Overclock.net › Forums › Specialty Builds › Servers › Raspberry Pi Home Server
New Posts  All Forums:Forum Nav:

Raspberry Pi Home Server

post #1 of 6
Thread Starter 
Recently just got a new Raspberry Pi b+ for Christmas and wanted to use it as a home server. Ideally I want to use it for local backups of my PC's and to access media while I am away from home at college. I know basically the bare minimum when it comes to Linux and as such followed this guide to get my Pi running. http://www.instructables.com/id/Ultimate-Pi-Based-Home-Server/#step0.

My main question is how secure is this? Basically following that to the T, is the pi secure enough to leave hooked up to the internet?
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
Amd FX 8150 Asus Sabertooth 990FX Evga 660ti Corsair Vengence 
Hard DriveOSPowerCase
1 TB, 500gb, 250gb Windows 7 Professional 64bit Xfx 750W Black Edition NZXT Phantom - White 
  hide details  
Reply
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
Amd FX 8150 Asus Sabertooth 990FX Evga 660ti Corsair Vengence 
Hard DriveOSPowerCase
1 TB, 500gb, 250gb Windows 7 Professional 64bit Xfx 750W Black Edition NZXT Phantom - White 
  hide details  
Reply
post #2 of 6
As long as you use a very secure password and a proper firewall on the linux distro you run.
if you have the pi sitting behind a normal router, then it is even better, since consumer routers don't allow connects to servers through them without port forwarding.

EDIT: Absolutely skip shell in a box as it is a massive security risk having a web accessible shell. If you need SSH access, then use a proper software like mobaxterm or putty for windows, and terminal on mac and linux.
Edited by thrasherht - 1/2/15 at 1:09am
post #3 of 6
It's a UNIX system so yes you can secure the Raspberry.
Do NAT only for necessary ports, install fail2ban to kick guys that try to brute force your password.
And do not store sensitive files on your system

About sharing multimedia files, i'm not sure that you can watch videos using the 100Mb ethernet port that is shared with the USB ports ...
post #4 of 6
Thread Starter 
Quote:
Originally Posted by thrasherht View Post

As long as you use a very secure password and a proper firewall on the linux distro you run.
if you have the pi sitting behind a normal router, then it is even better, since consumer routers don't allow connects to servers through them without port forwarding.

EDIT: Absolutely skip shell in a box as it is a massive security risk having a web accessible shell. If you need SSH access, then use a proper software like mobaxterm or putty for windows, and terminal on mac and linux.

Right now I do have it behind a consumer router with only the ports I needed forwarded. How would I go about checking the firewall or could you point me to how to set one up? Also if I remove shell in a box could I still use putty over the web correct? Or is that what you meant by its insecure in its entirety?
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
Amd FX 8150 Asus Sabertooth 990FX Evga 660ti Corsair Vengence 
Hard DriveOSPowerCase
1 TB, 500gb, 250gb Windows 7 Professional 64bit Xfx 750W Black Edition NZXT Phantom - White 
  hide details  
Reply
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
Amd FX 8150 Asus Sabertooth 990FX Evga 660ti Corsair Vengence 
Hard DriveOSPowerCase
1 TB, 500gb, 250gb Windows 7 Professional 64bit Xfx 750W Black Edition NZXT Phantom - White 
  hide details  
Reply
post #5 of 6
Quote:
Originally Posted by chiefo0306 View Post

Right now I do have it behind a consumer router with only the ports I needed forwarded. How would I go about checking the firewall or could you point me to how to set one up? Also if I remove shell in a box could I still use putty over the web correct? Or is that what you meant by its insecure in its entirety?

Yes you can use putty over the web. The shell in a box would be a publicly accessible browser based shell, which is very very bad.
99% of the time shells are used for malicious purposes, and no production level systems use such a thing.

Also using SSH key based login is better then password login.

As for a firewall, something like fail2ban is nice, but also something like CSF is good as well.
CSF has its own login failure system, so fail2ban is redundant when using CSF.

This is a great firewall and works wonderfully to keep people out. Make sure to take a look at the readme file for CSF as it has a ton of useful information in it.
http://configserver.com/cp/csf.html
post #6 of 6
Quote:
Originally Posted by pihomeserver View Post

It's a UNIX system so yes you can secure the Raspberry.
Do NAT only for necessary ports, install fail2ban to kick guys that try to brute force your password.
And do not store sensitive files on your system
Linux isn't UNIX. But that's nitpicking as your fail2ban and port forwarding points are valid. I'd also like to add that PermitRootLogin should be set to No (or PasswordAuthentication to No if using SSH keys)
Quote:
Originally Posted by pihomeserver View Post

About sharing multimedia files, i'm not sure that you can watch videos using the 100Mb ethernet port that is shared with the USB ports ...
100Mb is not only find for watching videos, it's more than enough to stream 1080p - even with USB sharing the same bus (though the IO over USB should be pretty minimal if you're using onboard ethernet)
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Servers
Overclock.net › Forums › Specialty Builds › Servers › Raspberry Pi Home Server