Page 3 of 6 FirstFirst 12345 ... LastLast
Results 21 to 30 of 58

Thread: Important: community effort to harden Ubuntu

  1. #21
    Join Date
    Oct 2004
    Beans
    12,944

    Re: Important: community effort to harden Ubuntu

    You use a Laptop I assume these are portable drives, disconnect them when not in use or turn off net access when using them. Easy.

    To anyone looking at this, excessive security for home use is ill advised, it will bog your PC's down and its a waste of time and or money.
    This account is not active.

  2. #22
    Join Date
    Nov 2009
    Location
    Nutley, NJ
    Beans
    551
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Important: community effort to harden Ubuntu

    I've been doing a CrashPlan+ initial remote data backup since October 26th, 2012 at 1 AM EST. I expect to be done by Sunday, December 16th, 2012 at 11:30 PM EST. I need to keep my System76 PC and all of my drives mounted and unlocked during this time. Otherwise, it will take much longer to complete the initial remote data backup.

  3. #23
    Join Date
    Nov 2008
    Location
    Metro Boston
    Beans
    9,041
    Distro
    Kubuntu 14.04 Trusty Tahr

    Re: Important: community effort to harden Ubuntu

    Quote Originally Posted by Welly Wu View Post
    I got a lot of confidential and critical data on my drives that I can not share with anyone.
    Isn't the solution for this problem simply to use an encrypted disk partition?

    I have to second the comments above mine. If people are reading this thread and thinking this is what is required to have a "secure" version of Ubuntu, it's not.
    If you ask for help, please have the courtesy to check for responses and thank the people who helped you.

    Blog · Linode System Administration Guides · Android Apps for Ubuntu Users

  4. #24
    Join Date
    Feb 2008
    Location
    In my skin.
    Beans
    Hidden!
    Distro
    Xubuntu

    Re: Important: community effort to harden Ubuntu

    Quote Originally Posted by SeijiSensei View Post
    I have to second the comments above mine. If people are reading this thread and thinking this is what is required to have a "secure" version of Ubuntu, it's not.
    +1. Overkill.

  5. #25
    Join Date
    Nov 2009
    Location
    Nutley, NJ
    Beans
    551
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Important: community effort to harden Ubuntu

    I downgraded to Ubuntu 12.04.1 64 bit LTS. I found a lot of the software packages that I wanted to use and other stuff were designed for it instead of 12.10 64 bit.

    I think that I am done with security for now.

  6. #26
    Join Date
    Feb 2008
    Location
    In my skin.
    Beans
    Hidden!
    Distro
    Xubuntu

    Re: Important: community effort to harden Ubuntu

    Quote Originally Posted by Welly Wu View Post
    I think that I am done with security for now.
    In that case, could you please mark thread as 'Solved' from Thread Tools. Cheers and good luck.

  7. #27
    Join Date
    Jan 2012
    Beans
    753

    Re: Important: community effort to harden Ubuntu

    Quote Originally Posted by SeijiSensei View Post
    Isn't the solution for this problem simply to use an encrypted disk partition?
    This is exactly what I'm thinking. Without encryption most of the security plans you have are rendered useless. Even with encryption there's still the fact that /boot must remain unencrypted, which opens up the possibility of a kernel rootkit because the kernel is completely unsecured. To reduce the possibility of this I use a shell script I made based on another already existing (and extremely useful) one that checks to make sure the contents of /boot haven't changed. I attached the script to this post if you're interested (it currently requires KDE but could be modified for other DEs). Of course there's also the threat of a cold-boot attack, and only the TRESOR (TRESOR Runs Encryption Securely Outside RAM) kernel patch can prevent that, but it's only for older kernels.

    Encryption is everything. Only encryption (in combination with common sense of course) gives even a remote chance of fending off a physical attack.
    Attached Files Attached Files

  8. #28
    Soul-Sing is offline Chocolate-Covered Ubuntu Beans
    Join Date
    Aug 2006
    Beans
    1,374
    Distro
    Ubuntu 13.04 Raring Ringtail

    Re: Important: community effort to harden Ubuntu

    Quote Originally Posted by kiwinz View Post
    you use a laptop i assume these are portable drives, disconnect them when not in use or turn off net access when using them. Easy.

    To anyone looking at this, excessive security for home use is ill advised, it will bog your pc's down and its a waste of time and or money.
    +1

  9. #29
    Join Date
    Nov 2009
    Location
    Nutley, NJ
    Beans
    551
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Important: community effort to harden Ubuntu

    I did not like Ubuntu 12.10 64 bit so I decided to re-install Ubuntu 12.04.x 64 bit LTS from scratch bare metal on my System76 Lemur Ultra Thin (lemu4) notebook PC. This time, I followed the basic security guide carefully and I am not doing any of the more advanced security stuff. My Ubuntu desktop is usable now. I have not locked myself out and it does not fail to function properly. This is as far as I am willing to go with security for now. I may decide to import Rookcifer's custom Novell AppArmor profiles later on, but I chose to stick with the default Ubuntu Novell AppArmor profiles provided by the apparmor-profiles package. So far, I have no problems.

    If it ain't broke, then don't fix it! It was a particularly hard lesson for me to learn, but I have learned it now.

  10. #30
    Join Date
    Nov 2009
    Location
    Nutley, NJ
    Beans
    551
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Important: community effort to harden Ubuntu

    I changed my mind. I upgraded to Ubuntu 12.10 64 bit again. I wanted to stay up to date with the latest Ubuntu stable version release at this time.

    Looking back, I can now see that my biggest mistake is that I am going too overboard with security. Ubuntu is fairly secure after the default installation is done, but the basic security guide hardens it sufficiently for most average home desktop users like myself. I find that the security sticky threads are nice to read and they have value for others, but they don't concern my case usage and my needs or preferences. I really don't want to go back to re-reading those security sticky threads and following the recommendations all over again only to mess up my Ubuntu installation and have to re-install it from scratch again. It's not worth it for the additional security. I'm not running Ubuntu Server. I have no servers installed or running like VNC, Apache, or Samba or VSFTPD. I'm just a casual home user.

    I feel comfortable now. I think that I can manage to keep this Ubuntu 64 bit installation and upgrade it smoothly to newer versions every 6 months in April and October of each successive year without having to re-install everything from scratch. That's what I would prefer to do. I like staying up to date with Ubuntu releases because I like new features and capabilities.

    The basic security guide is really good enough for me. It's easy to read and to understand and it's easy to implement. I know that my Ubuntu 12.10 64 bit installation is very secure right now without making more compromises in usability. I finally got my GUFW firewall list of rules set and I know how to make modifications based on future needs safely without opening holes. I've got BitDefender for Unices Free anti-virus and I know what sudo is doing all of the time. I limit privileges to the bare minimum for almost everything. I monitor my logs especially my router and network logs daily.

    I created a second backup administrator account. The reason why I did this is just in case I run into an emergency or a disaster and I need a second administrator account to do admin stuff if my existing administrator account does not work properly. I'm going to log into it to check that it's working now.

Page 3 of 6 FirstFirst 12345 ... LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •