1 - Using the last official Raspbian Buster Lite from https://www.raspberrypi.org/downloads/raspbian/
Direct link: https://downloads.raspberrypi.org/raspbian_lite_latest
This is a good method to make the drive almost impossible to forensic extract previous data, apply this step if you're going to use a previously used microSD card (from a camera, from another raspberry Pi project, etc) so your previous data will be reasonably safe. If you just buyed a new microSD card, this step is not really necessary.
# on OSX
sudo dd if=/dev/urandom of=/dev/YOUR_DEVICE_NAME bs=1m
# on linux
sudo dd if=/dev/urandom of=/dev/YOUR_DEVICE_NAME bs=1M status=progress
# on OSX
sudo dd if=raspbian-buster-lite.img of=/dev/YOUR_DEVICE_NAME bs=1m conv=sync
# on linux
sudo dd if=raspbian-buster-lite.img of=/dev/YOUR_DEVICE_NAME bs=1M conv=fdatasync status=progress
3/2 - Launch raspi-config to expand filesystem and activate ssh server, then reboot. Now we can access our device via ssh, with default raspbian credential
user pi, passwd raspberry
passwd
sudo passwd
sudo nano /etc/ssh/sshd_config
And edit:
# Disable ipv6
#ListenAddress ::
ListenAddress 0.0.0.0
# Disallow SSH access to root account
PermitRootLogin no
# Disable X11Forwarding
X11Forwarding no
# Add AllowUsers pi, in order to enable access for your default user ONLY
AllowUsers pi
Save it and restart ssh:
sudo /etc/init.d ssh restart
deb http://raspbian.raspberrypi.org/raspbian/ buster main contrib non-free rpi deb-src http://raspbian.raspberrypi.org/raspbian/ buster main contrib non-free rpi
sudo apt update && sudo apt dist-upgrade -y
sudo apt install git
sudo apt install dnsmasq hostapd
sudo nano /etc/dhcpcd.conf
interface wlan0
static ip_address=192.168.9.1/24
nohook wpa_supplicant
sudo systemctl restart dhcpcd
sudo mv /etc/dnsmasq.conf /etc/dnsmasq.conf.orig
sudo nano /etc/dnsmasq.conf
interface=wlan0 # Use the require wireless interface - usually wlan0
dhcp-range=192.168.9.2,192.168.9.200,255.255.255.0,24h
sudo systemctl reload dnsmasq
Option 1 - Open network
sudo nano /etc/hostapd/hostapd.conf
interface=wlan0
driver=nl80211
ssid=MULE
hw_mode=g
channel=5
Option 2 - WPA password access network
NOTE: wpa_key must be minimum 8 characters
sudo nano /etc/hostapd/hostapd.conf
interface=wlan0
driver=nl80211
ssid=MULE
hw_mode=g
channel=5
wmm_enabled=0
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_passphrase=MULE0000
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
sudo nano /etc/default/hostapd
DAEMON_CONF="/etc/hostapd/hostapd.conf"
sudo systemctl unmask hostapd
sudo systemctl enable hostapd
sudo systemctl start hostapd
sudo nano /etc/sysctl.conf
uncomment line: net.ipv4.ip_forward=1
Finally reboot the device:
sudo shutdown -r now
ssh pi@192.168.9.1
sudo apt install apache2
Then configure it, edit /etc/apache2/conf-enabled/security.conf:
ServerSignature Off
ServerTokens Prod
Save and restart apache:
sudo systemctl restart apache2
Now edit /etc/apache2/apache2.conf to turn Off Directory Browsing, Disable Symbolic Links, Limit request size (to 600 Kb) and Turn Off Server Side Includes and CGI Execution:
<Directory /var/www/>
LimitRequestBody 614400
Options -FollowSymLinks -Includes -ExecCGI
AllowOverride None
Require all granted
</Directory>
And finally disable unnecessary modules:
a2dismod autoindex
a2dismod status
sudo /etc/init.d/apache2 restart
If installed, disable mod_security firewall, edit the /etc/modsecurity/modsecurity.conf:
SecRuleEngine Off
sudo apt install mariadb-server mariadb-client
Secure the installation, run the command and follow the instructions:
sudo mysql_secure_installation
Now, create the db and create a new user for database access, log into the mariadb and launch the commands:
sudo mysql -u root -p
MariaDB [(none)]> CREATE DATABASE muledb;
MariaDB [(none)]> use muledb;
MariaDB [muledb]> CREATE TABLE `ml_content` (
-> `id` bigint(20) unsigned NOT NULL AUTO_INCREMENT,
-> `data` text,
-> `latitude` text,
-> `longitude` double NOT NULL,
-> `altitude` double NOT NULL,
-> `angle` float NOT NULL,
-> PRIMARY KEY (`id`)
-> ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
MariaDB [(none)]> CREATE USER 'mula'@'localhost' IDENTIFIED BY 'YOUR_PASSWORD';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON muledb.* TO 'mula'@'localhost';
MariaDB [(none)]> FLUSH PRIVILEGES;
MariaDB [(none)]> exit
Restart mysql:
sudo /etc/init.d/mysql restart
sudo apt install php php-common
sudo apt install php-cli php-fpm php-json php-mysql php-zip php-gd php-mbstring php-curl php-xml php-pear php-bcmath
Download MULE File Package from the official github repository:
cd /var/www/html
sudo git clone https://github.com/d3cod3/taz
cd taz/
ls -la
sudo chown www-data: data/
sudo chmod 775 -R data/
sudo chown www-data: muledata.json
sudo chmod 664 muledata.json
And now edit the includes/db.php file to set your database password (the one you use it in the MariaDB install above)
sudo nano /var/www/html/taz/includes/db.php
At the beginning you'll see:
private static $MULE_config = array(
"db" => array(
"host" => "localhost",
"port" => 3306,
"name" => "muledb",
"username" => "mula",
"password" => "YOUR_PASSWORD" // change this!
)
);
Just change the password accordingly and save it.
There's no need to repeat all this work for every device, just create an image from the entire raspberri PI hard drive (the microSD card), and clone this image to the others microSD card for all the devices you need.
To create the image:
# on OSX
sudo dd if=/dev/YOUR_DEVICE_NAME conv=sync,noerror bs=16k | gzip -c > image_filename.gz
# on Linux
sudo dd if=/dev/YOUR_DEVICE_NAME conv=sync,noerror status=progress bs=16K | gzip -c > image_filename.gz
And to clone from the image:
# on OSX
gunzip -c image_filename.gz | sudo dd of=/dev/YOUR_DEVICE_NAME
# on Linux
gunzip -c image_filename.gz | sudo dd of=/dev/YOUR_DEVICE_NAME status=progress