|
rawpixel, 123RF.com
Let's face it: Except for the most paranoid (or best-informed) of us, security is a drag – it's what you have to deal with before you can get on with real work. Luckily, Ubuntu comes with a complete toolset of security utilities that make the process much less painful.
The trouble with security is knowing where to start. Security involves the entire operating system and can require an intimidating amount of expertise. So how can you secure your machine without making security a lifetime study?
Most people know enough to install some sort of antivirus tool like ClamAV [1] and anti-spam filters such as SpamAssassin [2] and Bogofilter [3]. However, antivirus protection is low priority on Linux, unless a system exchanges files regularly with Windows machines. Moreover, both antivirus and anti-spam tools are reactive security, useful only after you already have a problem. Your security is almost always much tighter if you focus your attention on architectural security – that is, settings designed to prevent intrusions in the first place.
Fortunately, not only are architectural security fixes common, but a few are easy enough for even new users to apply. Of course, that doesn't mean that they might take time to apply. Sometimes ease-of-use may be only relative to similar tools and still require a long and difficult learning curve.
Within these limitations, the nine solutions listed here are among the easiest to apply. Between them, they cover most of the major areas of concern in security, and if you apply all of them, you can be reasonably sure that your system is protected.
Like the once-popular Bastille Linux, Lynis [4] does a security audit of your system. In less than 10 minutes, it conducts over 220 tests, including some designed for major distributions, and provides a list of suggestions for improving a system's security (Figure 1). Each suggestion links to a detailed online description of why the suggestion matters and possible options. The tests can be run from the root account for an overall architectural audit or from an ordinary account for penetration testing.
Figure 1: Lynis produces a list of ways to tighten the security on your computer.
Depending on the state of your system, Lynis can keep you busy for hours as you harden your system. But it directs your efforts and teaches you more about the inner workings of Linux than anything else available. Run it as soon as possible after installation, then as part of your regular maintenance, comparing the results of the two most recent audits to see what has changed, and check it.
Sandboxes – isolated environments – have become a standard security feature in the last few years. Usually, that means running containers, which can be difficult to install. Firejail [5] is an easier alternative, installing lightweight sandboxes and running primarily on standard kernel modules (Figure 2). Using it is as easy as adding Firejail at the start of a command. Create a panel or desktop launcher, and launching an application in a sandbox is reduced to a single click.
Figure 2: Firejail sandboxes common desktop apps through a series of predefined profiles.
Firejail installs with over 60 profiles for common applications like Firefox, XChat, and Wine, and a default profile for other applications. This basic security can be supplemented by compiling Firejail for AppArmor support, a whitelist or blacklist, and a range of other options, including an array of permissions.
Like any form of sandboxing, Firejail should not be your only line of defense. However, it remains a valuable addition to your security toolbox.
Pages: 4
US / Canada
UK / Australia
The latest release of Parrot Security OS has some extremely colorful plumage, which will appeal to both hackers and lay users interested in their systems' safety.
US intelligence agencies tap into billions of call data and electronic messages monthly – reason enough to consider encrypting your email traffic.
If you need an anonymous connection to the web, Tails 0.19 is just what you need. The Live system conceals all traces of surfing and mailing.
Leading ownCloud developers, including the project founder Frank Karlitschek, became dissatisfied with the direction of the project, so they started Nextcloud, a fork of the code and a new company. The goal is to create a better balance among the company, clients, and users. We take a look at how Nextcloud is faring.
The current discussion in the Ubuntu forums is about a possible security hole in GNOME, specifically about GNOME registered users having their passwords appear as cleartext on the keyring. Not a bug, say its defenders, but the security concept behind the GNOME keyring.
