Language Selection

English French German Italian Portuguese Spanish

Tips on keeping your Ubuntu Linux server secure

Filed under
Ubuntu

As a system administrator, one of your chief tasks is dealing with server security. If your server is connected to the Internet, for security purposes, it's in a war zone. If it's only an internal server, you still need to deal with (accidentally) malicious users, disgruntled employees and the guy in accounting who really wants to read the boss's secretary's e-mail.

In general, Ubuntu Server is a very secure platform. The Ubuntu Security Team, the team that produces all official security updates, has one of the best turnaround times in the industry. Ubuntu ships with a no open ports policy, meaning that after you install the machine - be it an Ubuntu desktop or a server - no applications will be accepting connections from the Internet by default. Like Ubuntu desktops, Ubuntu Server uses the sudo mechanism for system administration, eschewing the root account. And finally, security updates are guaranteed for at least 18 months after each release (five years for some releases, like Dapper), and are free.

In this section, we want to take a look at filesystem security, system resource limits, dealing with logs and finally some network security. But Linux security is a difficult and expansive topic; remember that we're giving you a crash course here, and leaving a lot of things out - to be a good administrator, you'll want to learn more.

Full Story.

More in Tux Machines

Leftovers: KDE/Qt

Leftovers: OSS

Security Leftovers

  • DNS server attacks begin using BIND software flaw
    Attackers have started exploiting a flaw in the most widely used software for the DNS (Domain Name System), which translates domain names into IP addresses. Last week, a patch was issued for the denial-of-service flaw, which affects all versions of BIND 9, open-source software originally developed by the University of California at Berkeley in the 1980s.
  • Researchers Create First Firmware Worm That Attacks Macs
    The common wisdom when it comes to PCs and Apple computers is that the latter are much more secure. Particularly when it comes to firmware, people have assumed that Apple systems are locked down in ways that PCs aren’t. It turns out this isn’t true. Two researchers have found that several known vulnerabilities affecting the firmware of all the top PC makers can also hit the firmware of MACs. What’s more, the researchers have designed a proof-of-concept worm for the first time that would allow a firmware attack to spread automatically from MacBook to MacBook, without the need for them to be networked.

Brocade CEO: Transition To Open Source Will Be Difficult For Cisco

Communications CEO Lloyd Carney said traditional vendors like Cisco will have a tough time adapting to a more software-defined, open source space. That's because traditional vendors like Cisco's revenue streams are tied to closed architectures, Carney said. Read more