+- PINE64 (https://forum.pine64.org)
+-- Forum: PinePhone (https://forum.pine64.org/forumdisplay.php?fid=120)
+--- Forum: General Discussion on PinePhone (https://forum.pine64.org/forumdisplay.php?fid=127)
+--- Thread: Securing / Hardening The PinePhone (/showthread.php?tid=12303)
Securing / Hardening The PinePhone - NobodyNew1 - 11-24-2020
I'd love to know what people are doing as far as security tweaks for the pinephone. Not that I need anything like CalyxOS or Graphene type of phone, but I'd like to put a little VPN on it as it can only be used for a pocket linux. I don't have the skill set to really work on the phone like others, but maybe one day I will.
RE: Securing / Hardening The PinePhone - desca - 11-25-2020
I haven't done much, but I put some iptables rules on mine as a bare minimum.
RE: Securing / Hardening The PinePhone - RTP - 11-26-2020
(11-24-2020, 06:59 PM)NobodyNew1 Wrote: I'd love to know what people are doing as far as security tweaks for the pinephone. Not that I need anything like CalyxOS or Graphene type of phone, but I'd like to put a little VPN on it as it can only be used for a pocket linux. I don't have the skill set to really work on the phone like others, but maybe one day I will.
You could take a look at Firejail, application sandboxing (in case of vulnerability prevents access outside program need).
On Mobian I have Firetools, Firejail configuration Wizard and it loads for easy configuration of programs you want to safely sandbox.
I use ssh to make Pinephone administration/commandline tasks from the computer quick/convenient. To make it more secure/inaccessible to outsiders I made my Pinephone ssh server Tor hidden service .onion access only https://forum.pine64.org/showthread.php?tid=11925
RE: Securing / Hardening The PinePhone - wibble - 11-27-2020
The Mobian wiki has a security page that covers most of the above and more. No mention of Wireguard on there yet - I suppose I should try it and see if it works.
https://wiki.mobian-project.org/doku.php?id=security
RE: Securing / Hardening The PinePhone - User 18618 - 11-29-2020
@wibble Wireguard works perfectly out of the box. You can enable a systemd service using configuration files.
Securing / Hardening The PinePhone - e-minguez - 11-29-2020
The most important thing to me is to have full disk encryption. As of today IIRC only PostmarketOS includes it out of the box and Mobian using some scripting as well.
My two cents.
Enviado desde mi ONEPLUS A5010 mediante Tapatalk
RE: Securing / Hardening The PinePhone - NobodyNew1 - 11-29-2020
(11-26-2020, 02:19 PM)RTP Wrote:That's amazing !! I'll look into all of that.(11-24-2020, 06:59 PM)NobodyNew1 Wrote: I'd love to know what people are doing as far as security tweaks for the pinephone. Not that I need anything like CalyxOS or Graphene type of phone, but I'd like to put a little VPN on it as it can only be used for a pocket linux. I don't have the skill set to really work on the phone like others, but maybe one day I will.
You could take a look at Firejail, application sandboxing (in case of vulnerability prevents access outside program need).
On Mobian I have Firetools, Firejail configuration Wizard and it loads for easy configuration of programs you want to safely sandbox.
I use ssh to make Pinephone administration/commandline tasks from the computer quick/convenient. To make it more secure/inaccessible to outsiders I made my Pinephone ssh server Tor hidden service .onion access only https://forum.pine64.org/showthread.php?tid=11925
RE: Securing / Hardening The PinePhone - Zebulon Walton - 12-02-2020
Another good thing to do is set your ssh port to something nonstandard and only permit key-based logins. In /etc/ssh/sshd_config:
Code:
Port 12345
PasswordAuthentication no
PubkeyAuthentication yes