13 Important Privacy and Security Settings in Ubuntu Linux

Ubuntu Security Settings

Everybody should be concerned about their privacy and security in this day and age. It is a common misconception that if you are running Linux you do not need to concern yourselves with privacy and security issues. Every operating system has risks and vulnerabilities that can be exploited and leave you exposed.

In this article, you will learn about best practices that you can follow to avoid privacy risks and leaks.

Protect your user account with a strong password

This is compulsory, Always use password-protected user accounts on Desktop systems too. Use a password with strong complexity but memorability to ensure a more safe system.

Do not use an admin account for common use

Admin accounts held system-wide permissions which is not advisable for common use. Always use a standard or basic account for daily use. You can check your account status by going into Settings>Users.

Disable admin account

Set up your screen lock

You can manually lock your system by a simple shortcut Ctrl+Alt+L. But you should always ensure screen locks by using a screensaver. Simply go to Settings>Privacy>Screen Lock.

Enable lock screen

Update your system regularly

Make sure to keep your system updated. Linux releases update regularly, these updates have security packages that keep your security up-to-date. So launch your Software Updater and install any new updates.

Install security updates regularly

Keep your system clean

Make sure to only install applications that you need. More than necessary applications in your system will not only slow your system down but also expose it to more risks and vulnerabilities.

Clean up system

Browse websites with a valid SSL certificate only

When browsing and before giving any data on any website, always make sure the website is safe by checking the padlock icon color in your URL bar. It means your data will be transmitted using a secure socket layer (SSL) protocol and will not be exposed. Don’t share any info if the padlock icon is crossed out or red.

Check if SSL certificate of websites are valid

Encrypt data

Full disk encryption option is available to users during the installation of Linux systems. Full disk encryption will encrypt all your system and you will need a key even to start the system.

You can set this Encryption setting during Linux installation. In Installation type simply select the option Advanced Features and check the “Use LVM with the new Ubuntu Installation” and “Encrypt the new Ubuntu installation for Security” options.

Encrypt harddisk

This encryption is hard to set up if you miss them in installation. In that case, your best option is to keep an up-to-date backup of your files and update it regularly.

Turn on your local firewall

Linux comes with a built-in ufw firewall. You can easily configure it with its GUI application gufw. To install gufw, run the following command.

sudo apt install gufw

Install Firewall on Ubuntu

Turn on UFW Firewall

Use a Virtual Private Network (VPN)

You can take a step further to protect your network privacy and use a virtual private network. VPN will hide and encrypt your network traffic such that you would appear to be a user from a different location and country than your own.

Restrict privileged access with SELinux or AppArmor

SELinux and AppArmor are tools that can help users define application restrictions like access to processes and files. These applications will make sure the damage from any attack is contained and your other data is safe.

Enable SELinux or AppArmor

Check for rootkits

Rootkits are malicious software that remains hidden and can assume command and control of your system without your knowledge. Use chkrootkit which is a rootkit detection tool to check for rootkit in your system.

You can install chkrootkit by running the following command

sudo apt-get install chkrootkit

Check for rootkits

Once installed, run the chkrootkit.

sudo chkrootkit

Run chkrootkit

chkrootkit will scan your system for a while and let you know if you have any rootkit on your system.

Restrict remote connection settings

Secure Shell Protocol(SSH) is a protocol used for remote communication which presents a lot of risks to system privacy and security. But you can reduce the risk by making changes in the SSH config file by doing the following steps

Select a random free port that is not in use. To check if the new port is in use or free, run the following command.

nc -z <port number> && echo "IN USE" || echo "FREE"

Restrict remote connections

First to open the SSH config file, run the following command

sudo nano /etc/ssh/sshd_config

Now, search for the line with “Port 22” in the config file and change the port number to a new and free port number.

Next look for “PermitRootLogin” in the config file. Now you can change it to “PermitRootLogin no” if you don’t want to allow the root user to remote login.

Change SSH port

But if you still want the root user to allow remote login with SSH key-pair change it to “PermitRootLogin prohibit-password”.

Turn off daemons of listening services

You have some default applications that are running listening daemons on external ports. To check for such ports, run the following command.

netstat -lt

Check running daemons

Now see if you need these services or not. And shut down the unnecessary services.


In this article, you have learned some basic steps to increase privacy in the Linux system. If you have any more privacy tips, do not forget to share them in the comment below.