Ubuntu security

So I've got ubuntu installed a SSD and I'm wondering how do I configure it properly security wise? How to configure the firewall, apparmor etc

I'm a newbie so be kind and can you list the terminal commands please!

 

I wouldn't bother with a firewall. All of your ports are closed by default.

Here's a guide for apparmor that I wrote:
https://insanitybit.wordpress.com/2012/05/29/apparmor-how-to/

 

Thanks that's a bit more clear than most guides.

Anything else I should have to worry about besides AppArmor?

 

just you need guwf (gui for ubuntu firewall)

2nd apparmor if paranoid mode

3rd antivirus no needed in linux but if you want to scan your drives .....etc

http://forums.linuxmint.com/viewtopic.php?f=42&t=50807

same with ubuntu (as mint base on ubuntu)

 

firestarter is a very good alternative to GUFW.

 

Neither is normally needed, IMO, because all ports are closed by default as Hungry already mentioned. And even if you're sceptical about this, simply executing

sudo ufw enable
sudo ufw default deny

should be sufficient.

 

that's not what Steve Gibson Shield's Up website said about my machine.

i had to install firestarter or gufw to pass the tests.

i'd rather use a GUI whenever possible instead of trying to remember a whole bunch of commands.
i have problems remembering what i had for supper the day before.

 

What exactly did it say? And are you behind a router?

EDIT: BTW - I passed the test ...

 

i just turned off the firewall for the test.
i don't have a router.

here's what i get:

- Solicited TCP Packets: RECEIVED (FAILED)
- Unsolicited Packets: PASSED
- Ping Reply: RECEIVED (FAILED)
- Port 22, service: SSH * Port Open * (all the other ports are closed except 1 that's stealthed)

with firestarter at default i pass everything the except the Ping Reply test.

to also pass the Ping Reply test you have to go into Firestarter, edit the Preferences/Firewall/ICMP Filtering and enable ICMP.

 

Yes I think it's nonsense recommending no firewall, to what, save you 2ms on data latency? It's not like uwf is resource intensive...

What happens if you install a program that opens ports? What happens if the user joins a hostile WiFi network? Yeah no firewall might be fine for YOU to manage, but recommending it to users really isn't a good idea.

 

I was under the impression that Firestarter is no longer being developed/maintained. That was quite some time ago.

 

it works pretty good it seems and easy to use for a newb like meself.

GUFW is also very easy to use but Firestarter has a little more options.

 

Do you have an openSSH server running?

For what it's worth,

sudo netstat -tulpen | grep -v '127.0.0.1' | grep -v '::1:'

shows:



This is as it should be. (dhclient is needed for DHCP , and regarding avahi-daemon see here.)

 

yes they have firestarter 2005 version please correct me i also wonder the same

this is intersting stuff

http://www.sitepoint.com/ubuntu-12-04-lts-precise-pangolin-building-a-firewall/

 

i don't even know what a SSH server is,so i doubt i have one running.

here's the output from my terminal:

Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 0 8573 883/sshd
tcp6 0 0 :::22 :::* LISTEN 0 8575 883/sshd
udp 0 0 0.0.0.0:68 0.0.0.0:* 0 8854 1339/dhclient
udp 0 0 0.0.0.0:5353 0.0.0.0:* 106 8079 935/avahi-daemon: r
udp 0 0 0.0.0.0:35742 0.0.0.0:* 106 8081 935/avahi-daemon: r
udp6 0 0 :::51793 :::* 106 8082 935/avahi-daemon: r
udp6 0 0 :::5353 :::* 106 8080 935/avahi-daemon: r

 

i did check into Synaptic for anything called SSH and indeed i have openssh-client and open-ssh server installed.


i have read the descriptions in Synaptic but i have no bloody idea what apps need those for.
those 2 do not break anything if you uninstall them but apparently there would be conflicts .
better leave it alone.
the system probably needs them for all i can tell...

Firestarter stealths all the ports anyway so i am happy with the situation.

 

I'm behind a router, I pass all except the ping reply, why is that? NVM, it was a setting in my router. It was set to low, instead of typical, now it passed.

 

Well, that's the answer. I don't know why it's installed on your system - it's definitely NOT installed by default. That's why Hungry's statement is correct. If a server is running on your system you usually have (an) open port(s).

EDIT: You might want to test if

sudo ufw enable
sudo ufw default deny

is sufficient in your case. Should be IMO.

 

Wow.

1. Please read the Ubuntu Basic Security Wiki for exactly that: basic security measures you can deploy on your desktop machine. IMO if you do everything in the wiki you will have a very strong desktop setup.

2. if you have sshd running on your system and you don't know what it is, then you should uninstall it. If you care to know, sshd is a protocol that allows you to access your computer from a remote computer. Ubuntu comes with ssh installed by default, which means you could ssh to any machine that you have credentials on. There's no reason to remove ssh. Ubuntu does NOT come with sshd by default. sshd will allow other machines to ssh into your computer. You should remove sshd.

Find out if you really have sshd installed by opening a terminal (ctrl + alt + t) and typing

Code:

dpkg -l | grep sshd

If you do then type in the terminal

Code:

sudo apt-get remove --purge <type the name of the sshd program you see>

3. Firestarter has not been actively developed since 2005 or so. There's no good reason to use it. I promise that GUFW can do everything Firestarter can do if you just read the UFW / GUFW documentation.

4. I fundamentally disagree with Hungry Man on the need for a firewall. It's a simple layer of defense that is easily deployed by someone without major technical knowledge. A firewall is part of a good layered approach to security. Here's a discussion on why you should use a firewall in Ubuntu. At some point I will prove by demonstration to Hungry Man that a targeted attack could have been prevented by a simple firewall (which he refuses to run).

 

I run an inbound firewall lol but I don't even know why. The only ports that ever get opened are for dhclient and dnscrypt-proxy.

If an exploited application wants outbound they'll get it no matter what I do with IPFilters (outside of some weird stuff). If they exploited a program they already have inbound access.

So I must be missing something/ not understanding what it's really doing.

 

i use mint KDE. maybe it comes included in this distro?
----
from BrandiCandi:

i use mint KDE but i will read that page after i am finished with this post. Tnx!

i just checked with the instructions you provided and no, SSHD is not installed.

i will be installing GUFW then.

cool! i will give this a look as well.

tnx for the tips everyone.
it is well appreciated!

 

GUFW fails the Ping Reply test.

does it really matters that Firestarter has not been updated since 2005?
at least, it can pass all the tests at Shield's Up.

unlike GUFW

 

Ping reply doesn't mean anything. Assuming that's about 'stealthing' ports it's irrelevant.

 

i had read previously on the web that it is not that important (Ping Reply).

thanks for confirming it!

 

tlu.
i have disabled GUFW and tried your commands.
i wrote them down to a text file do i don't forget.
matter of fact i'm starting to collect a few commands.

this seems to work pretty good as i get the same results on Shield's Up as when using GUFW.

no sense having Firestarter or GUFW installed if this does the job.
small is beautiful and all that!

tnx for the help tlu!