LinuxDevCenter.com
oreilly.comSafari Books Online.Conferences.

advertisement


Fine-Tuning Kubuntu

by Carla Schroder
03/09/2006

Kubuntu is the KDE-ized edition of Ubuntu Linux, the current Linux glamour distribution. Ubuntu is an excellent distribution, and I believe its popularity is due largely, in addition to technical and design excellence, to the Ubuntu philosophy. This is a lovely change of pace from the "survival of the loudest" atmosphere of some tech communities.

As nice as Kubuntu is, the default installation doesn't fit every user. This article shows how to get help, get access to more software packages, set up a firewall, and review and get rid of unnecessary services. This article covers Kubuntu 5.10, Breezy Badger.

Adding KDE to Ubuntu

You can download and perform a fresh new Kubuntu installation, or you can add the KDE part to Ubuntu. Ubuntu uses Gnome as its default desktop environment, but like any Linux, you can install whatever you want. If you're running Ubuntu and want to give KDE a try, run these commands to install the Kubuntu desktop:

$ sudo apt-get update
$ sudo apt-get install kubuntu-desktop

This not raw KDE, but the nicely customized Kubuntu KDE desktop.

Getting Help

Kubuntu comes with the good Kubuntu 5.10 Quick Guide. Find this by clicking on the Help button, which also brings up a directory of KDE documentation and Unix man pages. Be sure to take the time to review this, as it's a gold mine of useful how-tos.

The excellent Ubuntu user forums, online documentation, and mail lists are also good places to get answers. Just remember to search the archives first, and always be polite. Don't be shy about posting solutions to problems that you figured out on your own; that's what makes forums and mail lists useful.

Finally, every package installs with readmes and HTML documentation that the Help index may not have picked up. Find these by listing all the files in a package:

$ dpkg -L packagename | less

What if you're not sure of the package name? Either of these commands will help. For example, suppose you're not sure of the name for the KDE front end to cron:

$ dpkg -l | grep -i cron
ii anacron    2.3-11ubuntu2    a cron-like program that doesn't go by time
ii cron     3.0pl1-87ubuntu2   management of regular background processing
ii kcron    3.5.0-0ubuntu0breezy2    the KDE crontab edit

$ apt-cache search cron
[boatloads of output]
kcron - the KDE crontab editor

Aha, it's Kcron! dpkg tells you the status of installed packages, and apt-cache search shows you all possible installation candidates.

Getting More Software

Ubuntu has several software package repositories: Main, Restricted, Universe, and Multiverse. The first two are officially supported and are available by default. Universe contains free and open source software that is not officially supported. Multiverse contains nonfree/open source software. Kubuntu follows the Debian model of placing non-FOSS packages in a separate repository, so that users can easily choose what they want to use.

Enabling the Universe package repository (and Multiverse as well, if you like) is simple. There are two ways to do this: use System -> Package Manager (Adept), or edit /etc/apt/sources.list directly.

In Adept, go to Adept -> Manage Repositories and right-click on deb http://us.archive.ubuntu.com/ubuntu breezy universe main restricted universe, and then left-click on Enable. Scroll down and do the same for deb http://security.ubuntu.com/ubuntu breezy-security universe. (Do the same for the Multiverse lines if you like.) Click on the Apply button at the bottom, and then on Fetch Updates at the top to download the latest package lists.

In /etc/apt/sources.list, uncomment the lines you want, and then save and close the file. Then run the command:

$ sudo apt-get update

Now you have access to a much wider range of packages.

If you're an experienced old iptables guru, you should know that Debian has changed its default iptables installation, which also affects Kubuntu. No longer is there an /etc/init.d/iptables script, which is the standard iptables control script on most Linuxes. Instead, Debian leaves it up to users to write their iptables scripts and use ifupdown to control them. This means adding directives to the network interface configuration file, /etc/network/interfaces, or placing iptables scripts in the /etc/network/if-*.d files. What that does is bring iptables up and down with your network interfaces. This may be a better way of managing iptables, but I am not sure yet. It's complex, and I like the two to remain separated. If you want to try the new way, see /usr/share/doc/iptables/README.Debian.gz.

Setting Up a Firewall

There is no option during installation to configure a firewall, and Kubuntu includes no graphical firewall configurators. Kubuntu installs with no open ports, so strictly speaking it doesn't need one. A running service, like a web or mail server, creates an open port. No open ports means nothing to attack. While this viewpoint is valid, I think it's a bit shortsighted, because hardly any installation remains unmodified. Also, no matter how careful you are with application-level security and strong passwords and such, layered defenses are good and protect you from your own mistakes. About the only reasons not to set up a firewall are if your PC was not connected to any other networks, or you had an external firewall.

Iptables comes with all Linuxes and is the basic tool for building a firewall. However, building an iptables firewall from scratch requires a significant learning curve. Fortunately, plenty of nice utilities can ease the creation of personal firewalls, such as Guarddog, Firestarter, fwbuilder, KMyFirewall, and Lokkit. Lokkit is probably the simplest to use. KMyFirewall is almost as easy, and it creates clean, understandable iptables scripts--so it's my choice here.

Update your package lists, then install it:

$ sudo apt-get update
$ sudo apt-get install kmyfirewall

KMyFirewall requires root privileges, so press Alt-F2 to bring up the Run Command dialog, and type kdesu kmyfirewall. kdesu brings up the password dialog box, which you can use to start any graphical application that needs root privileges. Enter your own password, not the root password.

In KMyFirewall, go to File -> New and start the wizard. KMyFirewall tries to be educational and includes a lot of good information. To create a firewall for an internet-connected computer running no services, click on Next five times; on the last window check All Done, and then click on Finish. You can preview the new firewall script in this window. It also lists all the files created, so you can copy this list and take a look at it as a study tool. While KMyFirewall requires KDE to run, it creates firewall scripts that you can use on any Linux.

When you're back in the main KMyFirewall menu, save your new rule set with File -> Save As. You can now surf the Web, do email, SSH to remote hosts, use IRC, anything you want. However, the firewall now blocks connection attempts that originate from outside your PC, except for ICMP echo_request. This allows network services to ping your PC to make sure it's up. Some folks like to block all pings, but that isn't a good idea because so many network services depend on it. KMyFirewall also limits the number and frequency of ICMP echo_requests, to help prevent denial-of-service attacks.

What if you want to be able to SSH into your PC, or run other public services like DNS, mail, or a web server? No problem. Just check the appropriate boxes in the wizard.

Linux Cookbook

Related Reading

Linux Cookbook
By Carla Schroder

Pages: 1, 2

Next Pagearrow




Linux Online Certification

Linux/Unix System Administration Certificate Series
Linux/Unix System Administration Certificate Series — This course series targets both beginning and intermediate Linux/Unix users who want to acquire advanced system administration skills, and to back those skills up with a Certificate from the University of Illinois Office of Continuing Education.

Enroll today!


Linux Resources
  • Linux Online
  • The Linux FAQ
  • linux.java.net
  • Linux Kernel Archives
  • Kernel Traffic
  • DistroWatch.com


  • Sponsored by: