Last active
May 8, 2024 02:10
-
-
Save huynhbaoan/3259a9a869802a3415cd78f95bc40209 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Clone a running OS from SD card to USD SSD, Raspberry 4B 8G | |
| ### Main guide | |
| https://medium.com/xster-tech/move-your-existing-raspberry-pi-4-ubuntu-install-from-sd-card-to-usb-ssd-52e99723f07b | |
| ### References: | |
| https://www.raspberrypi.com/documentation/computers/raspberry-pi.html#raspberry-pi-boot-modes | |
| https://www.raspberrypi.com/documentation/computers/raspberry-pi.html#raspberry-pi-4-boot-flow | |
| https://www.raspberrypi.com/documentation/computers/raspberry-pi.html#raspberry-pi-4-boot-eeprom | |
| ### If necessary, deal with the SSD adaptor without UAS support (Argon one m2 does not have this issue) | |
| https://www.helping.ninja/how-to-migrate-raspberry-pi-sd-card-to-a-usb-ssd-speedtest/ | |
| ## Deal with Argon one m2 fan noise | |
| - Set fan to run when temperature is high than 50 Celsius degree. Trying to keep temparature lower is hard. | |
| - Remove the magnetic cover if necessary. This cover prevent the heat from flowing out. | |
| - As confirmed by Reddit community, setting the jumper to mode 2-3 (direct flow) cause more heat on Pi. Use mode 1-2 reduce the heat | |
| - Need more test: the thermal pad might need a little time before it can take effect. | |
| ## Setup | |
| ## [OS upgrade] | |
| apt-get update -y | |
| apt-get upgrade -y | |
| ## [Install necessary packages] | |
| apt install apt-list mlocate vim nano fail2ban etherwake hddtemp lm-sensors -y | |
| updatedb | |
| ## [Add normal user] | |
| useradd -m <user> | |
| passwd <user> | |
| ## [Install dwagent] | |
| wget https://node896146.dwservice.net/getAgentFile.dw?name=dwagent.sh | |
| mv getAgentFile.dw\?name\=dwagent.sh dwagent.sh | |
| chmod 700 dwagent.sh | |
| ./dwagent.sh | |
| ## [Setup WOL] Must be run as root or sudo | |
| vim ~/.bashrc | |
| alias wakehome='sudo etherwake 30:85:A9:98:CB:4A' | |
| alias temp='/usr/bin/vcgencmd measure_temp' | |
| ## [Secure SSHD] | |
| vim /etc/ssh/sshd_config | |
| Include /etc/ssh/sshd_config.d/*.conf | |
| Port 22 | |
| AllowUsers user@192.168.1.* <user>@<IP x.x.x.x> <user2>@<IP x.x.x.x> | |
| PermitRootLogin no | |
| StrictModes yes | |
| MaxAuthTries 3 | |
| PasswordAuthentication yes | |
| PermitEmptyPasswords no | |
| ChallengeResponseAuthentication no | |
| UsePAM yes | |
| PrintMotd no | |
| AcceptEnv LANG LC_* | |
| Subsystem sftp /usr/lib/openssh/sftp-server | |
| sshd -t | |
| systemctl restart sshd | |
| ## [Configre fail2ban] Block SSH attacker | |
| apt install fail2ban -y | |
| vim /etc/fail2ban/jail.local | |
| [sshd] | |
| mode = aggressive | |
| [DEFAULT] | |
| bantime = 180m | |
| findtime = 15m | |
| maxretry = 5 | |
| systemctl start fail2ban | |
| systemctl enable fail2ban | |
| fail2ban-client status | |
| fail2ban-client status sshd | |
| cat /var/log/fail2ban.log | |
| iptables -L | |
| iptables -S | |
| fail2ban-client set <jail-name> unbanip <ip-address> | |
| ## Argon one m2 fan control | |
| wget https://download.argon40.com/argon1.sh | |
| chmod 750 argon1.sh | |
| ./argon1.sh | |
| argonone-config | |
| #### Set fan to run if temperature is higher than 50 Celcius degree | |
| ## Get cpu temp, hdd temp: | |
| sensors | |
| temp | |
| hddtemp | |
| ## Test run get metrics | |
| vim loop.sh | |
| #!/bin/bash | |
| while sleep 60; do python get-by-id-lite.py >> output.log; done | |
| #### Run by &, then disown |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment