Tips for maintaining a secure Ubuntu system

There are a few basic steps to maintaining a secure Ubuntu system:
  • Don't use root - The default Ubuntu installation does not assign a root password and you cannot log in as root. Instead, the default user account can use Sudo to run commands as root. Additional user accounts cannot even run Sudo unless they are given explicit permission. Restricting root access limits your ability to accidentally (or intentionally) screw up the entire operating system.

  • Limit network services - Only enable services that you need. If you don't need a mail server, then don't install one. If you do not host web pages, then don't install a web server. Attackers can only exploit network services that are running on your system.

  • Use trusted software sources - There are literally hundreds of unofficial repositories. Installing software from an unknown and untrusted repository could result in the installation of hostile software. Don't change the default repository settings or install software from untrusted providers unless you know what you are doing. Remember: just because they say it is safe does not mean it really is safe.

  • Limit scripts - web browsers, chat room software, and other programs can transfer potentially hostile software from the network, download files, and run programs. If you don't need this functionality, then disable it.

  • Use strong passwords - If you are the only person with physical access to your computer and you do not allow remote network access, then you can probably get away with having abcd or your pet's name as your password. (One of my home computers is usually logged in and the screen saver does not demand a password-this is as effective as having no password.) However, if you are in a corporate environment with many users, or enable remote access, or are at home with young kids (or cats) who like to press the delete button, then consider a strong password. Please visit this link to know how to choose a strong password .

  • Programs like John the Ripper (sudo apt-get install john) are designed to crack passwords through dictionary attacks and common password patterns like the ones listed above. In my experience, John can crack about 20 percent of user-chosen passwords in the first few minutes, and up to 80 percent in a few hours. The best passwords will not be based on dictionary words or simple patterns, and will be memorable. Good passwords should make sense to only you and not anyone else.

  • Don't compromise your security - Telling people "I have a really cool password-it's my student ID number from high school and nobody will guess that!" is a huge hint to an attacker. Don't hint at your password, don't e-mail it, and don't tell it to anyone in public. If you think that somebody might have a clue about your password, then change it immediately. Remember: the only person inconvenienced by a password change will be you. Beyond passwords, don't give accounts with Sudo access to anyone, don't install software from strangers, and don't run with scissors. Your security is as strong as its weakest link, and that is often the user.


  Karl Staib - Your Work Happiness Matters

June 20, 2008 at 2:53 PM

What is Ubuntu? Does it work on Vista?

  Suresh Kumar A

June 20, 2008 at 7:20 PM

Ubuntu is an operating system based on Debian GNU/Linux (www.debian.org/).
Debian has been around since the early 1990s, and because of its maturity, is regarded
as a leading Linux distribution in terms of stability and security. Debian is also known
for its strict adherence to free software (www.debian.org/intro/free). It is on this
foundation that Ubuntu has been formed.

  Code It Red

June 21, 2008 at 6:53 PM

What is Ubuntu? Does it work on Vista?'

This is a joke right?

Thanks for the great post. I always use Root and ignore the fact that people tell me not to but I think I might swap over now.


June 24, 2008 at 9:11 PM

Code it red, you can't not run as root on Windows.
I hope you were talking about Ubuntu.