Paranoid Penguin - Security Features in Ubuntu Server
As I discussed last month, the Ubuntu port of Novell AppArmor is installed by default in Ubuntu systems. This is true of both Server and Desktop. In Ubuntu Server, however, AppArmor is present but not configured; you'll need to activate any policies you want to enforce manually (AppArmor profiles reside in /etc/apparmor.d).
If you're unfamiliar with AppArmor, it's a powerful means of running applications in contained environments, such that applications' access to local resources is kept to a minimum. It's similar to SELinux, but less comprehensive and, therefore, easier to understand and administer.
However, on Ubuntu, no graphical tools are provided for this purpose, even in Ubuntu Desktop. What's more, the only Ubuntu documentation (besides man pages) is the AppArmor page on the Ubuntu User Community Wiki (see Resources), which is little more than a listing of commands and their command-line syntax; no HOWTOs or other introductory material are provided.
For the time being, it appears AppArmor on Ubuntu Server is for expert users only.
I've discussed Ubuntu's sensible omission of the X Window System in its default installations, enumerated security features in the Ubuntu Sever installer, pondered the merits of the disabled root account, listed some security-enhancing software packages available in Ubuntu Server and considered Ubuntu's fledgling AppArmor support.
My overall opinion? Ubuntu Server 7.10 is a remarkably compact, straightforward, command-line-oriented Linux distribution with a reasonably secure set of default configurations and an impressive array of fully supported, security-related software packages. (Fewer than Debian, but many more than CentOS or RHEL.) If you're an intermediate-to-advanced Linux system administrator, depending on what you need to do, Ubuntu Server may be worth checking out.
If you're a Linux newbie looking for a gentle introduction to the Linux experience, Ubuntu Desktop is a much better choice, even if you want practice setting up server applications.
That's it for now. Until next time, be safe!
The Official Ubuntu Home Page: www.ubuntu.com
Ubuntu Server Guide: https://help.ubuntu.com/7.10/server/C/index.html
Christer Edwards' blog, which consists almost entirely of handy Ubuntu HOWTOs: ubuntu-tutorials.com
“Ubuntu Server: Considering Kernel Configuration” by Carla Schroder: www.enterprisenetworkingplanet.com/netos/article.php/3710641
Home Page for Webmin, a Free Web-based GUI for Remote Server Management: www.webmin.com
The Ubuntu RootSudo Page, Describing Ubuntu's sudo Implementation in Detail: https://help.ubuntu.com/community/RootSudo
Security Pages on the Ubuntu User Community's Wiki: https://help.ubuntu.com/community/Security
AppArmor Page on the Ubuntu User Community's Wiki: https://help.ubuntu.com/community/AppArmor
The “Securing Debian Manual”, Indirectly Applicable to Ubuntu: www.debian.org/doc/manuals/securing-debian-howto/index.en.html
Bauer, Michael D. Linux Server Security, 2nd ed. Sebastopol, CA: O'Reilly Media, 2005. Provides detailed procedures for securing popular server applications.
Mick Bauer (firstname.lastname@example.org) is Network Security Architect for one of the US's largest banks. He is the author of the O'Reilly book Linux Server Security, 2nd edition (formerly called Building Secure Servers With Linux), an occasional presenter at information security conferences and composer of the “Network Engineering Polka”.
- Readers' Choice Awards 2013
- Linux Kernel News - November 2013
- Advanced Hard Drive Caching Techniques
- December 2013 Issue of Linux Journal: Readers' Choice
- Mars Needs Women
- Sublime Text: One Editor to Rule Them All?
- Raspberry Pi: the Perfect Home Server
- RSS Feeds
- Web Administration Scripts
- Linux Systems Administrator
- thanks for share, great
16 hours 32 min ago
- There are factors which are
21 hours 32 min ago
- Gnome 3 ?
22 hours 17 min ago
- Reply to comment | Linux Journal
1 day 2 hours ago
- "Redis RethinkDB 4.5%" on Best NoSQL Databases
1 day 12 hours ago
- on the ground
1 day 18 hours ago
- I was able to read the whole
1 day 20 hours ago
- since i have read the title i
1 day 23 hours ago
- Belanja Online Cari Voucher Diskon
1 day 23 hours ago
- The kernel doesn't really
2 days 11 hours ago