Securing the Raspberry Shake and reducing the power consumption

Yeah, I’m not sure what happened with dtoverlay=disable-bt. Other documentation on the internet says that it can be used. I’m unsure if the following commands will properly disable bluetooth and reduce the power.

sudo systemctl disable hciuart.service
sudo systemctl disable bluetooth.service

These commands also seem helpful to stop unused services.

sudo systemctl disable gpsd.service
sudo systemctl disable exim4.service
sudo systemctl disable nmbd.service
sudo systemctl disable avahi-daemon.service
sudo systemctl disable nfs-client.target
sudo systemctl disable remote-fs.target
sudo systemctl disable remote-fs-pre.target

I’m only using ssh, sftp and scp (more secure protocols). I’m also using the web interface even though that is insecure because it’s using HTTP instead of HTTPS, which can be an issue when entering the root password.

I set mine to use a static IP address. So I don’t need the NetBIOS functionality from nmbd. I’m not mounting any remote file systems. So I don’t need NFS or remote-fs. I don’t need it to use mail or potentially be a part of a spam relay accidentally. So I disable exim. I don’t have a GPS accessory. So I disable gpsd. I don’t use Bonjour in my network intentionally. So I disable avahi-daemon.

For some odd reason, ntpd and nptdate are both running. Also there is an ntp service running. I don’t think they like running at the same time. I see that “sudo systemctl list-units --type=service” usually lists one of those 2 failing to start. I think the first one to start wins ownership of the NTP port. It looks like a race condition. I read that ntpd is better, and perhaps it would be a good idea to stop ntpdate, but I’m unsure.

I’ll have to try to see if rpcbind and bootpc are still needed. I’ll also have to figure out a way to permanently disable vsftpd, which seems to be started from within the docker container’s start.sh in the rsh-fe-config docker image.

If guess if I want to improve the power consumption when on battery power, I should really look at the processes using power, which the command below.

myshake@raspberryshake:/opt $ ps -eo pid,ppid,%mem,%cpu,cmd --sort=-%cpu | head -15
  PID  PPID %MEM %CPU CMD
 1164  1153  1.6  5.9 python app.py -i 172.17.0.2 -p 8000
 1287  1197  2.0  5.1 /usr/bin/python3 /usr/bin/gunicorn -b 0.0.0.0:5000 app:app -w 2 --timeout 300000
 1288  1197  2.0  5.1 /usr/bin/python3 /usr/bin/gunicorn -b 0.0.0.0:5000 app:app -w 2 --timeout 300000
 9029     2  0.0  2.2 [kworker/u8:0]
24385     2  0.0  2.0 [kworker/u8:1]
 5987  5967  0.4  1.8 /opt/seiscomp/acquisition/bin/odf_SL_plugin --config-dir=/opt/settings/seiscomp odf
 7861  4595  0.2  1.7 heli_ewII /opt/settings/dataC/heli_ewII.d
  130     2  0.0  1.6 [kworker/u8:3]
31025     2  0.0  1.5 [kworker/u8:2]
 6430  4595  2.0  0.6 ows -c /opt/settings/dataC/ows.conf
  402     1  2.8  0.4 /usr/bin/docker daemon -H fd://
 1193  1191  0.1  0.2 nginx: worker process
 5967  4206  0.3  0.2 seedlink -v -f /opt/seiscomp/acquisition/config/seedlink.ini
   67     2  0.0  0.1 [mmcqd/0]

It looks like some Python scripts are using the most CPU time and thus the most power consumption. I’m hoping my battery backup will be able to handle it long enough before the power comes back after a large earthquake. One time it was out for a couple of hours after one earthquake.