Securing services on mini PC running Ubuntu

Solution 1:

Encryption is something different to securing. Encryption only prevents someone from accessing your data in case of theft. Tampering is done on a -running- system and at that moment the system is unlocked.

To make Ubuntu(/your system) secure:

  • update your system as soon as possible and always apply security updates. Join a security mailing group so you get instant updates about vulnerabilities. I get reports on CVE's, 99% are not interesting but that 1 time it did it was good to know (the OpenSSL bug).
  • use decent passwords for admin and enforce a decent password for other users. And change the admin password.
  • do not install 3rd party software unless you can somewhat accept the creator/maintainer. Stick to the base as much as possible.
  • remove all software you do not use. If it is a server: no desktop; use command line.
  • make backups, write emergency plans, and practice them

obfuscate the application code

That never works. You should consider anyone that should not have access but is getting access to your system to be smart enough to look through that.

1 thing we are currently migraiting to is splitting servers: our software, database and jasperserver are each on their own instance. The last 2 have NO connection to the internet and can only speak with the server that holds the software.

Solution 2:

You seem to be re-inventing the appliance.

  • An appliance is a bundled OS + Software package, sometimes with hardware too. When installed, the user has no login or access to the OS; configuration and activity occurs only on the user-facing software interface, GUI, or API.
  • Examples at https://ubuntu.com/appliance

In Ubuntu, an appliance is most easily created using Ubuntu Core with your own custom Snap on top. Ubuntu Core and Snaps are designed for this kind of use.

Ubuntu Server is NOT designed for the use case you describe.