Ubuntu Gnome 14.04 setup
initial setup for ubuntu gnome 14.04


Ubuntu Gnome:

  • Sublime text 3

  • Haroopad - markdown editor

  • Virtualbox + Extension Pack

  • Gimp

    sudo add-apt-repository ppa:otto-kesselgulasch/gimp
    sudo apt-get update
    sudo apt-get install gimp
    sudo apt-get install gimp-plugin-registry
    sudo apt-get install gimp-gmic
    
  • Numix

    sudo add-apt-repository ppa:numix/ppa
    sudo apt-get update && sudo apt-get install numix-gtk-theme numix-icon-theme-circle
    
  • Utilitare & Diverse

    sudo apt-get install -y htop aptitude lm-sensors irssi wavemon whois vim steam privoxy filezilla vlc curl nmap redshift inkscape pwgen
    wget http://www.teamviewer.com/download/teamviewer_linux.deb
    
  • Gnome Extensions

  • SSH keys

    ssh-keygen -t ecdsa -b 521 -C "$(whoami)@$(hostname)-$(date -I)"
    
  • Use OpenSSH ssh-agent instead of the gnome keyring http://dtek.net/blog/how-stop-gnome-keyring-clobbering-opensshs-ssh-agent-ubuntu-1204

  • Add redshift to the autostart programs for Ro, Bucharest with: /usr/bin/redshift -l 44.25:26.06 -t 5700:3600 -g 0.8 -m vidmode &

  • Add HP wireless printer with sudo hp-setup -i. Adding the printer from the gnome gui does not work for simple scan.

  • Basic Iptables

    echo "up iptables-restore < /etc/iptables.ipv4" >> /etc/network/interfaces
    
    # drop weird packets
    -A INPUT -p tcp -m tcp --tcp-flags FIN,ACK FIN -j DROP
    -A INPUT -p tcp -m tcp --tcp-flags ACK,PSH PSH -j DROP
    -A INPUT -p tcp -m tcp --tcp-flags ACK,URG URG -j DROP
    -A INPUT -p tcp -m tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
    -A INPUT -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
    -A INPUT -p tcp -m tcp --tcp-flags FIN,RST FIN,RST -j DROP
    -A INPUT -p tcp -m tcp --tcp-flags ALL FIN,PSH,URG -j DROP
    -A INPUT -m state --state INVALID -j DROP
    # drop fragmented packets
    -A INPUT -f -j DROP
    # drop XMASS packets
    -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
    # drop NULL packets
    -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
    # limit 3 pings a second
    -A INPUT -p icmp --icmp-type 8 -m limit --limit 3/sec -j ACCEPT
    -A INPUT -p icmp --icmp-type 8 -j DROP
    # rate limit SSH
    #-A INPUT -p tcp --dport 22334 -i eth0 -m state --state NEW -m recent --set
    #-A INPUT -p tcp --dport 22334 -i eth0 -m state --state NEW -m recent  --update --seconds 60 --hitcount 4 -j DROP
    # accept established connections
    -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
    # drop policy for input
    #-P INPUT DROP
    # accept input trafic for ssh, http and mail
    #-A INPUT -p tcp --dport 22334 -j ACCEPT
    #-A INPUT -p tcp --dport 80 -j ACCEPT
    #-A INPUT -p tcp --dport 25 -j ACCEPT
    # drop all other input trafic
    #-A INPUT -j DROP
    # drop invalid forward packets
    #-A FORWARD -m state --state INVALID -j DROP
    # drop FORWARD trafic
    -P FORWARD DROP
    # drop invalid output packets
    -A OUTPUT -m state --state INVALID -j DROP
    
    echo "up ip6tables-restore < /etc/iptables.ipv6" >> /etc/network/interfaces
    
    # drop weird packets
    -A INPUT -p tcp -m tcp --tcp-flags FIN,ACK FIN -j DROP
    -A INPUT -p tcp -m tcp --tcp-flags ACK,PSH PSH -j DROP
    -A INPUT -p tcp -m tcp --tcp-flags ACK,URG URG -j DROP
    -A INPUT -p tcp -m tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
    -A INPUT -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
    -A INPUT -p tcp -m tcp --tcp-flags FIN,RST FIN,RST -j DROP
    -A INPUT -p tcp -m tcp --tcp-flags ALL FIN,PSH,URG -j DROP
    -A INPUT -m state --state INVALID -j DROP
    # drop fragmented packets
    #-A INPUT -f -j DROP
    # drop XMASS packet
    -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
    # drop NULL packets
    -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
    # limit 3 pings a second
    -A INPUT -p icmpv6 --icmpv6-type 8 -m limit --limit 3/sec -j ACCEPT
    -A INPUT -p icmpv6 --icmpv6-type 8 -j DROP
    # accept established connections
    -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
    
    # drop FORWARD trafic
    -P FORWARD DROP
    
    # drop invalid output packets
    -A OUTPUT -m state --state INVALID -j DROP
    
    COMMIT
    
  • Grub password grub-mkpasswd-pbkdf2 vim /etc/grub.d/40_custom

    set superuser="user"
    password_pbkdf2 user encryptedpass
    

    update-grub

  • Disable Magic SysRq

    echo 0 > /proc/sys/kernel/sysrq
    
  • Set limits on number of files opened and proceses in /etc/security/limits.conf

    http://askubuntu.com/questions/462112/nofile-ulimit-n-on-ubuntu-14-04-lts

    * hard nofile 94000
    * soft nofile 94000
    * hard noproc 64000
    * soft noproc 64000
    

Posted on:

August 19, 2014
669 words

Contact Me:

If you are interested in contacting me feel free to do so by mail or online:

nob {at} nob.ro