Language Selection

English French German Italian Portuguese Spanish

Securing your Ubuntu box, don’t worry it’s easy!

Filed under
Ubuntu

Linux is generally regarded as secure:

But as preachy as Ubuntu gets about not using a root terminal, you’d think that they must ship this really secure operating system, right?

Well….yes and no.

They actually have a pretty good security framework, the bad news is that most of it is turned off by default, meaning that an Ubuntu box would be a relatively easy target for a malicious hacker should a security hole be found and exploited, I know that this hasn’t normally been an issue on Linux, but the idea of exposing a system without even a basic firewall or application security policy to the open internet is still a really bad one, so I implore you to spend 5 minutes of your time locking things down, and be assured that this will not likely affect performance or inconvenience you in any way.

The different approaches to security by Ubuntu and Fedora:

Fedora ships with SELinux with a Targeted policy, in a nutshell, the Targeted policy was a compromise between securing the whole system and not securing anything, it’s designed to protect the most likely services to be abused by a hacker, you can also deploy the Strict policy by downloading it and applying it in the SELinux configuration program, but this has about a 6-7% overhead and it really is overkill and will likely pretty much destroy your day to day operations on the system if used.

More Here




More in Tux Machines

Development News: LLVM, New Releases, and GCC

PulseAudio 10 and Virtual GPU in Linux

  • PulseAudio 10 Coming Soon, Using Memfd Shared Memory By Default
    It's been a half year since the debut of PulseAudio 9.0 while the release of PulseAudio 10 is coming soon. PulseAudio 9.99.1 development release was tagged earlier this month, then usually after x.99.2 marks the official release, so it won't be much longer now before seeing PulseAudio 10.0 begin to appear in Linux distributions.
  • Experimenting With Virtual GPU Support On Linux 4.10 + Libvirt
    With the Linux 4.10 kernel having initial but limited Intel Graphics Virtualization Tech support, you can begin playing with the experimental virtual GPU support using the upstream kernel and libvirt.

Licensing FUD and Licensing Advice

  • On the Law and Your Open Source License [Ed: Black Duck is just a parasite selling proprietary software by bashing FOSS]
    "Looking back five or ten years, companies managing open source risk were squarely focused on license risk associated with complying with open source licenses," notes a report from Black Duck Software. Fast-forward to today, and the rules and processes surrounding open source licensing are more complex than ever.
  • Explaining the source code requirement in AGPLv3
    This condition was intended to apply mainly to what would now be considered SaaS deployments, although the reach of "interacting remotely through a computer network" should perhaps be read to cover situations going beyond conventional SaaS. The objective was to close a perceived loophole in the ordinary GPL in environments where users make use of functionality provided as a web service, but no distribution of the code providing the functionality occurs. Hence, Section 13 provides an additional source code disclosure requirement beyond the object code distribution triggered requirement contained in GPLv2 Section 3 and GPLv3 and AGPLv3 Section 6.

KDE Support For Flatpak Portals Progressing

While GNOME / Red Hat developers have been leading the Flatpak app sandboxing initiative, KDE developers are making progress too with embracing Flatpak as a more convenient and secure way of securely packaging Linux desktop apps. The latest on the KDE + Flatpak front is that Jan Grulich has been getting a KDE implementation of Flatpak's "Portals" working. Portals are the APIs offered to the sanboxed apps for essentially escaping the sandbox for certain operations. Read more Original: KDE Flatpak portals introduction