Securing Your Ubuntu System: A Practical Guide
Essential Steps to Protect Your Linux Environment Part I
“Ubuntu is safe and unhackable” is a common but completely wrong statement. Ubuntu is not inherently secure as the urban legend suggests. While Ubuntu has many inbuilt security features, understanding and implementing additional measures can significantly enhance your system's defenses.
This guide will walk you through practical steps to assess and improve your Ubuntu security, from basic precautions to more advanced techniques.
Prerequisites:
A working Ubuntu installation (this guide is based on Ubuntu 22.04 LTS, but most steps apply to other recent versions)
Basic familiarity with the Linux command line
Administrative (sudo) access to your system
A willingness to learn and implement security best practices
Pro Tip
Never Run Commands You don’t understand.
Make use of the inbuilt man command in Linux to understand what a command does.
Run:
man man
In this series, we'll cover the following essential aspects of securing your Ubuntu system:
System Updates and Patch Management
Firewall Configuration
Network Security and Open Ports
File System Security
Logging and Auditing
Application Security
Encryption
First and foremost: Keep your system updated.
System Updates and Patch Management.
Regularly updating your Ubuntu system is crucial for maintaining security. Updates often include patches for newly discovered vulnerabilities.
To check for and install updates, open a terminal and run the following:
sudo apt update// Refresh the list of available packages
sudo apt upgrade// Install updates to your packages
Setup automatic security updates by installing and configuring unattended-upgrade:
sudo apt install unattended-upgrades
Open the unattended-upgrades configuration file using a text editor of your choice. eg Emacs, Vim, or Nano (You’ll need admin privileges).
I’m an emacs user so:
sudo emacs /etc/apt/apt.conf.d/50unattended-upgrades
* All statements starting in // are comments
* Some comments are explanations while others are configurations set to ‘off’
Suggested Configurations
** If it is commented, uncomment the line.
i). Automatic Updates for all security Packages:
"origin=Debian,codename=${distro_codename},label=Debian-Security";
ii). Blacklist Packages
Specify packages that should not update automatically
Unattended-Upgrade::Package-Blacklist {
"package-name";
};
The unattended-upgrade package has a lot of really useful functionality in relation to automatic updates and I recommend checking it out and playing with it to automate the process more to your liking.
Save your changes and exit the editor when you’re done.
Firewall
A firewall’s basic function is to filter incoming and outgoing traffic on a network based on predetermined security rules. The most common firewall in Ubuntu is the UFW(Uncomplicated Firewall).
UFW is an easy-to-use interface for managing iptables, the standard firewall management tool in Linux. It comes in built-in Linux Ubuntu hence no installation is required.
Enable UFW
sudo ufw status//Check if firewall is enabled or disabled
sudo ufw enable
//If you wish to disable the firewall
sudo ufw disable
By default, UFW automatically locks all incoming connections while allowing outgoing connections. You can however set rules to allow/deny connections.
Basic Structure of UFW Rules:
sudo ufw [allow|deny] [service|port] [protocol]
Action [allow|deny]:: Determines whether you are permitting or blocking the traffic
service|Port:: specifies the sevice name (eg: ssh, http) or the port number directly (eg: 22, 80)
Protocol(optional):: Specifies the protocol(udp or tcp) if left bank, UFW assumes you mean both protocols
Let’s look at some of the connections we can allow in our firewall
Allow a service using either the port number or service name
SSH
If you’re using a remote machine, run this command before enabling the firewall to avoid being locked out.
HTTP & HTTPS
sudo ufw allow ssh OR sudo ufw allow 22
sudo ufw allow http OR sudo ufw allow 80
sudo ufw allow httpsORsudo ufw allow 443
Allow specific Port and Protocol
sudo ufw allow 8080/tcp
This restricts the rule to allow only TCP traffic on this port. UDP will be blocked.
Allow access from a specific IP to a specific port1
sudo ufw allow from 192.168.1.100 to any port 22
Now, let’s look at how to deny connection
Block by service name or port number
sudo ufw deny sshORsudo ufw deny 22
sudo ufw deny httpORsudo ufw deny 80
Block an IP address
sudo ufw deny from <IP_ADDRESS>
Block IP address to a specific port
sudo ufw deny from <IP_ADDRESS> to any port <port>
Limit SSH connections
System admins can prevent brute force attacks by limiting an IP that makes too many connection requests.
sudo ufw limit ssh
That’s all for setting up a firewall and configuring it to suit our needs. Need to learn more about firewalls? Head over to the firewall page to get a deeper understanding on how to use it.
Pro tip
Always read the Docs!
unattended-upgrade or
man unattended-upgrade(terminal)UFW or
man ufw(terminal)
Conclusion
In this first part of our Ubuntu security series, we've covered some fundamental aspects of securing your system:
1. The importance of regular system updates and patch management
2. Setting up automatic security updates using unattended-upgrades
3. Configuring and managing the Uncomplicated Firewall (UFW)
These steps form a solid foundation for improving your Ubuntu system's security. Remember, security is an ongoing process, not a one-time setup. Regularly revisit and update your security measures to stay protected against evolving threats.
Coming Up Next
In the next parts of this series, we'll dive deeper into Ubuntu security, covering topics such as:
- Network security and open ports
- File system security
- Logging and auditing
- Application security
- Encryption
Stay tuned to learn how to enhance your Ubuntu system's defenses further and maintain a robust security posture.
Brian Omondi | 2024