Ubuntu – Best Practice for Installing Java on Ubuntu / is it secure

javaSecurity

Much has been said about the security risks associated with Java. However the burp suite (pen test) depends on Java.

Is it secure to install Java? if so, how to properly do it?

My Ubuntu is a web server and I don't need Java for web services – only for burp suite.

Best Answer

Java related security considerations

I think the problem with Java security is first and foremost related to:

  • Outdated insecure versions
  • Java running as applets within your browser makes you vulnerable to exploits coming from remote.

So to mitigate this you should:

  • Install Java from a repository (so you can update with sudo apt-get update && sudo apt-get upgrade later)
  • Don't install the Java-Plugin
  • .. or disable it with NoScript(Firefox) / NotScript(Chrome)

Since you are installing Java on a server and you won't run a browser there, you will only have to deal with the first problem: So update Java regularly (which you should do with any installed software anyway).

How to install Open-Java

First enable the universe repository. If you haven't done it already.

Then you install Java with

sudo apt-get install openjdk-7-jre

This will install Java without the Java-Plugin.

How to install Oracle-Java

To get an automatically update-able Java from Oracle, you can you use the PPA provided from webup8.

sudo add-apt-repository ppa:webupd8team/java
sudo apt-get update
sudo apt-get install oracle-java7-installer

This article has the details about the Oracle-Java PPA. Unfortunately I don't know how to not install the Java-Plugin with this PPA.

Related Question