Questions tagged [security]
Security covers a wide-ranging set of topics including Users, Permissions, Authentication, Authorisation, Upgrades, Firewalling, Hardening, etc.
2,501
questions
404
votes
10
answers
453k
views
How can I install just security updates from the command line?
sudo apt-get upgrade installs all updates, not just security updates. I know that I can use Update Manager to select only important security updates, but is there a way to do this from the command ...
- 32.1k
339
votes
9
answers
176k
views
Are PPAs safe to add to my system and what are some "red flags" to watch out for?
I see a lot of interesting programs out there that can only be obtained by adding a "PPA" to the system but, if I'm understanding correctly, we should stay within the official "repositories" for ...
- 12.8k
243
votes
11
answers
208k
views
How to delete file(s) in secure manner?
Is there a way to make sure that a deleted file can not be recovered?
As you know, deleting a file by pressing shift-del or using trash doesn't mean that file is gone forever. It resides somewhere ...
user20296
223
votes
22
answers
169k
views
Why is it bad to log in as root?
I've often come across posts on forums or other websites where you see people joking in such a manner about running/logging in as root as if it's something awful and everyone ought to know about it. ...
- 5,086
219
votes
2
answers
576k
views
How do I scan for viruses with ClamAV?
I installed ClamAV via Terminal (Ctrl+Alt+T) with:
sudo apt-get install clamav
but how can I scan for viruses?
- 14.2k
173
votes
3
answers
158k
views
Difference between PGP and GPG
What are the main differences between PGP (Pretty Good Privacy) and GPG (GNU Privacy Guard) in relationship with security in Ubuntu and Launchpad?
- 213k
158
votes
4
answers
209k
views
How do I patch/workaround SSLv3 POODLE vulnerability (CVE-2014-3566)?
After the BEAST attack and Heartbleed bug, now I've heard about a new vulnerability in SSL/TLS called POODLE. How do I protect myself against being exploited?
Are only servers or also clients ...
- 68.4k
153
votes
6
answers
126k
views
How to patch the Heartbleed bug (CVE-2014-0160) in OpenSSL?
As of today, a bug in OpenSSL has been found affecting versions 1.0.1 through 1.0.1f (inclusive) and 1.0.2-beta.
Since Ubuntu 12.04, we are all vulnerable to this bug. In order to patch this ...
- 18.9k
146
votes
3
answers
172k
views
How to create a restricted SSH user for port forwarding?
ændrük suggested a reverse connection for getting an easy SSH connection with someone else (for remote help). For that to work, an additional user is needed to accept the connection. This user needs ...
- 175k
142
votes
5
answers
101k
views
What is the CVE-2014-6271 bash vulnerability (Shellshock) and how do I fix it?
Recently, there have been news going around regarding "CVE-2014-6271" (See USN-2362-1), which is a vulnerability in Bash. How do I know if I am affected by this, how can I fix it, and why should I ...
- 20.7k
140
votes
3
answers
280k
views
How do I keep track of failed SSH log-in attempts?
I'd like to see if somebody has been trying to log-in by brute-force into my Ubuntu 12.04 server over SSH. How can I see if such activities have been taking place?
- 57.5k
135
votes
13
answers
156k
views
How to harden an SSH server?
What measures can/should I take to make sure that security around my SSH server is absolutely impermeable?
This will be community wiki from the start, so lets see what people do to secure their ...
133
votes
2
answers
244k
views
How can I allow SSH password authentication from only certain IP addresses?
I'd like to allow SSH password authentication from only a certain subnet. I see the option to disallow it globally in /etc/ssh/sshd_config:
# Change to no to disable tunnelled clear text passwords
#...
- 77.2k
123
votes
1
answer
110k
views
Installing python: who is deadsnakes and why should I trust them?
I want to install Python 3.9 on my Ubuntu 20.04, and all tutorials I can find include a step as follows:
sudo add-apt-repository ppa:deadsnakes/ppa
I am concerned about security. I've looked into ...
- 1,443
110
votes
7
answers
61k
views
What is the difference between "gksudo nautilus" and "sudo nautilus"?
I've been using gksudo nautilus and sudo nautilus through Alt+F2.
What's the difference? They look very similar!
- 6,452
107
votes
3
answers
52k
views
What is apparmor?
I hear a lot of talk about apparmor, I want to know the following:
What is apparmor?
How does apparmor work?
- 17.1k
99
votes
8
answers
179k
views
How to encrypt individual folders?
Let's say that I have a folder, within my Documents folder, that has files I want no one to access without a password.
Is there a way to lock down that folder so that it's password protected / ...
- 2,508
86
votes
4
answers
150k
views
How to change LUKS passphrase?
Having installed Ubuntu 11.10 with whole disk encryption and LVM, I need to provide a way for users to easily change LUKS passphrase.
Preferably, this should be done using GUI tools, thus, enabling ...
- 1,181
86
votes
3
answers
37k
views
When to use pkexec vs. gksu/gksudo?
There are two general ways to run applications graphically as root (or, more generally, as another user). Programs like gksu, gksudo, and kdesudo are graphical frontends for sudo. In contrast, pkexec ...
- 118k
84
votes
8
answers
104k
views
How to sandbox applications?
I want to run small untrusted programs, but restrict them from accessing any files outside of their folder, network access, and everything else that they don't really need. What is the simplest way to ...
- 1,031
82
votes
3
answers
29k
views
What is Ubuntu's status on the Meltdown and Spectre vulnerabilities?
Any questions relating to status updates, or asking if anything is going to be patched for these vulnerabilities should be closed as duplicates of this question.
Meltdown and Spectre are in the news ...
- 15.7k
81
votes
5
answers
26k
views
Can I get a virus by using "sudo apt-get install"?
I would like to make sure it's safe to download software using sudo apt-get install. Are the packages scanned somewhere? Are all packages downloaded using this command virus free?
If there is no ...
- 1,217
80
votes
7
answers
227k
views
How to disable IPv6 permanently?
How can we disable IPv6 system wide via terminal commands?
I've read editing /etc/modprobe.d/aliases
and replacing:
alias net-pf-10 ipv6
with:
alias net-pf-10 off
alias ipv6 off
Is this safe to ...
- 809
80
votes
2
answers
68k
views
Why shouldn't /var/www have chmod 777
When developing a page on a localhost, I sometimes get a "Permission denied" error which I can solve by running chmod -R 777 /var/www. However, people are telling me that this is a bad idea for ...
- 213k
80
votes
5
answers
75k
views
Why is the firewall disabled by default?
Why is ufw firewall included in Ubuntu, when it is not enabled and pre-configured by default? Most users don't even know it is there, because no GUI frontend is provided.
- 921
79
votes
3
answers
20k
views
How to protect Ubuntu from fork bomb
I heard someone talking about a fork bomb, I did some research and found some dreadful information about some strange looking characters people can have you type at the command line and as a result do ...
- 1,484
76
votes
2
answers
17k
views
Can I make the webcam take a picture when an incorrect password is entered?
I am using a laptop . I was thinking to have a support in my Ubuntu machine. When an incorrect password is entered, a picture is taken later revealing who has been trying to gain access.
I have ...
- 5,924
73
votes
7
answers
14k
views
How to secure my laptop so that hacking by physical access is not possible?
I messed up my system earlier, I was greeted with a black screen, when booting in to Ubuntu. When I started up my laptop, I selected the recovery option from the grub menu, and chose fallback at root ...
- 26.8k
73
votes
5
answers
98k
views
Do I need to use canonical Livepatch?
Ubuntu says
Use canonical Livepatch to increase security between restarts.
I have to sign in to do this, so is it worth setting up? I'm not sure what it is, the box is unticked.
The more secure the ...
- 877
70
votes
5
answers
184k
views
Ubuntu 20.04 - how to set lower SSL security level?
I'd like to ask if there's a way to lower SSL security level to 1 on Ubuntu 20.04, since I'm receiving:
141A318A:SSL routines:tls_process_ske_dhe:dh key too small
when trying to curl the website.
...
69
votes
8
answers
40k
views
What is the best way to restrict access to adult content?
I bought my kids a PC and installed 12.04 (Unity) on it. The bottom line is, I want my children to use the computer unsupervised while I have confidence they cannot access anything inappropriate.
...
- 9,855
65
votes
7
answers
37k
views
How to check that KPTI is enabled on my Ubuntu?
The current Meltdown Intel processor vulnerability is currently remedied by having the page table isolation enabled. There is a question how to turn this off: How to disable Page Table Isolation to ...
- 752
62
votes
4
answers
90k
views
How can I detect a keylogger on my system?
How could I know if there's a keylogger in my system, or at least if one is active right now?
- 775
59
votes
6
answers
18k
views
How can I prevent someone from resetting my password with a Live CD?
Recently one of my friends came over to my place, within 15 minutes he hacked my account using a Live CD and reset the password in front of me. I was baffled to see such a thing. Please guide me to ...
- 3,621
56
votes
17
answers
60k
views
Can you recommend a password generator?
I was hoping someone could recommend a good password generator.
Extra props to the person who can name one that gives you a mnemonic to remember it as well.
- 34.5k
56
votes
4
answers
23k
views
How is being able to break into any Linux machine through grub2 secure?
How is the ability of a person who gained physical access to your computer to get root with those steps in any way secure?
When grub2 menu opens press e to edit the Linux start options
Change:
"...
- 705
56
votes
3
answers
80k
views
Untrusted application launcher?
Some time ago, Ubuntu introduced a Security "feature", that would only allow trusted .desktop apps to be run, on other apps it would pop up a message.
Nothing new so far, However, said Message used ...
user2817
56
votes
3
answers
6k
views
How can I use a passcode generator for authentication for remote logins?
I would like to strengthen the authentication of my SSH logins by adding another factor: a passcode generator device, or a passcode generation application on my mobile phone. The only obvious options ...
- 72.2k
54
votes
7
answers
51k
views
Why is Ubuntu more secure than Windows or Mac OS X?
Please give some solid reasons.
Linked Question
How safe is Ubuntu?
- 13.2k
52
votes
7
answers
6k
views
What are the risks of NOT using a firewall (home computer)?
Since a password is required to be a superuser (to install and modify programs), what are the risks to not use a firewall under Ubuntu ? More particularly if I am using a NAT router ?
- 1,138
52
votes
3
answers
3k
views
Is there any guarantee that software from Launchpad PPAs is free from viruses and backdoor threats?
As Linux continues to grow and develop, and the more we use Linux, the greater the threat from viruses.
We also know that a virus/threat in Linux (if any) would have difficulty running or spreading ...
- 3,054
51
votes
5
answers
26k
views
Is Ubuntu affected by the xz backdoor compromise?
Moderator Note: This question relates to a rapidly evolving current event. It has been protected to prevent unrelated banter or answers that do not benefit the post.
In March 2024, a backdoor was ...
- 1,103
48
votes
3
answers
35k
views
potential ufw and fail2ban conflicts
Will running both fail2ban and ufw cause problems? I noticed that fail2ban modifies iptables rules, but ufw already has a ton of iptables rules defined... so I'm not sure if fail2ban will mess these ...
- 2,245
47
votes
3
answers
73k
views
Ubuntu 20.04 and 20.10, /etc/securetty: No such file or directory
Just updated to 20.04 final release, and I'm seeing these messages in /var/log/auth.log...
May 14 06:29:52 Satellite-E55 gdm-password]: pam_unix(gdm-password:auth): Couldn't open /etc/securetty: No ...
- 71.3k
46
votes
5
answers
12k
views
Is it safe to use a second hand laptop after reinstalling ubuntu on it
I bought a laptop from somebody. The laptop had Ubuntu 14 on it, I erased the entire disk and installed Ubuntu 16 on it. I definitely don't want the previous owner to have access to my data or key ...
- 636
45
votes
5
answers
52k
views
How to disable Page Table Isolation to regain performance lost due to Intel CPU security hole patch?
Because of the current Intel CPU security hole issue, there is a patch expected which slows down the system performance.
How can I make sure that this patch will not be installed on my Ubuntu system?
- 559
45
votes
5
answers
62k
views
How to block internet access for wine applications?
How can one prevent specific or any wine applications from accessing the internet?
When using certain applications under Windows, they were trying to access the internet from time to time without ...
- 2,349
45
votes
9
answers
32k
views
How to graphically interface with a headless server?
I have a ubuntu development server at work. It is an old rack server that is located somewhere in the company's dungeon, where nobody ever goes. The only way it can work is as a so-called headless ...
- 1,259
45
votes
4
answers
51k
views
What is the 'ptrace_scope' workaround for Wine programs and are there any risks?
To run certain Windows programs in WINE you need to this workaround:
echo 0|sudo tee /proc/sys/kernel/yama/ptrace_scope
According to the support websites, this is due to a bug in the Ubuntu kernel ...
- 7,107
43
votes
9
answers
30k
views
What do I have to do before giving away my Ubuntu machine?
I have an old laptop that is running Ubuntu. Now I want to give away this laptop, but I want to remove all private data. So what should I remove? I don't want to format the whole system, because the ...
