Mar

7

Are You Keeping Your Ubuntu Linux PC Secure?

March 7, 2008 | By: UbuntuLinuxHelp | 2 Comments
Posted in Applications, How to..., Installation

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...

Lately, there's been a bit of discussion here about Ubuntu (and Linux as a whole) security. Suffice it to say, some of the input from readers about Linux virus issues has been very informative. (You can read the post and the comments here: Does Ubuntu Linux Really Need Antivirus Software?). Some of my "Windows Weenies" friends (you know who you are) ;) :) Keep telling me that Ubuntu simply is not as safe as Windows. Personally, I think that is a bunch of horse poo... But, I hope I'm not that smug to think I don't have to worry at all. :) Well, I don't. Hee hee hee. Yet, I do appreciate there are things we can do to further enhance our systems.

However, one aspect I think I neglected to expand on (in that antivirus post) are issues relating to kernel and other exploits. Don't get me wrong, I'm not suggesting that Linux is buggy, rather that sometimes there may be a delay from release to any patches being available. And in my opinion, Linux is far superior in this aspect, when comparing it to my Windows experiences. ;) While I don't think we all need to rush and download the following free packages, I think it's important that Ubuntu... actually any Linux user... be aware of some of the great resources we can use to protect our kernels as well as other aspects of our Linux based PC's. As a matter of opinion, one package in particular is great for a protecting a Linux based PC with multiple users - grsecurity!

grsecurity is "multi-layered detection, prevention, and containment model" that has some great features such as:

Security alerts and audits that contain the IP address of the person causing the alert.
A restriction that allows a user to only view his/her processes.
Prevention of arbitrary code execution, regardless of the technique used.
And quite a few other features...

You can read more about that at the following URL and download a copy to play with: http://www.grsecurity.net/

I am by no means a security expert! But, these are some of the resources I've bumped into over time (or has been suggested)

Another, "chkrootkit" is a tool to locally check for signs of rootkits. What's a rootkit?

"A rootkit is a program (or combination of several programs) designed to take fundamental control (in Unix terms "root" access, in Windows terms "Administrator" access) of a computer system, without authorization by the system's owners and legitimate managers. Access to the hardware (ie, the reset switch) is rarely required as a rootkit is intended to seize control of the operating system running on the hardware. Typically, rootkits act to obscure their presence on the system through subversion or evasion of standard operating system security mechanisms." Read the rest of this Wikipedia entry here: http://en.wikipedia.org/wiki/Rootkit

chkrootkit is a series of scripts that aid in protecting your system. You can read more and download copies here: http://www.chkrootkit.org/

I remember when I was still using Windows, I used a firewall named ZoneAlarm, which I thought was pretty good as it did a great job. I thing a comparable firewall system might be Firestarter. I posted about this gem last summer: The Best 10 Minute, Effective Desktop Firewall Installation for Ubuntu Linux

"Firestarter is an Open Source visual firewall program. The software aims to combine ease of use with powerful features, therefore serving both Linux desktop users and system administrators." The site has downloadable copies and more information here: http://www.fs-security.com/

After some Googling, I was also able to track down some of the "Unsafe" Ubuntu default settings we should look at. Namely:

Shared Memory
"By default, /dev/shm is mounted read/write, with permission to execute programs. In recent years, many security mailing lists have noted many exploits where /dev/shm is used in an attack against a running service."

SSH Default Settings
"While the SSH daemon is secure enough for most people, some may wish to further enhance their security by changing certain sshd settings."

"su" Program Available to Non-Admin Users
"This is not necessarily a problem alone, but if there are accounts with weak passwords on the system a malicious non-admin user (or malicious software they are using) might use su to gain access to such accounts."

How do we fix these three issues? Simply visit the source post at Ubuntu and follow along (it's very easy to do): https://help.ubuntu.com/community/UnsafeDefaults

Finally, the Automatic Security Update post (also on Ubuntu), leaves me a little confused. I thought security updates were already included in Ubuntu's "automatic updates"? However, here is the step-by-step "tutorial that will teach you to create a script and a cron job to go out and automatically install security updates without requiring you to do anything.": https://help.ubuntu.com/community/AutomaticSecurityUpdates?highlight=%28security%29

As always, I look forward to any comments you can provide. I hope the above post helps! :)

If you like this post, why not share it?
  • StumbleUpon
  • del.icio.us
  • Digg
  • Google Bookmarks
  • Reddit
  • Mixx
  • Yahoo! Bookmarks
  • blogmarks
  • Twitter

Related posts:

  1. The Best 10 Minute, Effective Desktop Firewall Installation for Ubuntu Linux
  2. Creating an Opensource Network Gateway in Linux Ubuntu – Part 1
  3. Make Windows XP Looks Like Ubuntu!?
  4. Some Things Linux Can Do, That Windows Won’t.
  5. Easy PDF Creation in Ubuntu Linux.


Comments

2 Comments so far

  1. Vadim P. Vadim P. on March 7, 2008 11:24 pm

    I’ll just let AppArmour and the iptables do their thing…

  2. UbuntuLinuxHelp UbuntuLinuxHelp on March 8, 2008 8:05 am

    …and I see there are some utilities for AppArmour here: http://packages.ubuntu.com/fei.....rmor-utils

    Check this out! It looks like AppArmour is preinstalled with Hardy??: http://www.fsdaily.com/EndUser.....mment-2507
    That comment was referring to an original post here: http://www.techthrob.com/tech/.....alpha4.php

Name (required)

Email (required)

Website

Speak your mind