System - micahgrinnell/CC-Capstone-Project GitHub Wiki

Suggested System Changes:

Under the 'System' drop-down menu at the top, there are pages for changing specific aspects of the system. The headers below outline what page these modifications can be made on. As stated on the previous page, all of these altercations are optional yet most are highly recommended. I also advise you to implement the system changes after the network changes because we are creating a backup at the end.

System

  1. Verify time is accurate
    • Make sure 'Local Time' matches with your current date and time of day.
    • If not, try 'Sync with browser' or changing your timezone.
      • If your time is still incorrect, change the NTP servers under the 'Time Synchronization' tab (use this page to find your regional time servers).
  2. Alter logging settings
    • Change 'System log buffer size' to 512
    • Add your separate log server if applicable (I recommend creating one for the sake of security).
      • If you don't have a log server, at the very least change the system log file (I changed mine to /etc/logs/system.log).
  3. Save & Apply changes

Administration

  1. Change root password if needed
    • I suggest changing this consistently to increase security.
  2. Update SSH access
    • Remove WAN access
      • If there is a 'Dropbear Instance' with an interface of 'wan', delete it.
    • Change LAN access
      • While the interface is set to 'lan', make the Port something other than '22' (I used this page to find a random port number)
      • Uncheck Password authentication (we will be configuring SSH-Keys next, allowing for passwordless SSH)
      • Uncheck Allow root logins with password
    • Save & Apply changes
  3. Implement SSH-Keys
    • The process for generating SSH-Keys does not depend on what OS your PC is using.
      • The command ssh-keygen should generate a key pair
      • The only difference across operating systems is where the keys are stored (using ssh-keygen should tell you where they are kept)
      • Once you have the key pair, just paste or drag the .pub file to the open prompt.

Software

This page is for downloading and implementing exterior packages that can improve your OpenWrt system. To add a package click 'Update lists...' then search for the desired mod in the filter. The page below has a list of add-ons I suggest you install and some that are situational.

Recommended Packages

Backup / Flash Firmware

As stated at the top of the page, I suggest downloading the backup file once your configuration is done. To download the file, simply press the Generate archive button under 'Backup'. Now if any unexpected issues arise on your machine you can revert back by pressing the Upload archive and using the .tar file downloaded earlier.