Is it safe and secure to use 18.04 mini.iso minimal instalation for i3?
I took the 18.04 mini.iso, did a basic install. Selected automatic security updates. On software selection screen I selected nothing. Rebooted, installed xinit, i3 (and some x11 utilities package, sorry, cannot find it now), pulseaudio, cups, ... and I would like to use it as desktop. Is it safe?
I did lsblk and I have no swap probably. Is that ok?
18.04 security swap ubuntu-minimal i3-wm
asked Dec 29 '18 at 12:45
Michal Štěpánek
12
New contributor
Michal Štěpánek is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
I took the 18.04 mini.iso, did a basic install. Selected automatic security updates. On software selection screen I selected nothing. Rebooted, installed xinit, i3 (and some x11 utilities package, sorry, cannot find it now), pulseaudio, cups, ... and I would like to use it as desktop. Is it safe?
I did lsblk and I have no swap probably. Is that ok?
18.04 security swap ubuntu-minimal i3-wm
asked Dec 29 '18 at 12:45
Michal Štěpánek
12
New contributor
Michal Štěpánek is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
I took the 18.04 mini.iso, did a basic install. Selected automatic security updates. On software selection screen I selected nothing. Rebooted, installed xinit, i3 (and some x11 utilities package, sorry, cannot find it now), pulseaudio, cups, ... and I would like to use it as desktop. Is it safe?
I did lsblk and I have no swap probably. Is that ok?
18.04 security swap ubuntu-minimal i3-wm
asked Dec 29 '18 at 12:45
Michal Štěpánek
12
New contributor
Michal Štěpánek is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
I took the 18.04 mini.iso, did a basic install. Selected automatic security updates. On software selection screen I selected nothing. Rebooted, installed xinit, i3 (and some x11 utilities package, sorry, cannot find it now), pulseaudio, cups, ... and I would like to use it as desktop. Is it safe?
I did lsblk and I have no swap probably. Is that ok?
18.04 security swap ubuntu-minimal i3-wm
18.04 security swap ubuntu-minimal i3-wm
asked Dec 29 '18 at 12:45
Michal Štěpánek
12
New contributor
Michal Štěpánek is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked Dec 29 '18 at 12:45
Michal Štěpánek
12
New contributor
Michal Štěpánek is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
edited Dec 30 '18 at 1:07
asked Dec 29 '18 at 12:45
Michal Štěpánek
12
New contributor
Michal Štěpánek is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked Dec 29 '18 at 12:45
Michal Štěpánek
12
asked Dec 29 '18 at 12:45
Michal Štěpánek
12
12
New contributor
Michal Štěpánek is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
Michal Štěpánek is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Michal Štěpánek is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
I3 is only a window manager and has nothing to do (directly) with the security of your system.
You can implement a lot of different directives for better security, like using a non-root user for daily tasks (root only when needed), setting permissions correctly, if you feel, create some iptable rules to prevent connection to your machinem, etc.
Check the services that are running in your machine with 'ps' and which ports in your system are open using 'netstat -tunlp', you can check which process is opening each port running it with sudo
Swap also has nothing to do with security, you can read more about it here: https://wiki.archlinux.org/index.php/Swap
answered Dec 29 '18 at 13:24
Jean Novak
461
New contributor
Jean Novak is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
It's safe... but you should configure iptables to drop incoming traffic if you will be on a network that you don't control.
Here are some very basic instructions to get you started:
# Drop all traffic unless explicitly allowed
sudo iptables -P INPUT DROP
# Allow existing connections to stay connected
sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
# Allow loopback connections
sudo iptables -A INPUT -i lo -j ACCEPT
# Open any other ports you want to allow to come in, for example SSH, HTTP, and HTTPS
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT
Now check your work:
iptables -L
Start over if you need to:
iptables -X -F
For more detail, see: https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-using-iptables-on-ubuntu-14-04
answered Dec 29 '18 at 13:09
Eric Mintz
504112
Although your answer is 100% correct, it might also become 100% useless if that link is moved, changed, merged into another one or the main site just disappears... :-( Therefore, please edit your answer, and copy the relevant steps from the link into your answer, thereby guaranteeing your answer for 100% of the lifetime of this site! ;-) You can always leave the link in at the bottom of your answer as a source for your material...
– Fabby
Dec 29 '18 at 14:43
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "89"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Michal Štěpánek is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1105346%2fis-it-safe-and-secure-to-use-18-04-mini-iso-minimal-instalation-for-i3%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
I3 is only a window manager and has nothing to do (directly) with the security of your system.
You can implement a lot of different directives for better security, like using a non-root user for daily tasks (root only when needed), setting permissions correctly, if you feel, create some iptable rules to prevent connection to your machinem, etc.
Check the services that are running in your machine with 'ps' and which ports in your system are open using 'netstat -tunlp', you can check which process is opening each port running it with sudo
Swap also has nothing to do with security, you can read more about it here: https://wiki.archlinux.org/index.php/Swap
answered Dec 29 '18 at 13:24
Jean Novak
461
New contributor
Jean Novak is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
I3 is only a window manager and has nothing to do (directly) with the security of your system.
You can implement a lot of different directives for better security, like using a non-root user for daily tasks (root only when needed), setting permissions correctly, if you feel, create some iptable rules to prevent connection to your machinem, etc.
Check the services that are running in your machine with 'ps' and which ports in your system are open using 'netstat -tunlp', you can check which process is opening each port running it with sudo
Swap also has nothing to do with security, you can read more about it here: https://wiki.archlinux.org/index.php/Swap
answered Dec 29 '18 at 13:24
Jean Novak
461
New contributor
Jean Novak is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
I3 is only a window manager and has nothing to do (directly) with the security of your system.
You can implement a lot of different directives for better security, like using a non-root user for daily tasks (root only when needed), setting permissions correctly, if you feel, create some iptable rules to prevent connection to your machinem, etc.
Check the services that are running in your machine with 'ps' and which ports in your system are open using 'netstat -tunlp', you can check which process is opening each port running it with sudo
Swap also has nothing to do with security, you can read more about it here: https://wiki.archlinux.org/index.php/Swap
answered Dec 29 '18 at 13:24
Jean Novak
461
New contributor
Jean Novak is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
I3 is only a window manager and has nothing to do (directly) with the security of your system.
You can implement a lot of different directives for better security, like using a non-root user for daily tasks (root only when needed), setting permissions correctly, if you feel, create some iptable rules to prevent connection to your machinem, etc.
Check the services that are running in your machine with 'ps' and which ports in your system are open using 'netstat -tunlp', you can check which process is opening each port running it with sudo
Swap also has nothing to do with security, you can read more about it here: https://wiki.archlinux.org/index.php/Swap
answered Dec 29 '18 at 13:24
Jean Novak
461
New contributor
Jean Novak is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered Dec 29 '18 at 13:24
Jean Novak
461
New contributor
Jean Novak is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered Dec 29 '18 at 13:24
Jean Novak
461
answered Dec 29 '18 at 13:24
Jean Novak
461
461
New contributor
Jean Novak is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
Jean Novak is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Jean Novak is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
add a comment |
It's safe... but you should configure iptables to drop incoming traffic if you will be on a network that you don't control.
Here are some very basic instructions to get you started:
# Drop all traffic unless explicitly allowed
sudo iptables -P INPUT DROP
# Allow existing connections to stay connected
sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
# Allow loopback connections
sudo iptables -A INPUT -i lo -j ACCEPT
# Open any other ports you want to allow to come in, for example SSH, HTTP, and HTTPS
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT
Now check your work:
iptables -L
Start over if you need to:
iptables -X -F
For more detail, see: https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-using-iptables-on-ubuntu-14-04
answered Dec 29 '18 at 13:09
Eric Mintz
504112
Although your answer is 100% correct, it might also become 100% useless if that link is moved, changed, merged into another one or the main site just disappears... :-( Therefore, please edit your answer, and copy the relevant steps from the link into your answer, thereby guaranteeing your answer for 100% of the lifetime of this site! ;-) You can always leave the link in at the bottom of your answer as a source for your material...
– Fabby
Dec 29 '18 at 14:43
add a comment |
It's safe... but you should configure iptables to drop incoming traffic if you will be on a network that you don't control.
Here are some very basic instructions to get you started:
# Drop all traffic unless explicitly allowed
sudo iptables -P INPUT DROP
# Allow existing connections to stay connected
sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
# Allow loopback connections
sudo iptables -A INPUT -i lo -j ACCEPT
# Open any other ports you want to allow to come in, for example SSH, HTTP, and HTTPS
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT
Now check your work:
iptables -L
Start over if you need to:
iptables -X -F
For more detail, see: https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-using-iptables-on-ubuntu-14-04
answered Dec 29 '18 at 13:09
Eric Mintz
504112
Although your answer is 100% correct, it might also become 100% useless if that link is moved, changed, merged into another one or the main site just disappears... :-( Therefore, please edit your answer, and copy the relevant steps from the link into your answer, thereby guaranteeing your answer for 100% of the lifetime of this site! ;-) You can always leave the link in at the bottom of your answer as a source for your material...
– Fabby
Dec 29 '18 at 14:43
add a comment |
It's safe... but you should configure iptables to drop incoming traffic if you will be on a network that you don't control.
Here are some very basic instructions to get you started:
# Drop all traffic unless explicitly allowed
sudo iptables -P INPUT DROP
# Allow existing connections to stay connected
sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
# Allow loopback connections
sudo iptables -A INPUT -i lo -j ACCEPT
# Open any other ports you want to allow to come in, for example SSH, HTTP, and HTTPS
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT
Now check your work:
iptables -L
Start over if you need to:
iptables -X -F
For more detail, see: https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-using-iptables-on-ubuntu-14-04
answered Dec 29 '18 at 13:09
Eric Mintz
504112
It's safe... but you should configure iptables to drop incoming traffic if you will be on a network that you don't control.
Here are some very basic instructions to get you started:
# Drop all traffic unless explicitly allowed
sudo iptables -P INPUT DROP
# Allow existing connections to stay connected
sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
# Allow loopback connections
sudo iptables -A INPUT -i lo -j ACCEPT
# Open any other ports you want to allow to come in, for example SSH, HTTP, and HTTPS
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT
Now check your work:
iptables -L
Start over if you need to:
iptables -X -F
For more detail, see: https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-using-iptables-on-ubuntu-14-04
answered Dec 29 '18 at 13:09
Eric Mintz
504112
edited Dec 29 '18 at 15:06
answered Dec 29 '18 at 13:09
Eric Mintz
504112
answered Dec 29 '18 at 13:09
Eric Mintz
504112
answered Dec 29 '18 at 13:09
Eric Mintz
504112
504112
Although your answer is 100% correct, it might also become 100% useless if that link is moved, changed, merged into another one or the main site just disappears... :-( Therefore, please edit your answer, and copy the relevant steps from the link into your answer, thereby guaranteeing your answer for 100% of the lifetime of this site! ;-) You can always leave the link in at the bottom of your answer as a source for your material...
– Fabby
Dec 29 '18 at 14:43
add a comment |
Although your answer is 100% correct, it might also become 100% useless if that link is moved, changed, merged into another one or the main site just disappears... :-( Therefore, please edit your answer, and copy the relevant steps from the link into your answer, thereby guaranteeing your answer for 100% of the lifetime of this site! ;-) You can always leave the link in at the bottom of your answer as a source for your material...
– Fabby
Dec 29 '18 at 14:43
Although your answer is 100% correct, it might also become 100% useless if that link is moved, changed, merged into another one or the main site just disappears... :-( Therefore, please edit your answer, and copy the relevant steps from the link into your answer, thereby guaranteeing your answer for 100% of the lifetime of this site! ;-) You can always leave the link in at the bottom of your answer as a source for your material...
– Fabby
Dec 29 '18 at 14:43
Although your answer is 100% correct, it might also become 100% useless if that link is moved, changed, merged into another one or the main site just disappears... :-( Therefore, please edit your answer, and copy the relevant steps from the link into your answer, thereby guaranteeing your answer for 100% of the lifetime of this site! ;-) You can always leave the link in at the bottom of your answer as a source for your material...
– Fabby
Dec 29 '18 at 14:43
add a comment |
Michal Štěpánek is a new contributor. Be nice, and check out our Code of Conduct.
Michal Štěpánek is a new contributor. Be nice, and check out our Code of Conduct.
Michal Štěpánek is a new contributor. Be nice, and check out our Code of Conduct.
Michal Štěpánek is a new contributor. Be nice, and check out our Code of Conduct.
Thanks for contributing an answer to Ask Ubuntu!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1105346%2fis-it-safe-and-secure-to-use-18-04-mini-iso-minimal-instalation-for-i3%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
