What you need to do to secure Ubuntu

Ubuntu is a popular and secure operating system, but there are still steps you can take to further secure your system and protect your data. In this tutorial, we will explore a variety of tips and techniques to secure your Ubuntu system, covering topics such as updating and patching, strong passwords, firewalls, antivirus software, and more. Here are several tips to help with Ubuntu security.

1 – Enable the firewall: The ufw firewall is a tool that allows you to control incoming and outgoing traffic on your Ubuntu system. To enable the firewall, open a terminal and enter the following command:

sudo ufw enable

This will enable the firewall and block all incoming traffic by default. You can also allow specific types of traffic through the firewall by using the ufw allow command. For example, to allow incoming SSH connections, you can use the following command:

sudo ufw allow ssh

Read: How to set up a firewall on Ubuntu 18.04

2 – Create strong passwords: It’s important to use strong, unique passwords for all of your accounts to protect against password cracking and other types of attacks. To create a strong password, use a combination of upper and lowercase letters, numbers, and special characters. Avoid using dictionary words or personal information, such as your name or birthdate.

Here is an example of a strong password: “P@55w0rd123!”

Read: Linux password generator

3 – Keep your system up to date: It’s important to keep your system and applications up to date to ensure that you have the latest security patches and features. To update your system, open the Software Updater application or run the following command in the terminal: sudo apt update && sudo apt upgrade

The apt update command fetches the latest package lists from the repositories, while the apt upgrade command installs the latest updates. You should run these commands regularly to keep your system up to date.

Read: How to use the APT command on Ubuntu/Debian Linux systems

4 – Enable automatic security updates: To ensure that your system stays up to date with the latest security patches, you can enable automatic security updates. To do this, open the Software & Updates application and go to the Updates tab. Under the “Automatic Updates” section, select the “Important security updates” option.

This will enable automatic installation of important security updates as they become available. You can also choose to receive notifications when updates are ready to be installed.

5 – Use a secure connection: When connecting to a network, it’s important to use a secure connection to protect your data from being intercepted. To connect to a secure network, look for a network with the “WPA2” or “WPA3” security protocol.

WPA2 and WPA3 are encryption standards that provide strong protection for wireless networks. When connecting to a network, make sure that the security protocol is set to WPA2 or WPA3 to ensure a secure connection.

Read: How to fix WiFi not working on Ubuntu

6 – Be cautious when installing software: Only install software from trusted sources, such as the official Ubuntu repositories or well-known websites. Be wary of downloading software from unfamiliar websites, as it may contain malware or other security vulnerabilities.

To install software from the official Ubuntu repositories, you can use the apt command in the terminal. For example, to install the VLC media player, you can use the following command:

sudo apt install vlc

7 – Use antivirus software: While Linux systems are generally more secure than other operating systems, it’s still a good idea to use antivirus software to protect against malware. There are several antivirus options available for Ubuntu, such as ClamAV and Sophos.

To install ClamAV, you can use the following command in the terminal:

sudo apt install clamav

After installation, you can use the clamscan command to scan for malware on your system. For example, to scan the home directory, you can use the following command: clamscan /home

8 – Enable full disk encryption: Full disk encryption helps protect your data in the event that your device is lost or stolen. To enable full disk encryption on Ubuntu, you will need to use the “LUKS” (Linux Unified Key Setup) encryption system.

To set up LUKS encryption, you will need to use the cryptsetup command in the terminal. First, create a partition for the encrypted data. For example, to create a partition using all available space on the second disk, you can use the following command:

sudo cryptsetup luksFormat /dev/sdb

Next, open the encrypted partition using the following command:

sudo cryptsetup luksOpen /dev/sdb encrypted

This will create a new device called “encrypted” in the /dev/mapper directory. You can then create a filesystem on the encrypted partition using the mkfs command. For example, to create an ext4 filesystem, you can use the following command:

sudo mkfs.ext4 /dev/mapper/encrypted

Finally, mount the encrypted partition using the mount command. For example, to mount the partition to the /mnt directory, you can use the following command:

sudo mount /dev/mapper/encrypted /mnt

Read: Moving the Home folder to another partition in Ubuntu

9 – Use a screen lock: To prevent unauthorized access to your device, you should enable a screen lock. To do this, go to Settings > Privacy > Screen Lock. From there, you can set a screen lock password or PIN to protect your device.

10 – Use 2-factor authentication: 2-factor authentication adds an extra layer of security to your accounts by requiring a second form of authentication in addition to your password. This can be a security token, a one-time code sent to your phone, or a biometric factor such as a fingerprint or facial recognition.

To enable 2-factor authentication on your Ubuntu system, you will need to use a tool such as Google Authenticator or Authyor or oathtool. These tools generate one-time codes that you can use to log in to your accounts. To use these tools, you will need to install them from the official Ubuntu repositories and set them up for each account that you want to protect.

11 – Limit access to your system: If you share your device with others, you should consider setting up separate accounts for each user. This will help you keep track of who is accessing your system and what they are doing. You can set up separate accounts by going to Settings > Users.

12 – Enable AppArmor: AppArmor is a security system that allows you to control which programs are allowed to access specific resources on your system. To enable AppArmor, you will need to install the apparmor-utils package and then enable the AppArmor service using the systemctl command. To Disable AppArmor visit the following page.

13 – Use a VPN: A virtual private network (VPN) helps protect your online activity by encrypting your internet connection and hiding your IP address. This can be useful if you are using public WiFi or if you want to protect your data from being intercepted by third parties. To use a VPN on Ubuntu, you will need to install a VPN client such as OpenVPN or WireGuard.

14 – Use HTTPS: HTTPS is a secure version of the HTTP protocol that is used to transfer data between a web server and a client. To ensure that your data is encrypted when you are browsing the web, you should use a web browser that supports HTTPS and try to use HTTPS whenever possible. You can check if a website supports HTTPS by looking for a padlock icon in the address bar.

Read: HTTP or HTTPS: What’s the Difference and Which One is Better to Use

15 – Use key-based authentication: Key-based authentication is a more secure method of logging in to your system than using a password. With key-based authentication, you use a pair of private and public keys to log in to your system. The private key is stored on your local device, and the public key is stored on the server. To use key-based authentication, you will need to generate a key pair using a tool such as ssh-keygen and then copy the public key to the server.

16 – Enable auditing: Auditing is the process of tracking and logging system events such as login attempts, file access, and system changes. To enable auditing on Ubuntu, you will need to install the auditd package and configure the auditd service.

17 – Use SELinux: SELinux (Security-Enhanced Linux) is a security system that allows you to control which programs are allowed to access specific resources on your system. To use SELinux on Ubuntu, you will need to install the selinux-basics package and then configure the SELinux policy. To disable SELinux on Ubuntu, visit the following site.

18 – Use a security-focused browser: Some web browsers are more secure than others. For example, the Tor Browser is designed to protect your privacy and anonymity online. To use the Tor Browser on Ubuntu, you will need to install the torbrowser-launcher package from the official Ubuntu repositories.

19 – Use encrypted communication: Encrypting your communication helps protect your data from being intercepted by third parties. To use encrypted communication on Ubuntu, you can use tools such as gnupg (GNU Privacy Guard) for email encryption and openssl for general encryption.

Read: How to encrypt a USB stick on Ubuntu

20 – Use a password manager: A password manager is a tool that helps you generate and store strong, unique passwords for all of your online accounts. This can be especially useful if you have a lot of accounts and find it difficult to remember all of your passwords. To use a password manager on Ubuntu, you can install a tool such as pass or lastpass-cli.

21 – Use a security-focused mail client: If you are concerned about the security of your email, you may want to consider using a security-focused mail client such as Thunderbird or Enigmail. These mail clients include features such as encryption and digital signing to help protect your email communication.

22 – Use a secure file manager: A file manager is a tool that helps you manage and organize your files on your system. Some file managers include additional security features such as encryption and password protection. Examples of security-focused file managers for Ubuntu include Gnome Encfs Manager and Cryptomator.

23 – Use a secure search engine: A search engine is a tool that helps you find information on the internet. Some search engines prioritize privacy and do not track your search history. Examples of privacy-focused search engines for Ubuntu include DuckDuckGo and StartPage.

Read: How to Google search from Linux terminal – Build your own search engine

24 – Use a secure messaging app: A messaging app is a tool that helps you communicate with others online. Some messaging apps prioritize privacy and include features such as encryption and self-destructing messages. Examples of privacy-focused messaging apps for Ubuntu include Signal and Wire.

25 – Use a secure cloud storage service: A cloud storage service is a tool that helps you store and access your files online. Some cloud storage services prioritize privacy and include features such as encryption and two-factor authentication. Examples of privacy-focused cloud storage services for Ubuntu include Nextcloud and Tresorit.

 


If you like the content, we would appreciate your support by buying us a coffee. Thank you so much for your visit and support.

 

Leave a Reply