Sudo Su

How to improve the security of Raspberry Pi [2022]

Date: 15 May, 2022

A few months ago we published an article in which we showed how with a simple script programmed in Bash we could improve the security of our Raspberry Pi. Today we bring you an updated version of that script in Python.

The article mentioned above can be found at: How to Improve Raspberry Pi Security [2020].

Script Functions

  • CPU temperature: When our Raspberry exceeds a temperature of 55ºC.
  • CPU usage: When more than 85% of the CPU is being used.
  • RAM memory usage: When more than 85% of the RAM is being used.
  • Opened SSH connections: When someone accesses via SSH our Raspberry, it will tell us the IP address of the device that has established a connection.

Here is an example of what these notifications would look like:

Requirements

You must have previously created your Telegram bot. If you still don’t know how to create it, follow the next manual:

https://www.sudosu.info/how-to-create-a-bot-in-telegram/

In order to be able to use the variables in the .env file, you will also need to install the Dotenv python library:

pip install python-dotenv

 

Installation

To install it, all you need to do is download the program to your scripts folder.

mkdir $HOME/scripts
cd $HOME/scripts
git clone https://github.com/CarlosPCL98/Sec-raspi-1.git
cd Sec-raspi-1

 

Set Up variables

All the parameters necessary to run the script must be filled in the .env file.

nano .env

 

Note that the script will not work if you use decimals. We recommend that you only fill in the TOKEN and ID variables for your Telegram bot.

  • CPU_TEMP_LIMIT will be the limit temperature to send an alarm in Celsius degrees. Sample: 50 = 50°.
  • CPU_USE_LIMIT will be the limit percent of CPU use to send an alarm. Sample: 80 = 80%.
  • RAM_USE_LIMIT will be the limit percent of RAM use to send an alarm. Sample: 20 = 20%.*

Schedule task

Thanks to a Cronjob in Raspbian, we can create the timer to tun the script every 30seconds/1minute.

Run the following command to edit the Cron editor:

crontab -e

 

Add the following line at the end of the cron file:

*/1 * * * * python $HOME/scripts/Sec-raspi-1/security.py

 

If you did the configuration correctly you will receive an alarm when the script detects something out of range.

Well and finally, we hope this script helps you to improve the security of your Raspberry. Feel free to edit and improve it as you like, we would love to know what things you would improve in this script.

 


Author: Carlos Categories: Raspberry / Scripts / Security



Leave the first comment!-

Leave a Reply

Your email address will not be published. Required fields are marked *

Newsletter

Search posts

Recent Posts

Categories