Secure the Raspberry Pi

Install Fail2Ban

Fail2Ban prevents brute-force attacks against your SSH port, so a script can’t try a zillion username/password combinations – they can only try 3 at a time before being banned.

$ sudo apt-get update
$ sudo apt-get install fail2ban

The initial settings are located at /etc/fail2ban/jail.conf. However do not edit any of these settings in your /etc/fail2ban/jail.conf file. Instead, edit the /etc/fail2ban/jail.local file and add your configurations there.

Create a new file, /etc/fail2ban/jail.local:

$ sudo nano /etc/fail2ban/jail.local

And add the following:

[ssh]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
bantime = 900
banaction = iptables-allports
findtime = 900
maxretry = 3

It’s enabled. It’s watching the SSH port. Ban time is 15min. Three tries.

Restart the service:

$ sudo service fail2ban restart

At this point Fail2Ban is configured. Note that all bans will be cleared upon restarting Fail2Ban or rebooting your server. If you ban yourself, you can simply restart your Raspberry Pi.

You can check your IPTables list with the following command to see all your banned IP Addresses:

$ sudo iptables -L -n --line
Advertisements

Compile MAME

This is the tutorial I used to compile. I compiled it primarily to remove the nag screens. Below is a re-creation of that tutorial, in case it gets wiped.

This is to compile MAME starting with version 0.155 through 0.158.

Build the MinGW compiling environment

Download the appropriate compiling package of files from the MAMEDev webpage under the Easy Way section.

  • mingw-mame-w64-20140905.exe if you are running a 64-bit version of Windows
  • mingw-mame-w32-20140905.exe if you are running a 32-bit version of Windows

Double-click on the file that you downloaded

Extract to: C:\MinGW.

Build the MAME Source Tree

Download the current source from the MAMEDev website.

Inside this zip file is another zip file named mame.zip.

Extract the contents of mame.zip to where you plan on keeping your MAME source tree (The rest of this page is going to assume C:\mamesrc).

You should now have a folder that looks like the following:

source_dir[1]

DIFFs, Extra Files, and Stuff

In order for the nag screens to go away, you need to include the DIFF files. Go here and select the DIFF file for your version.

Extract DIFFs to your C:\mamesrc folder.

As an option, download this file here.

This ZIP contains the following files:

  • PatchMAME.bat – a batch file to help run patch.exe
  • MakeMAME.bat – a batch file to help compile MAME
    cmd.bat – a batch file that runs a command prompt window at your source folder, with Administrative rights (to fix issues with “patch.exe”)

Extract to C:\mamesrc

You should now have a folder that looks similar to the example here.

srcdir_all[1]

This example shows the main source tree, the first five updates for MAME 0.146, and the three batch files.

If necessary, edit MakeMAME.bat:

Right-click on the file, and choose Edit. This will open the file in Notepad.

  • If you extracted MinGW to a different folder, change the red area to the correct path
  • If you are building a 32-bit version of MAME, change w64 to w32

Do the same for PatchMAME.bat.

Apply the “u” Update DIFFs

If you are just compiling the main source code, then you can skip this section.

  • Double-click the command prompt shortcut to open a command-line window.
  • The actual command to patch with a DIFF file is:patch -p0 -E <0155u1.diff

(in this example, using 0155u1.diff)

The batch file makes it a little easier to type; you can use the command:

patchmame 0155u1

(in this example, using 0155u1.diff)

You will see a window similar to the one shown. These are all of the source files that are changing.

When applying DIFFs, make sure to apply them in order (0146u1, 0146u2, 0146u3, etc.)

Create the MAME Executable

At the command prompt, type makemame, then wait, as it’s going to take a bit. You’ll see a bunch of lines of code scroll by. That’s the compiler doing its work.

When the code is done compiling, go back and check your mamesrc folder. You will have a shiny new MAME:

The 32-bit version will be named mame.exe; the 64-bit version (shown here) will be named mame64.exe

Copy to whichever folder you use for MAME.

If you also want a copy of the various tools that come with MAME, use the command make -all

CONGRATULATIONS!! You have now entered the world of compiling! You can now stay up to date within the world of MAME on your own, without having to wait for another website to upload a pre-compiled version.

MAME for Newbies

Here are some thoughts on setting up MAME for the first time, especially with an X-Arcade controller. Getting started with X-Arcade – yes the information is there in the manual, but it’s not explained very well. Here’s my take.

Go to [your favorite rom site] and download the latest MAME32 version for Windows – currently v0.90. MAME is really a DOS program, but MAME32 lets you play it easily in Windows.

Unzip the file to a directory on your PC, such as C:\MAME\.

Go to http://edgeemu.net [or your favorite rom site] to find some roms that you like. Save only the MAME files – not the others – I really don’t know what those are for. Save the roms in the same directory where you unzipped MAME32, in the subdirectory named /roms. DON’T UNZIP THEM. Keep them in ZIP format.

Launch MAME32.

On the right hand side, click Available. You will see the games in your /roms directory – and a few others.

Double click on a game. If it displays sideways, exit the game, and click Options > Default Game Options > Advanced and check “Switch resolutions to fit” AND “Switch color depths to fit” -or- uncheck “Stretch using hardware”. This will prevent the games from displaying sideways. If you uncheck “Stretch using hardware” it will display correctly but won’t use your entire monitor real estate – but it WILL display the 16 bit looking pixellated games, which looks more authentic.

If you’re using a computer keyboard, you will be disappointed. If you don’t want to build an interface yourself, X-Arcade makes good controllers.

X-Arcade, or any controller, will need to be set up in MAME. This is critical for getting the best performance out of your controller. When you launch a game, press the TAB key to open the configuration. Note that there are two different configs here (input general) and (input this game). (input general) is for ALL games and (input this game) is for just the game you’re playing. You want to change the one you’re playing – (input this game).

Okay. Let’s step back a minute here. Before you go any further, do you remember how the original game buttons were configured? Did the original Asteroids arcade controls use a joystick and two or three buttons? You need to find out. Google it, find the button layout, and then do your best to map out that layout on your controller – mentally at first – then you will configure your buttons for THIS GAME ONLY – (input this game).

Now, back to the TAB key and the config menu – this will take some trial and error, so take your time. And don’t worry – you can easily reset the config file back to default. How? Well, when you change a configuration for a specific game, a new file is created in a subdirectory called /cfg in the main MAME directory. If you’ve never done this, the /cfg directory will be empty. If you make any modifications, a new file is created with the name of the game, for example /cfg/asteroids.cfg. This is a simple text file with XML in it that specifies your custom configuration. If you want to go back to the default config, just delete this file for the specific game, and it will revert to the MAME controller config. Easy, eh? Keep in mind that MAME itself has a cfg file too in the /ctrlr subdirectory, so if you change the default config for ALL games, it is stored in the Xarcade.cfg file (or whatever your device is). So before you go monkeying with your default config (input general), you might want to make a copy of that file for backup. That way, if you mess up, just restore the Xarcade.cfg (or whatever) file to get it back to default.

When you configure your game, how do you remember what buttons were mapped to what function? Paper. Yes, the old two dimensional medium – or a gif or whatever. You will want to write down which button is fire and which is hyperspace, for example.

So you’re in the config menu, and suddenly you have four buttons assigned to one functiion! Here’s what you do. Move away from that function (using your up/down keys), then go back and assign it a single button. If you keep pressing Enter and pushing another button, it will assign all the buttons you press – rather than replace them – if you don’t move away from that function first.

Why does playing Pac-Man with X-Arcade suck? Because Pac-Man requires a 4-way joystick. A 4-way joystick has only four directions that you can point to – up/down/right/left. An 8-way has those four and also all the diagonals between them – hence, 8-way. Both 4-way and 8-way joysticks have only 4 switches in them, but the 8-way allows you to press two at the same time – so you can go up/left or up/right, etc. X-Arcade ships with their joystick set to 8-way, so if you’re old school Pac-Man, Donkey Kong, Joust, Phoenix, like me, you’re not going to like it. It will work, but not well. Fortunately, you can switch the joystick from 8-way to 4-way by opening up the box and turning a plastic “actuator” (black cylinder) upside down – look on the X-Arcade website for instructions. It’s easy. But don’t do it with the controller box on your lap, like they say; put it on a table, resting on the joysticks – they’re sturdy and can take it. If you do it on your lap, the joystick will drop to the floor, along with two other pieces – ask me how I know.

And this is where having the dual joystick model works well – beause you can keep one joystick 8-way, for games like Gyruss, and set the other to 4-way for Pac-Man and Frogger.

Other notes:

For Snaps: http://mrdo.mameworld.info/mame_artwork_ingame.php or http://mameui.info

Good ROM site
http://edgeemu.net/browse-mame-O.htm
and put in /mame/roms/
keep them zipped

snaps
http://mrdo.mameworld.info/mame_artwork_ingame.php?p=a#here
and put in /mame/snaps/

Or get snaps here:
http://mameui.info/
Links 1, 2, 3
download all 3, install 7z program, then extract them all. you need all of them.

Compiling MAME with hiscore and no nag screens
use the DIFF files to allow hiscore and no nag
http://mrdo.mameworld.info/compile.php

DIFF Files
http://forum.arcadecontrols.com/?topic=64298.0
use to modify mame before compiling it

MAME FAQs
http://mameaddicts.com/phpBB3/viewtopic.php?f=5&t=286

Layouts
http://malafe.net/index.php?page=layouts&subpage=mala

Get Marquees here:
http://www.progettosnaps.net/marquees_en.html
and put in /mame/marquees/

Artwork. Don’t use it. Go here:
http://mrdo.mameworld.info/mame_artwork_ingame.php?p=a download the mirror!
and put in /mame/artwork/
keep them zipped

Trackball
Board 1:
1. Yellow => 5v [J7]
2. Red => [J5]
3. Black => [J5]
4. Green => [J7 Ground]

Board 2:
1. Purple => 5v [J7]
2. Red => [J5]
3. Black => [J5]
4. Blue => [J7 Ground]

Controller Info

1943 – 8way + 2 button (button on right)
Asteroids – 5 button
Battle Zone – 1 2way + 1 2way with fire
Berzerk – 8way + 1 button (button on right or left)
Centipede – Trackball
Defender – 1 2way + 5 button. or 1 8way + 4 button
Dig Dug – 4way (button on right or left)
Discs of Tron – 1 spinner + 1 8way with 2fire
Donkey Kong – 1 4way (button on right)
Frogger – 1 4way
Galaga – 1 2way + 1 button (button on right)
Galaga 88 – 1 2way + 1 button (button on right)
Galaxian – 1 2way + 1 button (button on right or left)
Golden Tee Golf – Trackball + 3 button
Gorf – 1 8way with fire
Gyruss – 1 8way + 1 button (button on right)
Joust – 1 2way + 1 button
Lunar Lander – 1 2way + 2 button (2 potentiometers and 3 buttons)
Mario Bros – 1 2way + 1 button (button on right)
Missile Command – Trackball + 3 button (volcano)
Moon Patrol – 1 2way + 2 button (button on right or left)
Ms Pac Man – 1 4way
Omega Race – spinner + 2 button (button on right)
Pac Man – 1 4way
Phoenix – 4 button
Pleiads – 4 button
Pole Position – spinner + 3 buttons (spinner + 2 pedals + 1 shifter)
Red Baron – 1 8way with fire
Scramble – 1 8way + 2 button (button on right or left)
Sea Wolf – spinner or 2way + 1 button (periscope with button)
Space Invaders – 1 2way + 1 button
Star Castle – 4 button
Super Breakout – spinner + 3 buttons?
Tempest – spinner + 2 button (fire and zapper to left of spinner)
Tetris – 1 4way + 1 button (to spin blocks)
Time Pilot – 1 8way + 1 button (spinner works well here) (button on right)
Tron – 1 8way with fire + spinner
Vanguard – 1 8way + 4 buttons (in diamond shape on right)
Xevious – 1 8way + 2 button (button on right or left)
Zaxxon – 1 8way with fire + 1 button (button on right or left)

 

How to Enable HTTPS on the Raspberry Pi Apache Web Server

Note that this enables only “self-signed” certificates. I followed these directions but invariably encountered problems that were not addressed. Running Wheezy on a Raspberrry Pi B v1.

As usual, update first.

$ sudo apt-get update

Then make sure Apache and OpenSSL is installed:

$ sudo apt-get install apache2 openssl

If it is already installed, like it was on mine, then you will see:

Reading package lists... Done
Building dependency tree
Reading state information... Done
apache2 is already the newest version.
openssl is already the newest version.
openssl set to manually installed.
0 upgraded, 0 newly installed, 0 to remove and 4 not upgraded.

Your external certs are installed in /etc/ssl/certs. You won’t put these certs there.

Create a new directory for local certificates (-p means no error if existing, make parent directories as needed):

$ sudo mkdir -p /etc/ssl/localcerts

The next line starts the certificate generation. The cert is good for 365 days – you can change that.

$ sudo openssl req -new -x509 -days 365 -nodes -out /etc/ssl/localcerts/apache.pem -keyout /etc/ssl/localcerts/apache.key

The result of this command is:

Generating a 2048 bit RSA private key
......., etc.

Next, you will enter the answers to the following questions. This is where I effed up, so don’t you do it too. the FQDN name is the name of your Apache web server. For me, since I’m just running it locally, that would be the server name, like “raspberrypi” – if you kept the default. That server name is mapped to an internal IP, like 192.168.1.11 or something.

Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:California
Locality Name (eg, city) []:San Francisco
Organization Name (eg, company) [Internet Widgits Pty Ltd]:PaynsName
Organizational Unit Name (eg, section) []:SysOpsProgFest
Common Name (e.g. server FQDN or YOUR name) []:raspberrypi_orwhatever
Email Address []:noNeed@forrealemail.com

When that is done, you will have two new files in this directory: /etc/ssl/localcerts

Then chmod those files:

$ sudo chmod 600 /etc/ssl/localcerts/apache*

Enable SSL:

$ sudo a2ensite ssl

Now you need to edit the ssl configuration file in the /etc/apache2/sites-available directory.

$ cd /etc/apache2/sites-available 
$ ls -l

See what’s in there. For me, it looked like this:

-rw-r--r-- 1 root root 692 Jul 19 2016 default
-rw-r--r-- 1 root root 7461 Mar 18 14:51 default-ssl

Copy the default-ssl to a new file named the same name as your FQDN name above – for this example:

$ sudo cp default-ssl raspberrypi_orwhatever

Then edit it:

$ sudo nano raspberrypi_orwhatever

Change this line:

 <VirtualHost _default_:443>

to this:

 <VirtualHost raspberrypi_orwhatever:443>

and change these two lines:

SSLCertificateFile    /etc$
SSLCertificateKeyFile /etc$

to this (your new key location):

SSLCertificateFile /etc/ssl/localcerts/apache.pem
SSLCertificateKeyFile /etc/ssl/localcerts/apache.key

Save, close, then do:

$ sudo a2ensite raspberrypi_orwhatever

The link above says to enable port 443 in /etc/apache2/ports.conf, but mine already had it enabled with these lines:

<IfModule mod_gnutls.c>
    Listen 443
</IfModule>

So I didn’t modify that file.

Now restart Apache:

$ sudo service apache2 restart

And what you should get is a browser error, telling you that the site is not secure. That means it’s working! Because you didn’t pay a service to generate a validated certificate, you have to take your own word for it that it’s valid.

FireFox

firefox-self-signed-ssl-warning[1]

Click on I Understand the Risks, then click on Add Exception….

Next click on Get Certificate, and finally Confirm Security Exception to bypass SSL warning in FireFox.

Chrome

chrome-your-connection-is-not-private[1]

Click on Advanced, then Proceed to example.com (unsafe) to bypass SSL warning in Chrome.

Internet Explorer

internet-explorer-self-signed-ssl-warning[1]

Click on Continue to this website (not recommended) to bypass SSL warning in Internet Explorer.

 

Math is Hard: Orange you glad you’re not in fifth grade?

Here’s the answer to a problem that I admit that I cheated on. I got thrown by the idea that giving three oranges away means subtract – that’s where visualizing the transaction helps.

Problem
Shomika was helping her family pick oranges in their grove. She took some oranges home to share with her three friends. She gave 3 more than half to Jennifer. Angela got half of the remainder and 3 more. She gave Josie half of the remainder plus 3. When she got home, she only had 10 oranges left. How many did she have when she left the grove?

Solution
Start from the bottom and work your way up. For example, to be left with 10, she had to have had 26 when she met Josie, because she gave half away (26-13=13) then three more (13-3=10). And 26 is half of 58, etc. It’s the same problem with three iterations. So once you figure out the first problem – how many did she have before she met Josie – you apply the same logic to the rest.

The answer, if you don’t want to try it yourself:

In order for Shomika to be left with 10, she had to have had 26 when she met Josie, because she gave half of the 26 to Josie, which left 13, then she gave Josie 3 more, leaving her with 10.

26/2 - 3 =
  13 - 3 =
      10

In order for Shomika to be left with 26, she had to have had 58 when she met Angela, because she gave half of the 58 to Angela, which left 29, then she gave Angela 3 more, leaving her with 26.

58/2 - 3 =
  29 - 3 =
      26

In order for Shomika to be left with 58, she had to have had 122 when she met Angela, because she gave half of the 122 to Angela, which left 61, then she gave Angela 3 more, leaving her with 58.

122/2 - 3 =
   61 - 3 =
       58

Therefore, Shomika had 122 oranges when she left the grove. We can also infer that Jennifer is her BFF, and Shomika has strong arms. If an average orange weighs 6oz., then 122 oranges would weigh 45.75lbs (6 x 122)/16 = 45.75.

I started going down the algebraic route but stopped, because this was a question for a fifth-grader, who hadn’t had algebra yet. But this is the solution I would have gone for.

Another Way to Look At It

Since you’re going backwards, you just reverse the operations. Shomika had 10 after subtracting 3 and halving the prior amount. So to get to the prior amount, you add three then double that amount.

Or another way to look at it – what if Shomika wanted her oranges back? Her “friends” had posted a mean message on Facebook that she wasn’t supposed to see – but she did! Because Shomika is good friends with Tangiers, who is friends with Angela on Facebook, and he can see all her posts! And both Angela and Josie “liked” it!

So Shomika went to Josie’s house and took the extra 3 from her (now Shomika has 13), then doubled that amount, and now she has 26. Then she went to Angela and asked for the 3 back (now she has 29), then doubled that, and she has 58. Josie wasn’t home when Shomika got to her house, so she sneaked in to her kitchen through the back door (because she knows the back door is always open so the dog can go out and poop). She grabbed the flowery pink bag (that’s just like Josie!) of oranges next to the kitchen sink and ran. It was hard going, because she was already carrying around 22lbs of oranges in a paper bag. When she got home, she pulled three oranges out of the flowery bag (now she has 61), and counted double that to make sure she got all 122 oranges back. She didn’t though. Josie ate one. Josie is fat and picks her nose!

Or algebraically:

1/2x - 3 = 10
   x - 6 = 20
       x = 26

Then

1/2x - 3 = 26
   x - 6 = 52
       x = 58

And

1/2x - 3 =  58
   x - 6 = 116
       x = 122

A Simpler Version

The question is a lot simpler if you don’t include the plus-three. This much easier example will give you an idea for how to solve the problem:

Bellybop helped her family pick oranges in their grove, and afterwards, she took some oranges home to share with her friends. She gave half of the total oranges to Pollysnack. Silipsity got half of what was left of that. And she gave Hesponda half of what was left after that. When she got home, she only had 10 oranges left. How many did she have when she left the grove?

Working backwards from 10:

She had 20 when she met with Hesponda, who took 10.    (20 – 10 leaves 10).
She had 40 when she met with Silipsity, who took 20.       (40 – 20 leaves 20.
She had 80 when she met with Pollysnack, who took 40.  (80 – 40 leaves 40).

It’s a bit harder when you add the plus-three variant.

A Funner Version

Annabelle works for Apple Computer, and she was blackmailed into stealing iPads from the warehouse by three mafioso. The first guy, Guy (pronounced “Gee”), got half of the loot, plus seven extra to sell on eBay under the handle: “FlyGuy”. The next fella, Rosie, got half of what was left, plus 1. He wanted to post on Youtube a video of someone diving into a pool with a brand new iPad with the extra one (yeah, that was him!). Donny, the last guy, got half of the remainder, plus an extra 2 for his kids. Annabelle was left with 1, so if they got busted, she’d be holding the hot merch, too. How many iPads were stolen?

Work it backwards. The first calculation is for Donny:

1/2x - 2 = 1
   x - 4 = 2
       x = 6

Then Rosie:

1/2x - 1 = 6
   x - 2 = 12
       x = 14

And finally, Guy:

1/2x - 7 = 14
  x - 14 = 28
       x = 42

Next: English lesson on “had to have had”. Shomika had to have had had a lot of oranges. Also, why is it “backwards” as an adverb and “backward” as an adjective?

RealVNC Small Resolution Problem on Raspberry Pi

Because nothing is easy on Linux. If it were not for the staggering amount of user supplied support, wrestling with Linux would be as frustrating as ever. Fortunately, the answers are out there, due to the common denominator of the Raspberry Pi.

I set up VNC Server (RealVNC) on the Pi while it was connected to my HDMI monitor, whose resolution is set to 1080p (aka 1920 x 1080). When I logged in with the VNC Client from Windows, it gave me full resolution. Later, when I had shut down and restarted without the monitor attached (running headless), the Windows client gave me some horrid size like 480 x 320 – something minuscule.

Apparently, when you run headless, it defaults to the lowest possible resolution. To fix this:

$ sudo cp /boot/config.txt /boot/config.backup
$ sudo nano /boot/config.txt

and uncomment/edit:

hdmi_force_hotplug=1
hdmi_group=2
hdmi_mode=82

Now reboot:

$ sudo shutdown -r

Had it not been for stackexchange and the raspi forum, I would have been lost. Instead, I got the glorious 1080p as I had expected. Actually, I had expected the client to allow me to set this value, but I suppose it makes sense that it has to be configured at the server.

Remember to revert to the backup config.txt file if you want to connect with some other monitor.

You can also set it to a lower resolution of 1024×768 at 60Hz by:

$ sudo cp /boot/config.txt /boot/config.backup
$ sudo nano /boot/config.txt

and uncomment/edit:

hdmi_force_hotplug=1
hdmi_group=2
hdmi_mode=16

You can view more screen resolutions at http://elinux.org/RPiconfig

SD Disk Space on Raspbian Jessie

The older Raspbian distributions required that you expand the root file system to the maximum on the SD card.

That looks like it’s taken care of automatically with Jessie. If I run:

$ df -k
Filesystem      1K-blocks    Used Available Use% Mounted on
/dev/root        15119432 3969928  10475472  28% /
devtmpfs           437052       0    437052   0% /dev
tmpfs              441384   32344    409040   8% /dev/shm
tmpfs              441384    6064    435320   2% /run
tmpfs                5120       4      5116   1% /run/lock
tmpfs              441384       0    441384   0% /sys/fs/cgroup
/dev/mmcblk0p1      63503   20756     42747  33% /boot
tmpfs               88280       0     88280   0% /run/user/1000

It shows that /dev/root has all the 16GB SD allocated to it.

I ran

$ sudo raspi-config

And selected Advanced Options > Expand Root Filesystem, then rebooted. Then I ran again df -k, and the result was about the same.

 

From Zero to Pi in 5 Hours

I bought a Raspberry Pi 3 B and a Pi Camera (v2.1) from Fry’s and spent some hours configuring it. Even though it’s considered a kid’s learning computer, I don’t think it suits your average kid.

A few days prior, I bought a Sandisk 16GB micro SD card from Amazon , and used Win32 Disk Imager to flash the disk image Raspbian Jessie with Pixel . That all went fine.

I installed the SD card, plugged in a wired keyboard and mouse, and connected the Pi to an HDMI enabled monitor. I had to look up how to install the camera, because the included instructions were in 2pt font with no diagrams – it’s the socket next to the headphone jack; you have to pull up on the black tabs to open the socket, the blue side faces the headphone jack. I was ready for power up.

My first issue was powering up the Pi – of course it was. Even though I had picked a 2 Amp power supply (according to the label), the Pi didn’t light up. My second power supply worked. (Later, I tried the same power supply with a different USB cable, and it worked. USB cables – who would have thought?)

The Pi booted straight into XWindows (aka Pixel), really fast – compared to my old 2012 v1 B Pi. This was my first experience with a wireless Pi 3 – and my next problem took me an hour to figure out.

But first, I changed my Pi password, because everyone should. Then I configured my location. When you configure your location, the Pi updates your /etc/wpa_supplicant/wpa_supplicant.conf file with your info. Knowing this comes in handy later.

I don’t broadcast my wireless SSID. I know this probably causes more trouble for me than anyone who might want to hijack my wireless connection, but that’s what I’ve done. So even though the Pi could see a [blank] wireless broadcast, I couldn’t connect. I tried entering my wireless password for the [blank] connection, but that didn’t work (and actually added an entry for [blank] in the wpa_supplicant.conf file). So, to the Internet!

What I discovered was that I would have to modify a CONF file to get it to work. I really expected the GUI to have a “Manually Configure Network” option, but alas it was not so. After sifting through lots of text on how to do it, I gave it a shot. There were several different takes on what to add to

/etc/wpa_supplicant/wpa_supplicant.conf

to make it work. The one I chose worked at first, then caused even more trouble. What I tried at first was something like:

network={
 ssid="name of your network"
 psk="password key"
 key_mgmt=WPA-PSK
 scan_ssid=1
}

And it worked! So I went on my merry way. And the first thing I wanted to do was update/upgrade:

$ sudo apt-get upated
$ sudo apt-get upgrade

These seemed to go well. I was following the “official” instructions for setting up the camera. The “official” documentation says:

“Now you need to enable camera support using the raspi-config program you will have used when you first set up your Raspberry Pi.”

Sounds easy enough. What I expected was that now I should see the Camera option when I:

$ sudo raspi-config

Alas, NO CAMERA OPTION! Where is my camera? Why isn’t it there? I tried a reboot, but still no camera option in raspi-config. So just to be safe, I did another:

$ sudo apt-get upated
$ sudo apt-get upgrade

And this time, I got error, errror, error. Because, as I discovered, I was no longer connected to the Internet. Not only that, I wasn’t connected to my wireless network. And now the Pi GUI said: “No wireless interfaces found”.

I plugged it in to a wired ethernet and update/upgraded but still no fix for the wireless.

Apparently, the “No wireless interfaces found” message is very common – so common that smartasses at the Beginners forum tell people to stop asking about it. What I read was that it could be either:

  • A defective Pi WiFi.
  • A bad power source.
  • You need to run dist-upgrade.
  • Use NOOBS.
  • Install firmware.
  • Edit /boot/config.txt
  • Edit /etc/dhcpcd.conf with static IP
  • Stop asking and look up “2 ip addresses”

Whelp, none of these was my problem. I re-flashed my SD and started over, taking everything slow. When it came to editing /etc/wpa_supplicant/wpa_supplicant.conf, I discovered that it was causing the GUI to display the “No wireless interfaces found” message. The answer was to add just the SSID and password, so the wpa_supplicant.conf file that ended up working looked like this:

$ sudo nano /etc/wpa_supplicant/wpa_supplicant.conf
country=US
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1

network={
ssid="myssid"
psk="mypassword"
}

It worked! A mere hour+ of trial and error, and I was on to greater things. Note the country, ctrl_interface, update lines were all added via the GUI. I did another:

$ sudo apt-get upated
$ sudo apt-get upgrade

Just to be safe. Still, there was no Camera option in raspi-config. It was, however, in the GUI under Preferences > Pi Configuration. After enabling it there, I tried:

$ raspistill -o myimage.jpg

And it worked! Everything that works right off seems like a freeking miracle. So I’m not sure why the official documentation is incorrect.

Update here: I found out that the camera is now in raspi-config, under 5. Interfacing Options. 

And since Jessie comes with VNC installed, I also enabled that and SSH so I could manage it from my Windows PC. I installed the Windows VNC Viewer from RealVNC, and it worked flawlessly.

So from purchase time of 10:30am to up and running at 3:30pm, it took 5 hours of fiddling. But now I have all this experience (that I’ll probably never need to use again)!

Don’t forget to change your root password:

$ sudo passwd root

Because if you don’t, you can’t log in as root. Also, anyone can get root access!

Using rsync for Backup on Raspberry Pi

A good discussion of rsync and how to use it can be found here. I will try to explain why I back up the way I do.

Using rsync seems to be fairly straightforward. At first, I considered not using rsync, because it deletes from the destination what has been deleted from the source. What I thought I wanted was a way to archive those deleted files. But then I thought about the frequency of the backup – if I back up once per day at 3am, for example, and I mistakenly delete a file, the file is recoverable until 3am. I can’t think of a time where I deleted a file that I wanted to keep but didn’t realize it until the next day. Usually (always) I realize my error immediately.

Also, I have been running an application for the past few years that does archive deleted files to an “Archive” folder on the destination drive, and I have yet to ever restore anything from the Archive and find that having to delete those files is a chore.

This will be the daily backup, and I will continue to back up weekly or monthly on a third drive for off-site redundancy. The third drive will contain any legacy files that I might need – I might even keep the Archive folder on that drive. I haven’t decided. I guess it depends on how much storage I have/need.

The current setup is a Pi + Samba with a single USB drive as the NAS for my Windows network. What I need is to connect another backup drive to the Pi, either over the network or directly to the Pi’s USB.

Here’s the idea. I have several PCs where I do work. When I’m done with my projects, I save them to the Pi NAS, where they’re backed up daily.

Backups

The only one that’s a problem is the Off-Site, because it’s a manual backup, and I procrastinate.

Use Dry Run

rsync --dry-run --delete -avhz /home/myfiles/* /mybackup/somewhere/

Options:

-a        preserves everything about the file
-v        verbose
-h        human readable
-z        compresses data file during transfer
--delete  deletes from destination if not found on source
-n        dry run

 

Note: Follow up with fail2ban.

1) dont allow ssh conenctions though your router tro the rpi
2) change the default password for user pi to something else actually
2a) create a new user
2b) give that user sudo access
2c) give that user the same group access as user pi
2d) disable and remove user pi
2e) only allow the new user to be access by ssh keys
3) sudo apt-get update && sudo apt-get dist-upgrade #regularly

Change Default Shell to Bash

Log in as target user, then:

$ chsh -s /bin/bash

Change SSH Port

Install and Configure Fail2Ban

ddd

Send Email from Raspberry Pi Command Line and/or Python Script

Send Mail from Raspberry Pi Using SSMTP

Raspberry Pi B: Wheezy.

First, you need a Gmail account to use as the actual mail client. You will forward the email from the Pi to Gmail.

Set Up Gmail

Log in to Gmail, and then click here:

https://www.google.com/settings/security/lesssecureapps

or

myaccount.google.com -> "Sign-in & security" -> "Allow less secure apps: ON"

This is the location where you change your security settings. You need to set “Allow less secure apps” to ON.

Install SSMTP on Pi

$ sudo apt-get install ssmtp

Now edit the configuration file.

$ sudo nano /etc/ssmtp/ssmtp.conf

Make the following changes:

# Config file for sSMTP sendmail
#
# The person who gets all mail for userids < 1000
# Make this empty to disable rewriting.
root=postmaster

# The place where the mail goes. The actual machine name is required no
# MX records are consulted. Commonly mailhosts are named mail.domain.com
mailhub=smtp.gmail.com:465

# Where will the mail seem to come from?
#rewriteDomain=

# The full hostname
hostname=MyRaspbi

AuthUser=myEmailAddress@gmail.com
AuthPass=superSecretPassword
UsSTARTTLS=YES
UseTLS=YES

# Are users allowed to set their own From: address?
# YES - Allow the user to specify their own From: address
# NO - Use the system generated From: address
#FromLineOverride=YES

Note that the port for the conf file is 465 – I attempted to use 587, but it failed. The odd thing is that when I use a Python script to do the same thing, I have to use port 465. [scratches head]

When I ran it with 587:

$ echo "Hello inbox" | mail -s "Test" theToEmailAddress@hotmail.com

I got:

$ send-mail: Cannot open smtp.gmail.com:587

But changing the port to 465 made it happy. Also note that it fails if you add an exclamation point to the subject:

$ echo "Hello inbox!" | mail -s "Test" theToEmailAddress@hotmail.com

Will fail.

Note: I installed this the same way on Debian Jessie, and it did not have Mail installed. Instead, I tested it by entering the following, on each line, then after the last line, pressed Ctrl+D.

$ ssmtp theToEmailAddress@hotmail.com
subject: Test
Hello
$

CTRL+D.

Also, I discovered that Mpack (module that allows email attachments) was already installed.

Create Python Script

Create your python script to send the mail:

$ sudo nano sendMail.py

Enter the following (be careful to use single quotes where applicable):

import smtplib
smtpUser = 'myEmailAddress@gmail.com'
smtpPass = 'superSecretPassword'
toAdd = 'theToEmailAddress@hotmail.com'
fromAdd = smtpUser
subject = 'Python Test'
header = 'To: ' + toAdd + '\n' + 'From: ' + fromAdd + '\n' + 'Subject: ' + subject
body = 'From within a Python script'
s = smtplib.SMTP('smtp.gmail.com',587)
s.ehlo()
s.starttls()
s.ehlo()
s.login(smtpUser, smtpPass)
s.sendmail(fromAdd, toAdd, header + '\n\n' + body)
s.quit()

Save it, then run it:

$ python sendMail.py

Tada!