{"id":112156,"date":"2024-06-28T11:30:00","date_gmt":"2024-06-28T15:30:00","guid":{"rendered":"https:\/\/jumpcloud.com\/?p=112156"},"modified":"2024-09-10T12:20:40","modified_gmt":"2024-09-10T16:20:40","slug":"how-to-enhance-ubuntu-security","status":"publish","type":"post","link":"https:\/\/jumpcloud.com\/blog\/how-to-enhance-ubuntu-security","title":{"rendered":"How to Enhance Ubuntu Security: Advanced Features and Techniques"},"content":{"rendered":"\n

Jump to Tutorial<\/a><\/p>\n\n\n\n

Ubuntu, a popular Linux distribution, is known for its robust security features. There is always space for improvement once you install a fresh operating system, so in this article, we will guide you through the advanced techniques and features to enhance the security of the latest Ubuntu 24.04 version.\u00a0<\/p>\n\n\n\n

There are multiple layers of security that Ubuntu offers out of the box, but we can implement additional steps that can further protect your system from threats. We will focus on:<\/p>\n\n\n\n

    \n
  1. Basic Security setup<\/li>\n\n\n\n
  2. Network security<\/li>\n\n\n\n
  3. Advanced User Management<\/li>\n\n\n\n
  4. Application Security\u00a0<\/li>\n\n\n\n
  5. Data Encryption<\/li>\n<\/ol>\n\n\n\n

    By implementing these features, we can greatly increase the security of our Ubuntu system.<\/p>\n\n\n\n

    Step 1: Apply Basic Security Configuration<\/h2>\n\n\n\n

    Before implementing some of the advanced techniques and features in your system, it is very important to keep your system updated.<\/p>\n\n\n\n

    Use the following commands to manage Ubuntu updates:<\/p>\n\n\n\n

    \n

    sudo apt update<\/p>\n<\/div><\/div>\n\n\n\n

    \"screenshot<\/figure>\n\n\n\n
    \n

    sudo apt upgrade<\/p>\n<\/div><\/div>\n\n\n\n

    \"screenshot<\/figure>\n\n\n\n

    Type ‘y<\/strong>‘ and press enter to proceed with any pending updates.<\/p>\n\n\n\n

    Next, we want to take advantage of Uncomplicated Firewall (ufw) that comes with Ubuntu. If you have just installed your Ubuntu operating system there is a high possibility that it is not enabled by default. We want to check the current status by running the following command:<\/p>\n\n\n\n

    \n

    sudo ufw status<\/p>\n<\/div><\/div>\n\n\n\n

    \"screenshot<\/figure>\n\n\n\n

    We can enable it with one simple command:<\/p>\n\n\n\n

    \n

    sudo ufw enable<\/p>\n<\/div><\/div>\n\n\n\n

    Now we will allow SSH connections and also check the status:<\/p>\n\n\n\n

    \n

    sudo ufw allow ssh

    sudo ufw status<\/p>\n<\/div><\/div>\n\n\n\n

    \"screenshot<\/figure>\n\n\n\n

    If you want to take one step further, you can allow SSH connections only from specific IP addresses. To do that you can run the following commands:<\/p>\n\n\n\n

    \n

    sudo ufw allow from 192.168.1.100 proto tcp to any port 22<\/p>\n<\/div><\/div>\n\n\n\n

    This command adds a rule to allow incoming connections from 192.168.1.100 to port which is the default port for SSH. Make sure to replace it with your IP address.<\/p>\n\n\n\n

    \n

    sudo ufw deny 22<\/p>\n<\/div><\/div>\n\n\n\n

    This command will block all other incoming traffic to port 22.<\/p>\n\n\n\n

    Simple UFW syntax allows quickly adding or removing other ports and exposing applications to the public with ports 80 and 443. It\u2019s a security best practice to setup a bastion server to reduce attack surface area and to protect your private network.<\/p>\n\n\n\n

    Step 2: Enable and configure AppArmor <\/h2>\n\n\n\n

    AppArmor (Application Armor) is a Linux kernel security module that gives mandatory access to programs thus enhancing the security of the Ubuntu operating system. With Ubuntu 24.04, it comes as AppArmor 4 and brings improvements over an older version. It is mainly designed to restrict the capabilities of programs and limit their access to resources so this also helps with limiting the potential damage that could be caused by a compromised application. These security policies are defined using profiles and each profile will provide the appropriate level of permissions. These profiles can be either set in enforce mode or complain mode when AppArmor logs the violations without the enforcing process.<\/p>\n\n\n\n

    First, we will ensure that AppArmor is installed and enabled:<\/p>\n\n\n\n

    \n

    sudo apt install apparmor apparmor-utils
    sudo systemctl enable apparmor
    sudo systemctl start apparmor<\/p>\n<\/div><\/div>\n\n\n\n

    Now we will use the aa-genprof<\/strong> command for the nano editor where we will restrict nano usage in a certain directory.<\/p>\n\n\n\n

    First we will create a new directory in the jumpcloud home directory:<\/p>\n\n\n\n

    \n

    mkdir ~\/private<\/p>\n<\/div><\/div>\n\n\n\n

    Next, we will run the aa-genprof command with appropriate arguments, and that starts the profiling in real time.<\/p>\n\n\n\n

    \n

    sudo aa-genprof nano<\/p>\n<\/div><\/div>\n\n\n\n

    \"screenshot<\/figure>\n\n\n\n

    We will open up a new terminal and start editing a new file:<\/p>\n\n\n\n

    \n

    nano ~\/tmp_file<\/p>\n<\/div><\/div>\n\n\n\n

    Now, we can get back to our initial terminal and press ‘S’ for scanning for events, here we will need to press A to Allow each line that fills the information in the AppArmor’s config for the nano editor.<\/p>\n\n\n\n

    \"screenshot<\/figure>\n\n\n\n

    Add the end of the process we can press ‘S’ for saving changes.<\/p>\n\n\n\n

    \"screenshot<\/figure>\n\n\n\n

    Then let’s change this basic profile for the nano editor, by editing the following file:\u00a0<\/p>\n\n\n\n

    \n

    sudo vi \/etc\/apparmor.d\/usr.bin.nano<\/p>\n<\/div><\/div>\n\n\n\n

    Near the end of the file we can add the deny <\/strong>directive for the specific directory:<\/p>\n\n\n\n

    \n

    deny \/home\/jumpcloud\/private r,<\/p>\n<\/div><\/div>\n\n\n\n

    \"screenshot<\/figure>\n\n\n\n

    After this action, and editing the profile, we need to reload it to apply the changes:<\/p>\n\n\n\n

    \n

    sudo apparmor_parser -r \/etc\/apparmor.d\/usr.bin.nano<\/p>\n<\/div><\/div>\n\n\n\n

    and then we will run AppArmor in the enforce mode:<\/p>\n\n\n\n

    \n

    sudo aa-enforce \/etc\/apparmor.d\/usr.bin.nano<\/p>\n<\/div><\/div>\n\n\n\n

    This will most probably cause additional permissions errors if you are trying to use nano somewhere, so it’s a good idea to run ‘aa-logprof’ <\/strong>command, and in the same way confirm the Allow <\/strong>directives.<\/p>\n\n\n\n

    \n

    sudo aa-logprof\u00a0<\/p>\n<\/div><\/div>\n\n\n\n

    Make sure to reload the profile again apply the changes and then start enforcing the profile.<\/p>\n\n\n\n

    \n

    sudo apparmor_parser -r \/etc\/apparmor.d\/usr.bin.nano
    sudo aa-enforce \/etc\/apparmor.d\/usr.bin.nano<\/p>\n<\/div><\/div>\n\n\n\n

    Now when you try to create a new file and start editing in our denied directory, the editor will report an error.<\/p>\n\n\n\n

    \n

    sudo nano \/home\/jumpcloud\/private\/tmp_file<\/p>\n<\/div><\/div>\n\n\n\n

    \"screenshot<\/figure>\n\n\n\n

    Feel free to adjust your AppArmor profiles as it is very flexible and it can increase the security of your Ubuntu system.<\/p>\n\n\n\n

    Step 3: Set Unprivileged User Namespace Restrictions<\/h2>\n\n\n\n

    Ubuntu 24.04 offers enhanced security features, including improved security restrictions on unprivileged users’ namespaces to provide additional security isolation for applications. <\/p>\n\n\n\n

    The main purpose of this feature is to minimize the attack surface within the Linux kernel by limiting the permissions within these unprivileged user namespaces. The new version of Ubuntu brings additional improvements compared to the older 23.04 version, bringing better default semantics and improved coverage. <\/p>\n\n\n\n

    The end result is that applications can better handle default restrictions while maintaining functionality, because trusted components can gain additional permissions within the sandbox.<\/p>\n\n\n\n

    First, let’s check if user namespaces are currently enabled:<\/p>\n\n\n\n

    \n

    sudo sysctl kernel.unprivileged_userns_clone<\/p>\n<\/div><\/div>\n\n\n\n

    \"screenshot<\/figure>\n\n\n\n

    Based on the output we can see that unprivileged user namespaces are enabled currently, so we can disable them with the following command:<\/p>\n\n\n\n

    \n

    sudo sysctl -w kernel.unprivileged_userns_clone=0<\/p>\n<\/div><\/div>\n\n\n\n

    To make this change permanent we can edit the file \/etc\/sysctl.conf<\/p>\n\n\n\n

    \n

    sudo vi \/etc\/sysctl.conf<\/p>\n<\/div><\/div>\n\n\n\n

    and add the following line:<\/p>\n\n\n\n

    \n

    kernel.unprivileged_userns_clone=0<\/p>\n<\/div><\/div>\n\n\n\n

    \"screenshot<\/figure>\n\n\n\n

    Ubuntu 24.04 also allows setting default restrictions for additional permissions within unprivileged user namespaces so we can fine-tune our profiles.<\/p>\n\n\n\n

    To configure these default settings, use the following command:<\/p>\n\n\n\n

    \n

    sudo sysctl -w kernel.unprivileged_userns_apparmor_policy=1<\/p>\n<\/div><\/div>\n\n\n\n

    In case we want to make it permanent, we can add the following line to the \/etc\/sysctl.conf:<\/p>\n\n\n\n

    \n

    kernel.unprivileged_userns_apparmor_policy=1<\/p>\n<\/div><\/div>\n\n\n\n

    This setting makes sure that in cases where unprivileged user namespaces are enabled, applications cannot gain additional permissions within these namespaces.<\/p>\n\n\n\n

    Step 4: Test Binary Hardening<\/h2>\n\n\n\n

    With the newest Ubuntu 24.04 version we have access to FORTIFY_SOURCE=3 macro that mainly protects the system from dangerous buffer overflows. This macro adds runtime checks to detect and prevent certain types of buffer overflows and other string-handling operations that can cause issues on your system. The latest version, level 3 set by default, provides even greater protection compared to previous versions. <\/p>\n\n\n\n

    We can create a simple C program that uses string handling to test the safety of a function that attempts to copy a string longer than the buffer can hold, causing a buffer overflow.<\/p>\n\n\n\n

    \n

    vi unsafe_program.c<\/p>\n<\/div><\/div>\n\n\n\n

    \n

    #include <stdio.h>
    #include <string.h>

    void unsafe_function(char *input) {
    \u00a0 \u00a0 char buffer[10];
    \u00a0 \u00a0 strcpy(buffer, input);
    \u00a0 \u00a0 printf(“Buffer content: %s\\n”, buffer);
    }

    int main(int argc, char *argv[]) {
    \u00a0 \u00a0 if (argc != 2) {
    \u00a0 \u00a0 \u00a0 \u00a0 fprintf(stderr, “Usage: %s <input>\\n”, argv[0]);
    \u00a0 \u00a0 \u00a0 \u00a0 return 1;
    \u00a0 \u00a0 }
    \u00a0 \u00a0 unsafe_function(argv[1]);
    \u00a0 \u00a0 return 0;
    }<\/p>\n<\/div><\/div>\n\n\n\n

    Next, we want to make sure we have gcc<\/strong> packages on our system:<\/p>\n\n\n\n

    \n

    sudo apt install gcc<\/p>\n<\/div><\/div>\n\n\n\n

    After the installation process, let’s compile the program with FORTIFY_SOURCE level 3:<\/p>\n\n\n\n

    \n

    gcc -D_FORTIFY_SOURCE=3 -o unsafe_program_fortify3 unsafe_program.c<\/p>\n<\/div><\/div>\n\n\n\n

    Run the program with a short string:<\/p>\n\n\n\n

    \n

    .\/unsafe_program_fortify3 “short”<\/p>\n<\/div><\/div>\n\n\n\n

    \"screenshot<\/figure>\n\n\n\n

    Now try to extend the string size by typing more characters in the input:<\/p>\n\n\n\n

    \n

    .\/unsafe_program_fortify3 “verylongstringsize”<\/p>\n<\/div><\/div>\n\n\n\n

    \"screenshot<\/figure>\n\n\n\n

    As we can see the FORTIFY_SOURCE=3 protection forbids the buffer overflow in our program and thus protects the system and its memory. Stack smashing occurs when a program writes more data to a buffer located on the stack than the buffer can hold. This kind of protection can save the system from crashing, arbitrary code execution, denial of service attacks, or data corruption. <\/p>\n\n\n\n

    Step 5: Encrypt the Home directory and Swap<\/h2>\n\n\n\n

    In case that you installed your Ubuntu operating system without any encryption, then full disk encryption is not an option. We still can use Ubuntu’s command line tools for encrypting home directories and the swap space, which can contain some personal information and can be exploited in the process, so it is recommended that you encrypt the swap space as well. <\/p>\n\n\n\n

    Make sure to backup your data and also store your passphrases in a secure location, and evade any data loss in the process.<\/p>\n\n\n\n

    We will first make sure to install the necessary tools:<\/p>\n\n\n\n

    \n

    sudo apt install ecryptfs-utils cryptsetup<\/p>\n<\/div><\/div>\n\n\n\n

    After the installation, we will add a separate user just for encryption. It is also important that this user has sudo permissions.<\/p>\n\n\n\n

    \n

    sudo adduser ubuntu_encryption<\/p>\n<\/div><\/div>\n\n\n\n

    Make sure to get through the whole process including setting up the password for the new user.<\/p>\n\n\n\n

    \"screenshot<\/figure>\n\n\n\n

    Now, we will add this user to the sudo group:<\/p>\n\n\n\n

    \n

    sudo usermod -aG sudo ubuntu_encryption<\/p>\n<\/div><\/div>\n\n\n\n

    Next, we will change our user and log in as ubuntu_encryption<\/strong><\/p>\n\n\n\n

    \n

    su ubuntu_encryption<\/p>\n<\/div><\/div>\n\n\n\n

    Once we are logged as our encryption user, we will encrypt the home directory for the user ‘jumpcloud<\/strong>‘. We can do so, by running the following command:<\/p>\n\n\n\n

    \n

    sudo ecryptfs-migrate-home -u jumpcloud<\/p>\n<\/div><\/div>\n\n\n\n

    \"screenshot<\/figure>\n\n\n\n

    Here we want to enter the password for the user ‘jumpcloud<\/strong>‘ and that will start the encryption process. Once done, as an output, the instructions will be shown on the screen:<\/p>\n\n\n\n

    \"screenshot<\/figure>\n\n\n\n

    Change the user to ‘jumpcloud’ and also record their randomly generated mount passphrase.<\/p>\n\n\n\n

    \n

    su jumpcloud<\/p>\n<\/div><\/div>\n\n\n\n

    Make sure you can read and write in your home directory. We will also create a new test file:<\/p>\n\n\n\n

    \n

    echo “this is a test” > test_file<\/p>\n<\/div><\/div>\n\n\n\n

    \"screenshot<\/figure>\n\n\n\n

    Next, we will use the command to print out the passphrase on our command line.<\/p>\n\n\n\n

    \n

    ecryptfs-unwrap-passphrase<\/p>\n<\/div><\/div>\n\n\n\n

    When prompted for a passphrase, enter your user’s account password, and this will show the randomly generated password which you need to store in a secure location.<\/p>\n\n\n\n

    \"screenshot<\/figure>\n\n\n\n

    In this process, as we have mentioned at the beginning of this step, it is important to encrypt swap space as well.<\/p>\n\n\n\n

    First, we will check whether we have a swap added to our system.<\/p>\n\n\n\n

    \n

    swapon -s<\/p>\n<\/div><\/div>\n\n\n\n

    \"screenshot<\/figure>\n\n\n\n

    Next, we will use the command to encrypt the swap:<\/p>\n\n\n\n

    \n

    sudo ecryptfs-setup-swap<\/p>\n<\/div><\/div>\n\n\n\n

    \"screenshot<\/figure>\n\n\n\n

    Confirm with ‘y’ and press Enter, which completes the process.<\/p>\n\n\n\n

    Finally, we can remove our encryption user and also the backup home folder that was created when the migration command.<\/p>\n\n\n\n

    \n

    sudo deluser –remove-home ubuntu_encryption<\/p>\n<\/div><\/div>\n\n\n\n

    \"screenshot<\/figure>\n\n\n\n
    \n

    sudo rm -rf \/home\/jumpcloud.pE1kM5Jr<\/p>\n<\/div><\/div>\n\n\n\n

    By using these techniques, you can greatly improve the security of your Ubuntu 24.04 operating system.<\/p>\n","protected":false},"excerpt":{"rendered":"

    Learn how to enhance Ubuntu security in this step-by-step tutorial.<\/p>\n","protected":false},"author":150,"featured_media":112176,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","inline_featured_image":false,"footnotes":""},"categories":[2781],"tags":[],"collection":[2778],"platform":[],"funnel_stage":[3017],"coauthors":[2535],"acf":[],"yoast_head":"\nHow to Enhance Ubuntu Security - JumpCloud<\/title>\n<meta name=\"description\" content=\"Learn how to enhance Ubuntu security in this step-by-step tutorial.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jumpcloud.com\/blog\/how-to-enhance-ubuntu-security\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to Enhance Ubuntu Security: Advanced Features and Techniques\" \/>\n<meta property=\"og:description\" content=\"Learn how to enhance Ubuntu security in this step-by-step tutorial.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jumpcloud.com\/blog\/how-to-enhance-ubuntu-security\" \/>\n<meta property=\"og:site_name\" content=\"JumpCloud\" \/>\n<meta property=\"article:published_time\" content=\"2024-06-28T15:30:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-09-10T16:20:40+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/06\/16-1.png\" \/>\n\t<meta property=\"og:image:width\" content=\"512\" \/>\n\t<meta property=\"og:image:height\" content=\"202\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"David Worthington\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"David Worthington\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"9 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/how-to-enhance-ubuntu-security#article\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/how-to-enhance-ubuntu-security\"},\"author\":{\"name\":\"David Worthington\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/person\/185ca12034835ee50ee17b100abdfb2e\"},\"headline\":\"How to Enhance Ubuntu Security: Advanced Features and Techniques\",\"datePublished\":\"2024-06-28T15:30:00+00:00\",\"dateModified\":\"2024-09-10T16:20:40+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/how-to-enhance-ubuntu-security\"},\"wordCount\":1806,\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/how-to-enhance-ubuntu-security#primaryimage\"},\"thumbnailUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/06\/16-1.png\",\"articleSection\":[\"How-To\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/how-to-enhance-ubuntu-security\",\"url\":\"https:\/\/jumpcloud.com\/blog\/how-to-enhance-ubuntu-security\",\"name\":\"How to Enhance Ubuntu Security - JumpCloud\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/how-to-enhance-ubuntu-security#primaryimage\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/how-to-enhance-ubuntu-security#primaryimage\"},\"thumbnailUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/06\/16-1.png\",\"datePublished\":\"2024-06-28T15:30:00+00:00\",\"dateModified\":\"2024-09-10T16:20:40+00:00\",\"description\":\"Learn how to enhance Ubuntu security in this step-by-step tutorial.\",\"breadcrumb\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/how-to-enhance-ubuntu-security#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/jumpcloud.com\/blog\/how-to-enhance-ubuntu-security\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/how-to-enhance-ubuntu-security#primaryimage\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/06\/16-1.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/06\/16-1.png\",\"width\":512,\"height\":202,\"caption\":\"screenshot of tutorial code\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/how-to-enhance-ubuntu-security#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/jumpcloud.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to Enhance Ubuntu Security: Advanced Features and Techniques\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/jumpcloud.com\/#website\",\"url\":\"https:\/\/jumpcloud.com\/\",\"name\":\"JumpCloud\",\"description\":\"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.\",\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/jumpcloud.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/jumpcloud.com\/#organization\",\"name\":\"JumpCloud\",\"url\":\"https:\/\/jumpcloud.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"width\":598,\"height\":101,\"caption\":\"JumpCloud\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/person\/185ca12034835ee50ee17b100abdfb2e\",\"name\":\"David Worthington\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/person\/image\/d9acf1381c6e5b50c0f50d47b7b05411\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/a6dde901b469c9005c22973e42038d62?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/a6dde901b469c9005c22973e42038d62?s=96&d=mm&r=g\",\"caption\":\"David Worthington\"},\"description\":\"I'm the JumpCloud Champion for Product, Security. JumpCloud and Microsoft certified, security analyst, a one-time tech journalist, and former IT director.\",\"sameAs\":[\"https:\/\/jumpcloud.com\/blog\",\"david.worthington@jumpcloud.com\"]}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"How to Enhance Ubuntu Security - JumpCloud","description":"Learn how to enhance Ubuntu security in this step-by-step tutorial.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jumpcloud.com\/blog\/how-to-enhance-ubuntu-security","og_locale":"en_US","og_type":"article","og_title":"How to Enhance Ubuntu Security: Advanced Features and Techniques","og_description":"Learn how to enhance Ubuntu security in this step-by-step tutorial.","og_url":"https:\/\/jumpcloud.com\/blog\/how-to-enhance-ubuntu-security","og_site_name":"JumpCloud","article_published_time":"2024-06-28T15:30:00+00:00","article_modified_time":"2024-09-10T16:20:40+00:00","og_image":[{"width":512,"height":202,"url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/06\/16-1.png","type":"image\/png"}],"author":"David Worthington","twitter_card":"summary_large_image","twitter_misc":{"Written by":"David Worthington","Est. reading time":"9 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/jumpcloud.com\/blog\/how-to-enhance-ubuntu-security#article","isPartOf":{"@id":"https:\/\/jumpcloud.com\/blog\/how-to-enhance-ubuntu-security"},"author":{"name":"David Worthington","@id":"https:\/\/jumpcloud.com\/#\/schema\/person\/185ca12034835ee50ee17b100abdfb2e"},"headline":"How to Enhance Ubuntu Security: Advanced Features and Techniques","datePublished":"2024-06-28T15:30:00+00:00","dateModified":"2024-09-10T16:20:40+00:00","mainEntityOfPage":{"@id":"https:\/\/jumpcloud.com\/blog\/how-to-enhance-ubuntu-security"},"wordCount":1806,"publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"image":{"@id":"https:\/\/jumpcloud.com\/blog\/how-to-enhance-ubuntu-security#primaryimage"},"thumbnailUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/06\/16-1.png","articleSection":["How-To"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/jumpcloud.com\/blog\/how-to-enhance-ubuntu-security","url":"https:\/\/jumpcloud.com\/blog\/how-to-enhance-ubuntu-security","name":"How to Enhance Ubuntu Security - JumpCloud","isPartOf":{"@id":"https:\/\/jumpcloud.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/jumpcloud.com\/blog\/how-to-enhance-ubuntu-security#primaryimage"},"image":{"@id":"https:\/\/jumpcloud.com\/blog\/how-to-enhance-ubuntu-security#primaryimage"},"thumbnailUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/06\/16-1.png","datePublished":"2024-06-28T15:30:00+00:00","dateModified":"2024-09-10T16:20:40+00:00","description":"Learn how to enhance Ubuntu security in this step-by-step tutorial.","breadcrumb":{"@id":"https:\/\/jumpcloud.com\/blog\/how-to-enhance-ubuntu-security#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jumpcloud.com\/blog\/how-to-enhance-ubuntu-security"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/blog\/how-to-enhance-ubuntu-security#primaryimage","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/06\/16-1.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2024\/06\/16-1.png","width":512,"height":202,"caption":"screenshot of tutorial code"},{"@type":"BreadcrumbList","@id":"https:\/\/jumpcloud.com\/blog\/how-to-enhance-ubuntu-security#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/jumpcloud.com\/"},{"@type":"ListItem","position":2,"name":"How to Enhance Ubuntu Security: Advanced Features and Techniques"}]},{"@type":"WebSite","@id":"https:\/\/jumpcloud.com\/#website","url":"https:\/\/jumpcloud.com\/","name":"JumpCloud","description":"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.","publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jumpcloud.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/jumpcloud.com\/#organization","name":"JumpCloud","url":"https:\/\/jumpcloud.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","width":598,"height":101,"caption":"JumpCloud"},"image":{"@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/jumpcloud.com\/#\/schema\/person\/185ca12034835ee50ee17b100abdfb2e","name":"David Worthington","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/person\/image\/d9acf1381c6e5b50c0f50d47b7b05411","url":"https:\/\/secure.gravatar.com\/avatar\/a6dde901b469c9005c22973e42038d62?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/a6dde901b469c9005c22973e42038d62?s=96&d=mm&r=g","caption":"David Worthington"},"description":"I'm the JumpCloud Champion for Product, Security. JumpCloud and Microsoft certified, security analyst, a one-time tech journalist, and former IT director.","sameAs":["https:\/\/jumpcloud.com\/blog","david.worthington@jumpcloud.com"]}]}},"_links":{"self":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts\/112156"}],"collection":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/users\/150"}],"replies":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/comments?post=112156"}],"version-history":[{"count":3,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts\/112156\/revisions"}],"predecessor-version":[{"id":112185,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts\/112156\/revisions\/112185"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media\/112176"}],"wp:attachment":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media?parent=112156"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/categories?post=112156"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/tags?post=112156"},{"taxonomy":"collection","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/collection?post=112156"},{"taxonomy":"platform","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/platform?post=112156"},{"taxonomy":"funnel_stage","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/funnel_stage?post=112156"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/coauthors?post=112156"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}