stdin

To install OpenSSL on Windows Subsystem for Linux (WSL), follow these steps:

  1. Launch the Windows Subsystem for Linux (WSL) by opening the WSL terminal.
  2. In the terminal, use the package manager to update the package lists by running the following command:
  3. Enter your password if prompted.
  4. Once the package lists are updated, install OpenSSL by running the following command:
    1. Confirm the installation by typing ‘y’ if prompted.
    2. Wait for the installation to complete. OpenSSL should now be installed on your Windows Subsystem for Linux.
  5. After installing OpenSSL, you can proceed with the previous instructions to encrypt your password and create the userconf.txt file for your Raspberry Pi.
sudo apt-get install openssl

Powering and Connecting to Your Pi

Insert the microSD card into the Raspberry Pi’s microSD card slot. Then, connect your Raspberry Pi to a 5V DC power adapter using the USB micro connection labeled “PWR IN”. It is important to use a power adapter that can provide a minimum of 2A of current to ensure proper operation of the Raspberry Pi.

Connecting Via Serial Port

After enabling UART as mentioned earlier, you have configured the Raspberry Pi to provide a command line console through the serial port. To connect the USB-to-serial adapter to the Raspberry Pi’s I/O pins, follow the diagram below:

Make sure to connect the RX (Receive) pin of the USB-to-serial adapter to the TX (Transmit) pin of the Raspberry Pi, and vice versa. Also, connect the Ground (GND) of the adapter to the Ground (GND) of the Raspberry Pi. Once the connections are made, connect the USB-to-serial adapter to your computer.

Depending on your USB-to-serial adapter, you may need to install any required drivers or adapters to ensure proper functionality. Once installed, you should see the USB-to-serial adapter appear as a serial port in your preferred serial terminal application. On macOS and Linux, the “screen” program is recommended for this purpose. Alternatively, you can use “CoolTerm,” which is compatible with macOS, Windows, and Linux.

To connect to the serial port using the “screen” program on macOS, you first need to determine the name of your serial port. You can do this by following these steps:

  1. Plug in the USB-to-serial adapter to your computer.
  2. Open the Terminal application on your macOS.
  3. Use the following command to list the ports in the /dev directory:

This command will display a list of serial ports available on your system. The serial port name typically starts with /dev/tty. followed by a specific identifier.

Once you have identified the name of your serial port, you can use it to connect to the port using the “screen” program.

$ ls /dev/cu.*

After identifying the name of your serial port, such as /dev/cu.usbserial-14430 or /dev/cu.SLABtoUART, you can use the “screen” program to open a connection to the port at a baud rate of 115200 bits per second. Here’s the command to achieve this.

$ screen <portname> 115200



Once you’ve opened a serial connection at 115200 bps, and press the spacebar a few times. You’ll get a login prompt like so:

Raspbian GNU/Linux 8 raspberrypi ttyAMA0
raspberrypi login:

Now you’re ready to log in.

Logging In To The Command Line Interface

The default login for the Raspbian OS is pi, and the default password is raspberry. If you didn’t create a username and password of your own, you can use this. Use these to log into your Pi. When you’re logged in, you’ll get a prompt like this:

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Wed May 31 22:24:04 2017 


pi@rasbperrypi: ~ $

Configuring Your System

Once you have logged in, there are several configuration tasks you need to perform to set up the operating system for general use. These tasks include changing the default password and administrative user, modifying the default hostname, configuring interfacing options, and expanding the filesystem on the SD card. To begin, enter the following command:

Executing this command will launch the Raspberry Pi software configuration tool. This tool provides a menu-based interface that allows you to navigate through various configuration options. Follow the prompts and select the desired options to make the necessary changes, such as changing the password, modifying the hostname, enabling or disabling interfaces, and expanding the filesystem.

Please note that you will need to enter your password when prompted for authentication to execute commands with superuser privileges using sudo.

$ sudo raspi-config

Note: When working with the Raspberry Pi, most of the commands you’ll use will be run with sudo, which stands for “superuser do.” By using sudo, you can execute administrative commands and ensure that you have the necessary privileges. The system will prompt you to enter your password whenever you use sudo.

To navigate through the configuration options, you’ll encounter a menu that you can scroll through using the arrow keys. Pressing the Enter key will allow you to select an item from the menu, as illustrated below.

Here are the essential steps you need to take care of:

  1. Select “System Options” from the menu.
  • If you are still using the default pi/raspberry combination, choose “Change Password” to set a new password following the prompts. If you created a new username with the userconf.txt file, you can skip this step.
  • Optionally, you can also choose “Change Hostname” to give your system a meaningful name instead of the default raspberrypi.
  • If you want to connect to a wireless network, you can set the SSID and password in this menu. If you are using an enterprise network, follow the steps below.
  1. Select “Interfacing Options.”
  • If you didn’t create an ssh file on your SD card before booting, enable SSH to allow remote login via SSH.
  • If you plan to use a camera or communicate with external hardware using the I2C or SPI buses, enable the corresponding options.
  1. Select “Advanced Options” and choose “Expand Filesystem” to make more space available on your SD card for the system. The process will prompt you to reboot your Pi. Select “Yes” to reboot.

From now on, if you are using the Ethernet-over-USB option or logging into your Pi over a network via SSH (which we’ll cover shortly), you will need to log in using [email protected] (replace your-pi-name with the name you chose during the hostname configuration).

Changing Defaults To Increase Security

If you didn’t create a custom user using the userconfig.txt file mentioned earlier, it is recommended to add a new user to enhance the security of your Pi. Replace “username” below with the desired name for your new user:

$ sudo adduser username

Follow the prompts to set a password and provide any additional information for the new user. Make sure to choose a strong password that is not easily guessable.

Once the user is created, you can grant administrative privileges to the new user by adding them to the sudo group:

$ sudo adduser username sudo

Replace “username” with the actual name of your new user.

By creating a new user and assigning administrative privileges, you will reduce the risk associated with using the default username and password.

pi       User-specific group. A group is automatically created for
         each new user; you can ignore this.
adm      Allows access to log files in /var/log and using xconsole
dialout  Allows access to serial ports/modem reconfiguration, etc.
cdrom    Enables access to optical drives.
sudo     Enables sudo access for the user.
audio    Allows access to audio devices like microphones and soundcards
video    Allows access to a video devices, e.g. framebuffer, videocard, webcam
plugdev  Enables access to external storage devices
games    Many games are SETGID to games so they can write their high score files.
users    A Pi-specific group enabling access to
         /opt/vc/src/hello_pi/ directory and contained files.
input    Appears to give access to the /dev/input/mice folder and nothing else.
netdev   Enables access to network interfaces
gpio     Pi-specific group for GPIO pin access.
i2c      Pi-specific group for I2C access.
         Generated after installing i2c-tools.
spi      Pi-specific group for the SPI bus.

You can do this group by group with:

$ sudo adduser username groupname
or you can add many at a time like so:

sudo usermod -a -G adm,dialout,cdrom,sudo,audio,video,plugdev,games,users,input,netdev,gpio,i2c,spi username

For security purposes, it is recommended to assign only the necessary groups to your user. If your project requires access to specific groups like GPIO and SPI, add those groups and avoid adding unnecessary ones.

After adding the new user and granting the appropriate permissions, you can log out of the current session by typing either logout or exit. Then, log back in to the Pi using the newly created user:

$ssh [email protected]

Replace “username” with the name of the user you created, and “your-pi-name” with the custom name you assigned to your Pi during the configuration process.

This will establish a new SSH session with the Pi using your newly created user credentials, enhancing the security of your system.

Now make sure the root account is disabled by locking it like so:

$ sudo passwd -l root

If you need to unlock it later you can do so by typing:

$ sudo passwd -u root

Next delete the default  pi user like so:

$ sudo deluser --remove-home pi

After deleting the default “pi” user, you may receive a message stating: “Warning: group ‘pi’ has no more members.” This is nothing to worry about. The system will automatically remove the corresponding “pi” group when you delete the “pi” account. By removing the default “pi” user, you reduce the risk of someone guessing the username and gaining unauthorized access to your Pi. This adds an extra layer of security to your system.

Configuring After Changing Users

It’s important to note that many software packages are installed per user, rather than system-wide. Therefore, it’s advisable to ensure that you have the desired user configuration in place before installing firewalls, development software, or any other tools you intend to use. This precaution prevents the unpleasant surprise of installing software under one user and later discovering it’s not accessible when you switch to another user. By setting up your user configuration beforehand, you can ensure a consistent and reliable experience across different user accounts on your system.

Connecting To the Network via WiFi

To verify if the built-in WiFi on your Pi Zero W or Pi 3, Pi 4, or later models is functioning properly, you can execute the following command:

$ iwconfig wlan0

If you get a response that begins like this:

wlan0 IEEE 802.11bgn Nickname:

If the WiFi on your Pi is not working or appears to be blocked, you can try the following steps to unblock it:

  1. Open a terminal window on your Pi.
  2. Enter the following command to open the configuration file:
    bash
    sudo nano /etc/modprobe.d/raspi-blacklist.conf
  3. Look for any lines that contain “blacklist brcmfmac” or “blacklist brcmutil” and add a # at the beginning of those lines to comment them out. It should look like this:
    arduino
    #blacklist brcmfmac
    #blacklist brcmutil
  4. Press Ctrl+X to exit the nano editor, then press Y and Enter to save the changes.
  5. Reboot your Pi by entering the following command:
    sudo reboot

After the reboot, check the WiFi again by running the command:

perl
iwlist wlan0 scan | grep ESSID

If you can see a list of available WiFi networks, it means your WiFi should be unblocked and working.

Now try this command to see nearby WiFi hotspots:

$ iwlist wlan0 scan | less

You will get a list of WiFi hotspots nearby and their credentials. It’s piped through  the less utility to paginate it. You should see a list of all nearby WiFi access points, with their details. You can see the listings page by page using the spacebar, and close the list by typing q.

Getting the MAC address of the Pi’s WiFi Radio

To retrieve the MAC address of your Pi’s WiFi, follow these steps:

  1. Open a terminal window on your Pi.
  2. Enter the following command:
    ip link show wlan0 | awk '/ether/ {print $2}'
  3. The output will display the MAC address of your Pi’s WiFi interface.

Make note of the MAC address shown on the screen. You can then use this MAC address for registration or any other required networking configurations.

$ ifconfig wlan0 | grep ether

You’ll get a response like this:

ether b8:27:eb:aa:bb:cc txqueuelen 1000 (Ethernet)

After registering the MAC address of your Pi with your institution, you can proceed to modify the wpa_supplicant.conf file to connect to the institution’s network. Here’s how you can do it:

  1. Open the wpa_supplicant.conf file using a text editor. You can use the nano text editor by running the following command in the terminal:
  2. In the file, locate the existing network configuration or add a new one for your institution’s network. It should look similar to the following:
  3. Replace YOUR_NETWORK_SSID with the name (SSID) of your institution’s network. Replace YOUR_NETWORK_PASSWORD with the corresponding password.
  4. Optionally, if your institution uses WPA2 Enterprise security with EAP authentication, you’ll need to provide additional configuration settings. Here’s an example of an entry for WPA2 Enterprise:
    1. Replace YOUR_USERNAME and YOUR_PASSWORD with your login credentials for the institution’s network.
    2. Save the changes and exit the text editor (in nano, press Ctrl + X, then confirm with Y and press Enter).
  5. Once you’ve modified the wpa_supplicant.conf file, your Pi should be able to connect to your institution’s network using the provided configuration. Restart your Pi or restart the networking service for the changes to take effect.

    Note: Make sure to handle sensitive information (such as passwords) securely and avoid storing them in plain text files.

Network Configuration by Editing wpa_supplicant.conf

To create or edit the wpa_supplicant.conf file for storing your WiFi configuration, follow these steps:

  1. Open the terminal on your Raspberry Pi.
  2. Run the following command to open the wpa_supplicant.conf file using a text editor (such as nano):
  3. In the text editor, add the following lines to the file:
    1. Replace YOUR_COUNTRY_CODE with the appropriate code for your country (e.g., US for the United States, GB for the United Kingdom, etc.).

      Replace YOUR_NETWORK_SSID with the name (SSID) of your WiFi network.

      Replace YOUR_NETWORK_PASSWORD with the corresponding password for your WiFi network.

    2. Save the changes and exit the text editor (in nano, press Ctrl + X, then confirm with Y and press Enter).
    3. Restart the networking service on your Raspberry Pi to apply the changes by running the following command:
      sudo systemctl restart networking.service

    Once you’ve completed these steps, your Raspberry Pi should connect to the specified WiFi network using the provided configuration.

    $ sudo nano /etc/wpa_supplicant/wpa_supplicant.conf

    You should see something like this:

    ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
    update_config=1
    country=GB
    
    network={
            ssid="your_network_name"
            psk="your_password"
    }
    
    

    To generate an encrypted version (hash) of your password, you can use the openssl command-line tool. Follow these steps:

    1. Open the terminal on your Raspberry Pi.
    2. Run the following command, replacing YOUR_PASSWORD with your actual password:This command will generate an encrypted hash of your password.
      1. The output of the command will be a string of characters, which is the encrypted version of your password.
    3. Make sure to keep this encrypted password secure and do not store the actual plaintext password. You can use this encrypted password in configuration files that require password authentication.

      Note that the method of generating encrypted password hashes may vary depending on the specific Linux distribution or version you are using. The above command using openssl should work for most Raspbian distributions.

    $ wpa_passphrase your_network_name your_password

    This will generate a response like this:

    network={
     ssid="your_network_name"
     #psk="your_password"
     psk=6a24edfec4d204601b6e1f409630702...
    }
    
    

    Delete the line with your password in plaintext, then use this in place of the network={…} block in the wpa_supplicant.conf file and you should be good to go. The wpa_supplicant.conf file can contain network blocks for multiple networks, so if you want to add your home network as well, you can. On startup, the Pi will go through the list and try to connect to each one in turn, stopping when it succeeds. So if you have two networks available in one location, then make sure to put the default one first.

    CONFIGURING FOR AN ENTERPRISE NETWORK

    For connecting to an enterprise network using PEAP with MSCHAPv2 authentication, you can configure the wpa_supplicant.conf file as follows:

    1. Open the wpa_supplicant.conf file for editing:
      bash
      sudo nano /etc/wpa_supplicant/wpa_supplicant.conf
    2. Delete any existing network blocks if present.
    3. Add the following configuration for the PEAP network:
      makefile
      network={
      ssid="YOUR_NETWORK_SSID"
      key_mgmt=WPA-EAP
      eap=PEAP
      identity="YOUR_USERNAME"
      password="YOUR_PASSWORD"
      phase1="peaplabel=0"
      phase2="auth=MSCHAPV2"
      }

      Replace YOUR_NETWORK_SSID with the SSID (name) of the enterprise network, YOUR_USERNAME with your network username, and YOUR_PASSWORD with your network password.

    4. Save the changes and exit the text editor.
    5. Restart the networking service to apply the changes:
      sudo systemctl restart networking.service

      Alternatively, you can reboot the Raspberry Pi.

    With this configuration, the Raspberry Pi will attempt to connect to the enterprise network using PEAP with MSCHAPv2 authentication. Make sure to replace the placeholder values (YOUR_NETWORK_SSID, YOUR_USERNAME, and YOUR_PASSWORD) with your actual network credentials.

    ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
    update_config=1
    country=US
    
    network={
      ssid="network_name"
      key_mgmt=WPA-EAP
      eap=PEAP
      proto=WPA2
      phase2="auth=MSCHAPV2"
      anonymous_identity="your_username"
      identity="your_username"
      password=your_password
    }
    
    

    To generate an encrypted hash for the password in the wpa_supplicant.conf file, follow these steps:

    1. Open a terminal on your Raspberry Pi.
    2. Run the following command to generate the password hash:
    3. Replace YOUR_NETWORK_SSID with the SSID (name) of your network, and YOUR_PASSWORD with your network password. The command will output a block of text that includes the encrypted password hash.
    4. Copy the generated encrypted password hash.
    5. Open the wpa_supplicant.conf file for editing:
    6. Locate the network block for your network, and replace the password line with the encrypted password hash you copied earlier. It should look like this:
      1. Replace YOUR_ENCRYPTED_PASSWORD_HASH with the encrypted password hash generated in step 2.
      2. Save the changes and exit the text editor.
    7. By replacing the password line with the encrypted password hash, you ensure that your password is not stored in plaintext in the wpa_supplicant.conf file.

      Remember to replace YOUR_NETWORK_SSID and YOUR_PASSWORD with your actual network credentials when running the commands.

    Once you have set up the network configuration in the wpa_supplicant.conf file and saved it, your Raspberry Pi should start scanning for networks and attempt to connect. You can check if you are connected by following these steps:

    1. Open a terminal on your Raspberry Pi.
    2. Run the following command to check the network interface configuration:
      ifconfig wlan0

      This command will display the network interface details, including the IP address assigned to your Pi’s wireless interface (wlan0).

    3. Additionally, you can run the following command to check the wireless configuration:
      iwconfig wlan0

      This command will provide information about your wireless interface, including the SSID (network name), signal strength, and other wireless parameters.

    By running these commands, you can verify that your Raspberry Pi is connected to the network using the configured WiFi settings.

    Please note that the specific network interface name (wlan0) may vary depending on your system configuration.

    Connecting Via WiFi and ssh

    To connect to your Raspberry Pi via WiFi and SSH, make sure you have already created the ssh file and the wpa_supplicant.conf file as mentioned earlier. Once your Pi has booted up and connected to the configured network, follow these steps to establish an SSH connection from your personal computer:

    1. Ensure that your personal computer is connected to the same WiFi network as your Raspberry Pi.
    2. Open the command line interface or terminal on your personal computer.
    3. Type the following command to establish an SSH connection to your Raspberry Pi:
      lua
      ssh pi@your-pi-ip-address

      Replace your-pi-ip-address with the IP address assigned to your Raspberry Pi on the WiFi network. If you don’t know the IP address, you can find it by running the ifconfig command on your Pi or checking your router’s DHCP lease table.

    4. Press Enter and enter the password for the user pi (or the custom user you have created) when prompted. Note that while typing the password, no characters will be displayed on the screen for security reasons. Press Enter again to confirm.

    If the IP address and credentials are correct, you should establish an SSH connection to your Raspberry Pi. From there, you can remotely manage and configure your Pi using command-line tools and utilities.

    Note: If you have modified the default SSH port (22) on your Raspberry Pi, you need to specify the port number in the SSH command using the -p option, like this: ssh -p your-ssh-port pi@your-pi-ip-address. Replace your-ssh-port with the actual SSH port number you have configured.

    Please ensure that you have properly set up the SSH and WiFi configurations on your Raspberry Pi before attempting to connect.

    ssh [email protected]

    Alternately, you can use the IP address of your Pi if you know it, instead of raspberrypi.local. You should get a response like this:

    [email protected]'s password:

    Enter your password and you’ll be logged in.

    Testing Your Network Connection with curl

    You can test your network connection by making a web request. The command line program curl is a good way to do this. Type:

    $ curl http://www.example.com
    

    You should get a response that includes a lot of HTML,
    ending with the following:

    <body>
     <div>
     <h1>Example Domain</h1>
     nts. You may use this
     domain in examples without prior coordination or asking
     for permission.</p>
     <p><a href="http://www.iana.org/domains/example">More
     information...</a></p>
     </div>
     </body>
     </html>

    If you got this result, your Raspberry Pi is now connected to the internet.

    Deleting Your History File

    At this point you have entered some sensitive information on the command line (like your passwords) and it gets saved in a file called .bash_history. To see this file, type:

    $ sudo less ~/.bash_history

    You can view and edit the command history file in order to remove any sensitive information. Follow these steps to open the file using the nano text editor and delete specific lines:

    1. In the command line interface, type the following command to open the command history file:
      bash
      nano ~/.bash_history
    2. The nano text editor will open, displaying the contents of the command history file. Scroll through the file using the arrow keys until you locate the line(s) you want to delete.
    3. Move the cursor to the beginning of the line you want to delete and press Ctrl-K to cut the line.
    4. Repeat the previous step for any other lines you want to remove.
    5. Once you have deleted the desired lines, press Ctrl-X to exit nano.
    6. Nano will prompt you to save the changes. Press Y to confirm the change and save the modified file.

    By following these steps, you can remove any sensitive command lines from the command history file to mitigate the risk of exposing sensitive information.

    Note: It’s important to be cautious when deleting lines from the command history file, as it permanently removes them from the record. Make sure you only delete the lines that contain sensitive information and not any necessary or useful commands.

    Updating the Operating System

    To ensure that your operating system is up to date and includes the latest patches, you can perform a system upgrade using the APT package manager. Follow these steps:

    1. Open the command line interface on your Raspberry Pi.
    2. Update the list of available software packages by running the following command:
      sql
      sudo apt-get update

      This command retrieves the latest package information from the Raspbian package repository.

    3. Once the package list is updated, you can proceed with upgrading the installed packages by running the following command:
      arduino
      sudo apt-get upgrade

      This command upgrades all installed packages to their latest versions.

    4. The upgrade process may take some time, depending on the number of packages and the internet speed. Follow the on-screen prompts, if any, to confirm the upgrade and allow the installation to proceed.
    5. Once the upgrade is complete, you can also perform a distribution upgrade to update to the latest version of the operating system by running the following command:
      arduino
      sudo apt-get dist-upgrade

      This command performs a more comprehensive upgrade that takes care of package dependencies and handles major updates.

    By following these steps, you can ensure that your operating system is upgraded to the latest version and has all the necessary patches and updates installed.

    $ sudo apt update

    You should get this message at the end:

    Reading package lists... Done

    If you get an error, check your network connection. The most likely error is that it didn’t get all the updates because it didn’t have a network connection. If it says you don’t have enough disk space, make sure you expanded the filesystem using raspi-config earlier. When you’ve updated the package lists, Type:

    $ sudo apt upgrade

    This will upgrade any installed software packages. This will take even longer than the update, and will ask you to confirm that you want to upgrade all the software. Type y to do so. Once this is complete, you’ll have the latest versions of all the tools in your Raspbian distribution.

    Configuring a Firewall

    When it comes to securing your Raspberry Pi’s network connections, setting up a firewall is a recommended practice. Firewalls help control incoming and outgoing network traffic by specifying rules for allowing or blocking connections on specific ports. Follow the steps below to set up a basic firewall configuration:

    1. Open the command line interface on your Raspberry Pi.
    2. Install the ufw (Uncomplicated Firewall) package by running the following command:
      arduino
      sudo apt-get install ufw
    3. Once ufw is installed, you can start configuring the firewall rules. By default, ufw denies all incoming connections and allows all outgoing connections.
    4. To allow incoming SSH connections on port 22, run the following command:
      sudo ufw allow 22
    5. To allow incoming HTTP connections on ports 80 and 443, run the following command:
      sudo ufw allow 80
      sudo ufw allow 443
    6. If you need to allow incoming connections on port 8080 (common for node.js servers), run the following command:
      yaml
      sudo ufw allow 8080
    7. Once you have added the necessary rules, enable the firewall by running:
      bash
      sudo ufw enable

      This command will activate the firewall and start enforcing the configured rules.

    8. To verify the status of the firewall and check the rules, you can use the command:
      lua
      sudo ufw status

      This will display the current firewall status and list the allowed ports.

    By following these steps, you can set up a basic firewall configuration that allows specific incoming connections on selected ports while blocking all other incoming traffic. Remember to adjust the firewall rules according to your specific requirements, adding or removing ports as needed.

    First you need to install ufw. Assuming you’ve updated your package manager, start by installing ufw:

    $ sudo apt install ufw

    Once it’s installed, you can set defaults to allow outgoing traffic and deny incoming:

    $ sudo ufw default allow outgoing
    $ sudo ufw default deny incoming

    This would disconnect your ssh connection if you enabled it now, so you might want to enable ssh connections before you enable the firewall. The following line will enable TCP connections on port 22, the default ssh port:

    $ sudo ufw allow ssh

    If you’re planning to run an HTTP server, or an HTTPS server, you’ll need to enable them as well. You can specify not only the application (http, https), but also the transport protocol, like so:

    $ sudo ufw allow http/tcp
    $ sudo ufw allow https/tcp

    More specific rules ensure that someone won’t try a sneaky attack like flooding UDP packets through your open HTTP ports. If you’re planning to do custom server development, you might want to enable the ports you’ll use for that as well. These settings are typical for node.js development. 

    $ sudo ufw allow 8080/tcp
    $ sudo ufw allow 8081/tcp

    Port 8081 is used by the p5.serialserver, which is common at ITP.

    If you plan to use VNC to connect to the Pi desktop remotely, you’ll need to enable port 5900 as well.

    Once you’ve configured your firewall, you enable it like so:

    $ sudo ufw enable

    You should reboot once you do this, to check that everything is in order. Once enabled, you can get a status report from ufw like so:

    $ sudo ufw status

    You should get a reply like this:

    Status: active
    
    To                         Action      From
    --                         ------      ----
    22/tcp                     ALLOW       Anywhere                  
    80/tcp                     ALLOW       Anywhere                  
    443/tcp                    ALLOW       Anywhere                  
    8080/tcp                   ALLOW       Anywhere                  
    8081/tcp                   ALLOW       Anywhere                  
    22/tcp (v6)                ALLOW       Anywhere (v6)             
    80/tcp (v6)                ALLOW       Anywhere (v6)             
    443/tcp (v6)               ALLOW       Anywhere (v6)             
    8080/tcp (v6)              ALLOW       Anywhere (v6)             
    8081/tcp (v6)              ALLOW       Anywhere (v6)  
    

    Now you’ve got a reasonably secure setup for a networked device.

    Updating your Programming Environment

    To ensure you have the necessary programming tools installed on your Raspberry Pi, follow the steps below:

    1. Open the command line interface on your Raspberry Pi.
    2. Install Node.js by running the following command:
      arduino
      sudo apt-get install nodejs

      This command will install Node.js, a popular development environment for networked applications.

    3. Install npm (Node Package Manager), which is bundled with Node.js, by running the following command:
      arduino
      sudo apt-get install npm

      npm allows you to easily manage and install additional Node.js packages and libraries.

    4. Install Git, a version control system, by running the following command:
      arduino
      sudo apt-get install git

      Git is widely used for software version management and collaboration.

    5. Once the installations are complete, you can verify that Node.js and Git were installed successfully by checking their versions. Run the following commands:
      css
      node -v
      git --version

      These commands will display the installed versions of Node.js and Git, respectively.

    By following these steps, you will have installed Node.js, npm, and Git on your Raspberry Pi, providing you with the necessary programming tools for developing networked applications. Remember to perform these installations using the appropriate user account you have created to ensure proper configuration and access rights.

    To check if any software tool is already installed, you can use the which command like so:

    $ which git

    You’ll get a reply like so:

    /usr/bin/git

    If you get no reply, then the software is not installed. You can check if the software is listed in the package repository like so:

    $ sudo apt-cache show packageName

    Replace packageName with the name of the package you’re looking for. If it’s there, you’ll get all the details on it, and you can install it using apt-get, like you’ll do for git next.  Install git like so:

    $ sudo apt install git

    This will automatically install the version of git that’s listed in the Raspbian package list.

    Upgrading node.js

    In this section, you’ll remove the installed version of node.js from the Rasbpian distribution and upgrade  to a more modern version. First, remove all node and npm files already on your Pi. These instructions come from this gitHub repo. Note that node.js stopped support for the processor on the Pi Zero as of version 12.0.0, so you’ll use an older version:

    $ wget -O - https://raw.githubusercontent.com/sdesalas/node-pi-zero/master/install-node-v16.3.0.sh | bash

    Check the version of node.js that you installed like so:

    $ node --version

    You should get this reply:

    v16.3.0

    Now you’ve got a working, reasonably secure Pi, and a programming environment with which to program it. Congratulations! Finally, reboot or shutdown:

    $ sudo reboot

    or

    $ sudo poweroff

    Back Up Your Custom Installation

    At this point you may want to make a copy of the SD card using Etcher as you did at the beginning. Then you’ll have a customized image on which you can build other things. Since you’ll likely customize your system further for each application, it’s helpful to have a base installation from which to start. The ApplePiBaker app makes it easy for MacOS users to do backups simply.

    Remote File Access

    Remote file editing can be a pain on a Pi. If you’re using Visual Studio Code, here’s a set of instructions for the remote VSCode plugin that works well on the Pi. They have to be on the same network, but it can make editing much easier. Here’s the summary version:

    • Install Visual Studio Code on your personal computer and run it
    • Click the Extensions icon in the right side toolbar and search for Remote VSCode. Install it and relaunch VS Code.
    • On your Pi, install rmate like so:
    $ sudo wget -O /usr/local/bin/rmate https://raw.github.com/aurora/rmate/master/rmate
    
    $ sudo chmod a+x /usr/local/bin/rmate
    • In VS Code, Open the command palette (CTRL+P for Windows, CMD+P for MacOS) and type
    >Remote: Start Server
    • This will start the VSCode live share server.
    • Get your Pi’s IP address.
    • Now open the terminal pane in VS code (CTRL+` for MacOS and Windows) and type (replace PI_IP_ADDR with the Pi’s IP address):
    $ ssh -R 52698:localhost:52698 PI_IP_ADDR
    
    • This will log your computer into your Pi. You can then use rmate to open and edit files. For example, if there’s a file called myFile.txt, you can edit it by typing
    $ rmate myFile.txt
    • The file will open in VSCode, and you can edit and save, and it’ll automatically get saved on the Pi. Simple!

About The Author

Muhammad Bilal

I am highly skilled and motivated individual with a Master's degree in Computer Science. I have extensive experience in technical writing and a deep understanding of SEO practices.