Tips for a secure Ubuntu configuration and Question to Ubuntu Pro

Support and Help
, ,
1

Hi!

I am new to Ubuntu and I am curious if I need to do any configuration to have a safe OS.

So, do I have to make certain settings or should I install specific software?
I am asking because I didn’t find any security-related settings in Settings and I only know from Windows (but maybe Ubuntu is also safe configured out of the box).

And I also have a short question to Ubuntu Pro. My understanding is that I get 10 years of updates. I use the current LTS (Noble Numbat) and I will update to the next LTS when it is available. So I don’t want to use Noble Numbat over 10 years.
So, in my case: I don’t have any advantages with Ubuntu Pro, right? Or would I get “better” updates with Ubuntu Pro?

My use case is only Desktop using (Internet and Office), so no server.

Thank you for your hints!

2 Likes
2

The Ubuntu software archive is split into four components, main (pretty much the software on the iso and some extras), restricted (closed source drivers like the nvidia one), universe (community maintained software mostly imported from debian) and multiverse (closed source software)

Only the main part of the archive gets security fixes for 10y, universe gets security fixes by the community on a best effort basis (read: very rarely) and the closed source stuff is … well … closed source

If you want additional reliable security fixes for packages from the universe part of the archive provided by Canonicals security team, you will have to enable pro … additionally pro enables you to have kernel security fixes without needing an immediate reboot for the machine to apply them (if you turn on the livepatch feature of pro), though this is admittedly more likely interesting on a server install …

2 Likes
3

This is a common new-user question.

The Ubuntu developers work very hard to ship an OS with sane, safe, and secure defaults.

For most users, there should be no need for additional security software or other tweaks. Your system is ALREADY secure.

Pro has many benefits for LTS users, including a wider range of security patches as @ogra has explained.

Clarification: There is no premium tier of “better” security patches. That would be rude.

6 Likes
4

If it makes you feel safer, you can turn on the firewall…

sudo ufw enable

sudo systemctl enable ufw

sudo systemctl start ufw

2 Likes
5

First off, welcome to Ubuntu Discourse :slight_smile:

I want to offer some tips based on my personal experiences of using Ubuntu/Linux.

  1. only download and install from official repositories
  2. keep solid backups of your important data
  3. as with any operating system, browse the web safely, no dodgy sites or downloads
  4. keep the system updated, either automatically or with manual updating

In more than 20 years of using Linux I have never used additional tools to protect my system.

If enabling the firewall makes you feel safer, then go for it.

Antivirus is not needed unless you share files with Windows users.

The most important rule of all? Use common sense and feel free to ask questions here if there is anything you are not sure about.

Enjoy the journey!

6 Likes
6

I wholeheartedly agree with @rubi1200 's advice.

I especially agree with the idea that the wide area network is your greatest vulnerability. Think carefully when opening new ports, such as you do when adding new services like ssh. Careful use of the firewall should be all you need unless you expect to host a lot of traffic and/or if you’re making your address public.

If you don’t plan on adding services, you should have sane defaults to begin with.

2 Likes
7

Thank you very much for your answers and hints :grinning:

I have two additional questions to the Ubuntu flavours and Ubuntu Pro.

  • Are these also maintained by Canonical?
  • I think that the flavours also use the main archive, right? If so, I would benefit from Ubuntu Pro if I would use it 10 years, right? Or is Ubuntu Pro not available for the flavours?

Thank you again!

8

Pro is available for all official Ubuntu images, that includes the flavors too… But the packages for the various other desktop environments that are provided by the flavors will not be updated/fixed by the flavor developers after 3 years… (If there are high or critical security issues in them these will be covered through pro though)

2 Likes
9

Hello

https://wiki.ubuntu.com/RecognizedFlavors
I guess Ubuntu Pro should be available for any flavor …

Regards

1 Like
10

https://www.nuharborsecurity.com/blog/ubuntu-server-hardening-guide-2

1 Like
11

Great, thank you very much!
That helped me :grinning:

12

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.