OS Install Experiences - Part 4: Ubuntu

Published in www.hermann-uwe.de - 06-06-2006

Note: This article is part of my OS Install Experiences series.

Next OS — the recently released Debian-derived distribution Ubuntu 6.06 (Dapper Drake).

Install

  1. First, I downloaded a Ubuntu 6.06 CD image, burned it on a CD, and booted from that.
  2. The first installer screen allows you to choose between a normal install, "safe graphics mode", "check CD for defects", "memory test", and "boot from first hard disk". If you hit enter and wait a few minutes, you're dropped right into a fully working GNOME session (think Live-CD). No user-iteraction is required at all...
  3. If you like you can use the system for normal tasks already (web browsing, whatever). If you want to install Ubuntu, you click the "Install" icon on the desktop...
  4. After choosing the language, timezone (by clicking on your country on a nice graphical world map!), and keyboard layout, the installation begins.
  5. You must enter your user password (no root password, in Ubuntu you have to use sudo for everything which requires root permissions), user account name, and (ugh!) you must enter a full name (same annoying behaviour as with PC-BSD).
  6. The partitioning tool is graphical and quite easy to use. It takes ages to scan the disk(s) and partitions though (yes, I have quite a lot of them, but still)...
  7. That's mostly it, the installation of the packages starts now, and after it's finished, a window pops up asking you whether you want to reboot or continue using the Live CD for a little longer.
  8. What's noticeable is that I was not asked where or how I want to install a bootloader, Ubuntu simply scans the disks, tries to detect the OSes and writes itself into the MBR. Which sucks quite a bit, especially for more complicated setups like I'm using here. For example, it didn't detect the PC-BSD installation, so I can no longer boot that for now (need to fix GRUB manually).
  9. That's it, after a reboot you're dropped into GNOME and the installation is done. Pretty impressive how easy such Linux installations have gotten recently...

Security

Continue reading here...

  • netstat output:

    tcp 0 0 localhost:60450 *:* LISTEN 4527/python
    tcp 0 0 localhost:49253 *:* LISTEN 4512/hpiod
    tcp 0 0 localhost:ipp *:* LISTEN 4583/cupsd
    udp 0 0 *:bootpc *:* 3957/dhclient3

  • Some permissions:

    drwxr-xr-x 3 root root 4096 2006-06-04 23:48 /home
    drwxr-xr-x 2 root root 4096 2006-05-31 02:49 /root
    drwxrwxrwt 10 root root 4096 2006-06-04 23:34 /tmp
    drwxr-xr-x 13 uwe uwe 4096 2006-06-04 23:35 /home/uwe
    /dev:
    crw-rw---- 1 root audio 14, 12 2006-06-05 00:00 adsp
    crw-rw---- 1 root video 10, 175 2006-06-05 00:00 agpgart
    crw-rw---- 1 root root 10, 134 2006-06-04 23:00 apm_bios
    crw-rw---- 1 root audio 14, 4 2006-06-05 00:00 audio
    drwxr-xr-x 3 root root 60 2006-06-05 00:00 bus
    crw-rw---- 1 root video 226, 0 2006-06-04 23:00 card0
    crw------- 1 root root 5, 1 2006-06-04 23:00 console
    drwxr-xr-x 6 root root 120 2006-06-05 00:00 disk
    crw-rw---- 1 root audio 14, 10 2006-06-05 00:00 dmfm
    drwxr-xr-x 2 root root 60 2006-06-04 23:00 dri
    crw-rw---- 1 root audio 14, 3 2006-06-05 00:00 dsp
    drwxr-xr-x 4 root root 520 2006-06-05 00:00 evms
    crw-rw---- 1 root video 29, 0 2006-06-05 00:00 fb0
    brw-rw---- 1 root floppy 2, 0 2006-06-05 00:00 fd0
    crw-rw-rw- 1 root root 1, 7 2006-06-05 00:00 full
    brw-rw---- 1 root disk 3, 0 2006-06-05 00:00 hda*
    brw-rw---- 1 root disk 3, 64 2006-06-05 00:00 hdb*
    brw-rw---- 1 root cdrom 22, 64 2006-06-05 00:00 hdd
    prw------- 1 root root 0 2006-06-05 00:00 initctl
    drwxr-xr-x 2 root root 100 2006-06-05 00:00 .initramfs
    -rw-r--r-- 1 root root 0 2006-06-05 00:00 .initramfs-tools
    drwxr-xr-x 2 root root 160 2006-06-05 00:00 input
    crw-r----- 1 root kmem 1, 2 2006-05-31 03:15 kmem
    crw-rw---- 1 root root 1, 11 2006-06-05 00:00 kmsg
    srw-rw-rw- 1 root root 0 2006-06-04 23:10 log
    drwxr-xr-x 2 root root 60 2006-05-31 02:50 loop
    crw-rw---- 1 root lp 6, 0 2006-06-05 00:00 lp0
    crw------- 1 root root 109, 0 2006-06-05 00:00 lvm
    drwxr-xr-x 2 root root 60 2006-06-05 00:00 mapper
    brw-r--r-- 1 root root 9, 0 2006-06-05 00:00 md*
    crw-r----- 1 root kmem 1, 1 2006-06-05 00:00 mem
    crw-rw---- 1 root audio 14, 0 2006-06-05 00:00 mixer
    drwxr-xr-x 2 root root 60 2006-05-31 02:50 net
    crw-rw-rw- 1 root root 1, 3 2006-05-31 03:15 null
    crw-rw---- 1 root video 195, 0 2006-06-04 23:00 nvidia0
    crw-rw---- 1 root video 195, 255 2006-06-04 23:00 nvidiactl
    crw-rw---- 1 root lp 99, 0 2006-06-04 23:00 parport0
    crw-r----- 1 root kmem 1, 4 2006-06-05 00:00 port
    crw------- 1 root root 108, 0 2006-05-31 03:15 ppp
    crw-rw---- 1 root root 10, 1 2006-06-05 00:00 psaux
    crw-rw-rw- 1 root root 5, 2 2006-06-04 23:35 ptmx
    drwxr-xr-x 2 root root 0 2006-06-05 00:00 pts
    crw-rw-rw- 1 root tty 2, 176 2006-06-05 00:00 pty*
    brw-rw---- 1 root disk 1, 0 2006-06-05 00:00 ram*
    crw-rw-rw- 1 root root 1, 8 2006-06-05 00:00 random
    crw-rw---- 1 root audio 10, 135 2006-06-05 00:00 rtc
    drwxrwxrwt 2 root root 40 2006-06-05 00:00 shm
    drwxr-xr-x 2 root root 200 2006-06-05 00:00 snd
    drwxr-xr-x 3 root root 60 2006-06-05 00:00 .static
    crw-rw-rw- 1 root root 5, 0 2006-06-04 23:21 tty
    crw-rw---- 1 root root 4, 0 2006-06-04 23:00 tty0
    crw------- 1 root root 4, 1 2006-06-04 23:00 tty[1-6]
    crw-rw---- 1 root root 4, 10 2006-06-05 00:00 tty[7..*]
    crw-rw-rw- 1 root tty 3, 176 2006-06-05 00:00 tty*
    crw-rw-rw- 1 root tty 3, 48 2006-06-05 00:00 ttys*
    crw-rw---- 1 root dialout 4, 64 2006-06-05 00:00 ttyS*
    drwxr-xr-x 4 root root 80 2006-06-04 23:30 .udev
    crw-rw-rw- 1 root root 1, 9 2006-06-05 00:00 urandom
    crw-rw---- 1 root root 7, 0 2006-06-05 00:00 vcs*
    prw-r----- 1 root adm 0 2006-06-04 23:34 xconsole
    crw-rw-rw- 1 root root 1, 5 2006-06-05 00:00 zero

    At least /root and /home/* could use a chmod 700.

  • Default users and shells:

    root:x:0:0:root:/root:/bin/bash
    daemon:x:1:1:daemon:/usr/sbin:/bin/sh
    bin:x:2:2:bin:/bin:/bin/sh
    sys:x:3:3:sys:/dev:/bin/sh
    sync:x:4:65534:sync:/bin:/bin/sync
    games:x:5:60:games:/usr/games:/bin/sh
    man:x:6:12:man:/var/cache/man:/bin/sh
    lp:x:7:7:lp:/var/spool/lpd:/bin/sh
    mail:x:8:8:mail:/var/mail:/bin/sh
    news:x:9:9:news:/var/spool/news:/bin/sh
    uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
    proxy:x:13:13:proxy:/bin:/bin/sh
    www-data:x:33:33:www-data:/var/www:/bin/sh
    backup:x:34:34:backup:/var/backups:/bin/sh
    list:x:38:38:Mailing List Manager:/var/list:/bin/sh
    irc:x:39:39:ircd:/var/run/ircd:/bin/sh
    gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
    nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
    dhcp:x:101:101::/nonexistent:/bin/false
    syslog:x:102:102::/home/syslog:/bin/false
    klog:x:103:103::/home/klog:/bin/false
    cupsys:x:100:106::/home/cupsys:/bin/false
    messagebus:x:104:107::/var/run/dbus:/bin/false
    haldaemon:x:108:108:Hardware abstraction layer,,,:/var/run/hal:/bin/false
    hplip:x:105:7:HPLIP system user,,,:/var/run/hplip:/bin/false
    gdm:x:106:111:Gnome Display Manager:/var/lib/gdm:/bin/false
    uwe:x:1000:1000:U,,,:/home/uwe:/bin/bash

  • Setuid/setgid files:

    # find / -type f \( -perm -4000 -o -perm -2000 \) -exec ls -ld '{}' \;
    -rwsr-xr-x 1 root root 3172 2006-05-11 13:50 /bin/check-foreground-console
    -rwsr-xr-x 1 root root 75088 2006-05-16 03:43 /bin/mount
    -rwsr-xr-x 1 root root 30724 2005-11-11 01:15 /bin/ping
    -rwsr-xr-x 1 root root 26556 2005-11-11 01:15 /bin/ping6
    -rwsr-xr-x 1 root root 24008 2006-04-03 15:37 /bin/su
    -rwsr-xr-x 1 root root 56808 2006-05-16 03:43 /bin/umount
    -rwsr-xr-- 1 root dhcp 2844 2006-05-05 17:02 /lib/dhcp3-client/call-dhclient-script
    -rwsr-xr-x 1 root root 13164 2006-01-17 13:18 /sbin/cardctl
    -rwxr-sr-x 1 root shadow 15980 2006-05-12 19:42 /sbin/unix_chkpwd
    -rwsr-sr-x 1 root root 18066 2006-05-28 21:35 /usr/bin/X
    -rwsr-xr-x 1 root root 10588 2005-11-11 01:15 /usr/bin/arping
    -rwsr-sr-x 1 daemon daemon 37416 2006-05-08 23:44 /usr/bin/at
    -rwxr-sr-x 1 root tty 7768 2005-10-25 04:13 /usr/bin/bsd-write
    -rwxr-sr-x 1 root shadow 35452 2006-04-03 15:37 /usr/bin/chage
    -rwsr-xr-x 1 root root 27900 2006-04-03 15:37 /usr/bin/chfn
    -rwsr-xr-x 1 root root 23452 2006-04-03 15:37 /usr/bin/chsh
    -rwxr-sr-x 1 root crontab 26668 2005-11-15 13:42 /usr/bin/crontab
    -rwxr-sr-x 1 root shadow 16040 2006-04-03 15:37 /usr/bin/expiry
    -rwsr-xr-x 1 root root 22324 2005-12-31 19:19 /usr/bin/fping
    -rwsr-xr-x 1 root root 23188 2005-12-31 19:19 /usr/bin/fping6
    -rwsr-xr-x 1 root root 34248 2006-04-03 15:37 /usr/bin/gpasswd
    -rwsr-xr-x 1 cupsys lpadmin 8884 2006-05-17 14:47 /usr/bin/lppasswd
    -rwsr-xr-x 1 root root 44988 2005-07-07 12:15 /usr/bin/mtr
    -rwsr-xr-x 1 root root 22732 2006-04-03 15:37 /usr/bin/newgrp
    -rwsr-xr-x 1 root root 26972 2006-04-03 15:37 /usr/bin/passwd
    -rwsr-xr-- 1 root plugdev 28316 2006-05-12 11:33 /usr/bin/pmount
    -rwsr-xr-- 1 root plugdev 20808 2006-05-12 11:33 /usr/bin/pumount
    -rwxr-sr-x 1 root utmp 302096 2006-04-26 23:40 /usr/bin/screen
    -rwxr-sr-x 1 root slocate 30884 2006-01-07 16:44 /usr/bin/slocate
    -rwxr-sr-x 1 root ssh 57824 2006-05-18 02:43 /usr/bin/ssh-agent
    -rwsr-xr-x 1 root root 93844 2006-05-17 10:41 /usr/bin/sudo
    -rwsr-xr-x 1 root root 10460 2005-11-11 01:15 /usr/bin/traceroute6
    -rwxr-sr-x 1 root tty 10292 2006-05-16 03:43 /usr/bin/wall
    -rwxr-sr-x 1 root utmp 279968 2006-05-18 08:45 /usr/bin/xterm
    -rwxr-sr-x 1 root games 75636 2006-04-10 11:32 /usr/games/glines
    -rwxr-sr-x 1 root games 82644 2006-04-10 11:32 /usr/games/gnibbles
    -rwxr-sr-x 1 root games 90004 2006-04-10 11:32 /usr/games/gnobots2
    -rwxr-sr-x 1 root games 95108 2006-04-10 11:32 /usr/games/gnometris
    -rwxr-sr-x 1 root games 77908 2006-04-10 11:32 /usr/games/gnomine
    -rwxr-sr-x 1 root games 39796 2006-04-10 11:32 /usr/games/gnotravex
    -rwxr-sr-x 1 root games 40564 2006-04-10 11:32 /usr/games/gnotski
    -rwxr-sr-x 1 root games 52692 2006-04-10 11:32 /usr/games/gtali
    -rwxr-sr-x 1 root games 92884 2006-04-10 11:32 /usr/games/mahjongg
    -rwxr-sr-x 1 root games 69300 2006-04-10 11:32 /usr/games/same-gnome
    -rwsr-xr-- 1 root messagebus 2724 2006-05-15 21:43 /usr/lib/dbus-1.0/dbus-foreground-console
    -rwsr-xr-x 1 root root 4140 2006-05-11 11:46 /usr/lib/eject/dmcrypt-get-device
    -rwxr-sr-x 1 root mail 8780 2006-05-10 22:25 /usr/lib/evolution/camel-lock-helper-1.2
    -rwxr-sr-x 1 root utmp 9256 2006-04-27 13:35 /usr/lib/libvte4/gnome-pty-helper
    -rwsr-xr-x 1 root root 131792 2006-05-18 02:43 /usr/lib/openssh/ssh-keysign
    -rwsr-xr-x 1 root root 5716 2006-05-21 20:46 /usr/lib/pt_chown
    -rwsr-xr-- 1 root dip 257720 2006-02-23 17:33 /usr/sbin/pppd

  • World-writable files:

    # find / -not -type l -perm -o+w -exec ls -ld '{}' \;
    drwxrwxrwt 3 root root 80 2006-06-05 00:00 /var/lock
    srw-rw-rw- 1 root root 0 2006-06-04 23:00 /var/run/sdp
    srwxrwxrwx 1 root root 0 2006-06-04 23:00 /var/run/dbus/system_bus_socket
    srwxrwxrwx 1 root root 0 2006-06-04 23:00 /var/run/cups/cups.sock
    drwxrwxrwt 2 root root 4096 2006-05-22 16:00 /var/tmp
    srw-rw-rw- 1 root root 0 2006-06-04 23:10 /dev/log
    crw-rw-rw- 1 root root 226, 0 2006-06-04 23:00 /dev/dri/card0
    drwxrwxrwt 2 root root 40 2006-06-05 00:00 /dev/shm
    crw-rw-rw- 1 root root 1, 3 2006-05-31 03:15 /dev/null
    crw-rw-rw- 1 root root 1, 7 2006-05-31 03:15 /dev/.static/dev/full
    crw-rw-rw- 1 root root 1, 3 2006-05-31 03:15 /dev/.static/dev/null
    crw-rw-rw- 1 root tty 5, 2 2006-05-31 03:15 /dev/.static/dev/ptmx
    crw-rw-rw- 1 root root 1, 8 2006-05-31 03:15 /dev/.static/dev/random
    crw-rw-rw- 1 root tty 5, 0 2006-05-31 03:15 /dev/.static/dev/tty
    crw-rw-rw- 1 root root 1, 5 2006-05-31 03:15 /dev/.static/dev/zero
    crw-rw-rw- 1 root tty 3, 175 2006-06-05 00:00 /dev/tty*
    crw-rw-rw- 1 root root 5, 0 2006-06-04 23:21 /dev/tty
    crw-rw-rw- 1 root root 5, 2 2006-06-04 23:41 /dev/ptmx
    crw-rw-rw- 1 root root 1, 5 2006-06-05 00:00 /dev/zero
    crw-rw-rw- 1 root root 1, 9 2006-06-05 00:00 /dev/urandom
    crw-rw-rw- 1 root root 1, 8 2006-06-05 00:00 /dev/random
    crw-rw-rw- 1 root root 1, 7 2006-06-05 00:00 /dev/full
    -rw-rw-rw- 1 root root 0 2006-06-04 23:42 /proc/*/task/*/attr/current
    -rw-rw-rw- 1 root root 0 2006-06-04 23:42 /proc/*/task/*/attr/exec
    -rw-rw-rw- 1 root root 0 2006-06-04 23:42 /proc/*/task/*/attr/fscreate
    [...]
    drwxrwxrwt 10 root root 4096 2006-06-04 23:34 /tmp
    drwxrwxrwt 2 root root 4096 2006-06-04 23:00 /tmp/.X11-unix
    srwxrwxrwx 1 root root 0 2006-06-04 23:00 /tmp/.X11-unix/X0
    drwxrwxrwt 2 root root 4096 2006-06-04 23:01 /tmp/.ICE-unix
    srwxrwxrwx 1 uwe uwe 0 2006-06-04 23:01 /tmp/.ICE-unix/5253
    srw-rw-rw- 1 root root 0 2006-06-04 23:00 /tmp/.gdm_socket
    drwxrwxrwt 2 uwe uwe 4096 2006-06-04 23:01 /tmp/.esd-1000
    srwxrwxrwx 1 uwe uwe 0 2006-06-04 23:01 /tmp/.esd-1000/socket

That's it.

Comments, suggestions, flames?

None
A comma-separated list of terms describing this content. Example: funny, bungee jumping, "Company, Inc.".