Ubuntu Desktop Security Defaults

Scott Kitterman ubuntu at kitterman.com
Wed Apr 15 01:54:59 UTC 2009

On Wed, 15 Apr 2009 11:03:26 +1000 Null Ack <nullack at gmail.com> wrote:
>Considering some noise happening in the blog space over a Linux
>magazine article about security problems with Ubuntu server I think we
>should re-visit this topic. The article is at:
>The key criticisms of Ubuntu server raised by Linux magazine are:
>1. Default permissions of users home dirs open by default
>2. Install allows for blank mysql root password
>3. Allowing system accounts unnecessary shell session authority
>4. Nonsensical deamons listening on the network despite other
>configurations servicing those needs
>In our previous discussion on this topic here, I introduced some
>personal concerns I have with Ubuntu desktop security with:
>1. No firewall enabled by default
>2. That AppArmor is providing a false sense of safety for users in
>controlling the damage zero day exploits could potentially do.
>AppArmor only protects one daemon, CUPS. By default it does very
>The reality is that other desktop distros such as Fedora have a far
>stronger set of security features than our beloved Ubuntu,
I guess I was hallucinating working on the apparmor profile for 
clamav-daemon and freshclam (also run as a daemon) today.

I have yet to work on a customer server that was Red Hat/Fedora based where 
SE Linux was not disabled, so whatever theoretical advantages it might 
have, in practice without a well trained guru to manage it, it does no good 
at all.

Most of the article is not terribly accurate (see the today's archives of 
the ubuntu-server mail list for details).

Scott K

More information about the Ubuntu-devel-discuss mailing list