User Tools

Site Tools


secure_ubuntu_system:base_security

Secure Ubuntu System - Base Security

Get root privileges (optional)

Because we must run all the next steps from this document with root privileges, we can either prepend all commands in this tutorial with the string sudo, or we become root right now by typing:

sudo -i

…and entering the Administrator's password, adminpass.

IMPORTANT: If this is done, then remember to remove the sudo command from the front of any future issued command.

DANGER: Do NOT use the following command:

sudo su

and do NOT enable the root login by running:

sudo passwd root

and giving root a password.

With these options one can log in as the root user, but this is frowned upon by the Ubuntu developers and community for various reasons.

If for some reason the root account has been enabled then disable it again, issuing the following command:

sudo passwd -dl root

Disable Ctrl-Alt-Delete

Anyone that has physical access to the keyboard can simply use the Ctrl+Alt+Delete key combination to reboot the server without having to log on.

Sure, someone could simply unplug the power source, but you should still prevent the use of this key combination on a production server.

This forces an attacker to take more drastic measures to reboot the server, and will prevent accidental reboots at the same time.

Issue the following command:

sudo vi /etc/init/control-alt-delete.conf

…and comment out the following line by placing a hash # sign in front.

/etc/init/control-alt-delete.conf
#exec /sbin/shutdown -r now "Control-Alt-Delete pressed"

Having the right time zone is a requirement for proper security of the server. ShareWiz security standards require the time zone to be set to GMT. This standardizes time in the system and prevents security issues which may occur with unusual time movements. It also ensures that logs files are consistent.

Naturally, select an alternative time-zone as appropriate to your situation.

Issue the following command:

sudo dpkg-reconfigure tzdata 

…and select “Etc” followed by “GMT”.


Continue

Continue to Add Software

secure_ubuntu_system/base_security.txt · Last modified: 2020/07/15 09:30 by 127.0.0.1

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki