Linux DevCenter    
 Published on Linux DevCenter (http://www.linuxdevcenter.com/)
 See this if you're having trouble printing code examples


Fine-Tuning Kubuntu

by Carla Schroder
03/09/2006

Kubuntu is the KDE-ized edition of Ubuntu Linux, the current Linux glamour distribution. Ubuntu is an excellent distribution, and I believe its popularity is due largely, in addition to technical and design excellence, to the Ubuntu philosophy. This is a lovely change of pace from the "survival of the loudest" atmosphere of some tech communities.

As nice as Kubuntu is, the default installation doesn't fit every user. This article shows how to get help, get access to more software packages, set up a firewall, and review and get rid of unnecessary services. This article covers Kubuntu 5.10, Breezy Badger.

Adding KDE to Ubuntu

You can download and perform a fresh new Kubuntu installation, or you can add the KDE part to Ubuntu. Ubuntu uses Gnome as its default desktop environment, but like any Linux, you can install whatever you want. If you're running Ubuntu and want to give KDE a try, run these commands to install the Kubuntu desktop:

$ sudo apt-get update
$ sudo apt-get install kubuntu-desktop

This not raw KDE, but the nicely customized Kubuntu KDE desktop.

Getting Help

Kubuntu comes with the good Kubuntu 5.10 Quick Guide. Find this by clicking on the Help button, which also brings up a directory of KDE documentation and Unix man pages. Be sure to take the time to review this, as it's a gold mine of useful how-tos.

The excellent Ubuntu user forums, online documentation, and mail lists are also good places to get answers. Just remember to search the archives first, and always be polite. Don't be shy about posting solutions to problems that you figured out on your own; that's what makes forums and mail lists useful.

Finally, every package installs with readmes and HTML documentation that the Help index may not have picked up. Find these by listing all the files in a package:

$ dpkg -L packagename | less

What if you're not sure of the package name? Either of these commands will help. For example, suppose you're not sure of the name for the KDE front end to cron:

$ dpkg -l | grep -i cron
ii anacron    2.3-11ubuntu2    a cron-like program that doesn't go by time
ii cron     3.0pl1-87ubuntu2   management of regular background processing
ii kcron    3.5.0-0ubuntu0breezy2    the KDE crontab edit

$ apt-cache search cron
[boatloads of output]
kcron - the KDE crontab editor

Aha, it's Kcron! dpkg tells you the status of installed packages, and apt-cache search shows you all possible installation candidates.

Getting More Software

Ubuntu has several software package repositories: Main, Restricted, Universe, and Multiverse. The first two are officially supported and are available by default. Universe contains free and open source software that is not officially supported. Multiverse contains nonfree/open source software. Kubuntu follows the Debian model of placing non-FOSS packages in a separate repository, so that users can easily choose what they want to use.

Enabling the Universe package repository (and Multiverse as well, if you like) is simple. There are two ways to do this: use System -> Package Manager (Adept), or edit /etc/apt/sources.list directly.

In Adept, go to Adept -> Manage Repositories and right-click on deb http://us.archive.ubuntu.com/ubuntu breezy universe main restricted universe, and then left-click on Enable. Scroll down and do the same for deb http://security.ubuntu.com/ubuntu breezy-security universe. (Do the same for the Multiverse lines if you like.) Click on the Apply button at the bottom, and then on Fetch Updates at the top to download the latest package lists.

In /etc/apt/sources.list, uncomment the lines you want, and then save and close the file. Then run the command:

$ sudo apt-get update

Now you have access to a much wider range of packages.

If you're an experienced old iptables guru, you should know that Debian has changed its default iptables installation, which also affects Kubuntu. No longer is there an /etc/init.d/iptables script, which is the standard iptables control script on most Linuxes. Instead, Debian leaves it up to users to write their iptables scripts and use ifupdown to control them. This means adding directives to the network interface configuration file, /etc/network/interfaces, or placing iptables scripts in the /etc/network/if-*.d files. What that does is bring iptables up and down with your network interfaces. This may be a better way of managing iptables, but I am not sure yet. It's complex, and I like the two to remain separated. If you want to try the new way, see /usr/share/doc/iptables/README.Debian.gz.

Setting Up a Firewall

There is no option during installation to configure a firewall, and Kubuntu includes no graphical firewall configurators. Kubuntu installs with no open ports, so strictly speaking it doesn't need one. A running service, like a web or mail server, creates an open port. No open ports means nothing to attack. While this viewpoint is valid, I think it's a bit shortsighted, because hardly any installation remains unmodified. Also, no matter how careful you are with application-level security and strong passwords and such, layered defenses are good and protect you from your own mistakes. About the only reasons not to set up a firewall are if your PC was not connected to any other networks, or you had an external firewall.

Iptables comes with all Linuxes and is the basic tool for building a firewall. However, building an iptables firewall from scratch requires a significant learning curve. Fortunately, plenty of nice utilities can ease the creation of personal firewalls, such as Guarddog, Firestarter, fwbuilder, KMyFirewall, and Lokkit. Lokkit is probably the simplest to use. KMyFirewall is almost as easy, and it creates clean, understandable iptables scripts--so it's my choice here.

Update your package lists, then install it:

$ sudo apt-get update
$ sudo apt-get install kmyfirewall

KMyFirewall requires root privileges, so press Alt-F2 to bring up the Run Command dialog, and type kdesu kmyfirewall. kdesu brings up the password dialog box, which you can use to start any graphical application that needs root privileges. Enter your own password, not the root password.

In KMyFirewall, go to File -> New and start the wizard. KMyFirewall tries to be educational and includes a lot of good information. To create a firewall for an internet-connected computer running no services, click on Next five times; on the last window check All Done, and then click on Finish. You can preview the new firewall script in this window. It also lists all the files created, so you can copy this list and take a look at it as a study tool. While KMyFirewall requires KDE to run, it creates firewall scripts that you can use on any Linux.

When you're back in the main KMyFirewall menu, save your new rule set with File -> Save As. You can now surf the Web, do email, SSH to remote hosts, use IRC, anything you want. However, the firewall now blocks connection attempts that originate from outside your PC, except for ICMP echo_request. This allows network services to ping your PC to make sure it's up. Some folks like to block all pings, but that isn't a good idea because so many network services depend on it. KMyFirewall also limits the number and frequency of ICMP echo_requests, to help prevent denial-of-service attacks.

What if you want to be able to SSH into your PC, or run other public services like DNS, mail, or a web server? No problem. Just check the appropriate boxes in the wizard.

Linux Cookbook

Related Reading

Linux Cookbook
By Carla Schroder

Managing Services

It's a good idea to review system services and turn off anything you don't want. Unnecessary services consume system resources, slow down boot time, and create potential security holes. Open System Settings -> System Administration -> Services. Click on Administrator Mode and enter your password.

What if this doesn't work and it won't go into Administrator mode? This is known bug on some systems. You can get around it by using the old KDE Control Center--Alt-F2, kdesu kcontrol, System Administration -> System Services.

The first item to look at is the Run Level drop-down menu near the top. There are seven runlevels, 0 to 6. These all are different states that the computer can boot into. The Debian default is 2, so that's the one I will review. I'm not going to get deeply into runlevels, but here are a couple of quick tips:

  1. Don't mess with runlevels 0, 1, or 6 until you have attained sufficient knowledge.
  2. Runlevels 2-5 are fair game, but you can still make a big messy hash of things. Save one in its default state, like runlevel 5. Then if you gum up the others to the point of despair, enter runlevel 5 with sudo init 5. This way you'll have a functioning system until you figure out how to make repairs.

Every item that you see in the System Services menu has a corresponding start script in /etc/init.d/. Make sure to enable several services to start at boot:

You could even do away with power management and sound if you wanted to. At a minimum, be sure to start anacron, cron, dbus, kdm, and the logging daemons at boot.

Other services are optional, so start them at boot only if you know you need them:

Wrapping Up

I've covered a lot of ground in a short time, and yet have barely scratched the surface. Drop me a line ( if you want more Ubuntu articles like this, and give me suggestions for topics.

Resources

The Linux Cookbook, by me. Learn how to do all kinds of Linux stuff: manage runlevels; run servers; perform package maintenance, system upgrades, and backup and recovery; share files and printers; and more.

Installing and Configuring Ubuntu on a Laptop

Previewing KDE 4

Use Your Digital Camera with Linux

Installing Debian. Debian is the mother of Kubuntu/Ubuntu/Edubuntu and many other distributions, including Knoppix, Linspire, and Xandros.

Carla Schroder is a self-taught Linux and Windows sysadmin and the author of the Linux Cookbook.


Return to the Linux DevCenter.

Copyright © 2009 O'Reilly Media, Inc.