Technical Blog

July 16, 2019

Install Ubuntu 18.04

Here is how to install Ubuntu 18.04 on a computer that was previously running Windows. This process will completely overwrite your Windows operating system and all your files. You will need a USB memory stick of at least 4 GB. You will also a tool such as balena Etcher to create a bootable USB stick.

Once you are ready to begin, download the ISO file for the most recent Long Term Support (LTS) version of Ubuntu Desktop from the Ubuntu website. Use your tool to burn the ISO file to the USB memory stick.

Once you have the bootable USB stick, insert it into your computer. Power on the computer. You may need to enter the machine's BIOS (UEFI) on start-up to get it to boot from a USB stick. This often requires that, during the computer's power-on self-test (POST), you tap a key such as DEL, F2, F12, or some other key. The key to tap depends on your computer manufacturer and model.

The Ubuntu installer then launches.

1. The first screen offer the choice between trying Ubuntu and installing Ubuntu. You can change the installer language in the left pane. When you have made your choice, click Install Ubuntu.
2. Next, choose your keyboard layout, and click Continue.
3. On the screen for updates and other software, we want the host to be as minimal as possible. Select Minimal Installation. Uncheck Download updates while installing Ubuntu. Check the option to install third party or proprietary graphics and wifi software. Click Continue.
4. The installation type will normally be the one that erases the disk and installs Ubuntu. This process will completely overwrite your Windows operating system and all your files. If you want full disk encryption, check the box to encrypt the new Ubuntu installation for security. Click Install Now.
5. If you chose to encrypt the new Ubuntu installation, the next screen will ask you to choose a security key for disk encryption. You will need to enter this security key, as well as your normal login password, every time you start Ubuntu. Click Install Now.
6. When you are asked if you want to write these changes to disk, this is your last chance to remember that your entire Windows system and files will be erase. Assuming you understand this, click Continue.
7. The Where are you screen asks you to pick a timezone from a world map. When you have done so, click Continue.
8. The next screen asks you for your name, your computer name, your username, and your password. When you have filled in these fields, click Continue.
9. The installation now begins. This can take an hour or more, depending on your computer.
10. At the end of the installation, you are prompted to click the button Restart Now.

Remove the bootable USB stick, then reboot your computer. You may need to manually force a reboot of computer. This is often done by holding down the power button for 5 seconds.

The Ubuntu machine now boots for the first time.

Once the reboot is done, you are prompted to click on your username and enter the password you chose during installation.

There are some initial What's new in Ubuntu screens to click through the first time you use a new system. When asked if you want to send information to Canonical, select No, and press Next. At the end of the what's new screens, click Done.

Open Ubuntu settings, and go to the Privacy tab.

• Turn off Usage & History.
• Turn on Purge Trash & Temporary Files, and set both to automatically purge after 1 hour.
• Turn off Connectivity Checking unless you want to connect to a network that requires periodic keep-alive packets.

Open the applications menu and search for Software & Updates.

1. Select the Updates tab.
2. Change Automatically check for Updates to Never.
3. You will need to enter your password and click Authenticate.
4. Click Close.

Now open the terminal emulator (Ctrl+Alt+t) and completely update the system by issuing these commands:

sudo apt update

sudo apt upgrade

sudo apt dist-upgrade

sudo apt autoremove

Set up the firewall with the commands that follow. All unsolicited input will be blocked.

sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

sudo iptables -A INPUT -i lo -j ACCEPT

sudo iptables -P INPUT DROP

If your network is IPv6 enabled, do the same thing for your IPv6 firewall:

sudo ip6tables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

sudo ip6tables -A INPUT -i lo -j ACCEPT

sudo ip6tables -P INPUT DROP

Persist these changes after reboots:

sudo apt install iptables-persistent

Close the terminal emulator window.

We will now harden the security options on Firefox. Open Firefox, click the Firefox hamburger menu, and select Preferences.

• On the Home page:
  • Set both the home page and the new tabs page to blank.
  • Uncheck all the home page content options.
• On the Search page:
  • Uncheck search suggestions.
• On the Privacy & Security page:
  • Check the option to delete cookies and site data when Firefox closes.
  • Uncheck the option to save logins and passwords for websites.
  • Set the History option to never remember history. This causes Firefox to restart.
  • Once you have reopened Firefox, go back to where you were, and uncheck all the Address Bar suggestions.
  • Uncheck the options for Firefox Data Collection and Use.
  • Uncheck the options for Deceptive Content and Dangerous Software Protection, since this may send out data on the Internet.

To disable WebRTC:

1. Enter about:config in the address bar, and press Enter.
2. Click the button I accept the risk.
3. Type media.peerconnection.enabled in the search bar, and press Enter.
4. Double-click the row for media.peerconnection.enabled. The value changes from true to false.
5. WebRTC is now disabled in Firefox.

You can add further privacy and security extensions to Firefox from the Add-ons menu. Some useful ones to add are:

• NoScript
• uBlock Origin