Description on how I configured the installation and Security of my Raspberry Pi and how I keep it fit for use and purpose.
Table of Contents
The goal of this project is to make a secure (or at least secure within a reasonable amount of effort) Raspberry Pi with the following features: Pi-Hole DNS-resolver, DNSSEC, DHCP, and OpenVPN-server. It is possible that by gaining new insights features are either removed or added.
My other goal is to gain a good understanding on DNS, Hardening and other Security-related aspects concerning Network Security. I feel that as a Lead Information Security Officer it is important to upkeep (general) knowledge about Technology.
The hardware I use exists of the following components:
- Raspberry Pi 3 Model B 1GB
- SanDisk Ultra SDHC card Class 10 - 16GB
- Pi-Blox Case for Raspberry Pi - Black
The costs: ~ € 50,-
How it looks :)
The base image that is used to build this guid is the following:
- Image with desktop based on Debian Stretch
- Version: November 2017
- Release date: 2017-11-29
- Kernel version: 4.9
Steps to take
- Install Pi - [Chapter 1]
- Configure Pi - [Chapter 2]
- Remove software - [Chapter 3]
- Update/upgrade Pi - [Chapter 4]
- Install Pi-hole - [Chapter 1]
- Install PiVPN - [Chapter 1]
- Configure Pi-hole - [Chapter 2]
- Configure PiVPN - [Chapter 2]
- Rest of hardening - [Chapter 3]
General Informational Sources
- StackExchange: https://raspberrypi.stackexchange.com/
- Raspberry Pi NOOBS: https://github.com/raspberrypi/noobs
- Pi-hole Wiki: https://github.com/pi-hole/pi-hole/wiki
- Pi-hole OpenVPN-server Wiki: https://github.com/pi-hole/pi-hole/wiki/Pi-hole---OpenVPN-server
Word of thanks
A special word of thanks goes to Jacob Salmela with his up-to-date manual (PDF). This guide is inspired on his, although I go a step further in terms of features. Nevertheless, his contribution to (not only) this guide is worth my sincere gratitude. Thanks!
All the licensing and copyrights of any of the code and applications belong to their respective owners. All other coding falls under the MIT-license: https://github.com/teusink/Home-Security-by-Pi/blob/master/LICENSE
Feel free to remake, reshape and reuse whatever you like or need.