Tuesday 24 September 2013

MK802 - Linux (Debian) how to

Installing Linux is fairly straight forward providing you have an appropriately sized SD card.  Rather than go into too much detail, the images and a guide to installing can be found here:

https://www.miniand.com/forums/forums/development/topics/debian-wheezy-lxde-armhf-build

After installing however, it's extremely advisable that you lock it down before attaching it to your network.  I've never met the author of the image, don't know him and therefore can not trust the image entirely.  My first port call was to build my own kernel.  You are best using cross tools for this, which I have explained in detail in another post.  Ensure the kernel is built with the appropriate configuration.  You can use the existing kernel configuration as follows:

$ cat /proc/config > ~/mk802-kernel-config

Next, lock down the firewall and update the rules.  Go for a block everything and open what is required approach.  If you accidentally lock yourself out, just power off the device, remove the SD card, mount on your computer and revert whatever changes necessary to allow you access again.

Go through running processes with a fine tooth comb.  Make sure you are only running what you need.  If you don't need the GUI, make sure you change the default runlevel in /etc/inittab.  A runlevel of 3 will disable the GUI normal (unless it is a fluffy distro like Ubuntu).

Make sure you change the access point passphrase if you intend to create an access point.  Also make sure the network interfaces configuration isn't defining soft MAC addresses for your network devices.

There are many more ways to harden the system.  Take a look at some of the many Linux hardening guides on the net.

No comments:

Post a Comment