Ubuntu Security and Ubuntu on AWS
Stories on exploration of Ubuntu as an alternative to Windows ~ by Teri Radichel
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
⚙️ Check out my series on Automating Cybersecurity Metrics. The Code.
🔒 Related Stories: Ubuntu | OS and IoT Security.
💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I used to be a Windows-only developer before I got into security. I only dabbled in Linux here and there. Now I’m a Mac person primarily and I use a lot of Linux.
I have been testing out Ubuntu as an alternative to Windows on AWS. Windows comes with licensing fees and various complexities. On the other hand I’ve discovered some security challenges with Ubuntu and I’m wondering who tests and ensures the OS is up to date and free from vulnerabilities or misconfigurations. For example, I’m curious about the “snake oil” certificate used by some RDP tools and the way passwords are passed around. More research to be done…here are my stories.
If you want a summary of how to get Ubuntu setup with Chromium, xrdp, and a working terminal here’s a summary:
If you want to read trials and tribulations along the way here are some other posts on various topics and bugs I faced at the end.
Here you here are some of the things I’ve been playing around with.
Install the AWS CLI on Ubuntu installed on EC2 ARM architecture.
I started out using ARM but later I had to switch back to amd64 because at the time Burp, a tool I use a lot, does not work fully an ARM. However, it is on their roadmap and I suspect that capability is coming soon. [Update: Burp now supports Arm.]
If you want to get updates and install them on Ubuntu run these two commands.
sudo apt-get update
sudo atp-get upgradeReboot command (or reboot in AWS console.) At times I’ve had to stop and start the instance to get things working.
sudo reboot. I also like to install plocate to quickly find files.
sudo apt install plocateThen you can run commands like this (related to the topic in an upcoming post.)
locate sesman.iniI added a second disk to my instance for data I want to store separately from the boot disk:
Install the Azure CLI to run commands on Azure:
Various issues I had using Ubuntu:
Had an issue where new drive was asking for password
Failure to open default browser — installed chrome
I had some issues installing the latest version of git on Ubuntu on an AWS EC2 instance.
To get the latest version of git I had to install from source.
After I installed git it wasn’t in the path. Here’s how I fixed it. I also explain how to use aliases in Ubuntu in this post.
Disabling the DNS server running by default:
Install Java On Ubuntu:
Here are some other challenges I faced along the way.
Another random previously working code failure related to paths.
Troubleshooting leads to a realization that Python precedence may not be working correctly? More investigation is needed…
I also faced the issue noted in the answer from John Rennie in this Q & A post.
Had this problem with incompatible libraries on Ubuntu on EC2 and solved it in a fast, hokey way. I hope that whatever is causing this mismatch is addressed the AMI providers. I also noticed Python3.11 libraries in here. So may versions gets confusing. Do they really all need to be there?
Login problem connecting to sesman may have an easy fix…by the way I learned that the RDP tool I’m using does some funky things with your password which they claim they are going to fix but haven’t yet. It poses some security problems because they appear to be taking a password and passing it ot some other service or socket or something like that. That’s why if you enter a bad password, it can’t login via RDP and show you your Ubuntu windows. More investigation on that is needed, along with the use of the snake oil cert. Lock down your network…
If you don’t allow IPv6 you might not be getting security updates.
How to disable IPv6 to resolve the above problem.
Can’t log into Ubuntu Pro on AWS.
I’m not saying you should allow IPv6. I’m saying they should fix that.
Cannot stop or start instances — fixed
Updates not validating host with TLS on Ubuntu
Making the python command run python3
Ubuntu on AWS should use AWS NTP servers by default
Ubuntu on AWS does not offer latest version of CLI by default
Repeated errors with xrdp on Ubuntu:
xrdp only listens on ipv6 (fixed)
Black screen again xrdp Ubuntu
Problem with xrdp on Ubuntu again
Follow for updates.
Teri Radichel | © 2nd Sight Lab 2023
About Teri Radichel:
~~~~~~~~~~~~~~~~~~~~
⭐️ Author: Cybersecurity Books
⭐️ Presentations: Presentations by Teri Radichel
⭐️ Recognition: SANS Award, AWS Security Hero, IANS Faculty
⭐️ Certifications: SANS ~ GSE 240
⭐️ Education: BA Business, Master of Software Engineering, Master of Infosec
⭐️ Company: Penetration Tests, Assessments, Phone Consulting ~ 2nd Sight LabNeed Help With Cybersecurity, Cloud, or Application Security?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
🔒 Request a penetration test or security assessment
🔒 Schedule a consulting call
🔒 Cybersecurity Speaker for PresentationFollow for more stories like this:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
❤️ Sign Up my Medium Email List
❤️ Twitter: @teriradichel
❤️ LinkedIn: https://www.linkedin.com/in/teriradichel
❤️ Mastodon: @teriradichel@infosec.exchange
❤️ Facebook: 2nd Sight Lab
❤️ YouTube: @2ndsightlab
