# Install additionnal AA profiles apt-get install --no-install-recommends apparmor-profiles # Set some profiles in enforce mode for p in bin.ping usr.sbin.avahi-daemon usr.sbin.dnsmasq; do sed -i 's/ flags=(complain)//' /etc/apparmor.d/$p done
Firefox setup
# Enhance privacy by disabling Flash/Macromedia cookie storage
cat << EOF >> /etc/apparmor.d/local/usr.bin.firefox
# Prevent Flash/Macromedia cookie storage
deny @{HOME}/.adobe/** rw,
deny @{HOME}/.macromedia/** rw,
EOF
# Enable Firefox AA profile
rm /etc/apparmor.d/disable/usr.bin.firefox
apparmor_parser -a -T -W /etc/apparmor.d/usr.bin.firefox
# Install Adblock Plus and add the anti-malware subscription
http://adblockplus.org/en/subscriptions
http://www.malwaredomains.com/
# Minimal comfort apt-get install -V --no-install-recommends vim-nox terminator thunderbird enigmail xul-ext-lightning pidgin # Create an empty directory that thunderbird requires and the can't create itself mkdir /usr/lib/mozilla/extensions/ # Enable thunderbird AA profile apparmor_parser -a -T -W /etc/apparmor.d/usr.lib.thunderbird.thunderbird-bin # Enable pidgin AA profile apparmor_parser -a -T -W /etc/apparmor.d/usr.bin.pidgin # Install the KVM virtualization layer and it's management frontend apt-get install --no-install-recommends qemu-kvm libvirt-bin virt-manager adduser $SUDO_USER libvirtd # or sudo adduser $USER libvirtd # Disable local virtual network as it relies on NAT (bad) virsh net-autostart default --disable virsh net-destroy default # Networking apt-get install --no-install-recommends vlan bridge-utils # Multimedia apt-get install --no-install-recommends vlc vlc-plugin-pulse gstreamer0.10-ffmpeg gstreamer0.10-fluendo-mp3 # Misc apt-get install --no-install-recommends cifs-utils sshfs powertop pwgen debootstrap schroot nmap tftp-hpa
apt-get install --no-install-recommends devscripts dput patchutils bzr git # Now that we have all the required VCS, ensure that important files are tracked apt-get install --no-install-recommends etckeeper cd /etc etckeeper uninit # use git instead of bzr sed -i -e 's/^VCS="\(.*\)"/VCS="git"/' /etc/etckeeper/etckeeper.conf etckeeper init etckeeper commit "Initial /etc commit using git as the VCS for etckeeper"
This is covered in OpenVPN on Ubuntu
# Keep upstart jobs just in case mkdir /etc/init.disabled # Only one tty is used for s in $(seq 2 6); do stop tty$s mv /etc/init/tty$s.conf /etc/init.disabled/ done # I don't like noisy packages :) stop avahi-daemon mv /etc/init/avahi-daemon.conf /etc/init.disabled/ # I don't have a printer (it might not be the case for everyone) stop cups mv /etc/init/cups.conf /etc/init.disabled/ # I don't use weird binary formats stop binfmt-support mv /etc/init/binfmt-support.conf /etc/init.disabled/ # Who uses atd these days ? stop atd mv /etc/init/atd.conf /etc/init.disabled/
# I don't user social media or mono appliacaions apt-get purge gbrainy gwibber-service-identica gwibber-service-twitter gwibber-service-facebook tomboy banshee # I don't use the Ubuntu One cloud service apt-get purge ubuntuone-control-panel-gtk python-ubuntuone-client ubuntuone-client ubuntuone-couch ubuntuone-installer python-ubuntuone-storageprotocol ubuntuone-control-panel libsyncdaemon-1.0-1 libubuntuone1.0-cil libubuntuone-1.0-1 python-ubuntuone-control-panel ubuntuone-client-gnome # I don't have bluetooth support apt-get purge bluez # I use Thunderbird exclusively and don't like having useless daemon running all the time apt-get purge evolution-data-server # # Free some space apt-get purge linux-generic linux-headers-generic linux-headers-3.0.0-12 linux-headers-3.0.0-12-generic example-content