If you've recently switched from Windows to the Linux distribution Ubuntu, you've probably experienced a decrease in spyware -- and malware in general -- on your system. But although Ubuntu is billed as the ultra-secure solution, you should know that even though Ubuntu's default install has its flaws, like every other operating system.
To combat these weaknesses, IT Security has prepared a guide to help you close your system's backdoors and protect you from some of the common Ubuntu exploits. Look at this big ol' Ubuntu security resource as an introductory guide to securing Ubuntu, along with a list of the software you'll need to stay protected.
Getting Started
Surprisingly, many new Ubuntu users fail to take the most basic steps toward securing their install, even when they know better. Thankfully, the list of critical changes isn't long. Making modifications may not excite you as much as, say, adding a whole new security program, but these simple changes will go a long way to closing up Ubuntu's security weaknesses.
Modifying Default Settings
The first set of basic critical changes requires you to modify three insecure default system settings:
tmpfs /dev/shm tmpfs defaults,ro 0 0
PermitRootLogin yes
to
PermitRootLogin no
sudo chown root:admin /bin/su sudo
chmod 04750 /bin/su
Enabling Automatic Security Updates
Having made the three most critical default system settings changes, you have better ensured that your Ubuntu install will start out relatively secure. But keeping it that way means being vigilent about updating your system. Because so many of us forget to update regularly, enabling automatic security updates is one surefire way to make sure it gets done.
To enable automatic security updates, click on "System" select "Administration" and choose the "Software Sources" menu. From there select the "Internet Updates" tab and enable "Check for updates automatically" (specify "Daily"). Now every time Ubuntu issues a new security release you will be notified via the "Update Manager" icon in the system tray. From there it's up to you to click the icon and allow the Update Manager to download and install the files.
Securing the Home directory
The final critical change we recommend, is that you protect your personal documents by securing your home directory. The easiest way to do this is by clicking "Applications" selecting "Accessories" and choosing "Terminal." From there enter the command:
chmod 0700 /home/username (replace username with the name you use to login to your computer).
Now that you've successfully made these basic system setting modifications, you're ready to move on and start installing software that protects your system from being compromised.
Unlike the Windows operating system, the Ubuntu Linux distribution is not ultra vulnerable to widespread virus and spyware infections, therefore the style of security used to protect one's machine is slightly different than that of a typical Windows machine.
Instead of spending hundreds of dollars on sophisticated firewalls, spyware blockers and intrusion detection and prevention systems, Ubuntu users simply have to install several free programs that protect the kernel from exploits, prevent the execution of malicious code and keep programs and users from accessing areas of the computer outside of their designated access level.
Important Software
To keep your computer secure, install the following software:
An often overlooked yet highly vulnerable area of computing is protection for machines while they're booting up. While simply keeping unauthorized users from having access to your computer is the best policy, sometimes that isn't possible. Thus this guide, over at the UbuntuForums, gives detailed instructions for protecting your computer while it's booting up.
The steps involved in this security measure are a bit more complex than the skillset of the average user, and it requires a small of amount of scripting, so we recommend that you only attempt to perform this security measure if you're really comfortable with Ubuntu, and Linux in general.
Congratulations, by this point you have completed the mandatory steps for a baseline securing of your Ubuntu install. You can now feel reasonably comfortable in the security of your install, but there are certainly still some lingering vulnerabilities. At this point it's up to you whether you want to take your system's security to the next level by integrating a few more applications of your choice.
Ahh yes rootkit, the ultimate swear word to a Linux user. Although this guide is designed to prevent attackers from installing rootkits and backdoors onto your machine in the first place, breakdowns can occassionally happen. Thus it's a good idea to regularly scan for rootkits using the following software to make sure that your computer hasn't been compromised.
I know what you're thinking, antivirus?...This is Linux! However true that may be, it is still important to provide protection for all inbound and outbound files you might be transmitting in order to protect the less than fortunate Windows computers you might come in contact with.
Installing and configuring an efficient firewall is a great way to keep attackers out. The stricter your rule-set and security policies are, the less likely it is that an attacker will find a way to exploit your system.
These tools are essential for monitoring and securing your network.
In addition to the above resources, here are a few other programs we recommend for getting the most out of your computing experience.
Remember your computer (and network for that matter) can only be secure as the users allow it. Failing to use strong passwords, falling victims to social engineering scams, installing software without first verifying its integrity and over using the root account are all common ways to have your network compromised. To have a truly safe system, you must be committed to having a secure mindset and you must lay out strict guidelines for the people using your computer and or network. Otherwise one of them might misplace a password one day, and your entire client database or purchasing records will be stolen the next.
For more information on securing Ubuntu, check out the sources we used when writing this article.
Any operational business model relies heavily on IT support and the help desk to achieve maximum uptime for all IT systems. This white paper addresses ways for help desk analysts and IT support staff to easily and efficiently handle their workload by simplifying and automating processes to increase time and operational cost savings, enhance productivity, and boost customer satisfaction. more