Securing Ubuntu Linux 20 – A Checklist

I will be moving everything related to routine securing of Ubuntu here as one long checklist.  As I discover new things I will add them here so that they are not forgotten and are easy to repeat.

I mark in pink anything that cannot be simply copied-and-pasted, for example in #2 you may need to adjust the pathname.

  1. Update your system’s applications to the latest secure versions:
# Flush DNS cache of old entries
sudo resolvectl flush-caches; sudo systemd-resolve --flush-caches;
# Update system from repository
sudo apt update -y; sudo apt upgrade -y; sudo apt dist-upgrade -y; sudo apt autoremove -y;

2. Disable xhost ( you may alternatively delete the file if you are sure you will not need it ):

# Displays location of xhost executable, use this for next command.
type xhost
# Change this line to match the location the above command gives you, removing execute permissions.
sudo chmod -x /usr/bin/xhost

3. Disable CUPS

# Disable the start script as root ( use sudo -i before running these commands ):
sudo echo manual > /etc/init/cups.override
sudo echo manual > /etc/init/cups-browsed.override
# Exit from root terminal
exit

4. Disable apport

// To save and close editor when you are done, press CONTROL+x and then answer 'y' to save changes.
sudo nano /etc/default/apport
# Set enabled=0
# Then close the editor with CONTROL-x and answer Y to save changes.

5. Turn Bluetooth discoverability, pairability and device advertisements off:

bluetoothctl discoverable off
bluetoothctl pairable off
bluetoothctl advertise off

6. Give yourself a random MAC address ( Do not do this if you use MAC addresses as authentication for WiFi ):

sudo apt install macchanger
macchanger -r

 

I will be adding more steps soon …

Leave a Reply