Paranoid Penguin - Security Features in Ubuntu

Once you've installed a bunch of software, keeping it patched is easy. To configure automatic updates, run the Software Sources applet, and select the Updates tab (Figure 3). These settings determine the behavior of the Update Manager applet.

Figure 3. Setting Up Automatic Updates in Ubuntu Desktop

The Update Manager applet runs automatically in the background, but you also can start it manually from the System menu in the Administration section. You can configure it (from Software Sources) to do any of the following: 1) notify you of updates, 2) download patches automatically and notify you when they're ready for installation, or 3) download and install patches automatically.

Remember back in my August 2006 article “An Introduction to Novell AppArmor”, when I commented that despite its SUSE roots, AppArmor probably would be ported to other distributions soon? (No? Well, I did say that—you can look it up!) Sure enough, not only does Ubuntu have a port of AppArmor, but it's also installed and enabled by default.

If you're unfamiliar with it, AppArmor is an implementation of Type Enforcement, a type of Mandatory Access Control. What this means in English is that AppArmor lets you restrict the activities of system dæmons—what files they can read, which directories they can access, which devices they can write to or read from and so on. It is a powerful means of containing the effects if a protected dæmon is compromised—even if attackers succeed in hijacking a given process, they can't use it to execute arbitrary commands, read arbitrary files and so forth.

Perhaps surprisingly, given Ubuntu's very slick look and feel, AppArmor is configurable in Ubuntu only via the command line, using the aa tools (aa-status, aa-genprof and so on) in the apparmor-utils package. Visit the Ubuntu AppArmor page for more information (see Resources).

In the root/sudo discussion above, I mentioned the Users and Groups applet. This applet is deceptively simple to use. It's actually one of the more sophisticated front ends to adduser, addgroup and so on that I've seen. If you select a user, click Properties, and click the User Privileges tab, you can not only grant that user the right to “Administer the system” (that is, to execute commands as root using sudo), you also can select from a long list of other system privileges (Figure 4).

Figure 4. Setting User Privileges in Ubuntu

If you're an old-school sysadmin like me, you know that none of these privileges are handled directly by tools like adduser; the settings in this part of the applet simply determine to which groups the user belongs—groups that the Ubuntu team carefully has configured to correspond with real-world system administration-related commands and objects. This is a clever and simple way to manage administrative functions, especially in combination with sudo.

As you can see, Ubuntu's ease of use doesn't come at the cost of security—it has Debian's abundance of security-related software packages combined with straightforward but effective security design decisions, such as disabled root and AppArmor, and easy update management.