How to harden a ubuntu desktop?

security customization users
7,184

Some general points:

  • Gnome3 (Ubuntu 11.10 and later - Unity is based on Gnome) uses dconf to store its settings. See the "Lockdown" section in the dconf System Administrator Guide for how to lock settings so that the users can't change them.

    Use dconf-editor (package dconf-tools) to see what options are there.

  • For Gnome2 (up to Ubuntu 11.04) there's the Desktop Administrators' Guide to GNOME Lockdown and Preconfiguration.

    In Gnome3 most of the configuration option described there aren't used any more, but as some programs (like Compiz) still use Gnome2's GConf the "Enabling Lockdown" section may still be relevant.

    Use gconf-editor to see what options are stored in GConf.

  • Have a look at PolicyKit and AppArmor for some more general way of to to grant and revoke privileges to/from users and programs

To disable USB storage devices blacklisting the usb_storage kernel module should do the trick, see the modprobe.conf manpage for how to do that.

Share:
7,184

Related videos on Youtube

karthick87
Author by

karthick87

Updated on September 18, 2022

Comments

  • karthick87
    karthick87 almost 2 years

    We are planning to install 80 ubuntu desktops in a college. The management told us to harden the ubuntu desktop as much as possible, like the user should not able to customize system settings for example changing wallpapers, themes etc etc..Could you all pls share your points in hardening a ubuntu system? So that it will be helpful for me to build a good desktop system. Thanks in advance

    Tasks to be done:

    • Restrict users changing wallpapers & themes
    • Restrict users adding / deleting system panels.
    • Restrict users installing / deleting packages.
    • Disable USB storage devices.
    • Displaying IP address of the system in the background of system wallpaper in bold in right bottom.
  • Christopher B. Adkins
    Christopher B. Adkins about 12 years
    Which version of Ubuntu and which desktop environment are you using?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Allow paswordless user to change to another passwordless user
How to disable internet for a user on a system
How do I allow a user to only run the apt-get update command with sudo?
adding local content in /etc/sudoers.d/ instead of directly modifying sodoers file via visudo
Why is it bad to log in as root?
Which home directory should 'nobody' have?
What are the groups 'users' and 'other' for?
What is hvc0? (appearing in "who" list)
Is it possible to "hide" an account from /etc/passwd?
How to copy files as Jenkins "post build" action if i don't have privileges to destination directory