digg

Facebook Connect Join Digg About
See the original image at itsecurity.com

The Big Ol' Ubuntu Security Resource

itsecurity.com Although Ubuntu is billed as an ultra-secure OS, you should know that even Ubuntu's default install has its flaws, like every other operating system. To combat these weaknesses, ITSecurity.com has prepared a in-depth guide to help you close your system's backdoor's and protect you from some of the common Ubuntu exploits.

Who dugg this? Made popular Dec 3, 2008

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

38 Comments

show profanity settings
expand all
  • Rolcol, on 12/03/2008, -2/+33I thought Digg was smart enough to distinguish between advertisement and story pictures for the thumbnail.
  • trogdoor, on 12/04/2008, -0/+23Step 1 to keeping a more stable and secure linux system:

    Don't follow instructions that you don't understand and that don't explain precisely what the commands do, how to reverse them, and their possible drawbacks ( of which there are many from this guide )

    There is a reason many of these things are not done by default.
  • ethana2, on 12/04/2008, -0/+14https://help.ubuntu.com/community/StricterDefaults ...
    If they were flaws, they would be fixed.

    "Be warned that these recommendations are NOT always A GOOD IDEA, as they can cause usability trade-offs that the Ubuntu Security Team has traditionally not agreed with." (emphasis mine)
  • JakeW, on 12/03/2008, -3/+14Just don't log into Linux as root, and give yourself permissions for things that you need to do. That's one of the easiest things you can do, and is often looked past.
  • Hydrogen, on 12/04/2008, -1/+10I stopped reading when the article suggested disabling root login for ssh.

    The root account is locked on ubuntu, disabling root login isn't going to make it any safer....
  • bradleyland, on 12/04/2008, -0/+9I think some people just pick the stupidest possible image in an effort to annoy the rest of us.
  • AbsorbsQuickly, on 12/04/2008, -0/+8sshd isn't even installed by default. This guide is crap, and this type of "useful guide" does nothing but flood the community with crap that drowns out useful documentation.
  • daveisfera, on 12/04/2008, -0/+8It would be nice if it explained what each of those things was actually doing/changing instead of just saying to blindly change this or edit that.
  • fiver22, on 12/04/2008, -1/+7Just say NO to root
  • Hydrogen, on 12/04/2008, -0/+6The point is--there is no root password on the default install. The account is locked. You will be just as successful connecting with RootLogin enabled as you will be with it disabled.
  • naszaklasa, on 12/04/2008, -0/+6 tmpfs /dev/shm tmpfs defaults,ro 0 0

    - What does it do?
  • ethana2, on 12/04/2008, -2/+7Yeah, what about Kubuntu, Ubuntu Studio, and Linux Mint? Exclusivist jerks.
  • raibman, on 12/04/2008, -0/+4There is a reason many of these things are not done by default. ..
    ah.. that stuck me
  • rlbond86, on 12/04/2008, -0/+4I'm pretty sure you can't have passwordless sudo and still call yourself ultra-secure.
  • whiteguysamurai, on 12/04/2008, -0/+4Didn't i read something about masturbating monkeys?
    The default security is more than enough for most people, unless you are running an apache server for someone, or yourself, there is no reason to do this.
  • rlbond86, on 12/04/2008, -0/+3sudo rm -rf /
  • Balla79, on 12/04/2008, -0/+3And Ubuntu doesn't use root by default, but sudo. So there is no point in disabling root login, unless you enable the root account.
  • zzzpoohzzz, on 12/04/2008, -5/+8omg linux isn't 100% secure? i can't do whatever i want however i want and not worry about viruses?

    /s
  • aethralis, on 12/04/2008, -0/+3By default, /dev/shm is mounted read/write, with permission to execute programs. In recent years, many security mailing lists have noted many exploits where /dev/shm is used in an attack against a running service, such as httpd. Most of these exploits, however, rely on an insecure web application rather than a vulnerability in Apache or Ubuntu. There are a few reasons for it to be mounted read/write in specific configurations, such as real-time configuration of a Synaptics touchpad for laptops, but for servers and desktop installations there is no benefit to mounting /dev/shm read/write.

    https://help.ubuntu.com/community/StricterDefaults
  • tech10171968, on 12/04/2008, -0/+3Do people really overlook that? I find that rather sad: for most linux users I know, that fact is one of the FIRST things you learn about using linux.
  • RaulMuadDib, on 12/04/2008, -0/+2"But although Ubuntu is billed as the ultra-secure solution, you should know that even though Ubuntu's default install has its flaws, like every other operating system."

    Read this again though, like every other article.
  • SEJeff, on 12/04/2008, -0/+2Single user mode drops you to a root shell using a command called "sulogin".
  • thinman1189, on 12/04/2008, -3/+5Overkill, but still important.
  • SEJeff, on 12/04/2008, -0/+2""". There are a few reasons for it to be mounted read/write in specific configurations, such as real-time configuration of a Synaptics touchpad for laptops, but for servers and desktop installations there is no benefit to mounting /dev/shm read/write."""

    Unless you know what you are doing. For instance, nagios writes to a status file CONSTANTLY and it actually slows the entire thing down. We symlink that status file (which is stateless anyways) on a tmpfs under /dev/shm to speed up all of nagios. Another good example would be we have a monitoring tool that renders small png graphs to disk on the fly and then removes them after a bit. Putting those on a tmpfs for a heavily used server with gobs of ram is the difference between 20 seconds and about 3 for page rendering.

    While true in most scenarios, your statement I quoted was misinformed at best.
  • Frayed_Knot, on 12/04/2008, -0/+2I don't believe Ubuntu is "billed as an ultra-secure OS". Sure, it's more secure than most, particularly mainstream operating systems, but if you want "ultra-secure" there are better distributions.
  • inactive, on 12/04/2008, -0/+2No root login at boot?

    So how do you fix grub or reset a user account?
  • Peterix, on 12/04/2008, -0/+2Doesn't work. Try again.
  • SEJeff, on 12/04/2008, -0/+2Here is a pretty simple but good script I wrote for super basic ubuntu hardening:
    http://www.digitalprognosis.com/opensource/scripts ...
  • inactive, on 12/04/2008, -0/+2What you talking about Willis?
  • naszaklasa, on 12/04/2008, -0/+2Try connecting through SSH from another computer as root with root's password while the setting is on and off ;=)
  • peterms, on 12/04/2008, -0/+1Other than the live-cd, I'm not aware of Ubuntu having "passwordless sudo".
  • Darkspam004, on 12/04/2008, -1/+2Awesome
  • pelousegazon, on 01/28/2009, -0/+0gazon artificiel http://resigrass.com/pelouse-synthetique.htm?a=pel ... pelouse rtificielle
  • Whackly, on 12/04/2008, -2/+2pwn2own would seem to disagree. also.. lol
  • hafniOum, on 12/04/2008, -3/+2Lots of useful tools there! Thanks!
  • craftyguy, on 12/03/2008, -6/+4s/ubuntu/DAMN NEAR ANY DISTRO/;
  • Vadi0, on 12/04/2008, -4/+2So basically, can we get an example here of a default Ubuntu install hacked?

    As far as I remember, a default Ubuntu on the security hackfest on Apple vs Windows vs Linux.
  • inactive, on 12/04/2008, -7/+2What the hell is this kid talking about? Linux is the most stable, virus-proof, unhackable OS EVER!!!1

    btw whats a command line do?

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.