Linux Harden Desktop

Hardening the Linux desktopA selection of easy-to-use tools for keeping your systemssecure

Skill Level: Introductory

Jeffrey Orloff ([email protected])Director of IT/SecuritySafeWave, LLC

25 Nov 2008

Although GNU/Linux® has the reputation of being a much more secure operatingsystem than Microsoft® Windows®, you still need to secure the Linux desktop. Thistutorial takes you through the steps of installing anti virus software, creating abackup-restore plan, and making practical use of a firewall. When you finish, you'llhave the knowledge and tools you need to harden your Linux desktop against mostattacks and prevent illegitimate access to your computer.

Section 1. Before you start

To get the most out of this tutorial, follow the steps provided for each task with eithera computer running GNU/Linux or a virtual machine with GNU/Linux as the operatingsystem.

About this tutorial

This tutorial introduces you to the basics of GNU/Linux security and shows you howto protect, or harden, your desktop against attacks. It gives you step-by-stepexamples of how to:

• Protect your computer against malware attacks

Hardening the Linux desktop© Copyright IBM Corporation 1994, 2008. All rights reserved. Page 1 of 25

mailto:[email protected]

http://www.ibm.com/legal/copytrade.shtml

• Configure a firewall to keep attackers out

• Back up important files and recover files after a successful backup

• Install updates to your operating system and other software

• Password-protect the bootloader

These same fundamental security concepts for making your desktop safe can alsoserve as a foundation for hardening your Linux servers.

Objectives

After completing this tutorial, you will be able to harden your GNU/Linux desktop andprevent attacks against your computer and its data. You will be able to install andconfigure software to help protect your desktop against malware that can give anattacker access to your computer. You will also be able to use a firewall to protectagainst inbound and outbound traffic, back up and restore your data, and apply othertricks that further harden your system.

Prerequisites

This tutorial is written for beginning GNU/Linux users. It assumes that you have abasic understanding of the GNU/Linux operating system and have experiencedownloading and installing software.

System requirements

To use the examples in this tutorial, you need the GNU/Linux operating systeminstalled on a computer or as a virtual environment with root access. You also needan active Internet connection with the ability to download software.

The examples use Ubuntu, so it is recommended that you use a Debian fork ofGNU/Linux. Although the examples will work on a virtual machine runningGNU/Linux, you should not use a Live CD.

Section 2. Myths about GNU/Linux security

For years, GNU/Linux users have enjoyed the notion that their operating system is

developerWorks® ibm.com/developerWorks

Hardening the Linux desktopPage 2 of 25 © Copyright IBM Corporation 1994, 2008. All rights reserved.


superior to Microsoft Windows in terms of security. Unfortunately, what attackersstand to gain from compromising a computer or network has also changed overtime.

Originally, most attacks against computers stemmed from hackers seeking notorietyin their community. There were cases of malicious hackers seeking to obtainsensitive information for monetary reasons. But the concept of stealing financial orconfidential information for profit wasn't the primary goal of hackers—until recently.

Today, well-organized criminal organizations employ malicious hackers for the solepurpose of breaching computer security systems for financial gain. Over the years,monetary losses due to computer breaches has been estimated in the hundreds ofbillions.

When mischief was the primary driving force for malicious hackers, Windowssystems were their primary target. Windows was easy for anyone, not just computerenthusiasts, to use. And so desktop computers began to appear in just about everyhome, school, and business around the world; and they were being used by peoplewith below-average computing skills. With such a large pool of novice users,malicious hackers had no shortage of easy targets.

Windows also became a favorite target of certain malicious hackers because of itsproprietary software. Some attacks were motivated by the desire to bring negativepublicity to Microsoft, which was not seen as a supporter of the open sourcecommunity. These attacks also began to foster myths about security in computingcircles.

Is GNU/Linux more secure than Microsoft Windows?

One of the most popular myths surrounding computer security is that GNU/Linux ismore secure than Windows. Many factors come into play when you determine howsecure a system is. The most important factor is how the system was configured. Itis highly unlikely that a GNU/Linux system configured by a complete novice wouldbe more secure than a Windows systems configured by a highly skilled specialist.

This tutorial addresses the proper configuration of the GNU/Linux desktop. By takingthe steps to configure your computer system properly, you can make sure yoursystem is secure. Blindly accepting the "Linux is more secure" myth can lead totrouble.

Is GNU/Linux virus-free?

Another computer security myth is that viruses don't attack GNU/Linux computers.Although fewer viruses have been written to attack GNU/Linux systems than

ibm.com/developerWorks developerWorks®



Windows systems, GNU/Linux viruses do exist. Threats to GNU/Linux systems arealso posed by other forms of malware, such as Trojan horses, rootkits, and spyware.These threats are addressed in the next section of this tutorial.

The number of attacks against GNU/Linux systems has been steadily increasing.One reason is simply that the number of users switching to GNU/Linux operatingsystems is increasing. As these operating systems have adopted the graphical userinterface (GUI) concept, GNU/Linux has become an easy-to-use, less expensivereplacement for Windows.

Another reason for the increase in attacks against GNU/Linux systems is the factthat more attacks are financially motivated. Attackers no longer care what type ofoperating system their target is running—they just want the high-priced data that ishoused in the computer. If the targeted computer runs Windows, they use Windowsexploits. For computers running GNU/Linux, they attack an entirely different set ofvulnerabilities.

As you progress through this tutorial, you'll see some of the basic steps you can taketo help prevent unauthorized access to your GNU/Linux desktop computer. Newvulnerabilities are always being discovered. You need to make it a priority to stayinformed and take appropriate action to maintain the security of your computer.

Section 3. Protecting against malware

Malware is short for malicious software. Any program or file whose purpose is todamage or disrupt a computer system or network is malware. This section of thetutorial first provides you with an overview of how malware can attack GNU/Linuxand what design fundamentals in the operating system help prevent againstmalware infections. Following the overview are instructions on how to implementanti-virus protection and how to protect your system against rootkits.

In order for malware to spread between systems, and in order for it to causedamage, the program or file needs to be executed. GNU/Linux was designed so thatusers should not be running under the root (administrator) account; therefore,programs and files do not have the ability to execute without explicit permission.Without the ability to execute programs in this login state, malware can't install itself,or propagate, through a GNU/Linux system due to user permissions. The userpermissions security feature is built into GNU/Linux and is one of the most effectivetools against the spread of malware.

Malware written for Windows won't run on a GNU/Linux computer. Just as MicrosoftOffice can't be run directly from a GNU/Linux system, the malicious programs and




files don't run because the binary executables are written for Windows. If you try tolaunch a malicious program written for Windows in a GNU/Linux environment, theprogram won't know what to do because its instructions are written to read, write,and execute according to the Windows architecture. This also helps preventmalware from being written for GNU/Linux, because changes in the variousdistributions of the operating system are enough to render some malware useless.

Although some aspects of malware are irrelevant to the GNU/Linux desktop, thereare still several reasons why you should be concerned about it. Actively scanning formalware helps prevent it from spreading. Even if you do not execute a maliciousprogram on GNU/Linux, you might still pass the program on to another computer.For example, if you're using multiple environments, it would be easy to pass aninfected file from your GNU/Linux system to a Windows system through e-mail, via aUSB drive, or over a Samba share.

Another example stems from cross-platform malware that is coded to responddifferently depending on the host operating system. If the malware detects Windows,it attacks as such. If Red Hat is detected, different commands are run.

You also need to consider the increasing popularity of platform-independentenvironments such as OpenOffice.org, Perl, and Firefox. Malware can beengineered to attack specific vulnerabilities that are platform independent. Forexample, the MSIL.Yakizake worm sent an e-mail to each person in the host'sThunderbird address book. The messages were custom tailored to the DNS suffix sothat the language of the mail was correct.

Finally, you must keep an eye out for malware packages written specifically forGNU/Linux. Rootkits have long been the Achilles heel of GNU/Linux administrators.They are part of the same software family as Trojan horses. A rootkit is a collectionof tools that lets an attacker gain access to the root (administrator) account on yourcomputer. These malware packages go by different names, such as tOrn and ARK,but the end result is the same: your computer or network is no longer under yourcontrol.

Install anti-virus protection: ClamAV

When installing ClamAV, you can specify whether you want to run the programmanually or have it run continually by connecting it to a daemon. For a desktop, it isideal to have the program run as a daemon (this also still gives you the option ofperforming manual scans).

To install ClamAV as a continually running daemon, follow these steps:

1. Power up your computer and log in.




2. From the menu bar, select Applications > Accessories > Terminal.

3. Once the terminal is launched, enter: sudo apt-get installclamav-daemon

4. When prompted, enter your password. This installs a package calledclamav-freshclam, which is the updater package for the ClamAVapplication.

5. You now see a message indicating how much disk space will be usedwhen you install the software. Enter Y at the prompt to begin theinstallation.

The installation process should take only a couple of minutes. When it completes,you see an alert indicating that your virus database is older than x days and that youshould update it as soon as possible.

Update your virus definitions

Virus definitions are patterns of code that are unique to different malware programs.Anti-virus scanners compare the contents of your files to the code patterns in a virusdefinitions data base. If a match is found, the program alerts you that there is aninfected file on your computer and prevents code in that file from executing.

Malware writers are continually writing and trying to spread new infectious files, soaside from installing anti-virus software, keeping your virus definitions up to date isthe most important task in keeping your files protected from malware. If the definitionfor a particular piece of malware isn't in your virus definitions database, the anti-virusscanner won't know it's malicious code and will let it run and and do whateverdamage it was programmed to do.

Because you installed freshclam with ClamAV, you can update your virus definitionsimmediately from the terminal by following these steps:

1. At the prompt, enter: sudo freshclam

2. When prompted, enter your password. Running this command updatesyour definitions to the most recent database.

3. The freshclam command does not cause any subsequent automaticupdates to your virus definitions. Each time you want to get the latestdefinitions, you must run freshclam again. After performing the initialupdate, you may find it convenient to use the -v argument on thecommand to first check if your definitions are up to date or not: sudo




freshclam -v

Start ClamAV

Now that you've updated your virus definitions, you're ready to start ClamAV.

To run a manual scan of your home folder, go to the terminal prompt and enterclamscan. When the clamscan command completes, you see a report of howmany directories and files were scanned and how many infected files were found.

To begin running ClamAV as a daemon, go to the terminal prompt and enterclamdscan. The clamdscan command creates a user named ClamAV. You canthen add this user to the group that owns the files you wish to scan.

Install the ClamTk GUI for ClamAV

Because this tutorial is aimed at beginners, this section explains how to configureClamAV using a graphical user interface (GUI) called ClamTk. To install it, followthese steps:

1. Close the terminal.

2. From the menu bar, select Applications > Add/Remove.

3. At the top of the Add/Remove Applications window, select All OpenSource applications from the Show drop-down menu.

4. Enter Clam in the search box, and press Enter.

5. When Add/Remove Applications finds ClamTk, it's listed as Virus Scannerin the main section of the window (see Figure 1). Select the VirusScanner check box. If you are prompted to enable the installation ofcommunity-maintained software, click the Enable button.Figure 1. Installing ClamTk using the Add/Remove tool




6. Click Apply Changes at the bottom right of the window.

7. Click Apply.

8. When prompted for your password, enter it and click OK.

9. When you see the pop-up window informing you that installation iscomplete, click Close.

Use ClamTk

It is possible to launch ClamTk from the desktop by selecting Applications >System Tools > Virus Scanner, but using the program in this manner may requireyou to log in as root, which you do not want to do. Instead, use the following steps toopen ClamTk with the appropriate rights:

1. Press Alt-F2.

2. Type: gksu clamtk

3. Click Run.

Figure 2 shows the ClamTk Virus Scanner window. You can use the menu and




toolbar to issue commands. The Information section lists files and their status. If afile is infected, it would be noted here (the files in Figure 2 are waiting to bescanned). At the bottom of the window the Status section indicates how many fileshave been scanned and how many infected files were found.

Figure 2. Scanning for malware using the ClamTk GUI

If you find that malware has infected any files, be sure that the file isn't an essentialsystem file before you delete it. This is especially true if you're using a dual-bootcomputer, because you can scan Microsoft Windows directories using GNU/Linuxand ClamAV.

Protect against rootkits

Probably the most dangerous malware that GNU/Linux users face is the rootkit. Tofight against rootkits and other possible exploits, this section shows you how toinstall and use rkhunter and chkrootkit. These programs scan your desktop forsuspicious files that may have been installed by an attacker to gain control of yourcomputer.

Install and use rkhunter

To install rkhunter, follow these steps:




1. To navigate back into the terminal, select Applications > Accessories >Terminal.

2. In the terminal shell, enter the following command: sudo aptitudeinstall rkhunter

3. When you receive a message informing you of how much space thesoftware will use, enter Y to begin the installation.

Once rkhunter is successfully installed, you can run it to check your desktop for anumber of exploits. To begin the program, go to the terminal prompt and enter: sudorkhunter --check

If rkhunter is running properly, you begin to see a list of directories with the word OKor Warning next to them. Once started, rkhunter performs several types of scans.After one scan completes, you begin the next by pressing Enter. The different typesof scans are:

• Directories

• Exploits on the desktop (sample results shown in Figure 3)

• Ports that are commonly used for back door access

• Startup files, groups and accounts, system configuration files, and the filesystem

• Applications

After all the scans are complete, rkhunter provides you with a report and creates alog file with the results.

Figure 3. Rkhunter scanning for rootkits




As with ClamAV, you need to regularly update rkhunter so that it can detect thelatest vulnerabilities and exploits:

1. From the terminal, enter: sudo rkhunter --update

2. When prompted, enter your password.

Install and use chkrootkit

Although most anti-virus software does not run properly alongside anothercompany's anti-virus program, rootkit hunters will run symbiotically with one another.Therefore, for more comprehensive protection, you can install chkrootkit and run italongside rkhunter.

To install chkroot, simply go to the terminal prompt and enter: sudo aptitudeinstall chkrootkit

Once chkroot is installed, you run it just like you do rkhunter. At the terminal prompt,enter: sudo chkrootkit

When chkroot completes its scan you are brought back to the terminal prompt.




If rkhunter or chkrootkit finds anything out of the ordinary, they simply inform you ofthe potential problem. Neither of these programs actually delete files from yourcomputer. If you're alerted to something by either program, research the exploit orvulnerability that has been reported and make sure that what was found isn't a falsepositive. Then, determine the necessary steps to eliminate the threat. Sometimes,you only need to update the operating system or other software. Other times, youmay have to locate a rogue program and eradicate it from your system.

Section 4. Using a firewall

The next preventative step you should take is to use the firewall built into youroperating system. Ubuntu, by default, runs iptables as the firewall on everydistribution. Upon installation, the default settings for this firewall allow all incomingand outgoing traffic by default. To make effective use of the firewall, you need tocreate rules to lock down your desktop.

You can configure iptables via the terminal, but this section of the tutorial shows youhow to write firewall rules with a GUI called Firestarter.

Install and launch Firestarter

Firestarter is not installed on Ubuntu by default. To install and launch Firestarter,follow these steps:

1. Open the terminal and type this command: sudo apt-get installfirestarter


3. To launch the program, close the terminal window and select System >Administration > Firestarter.

Configure Firestarter

When you first launch Firestarter, you're taken through a setup wizard. Follow thesesteps to complete the wizard:

1. Look over the introduction on the first screen and click Forward.




2. The next screen asks you to provide information about your networkdevice. If you're using an Ethernet cable to connect your computer to arouter, the Ethernet device should be set to eth0, as shown in Figure 4. Ifyou have DHCP running on your network, be sure this option is selected.After making the appropriate selections, click Forward.Figure 4. Configuring the network device in Firestarter

3. If you're sharing your Internet connection with other computers, the nextscreen lets you configure this (see Figure 5). Once you've configured yournetwork setup, click Forward.Figure 5. Configuring Internet connection sharing




4. Click Save to start the firewall.

Figure 6 shows Firestarter actively monitoring a computer.

Figure 6. Firestarter

Add Firestarter to your startup programs




Before you begin configuring Firestarter policies, perform the following steps toinclude it in your startup programs and allow Firestarter to protect your computereach time you boot up:

1. Select System > Preferences > Sessions.

2. Click Add to bring up a window where you can type the startup command.

3. Enter Firestarter in the Name field.

4. Enter the following in the Command field: sudo/usr/sbin/firestarter

5. Click Add, and then close the Sessions Preferences window.

Create policies in Firestarter

In order to use Firestarter to stop illicit traffic, you need to create policies. Firewallpolicies are the rules that determine how a firewall handles incoming and outgoingtraffic. Policies can be set to prevent traffic to or from a specific IP address, aspecific site, or even a port on a computer. When creating policies, it's important toremember that although blocking certain traffic may make your network/computersafer, it can also hinder the ability of people to work. You need to find a balancebetween security and functionality.

Make sure Firestarter is open on your desktop. Firestarter blocks any inboundnetwork traffic that isn't a response to a connection established by a secure host. Ifyou didn't initiate the connection, Firestarter blocks it by default.

To create a new policy that allows an inbound connection, follow these steps:

1. Click the Policy tab in Firestarter.

2. Set the Editing option to Inbound traffic policy.

3. Click Add Rule at the top of the window. When you do this, a newwindow appears, asking what incoming connections to allow (see Figure7).Figure 7. Adding an inbound traffic policy




4. In the first field, enter the network, hostname, or IP address from whichyou want to allow incoming traffic to originate. For practice, enter:thisnetwork.org

5. Click Add.

6. When you're brought back to the main window, click Apply Policy.




Highlight your new policy; the Remove Rule and Edit Rule buttons are nowactivated. Unless you created an actual rule that you plan to use, click RemoveRule and then Apply Policy.

To create a new policy that blocks outbound traffic to a specific network, site, orhost, follow these steps:

1. Click the Policy tab in Firestarter.

2. Set the Editing option to Outbound traffic policy.

3. You can now select either Permissive or Restrictive. Permissiveblacklists selected traffic; if you create a policy in Permissive mode, you'retelling Firestarter to prevent outgoing traffic to anything listed in the policy.Restrictive, on the other hand, blocks any outgoing traffic except toanything listed in the policy.For example, if you want your computer to access onlywww.thisnetwork.org, select Restrictive. To block access towww.thisnetwork.org, select Permissive.

4. Click Add Rule at the top of the window.

5. In the Add new outbound rule window, enter the network, hostname, or IPaddress to which you either want to deny or permit outgoing traffic(depending on whether you selected Permissive or Restrictive in theprevious step). For practice, enter: thisnetwork.org

6. Click Add.

7. When you're brought back to the main window, click Apply Policy.

Once you've made policy changes to Firestarter, you can lock the firewall by clickingthe Status tab and selecting Lock Firewall.

Section 5. Backing up and restoring desktop files

Another step in protecting your GNU/Linux desktop involves establishing a backupand recovery process.

First, follow these steps to install the Home User Backup and Home User Recoveryprograms:




1. From the menu bar, select Applications > Add/Remove.

2. At the top of the Add/Remove Applications window, select All OpenSource applications from the Show drop-down menu.

3. Enter backup in the search box, and press Enter.

4. Scroll down to the Home User Backup package, and select it.

5. When you are asked if you want to install bundled applications (this refersto the Home User Restore application), click Install All.

6. Select the Home User Backup and Home User Restore check boxes.

7. Click Apply Changes (see Figure 8).Figure 8. Installing Home User Backup and Home User Restore

8. Click Apply in the next window, and then enter your password and clickOK.

Perform a backup

After installing the programs, you can follow these steps to perform a backup:




1. Select System > Administration > Home User Backup/Restore.

2. When the program is launched, you're given the option to back up all filesin the home folder or back up a specific folder. The first time you performa back up, you should select the All Files option.Subsequently, when you make significant changes, you can select onlyspecific folders to back up. After you have a complete backup of yourfiles, performing selective backups is a more efficient use of your storageand computing resources.

3. Specify where you want to save the backup file. Backing up to anattached storage drive rather than a folder on the computer is preferredbecause it offers you better protection in the event of a complete systemfailure.

4. Click Backup.

5. Home Backup User asks if you want to verify the integrity of the data. It isa good practice to use this option, because you'll have greater confidencethat the backup file can be successfully restored if you need it.

6. When the backup completes, the backup location should contain two filesnamed master-archive.dar and master-catalog.dar file.

Restore data

To restore data that has been backed up, follow these steps:

1. Create a target folder where you want to put the restored files. It's a goodpractice to create this folder on the desktop.

2. Launch the terminal.

3. At the prompt, enter: sudo dar -x /path/archive_file -R/path/targetfolder

4. When prompted, enter your password. The restore process populates thetarget folder with the data contained in your backup file.




Section 6. Installing updates

Many attacks against computers are launched when a malicious hacker finds avulnerability in the operating-system software or another piece of software thecomputer is running. When software (including operating systems) is released, itoften contains multiple vulnerabilities that malicious hackers can exploit. Over time,software developers and security experts find these vulnerabilities and createpatches and updates for the software to plug the holes.

As a computer user, it is essential for you to make sure your operating system andsoftware are up to date. Most operating systems have a built-in feature that informsyou when updates are available, and many of the GNU/Linux distributions includethis type of functionality.

Ubuntu uses an orange icon on the menu bar of the desktop to alert you about newupdates for all software maintained in the Ubuntu repositories. Clicking this iconbrings up the Update Manager window (see Figure 9).

In the Update Manager window you can select or clear the check boxes to indicatewhich programs you do or do not want to update. You then click Install updates tobegin the process. You're told what changes will be made and given an estimate ofhow long the update should take; you then have the option to cancel the update orcontinue installing any new packages. If any errors occur during the update, you'realerted.

Figure 9. Updating the operating system and other software




Section 7. Password-protecting the bootloader

When you're using GNU/Linux, you can boot the computer to change the rootpassword without having to enter a password. This is called single-user mode. Thissection shows you how to password-protect this feature.

First, password-protect the GRUB bootloader. If you are using LILO, follow thesesteps:





2. At the prompt, enter: grub

3. To make sure you don’t store the password you're going to create in plaintext, enter: md5crypt

4. At the prompt, enter the password you wish to use for single-user mode.

5. You are then given an encrypted version of the password. Don't close thisterminal window–you'll need this encrypted password in the next steps.

Edit the GRUB configuration file

To edit the GRUB configuration file, follow these steps (before editing you will backthe file up):

1. Open a new terminal window.

2. Enter the following command: sudo cp /boot/grub/menu.lst/boot/grub/menu.lst-backup


4. Enter the following command: gedit /boot/grub/menu.lst

5. This takes you to the Grub configuration file. Locate the line in the file thatreads: password md5 -- and replace the existing password with theencrypted password you created earlier in this section. Listing 1 showswhat your GRUB configuration file should look like when the passwordhas been changed.

Listing 1. GRUB configuration file, after the password change

# Set a timeout, in SEC seconds before automatically booting the defaultentry# (normally the first entry defined).timeout 3

## hiddenmenu# Hides the menu by default (press ESC to see the menu)hiddenmenu

# Pretty colours#color cyan/blue while/blue

## password ['--md5'] passwd# If used in the first section of the menu file, disable all interactiveediting# control (menu entry editor and command-line) and entries protected by the# command 'lock'




# e.g. password topsecret# password --md5 $1$jLhUO/$aW78kHK1QfV3P2b2znUoe/# password topsecret

## examples## title Windows 95/98/NT/2000

Unlike GRUB, LILO doesn't allow for encrypted passwords. If you're using the LILObootloader follow these steps:


2. At the prompt, enter: edit cat /etc/lilo.conf

3. When the editor opens, search for the password section, and create anew password there.

Section 8. Conclusion

This tutorial has introduced a few tools that can help you harden your GNU/Linuxdesktop. It's important to note that even if you install all the tools available to protectyour computer and the data stored within, ultimately you are responsible for usingthose tools.

Set a schedule to check for updates to ClamAV and rkhunter. Make it a commonpractice to run these utilities on a weekly basis and whenever you install newsoftware. Set a backup schedule for your data, and, most important, stay up to dateon trends in computer security.




Resources

Learn

• In the developerWorks Linux zone, find more resources for Linux developers(including developers who are new to Linux), and scan our most popular articlesand tutorials.

• See all Linux tips and Linux tutorials on developerWorks.

• Stay current with developerWorks technical events and Webcasts.

Get products and technologies

• Download Ubuntu for use in the hands-on portion of this tutorial.

• Download Sun VirtualBox to create a virtual machine you can use to practicethe lessons in this tutorial.

• Order the SEK for Linux, a two-DVD set containing the latest IBM trial softwarefor Linux from DB2®, Lotus®, Rational®, Tivoli®, and WebSphere®.

• With IBM trial software, available for download directly from developerWorks,build your next development project on Linux.

Discuss

• Get involved in the developerWorks community through blogs, forums,podcasts, and spaces.

About the author

Jeffrey OrloffJeffrey Orloff serves as the Director of IT and Security for SafeWave, LLC. He alsoworks as the technology coordinator for the School District of Palm Beach County'sDepartment of Alternative Education/DJJ.

Trademarks

IBM, the IBM logo, ibm.com, DB2, developerWorks, Lotus, Rational, Tivoli, andWebSphere are trademarks or registered trademarks of International BusinessMachines Corporation in the United States, other countries, or both. These and otherIBM trademarked terms are marked on their first occurrence in this information withthe appropriate symbol (® or ™), indicating US registered or common law



http://www.ibm.com/developerworks/linux/

http://www.ibm.com/developerworks/linux/newto/

http://www.ibm.com/developerworks/linux/library/l-top-10.html

http://www.ibm.com/developerworks/linux/library/l-top-10.html

http://www.ibm.com/developerworks/views/linux/libraryview.jsp?topic_by=All+topics+and+related+products&sort_order=desc&lcl_sort_order=desc&search_by=linux+tip%3A&search_flag=true&type_by=All+Types&show_abstract=true&start_no=1&sort_by=Date&end_no=100&show_all=false

http://www.ibm.com/developerworks/views/linux/libraryview.jsp?topic_by=All+topics+and+related+products&sort_order=desc&lcl_sort_order=desc&search_by=&search_flag=&type_by=Tutorials&show_abstract=true&sort_by=Date&end_no=100&show_all=false

http://www.ibm.com/developerworks/offers/techbriefings/

http://www.ubuntu.com/getubuntu/download

http://www.virtualbox.org/

http://www.ibm.com/developerworks/offers/sek/

http://www.ibm.com/developerworks/downloads/

http://www.ibm.com/developerworks/community


trademarks owned by IBM at the time this information was published. Suchtrademarks may also be registered or common law trademarks in other countries.See the current list of IBM trademarks.Cell Broadband Engine is a trademark of Sony Computer Entertainment, Inc. in theUnited States, other countries, or both and is used under license therefrom.Linux is a trademark of Linus Torvalds in the United States, other countries, or both.Windows is a trademark of Microsoft Corporation in the United States, othercountries, or both.UNIX is a registered trademark of The Open Group in the United States and othercountries.





Documents

Linux Harden Desktop