If you're a sysadmin considering updating your desktop deployments or running non-LTS builds on servers, this guide is for you. In this article, we will explore the latest security features in Ubuntu 22.10 (Kinetic Kudu), including upgrades to OpenSSH 9.0, Sudo 1.9.11, Systemd 251, and Kernel 5.19. While this release may not have many new security features, it includes some significant upgrades that make it worth exploring.
(Ubuntu 22.04 Server security features are reviewed here.)
(Ubuntu 23.04 Server security features are reviewed here.)
One of the most significant changes in Ubuntu 22.10 is the inclusion of the new OpenSSH 9.0 release. This update introduces several security enhancements, including:
Sudo 1.9.11, included in Ubuntu 22.10, has several useful security improvements that help users better control who can use sudo and how authentication behaves. Here are some of the key changes:
Systemd, the heart of modern Linux systems, has a large impact on the overall security of hosts. The new release, systemd 251, includes several changes that make services more secure. Here are some of the key changes:
Kernel 5.19 includes several small but significant security improvements that have landed between the previous kernel 5.15 and Ubuntu 22.10's kernel 5.19 release. Here are some of the key changes:
Ideally, we’d always provision new systems when a new operating system ships. But we don’t live in an ideal world. There always seem to be special snowflake servers, and reprovisioning user workstations impacts productivity. When we can’t provision fresh systems, we can always perform an upgrade using Canonical’s do-release-upgrade command:
# fully update and cleanup our existing 22.04 system
sudo apt-get update
sudo apt-get upgrade
sudo apt-get autoremove
# perform the upgrade
sudo apt-get install update-manager-core
sudo do-release-upgrade
In addition to the security updates that come with Ubuntu 22.10, there are further steps you can take to secure your system. One such step is applying hardening settings and ensuring that all critical packages are updated. You can use the open source cnspec tool from Mondoo and the Mondoo SaaS platform to scan and report on security best practices, package vulnerabilities, and CIS benchmarks. Mondoo is a hosted security platform that automates manual security processes for DevOps and security practitioners, helping users quickly find known vulnerabilities and misconfigurations.
To scan your Ubuntu 22.10 system using Mondoo's cnspec tool, you will first need to install the cnspec package. You can do so by running the following command:
bash -c "$(curl -sSL https://install.mondoo.com/sh/cnspec)"
Once cnspec is installed, you can scan your system for misconfigurations. For instance, you can perform a local scan by running the following command:
cnspec scan
cnspec can scan a range of things, from cloud accounts to Kubernetes clusters, as well as SaaS services such as MS365 or Google Workspace.
When you run a local scan, cnspec will generate a report highlighting the security status of your system. The report includes the list of controls that passed and failed, with their associated scores.
If you authenticate cnspec with the Mondoo Platform, the tool can perform additional checks, such as scanning packages for CVEs, and CIS and BSI compliance policies. Results of the scan will be stored on the Mondoo Platform for analysis.
On the Mondoo platform console, you can view a high-level overview of the scan status of each policy and package vulnerability, as well as EOL data. For instance, you can check if the system is vulnerable to any known security threats, and see which packages need to be updated to ensure the best security practices.
If you're a sysadmin or security engineer, you know how tough it can be to keep up with all the security updates and patches required to protect your company's assets. But with the Mondoo platform, you can automate many of these tasks and stay on top of your security game. Plus, you'll have access to a community of like-minded professionals who can help you troubleshoot and share tips.
Don't waste any more time struggling with manual updates and outdated security protocols. Sign up for a free community account on Mondoo and see how easy security can be!