Starting with Raspberry Pi

If you’ve got yourself a ‘Raspberry Pi’ and you want to turn it into a personal server like I did for my first Raspberry Pi, I recommend that you run the stock OS ‘Raspbian’ which is based on ‘Debian Linux’. You can download it from https://www.raspberrypi.org/downloads/. If you want the easy way, use NOOBS but if you are a geek, I recommend that you use the Raspbian -> Lite image. You can download it as a zip file and use Etcher to flash it to the SD card you have for your Raspberry Pi.

It is ideal to get a micro SD card of more than 8GB to provide yourself plenty of room for upgrades and app installs. The lite version takes a few MB only for start, but you may want to keep some of your data on it e.g. when running a non-multimedia website and may wish to rotate logs and keep old ones for a long duration.

Downloading and flashing the OS on SD card is easy enough. Then:

• if you are running the server in ‘headless’ mode you will need to access via ssh and ssh is disabled on recent versions of Raspbian. You should have that micro SD card still in the computer you used for flashing the Raspbian on it. After flashing you may see one or two partitions mounted from the micro SD card, depending on your computer OS. Look for the one called ‘boot’ and simply create an empty file with the name ‘ssh’ without any file extension. When Raspbian boots for the first time, it looks for this file. If it exists, Raspbian will enable ssh. If it doesn’t, there will be no ssh and you need a monitor and a keyboard attached to the Raspberry Pi in order to proceed.
• now pop the micro SD card into the slot on the Raspberry Pi and connect the micro USB power cable.
• there is no ‘root’ user in Raspbian and you are to log in with user 'pi' and default password 'raspberry' and then use sudo for all your interaction with Raspbian.
• The first thing you should run, after it boots is ‘raspi-config’ which has a list of options to choose from and you will want to set some of those, including change of password, hostname etc.
• I usually run sudo apt-get update and sudo apt-get upgrade after booting my Linux OS for the first time – of course after having it connected to a working network/Internet connection.
• You are all set to install what you wish on it.

One app which I highly recommend you to install and configure is fail2ban. This will prevent unauthorised access to your server for several applications including ssh and allows you to configure how it deals with those attempts.

You can install it with following instructions

sudo apt-get install fail2ban
cd /etc/fail2ban/
cp fail2ban.conf fail2ban.local
cp jail.conf jail.local

We make copies with extension .local for these two files and make our changes in these .local files because any update to the app itself will always replace the .conf files with updated versions and you do not want to loose your configs.

sudo cp /etc/fail2ban/fail2ban.conf fail2ban.local
sudo cp /etc/fail2ban/jail.conf jail.local

In the fail2ban.local you can configure log locations for example. It is heavily remarked so should not be a problem for you to go through and know what you wish to change and how to change it. For jail.local you should at least pay attention to the following:

sudo vim /etc/fail2ban/jail.con

look for following snippets. I am copying what I changed to for mine. You need to replace IP address/range with yours.

[DEFAULTS]
ignoreip = 127.0.0.1 192.168.0.0/24
bantime = 86400
maxretry = 3
.
.
destemail = 'your email address here'
.
.
[sshd]
enabled = true

and I also changed the lines for the email address it should send mail to.