Ubuntu Server Guide Changes, errors and bugs
Download 1.27 Mb. Pdf ko'rish
|
ubuntu-server-guide
- Bu sahifa navigatsiya:
- Disable Ctrl+Alt+Delete
|
References
• The Wikipedia HTTPS page has more information regarding HTTPS. • For more information on OpenSSL see the OpenSSL Home Page. • Also, O’Reilly’s Network Security with OpenSSL is a good in-depth reference. Console Security As with any other security barrier you put in place to protect your server, it is pretty tough to defend against untold damage caused by someone with physical access to your environment, for example, theft of hard drives, power or service disruption, and so on. Therefore, console security should be addressed merely as one component of your overall physical security strategy. A locked “screen door” may deter a casual criminal, or at the very least slow down a determined one, so it is still advisable to perform basic precautions with regard to console security. The following instructions will help defend your server against issues that could otherwise yield very serious consequences. Disable Ctrl+Alt+Delete Anyone that has physical access to the keyboard can simply use the Ctrl+Alt+Delete key combination to reboot the server without having to log on. While someone could simply unplug the power source, you should still prevent the use of this key combination on a production server. This forces an attacker to take more drastic measures to reboot the server, and will prevent accidental reboots at the same time. To disable the reboot action taken by pressing the Ctrl+Alt+Delete key combination, run the following two commands: 94 sudo s y s t e m c t l mask c t r l −a l t −d e l . t a r g e t sudo s y s t e m c t l daemon−r e l o a d eCryptfs is deprecated eCryptfs is deprecated and should not be used, instead the LUKS setup as defined by the Ubuntu installer is recommended. That in turn - for a typical remote server setup will need a remote key store as usually no one is there to enter a key on boot. Virtualization is being adopted in many different environments and situations. If you are a developer, virtualization can provide you with a contained environment where you can safely do almost any sort of development safe from messing up your main working environment. If you are a systems administrator, you can use virtualization to more easily separate your services and move them around based on demand. The default virtualization technology supported in Ubuntu is KVM. For Intel and AMD hardware KVM requires virtualization extensions. But KVM is also available for IBM Z and LinuxONE, IBM POWER as well as for ARM64. Qemu is part of the KVM experience being the userspace backend for it, but it also can be used for hardware without virtualization extensions by using its TCG mode. While virtualization is in many ways similar to containers those are different and implemented via other solutions like LXD, systemd-nspawn, containerd and others. Multipass is the recommended method to create Ubuntu VMs on Ubuntu. It’s designed for developers who want a fresh Ubuntu environment with a single command and works on Linux, Windows and macOS. On Linux it’s available as a snap: sudo snap i n s t a l l m u l t i p a s s −−b e t a −− c l a s s i c Download 1.27 Mb. Do'stlaringiz bilan baham: 
|