Linux – Ubuntu Security or Endpoint Machine Hardening Strategies

Linux – Ubuntu Security:

Endpoint Machine Hardening Strategies For Ubuntu:

Ubuntu Security


Security plays a crucial part for any server or computer configuration. These tutorials will help you step by step for maximizing and improving the ubuntu security.


  1. Need to check whether the installed OS is Ubuntu 14.04 LTS (Trusty Tahr)
  2. Creating of admin & normal user Account.
  3. Installing & configuring kernel security modules/software.


  1. Need to check whether the Ubuntu OS is a stable 14.04 LTS (Trusty Tahr) or else need to install OS.
  2. Creation of Root & standard user account
    • Creation of super & standard user account.
    • Add standard user to sudoers list
    • Disable root Login
    • Use SSH Protocol 2 Version
    • Turn Off IPv6
      • # vi /etc/sysconfig/network
    • Enforcing Stronger Passwords
      • # vi /etc/pam.d/system-auth
    • Keep /boot as read-only
      • Linux kernel and its related files are in /boot directory which is by default as read-write. Changing it to read-only reduces the risk of unauthorized modification of critical boot files.
      • To do this, open “/etc/fstab” file.
      • LABEL=/boot /boot ext2 defaults,ro 1 2
    • Ignore Broadcast Request
      • Add following line in “/etc/sysctl.conf” file to ignore ping or broadcast request.
      • net.ipv4.icmp_echo_ignore_broadcasts = 1
  3. Kernel security software like Grsecurity, SElinux, AppArmor.
    • Grsecurity is very complex to configure and is not native to Ubuntu
    • SElinux is rarely used and is not native available in Ubuntu.
    • App armor is for software containment i.e it provides kernel security (like restricting Internet access to particular s/w) and is native to Ubuntu.