Locking Down Ubuntu - Getting ready

Security is an important issue in computing. Unfortunately, many computers allow a cracker to gain access to them and retrieve sensitive information, or just make life hard. This article will review the basics in general security and explain how to apply it to two Linux distributions--Ubuntu and Kubuntu.

Preliminaries

This article assumes that you know how to install programs on either Ubuntu or Kubuntu. It also assumes that you have some knowledge of basic computer networking principles. If you do not know how to install programs on Ubuntu, go to https://help.ubuntu.com/community/InstallingSoftware. If you do not know much about networking, go to http://www.faqs.org/docs/linux_network/x-087-2-intro.html. This article also assumes that you are using Ubuntu or Kubuntu 6.06(Dapper Drake), but the Firewall section can be adapted for any recent Linux distribution.

Downloading Security Updates

A program is only secure if it has no vulnerabilities. Even the most popular software can have a hidden one. When someone fixes the vulnerability,a new version of the program is usually released. Both Ubuntu and Kubuntu have software repositories dedicated to security updates.When a vulnerability is fixed, a package of the program is released so that you can download it. Ubuntu and Kubuntu usually enable some of their security update repositories by default, but it is always a good idea to check to see if all of them are enabled. You may also want to specify how often you want your computer to look for security updates--and even install them--while you're at it (for Ubuntu 6.06only).

If you are using Ubuntu, click on System -- Administration --Software Properties and click on the Installation Mediatab. Now scroll down until you see a repository with the wordSecurity in it. Make sure that it is checked. If it is not,click on the check box to enable it.

On Kubuntu, click on Kmenu -- System -- Adept (PackageManager). Enter your password and then click on Adept and then on Manage Repositories. Find a line that contains the words deb http://security.ubuntu.com/ubuntu. Those are security repositories. If it is grayed out, right click on the entry,select Enable, and click Apply. It is important to enable every grayed-out security repository that you can find.

Now you can configure how often you want your computer to check for new updates. With Ubuntu, click on System -- Administration --Software Properties and click on the Internet Updates tab.Check the box that is marked Check for updates automaticallyand from the drop down menu select how often you want your computer to look for updates. You can even configure Ubuntu to automatically download updates and install security updates. When there are new updates available, Ubuntu will alert you by starting Update-Manager.The Update-Manager's notification icon will appear in the system tray. Click on it to install new updates.

Kubuntu uses a program called adept_updater which appears in your system tray when new updates are available. You can click on the iconto install new updates. As of this writing, you can not configureadept_updater to install security updates automatically.

Securing the /home directories

There may be times when you want to protect your data from malicious users, but you don't want the hassle of encrypting that data. As long as no one else on your computer can log in as root, (the super administrator account) your data will be hidden from other users' eyes. To make your data safer, go to Applications -- Accessories --Terminal (on Ubuntu) or Kmenu -- System -- Konsole (onKubuntu) and type: chmod 0700 /home/your-user-name (where your-user-name is the name you use to login to your computer). You can also use this command for individual files and folders if you want to keep other users fromviewing any of your files. (For more information on securing your home directory, go to https://wiki.ubuntu.com/SecureHome).