Everybody running a server on a Raspberry with an open internet connection should protect against unauthorized access. There are various ways to protect. An additional protection is to restrict access to the Raspberry to specific IP ranges. The easiest way to do this is by using geoip and iptables and allow access from IPs from your country only. Actually this makes sense only if the server is used by you only and is no open server for everybody (owncloud, seafile, ...).

Just execute following steps in roder to install geoip on Raspbian Stretch:

1) Install the kernel header files

sudo apt-get install raspberrypi-kernel-headers

2) Create a file /usr/local/bin/installGeoIP.sh and insert following code

#!/bin/bash
set -euo pipefail

set +e
if ! dpkg -l xtables-addons-common >/dev/null ; then
        apt install xtables-addons-common
fi
if ! dpkg -l libtext-csv-xs-perl >/dev/null ; then
        apt install libtext-csv-xs-perl
fi
set -e

if [ ! -d /usr/share/xt_geoip ]; then
        mkdir /usr/share/xt_geoip
fi

geotmpdir=$(mktemp -d)
csv_files="${geotmpdir}/GeoIPCountryWhois.csv ${geotmpdir}/GeoIPv6.csv"
OLDPWD="${PWD}"
cd "${geotmpdir}"
/usr/lib/xtables-addons/xt_geoip_dl
/usr/lib/xtables-addons/xt_geoip_build -D /usr/share/xt_geoip ${csv_files}
cd "${OLDPWD}"
rm -r "${geotmpdir}"
exit 0

3) Make this file executable and invoke it

chmod +x /usr/local/bin/installGeoIP.sh

installGeoIP.sh

4) Add iptables rules to accept IPs from US and Germany

Example:

iptables -A INPUT -m geoip --src-cc DE,US -m conntrack --ctstate NEW -j ACCEPT

 

References

Maxmind geoip

GeoIP based filtering with iptables

Netfilter: geoip howto

Blocklist ipsets

How to install kernel headers

Linxu headers rpi from mhieenka
Solved: iptables & geoip

rpi-source wiki

Every Raspberry beginner starts with a NOOBS image, which is listed by raspberry.org first as the suggested image to use (See https://www.raspberrypi.org/downloads/)

NOOBS allows to start different operating systems which is useful when you want to evaluate the different alternatives to decide which is the right one for you. Unfortunately most of the people continue to use NOOBS when they have decided which OS to use. But that's the point to setup a new image with only one operating system.

Why?

NOOBS is no normal Linux system and has various quirks which causes a lot of headache sooner or later. If you ask for help if you have issues with NOOBS there is low probability you will get any responses. All experienced Raspberry users don't use NOOBS. As soon as you have decided which OS to use setup a new image and don't use NOOBS any more. This will make your life much easier when using your Raspberry.

raspiBackup supports NOOBS images in partitionorientierted backupmode . For production like systems it's suggested to create a single operating system image and backup this with raspiBackup in normal backup mode.

The purpose of this page is to explain step by step how to install and configure raspiBackup in 5 minutes to create a backup of your Raspberry very quick. This page describes for different platforms (Linux, Mac or Windows) how to restore the backup. After testing the backup and restore the next step should be to check which services have to be stopped before the backup starts. Finally cron should be configured to start raspiBackup on a regular base. Later on when you have some spare time read this page carefully to check which additional features of raspiBackup are useful for you and update the raspiBackup configuration accordingly. In any case it's strongly recommended to read the FAQ.

I just wanted to get nfs up and running on my Raspberry Jessie and got the uggly error message. Root cause is the nfs-server starts before rpcbind. If you restart the nfs-server after boot it will work. But will not work again after reboot. Following page describes how to get this fixed.

Following enviroment variations exist for raspiBackup in next release 0.6.2 which supports Raspi3. For all new features available in this beta see this page. Resource constraints limited the number of variations tested. Please add a comment when you successfully tested a variation which is not marked as tested. If you don't know for sure whether your scenario was already covered in the table don't hesitate to ask. We'll figure this out.

There are various reasons (performance, space, ..) why you want to move your root partition from your Raspberry sd card to an external device like an USB disk or USB stick. You can do it manually or use a small script to achieve this.

If you want to clone a SD image which was created on a Raspberry Pi and use the cloned SD on another Raspberry you have to execute one important additional step. Otherwise the Raspberry starting with the cloned SD card will not get a network connection.

To learn to use threading in Python you have to have a concrete problem to solve. Just use Raspberry Pi to connet 6 LEDs and manage them via GIO. On the following pages I describe how to customize my sample program to simulate tarffic lights. You also find a video which shows the program in action and a download link for the sample program.

 

Frequent asked questions about raspiBackup. Every new user of raspiBackup should read all questions and answers.

So many people from the community helped to improve raspiBackup with their comments, improvement requests and beta- and fix test support and execution. It's time to mention them now.  I unfortunately don't remember everybody - sorry about this.

It's possible to add custom code which is executed before and after the backup process via two script extensions. They are useful if modification of the backup script is required to extent the script capabilities and will be lost and thus have to be merged again and again every time when raspiBackup will be updated.

Three sample plugins are available and can be used as templates for new plugins. The first three report the CPU temperature, memory utilization and backup partition usage pre and post a backup run. The last one is called at the end of the backup and can be used to execute different actions depending on the success or failure of raspiBackup.

If you create your own plugin please share it with the community and announce it's availability in a comment. If there is any function missing for the plugin please write a comment and I'll check whether it's possible to provide the missing function.