Hello, I recently bought a BeagleBone Black and have been having fun
working with it for gaming software development purposes. It seems like a
good host for testing my multiplayer web app game with friends and family
and for doing benchmarks.
For security on local networks possibly connected to the Internet I’ve
started with the latest console image
(bone-eMMC-flasher-debian-10.5-console-armhf-2020-08-12-1gb.img) and made a
script to customize it after it's installed.
Any ideas of steps to add for security, or feedback about the ones I’m
doing already? These are highlights:
Change debian and root user passwords.
echo "/dev/mmcblk0 /media/sd ext4 noatime 0 2" >> /etc/fstab
adduser --system --group --no-create-home --disabled-login myapp
Install the postgres database via apt-get, change the cluster to be on the
SD card, minimally configure it using the postgres user, and give the myapp
user access to the app’s tables.
Make my server program a systemd service owned by myapp:myapp with the
executable and served files on the SD card.
Remove unused packages:
apt-get -y purge bb-bbai-firmware bb-wl18xx-firmware bluez bsdmainutils
btrfs-progs \
cloud-guest-utils crda dirmngr firmware-atheros firmware-brcm80211
firmware-iwlwifi \
firmware-libertas firmware-misc-nonfree firmware-realtek
firmware-zd1211 gdbm-l10n \
gnupg-l10n gnupg-utils gpg-agent gpg gpgconf hostapd iputils-ping iw
nano-tiny nano \
patch perl-modules-5.28 perl pinentry-curses rfkill wget whiptail \
wireless-regdb wireless-tools wpasupplicant ca-certificates sudo
Some hypothetical steps now are to add firewall rules (only allow inbound
on port 80 for the app), remove SSH, and remove the debian user. The final
system is just used by web browsers and maybe an SD card swap, no need to
access the OS.
Thanks,
Matt
--
For more options, visit http://beagleboard.org/discuss
---
You received this message because you are subscribed to the Google Groups
"BeagleBoard" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/beagleboard/177e7bef-ba38-4824-ad94-89244b147967n%40googlegroups.com.
