|
Securing / Hardening The PinePhone
|
11-24-2020, 06:59 PM
I'd love to know what people are doing as far as security tweaks for the pinephone. Not that I need anything like CalyxOS or Graphene type of phone, but I'd like to put a little VPN on it as it can only be used for a pocket linux. I don't have the skill set to really work on the phone like others, but maybe one day I will.
11-25-2020, 02:21 PM
I haven't done much, but I put some iptables rules on mine as a bare minimum.
11-26-2020, 02:19 PM
(11-24-2020, 06:59 PM)NobodyNew1 Wrote: I'd love to know what people are doing as far as security tweaks for the pinephone. Not that I need anything like CalyxOS or Graphene type of phone, but I'd like to put a little VPN on it as it can only be used for a pocket linux. I don't have the skill set to really work on the phone like others, but maybe one day I will. You could take a look at Firejail, application sandboxing (in case of vulnerability prevents access outside program need). On Mobian I have Firetools, Firejail configuration Wizard and it loads for easy configuration of programs you want to safely sandbox. I use ssh to make Pinephone administration/commandline tasks from the computer quick/convenient. To make it more secure/inaccessible to outsiders I made my Pinephone ssh server Tor hidden service .onion access only https://forum.pine64.org/showthread.php?tid=11925
- RTP
"In the beginner's mind there are many possibilities, in the expert's mind there are few." -Shunryu Suzuki [ Pinephone Original | Pinetab v1 / v2 Enjoyer ] Linux Device Privacy / Security Playlist
11-27-2020, 07:16 AM
The Mobian wiki has a security page that covers most of the above and more. No mention of Wireguard on there yet - I suppose I should try it and see if it works.
https://wiki.mobian-project.org/doku.php?id=security
11-29-2020, 02:40 AM
@wibble Wireguard works perfectly out of the box. You can enable a systemd service using configuration files.
11-29-2020, 03:25 PM
The most important thing to me is to have full disk encryption. As of today IIRC only PostmarketOS includes it out of the box and Mobian using some scripting as well.
My two cents. Enviado desde mi ONEPLUS A5010 mediante Tapatalk
11-29-2020, 04:44 PM
(11-26-2020, 02:19 PM)RTP Wrote:That's amazing !! I'll look into all of that.(11-24-2020, 06:59 PM)NobodyNew1 Wrote: I'd love to know what people are doing as far as security tweaks for the pinephone. Not that I need anything like CalyxOS or Graphene type of phone, but I'd like to put a little VPN on it as it can only be used for a pocket linux. I don't have the skill set to really work on the phone like others, but maybe one day I will. 
12-02-2020, 03:41 PM
Another good thing to do is set your ssh port to something nonstandard and only permit key-based logins. In /etc/ssh/sshd_config:
Code: Port 12345 |
