LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 12-14-2015, 03:46 PM   #1
akiras rain
Member
 
Registered: Dec 2015
Location: philadelphia usa
Distribution: peppermint.lubuntu,puppy
Posts: 38

Rep: Reputation: Disabled
anyone have a guide to hardening lubuntu/Ubuntu 15 desktop OS for newbies. see specific below


i would like a guide for newbies on securing Ubuntu 15 desktop OS. for instance i have installed GUI ufw and turned it ON and created a few rules mainly rejecting all ssh requests "AS I DON"T REMOTE IN OR NEED TO" but what about all those users built into the OS? which users should i disable.

most importantly i want to know how when i am signed in as my administrator account " the one i created when i installed Ubuntu" to run all my internet apps a NON_ADMIN like Firefox,chrome and so on. in puppy they let u run all the browsers in non-admin mode.....?? and that should be more secure right?
 
Old 12-14-2015, 04:08 PM   #2
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 17,916

Rep: Reputation: 3689Reputation: 3689Reputation: 3689Reputation: 3689Reputation: 3689Reputation: 3689Reputation: 3689Reputation: 3689Reputation: 3689Reputation: 3689Reputation: 3689
Quote:
Originally Posted by akiras rain View Post
i would like a guide for newbies on securing Ubuntu 15 desktop OS. for instance i have installed GUI ufw and turned it ON and created a few rules mainly rejecting all ssh requests "AS I DON"T REMOTE IN OR NEED TO" but what about all those users built into the OS? which users should i disable.
Read the "Question Guidelines" link in my posting signature. There are THOUSANDS of guides that are easily found about hardening Ubuntu. The first three hits in Google for "how to harden ubuntu 15" are:
http://askubuntu.com/questions/57955...desktop-system
http://blog.mattbrock.co.uk/hardenin...-server-14-04/
http://www.datamation.com/open-sourc...-security.html

...with many more. You should disable NONE of the system-related users, since that causes a good number of problems, unless you know EXACTLY what you're doing, and how to re-configure various services to use different accounts for startup.
Quote:
most importantly i want to know how when i am signed in as my administrator account " the one i created when i installed Ubuntu" to run all my internet apps a NON_ADMIN like Firefox,chrome and so on. in puppy they let u run all the browsers in non-admin mode.....?? and that should be more secure right?
Simple..DO NOT LOG IN as administrator, EVER. Log in as a 'regular' user, all the time.
 
Old 12-14-2015, 04:36 PM   #3
michaelk
Moderator
 
Registered: Aug 2002
Posts: 14,929

Rep: Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520Reputation: 1520
By default Ubuntu based distributions have the root account aka administrator locked. The user you created when you installed the operating system has sudo privileges but is not root.

https://help.ubuntu.com/community/RootSudo

With puppy you run as root by default.

Last edited by michaelk; 12-14-2015 at 04:42 PM.
 
Old 12-14-2015, 05:31 PM   #4
akiras rain
Member
 
Registered: Dec 2015
Location: philadelphia usa
Distribution: peppermint.lubuntu,puppy
Posts: 38

Original Poster
Rep: Reputation: Disabled
hmmm this is akiras rain again

this is my first time using this forum is this the waY to reply to comments people have wrote for my question?


OK so specific question then. IF I LOGIN TO LUNBUNTU 15 AS THE USER I CREATED WHEN I INSTALLED LUNBUNTU 15 THEN WHEN I USE MY WEB BROWSERS
I AM NOT OPENING MYSELF UP TO EASIER ATTACK BECAUSE THIS IS NO THE ROOT user and i only have sudo privileges??


CORRECT THEN?
 
Old 12-14-2015, 06:27 PM   #5
berndbausch
Senior Member
 
Registered: Nov 2013
Location: Tokyo
Distribution: Redhat/Centos, Ubuntu, Raspbian, Fedora
Posts: 1,687

Rep: Reputation: 353Reputation: 353Reputation: 353Reputation: 353
Quote:
Originally Posted by akiras rain View Post
this is my first time using this forum is this the waY to reply to comments people have wrote for my question?
Use the QUOTE button in the lower right corner of the post.

Quote:
Originally Posted by akiras rain View Post
OK so specific question then. IF I LOGIN TO LUNBUNTU 15 AS THE USER I CREATED WHEN I INSTALLED LUNBUNTU 15 THEN WHEN I USE MY WEB BROWSERS
I AM NOT OPENING MYSELF UP TO EASIER ATTACK BECAUSE THIS IS NO THE ROOT user and i only have sudo privileges??
You lower the risk of attacks, as any cracker taking over your browser or other running program would only get normal user privileges. For system management activities that require root privileges, you use the command line and sudo, or you have a GUI that temporarily upgrades you to root.
 
Old 12-14-2015, 07:04 PM   #6
akiras rain
Member
 
Registered: Dec 2015
Location: philadelphia usa
Distribution: peppermint.lubuntu,puppy
Posts: 38

Original Poster
Rep: Reputation: Disabled
ok is there anyway to improve my defenses while i am browsing the web with firefox and chrome?

so like can i somehow run firefox with even less power than a normal user?




Quote:
Originally Posted by berndbausch View Post
Use the QUOTE button in the lower right corner of the post.


You lower the risk of attacks, as any cracker taking over your browser or other running program would only get normal user privileges. For system management activities that require root privileges, you use the command line and sudo, or you have a GUI that temporarily upgrades you to root.
 
Old 12-15-2015, 07:17 AM   #7
Germany_chris
Senior Member
 
Registered: Jun 2011
Location: Stuttgart, Germany
Distribution: Arch
Posts: 1,021

Rep: Reputation: 479Reputation: 479Reputation: 479Reputation: 479Reputation: 479
firejail

http://packages.ubuntu.com/source/wily/firejail
 
1 members found this post helpful.
Old 12-15-2015, 09:05 AM   #8
Habitual
LQ Addict
 
Registered: Jan 2011
Location: Youngstown, Ohio
Distribution: LM17.1/Xfce4.11.8
Posts: 7,158
Blog Entries: 10

Rep: Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968
There is no Security without Physical Security.
Do not use a desktop as root.
firejail, is an excellent suggestion.

/etc/ssh/sshd_config:
Code:
PermitRootLogin no
PasswordAuthentication no
Buy a good router. Lock that down.
Practice safe hex.
 
Old 12-21-2015, 10:43 AM   #9
akiras rain
Member
 
Registered: Dec 2015
Location: philadelphia usa
Distribution: peppermint.lubuntu,puppy
Posts: 38

Original Poster
Rep: Reputation: Disabled
general data on my linux pc

that sandboxing program sounds GREAT will be trying that today! in LUNBUNTU

specs
self built computer

gtx 570
quad core 2.4ghz intel w-hyperthreading
8 gig 1600mhz ram
have 3 spinning hardrives

OS currently running are

1. lunbuntu 15 64bit
2. peppermint 6
3. puppy 6.0


of course i am only running 1 os at a time and
LUNBUNTU is my primary OS



anyone have a familiarity with XBUNTU???
 
Old 12-21-2015, 07:45 PM   #10
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.8, Centos 5.10
Posts: 17,240

Rep: Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324
There are various add-ons for FF that can help; I always start with NoScript & Https-Everywhere (NB you have to get the latter direct from eff.org, not via the FF built-in add-ons tool)

You could also enable the root acct with a different passwd and take yourself out of the sudoers file.
This means that even if someone gets into your std acct, they can't just 'sudo xxx' - they would actually have to also guess the root passwd.
 
Old 12-21-2015, 08:55 PM   #11
akiras rain
Member
 
Registered: Dec 2015
Location: philadelphia usa
Distribution: peppermint.lubuntu,puppy
Posts: 38

Original Poster
Rep: Reputation: Disabled
root account change then.

got firefox addons covered. ok so how do i enable and give root a different password and how do take an account out of the sudoers file??






Quote:
Originally Posted by chrism01 View Post
There are various add-ons for FF that can help; I always start with NoScript & Https-Everywhere (NB you have to get the latter direct from eff.org, not via the FF built-in add-ons tool)

You could also enable the root acct with a different passwd and take yourself out of the sudoers file.
This means that even if someone gets into your std acct, they can't just 'sudo xxx' - they would actually have to also guess the root passwd.
 
Old 12-22-2015, 12:07 AM   #12
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.8, Centos 5.10
Posts: 17,240

Rep: Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324
You might want to check this, but
Code:
# This should get you into root acct
sudo su -   # give your passwd if asked

# check with 
pwd
cd /root  # root user's home dir; NB NOT /home/root...
If that's ok,
Code:
passwd       # should ask for a new passwd (for root) & repeat for confirmation

# then open another terminal as your non-priv self and try
su -

# give new root passwd when prompted. You should end up in /root.
# Also run
id

# o/p
uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

# NB: last bit is SELinux -  you may or may not get that

# If ok, try
visudo
# and comment out any ref to your normal user using '#'
HTH

Ideally check with Ubuntu user, but that above should work.
(You do have a backup or no serious data right ??? )
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Looking for Ubuntu specific hardening guidelines Susie not Suse Linux - Security 4 07-20-2015 06:37 AM
ubuntu-desktop vs. kubuntu-desktop vs. xubuntu-desktop vs. lubuntu-desktop vs. unity Kenny_Strawn Ubuntu 18 05-13-2011 10:20 AM
[SOLVED] Where can I find a newbies guide to XFCE or is XFCE not for newbies? Robert.Thompson Slackware 5 03-07-2011 11:27 AM
LXer: Master's Student: A Quick and Dirty Guide To Kernel Hardening with GrSecurity LXer Syndicated Linux News 0 12-21-2007 02:51 AM
Slackware hardening guide tangle Slackware 4 03-14-2005 10:47 PM


All times are GMT -5. The time now is 06:18 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration