How susceptible is BeagleBone to the Mirai software?
38 views
Skip to first unread message
Josiah Yoder
Oct 27, 2016, 10:00:34 PM10/27/16
to BeagleBoard
I teach a real-time systems class where students use Beaglebone over the network. Generally, we are behind a protected firewall, but sometimes the students want to debug on other parts of the campus.
By default, one can access the root account without a password. If my students put such a BeagleBone on a network where the IP is externally visible, is it likely that the BeagleBone will become infected by the open-source botnet software Mirai?
I guess it's a moot point -- the root password should be changed before attaching the BeagleBone to a public network anyway!
Josiah
Charles Steinkuehler
Oct 27, 2016, 10:12:25 PM10/27/16
to beagl...@googlegroups.com
the default user, and disable the "no password" sudo access.
I would also recommend reviewing the open network ports and disabling
anything you don't need to use or that isn't secure. You probably
don't want things like xrdp and xvnc visible on the raw internet.
--
Charles Steinkuehler
cha...@steinkuehler.net
Robert Nelson
Oct 27, 2016, 10:27:08 PM10/27/16
to Beagle Board
cd /opt/scripts/un-tweak-image/
sudo ./debian-re-secure-root-ssh.sh
and it'll set a root password and disable "PermitEmptyPasswords"
sshd_config option..
and remove "bonescript", you can just disable disable the two
bonescript system service files..
Regards,
--
Robert Nelson
https://rcn-ee.com/
Jason Kridner
Oct 27, 2016, 11:50:49 PM10/27/16
to beagl...@googlegroups.com
And Cloud9 IDE which runs as root.
I'm looking if any security grad student wants to do a study on how to secure a BeagleBone and keep the ease of use. Just leaving a conference with the guys leading some of the analysis of Mirai out of U of M and I hope they'll take the challenge.
> --
> For more options, visit http://beagleboard.org/discuss
> ---
> You received this message because you are subscribed to the Google Groups "BeagleBoard" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to beagleboard...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/beagleboard/CAOCHtYiwk2M3T%2BR8uiQNa8sxzNoHxkdV3c4eBPimDhxnSn-_%2Bw%40mail.gmail.com.
> For more options, visit https://groups.google.com/d/optout.
I'm looking if any security grad student wants to do a study on how to secure a BeagleBone and keep the ease of use. Just leaving a conference with the guys leading some of the analysis of Mirai out of U of M and I hope they'll take the challenge.
> For more options, visit http://beagleboard.org/discuss
> ---
> You received this message because you are subscribed to the Google Groups "BeagleBoard" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to beagleboard...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/beagleboard/CAOCHtYiwk2M3T%2BR8uiQNa8sxzNoHxkdV3c4eBPimDhxnSn-_%2Bw%40mail.gmail.com.
> For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages