Chapter #12: Ubuntu Security Basics
In this chapter, you'll learn essential security practices for Ubuntu, including encryption, firewall configuration, secure authentication, privacy tools, and how to protect your system from threats while maintaining usability.
In the previous chapter, we learned about system maintenance and optimization, where we explored how to keep our Ubuntu system running smoothly through regular updates, performance tuning, automation, and troubleshooting.
Now it's time to focus on one of the most critical aspects of computing, called security, because even though Ubuntu is generally more secure than many other operating systems due to its Linux foundation, no system is fully secure by default, which makes it essential to follow proper security practices to protect our data, privacy, and overall system integrity.
The good news is that Ubuntu’s security model is robust and well-designed, and with proper configuration and good habits, you can create a highly secure computing environment without sacrificing usability because security isn’t about making your system impossible to use but about finding the right balance between protection and convenience
In this chapter, you’ll learn practical security tips and important tools that help protect your Ubuntu system.
Understanding Ubuntu's Security Model
Ubuntu's security is built on several fundamental principles that work together to protect your system.
Multi-User Architecture
Ubuntu inherits Linux's multi-user design, where:
- Each user has separate permissions and file access.
- Regular users can't modify system files without authorization.
- The root account has complete system control, but isn't used for daily tasks.
- Sudo provides temporary elevated privileges with accountability.
This separation means malware running under your user account can't easily compromise the entire system.
Principle of Least Privilege
Ubuntu operates on the principle that users and applications should have only the minimum permissions needed to function, which limits potential damage if an account or application is compromised.
Security Updates
Ubuntu’s security team actively monitors vulnerabilities and releases security patches through official update channels, while the unattended-upgrades package can automatically install these updates to help keep your system protected without requiring manual intervention.
To check if automatic updates are enabled, run:
sudo systemctl status unattended-upgrades
To configure automatic updates, run:
sudo dpkg-reconfigure unattended-upgrades
AppArmor Security Framework
Ubuntu comes with a built-in security system called AppArmor, which helps protect your system by restricting what applications are allowed to do. Instead of trusting every program completely, it gives each application a security profile that controls:
- Which files can the app read or write.
- Whether it can access the network.
- What system actions it is allowed to perform.
Think of it like giving each application its own set of rules, so even if an app gets hacked, the attacker is still limited in what they can do.
Check if AppArmor is Running
Use the following command to see the current status of apparmor:
sudo aa-status
The above command will show which profiles are loaded and whether they are in enforce or complain mode.
- Enforce mode = The rules are applied, and blocked actions are prevented.
- Complain mode = The rules are not enforced, but violations are logged for review.
Managing AppArmor Profiles
If the AppArmor management tools are not installed, you can install them:
sudo apt install apparmor-utils
Once installed, you can check which AppArmor profiles are loaded on your system with the following command, which will show a list of profiles currently in enforce or complain mode.