99-Locking Down Ubuntu

By Dan Aukes
  1. Set bios admin password
  2. check sudoers group, make other users non-admin
  3. delete unused / unnecessary accounts
  4. reset root password
  5. lock all ssh keys with passphrase
  6. ensure .ssh, keys folders have the right permissions
  7. remove plaintext passwords from all .config files
  8. make sure cloud connections require password to start and do not start automatically
  9. encrypt all important configurations (eg rclone, syncthing, etc)
  10. remove credential files from all samba configs
  11. make normal user accts for any guests
  12. disable remembering passwords in
    • firefox
    • thunderbird
    • other email programs
    • other browsers
  13. Lock down SSH
    1. See how to disable passwords over ssh
    2. enable LUKS remote decrypt
  14. install tor?
  15. add bitwarden or other 2FA app
  16. update frequently
  17. encrypt hard drive
  18. set up logging
  19. set / update vnc passwords
  20. check out AppArmor
  21. enable global privacy control: https://blog.mozilla.org/netpolicy/2021/10/28/implementing-global-privacy-control/