Are there processes and methods documented on how to run custom Ubuntu computers (from install to every day usage) for banks and other businesses that do not want users to download binaries from possibly insecure locations?
So that apt-get, update etc happen from only a few trusted internet or intranet locations?
Update : Added this after the first answer. These users are support, novice users of systems and developers of the bank software... so some of them need sudo privileges. Is there a ready way to monitor them so that any exceptions are caught quickly (like adding the sources list) but other actions like installing stuff from known repos goes unreported.
Aim is to be secure, use Ubuntu or a flavour, allow deveopers and other sudo users to be as productive as possible.
(And reduce dependence on Windows and Mac computers)
.2. And the IT folks can dicate policy to users so they can't do some actions like share a folder, even if sudo user? A complete solution?