Kivech
February 19th, 2008, 12:32 PM
Hi all,
I'm fairly fresh to Ubuntu 7.10 x64, since I've made my final full switch about a week ago.
I have everything running I need and am quite happy with it all. For the first time ever I have a problem free stable OS. Needless to say, I feel a bit lost and figured to spend some time on studying security on Linux.
I've read the sticky on security written by bodhi.zazen and the links he provided in his post; very interesting stuff indeed. I even went through the whole 'paranoid' guide.
Now since I once (a long time ago) used to be a HP Unix admin, security is of course something that interests me. I've been out of the *nix scene for quite some time, so I'm really rusty here.
I installed Tiger on my system and had it run a report. Don't think it came up with much alarming stuff, however I did notice some parts that do concern me, and which got me thinking. This got me to the following points/questions:
Keep in mind that I have my system running flawlessly (which I consider quite an accomplishment for Linux, since in previous distros that was next to impossible), so the less I have to change, the better.
1) How secure is Ubuntu 7.10 x64 out of the box? I did install all security add ons for Firefox according to the stickied post on this forum, but is there any other 'must do' stuff?
2) I'm a bit alarmed about how Ubuntu is set up as in that my root password by default is the same as my user password. In my book that is a mortal sin. How would I go about to separate those and have a seperate root password?
3) Related to 2): I would like to be able to log into root at the login screen to do maintenance work, so I really keep root and normal users separated, how do I get to that point?
4) For security reasons, doesn't it make more sense to start up Ubuntu with a command prompt instead of with Xwin by default, and then start it manually? At least in terminal mode one can see all messages by the system, now I don't see at all what's going on.
5) I like the idea of an encrypted system, but I'm not sure the whole hassle of reinstalling everything just to encrypt my system is worth the hassle for me. Would you say that for a normal home PC these things are really needed? Because if you feel it is, I could start planning building a secure system.
6) The 'paranoid guide' is written for Debian, is this one valid for Ubuntu 7.10 x64 as well?
7) In my case I'm the main user of my PC, and my wife just uses it to browse every now and then. Since she definately is not a techy I'm going to set up a seperate account for her one of these days with everything set up she needs. Is there a simple way to port all settings of my desktop to hers, but just not allowing her the same flexibility I have to prevent her from messing up things?
8) Last question: I like my system the way it is generally now, which is basically a default Ubuntu install with customized partitions and a whole customized desktop environment (compiz bells and whistles, etc.). Is there a way to make that fully secure with encryption and stuff like mentioned in the sticky of this forum?
Anyway, enough for now. If you guys want to I can post the output of tiger later (am at anoter pc at the moment). Please let me know what you guys think, since I do value security a lot after having had some issues in the past (ea. credit card info being misused and such), and I want to make sure my pc is not vulnerable for that.
Oh, forgot to mention that I'm behind an ADSL modem/router in default config. Not sure I should delve into that one's config as well.
Thanks in advance for any advice,
Kivech
I'm fairly fresh to Ubuntu 7.10 x64, since I've made my final full switch about a week ago.
I have everything running I need and am quite happy with it all. For the first time ever I have a problem free stable OS. Needless to say, I feel a bit lost and figured to spend some time on studying security on Linux.
I've read the sticky on security written by bodhi.zazen and the links he provided in his post; very interesting stuff indeed. I even went through the whole 'paranoid' guide.
Now since I once (a long time ago) used to be a HP Unix admin, security is of course something that interests me. I've been out of the *nix scene for quite some time, so I'm really rusty here.
I installed Tiger on my system and had it run a report. Don't think it came up with much alarming stuff, however I did notice some parts that do concern me, and which got me thinking. This got me to the following points/questions:
Keep in mind that I have my system running flawlessly (which I consider quite an accomplishment for Linux, since in previous distros that was next to impossible), so the less I have to change, the better.
1) How secure is Ubuntu 7.10 x64 out of the box? I did install all security add ons for Firefox according to the stickied post on this forum, but is there any other 'must do' stuff?
2) I'm a bit alarmed about how Ubuntu is set up as in that my root password by default is the same as my user password. In my book that is a mortal sin. How would I go about to separate those and have a seperate root password?
3) Related to 2): I would like to be able to log into root at the login screen to do maintenance work, so I really keep root and normal users separated, how do I get to that point?
4) For security reasons, doesn't it make more sense to start up Ubuntu with a command prompt instead of with Xwin by default, and then start it manually? At least in terminal mode one can see all messages by the system, now I don't see at all what's going on.
5) I like the idea of an encrypted system, but I'm not sure the whole hassle of reinstalling everything just to encrypt my system is worth the hassle for me. Would you say that for a normal home PC these things are really needed? Because if you feel it is, I could start planning building a secure system.
6) The 'paranoid guide' is written for Debian, is this one valid for Ubuntu 7.10 x64 as well?
7) In my case I'm the main user of my PC, and my wife just uses it to browse every now and then. Since she definately is not a techy I'm going to set up a seperate account for her one of these days with everything set up she needs. Is there a simple way to port all settings of my desktop to hers, but just not allowing her the same flexibility I have to prevent her from messing up things?
8) Last question: I like my system the way it is generally now, which is basically a default Ubuntu install with customized partitions and a whole customized desktop environment (compiz bells and whistles, etc.). Is there a way to make that fully secure with encryption and stuff like mentioned in the sticky of this forum?
Anyway, enough for now. If you guys want to I can post the output of tiger later (am at anoter pc at the moment). Please let me know what you guys think, since I do value security a lot after having had some issues in the past (ea. credit card info being misused and such), and I want to make sure my pc is not vulnerable for that.
Oh, forgot to mention that I'm behind an ADSL modem/router in default config. Not sure I should delve into that one's config as well.
Thanks in advance for any advice,
Kivech