This is an old revision of the document!
Table of Contents
Setup an Ultra Secure Ubuntu System
The following sections if followed, will ensure that you end up with an extremely secure system.
Install the Base Ubuntu System
Ubuntu - USB - Disable USB Booting
echo 'install usb-storage /bin/true' >> /etc/modprobe.d/disable-usb-storage.conf
NOTE: USB booting can also often be turned off from the BIOS menu.
Ubuntu - Legacy Communication Services
A large number of legacy Unix programs do not provide essential security during data transmission. These include FTP, Telnet, rlogin, and rsh. No matter whether you’re securing your Linux server or personal system, stop using these services for good.
You can use other alternatives for this type of data transfer tasks. For example, services like OpenSSH, SFTP, or FTPS makes sure that data transmission happens over a secure channel.
Some of them employ SSL or TLS encryptions to harden your data communication.
You may use the below commands to remove legacy services like NIS, telnet, and rsh from your system.
# yum erase xinetd ypserv tftp-server telnet-server rsh-server # apt-get --purge remove xinetd nis yp-tools tftpd atftpd tftpd-hpa telnetd rsh-server rsh-redone-server
References
The CIS benchmarks recommendations for hardening the system.
http://benchmarks.cisecurity.org/en-us/?route=downloads.benchmarks
https://www.thefanclub.co.za/how-to/how-secure-ubuntu-1604-lts-server-part-1-basics
debsums http://ubuntuforums.org/showthread.php?t=2225059 http://manpages.ubuntu.com/manpages/xenial/man1/debsums.1.html
/etc/issue
https://www.digitalocean.com/community/tutorials/7-security-measures-to-protect-your-servers