Should I harden my Ubuntu 64 bit further?

**Magnetizer** · January 11th, 2013

In addition to NoScript and Ghostery you can make use of a restrictive hostsfile.

I wrote a script to automatically set up a hostsfile consisting of several well-known blacklists (like www.someonewhocares.org)

You can add more blacklists to the script if you like, or blacklist, whitelist some hosts yourself. Sometimes it is too restrictive, so you will need to whitelist some hosts (e.g. dropbox.com)

At this moment I block around 300.000 hosts and the script works fine. I get an update nearly every day.

If you want to make use of the script, it is in this thread:

http://ubuntuforums.org/showthread.php?t=2048812

**Toriku** · January 11th, 2013

thats cool, I'm trying to bolster security on an Ubuntu server atm, one program I implemented the other day was called "deny hosts" http://denyhosts.sourceforge.net/.

It allows you to keep the port for ssh open, but filter out brute force attacks; if you use ssh to access your computer remotely it could be very useful to you, but if you don't then its probably not much use...

I want to get my Ubuntu server (which among other things) provides DNS to a network of computers, and I want to use host file style protection from undesirable websites much like your script; however I'm trying to get all the computers on this network to use the same hosts file to make it easier to control (the computers on the network include Windows, Mac and Linux machines)

**CharlesA** · January 11th, 2013

Originally Posted by Toriku

I want to get my Ubuntu server (which among other things) provides DNS to a network of computers, and I want to use host file style protection from undesirable websites much like your script; however I'm trying to get all the computers on this network to use the same hosts file to make it easier to control (the computers on the network include Windows, Mac and Linux machines)

You wouldn't need to mess with hosts files if you are handling DNS. You could write a script to put DNS entires for anything on the blacklight, or you could just forward external DNS requests to something like OpenDNS, which has filtering capabilities.

**Toriku** · January 11th, 2013

Originally Posted by CharlesA

You wouldn't need to mess with hosts files if you are handling DNS. You could write a script to put DNS entires for anything on the blacklight, or you could just forward external DNS requests to something like OpenDNS, which has filtering capabilities.

wouldn't I have to make a domain zone for each entry?