1. install openssh server package.
Use ufw to configure firewall, allow in port 22 or service ssh (same thing). Many tip sheets exits: http://linuxpoison.blogspot.com/2008/05/ufw-uncomplicated-firewall-setup-and.html
(Firestarter can do same thing, but it is bigger & more complicated, serves other role as silly "personal firewall" program--if you want, you can run it as a sudo user and then it can allow in connections for that particular sudo user. This is an MS windows personal firewall.)
ssh server reads /etc/hosts.allow and /etc/hosts.deny. For defense against attackers who try to break in by randomly guessing passwords, install the "denyhosts" package, then edit the configuration file for denyhosts and change the HOSTS_DENY option like this:
HOSTS_DENY = /etc/denyhosts.blocked
Then type "touch /etc/denyhosts.blocked" to initiate the text file that lists your banned bad sites. You will be surprised when you check back and see people try to get in.
And then make the compatible changes in /etc/hosts.allow and /etc.hosts.deny
sshd : /etc/denyhosts.blocked : deny
sshd: 129.237.61. 24.124.
sshdfwd-X11: 129.237.61. 24.124.
I'm paranoid, I'm blocking ssh connections from all ip addresses unless I know they are local or needed. I've found this is a great security measure against "script kiddies". Then on top of that, if there is a "script kiddie" in the area I allow, denyhosts kills it.
There is another package called "fail2ban" that does the same thing, but it can protect a wider range of services against attacks. I've tried to configure that, but failed, and mean to go back to it.
2. In a publicly accessible machine, secure the BIOS and the boot-loader so users cannot gain root access. Here's a detailed explanation.
2. Install cron-apt, then in actions force installs without interaction. Look in /etc/cron-apt/actions for this file;
$ cat 3-download
### autoclean -y
##dist-upgrade -d -y -o APT::Get::Show-Upgraded=true
autoclean -y APT::Clean-Installed=off
3. add mlterm to terms that work with bashrc.
MLterm is my favorite terminal program. Ubuntu does not know about the TERM type mlterm, however. (type env, you'll see what I mean).
add mlterm* in $TERM check so that full path shows in terminal titlebar.
Also, I don't want those really long prompts:
IN PS1 settings, change \w to \W so only last directory shows in prompt.
These are aliases I keep at the end of bashrc. unison alias is needed because Ubuntu calls the executable unison-gtk, not unison as Fedora.
alias lsl='ls -la --color=yes'
alias l='ls -FC'
alias ll='ls -l'
alias rm='rm -i' # prompt before removing any file
alias cp='cp -i' # prompt before overwriting any file with cp
alias mv='mv -i' # prompt before overwriting any file with mv
alias unison='unison-gtk -times'
alias rsync='rsync -t'
alias ls='ls --color=yes'
4. Remove the Applications Add/Remove item.
copy the font files to a custom directory in /usr/share/fonts or into user $HOME/.fonts
make a directory there and put your fonts in there, after that while still inside the directory do
sudo fc-cache -fv
See if the msttcorefonts package handles this properly 🙂
fourteen days for files in tmp. Otherwise, they are all n uked at restart.