Staff Emeritus
You use a Laptop I assume these are portable drives, disconnect them when not in use or turn off net access when using them. Easy.
To anyone looking at this, excessive security for home use is ill advised, it will bog your PC's down and its a waste of time and or money.
This account is not active.
Has an Ubuntu Drip
I've been doing a CrashPlan+ initial remote data backup since October 26th, 2012 at 1 AM EST. I expect to be done by Sunday, December 16th, 2012 at 11:30 PM EST. I need to keep my System76 PC and all of my drives mounted and unlocked during this time. Otherwise, it will take much longer to complete the initial remote data backup.
Ubuntu addict and loving it
Isn't the solution for this problem simply to use an encrypted disk partition?Originally Posted by Welly Wu
I have to second the comments above mine. If people are reading this thread and thinking this is what is required to have a "secure" version of Ubuntu, it's not.
If you ask for help, do not abandon your request. Please have the courtesy to check for responses and thank the people who helped you.
Blog · Linode System Administration Guides · Android Apps for Ubuntu Users
Caffeine, theine, guaranine free.
+1. Overkill.
Has an Ubuntu Drip
I downgraded to Ubuntu 12.04.1 64 bit LTS. I found a lot of the software packages that I wanted to use and other stuff were designed for it instead of 12.10 64 bit.
I think that I am done with security for now.
Caffeine, theine, guaranine free.
In that case, could you please mark thread as 'Solved' from Thread Tools. Cheers and good luck.
Extra Foam Sugar Free Ubuntu
This is exactly what I'm thinking. Without encryption most of the security plans you have are rendered useless. Even with encryption there's still the fact that /boot must remain unencrypted, which opens up the possibility of a kernel rootkit because the kernel is completely unsecured. To reduce the possibility of this I use a shell script I made based on another already existing (and extremely useful) one that checks to make sure the contents of /boot haven't changed. I attached the script to this post if you're interested (it currently requires KDE but could be modified for other DEs). Of course there's also the threat of a cold-boot attack, and only the TRESOR (TRESOR Runs Encryption Securely Outside RAM) kernel patch can prevent that, but it's only for older kernels.
Encryption is everything. Only encryption (in combination with common sense of course) gives even a remote chance of fending off a physical attack.
Chocolate-Covered Ubuntu Beans
+1
Has an Ubuntu Drip
I did not like Ubuntu 12.10 64 bit so I decided to re-install Ubuntu 12.04.x 64 bit LTS from scratch bare metal on my System76 Lemur Ultra Thin (lemu4) notebook PC. This time, I followed the basic security guide carefully and I am not doing any of the more advanced security stuff. My Ubuntu desktop is usable now. I have not locked myself out and it does not fail to function properly. This is as far as I am willing to go with security for now. I may decide to import Rookcifer's custom Novell AppArmor profiles later on, but I chose to stick with the default Ubuntu Novell AppArmor profiles provided by the apparmor-profiles package. So far, I have no problems.
If it ain't broke, then don't fix it! It was a particularly hard lesson for me to learn, but I have learned it now.
Has an Ubuntu Drip
I changed my mind. I upgraded to Ubuntu 12.10 64 bit again. I wanted to stay up to date with the latest Ubuntu stable version release at this time.
Looking back, I can now see that my biggest mistake is that I am going too overboard with security. Ubuntu is fairly secure after the default installation is done, but the basic security guide hardens it sufficiently for most average home desktop users like myself. I find that the security sticky threads are nice to read and they have value for others, but they don't concern my case usage and my needs or preferences. I really don't want to go back to re-reading those security sticky threads and following the recommendations all over again only to mess up my Ubuntu installation and have to re-install it from scratch again. It's not worth it for the additional security. I'm not running Ubuntu Server. I have no servers installed or running like VNC, Apache, or Samba or VSFTPD. I'm just a casual home user.
I feel comfortable now. I think that I can manage to keep this Ubuntu 64 bit installation and upgrade it smoothly to newer versions every 6 months in April and October of each successive year without having to re-install everything from scratch. That's what I would prefer to do. I like staying up to date with Ubuntu releases because I like new features and capabilities.
The basic security guide is really good enough for me. It's easy to read and to understand and it's easy to implement. I know that my Ubuntu 12.10 64 bit installation is very secure right now without making more compromises in usability. I finally got my GUFW firewall list of rules set and I know how to make modifications based on future needs safely without opening holes. I've got BitDefender for Unices Free anti-virus and I know what sudo is doing all of the time. I limit privileges to the bare minimum for almost everything. I monitor my logs especially my router and network logs daily.
I created a second backup administrator account. The reason why I did this is just in case I run into an emergency or a disaster and I need a second administrator account to do admin stuff if my existing administrator account does not work properly. I'm going to log into it to check that it's working now.
Posting Permissions
Adv Reply
Bookmarks