The Tzintiliztli Workshop Series (Online)
System Setup (Ubuntu)

System Configuration & Security

Complete & Continue Next Lesson Learn More

Optimizing Your System

Now that Ubuntu is installed and your essential software is in place, it’s time to fine-tune your system for both efficiency and security. Ubuntu comes with sensible defaults, but a few thoughtful adjustments can significantly enhance your experience. You can start by exploring GNOME Tweaks, installed via sudo apt install gnome-tweaks, which unlocks advanced customization options for your desktop. Here, you can adjust font scaling for better readability, enable battery percentage displays for laptops, or disable animations for improved performance on older hardware. Privacy-conscious users should visit the Settings > Privacy panel to review application permissions, disabling location services, or automatic file history settings if desired.

Implementing Basic Security Measures

Security begins with fundamental precautions. Ubuntu’s built-in Uncomplicated Firewall (UFW) provides protection with minimal configuration. To enable it, open the terminal and enter sudo ufw enable, then verify its status with sudo ufw status verbos. For additional security, consider installing ClamAV by typing sudo apt install clamav for malware scanning, though remember Linux viruses are rare compared to other platforms. Regular system updates remain your first line of defense. Ubuntu automatically notifies you of security patches, but you can manually check with sudo apt update && sudo apt upgrade weekly.

User Accounts and Authentication

Multi-user systems benefit from proper privilege management. Avoid using the root account directly. Instead, use sudo for administrative tasks. To add new users, navigate to Settings > Users or use the terminal command sudo adduser [username]. For families or shared devices, consider setting up parental controls with Timekpr-next to limit screen time, installed via the sudo spt install timekpr-next command. If you handle sensitive data, enable automatic screen locking in Settings > Privacy > Screen Lock, and consider full-disk encryption, if not enabled during installation, via the Disks utility or the cryptsetup command-line tool.

Automating Backups and Maintenance

A secure system includes reliable backups. Ubuntu’s Deja Dup tool, which is preinstalled, offers simple scheduled backups to external drives or cloud services. Configure it to run weekly via Settings > Privacy > Backups, including important folders like ~/Documents and ~/Pictures. For system-wide snapshots, Timeshift, installed with sudo apt install timeshift, preserves your configuration, allowing easy recovery from software mishaps. Pair these tools with a reminder to test backups periodically as a backup isn’t useful unless you’ve verified its restoration process.

Ongoing Vigilance

Good security is a habit, not a one-time task. Periodically review Software & Updates > Authentication to remove old repository keys, and audit installed applications with sudo apt list --installed to remove unused packages. The preinstalled Password and Keys application helps manage SSH keys and password wallets securely. Finally, explore Ubuntu’s Logs utility to monitor system events. Unusual activity often appears here first.

By implementing these measures, you’ll create an Ubuntu environment that balances usability with robust security. Remember, no system is perfectly invulnerable, but these steps will place you ahead of most casual threats while maintaining Ubuntu’s signature ease of use. In our final lesson, we’ll reflect on your journey and explore resources for continued learning in the Linux ecosystem.

Review Questions

  • What command allows you to install GNOME Tweaks?

  • Where can application permissions, location service settings, and automatic file history settings be found?

  • What does security begin with?

  • What provides protection with minimal configuration? How can it be enabled? How can it be verified?

  • What command may be given for malware scanning?

  • What is Ubuntu's first line of defense? How can this be manually checked?

  • How can one prevent the direct use of the root account? What is the alternative?

  • How are new users added?

  • Are there any ways to enable parental controls?

  • Which settings improve protection of sensitive data? What do they do?

  • A secure system includes what?

  • What does Deja Dup and Timeshift do? How can they be configured?

  • How can old repository keys be removed and installed applications be audited?

  • How can unused packages be removed?

  • What preinstalled application helps manage SSH keys and password wallets securely?

  • Which utility allows for the monitoring of system events?