What should I do on a fresh install of an Ubuntu based OS, especially security wise?
It's a relatively fresh install. I installed Bodhi Linux 5.1 five days ago. So far I've enabled ufw (Uncomplicated Firewall), applied updates, created a standard user, and installed a rootkit scanner.
What is there left to do to secure my system? I'm considering installing ClamAV but that would be a whole other question. |
I presume you are asking about a desktop and not a server or router? If so, I'd look very closely at using AppArmor and make sure all your main desktop programs have proper profiles, not the lame, virtually non-functional ones that come out of the box.
Packet filtering in that context is rather futile and the AV scanning is rather like closing the barn door after the horse has gotten out. |
Also, see Security in Ubuntu Community Help Wiki.
|
Yes, I'm talking about the desktop. I used to always see AppArmor messages when I ran mainline Ubuntu (and Lubuntu too, I think.)
That site looks helpful. I don't know if I've ever been to https://help.ubuntu.com/community/Security |
Moderator Response
Moved: This thread is more suitable in <Bodhi> and has been moved accordingly to help your thread/question get the exposure it deserves.
|
You might find this article interesting, that I've written about security in Linux Mint and other Ubuntu derivatives:
https://easylinuxtipsproject.blogspo.../security.html |
ExpressVPN has a great linux app. I use that on my system. I think VPNs are a vital thing anyone with the net should use nowadays. Just make sure there is a zero log VPN like Nord or something. ExpressVPN has some logs to troubleshoot the network but claim they have no ips or user accounts linked to them. Nord I think is log free.
I also use an app called Cryptomator. It is a Vault/Crypt app that allows you to on the fly encrypt the contents of directories, by mounting the dir as a drive. You work on the drive as normal with your files, and it encrypts it into a vault dir on your hdrive. It seems to work very well I have been using it for a long time on windows. It is also very cool as it encrypts per file. This means that it works very well with cloud storage. So if your vault is on your sync dir it will mirror to the cloud but be all encrypted so the files are never pushed when not encrypted. I used to hate the idea of cloud, but like a lot of people... it is just so darn convenient!!! kek |
Quote:
|
following the links in one article leads to Kiezel-articles-inception that can give a body reading for days. lots of stored and shared (and greatly appreciated) linux wisdom to be found there.
|
Quote:
https://gitlab.com/apparmor/apparmor...ing_with_tools https://gitlab.com/apparmor/apparmor...filing_by_hand It would take a lot of trial and error, but you can quickly figure out the flow and which narrow set of directories each desktop application should be allowed access to. Some applications may have a profile already, but they are usually ridiculously loose. |
Is gitlab the official site for AppArmor documentation? Sorry, I'm just a little paranoid sometimes. I also don't know the official homepage for AppArmor either. It's AppArmor .net not apparmor .com right?
|
Since I started using Linux all I need is a firewall now...
|
Hi Turbocapitalist and everyone else. I'm still looking into ClamAV and one plan I have is to just install AppArmor and deal with the apps that AppArmor sends me messages about. I had no idea what I was supposed to do about those messages when I used to run Lubuntu 12.04 and Ubuntu 12.04. I thouht I was dealing with bugs in those versions of Ubuntu.
|
apparmor appears to be installed on my two systems running bodhi 5.1:
Quote:
|
Firejail is a Linux security SUID program that drastically reduces the risk of security breaches by sandboxing the running environment of untrusted applications.
sudo apt-get install firejail -y |
All times are GMT -5. The time now is 11:17 PM. |