Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
projects:howtos:artemis [2014/08/26 18:35] – prometheus | projects:howtos:artemis [2014/08/27 22:58] (current) – removed prometheus | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Artemis ====== | ||
- | As all projects, this one needed to have a name as well. //Artemis// originates from the old Greek and means - amongst others - unharmful or safe. And exactly this Artemis should deliver to you: safety for your data and no harm to your communications. | ||
- | |||
- | ===== Requirements ===== | ||
- | |||
- | ^ Hardware ^ Quantity ^ | ||
- | | RaspberryPi + MicroUSB / Power Adapter | 1 | | ||
- | | MicroSD Card | 1 | | ||
- | | USB Thumbdrive | 1 | | ||
- | | RJ45 | 1 | | ||
- | |||
- | ===== Prerequisites ===== | ||
- | |||
- | ==== Creating temporary environment ==== | ||
- | |||
- | Ensure that you download and install the ArchLinux ARM to a non-infected SD card on a secured computer. We recommand the following way of proceeding. | ||
- | |||
- | - Download the latest ArchLinux ISO and its checksum. | ||
- | - Check against each other. | ||
- | - Copy the ISO to a clean USB thumbdrive. | ||
- | <sxh bash;># dd bs=1m if=./ | ||
- | - Plug in a computer and boot it up. | ||
- | |||
- | ===== ArchLinux ARM ===== | ||
- | |||
- | - Start fdisk to partition the SD card: | ||
- | < | ||
- | - At the fdisk prompt, delete old partitions and create a new one: | ||
- | - Type o. This will clear out any partitions on the drive. | ||
- | - Type p to list partitions. There should be no partitions left. | ||
- | - Type n, then p for primary, 1 for the first partition on the drive, press ENTER to accept the default first sector, then type +100M for the last sector. | ||
- | - Type t, then c to set the first partition to type W95 FAT32 (LBA). | ||
- | - Type n, then p for primary, 2 for the second partition on the drive, and then press ENTER twice to accept the default first and last sector. | ||
- | - Write the partition table and exit by typing w. | ||
- | - Create and mount the FAT filesystem: | ||
- | < | ||
- | mkfs.vfat / | ||
- | mkdir boot | ||
- | mount /dev/sdX1 boot | ||
- | </ | ||
- | - Create and mount the ext4 filesystem: | ||
- | < | ||
- | mkfs.ext4 / | ||
- | mkdir root | ||
- | mount /dev/sdX2 root | ||
- | </ | ||
- | - Download and extract the root filesystem (as root, not via sudo): | ||
- | < | ||
- | wget http:// | ||
- | tar -xf ArchLinuxARM-rpi-latest.tar.gz -C root | ||
- | sync | ||
- | </ | ||
- | - Move boot files to the first partition: | ||
- | < | ||
- | mv root/boot/* boot | ||
- | </ | ||
- | - Unmount the two partitions: | ||
- | < | ||
- | umount boot root | ||
- | </ | ||
- | - Insert the SD card into the Raspberry Pi, connect ethernet, and apply 5V power. | ||
- | - Use the serial console or SSH to the IP address given to the board by your router. The default root password is ' | ||
- | |||
- | ===== Configuration ===== | ||
- | |||
- | <note important> | ||
- | |||
- | ==== Firewall ==== | ||
- | |||
- | In order to network-secure Artemis tight as possible, we are just going to drop every input and output traffic by default, and whitelist whatever services we need. | ||
- | |||
- | === Purging iptables === | ||
- | |||
- | Safe the following commands in / | ||
- | |||
- | <sxh bash; | ||
- | iptables -F | ||
- | iptables -X | ||
- | iptables -t nat -F | ||
- | iptables -t nat -X | ||
- | iptables -t mangle -F | ||
- | iptables -t mangle -X | ||
- | iptables -t raw -F | ||
- | iptables -t raw -X | ||
- | iptables -t security -F | ||
- | iptables -t security -X | ||
- | iptables -P INPUT ACCEPT | ||
- | iptables -P FORWARD ACCEPT | ||
- | iptables -P OUTPUT ACCEPT | ||
- | </ | ||
- | |||
- | <sxh bash; | ||
- | # iptables -N TCP | ||
- | # iptables -N UDP | ||
- | </ | ||
- | |||
- | ===== References ===== | ||
- | |||
- | [0] [[http:// | ||
- | \\ [1] [[https:// |