Take the server survey

Products

Security

Ubuntu Server Edition is built on the solid foundation of Debian Linux, a distribution known for its in-built security.

No open ports

By default, Ubuntu does not install default services that listen on open network ports. (The astute reader will note that local network service clients like DHCP and Avahi are the only exception.) This reduces the chances that a system would be compromised through a service that was installed without the explicit knowledge of the administrator.

Role-based administration

Ubuntu also implements a role-based administration model with no default root access. Other Linux distributions typically provide this root access but role-based administration allows for better security, error prevention and auditing. This is particularly useful on systems where more than one user might have been given root access, as in a traditional model. This default can be reversed once the user is confident that root access will be secure in their particular situation.

No X server by design

By design, Ubuntu Server Edition does not include an X server or any graphical desktop applications. This is a deliberate choice as we believe that most servers should be serviced remotely, are safer without the addition of code that needs direct communication from user space to hardware, and should not be used as a desktop by their administrator.

"So I applaud the Ubuntu team’s common sense (and courage) in keeping the X Window System out of the default installation of Ubuntu Server."
--Mick Bauer in April 2008 Linux Journal - "Security Features in Ubuntu Server"

Security Updates and Landscape

Our security team monitors vulnerabilities in all the packages we maintain and quickly prioritizes and responds by releasing patches for the affected packages for all maintained versions of Ubuntu. This is a free service that is available regardless of any support subscription. Subscribers to our technical support additionally get the possibility to apply these patches on multiple machines at the same time, thus considerably reducing the burden on system administrators. This is done through the use of Landscape, Canonical's web-based systems management service, and is a vital service for any deployment environments.

Kernel & Compiler Hardening

Our security team also proactively works on hardening the kernel and making the compilers stricter on their verifications of good practice. Hardening techniques help in preventing intruders from taking down a server. 8.04 includes these security features:

  • ASLR (Address Space Layout Randomisation) consists of several built-in memory protection techniques so that stack, heap, library, and executable code locations in user space are harder to predict. Additionally, the memory locations are maintained privately ("maps protection"). Even if an attacker finds a vulnerability, ASLR can make it harder for it to be exploited..

  • Stack protection adds a random value (called a canary and acting as a fuse) to the edge of the stack, placed before the return address, so that when exiting a function the integrity of the stack can be verified. Vulnerabilities involving "stack overflows" are rendered significantly more difficult to exploit by an attacker.

  • Heap protection: GNU libc provides internal memory allocation consistency checking and pointer obfuscation. If a bug in an application accidentally mismanaged its resources, for example allowing a heap overflow, or asking
    to free the same memory twice (double free), these runtime protections can block attackers from exploiting those flaws.

  • Non-executable memory: memory areas meant for executable code are the only regions that will be allowed to execute. This is available using any kernel on 64-bit processors, or when running the "-server" kernel on a processor that provides the "nx" capability. This means that attackers cannot easily inject their malicious executable code into a vulnerable application.

  • Kernel Memory Address Protection consists of multiple techniques to restrict which part of the kernel memory user space tools can access. For example, this is allows X windows to access device memory, but to not allow access to kernel memory, which can prevent the installation of root kits.

  • NULL Address Space Protection: the lower 64K of memory is not allowed to be allocated. This can protect a system if an attacker attempts to exploit a kernel vulnerability involving null pointer exception handling.

New in 8.10:

  • Compiler security-hardening features by default: The gcc compiler now defaults to enabling several security hardening features and warnings. This stops many undiscovered security vulnerabilities, rendering them unexploitable.
  • Network services compiled as position-independent executables: To take advantage of the kernel's ability to randomize the in-memory location of executables, many network services were compiled as position-independent executables (PIE), including: apache2, bind9, openldap, postfix, cups, openssh, postgresql-8.3, samba, dovecot, dhcp3. This makes certain kinds of security vulnerabilities even harder to exploit.

AppArmor

Security can also be greatly enhanced in Ubuntu through the use of mandatory access control (MAC) rules provided by AppArmor. It allows the system administrator to associate each programme with a security profile which restricts the authority and access rights of that programme. It supplements the traditional UNIX discretionary access control with additional rules that control what programmes are allowed to be accessed. Thus you can control which file or any other system resources the programme has access to. To simplify the setup of these rules, AppArmor integrates a learning mode that can be activated programme by programme to establish a typical rules set that can then be turned into enforcement based on real usage of the services or applications.

Learn more about AppArmor >>

Uncomplicated Firewall

Starting with version 8.04, Ubuntu provides ufw (Uncomplicated Firewall), a command line utility whose name tells most of what it aims to be. If iptables configuration is too complicated for your needs, ufw does make it very simple to add host based rules protection for your server (or desktop). In order to maintain backward compatibility, ufw is disabled but installed by default, and enabling it is just a command away. Because ufw uses the service list, you do not need to know the port numbers you want to open, you just need to specify the protocol name you want to enable, for example: 

sudo ufw enable
sudo ufw allow smtp
sudo ufw allow http

is all you need to have your server only accept connections on port 25(smtp) and 80(http).

Added in 8.10:

Common services now inform ufw of the ports that are recommended for their proper enabling, so the administrator can open them in a single simple command ufw allow <application>.

For more information, please read the Firewall section of the Server Guide >>.

New in 8.10: Encrypted private directories

The ecryptfs-utils package now provides support for a secret encrypted folder in a user's Home Folder.

If you have not selected this option during the setup of your server, you can enable this feature by typing the following from a command prompt: 

sudo aptitude install ecryptfs-utils
ecryptfs-setup-private

For more information, please read the Encrypted private directory tutorial >>