Chapter 10: Locking Down Ubuntu

From a fresh install, Ubuntu Dapper Drake starts as a very secure operating system. Without applying any security patches, it poses few risks from external and remote attackers. However, maintaining security after the installation is your responsibility. There are a couple of tricks you can do to keep your files and data secure. These include using Sudo for root privileges, GPG to encode messages, enabling encrypted files systems, and even log file and cache management. Ubuntu is usually safe enough from the start, but with a few hacks, it can be made much safer.

Outside of the security field, many people view encryption and cache removal as a sign of guilt. The basic feeling is usually, "why are you covering your tracks if you have nothing to hide?" Just because you are encrypting data and cleaning temporary files does not mean you are doing anything illegal. Consider it like closing curtains on your bedroom window-it means you want privacy, not that you're doing anything wrong. Privacy is also preventative. If your laptop gets stolen, do you want the thief to see all your bank account information in your web cache? How about the source code from some big project you're working on? The same goes for your computer(s) at home. Thieves are just as likely to steal your desktop workstation, as they are your TV and stereo.

Locking down your system limits the amount of damage a bad guy can cause. Furthermore, many of these preventative steps require no additional work beyond installation and initial configuration.

Understanding Ubuntu Security Defaults

Ubuntu installs using a basic security model that consists of no network accessible services, and no root logins. These basic principles ensure that a clean install cannot lead to a remotely compromised host. If you need a network service, then you will need to explicitly install it (see Chapter 12). Even after installing the network services, it usually takes a couple of steps to fully enable it.

There are a few basic steps to maintaining a secure Ubuntu system:

Don't use root-The default Ubuntu installation does not assign a root password and you cannot log in as root. Instead, the default user account can use Sudo (see the next section) to run commands as root. Additional user accounts cannot even run Sudo unless they are given explicit permission. Restricting root access limits your ability to accidentally (or intentionally) screw up the entire operating system.
Limit network services-Only enable services that you need. If you don't need a mail server, then don't install one. If you do not host web pages, then don't install a web server. Attackers can only exploit network services that are running on your system.
Use trusted software sources-Chapter 4 describes how to modify /etc/apt/ sources.list in order to change the supported repository list. The default repositories come from a trusted location: the four official Ubuntu repositories. However, there are literally hundreds of unofficial repositories. Installing software from an unknown and untrusted repository could result in the installation of hostile software. Don't change the default repository settings or install software from untrusted providers unless you know what you are doing. Remember: just because they say it is safe does not mean it really is safe.
Limit scripts-web browsers, chat room software, and other programs can transfer potentially hostile software from the network, download files, and run programs. If you don't need this functionality, then disable it. For example, if you don't need Java or JavaScript in your web browser, then disable it (see Chapter 5).
Use strong passwords-If you are the only person with physical access to your computer and you do not allow remote network access, then you can probably get away with having abcd or your pet's name as your password. (One of my home computers is usually logged in and the screen saver does not demand a password-this is as effective as having no password.) However, if you are in a corporate environment with many users, or enable remote access, or are at home with young kids (or cats) who like to press the delete button, then consider a strong password. Remote access and physical access attacks can use brute force approaches that include:
- Dictionary words-If your password is found in a dictionary (English, French, Chinese, and so on) then it can be easily guessed.
- Words with numbers-Simple word-number combinations, like apple12 or 288cereal can be easily guessed. The same goes for punctuation (hello! and ?what?).
- Keyboard patterns-Sequences like asdfghjk (adjacent keys on the keyboard) are very easy to guess.
- Common data-License plates, dates (birthday, anniversary, and so on), kids names, and other types of public information are very easy to guess.

Programs like John the Ripper (sudo apt-get install john) are designed to crack passwords through dictionary attacks and common password patterns like the ones listed above. In my experience, John can crack about 20 percent of user-chosen passwords in the first few minutes, and up to 80 percent in a few hours. The best passwords will not be based on dictionary words or simple patterns, and will be memorable. Good passwords should make sense to only you and not anyone else.

Tip

If you are an administrator with lots of users on your system, consider using John the Ripper to look for weak passwords. It is much safer if you find the weak ones and ask the users to proactively change their passwords than wait for a hostile user to find them and exploit the accounts.

Don't compromise your security. Telling people "I have a really cool password-it's my student ID number from high school and nobody will guess that!" is a huge hint to an attacker. Don't hint at your password, don't e-mail it, and don't tell it to anyone in public. If you think that somebody might have a clue about your password, then change it immediately. Remember: the only person inconvenienced by a password change will be you. Beyond passwords, don't give accounts with Sudo access to anyone, don't install software from strangers, and don't run with scissors. Your security is as strong as its weakest link, and that is often the user.

Warning

Don't use your Ubuntu system's password anywhere else. Many people use the same password for their Yahoo!, Gmail, and eBay accounts as well as other online services. If you use your password everywhere, then one compromised site will compromise all of your accounts. Most people underestimate the blackhat hacker's ability to find your other accounts. I'm a good guy (whitehat) and I spend a lot of time tracking people online-believe me, finding your other accounts is easy.

The default Ubuntu server and desktop installations do not include any remote network services. This way, a clean install can be patched and prepared without the risk of an external attacker compromising the system. You can place a clean install of Dapper Drake on the Internet without a firewall and not risk any remote compromises. (You cannot compromise a network service when no network services exist.)

After the installation, you can update the system (sudo apt-get update; sudo apt-get upgrade) and begin adding in services and user accounts. This minimizes the risk from remote exploitation.

The basic idea of "no default network services" is a concept that could benefit other operating systems. For example, Microsoft Windows, HP-UX, and RedHat Fedora Linux all enable some basic network services during the installation. This can lead to big problems. For example, if you work for a large company that has a few infected Windows systems, then installing a new Windows system on the network could face a problem: the new system may be infected over the open network services before the first security patch is applied.