Ubuntu Desktop Security Defaults
Scott Kitterman
ubuntu at kitterman.com
Wed Apr 15 01:54:59 UTC 2009
On Wed, 15 Apr 2009 11:03:26 +1000 Null Ack <nullack at gmail.com> wrote:
>Considering some noise happening in the blog space over a Linux
>magazine article about security problems with Ubuntu server I think we
>should re-visit this topic. The article is at:
>
>http://www.linux-mag.com/id/7297/2/
>
>The key criticisms of Ubuntu server raised by Linux magazine are:
>
>1. Default permissions of users home dirs open by default
>2. Install allows for blank mysql root password
>3. Allowing system accounts unnecessary shell session authority
>4. Nonsensical deamons listening on the network despite other
>configurations servicing those needs
>
>In our previous discussion on this topic here, I introduced some
>personal concerns I have with Ubuntu desktop security with:
>
>1. No firewall enabled by default
>2. That AppArmor is providing a false sense of safety for users in
>controlling the damage zero day exploits could potentially do.
>AppArmor only protects one daemon, CUPS. By default it does very
>little.
>
>The reality is that other desktop distros such as Fedora have a far
>stronger set of security features than our beloved Ubuntu,
>
I guess I was hallucinating working on the apparmor profile for
clamav-daemon and freshclam (also run as a daemon) today.
I have yet to work on a customer server that was Red Hat/Fedora based where
SE Linux was not disabled, so whatever theoretical advantages it might
have, in practice without a well trained guru to manage it, it does no good
at all.
Most of the article is not terribly accurate (see the today's archives of
the ubuntu-server mail list for details).
Scott K
More information about the Ubuntu-devel-discuss
mailing list