- Oct 3, 2022
- 675
Ubuntu hardening. Not a script. Just follow along and paste in the commands.
Last edited:
Ubuntu Hardening
- Thread starter Victor M
- Start date
- Oct 3, 2022
- 675
Website updated today Fortified Ubuntu: hardening Ubuntu 24 Desktop
- Oct 3, 2022
- 675
Website updated today. Added more protection to firefox-common.profile. Added dpkg-divert commands so that our configurations do not get overwritten by updates. Removed 'firefox' from 'apparmor firefox' in firefox-common.profile. Fortified Ubuntu: hardening Ubuntu 24 Desktop
SeaKelp
Level 1
- Jun 6, 2024
- 11
Ubuntu Oval | Security | Ubuntu
Parameters and methods for consuming Ubuntu OVAL data. OVAL is used by the Ubuntu Security Team for CVE tracking and management.
ubuntu.com
- Oct 3, 2022
- 675
I prefer to search for Live data myself: Common Vulnerabilities and Exposures (CVEs) . Oval relies on old static data available on the ubuntu server: security-metadata.canonical.com . I suspect it only reports Patched vulnerablities, because all of the items in that list says 'patch'. There has to be some undergoing evaluation, and some that have undergone evaluation and are rated unimportant and so on. Imho, it is more useful to see what a potential attacker sees when he is doing reconnaissance.
On the other hand ubuntu's site revealed things I have missed when doing my searches. Ubuntu knows the complete list of components that are in use in it's releases. I need to be more careful and expand my searching. That oval report is good for people who need to do extensive testing before patching and are forever behind in patching. I don't have any custom applications that requires me to do testing. Ubuntu's own testing is good enough for me.
On the other hand ubuntu's site revealed things I have missed when doing my searches. Ubuntu knows the complete list of components that are in use in it's releases. I need to be more careful and expand my searching. That oval report is good for people who need to do extensive testing before patching and are forever behind in patching. I don't have any custom applications that requires me to do testing. Ubuntu's own testing is good enough for me.
Last edited:
- Oct 3, 2022
- 675
Website updated today. Risk based defences. Fortified Ubuntu: hardening Ubuntu 24 Desktop
- Jun 18, 2022
- 449
How can I download UBUNTU Pro which is free for personal usage ?Switch to Ubuntu Pro, free for 5 home devices.
Ubuntu Pro | Ubuntu
Canonical provides Ubuntu Pro with 10 years of enhanced CVE patching, FIPS compliance, CIS and DISA-STIG profiles and enterprise-grade open source software security with a single subscription for open source supply chain provenance.
Spiff
Level 1
- Jul 20, 2023
- 38
On the Ubuntu Pro page, https://ubuntu.com/pro, if you scroll down, under Looking to learn more, you will find a link to the Tutorial page, https://ubuntu.com/pro/tutorial. I think that page gives you all the information that you need.
- Jun 18, 2022
- 449
- Oct 3, 2022
- 675
Website updated today. Remove X11 which is dated and not designed with security in mind from way back when. It has been replaced by Wayland.
Solution to disable WiFi peer to peer, for those people who live in apartment buildings with very close neighbors.
Fortified Ubuntu: hardening Ubuntu 24 Desktop .
Solution to disable WiFi peer to peer, for those people who live in apartment buildings with very close neighbors.
Fortified Ubuntu: hardening Ubuntu 24 Desktop .
Last edited:
- Oct 3, 2022
- 675
Web site updated today. Extra firewall rules to shorten stateful opening times. More mitigation verification procedures. Enable Yubikey in firefox
Last edited:
- Apr 16, 2017
- 2,825
I have found that some features / uses of yubikey with OS running in VMware do not function as expected, but do not have the exact snafu in front of me. What exactly you mean "Enable Yubikey in firefox"
- Oct 3, 2022
- 675
Using Firefox with firejail requires configuring the firefox-common.profile to allow u2f.
For hypervisors like vmware, you have to do something with the hypervisor to pass in the USB yubikey to the guest OS.
For hypervisors like vmware, you have to do something with the hypervisor to pass in the USB yubikey to the guest OS.
Last edited:
- Apr 16, 2017
- 2,825
right, when I plug-in USB the VM screen popups up with do you want to use USB with VM or Host, even when I select VM, the yubi features work with some sites in VM but not others. the example that is coming to my mind (IIRC) is logging into webmail, it says press the button on the yubikey, I do, but the signal / code does not work, could be the online webmail server...
but the yubikey has always worked aok for that webmail from Host. The work around is easier than trying to figure this out, life is too short to waste hours on this...
- Oct 3, 2022
- 675
Ah google account w yubikey w firejail firefox. Sometimes the prompt for the yubikey pin pops up and sometimes it doesn't. (google simply says press the button on the key which doesn't grant you acccess ) All I do in those cases is restart firejail firefox and it will always work the 2nd time around.( asks for the pin ) I have firefox set to open previous session on start. But this might be different for your vmware problem.
Why don't you install Linux as the host and windows as a vm inside Linux? The virt-manager hypervisor is pretty good and easy to use. All hypervisors are basically the same in my opinion. You have the main panel which allows you to create or start vm's. Each guest has a window to show what components are built into it, you can add components like extra nic's. I have used vmware, virtualbox, virt-manager and some other one which name I can't recall right now. And they all look work pretty similar. No learning curve.
You are going to live for a long time to come, don't say life is too short
Why don't you install Linux as the host and windows as a vm inside Linux? The virt-manager hypervisor is pretty good and easy to use. All hypervisors are basically the same in my opinion. You have the main panel which allows you to create or start vm's. Each guest has a window to show what components are built into it, you can add components like extra nic's. I have used vmware, virtualbox, virt-manager and some other one which name I can't recall right now. And they all look work pretty similar. No learning curve.
You are going to live for a long time to come, don't say life is too short
Last edited:
- Apr 16, 2017
- 2,825
Linux as Host in 2025 is definitely a possibility. I don't see myself buying new pc unless something breaks in this DigitalStorm box. I upgraded the cpu cooling a few years ago, and it is running fine on 7 year old hardware (until it doesn't). Live long and prosper is a better, but seeAh google account w yubikey w firejail firefox. Sometimes the prompt for the yubikey pin pops up and sometimes it doesn't. (google simply says press the button on the key which doesn't grant you acccess ) All I do in those cases is restart firejail firefox and it will always work the 2nd time around.( asks for the pin ) I have firefox set to open previous session on start. But this might be different for your vmware problem.
Why don't you install Linux as the host and windows as a vm inside Linux? The virt-manager hypervisor is pretty good and easy to use. All hypervisors are basically the same in my opinion. You have the main panel which allows you to create or start vm's. Each guest has a window to show what components are built into it, you can add components like extra nic's. I have used vmware, virtualbox, virt-manager and some other one which name I can't recall right now. And they all look work pretty similar. No learning curve.
You are going to live for a long time to come, don't say life is too short
Years You Have Left to Live, Probably
The individual data points of life are much less predictable than the average. Here’s a simulation that shows you how much time is left on the clock.
flowingdata.com
