This is an old revision of the document!
Table of Contents
Create a clean raspbian image
Clean your sd card
Before writing the raspbian image into your sd card, clean your storage device by turning all its bits into 0.
# dd if=/dev/zero of=/dev/rdisk<sd card number> bs=4m
Write raspbian image into sd card
# dd if=/Users/<username>/Downloads/2019-04-08-raspbian-stretch-lite.img of=/dev/rdisk<sd card number> bs=4m
Serial connection and disable first boot autosize
Backup cmdline.txt and config.txt
Before modifying cmdline.txt and config.txt, BACKUP THEM!
$ cp -p cmdline.txt cmdline.txt.original $ cp -p config.txt config.txt.original
Modify cmdline.txt
Once you have finished, change the output console device and remove the script that autoexpands / partition size at first startup.
$ vi cmdline.txt console=serial0,115200 console=tty1 -> console=ttyAMA0,115200 delete init=/usr/lib/raspi-config/init_resize.sh
Modify config.txt
Don't forget to enable this option, otherwise you won't be able to communicate to your raspberry pi throught raspberry debug port (TTL-232R-RPi).
$ vi config.txt add this : enable_uart=1
/dev/root 1.6G 978M 538M 65% / devtmpfs 460M 0 460M 0% /dev tmpfs 464M 0 464M 0% /dev/shm tmpfs 464M 12M 452M 3% /run tmpfs 5.0M 4.0K 5.0M 1% /run/lock tmpfs 464M 0 464M 0% /sys/fs/cgroup /dev/mmcblk0p1 43M 22M 21M 51% /boot tmpfs 93M 0 93M 0% /run/user/1000
Resize / manualy and create /media/data partition
Now, resize the / partition and create a new one.
# fdisk /dev/mmcblk0
Your partition table should look like this :
Device Boot Start End Sectors Size Id Type /dev/mmcblk0p1 8192 96042 87851 42.9M c W95 FAT32 (LBA) /dev/mmcblk0p2 98304 3522559 3424256 1.6G 83 Linux
Delete the / partition, and create a new one (primary) which starts at THE SAME POSITION as the one you have just deleted, in my case 98304.
In the fstab, replace PARTUUID by /dev/mmcblk0p<partition number>. Reboot your raspberry pi and then tell your system you have resized a partition by typing :
# resize2fs /dev/mmcblk0p<partition number>
After creating the partition that will be mounted at /media/data, reboot your raspberry pi. Then, turn it into an ext4 partition, and add it to fstab.
# mkfs.ext4 /dev/mmcblk0p3 # mkdir -p /media/data # vi /etc/fstab /dev/mmcblk0p3 /media/data ext4 defaults 0 0
Now, it's time to test what you have done.
# mount -a $ df -h Filesystem Size Used Avail Use% Mounted on /dev/root 7.9G 1.1G 6.5G 14% / devtmpfs 460M 0 460M 0% /dev tmpfs 464M 0 464M 0% /dev/shm tmpfs 464M 12M 452M 3% /run tmpfs 5.0M 4.0K 5.0M 1% /run/lock tmpfs 464M 0 464M 0% /sys/fs/cgroup tmpfs 464M 0 464M 0% /var/spool tmpfs 464M 148K 464M 1% /var/log tmpfs 464M 0 464M 0% /var/tmp tmpfs 464M 0 464M 0% /tmp /dev/mmcblk0p1 43M 22M 21M 51% /boot tmpfs 93M 0 93M 0% /run/user/1000 /dev/mmcblk0p3 6.7G 31M 6.3G 1% /media/data
Update raspbian packages and install needed packages
# apt update # apt upgrade # apt install --no-install-recommends tree lsof nmap git
Enable ssh
touch /boot/ssh # systemctl enable ssh # systemctl start ssh
Reference : https://www.raspberrypi.org/documentation/remote-access/ssh/
Mount partitions
# vi /etc/fstab tmpfs /tmp tmpfs defaults 0 0 tmpfs /run tmpfs defaults 0 0 tmpfs /var/spool tmpfs defaults 0 0 tmpfs /var/log tmpfs defaults 0 0 # reboot
Systemd-hostnamed doest not start
# vi /etc/fstab tmpfs /var/tmp tmpfs defaults 0 0
Check if there are any errors
Fix rsyslog /var/spool/rsyslog directory missing
By unit file
# vi /etc/systemd/system/generateRsyslogStructure.service [Unit] Description=Generate Rsyslog structure Before=syslog.service [Service] ExecStart=/bin/bash /home/pi/generateRsyslogStructure.sh Type=oneshot [Install] WantedBy=default.target
$ vi /home/pi/generateRsyslogStructure.sh
#!/bin/bash
if [ -r /etc/rsyslog.conf ]; then
WorkDirectory=$(grep "WorkDirectory" /etc/rsyslog.conf | cut -d\ -f2)
else
echo "Cannot read /etc/rsyslog.conf" >> /tmp/rsyslogService.txt
exit 1
fi
if [ ! -d "$WorkDirectory" ]; then
mkdir $WorkDirectory
fi
exit 0
sudo chmod 664 generateRsyslogStructure.service chmod a+x generateRsyslogStructure.sh # systemctl enable generateRsyslogStructure.service
By tmpfiles.d config files
# vi /etc/tmpfiles.d/genRsyslogStruc.conf d /var/spool/rsyslog 0755 root root
Reference: http://man7.org/linux/man-pages/man5/tmpfiles.d.5.html
Disable swap
# systemctl stop dphys-swapfile.service # systemctl disable dphys-swapfile.service # reboot
Mount system in read-only mode
# vi /etc/fstab /dev/mmcblk0p2 / ext4 defaults,noatime,ro 0 1 /dev/mmcblk0p1 /boot vfat defaults,ro 0 2
Systemd manual: https://freedesktop.org/software/systemd/man/systemd.exec.html#id-1.20.8
Disable bash history
acdsn
# vi /home/acdsn/git/fw-rules/<port number>/etc/profile.d/noHistory.sh #! /bin/bash history -c set +o history export HISTFILESIZE=0 export HISTSIZE=0 unset HISTFILE
# chmod a+x /home/acdsn/git/fw-rules/<port number>/etc/profile.d/noHistory.sh
# ln -s /home/acdsn/git/fw-rules/<port number>/etc/profile.d/noHistory.sh ./etc/profile.d/noHistory.sh
root
# mv /etc/bash.bashrc /home/acdsn/git/fw-rules/<port number>/etc/ # mv /home/acdsn/git/fw-rules/<port number>/etc/.bashrc /home/acdsn/git/fw-rules/<port number>/etc/bashrc.root # ln -s /home/acdsn/git/fw-rules/3780/bashrc.root .bashrc
Import noHistory.sh into .bashrc
if [ -r /etc/profile.d/noHistory.sh ]; then
. /etc/profile.d/noHistory.sh
fi
Reference: http://www.linuxfromscratch.org/blfs/view/stable/postlfs/profile.html
Disable apt-daily.service and apt-daily-upgrade.service
If you reboot your raspberry pi, you might see that apt-daily-upgrade.service failed to start. This happens because your system is in read-only mode. To solve this, disable it and it's timer.
root@3780:/home/acdsn# systemctl list-timers NEXT LEFT LAST PASSED UNIT ACTIVATES Mon 2019-05-06 20:48:57 CEST 6h left Mon 2019-05-06 08:38:50 CEST 6h ago apt-daily.timer apt-daily.service Tue 2019-05-07 06:39:25 CEST 15h left Mon 2019-05-06 14:27:48 CEST 19min ago apt-daily-upgrade.timer apt-daily-upgrade.service Tue 2019-05-07 14:43:08 CEST 23h left Mon 2019-05-06 14:43:08 CEST 3min 45s ago systemd-tmpfiles-clean.timer systemd-tmpfiles-clean.service
Now that you have the timer and ther unit name, stop and disable them.
# systemctl stop apt-daily.timer # systemctl stop apt-daily.service # systemctl disable apt-daily.timer # systemctl disable apt-daily.service
# systemctl stop apt-daily-upgrade.timer # systemctl stop apt-daily-upgrade.service # systemctl disable apt-daily-upgrade.timer # systemctl disable apt-daily-upgrade.service
systemd-tmpfiles
This service doesn't start on boot. Move /var/lib/sudo/ts to /media/data/var/lib/sudo/ts by creating a symlink.
# mkdir -p /media/data/var/lib/sudo/ts # rm -r /var/lib/sudo/ts # ln -s /media/data/var/lib/sudo/ts /var/lib/sudo/ts