Thursday, 7 June 2012

Choosing And Securing Linux

Many people install one of the Linux distributions thinking that because it is not Windows, and it is Linux, they are secure from everything. This is completely false; and when they spread these rumors it leaves others in a 'sticky situation'.

So, is Linux more secure than Windows? No. Not on a default install. When installed Linux has a few things that are not necessarily secure.

Throughout this post when I refer to Linux I'll actually be referring to Ubuntu 12.04. Linux distributions are on the whole completely different for the major ones; and to cover them all would make this post an entire book.

You download Ubuntu from their official site. And that is the first thing you need to remember; getting it from somewhere else does not guarantee the ISO image you download is correct. You burn the CD/DVD and boot from it.

Now, you can go ahead and install it straight away if you want. But I, personally, always like to run a quick live session. A live session is where Ubuntu runs from the CD/DVD and makes no changes to your system. The main reason for doing this is that you get to check that the system is supported (things like video card, wifi, and the such). Then if everything works OK you can go ahead and install Ubuntu. If everything does not work OK check around the Internet; someone may have already had an issue and it has been resolved. The Ubuntu community forums have a mass of useful information. And if the issue has never been resolved a quick question on the Ubuntu forums usually gets things sorted. Also remember that a live session does run slower than when the operating system is installed; reading from CD/DVD is slower than reading from a hard drive.


Install Ubuntu. There are many ways Ubuntu can be installed - Overwrite any operating system that exists or alongside any installed operating system. Allow it to download all updates. While Ubuntu installs it will ask a series of questions:
  • Disk Partitioning
  • Time Zone
  • Root Password
  • Create A User
Disk Partitioning - Unless you know what you are doing let Ubuntu worry about this for you; and stick to "Use Entire Disk". WARNING: This will destroy all data already on your hard drive; so backup anything you want to keep before installing Ubuntu in this manner.

Time Zone - Just pick the time zone you are in; (Country/Area).

Root Password - This is similar to the Windows Administrator password. Make it as complex as you can remember. This, unlike the Windows Administrator password, is going to be something you will use a lot - especially in setting Ubuntu up.

Create A User - Create a user account for doing all the day-to-day stuff. You do not want to log in as Root all the time. Actually you should never log in as root for just using Ubuntu.

OK. So after about 30-60 minutes you will be ready to log in to your brand new install of Ubuntu 12.04. The time varies depending on Internet speed mainly. During the installation Ubuntu will download and utilize any updates that are available.

Now comes the fun of getting Ubuntu secure. First thing to do is turn off the "Guest" account. Not an ideal option to even have it enabled even when installing. But getting rid of it is pretty easy.

Open terminal (Ctrl+T) and execute following command:

sudo gedit /etc/lightdm/lightdm.conf

It will ask for the root password; this is because sudo basically means 'Do an action of a Super User'. Which is basically a one-shot Root access to a command without giving full Root access. Gedit (a simple editor) will open and you should see:


Go to the bottom and on a new line enter allow-guest=false. It should now look like this:


Save (Ctrl+S) the file. You won't notice anything different until you restart your system and log in again; then you'll notice the "Guest Session" is no longer an option.

Next is a firewall. And the easiest option is GUFW (GUI for Uncomplicated Firewall). This works with UFW to give an easy, graphical, way to configure a firewall. The graphical user interface is pretty much self explanatory; so we'll set it up via the terminal.

(Note: Using the terminal is not required, like the good old days of Linux, but it gives a better idea of how things run; rather than just clicking away.)

Open terminal (Ctrl+T) and execute following command:

sudo apt-get install gufw

Then we are going to deny a ton of ports you shouldn't need in a normal desktop setting:

sudo ufw deny 5353/udp
sudo ufw deny 5900/tcp
sudo ufw deny 22
sudo ufw deny 25/tcp
sudo ufw deny 135,139,445/tcp
sudo ufw deny 137,138/udp
sudo ufw deny 110
sudo ufw deny 2049
sudo ufw deny 143
sudo ufw deny 21/tcp

If you want to know what the various port numbers are for check the Wikipedia port listing.

Then finally, for the firewall at least, the last thing to do is turn the firewall on:

sudo ufw enable

Ubuntu will automatically load these settings from now on. If you use GUFW just turn it on, and deny everything in the incoming - and add rules for anything you come across in the future that you are 100% sure you need.

Antivirus. Yes there is a big myth that Linux doesn't need antivirus because it is so secure. But that is just a myth. In all honesty no system is 100% secure. So do you need one? Most likely not; but then again why the hell not. Better to be safe rather than sorry; after all Linux does get viruses/malware just not to the same extent as their Windows counterparts.

A free antivirus is included in the Ubuntu repositories, by default, and is called ClamAV; but for this example/tutorial we'll be using the free home version of Avast! Antivirus (which more users switching from Windows will recognize).

Open terminal (Ctrl+T) and execute following command:


Then once it is finished downloading the 27MB (approximately) file execute the following command:

sudo dpkg -i avast4workstation_1.3.0-2_i386.deb

Avast! is now installed. Go to the Ubuntu dash and type Avast; click on the blue Avast! icon then register (which is free) and configure. There are other antivirus packages available for Linux, specifically Ubuntu, and they include BitDefender and Avira. Some people have different preferences when it comes to antivirus software - the choice is yours.

This is merely an overview, and a starting point, for securing Ubuntu 12.04. There are many more things which can be done which are best learned as you go along so that you can get a better idea of how your system works.

No comments:

Post a Comment

Thank you for your comment. Please note that all comments are not moderated and as such are not the responsibility of this blog; or its author.