Hi. I installed Ubuntu 11.10 64 bit using the alternative installation .ISO file which I burned to a CD-R disc. I setup a custom installation using full disk encryption using LUKS/LVM (AES-CBC mode 256 bits SHA-256 hash algorithm). I also set a unique, strong, complex passwords for my home directory and LUKS/LVM at boot-up.
I opened up the BASH terminal and I typed in chmod 700 $HOME this morning.
I have not setup custom AppArmor profiles or HIDS / NIDS such as Snort yet. I am still reading the stickies to learn more information before I make that decision.
Which gets me to my point: should I harden my Ubuntu 64 bit by carefully following the stickies?
I have an ASUS N61JV-X2 notebook PC with Crucial 8 gigabytes of DDR3 PC-8500 SDRAM and an Intel 2nd Generation 2.5" 34nm MLC NAND FLASH X25-M 160 gigabyte Solid State Drive. I replaced my previous operating system which was Microsoft Windows 7 Ultimate 64 bit with Ubuntu 11.10 64 bit as my sole operating system of choice less than three weeks ago.
I have an unencrypted /boot partition of 250 megabytes.
I have an encrypted / root partition of 10 gigabytes.
I have an encrypted /home partition of approximately 130.00 gigabytes and I set a unique, strong, complex password using encryptfs because Ubuntu prompted me to set my password after I installed my operating system and I logged into my user account the first time.
I use my computer and Ubuntu 64 bit to surf the Internet, read and write e-mail messages, chat with my online friends in real time, use social media including Facebook, Twitter, Google+, LinkedIn, YouTube, etc, copy and convert my 1,100+ CDs to .FLAC lossless audio files, rip and copy encrypted DVD-Videos that I purchased, watch movies, TV shows, videos, and listen to music. I also write documents using LibreOffice Writer quite heavily. I read documents such as digital magazines, e-books, Adobe .PDF files, etc.
I don't use my computer or Ubuntu to hack into other people's servers or computers and I do not code my own software projects. I am teaching myself how to code in C++, but I just started a few weeks ago so I am a beginner.
I use TrueCrypt to secure my data on removable storage devices such as my Seagate FreeAgent Desk 1.5 terabyte USB 2 external hard disk drive and my Kingston DataTraveler HyperX 128 gigabyte Super Speed USB 3 thumb drive using AES-XTS mode 256 bits with SHA-512 hash algorithm.
Do I need to go further to harden my Ubuntu 64 bit?
Should I install a HIDS and NIDS such as Snort?
Should I create custom AppArmor profiles for frequently used software applications that can access the Internet such as Google Chrome and Mozilla Thunderbird?
Do I need to install my own hardened kernel which requires me to update and patch it on my own?
I feel a lot safer and more secure using Ubuntu 64 bit with full disk encryption even though I know that once I put in my passwords and mount my drives, I am open to attacks.
I check my hardware firewall logs for suspicious activities and unknown users trying to connect to my home network daily. I use WPA2 AES-TKIP to secure my wireless network with MAC authentication for every wireless device.
I also installed Bitdefender for Unices with a free 1 year license and I scan my computer and storage devices daily.
I use Deja Dup to backup my data and I encrypt it using GPG and a unique, strong, complex password.
How much farther should I go to harden my Ubuntu system? Is it really necessary given my usage scenarios?
I rarely take my ASUS N61JV-X2 notebook PC outside of my home. I have Verizon FiOS fiber optic high speed Internet and TV at home.
What do you recommend? Why?