Raspberry Pi's are cool little computers and I have a few I use in my adventures. I don't have an original though. :-(
I also have a Banana Pi BPI-R1, which was my home router, then a media server, then, well I'm not really using it now.
Please read the "First Steps" section below. It has lots of good info for first time linux/RPi users. Also, I have this script that I use after those "First Steps".
Anyways, enough rambling about cool little computing devices.
Philosophy
As of April 4th, 2022, the folks at Raspberry Pi finally removed the default user & password. This is awesome! Security should not be an afterthought. In that same vein, learning about security throughout the process is a very effective use of the process. 😁 Others may disagree, and that's okay. There are still some concepts and reasoning in addition to the steps that should be reviewed. And situations that are secure for those still learning should understand, both in that it is happening and that there are bigger, and important, pieces yet to come.
This covers a few areas of thoughtfulness. Where you get your code/software from, the network access to your Raspberry Pi, and the physical access to your Raspberry Pi. And thoughtfulness is a polite way of saying who do you trust in each. And with each, don't assume you know. If you aren't sure, ask someone (parent/teacher/Google) for help.
And honestly, it isn't hard to stay safe(er); please read on.
After First Booting
As of 10/22/2023, the folks who make Raspberry Pi OS have removed the default user/password. In this sense, I am questioning if you should trust the source of your software. It is very good that they did.
There are still some places to be thoughtful. There are some thoughts for making the boot media, and I will add them at some point. Here are some thoughtful things to do after first booting into Raspberry Pi OS.
DO NOT plug the Raspberry Pi into the network yet; just the monitor/keyboard/mouse.
Often, the first boot expands the partition to all available space; be patient.
When done, log in. Launch the terminal if not RPi OS Lite.
In the terminal, and sudo rm /etc/sudoers.d/010_pi-nopasswd. The file has one line, which is some variation of: <username> ALL=(ALL) NOPASSWORD: ALL. It may be different if the Raspberry Pi Imager had certain options selected. This removes the ability to issue sudo commands without a password. Think about those annoying siblings/classmates who might want to do something when you walk away for a bit.
Now connect the Raspberry Pi to the network & update! Sometimes software updates screw things up, especially if you are using development versions. But in general, it is best to update because it fixes bugs, and any bug can cause/help security issues.
In terminal: sudo apt --fix-broken install && sudo apt-get update && sudo apt-get -y dist-upgrade.
Next, type in the terminal sudo raspi-config. Don't mess with firmware, the latest distributions include necessary firmware in kernel updates. Familiarize yourself with options & make sure you finish localization to be your country (don't forget wifi is in the System Options).
I strongly suggest you also turn off Auto-Login. Same reason why the pi user and/or your user should not have sudo rights without a password.
I suggest you do not enable SSH until after a reboot (which happens next). This may be a pain, but do you trust your siblings/classmates? 😔
Next screen: Reboot!
Head back to raspi-config enable SSH.
Reasoning
An easy way to introduce yourself to the idea of security is to think about "fences" and the how & who you allow in. This might not be a common view; I'll explain my thoughts.
There will always be errors, whether bugs, misconfigurations, or whatever. The general analogy of fences is that an attacker does not have just one fence to jump over to get to what should be protected. I do this professionally, making as many fences as feasible to maintain. It goes along with the idea that there is not just one "silver bullet" in security.
Let's look at the related fences:
Removing pi user: Though no longer necessary, this is still important. The software (RPi OS) was delivered in a way that allowed other unknown people access to your system. They may be folks you didn't expect, or they may get to it in ways you didn't expect. So, essentially, a fence was removed entirely. Thank you, Raspberry Pi Foundation for making this change!
Not allowing passwordless sudo: Attackers have a whole slew of tricks. They want you run scripts that have root privileges. So, fences here are: 1) asking you for a password when you aren't expecting it; and 2) not running scripts as root when you're not watching.
Update frequently: Attackers often know the holes in your fences before you do. This is the nature of large distributed software stacks. And it is hard for you to keep track. So, not only is it best to assume that there will be fixes, it is also good to trust the developers upstream!
There are more things, but those are the most accessible at this point. And as deep as I want to write at this point, in the end, you have to decide what are acceptable risks. This is what good Linux administration is about and best to start out now! 😃
I should say more, but for now, I've created this bash script to help updates in the future.
Here is a command to see if your RPi is possibly using a low-voltage power source:
vcgencmd get_throttled
There are codes I should link or copy here. There are some folks who report that writes to SD cards can be missed. I'm not sure that is right with how the Linux kernel works. But I find it hard to come up with a good reason to run a RPi with a low-voltage power supply. If the board is having troubles, peripherals will likely have trouble. There will be lots of retries on anything from read/write to RAM to NICs to storage to much of anything else connected.
Some might say that the fan on the PoE hat is overly aggressive. Check out the temperatures on the RPis themselves before messing with stuff. You do not want the device to overheat. If you feel like changing the temperature it kicks in on, read on!
The temperatures that kick off different speeds can be configured in /boot/firmware/config.txt. As an example, one could set it to:
# PoE Hat Fan Speeds/Temperatures
dtparam=poe_fan_temp0=50000
dtparam=poe_fan_temp1=60000
dtparam=poe_fan_temp2=70000
dtparam=poe_fan_temp3=80000
Note that these temperatures are 50, 60, 70, and 80 degrees Celsius respectively. Also, note that the file's location has changed; it used to be /boot/config.txt.
For a Raspberry Pi 5 that I have, I'm so glad I got the Pironman 5 case for Christmas. With it, and a few other things, I've made the RPi 5 8GB model into a nice little dual display desktop. More on that experience later. For now, some hints/tips.
Power: As usual, any old power supply isn't the best on RPis; especially if you have anything plugged in. The usual 3A power supply isn't bad for the case. But if you plug any peripheral, including USB drives, you will need something a bit more powerful. I got the Raspberry Pi 5 Official 27W USB Type-C Power Supply, also from Sunfounder.
Installation: A lot of information on https://docs.sunfounder.com/. The exact URL has changed a few times, but it is currently here. It has assembly instructions for physical installation. For installing Raspberry Pi OS, there isn't much difference from the usual. I opted to install the M.2 drive, boot off an SSD, and use RPi Imager to image the M.2.
And there are software installation instructions too. The basics are:
sudo apt-get install git python3 python3-pip python3-setuptools -y
git clone -b base https://github.com/sunfounder/pironman5.git --depth 1
cd ~/pironman5
sudo python3 install.py
There isn't a make/make install; Python does it all for you. It asks you to reboot; which is always safe, but read below if you can't wait to stop the fans from buzzing. 😵💫
Fan Control: For full information, please go to their docs. The short of it is two commands:
sudo pironman5 -gm #
sudo systemctl restart pironman5.service
Change the # to one of:
4: Quiet: The RGB fans will activate at 70°C.
3: Balanced: The RGB fans will activate at 67.5°C.
2: Cool: The RGB fans will activate at 60°C.
1: Performance: The RGB fans will activate at 50°C.
0: Always On: The RGB fans will always on.
My home office tends to run a bit hot. I've been working fine with #4, and the fan rarely comes on. And nothing bad has happened on the RPi 5 in the Pironman5 case!
Oh, and because I'm the paranoid type, I cloned both of Sunfounder's related repos: software, docs. I will try to pull changes as I can. No guarantees!