Results 1 to 10 of 58

Thread: Important: community effort to harden Ubuntu

Hybrid View

  1. #1
    Join Date
    Nov 2009
    Location
    Nutley, NJ
    Beans
    551
    Distro
    Ubuntu 12.04 Precise Pangolin

    Important: community effort to harden Ubuntu

    I've made a ton of mistakes lately since I got my System76 Lemur Ultra Thin (lemu4) notebook PC back on July 5th, 2012. I have had to re-install Ubuntu, OpenSuSe from scratch repeatedly because I made too many mistakes that locked me out of my PC or made it impossible for me to log in to my PC. This time, I want to try a different approach. I admit that I don't know enough about how to harden and secure GNU/Linux and I am turning to the community for help.

    I re-installed Ubuntu 12.10 64 bit from scratch this past Monday. I have done a minimal amount of effort to harden or secure it. 1. I have added, downloaded, installed, and updated BitDefender for Unices Free and it is fully licensed, 2. I have enabled my firewall and I installed GUFW to open up TCP ports 4242 for CrashPlan so my family members and friends can backup to my System76 PC plus I have enabled IPP Port 631 so that I can print to my Canon Pixma MX870 all-in-one printer, 3. I have downloaded and installed my LastPass extension for Mozilla Firefox and I downloaded and execute LastPass Pocket so that I can download my LastPass vault offline. That's it so far.

    I have had problems with ninja locking me out of my administrator account when I used Ubuntu 12.10 64 bit Beta 2. I sent a private message to Bohdi Zazen seeking guidance on how to install and setup ninja properly so that this won't happen again. I have also asked if it is even necessary to use ninja when I would rather prefer to restrict access to su and passwd as an alternative. I don't want to install and setup ninja until I receive more feedback from him or other community members regarding Ubuntu 12.10 64 bit or any future versions that I plan to upgrade to every April and October of each year.

    I read all of the security sticky threads. I need help choosing among AIDE, Tripwire, or integrit to monitor local folders and files for changes. Which one is easiest and simplest? It seems to be AIDE. However, I have had problems trying to get AIDE to work on Ubuntu 12.10 64 bit Beta 2 and I need more help when I am ready to tackle this mini project.

    I need help with OpenVAS. I don't have enough experience to know how to make it work properly. At least I'm being open and honest with the community so I need help when I am ready to download and install and set it up later.

    I am skittish about SNORT. I read all the warnings about how it can introduce more vulnerabilities and I have little knowledge about SNORT or postegr and Apache. When I am ready to deal with this, I will need lots of help and support.

    I am comfortable with Novell AppArmor and I prefer to use Rookcifer's custom Novell AppArmor profiles for Mozilla Firefox and Google Chrome along with its related software packages. However, I will still need some help from Rookcifer because I use Ubuntu 12.10 64 bit and some of his custom Novell AppArmor profiles clearly indicate it is designed for Ubuntu 12.04. When I am ready, I will need to ask questions and get more help and support.

    That should cover it for now. There will undoubtedly be more questions and more need for specific help.

    I want help from the said community members in this thread. I want to open it up to the community to reply and contribute for others that may have similar or related questions. Basically, I don't want to repeat the same old mistakes all over again. I don't want to re-install any operating system from scratch all over again. This is why I need my own thread to focus on my issues and to offer help to others that may reply with their own problems, issues, and questions.

    The community here is terrific for these kinds of things. Security is a process and staying alert is key. I don't know enough on how to obtain a reasonably safe and secure Ubuntu installation so I am asking for help and support. My GNU/Linux skills are moderate to advanced depending on the topics covered so far. I am strongest in my knowledge about anti-malware, firewalls, cryptography, Novell AppArmor and to a lesser degree file integrity tools. I have to get more help with NIDS and ninja in particular and I need lots of hand holding and support.

    Thank you.

  2. #2
    Join Date
    Nov 2009
    Location
    Nutley, NJ
    Beans
    551
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Important: community effort to harden Ubuntu

    Let me be clear: my goal with this thread of mine is to achieve a reasonably strong desktop security that covers most of the bases in the security sticky threads. I need to be told when I am crossing the line and I am going overboard based upon further replies that I make or others contribute in this thread. Thank you.

  3. #3
    Join Date
    Nov 2009
    Location
    Nutley, NJ
    Beans
    551
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Important: community effort to harden Ubuntu

    I sent a PM to rookcifer and I created and enforced his custom Novell AppArmor profiles for Mozilla Firefox, X-Chat, Pidgin, etc. and I noticed that I can not customize my Firefox extensions or add-ons and the Ubuntu Unity web apps desktop integration is broken. Can you please reply with help to fix these problems? I am using Mozilla Firefox 17 and Ubuntu 12.10 64 bit. Thank you.

  4. #4
    Join Date
    Feb 2008
    Location
    In my skin.
    Beans
    Hidden!
    Distro
    Xubuntu

    Re: Important: community effort to harden Ubuntu

    Quote Originally Posted by Welly Wu View Post
    I sent a PM to rookcifer and I created and enforced his custom Novell AppArmor profiles for Mozilla Firefox, X-Chat, Pidgin, etc. and I noticed that I can not customize my Firefox extensions or add-ons and the Ubuntu Unity web apps desktop integration is broken. Can you please reply with help to fix these problems? I am using Mozilla Firefox 17 and Ubuntu 12.10 64 bit. Thank you.
    This should be the subject of a new thread as it has little to do with the original post and description of this thread. I advise you post a new thread regarding this issue. You will broaden your chances of getting help with it.
    Last edited by Bucky Ball; November 29th, 2012 at 10:02 AM.

  5. #5
    Join Date
    Nov 2009
    Location
    Nutley, NJ
    Beans
    551
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Important: community effort to harden Ubuntu

    Okay. Will do soon.

  6. #6
    Join Date
    Sep 2011
    Beans
    1,531

    Re: Important: community effort to harden Ubuntu

    The OP has all been done already, the result was the Basic Security Wiki. IMO anything past that is overkill for a standard home user.

    Honestly it seems like you're trying to tackle the most difficult concepts first. Start simple & start with the big obvious vulnerabilities (like the stuff covered in the basic security wiki). Once you've mastered that then try deploying apparmor. If you misconfigure security tools, you might be creating more vulnerabilities than you're fixing.

    You could also watch this:
    http://www.irongeek.com/i.php?page=v...stem-hardening

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •