Shared:Securing Ubuntu

From GGCWiki

Contents 1 The Ubuntu Website 2 This is a wiki that shows how to secure this particular type of linux 3 This website shows all the steps needed to take to completely secure your system 4 Modifying Default Settings 5 General Tips 6 Setting Up firewalls 7 Helps protect Linux kernel 8 Antivirus designed to protect Linux 8.1 Installation Requirements

[edit] The Ubuntu Website

according to: http://www.ubuntu.com/

• Ubuntu is a linux-based operating system that is ideal for laptops, desktops and servers.
• It contains the basic necessities of a computer: a web browser, presentation software, document and spreadsheet software, and even instant messaging.
• The Ubuntu Promise is that it will always be free of charge. It comes with full commercial support. It comes with the very best translations and infrastructure that the free software community has to offer.

• If you have a fast modem, or means to a faster internet connection, you will be able to access the web page a lot quicker than that of a phone line/dial-up connection.

[edit] This is a wiki that shows how to secure this particular type of linux

https://wiki.ubuntu.com/SecureHome ,states that:

[edit] This website shows all the steps needed to take to completely secure your system

Short Cut Version:

Always keep up with your security updates. Your computer should let you know when updates are available. When you are not online, install a firewall. This is extremely important. Firestarter is a great firewall for ubuntu. Test the firewall to ensure security.

http://www.linuxforums.org/security/locking_down_ubuntu.html

[edit] Modifying Default Settings

The below information came directly from this website: http://www.itsecurity.com/features/ubuntu-secure-install-resource/

The first set of basic critical changes requires you to modify three insecure default system settings: 

" 1. Reconfiguring shared memory

 *Load your favorite text editor, open the file "/etc/fstab" and add the                
  following line if code
             tmpfs /dev/shm tmpfs defaults,ro 0 0

2. Disabling SSH root login

 *Load your favorite text editor, open the file "/etc/ssh/sshd_config" and add 
  change the following line of code:
                      PermitRootLogin yes
                             to
                      PermitRootLogin no

3. Limiting access to the "su" program'

 *Open the terminal by clicking "Applications" selecting "Accessories" and
  choosing "Terminal." From there enter the commands:
  sudo chown root:admin /bin/su sudo
  chmod 04750 /bin/su  "

• This could take a while, so be patient!!!!!!

[edit] General Tips

according to: http://www.itsecurity.com/features/ubuntu-secure-install-resource/

Modify Default Settings

Enable Automatic Security Updates

• "You have a better ensured way that your Ubuntu installation will start out relatively secure, when the three most critical default system settings changes."

• "Enabling automatic security updates is one surefire way to make sure it gets done, because so many of us tend to forget to do it our selves."

• To enable automatic security updates,you must:

1. "Click on "System" select "Administration" and choose the "Software Sources" menu."
2. "From there select the "Internet Updates" tab and enable "Check for updates automatically" (specify "Daily")."
3. "Now every time Ubuntu issues a new security release you will be notified via the "Update Manager" icon in the system tray."
4. "From there it's up to you to click the icon and allow the Update Manager to download and install the files."

Secure Home Directory

Use a Strong Password

• It is most important to install a firewall and to continue updating security software*

[edit] Setting Up firewalls

• It is really important to have a firewall to protect from viruses that can erupt your systems core, and cause you to lose valuable information.

The below information came directly from this website: http://www.itsecurity.com/features/ubuntu-secure-install-resource/

"Installing and configuring an efficient firewall is a great way to keep attackers out. The stricter your rule-set and security policies are, the less likely it is that an attacker will find a way to exploit your system."

" Firestarter - Versatile user friendly firewall."

"SmoothWall - Highly configurable and extremely powerful network firewall solution."

"HardWall Firewall - Iptables based packet filterer."

"Firewall Builder - Generates rule sets for popular firewalls including iptables, ipfilter and pf."

"BullDog - Very restrictive iptables based firewall. Recommended for advanced users only."

[edit] Helps protect Linux kernel

below is taken from: http://www.grsecurity.net/

" grsecurity is an innovative approach to security utilizing a multi-layered detection, prevention, and containment model. "

[edit] Antivirus designed to protect Linux

The below information is from this website: http://www.pandasoftware.com/download/linux/linux.asp

" *Panda Antivirus for Linux is an antivirus for Linux servers and desktops. It is an antivirus designed to be managed from the command line or console. To do this, an executable called PAVCL will be used.

• The aim of Panda Antivirus for Linux is to scan and disinfect Windows and DOS workstations connected to a Linux server, as well as the Linux server itself.

• Panda Antivirus for Linux scans files using both string searches and heuristic methods. The target files of the antivirus are Word documents, Java Applets, ActiveX controls and compressed files (ZIP, RAR, etc.). At the moment, it does not scan the boot sector or the partitions table.

• Panda Antivirus for Linux is a freeware version: Panda Software does not offer technical support for this software.

• You need to have this software protection to be able to install it on your computer. Installation will probably take a while. "

[edit] Installation Requirements

These are the exact requirements as listed on the website under the above section.

" In order to install Panda Antivirus for Linux (version 7.0-1) correctly, make sure the following minimum requirements are met:

   * Processor: 486 or faster.
   * RAM: 32 MB.
   * Hard Disk: 20 MB free space.
   * Operating System: Red Hat (versions 6.0, 6.1, 6.2, 7.0, 7.1, 7.2, 7.3 or 8.0), SuSE version 7.3, Mandrake (versions 8.0, 8.1, 8.2 or 9.0) o Debian 2.1. "

Once you have checked that these requirements are met, follow the steps below:

" From this Panda Software page, download the file pavcl_linux_i386 (in .rpm or .tgz format) and copy it to a directory. Once the file has been copied, the antivirus installation process can begin.

• If Red Hat Package Manager (rpm) is installed –which is usually the case in Red Hat, Mandrake, SuSE, etc.- download the file .rpm. In order to install the antivirus correctly, type the following command in the command line:

     rpm –i pavcl_linux_i386.rpm

• If you are not in the directory in which the file was copied, specify the path in the following way:

     rpm –i [/path]/ pavcl_linux_i386.rpm
   

• If Red Hat Package Manager (rpm) is not installed -for example in Debian-, use the .tgz file. In this case follow the steps below:

         o Copy the pavcl_linux_i386.tgz file to the root / directory.
         o Decompress the file using the following command:
           gzip –d pavcl_linux_i386.tgz
         o The file pavcl_linux_i386.tar is created.
         o In order to install the antivirus, type:
           tar –xvf pavcl_linux_i386.tar

• Installation could take anywhere between 5 minutes to 1 hour, please allow time for correct installation to occur.

• When installation is complete, the required directory structure is created. "

'''''''Highlight this page to watch it turn blue!''''''''