How many of you are using Full Disk Encryption (LUKS)?
If you are, there are two cool scripts I found that could be very useful for the physical security of your machines.
USBKILL
silk-guardian
both of these detect any changes in USB and reboot your system. they can also wipe RAM or delete sensitive files before rebooting.
This is great stuff. I guess the usbkill package would not require much user configuration as a ynh package, only an on/off switch. The silk guardian is more advanced and would require more user input around choosing where the precious files are etc.
Are you considering to make ynh packages out of these @arkadi ? Perhaps easiest to start with the usbkill I suppose…
Now I’m thinking that this would only work for security if Ynh uses Full Disk Encryption (by default). Otherwise shutting down doesn’t do much. Do you know if Ynh has a GUI option to turn on FDE?
No GUI option for FDE. It has to be selected when you install the system.
I didn’t enable FDE when I installed because if I was away from my home on holiday and I needed to reboot my server to continue using Nextcloud and XMPP, I would be screwed.
I’m merely bringing these tools to the attention of people here who might find them useful.
That is interesting… This kind of security is only adopted at large scale if it is easy to do. I don’t think that I was presented with the (default) FDE option during installation on my Yunohost Raspberry Pi. Could it be that you aren’t presented with the option during installation?