Following are some Ubuntu Linux security suggestions for several different use cases. Whether you’re a casual desktop user, a programmer, or a Linux power user, there are easy to implement security measures that will help safeguard your system.

Why Securing Your Ubuntu Installation Is Important

Ubuntu is one of the most popular Linux distributions due to its ease of use and strong security features. However, no operating system is entirely secure out of the box. Threats such as malware, unauthorized access, and data breaches can target even casual users. Whether you’re using Ubuntu for personal tasks, work, or development, taking basic security precautions helps protect your system and data.

The good news is that you don’t need to be a tech expert to improve your security. Simple steps like keeping your system updated and enabling a firewall can go a long way in safeguarding your Ubuntu installation.

Keep Your System Updated

One of the easiest and most effective ways to secure your Ubuntu system is by keeping it updated. Updates not only introduce new features but also patch security vulnerabilities that attackers might exploit. Neglecting updates can leave your system open to known security threats. This is recommended for all users.

How to Update Ubuntu via Terminal

Ubuntu provides a simple way to update your system using the terminal. Open a terminal window and run the following command:

sudo apt update && sudo apt upgrade -y

Terminal showing output from running apt update and apt upgrade.

“apt update” refreshes the package list to check for new updates, “apt upgrade” installs available updates, and the “-y” switch will automatically answer yes to any upgrade confirmation questions.

Enable Automatic Security Updates

To ensure your system stays secure without manual intervention, you can enable unattended security updates:

Install the unattended-upgrades package if it’s not already installed and run the configuration program:

sudo apt install unattended-upgrades
sudo dpkg-reconfigure unattended-upgrades

Ubuntu terminal showing configuration options for unattended upgrades.

This setting allows security updates to be installed automatically in the background, reducing your risk of missing critical and urgent patches.

Create a Stronger User Password & Enable 2FA

A weak password is one of the easiest ways for an attacker to compromise your system. Use a long, unique password that is at least 12 characters long with a mix of letters, numbers, and special characters. Consider using a password manager to generate and store secure passwords.

Setting Up Two-Factor Authentication (2FA)

Two-Factor Authentication (2FA) adds an extra layer of security by requiring a secondary verification step (such as a code from an authenticator app) in addition to your password. You can install the Google Authenticator package and set up 2FA by issuing the following commands in a terminal.

sudo apt install libpam-google-authenticator
google-authenticator

For a complete walkthrough of the setup process, check our article on how to set up 2FA for your Ubuntu user account.

A hand holding a phone with the Google Authenticator logo and a laptop running Ubuntu.

Related

How to Set Up Two-Factor Authentication on Ubuntu

It takes only minutes to set up!

8

Set Up a Firewall, Developers & Tinkerers

If you’re running Ubuntu as a developer or you’re the type that enjoys experimenting with networked applications, you may open ports unknowingly, exposing your system to external threats. A firewall helps keep incoming and outgoing network traffic under control, even if a program you’ve installed tries to do something out of the ordinary.

By default UFW allows outgoing traffic and blocks all incoming traffic that is not part of a response to some outgoing request. For example, if you go to a web page, the firewall will let the response(s) from the web server through. However, if some entity tries to connect to port 356 out of nowhere, that connection will be denied.

Enable and Configure UFW (Uncomplicated Firewall)

UFW is a user-friendly firewall that comes pre-installed on Ubuntu. To enable it, run:

sudo ufw enable

To allow SSH access (if needed) as an example:

sudo ufw limit 22/tcp comment 'SSH port'

To check the status of UFW and see active rules:

sudo ufw status verbose

Terminal showing output of UFW enable and status commands.

For more advanced configurations, refer to the official UFW help page:

man ufw

Light User? Disable Unnecessary Services

Running unnecessary services increases your attack surface, meaning there are more potential entry points for attackers. Especially if you’re a light user, and you use your system mainly for things like browsing the web and email, there are probably several services running that you never use and don’t need. Disabling these will increase the security of your system as well as free up system resources for other tasks.

You can list all services currently running on your system with the following command:

systemctl list-units --type=service

Ubuntu terminal showing a list of running services.

If you recognize services that you don’t use or need, you can stop and disable them easily. For example, to disable GNOME remote desktop access:

sudo systemctl stop gnome-remote-desktop
sudo systemctl disable gnome-remote-desktop

Terminal showing the output of commands to disable gnome remote desktop service.

This ensures that the remote desktop service does not start automatically on boot, reducing the risk of unauthorized remote access.

When you stop a service, you should use your system for at least a few minutes before continuing and completely disabling that service. If problems occur, you can reboot and the service will come back online. If you stop and disable a critical service, you could render your system unbootable. You should not disable any service that you are unsure of.

Linux mascot on a desk next to a laptop.

Related

These 12 systemctl Commands Will Let You Take Control of Linux systemd Services

At your service.

2

Enable AppArmor for Application Security When Exploring Software

AppArmor is a Linux security module that restricts the capabilities of applications to minimize security risks. It’s normally enabled by default on Ubuntu but should be checked to ensure it’s active.

To verify if AppArmor is running:

sudo apparmor_status

You should get output similar to the following screenshot:

Terminal showing the output from the apparmor_status command.

If AppArmor is inactive, you can enable it by running:

sudo systemctl enable apparmor
sudo systemctl start apparmor

For advanced users, AppArmor profiles can be configured to give you more fine-grained control over application permissions. You can find more information profiles and other settings in the AppArmor man page:

man apparmor

Securing your Ubuntu system doesn’t have to be complicated. Even basic steps, such as keeping your system updated and enabling a firewall, significantly reduce security risks. More advanced users can further enhance their security by using strong passwords, setting up 2FA, disabling unnecessary services, and configuring AppArmor. It only takes a few minutes to implement any or all of the suggestions above. By taking these simple precautions, you can ensure your Ubuntu system remains safe from common cyber threats.

A man using a laptop with a tip symbol in the center

Related

10 Security Tips Your IT Department Wishes You’d Follow

Your work shouldn’t follow you home, but good online security practices should.