Jboss Hosting, Web Hosting Php - Php4, Php5 Programming Blog

CHAPTER 10 PERSONALIZING UBUNTU: GETTING EVERYTHING JUST RIGHT 141 Changing Individual Theme Components You can alter the three aspects that constitute a GNOME theme: the controls (sometimes known as widgets), the window borders, and the icons. Controls are simply the elements you click within dialog boxes and windows: buttons, scroll bars, and so on. The window borders are, as seems obvious, the borders of program windows and dialog boxes, with particular attention paid to the top of the window, where the program name appears along with the minimize, maximize, and close buttons. Note To make matters a little confusing, some window borders have their own selection of close, minimize, and maximize controls, which can t be overridden with individual selections for controls. To make changes to a theme, click the Theme Details button in the Theme Preferences dialog box (Figure 10-1), and then click each tab to see your choices, as shown in Figure 10-2. Unfortunately, there are no thumbnail previews of each style, but as soon as you click each option, it will be automatically applied to the currently open windows. To preview the effects fully, the best policy is to keep a Nautilus window open (Places . Desktop). Figure 10-2. You can create a theme by choosing you own controls, window borders, and icons. When you ve made your choices, you can save the theme for further use. Simply click the Save Theme button in the Theme Preferences dialog box. You ll need to give the theme a name

140 CHAPTER 10 PERSONALIZING UBUNTU: GETTING EVERYTHING JUST RIGHT However, unlike Windows themes, most GNOME themes don t change the fonts used on the desktop, and the wallpaper and color scheme will probably remain broadly the same. You can change these manually, as described in the Setting Font Preferences and Changing the Wallpaper sections a bit later in this chapter. To alter the theme, select System . Preferences . Theme. Then it s simply a matter of choosing a theme from the list in the Theme Preferences dialog box, as shown in Figure 10-1. A useful hint is to open a Nautilus file browser window in the background (Places . Desktop), so you can see how the changes will affect a typical window. Note The default Ubuntu theme is called Human and is designed to represent the skin tones of the world s population. This is intended to reflect Ubuntu s mission of being accessible to everyone, no matter where or who they are. Figure 10-1. Ubuntu comes with several theme choices. My favorite themes are Clearlooks and Mist, largely because they re simple and uncomplicated. Remember that you ll be working with the theme on a daily basis, so it should be practical and not too distracting. Those miniature close, minimize, and maximize buttons might look stylish, but they re useless if they re so small that you can t reliably click them with your mouse. As well as changing the overall theme, you can also modify individual theme components, and even download more theme components.

CHAPTER 10 Personalizing Ubuntu: Getting Everything Just Right If you ve read this book from Chapter 1, by this stage, you no doubt have become comfortable with Ubuntu. You ve started to realize its advantages and are on the way to making it your operating system of choice. But things might still not be quite right. For instance, you might find the color scheme is not to your tastes. Or perhaps you feel that the mouse cursor moves a little too fast (or too slowly). Maybe you simply want to stamp your own individuality on your system to make it your very own. That s what this chapter is all about. We look at personalizing Ubuntu so that you re completely happy with your user experience. Changing the Look and Feel Ubuntu is similar to Windows in many ways, but the developers behind it introduced improvements and tweaks that many claim make the software easier to use. For example, Ubuntu offers multiple virtual desktops long considered a very useful user-interface feature that seems to have passed Microsoft by. It also moves the programs menu to the top of the screen, leaving the whole width of the screen at the bottom to display taskbar buttons. This is very sensible, because the buttons don t look cramped when more than a handful of applications are open. However, if you re not satisfied with Ubuntu s out-of-the-box look and feel, you can change it. You might be used to changing the desktop colors or wallpaper under Windows, but Ubuntu goes to extremes and lets you alter the look and feel of the entire desktop. Everything from the styling of the program windows to the desktop icons can be altered quickly and easily. Altering the Theme Ubuntu refers to the look of the desktop as a theme. Because it s built on the GNOME desktop, Ubuntu allows you to radically personalize your desktop theme. Several different themes come with the distribution, and you can download many more themes. Each lets you change the way the windows look, including the buttons and the icon set (although some themes come without additional icons).

CHAPTER 9 HOW TO SECURE YOUR COMPUTER Summary In this chapter, we ve looked at what threats your system faces and how security holes can be exploited by malicious interests. You learned about measures you can take to protect your system, such as updating it online and configuring the system s firewall. We also discussed some common-sense rules you can follow to keep your system safe. In the next chapter, we move on to looking at how your Ubuntu system can be personalized and how to set up everything to suit your own preferences.

136 CHAPTER 9 HOW TO SECURE YOUR COMPUTER Figure 9-6. By deactivating traceroute, ping, and other services, you can add extra protection to your PC. 3. Click the Accept button to finish. PARANOIA AND SECURITY There s a fine line between security and paranoia. Using Firestarter gives you the opportunity to ensure your system is secure, without needing to constantly reassess your system for threats and live in fear. When considering your system security, remember that most burglars don t enter a house through the front door. Most take advantage of an open window or poor security elsewhere in the house. In other words, when configuring your system s security, you should always select every option and extra layer of security, even if it might not appear to be useful. You should lock every door and close every window, even if you don t think an attacker would ever use them. Provided a security setting doesn t impact your ordinary use of the computer, you should select it. For example, deactivating the ping response of your computer might sound like a paranoid action, but it s useful on several levels. First, it means your computer is less easy to detect when it s online. Second, and equally important, it means that if there s ever a security flaw in the ping tool (or any software connected with it), you ll be automatically protected. This illustrates how you must think when configuring your system s security. Try to imagine every situation that might arise. Remember that you can never take too many precautions!

CHAPTER 9 HOW TO SECURE YOUR COMPUTER that isn t authorized will be refused; as far as the program sending the data is concerned, it will be as if your computer did not have a network or Internet connection. Here s how to set outbound connection rules: 1. In the Firestarter main window, click the Policy tab. Select Outbound Traffic Policy in the Editing drop-down list. 2. Click the Restrictive by Default, Whitelist Traffic radio button. 3. In the second empty box at the bottom of the Policy tab, right-click and select Add Rule. 4. The Add New Outbound Rule dialog box appears. Select the type of data connection you wish to allow. At the very least, you should select HTTP. This will allow your web browser to operate correctly (it s also needed to allow the Synaptic Package Manager and Update Manager programs to work). You should also add a rule for POP3 and another for SMTP, without which your e-mail program won t work. Selecting the type of service will fill in the Port box automatically. You shouldn t alter this unless you know what you re doing. 5. Click the Add button to add the rule. Back in the Firestarter main window, click Apply Policy. 6. Test your settings with a program that uses the services you ve just authorized. Caution If you created an inbound rule, you ll need to create a matching outbound rule. If you created an incoming rule for BitTorrent, for example, you ll need to create an outgoing rule for BitTorrent, too. You can delete both incoming and outgoing rules by right-clicking their entries in the list. Turning Off Diagnostic Services Certain network tools can be misused by crackers in order to break into a computer or just cause it problems. In the past, the traceroute and ping tools, among others, have been used to launch denial-of-service (DoS) attacks against computers. Ubuntu is set to allow these tools to operate by default. If you want to adopt a belts-andbraces approach to your computer s security, you can opt to disable them. If you don t know what ping and traceroute are, you re clearly not going to miss them, so there will be no harm in disallowing them. Here s how: 1. In the Firestarter main window, click Edit . Preferences. 2. On the left side of the Preferences window, click ICMP Filtering. Then click the Enable ICMP Filtering check box, as shown in Figure 9-6. Don t put a check in any of the boxes underneath, unless you specifically want to permit one of the services.

134 CHAPTER 9 HOW TO SECURE YOUR COMPUTER Figure 9-5. Creating an inbound rule enables computers to connect to your PC uninvited. 4. If you know the IP address of the computer that s going to make the incoming connection, you can click the IP, Host or Network radio button, and then type in that address. However, the default of Anyone will allow anyone using any IP address to connect to your computer. 5. Click Add. Back in the main Firestarter window, click the Apply Policy button. Note You ll need to return to Firestarter whenever you activate new services on your computer. For example, in Chapter 12, we will look at accessing Windows shares across a network, and you ll need to enable SMB incoming and outgoing access for this to work. In Chapter 34, we will look at using the SSH service, which will have to be allowed through the firewall. In other words, securing your computer isn t something you can do once and then forget about. It s a continual process. Setting Outbound Rules By default, Firestarter allows all types of outgoing connections and, as with its incoming connections policy, this is by no means a bad choice for the average user. It s certainly the option that involves the least fuss. However, by opting to go with a restrictive traffic policy, you can completely control what kind of data leaves your computer. Any type of data connection

CHAPTER 9 HOW TO SECURE YOUR COMPUTER Outbound traffic is any kind of data originating on your computer that is sent out on the network and/or Internet. By default, Firestarter allows out all data, no matter what it is. This is described as a permissive policy. But Firestarter can be configured to block all outgoing connections apart from those you opt to allow through. This is described as a restrictive policy and can be useful in blocking certain types of programs that phone home with personal data about you, such as spyware. It can also prevent certain types of viruses and worms from spreading. The downside is that you must configure Firestarter to take into account every type of outgoing data connection, such as those for web browsers, instant messaging programs, and so on. You can configure Firestarter by clicking the Policy tab in the main program window. Click the Editing drop-down list and choose to configure either the inbound traffic policy or the outbound traffic policy. Note Firestarter is used only to configure the built-in firewall and doesn t need to be running for the firewall to work. Once you ve finished configuration, you can quit the program. You ll need to use it again only if you wish to reconfigure the firewall. Setting Inbound Rules For most users, Firestarter s default inbound traffic policy will be perfectly acceptable. It configures the firewall to disallow all uninvited incoming data connection, apart from certain diagnostic tools, such as ping, traceroute, and so on. You can choose to disallow those as well, as described shortly in the Turning Off Diagnostic Services section. You might wish to allow an incoming connection if you intend to connect to your computer via SSH from a remote location or if you have a shared folder created for other computers in your office. It s a must if you re running the BitTorrent file sharing application. Additionally, if you run a web, e-mail, or other type of server on your computer, you will need to allow the correct type of incoming connection here. Here s how to set inbound connection rules: 1. In the Firestarter main window, click the Policy tab. Select Inbound Traffic Policy in the Editing drop-down list. 2. Right-click in the second box on the Policy tab (with the headings Allow Service / Port / For), and then select Add Rule. 3. The Add New Inbound Rule dialog box appears. In the Name drop-down list, select the type of outgoing connection you want to allow, as shown in Figure 9-5. To allow others to access shared folders on your computer, select Samba (SMB). To allow SSH or BitTorrent connections to your computer, select the relevant entry from the list. Selecting the service will automatically fill in the Port box, which you shouldn t alter unless you know exactly what you re doing.

132 CHAPTER 9 HOW TO SECURE YOUR COMPUTER Figure 9-4. Firestarter includes a wizard to walk you through the basics of firewall configuration. 6. Put a check in the IP address is assigned via DHCP box, unless you re using a modem. 7. You re asked if you want to enable Internet connection sharing. This allows you to turn your computer into an Internet router and can be very useful in certain circumstances. You can activate this later on by running the wizard again (to rerun the wizard, simply click Firewall on Firestarter s main window, and then click Run Wizard). 8. Save your settings. The Firestarter main window then opens. Configuring Firestarter Firestarter works by controlling the data that goes in and out of your computer via your Internet or network connection. By default, it blocks every type of uninvited inbound connection but allows every type of outbound connection. This needs some explanation. Whenever you click a link on a web page, your computer sends a request for data to the web server hosting the web page. Within a few milliseconds, that data will be sent to your computer. This is an inbound data connection. The Linux firewall is clever enough to realize that the data was requested by you, so it is allowed through. However, any uninvited connections are turned away. If, out of the blue, someone attempts to connect to your computer via the popular Secure Shell (SSH) tool, as just one example, he won t be allowed to make that connection. This is a good thing because it makes your computer secure. Crackers are turned away whenever they try to connect, no matter how they try to connect. But in some circumstances, allowing uninvited connections is useful. For example, if you create a shared folder for other computers in your office to connect to, they will frequently make uninvited inbound connections to your computer. And if you want to make use of SSH to connect to your computer remotely, you will need to allow such incoming connections. Therefore, Firestarter lets you allow through certain types of inbound connections.

CHAPTER 9 HOW TO SECURE YOUR COMPUTER Once the downloads have finished, you probably won t need to reboot unless the kernel file has been updated. The Software Update program will inform you if you need to restart the computer. The Ubuntu Firewall A firewall is a set of programs that protects your PC when it s online. It does this by watching what data attempts to enter your PC from the Internet and allowing in only what it is sure is secure (which usually is what you ve asked for). It also attempts to close off various aspects of your Internet connection, so that crackers don t have a way in should they target your system. Although Ubuntu includes a powerful firewall in the form of iptables, you ll also need a program that can manage it. Here, I ll show you how to use Firestarter, available from the Ubuntu software repository, for this purpose. Together with the built-in firewall, this really does provide industrial-level protection. The benefit of configuring the firewall is that even if your system has security vulnerabilities because of buggy software, crackers will find it a lot harder to exploit them across the Internet. When someone attempts to probe your system, it will appear to be virtually invisible. Caution Although software firewalls such as the one built into Linux offer a high level of protection, it s best to use them in concert with a hardware firewall, such as that provided by most DSL/cable broadband routers (curiously, some of these routers actually use Linux s iptables software as well). Many security experts agree that relying solely on a software firewall to protect a PC affords less than the best level of protection. Installing Firestarter Let s get started by downloading and installing Firestarter. Follow these steps: 1. Select System . Administration . Synaptic Package Manager. Click the Search button and enter firestarter as a search term. In the list of results, locate the program and click the check box. Then choose to install the package. 2. After installing Firestarter, log out and then back in again (to update the menus to show Firestarter). 3. Once the desktop is back up and running, select Applications . System Tools . Firestarter. When you run Firestarter for the first time, it will walk you through a wizard. 4. Click to continue the wizard beyond the introductory page. 5. The first step asks which network interface Firestarter should configure, as shown in Figure 9-4. If you use an Ethernet card, have a wireless card, or attach a broadband modem directly to your computer, the answer will probably be eth0 or wlan0. However, if you use a modem, the answer is ppp0.