Before you install linux

4 Security Steps to Take Before You Install Linux

Systems administrators who use a Linux workstation to access and manage IT infrastructure — whether from home or at work — are at risk of becoming attack vectors against the rest of the infrastructure.

In this blog series, we’re laying out a set of baseline recommendations for Linux workstation security to help systems administrators avoid most glaring security errors without introducing too much inconvenience. Last week, we covered security considerations for choosing your hardware.

Now, before you even start with your operating system installation, there are a few things you should consider to ensure your pre-boot environment is up to snuff. You will want to make sure:

  • UEFI boot mode is used (not legacy BIOS) (ESSENTIAL)
  • A password is required to enter UEFI configuration (ESSENTIAL)
  • SecureBoot is enabled (ESSENTIAL)
  • A UEFI-level password is required to boot the system (NICE-to-HAVE)

UEFI and SecureBoot

UEFI, with all its warts, offers a lot of goodies that legacy BIOS doesn’t, such as SecureBoot. Most modern systems come with UEFI mode on by default.

Make sure a strong password is required to enter UEFI configuration mode. Pay attention, as many manufacturers quietly limit the length of the password you are allowed to use, so you may need to choose high- entropy short passwords vs. long passphrases (see the full ebook for more on passphrases).

Depending on the Linux distribution you decide to use, you may or may not have to jump through additional hoops in order to import your distribution’s SecureBoot key that would allow you to boot the distro. Many distributions have partnered with Microsoft to sign their released kernels with a key that is already recognized by most system manufacturers, therefore saving you the trouble of having to deal with key importing.

As an extra measure, before someone is allowed to even get to the boot partition and try some badness there, let’s make them enter a password. This password should be different from your UEFI management password, in order to prevent shoulder-surfing. If you shut down and start a lot, you may choose to not bother with this, as you will already have to enter a LUKS passphrase and this will save you a few extra keystrokes.

Читайте также:  Аналоги substance painter linux

Once you’ve mastered the hardware and pre-boot considerations, you’re ready to choose a distro. Chances are you’ll stick with a fairly widely-used distribution such as Fedora, Ubuntu, Arch, Debian, or one of their close spin-offs. In any case, we’ll tell you what to consider when picking a distribution to use in our next article in this series.

Whether you work from home, log in for after-hours emergency support, or simply prefer to work from a laptop in your office, you can use A SysAdmin’s Essential Guide to Linux Workstation Security to do it securely. Download the free ebook and checklist now!

Источник

Try Ubuntu before you install it

Running Ubuntu directly from either a USB stick or a DVD is a quick and easy way to experience how Ubuntu works for you, and how it works with your hardware. Most importantly, it doesn’t alter your computer’s configuration in any way, and a simple restart without the USB stick or DVD is all that’s needed to restore your machine to its previous state.

With a live Ubuntu, you can do almost anything you can from an installed Ubuntu:

  • Safely browse the internet without storing any history or cookie data
  • Access files and edit files stored on your computer or USB stick
  • Create new office suite documents and save them remotely
  • Fix broken configurations to get a computer running again

Requirements

Your favorite Ubuntu image downloaded and:

All you need is either a USB stick or DVD with Ubuntu pre-installed. For instructions on how to create these, take a look at one of the following tutorials:

screenshot

2. Boot from DVD

It’s easy to boot Ubuntu from a DVD. Here’s what you need to do:

A few moments later you’ll see the language selection menu followed by Ubuntu’s boot options. Select the top entry, Try Ubuntu without installing, and press return.

Читайте также:  What is raid and lvm in linux

If you don’t get this menu, take a look at the community DVD guide for help.

screenshot

3. Boot from USB flash drive

Most computers will boot from USB automatically:

You should see the same language selection menu and boot options we saw in the previous ‘Boot from DVD’ step. Select the top entry, Try Ubuntu without installing, and press return.

If your computer doesn’t automatically boot from USB, try holding F12 when your computer first starts. With most machines, this will allow you to select the USB device from a system-specific boot menu.

F12 is the most common key for bringing up your system’s boot menu, but both Escape and F2 are typical alternatives. If you’re unsure, look for a brief message when your system starts — this will often inform you of which key to press to bring up the boot menu.

4. Choose your preferred language

After the desktop has loaded, you’ll see the welcome window. From here, you can select your language from a list on the left and choose between either installing Ubuntu directly, or trying the desktop first. Select Try Ubuntu to launch into the full desktop experience.

screenshot

5. Enjoy Ubuntu

Your live desktop will appear. Have a look around, check out the new features, and enjoy the simplicity of Ubuntu’s intuitive interface.

You can still choose to install Ubuntu after passing the Welcome pane by clicking on the Install Ubuntu icon on the desktop background.

screenshot

Finding help

Finally, if you get stuck, help is always at hand:

Источник

4 Security Steps to Take Before You Install Linux

Systems administrators who use a Linux workstation to access and manage IT infrastructure — whether from home or at work — are at risk of becoming attack vectors against the rest of the infrastructure.

In this blog series, we’re laying out a set of baseline recommendations for Linux workstation security to help systems administrators avoid most glaring security errors without introducing too much inconvenience. Last week, we covered security considerations for choosing your hardware.

Now, before you even start with your operating system installation, there are a few things you should consider to ensure your pre-boot environment is up to snuff. You will want to make sure:

  • UEFI boot mode is used (not legacy BIOS) (ESSENTIAL)
  • A password is required to enter UEFI configuration (ESSENTIAL)
  • SecureBoot is enabled (ESSENTIAL)
  • A UEFI-level password is required to boot the system (NICE-to-HAVE)
Читайте также:  Linux монтируем iso образ

UEFI and SecureBoot

UEFI, with all its warts, offers a lot of goodies that legacy BIOS doesn’t, such as SecureBoot. Most modern systems come with UEFI mode on by default.

Make sure a strong password is required to enter UEFI configuration mode. Pay attention, as many manufacturers quietly limit the length of the password you are allowed to use, so you may need to choose high- entropy short passwords vs. long passphrases (see the full ebook for more on passphrases).

Depending on the Linux distribution you decide to use, you may or may not have to jump through additional hoops in order to import your distribution’s SecureBoot key that would allow you to boot the distro. Many distributions have partnered with Microsoft to sign their released kernels with a key that is already recognized by most system manufacturers, therefore saving you the trouble of having to deal with key importing.

As an extra measure, before someone is allowed to even get to the boot partition and try some badness there, let’s make them enter a password. This password should be different from your UEFI management password, in order to prevent shoulder-surfing. If you shut down and start a lot, you may choose to not bother with this, as you will already have to enter a LUKS passphrase and this will save you a few extra keystrokes.

Once you’ve mastered the hardware and pre-boot considerations, you’re ready to choose a distro. Chances are you’ll stick with a fairly widely-used distribution such as Fedora, Ubuntu, Arch, Debian, or one of their close spin-offs. In any case, we’ll tell you what to consider when picking a distribution to use in our next article in this series.

Whether you work from home, log in for after-hours emergency support, or simply prefer to work from a laptop in your office, you can use A SysAdmin’s Essential Guide to Linux Workstation Security to do it securely. Download the free ebook and checklist now!

Источник

Оцените статью
Adblock
detector