Primeros pasos

Primeros pasos de configuracion/bastionado de la Raspberry

Cambiar el teclado a español, el timezone y locales

Cambiar el teclado a español.

sudo nano /etc/default/keyboard

cambiar donde pone “gb” por “es”

Locale ← No hacer (hay algunos problemas luego mostrando cosas en español como tildes y demás) Uncheck the uk and check the one you need and then set it as default. Mine is en_AU UTF-8 sudo dpkg-reconfigure locales

Timezone

sudo dpkg-reconfigure tzdata

Cambiar a IP estatica

Editar /etc/network/interfaces y cambiar la linea:

iface eth0 inet dhcp

por

iface eth0 inet static
address 10.0.0.20
netmask 255.255.255.0
gateway 10.0.0.1

Activar el servidor SSH

sudo bash
ssh-keygen

Pulsamos ENTER 3 veces
las claves deberian aparecer en:

ls /root/.ssh/

id_rsa | id_rsa.pub ← estos son los archivos que deberian aparecer.

Deshabilitar ROOT para SSH

Editar:

/etc/ssh/sshd_config

cambiar PermitRootLogin a no y rearrancar el servicio

/etc/init.d/ssh restart

Hacer que el server SSH se arranque cada vez que se reinicia:

rename boot_enable_ssh.rc to boot.rc on the boot partition you can do this by issuing the following the commands:

sudo bash
cd /boot
mv boot_enable_ssh.rc boot.rc
shutdown -r -time now

Añadir usuario normal de trabajo, y dejarle hacer SUDOs

Type in following command in the terminal to create a new user:

sudo adduser username

Follow the steps.
To allow the newly created user to use the "sudo" command, type:
sudo visudo
Add following line under the "root ALL=(ALL) ALL" Line:
yourUsername ALL=(ALL) ALL
Now press CTRL+K, X to save and exit the editor.
Alternatively instead of adding the user to the sudoers list, you can add your user to the sudo group with the following command:
adduser "username" sudo

Ampliar la memoria para tarjetas SD de mas de 2 GB:

Firstly Login to your Raspbery Pi, then issue the following commands: sudo -i
This will elevate you to root status, negating the need of sudoing a lot.
df -h
Make a note of the last line
(It will most likely be "/dev/mmcblk0p1").
Still logged in as root (from using sudo-i) issue the following commands:
Ojo, hay que quitar la parte p1
fdisk -uc /dev/mmcblk0 <-- where mmcblk0 is what you had previously.
The prompt should change to "Command (m for help):”
Type the letter p and hit Return / Enter (this will list your partitions)
Make a note of the "Start" value for /dev/mmcblk0p2 (mine is 157696) shown in the second image.
Now type the letter d and hit Return / Enter.
The prompt will ask you for "Partition number (1-4):", type in 2 and hit Return / Enter.
Then type d again, hit Return / Enter, then enter 3 and hit Return / Enter.
Still in the same prompt, type n and hit Return / Enter.
Now type p and hit Return / Enter to create a primary partition.
When you are asked for a "Partition number (1-4) :", type 2 and hit Return / Enter.
You will then be asked for a "First sector" value, enter the value you recorded previously (157696 for me - shown in the images below) and hit Return / Enter.
Now you'll be asked for a "Last sector", leave this blank, and hit Return / Enter.
Finally, hit w and hit Return / Enter to write the changes.
Now you need to reboot with the command reboot.
Please note that this process will take a while, don't worry. The larger the SD card, the longer the re-size operation will take.
Login again, then type sudo -i and hit Return / Enter to raise your privileges to root.
Now type
resize2fs /dev/mmcblk0p2
and hit Return / Enter.
Wait a while - have a coffee :D
Finally, after the operation completes, type
df -h
to see your changes.

Hacer que autocomplete despues de SUDO

Añadir a la ultima linea del archivo /etc/bash.bashrc lo siguiente:

if [ "$PS1" ]; then
complete -cf sudo
fi

Instalar fail2ban

Para rechazar continuas peticiones de login contra en SSH:

sudo apt-get install fail2ban

Instalar el ultimo Firmware que habilita las IPTABLES

“Ojo pq en futuras actualizaciones de la distro es posible que no sea necesario”
Actually, it's not really firmware in the EEPROM sense, but more part of the bootstrap system on the SD card.
This is a *good* thing as it makes it a lot harder to brick your Pi.
This guide is copied from pixelami's blog http://blog.pixelami.com/2012/06/raspberry-pi-firmware-update-for-debian-squeeze/.
I claim no credit for it and am just mirroring it to keep all my Pi information in one place.
Step 1: Install pre-requisites (ca-certificates and git-core)
sudo apt-get install ca-certificates
sudo apt-get install git-core
Step 2: Download rpi-update using wget and copy to /usr/bin and chmod it executable
sudo wget http://goo.gl/1BOfJ -O /usr/bin/rpi-update
sudo chmod +x /usr/bin/rpi-update
Step 3: Run rpi-update
sudo rpi-update
Raspberry Pi firmware updater by Hexxeh, enhanced by AndrewS
Performing self-update
Autodetecting memory split
Using ARM/GPU memory split of 192MB/64MB
We're running for the first time
Setting up firmware (this will take a few minutes)
Using SoftFP libraries
/opt/vc/sbin/vcfiled: error while loading shared libraries: libvchiq_arm.so: cannot open shared object file: No such file or directory
If no errors appeared, your firmware was successfully setup
A reboot is needed to activate the new firmware
Now according to pixelami, you need to run ldconfig and the rpi-update again to complete the update.
Step 4: Run ldconfig (updates links and cache for shared library objects) then re-run rpi-update
sudo ldconfig
sudo rpi-update
Raspberry Pi firmware updater by Hexxeh, enhanced by AndrewS
Performing self-update
Autodetecting memory split
Using ARM/GPU memory split of 192MB/64MB
Updating firmware (this will take a few minutes)
Your firmware is already up to date
sudo reboot
NB: The rpi-update script updates the firmware, /boot/kernel.img, and /lib/modules
There are parameters that allow you to update just the firmware.
See for the manual on rpi-update

Hacer baneos largos para IPs persistentes

Para rechazar continuas peticiones de login contra en SSH:

Conectar un USB stick a la raspberry

First we need to find out where our system locates the device. With the USB device not plugged in, type…
tail -f /var/log/messages

Then plug in your USB device and, looking in the new lines which appear, make a note of the ID – it will be something like sda1, sdb1, sda2, sdb2 etc.
Then CTRL-C To stop the tail command.
In this case the usb stick id is sda1. That means the device is located in /dev/sda1.
Next, we need to create a directory under /media, so you will be able to mount your drive.
sudo mkdir /media/usbstick
usbstick can be whatever you want to call it
Then we mount the usb stick with:
If you are logged in as root… (pero no utilizar ésta, ver mas abajo)
mount -t vfat -o rw /dev/sda1 /media/usbstick/

…where sda1 is its id from the tail command and usbstick is the directory you just made.
para mi usuario zeneke montarlo con este comando para que tenga acceso, sino solo seria accesible mediante root.
sudo mount -t vfat -o uid=zeneke,gid=zeneke /dev/sda1 /media/usbstick/
…or you won’t get read/write access (the -o stands for options, uid is user id and gid is group id).
Then you can go there and have a look…
cd /media/usbstick
ls -l

Para que en el arranque nos monte automaticamente la unidad (SIN PROBAR)

Open /etc/fstab as root in your favorite text editor and add a line like this:
Code:

/dev/sda1 /media/usb vfat defaults,rw,uid=1000,gid=1000 0 0

Funciona pero el user=zeneke no tiene al menos permisos de escritura
He cambiado el uid=zeneke y gid=zeneke (comprobar)

Instalar Apache2

Primero ejecutar los siguientes comandos

sudo groupadd www-data
sudo usermod -a -G www-data www-data

por si acaso actualizar el repositorio de paquetes

sudo apt-get update

instalar el servidor

sudo apt-get install apache2