Ubuntu Security

From ConShell

Jump to: navigation, search

Introduction

This page is about security issues in Ubuntu and how to improve the security such as hardening the system or reporting vulnerabilities so that they can be fixed.

Reporting security vulnerabilities

Process for reporting bugs to Ubuntu (Launchpad) based on 3rd party reports. (Secunia, US-CERT, et al.)

This is the procedure for reporting (or re-reporting as the case may be) security vulnerabilities to the Ubuntu security team. It happens via Launchpad so you'll need an account there.

First, if you have a CVE-# go to cve-tracker and search for it, to see if it is already linked to a bug report. If not...

  1. Go to Ubuntu Launchpad https://launchpad.net/ubuntu
  2. Search for the package name
  3. Click Report a bug
  4. In the Summary field, enter something like CVE-2011-1491 short description
  5. Paste the URL & description from the 3rd party page into the Further Information field
  6. Upon submission, you should see a Link to CVE on the right...click and enter the proper value XXXX-XXXX

MySQL

Two notable things about mysql-server on Ubuntu...

  1. It comes bound to 127.0.0.1 by default, change in /etc/mysql/my.cnf
  2. It is recommended to run mysql_secure to harden the security.

Back to Ubuntu

Retrieved from "http://conshell.net/wiki/index.php/Ubuntu_Security"
Personal tools
Namespaces
Variants
Actions
Navigation
Toolbox


check web page