HOME

TheInfoList



Click Here for Items Related To - Unix security
OR:
Unix security on:   [Wikipedia]   [Google]   [Amazon]

Unix security refers to the means of securing a
Unix Unix (, ; trademarked as UNIX) is a family of multitasking, multi-user computer operating systems that derive from the original AT&T Unix, whose development started in 1969 at the Bell Labs research center by Ken Thompson, Dennis Ritchie, a ...
or
Unix-like A Unix-like (sometimes referred to as UN*X, *nix or *NIX) operating system is one that behaves in a manner similar to a Unix system, although not necessarily conforming to or being certified to any version of the Single UNIX Specification. A Uni ...
operating system An operating system (OS) is system software that manages computer hardware and software resources, and provides common daemon (computing), services for computer programs. Time-sharing operating systems scheduler (computing), schedule tasks for ...
.


Design concepts


Permissions

A core security feature in these systems is the
file system permissions Typically, a file system maintains permission settings for each stored item commonly files and directories that either grant or deny the ability to manipulate file system items. Often the settings allow controlling access based on function s ...
. All files in a typical
Unix filesystem In Unix and operating systems inspired by it, the file system is considered a central component of the operating system. It was also one of the first parts of the system to be designed and implemented by Ken Thompson in the first experimental ...
have permissions set enabling different access to a file. Unix permissions permit different users access to a file with different privilege (e.g., reading, writing, execution). Like users, different ''user groups'' have different permissions on a file.


User groups

Many Unix implementations add an additional layer of security by requiring that a user be a member of the ''
wheel A wheel is a rotating component (typically circular in shape) that is intended to turn on an axle Bearing (mechanical), bearing. The wheel is one of the key components of the wheel and axle which is one of the Simple machine, six simple machin ...
'' user privileges group in order to access the su command.


Root access

Most Unix and Unix-like systems have an account or group which enables a user to exact complete control over the system, often known as a
root In vascular plants, the roots are the plant organ, organs of a plant that are modified to provide anchorage for the plant and take in water and nutrients into the plant body, which allows plants to grow taller and faster. They are most often bel ...
account. If access to this account is gained by an unwanted user, this results in a complete breach of the system. A root account however is necessary for administrative purposes, and for the above security reasons the root account is ''seldom'' used for day to day purposes (the
sudo () is a shell (computing), shell command (computing), command on Unix-like operating systems that enables a user to run a program with the security privileges of another user, by default the superuser. It originally stood for "superuser do", a ...
program is more commonly used), so usage of the root account can be more closely monitored.


User and administrative techniques


Passwords

Selecting strong
passwords A password, sometimes called a passcode, is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be memorized, but the large number of password-protected services ...
and guarding them properly are important for Unix security. On many UNIX systems, user and password information, if stored locally, can be found in the /etc/passwd and /etc/shadow file pair.


Software maintenance


Patching

Operating systems, like all software, may contain bugs in need of fixing or may be enhanced with the addition of new features; many UNIX systems come with a package manager for this. Patching the operating system in a secure manner requires that the software come from a trustworthy source and not have been altered since it was packaged. Common methods for verifying that operating system patches have not been altered include the use of the digital signature of a
cryptographic hash A cryptographic hash function (CHF) is a hash algorithm (a map of an arbitrary binary string to a binary string with a fixed size of n bits) that has special properties desirable for a cryptographic application: * the probability of a particu ...
, such as a
SHA-256 SHA-2 (Secure Hash Algorithm 2) is a set of cryptographic hash functions designed by the United States National Security Agency (NSA) and first published in 2001. They are built using the Merkle–Damgård construction, from a one-way compressi ...
based checksum, or the use of read-only media.


Viruses and virus scanners

There are viruses and worms that target Unix-like operating systems. In fact, the first computer worm—the
Morris worm The Morris worm or Internet worm of November 2, 1988, is one of the oldest computer worms distributed via the Internet, and the first to gain significant mainstream media attention. It resulted in the first felony conviction in the US under the ...
—targeted Unix systems. There are virus scanners for UNIX-like systems, from multiple vendors.


Firewalls

Network firewall In computing, a firewall is a network security system that Network monitoring, monitors and controls incoming and outgoing network traffic based on configurable security rules. A firewall typically establishes a barrier between a trusted network a ...
protects systems and networks from network threats which exist on the opposite side of the firewall. Firewalls can block access to strictly internal services, unwanted users and in some cases filter network traffic by content.


iptables

iptables iptables is a user-space utility program that allows a system administrator to configure the IP packet filter rules of the Linux kernel firewall, implemented as different Netfilter modules. The filters are organized in a set of tables, whi ...
is the current user interface for interacting with
Linux Linux ( ) is a family of open source Unix-like operating systems based on the Linux kernel, an kernel (operating system), operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically package manager, pac ...
kernel netfilter functionality. It replaced
ipchains Linux IP Firewalling Chains, normally called ipchains, is free software to control the packet filter or firewall capabilities in the 2.2 series of Linux kernels. It superseded ipfirewall (managed by ipfwadm command), but was replaced by ipta ...
. Other
Unix Unix (, ; trademarked as UNIX) is a family of multitasking, multi-user computer operating systems that derive from the original AT&T Unix, whose development started in 1969 at the Bell Labs research center by Ken Thompson, Dennis Ritchie, a ...
like operating systems may provide their own native functionality and other
open source Open source is source code that is made freely available for possible modification and redistribution. Products include permission to use and view the source code, design documents, or content of the product. The open source model is a decentrali ...
firewall products exist.


References


General

* ''Practical UNIX and Internet Security,'' Simson Garfinkel and Gene Spafford, O'Reilly & Associates, 2003.


External links


''The Unix Security Model for web server administration''
Robert K. Moniot 2000

Robert B. Reinhardt 1993

{{Unix Operating system security System administration Unix Linux administration Linux security software