I made a security FAQ page that may be totally off the mark

[aysiu]

Thanks for the new text, jdong. I've made your suggested substitution and gave you credit for those two paragraphs. If that's a problem, let me know.

glotz, I'll put something in there about setting a password for the BIOS and/or Grub. I still would like to emphasize, though, that allowing someone physical access to your computer is essentially allowing root access.

vayu, thanks for the suggestion about phrasing. I'm going to stay with "Don't be dumb" for now. I can be cheeky sometimes, too.

maniacmusician, if someone wants to mirror Psychocats Ubuntu, I'm all for that. I would just ask that if any changes are made, the fact they were made is explicit, just so people know what I've written and what others have written.

What I'd like to see, actually, is a Wiki entry that's a bit more comprehensive. My page is just a basic intro for desktop users, but I'd love to see a comprehensive "Ubuntu Security: Best Practices" on the Wiki that includes encryption methods and security for servers.

I really know little to nothing about those.

[argie]

Perhaps a mention of shortening the time that sudo gives you root permission from 15 to lower?

[deepwave]

Pretty good start, a few things you might want to add:

Checking Logs and Network Traffic
One thing that a security-minded person is check for intrusions. Checking logs and network traffic, like checking the at home locks is important. If something looks odd, its better to know sooner than later. Logs indicate the health of the system. Looking at network traffic makes sure that nothing on your system, communicates with the outside world in an unexpected way. Keep an eye on both, it may save you a good deal of pain later on. Wireshark and tripwire are good tools to use.

Checking Rootkits
While viruses don't manifest themself in Linux, other nasty things do. An attacker can gain root access by exploiting a weak point in a program. Attackers try escalating their access to root, and often use a rootkit to keep their account. Rootkits can provide backdoors, hiding and other nasty features. A rootkit detector can detect many rootkits, but a well masked rootkit maybe impossible to find on a running system. Boot a livecd and check for rootkits, and that should find all the rootkits. DO NOT REBOOT IF YOU RUN A PRODUCTION SERVER AND WANT TO GATHER FORENSIC EVIDENCE.

Update When Possible
Keep your system updated, and an attacker will have a harder time getting. Reading up on current security risks, helps avoid trouble too.

Small is Beautiful
The less services, and programs running on your system, the less places an attacker can attack. Ideally ever system should serve only one purpose.

Be Paranoid
Security is a state of mind. Using good security practice is one thing. Being security minded is another. Someone will want to break in at some point into our system. Be skeptical of strange emails, website and programs. Many attacks work by convincing you to let your guard down.

Backup
If worst comes to worst, a backup saves a lot of anguish. Backup your files and system configuration files (/etc) regularly.

Overall
- Run only what you need.
- Be skeptical.
- Check logs, network traffic and signs of intrusion.
- Harden your system, keeping services to a minimum.
- Backup your files regularly.

More Advanced Techniques:
- Set up defences in depth.
- Firewalls to keep unwanted traffic from leaving.

[aysiu]

I've put in some links at the end of the page.

[KaroSHi]

Helpfull guide, thanks for the link! (i dont have any comments about it, v nice overall)

[aysiu]

Helpfull guide, thanks for the link! (i dont have any comments about it, v nice overall)

Thanks. Good to know it's useful for someone.

Any security experts out there want to create a Wiki for advanced tips?

Mine's sort of a basic page.

[user1397]

Very nice. I suggest that in the part where you talk about sudo, to say that you have root access only in the terminal window open at the time fr 15 minutes from the time you first enter your password for a sudo command. also of course applies to the gksudo nautilus window.

its different than your statment about 'sudo only gives root privileges to that command" because it actually lasta for 15 minutes, though it is changeable.

[aysiu]

Yeah, I'll clarify a bit with that. Though, I've seen the behavior to not be fully consistent. Sometimes the 15 minutes lasts for only that terminal (if I open a new terminal, I'm prompted for a password again).

[raqball]

Great info on your site! A must for every new user! May I link this site in my sig?

Great job!

[aysiu]

Great info on your site! A must for every new user! May I link this site in my sig?

Great job!

Sure thing. Link away.