OS Security (Tutorial)

Admin/System accounts are not the same as the root account. The Admin/System accounts can be resricted by the security policy, root cannot be. Admin/System accounts are just powerful in the context of the policy, not outside of it.

Sudo, doesn't keep the power down in any real way, so long as the account exists, it will be a problem.

Very few systems are based on UN*X actually, Windows is not, nor is MacOS, (any version, OS X is more based on MACH, but for publicity it sounds better to say BSD, though the BSD influences are more slight) nor is MVS, or any TOS (even Trusted Solaris, Trusted IRIX, and HP-VV are just just made to look like UN*X but are not UN*X based), QNX isn't UN*X based either.

OpenBSD is no more secure an OS than Mandrake Linux is. In fact it might even be less secure. This about it for a moment... it uses the same protection model for confidentiality and integrity as Mandrake does. It has the same capabilities (same access control scheme, same lack of non-permission based privileges). The only difference is in assurance, and according to the good people at Stanford Labs, the Linux kernel actually has fewer source bugs than the OpenBSD kernel. So why is OpenBSD more secure? True a given OpenBSD system may be more secure than a given mandrake system, but this fact alone (even in default configuration) in no way makes it a more secure operating system.

I pretty much use Windows 2000 exclusively, I used to have a few more exotic systems, but I didn't want to risk any customs or export issues so those are still back home in California.

catch

"Very few systems are based on UN*X actually, Windows is not, nor is MacOS, (any version, OS X is more based on MACH, but for publicity it sounds better to say BSD, though the BSD influences are more slight) nor is MVS, or any TOS (even Trusted Solaris, Trusted IRIX, and HP-VV are just just made to look like UN*X but are not UN*X based), QNX isn't UN*X based either."

Just curious, but what do you consider a OS ACTUALLY based on UN*X, if none of these qualify.

Quote:

---

Windows is not

---

Do you not consider XENIX an UNIX then?

Cheers,
cgkanchi

Too me, I consider anything POSIX, or with a UNIX style shell, that can handle UNIX based commands to be UNIX like, or maybe UNIX based. Microsoft said in DOS 2.0 they wanted it to be more UNIX like. Catch, you need to come visit sometime. I'll sit you down and give you an accoutnon my SUSE box, well one fo them.

I think you'd like it, regaurdless of security. SUSE is one of the OSs in the World that cares about security.

I've been thinking of setting up a SUSE box, popping it in my DMZ, and letting some of you take a crack at it, literally. Would make a good discussion.

Quote:

---

Too me, I consider anything POSIX, or with a UNIX style shell, that can handle UNIX based commands to be UNIX like, or maybe UNIX based.

---

Not to throw a one-liner in here, but UNIX-like and UNIX-based have completely different meanings. Something written to look like UNIX obviously doesn't mean it was based on UNIX architecture.

Hrmm.. I am curious as to what Catch considers a "true unix". I suppose the AT&T Unix would be it but aren't OSes like BSD (Free, Open, BSD itself), Solaris, HP, etc. evolutions of true Unix???

Quote:

---

Originally posted here by gore
every OS in existence right now was based on UNIX. In one way or another anyway

---

Hum. Z/OS), Z/VSE, Z/VM arent based on Unix. In fact, for those O.S., Unix is a child. OS/400. OS/2 is not unix based either. Just staying on IBM platform.

IMHO any system that was based on ATT Unix is a "unix like". Even those that was rewritten from scratch, but had used most routines of the "original one", like kernel model, thread model basic config, etc...

However, have a "unix Interface" doesnt means that its a unix flavor. just means "hey, i can use ls and cp here".

I said in one way or another, because all OSs have borrowed from UNIX. Linux is UNIX like, and I know there is a difference, because Linux wasn't a "version of UNIX" although now, is there really a true UNIX still in use? UNIX could pretty much just be called a standard for UNIX like OSs, as said on the Open Group's page, as they make things like that. UNIX 98 for example.

I'm trying to think of the words to actually say this correct, but anyway, Linux isn't something so you can use "ls". Linux doesn't allow you to do that, the Bash shell does. And so do a lot of other shells. If you say Linux isn't UNIX, you might as well say Windows NT isn't Windows because it wasn't based on Windows 95. Linux and BSD are OSs that are UNIX like, and in the case of BSD, it is considered to be UNIX.

Windows 95 and Windows NT and Windows XP are all a version of something that everyone calls "Windows" but the code base for 95, 98, ME, and 3.11 are not the same, or based on anything from the NT line. So why say Linux isn't UNIX? The inspiration for Linux was there because Linus wanted something like SunOS to use on his computer and Minix wasn't cutting it.

UNIX has like 500 different versions, and every company has made their own version.

OS/2 isn't even an OS, it's a bastard child that IBM gave birth too with Microsoft because no one had the balls to hand them a coat hangor.

I doubt anyone in this thread could sit down at a Linux box, a BSD box, and a UNIXWARE box, and be able to actually point out differences if the Kernel names were covered up at log in time. Well, that and not being able to use uname.

Quote:

---

I doubt anyone in this thread could sit down at a Linux box, a BSD box, and a UNIXWARE box, and be able to actually point out differences if the Kernel names were covered up at log in time. Well, that and not being able to use uname.

---

I might be able to ;). The layouts and certain files are vastly different (I see that in Solaris, FreeBSD and Slack). In addition, Unix boxes (or those more closely related to that derivative) tend to view the operator as having a clue (that is, if you type in rm it doesn't ask if you want to remove files, it just does what you tell it to) whereas Linux has been "user-fied" (for lack of a better description).

LOL, in RedHat and Fedora it does that, on my Slackware machines and SUSE boxes though, it doesn't ask unless you tell it too.

I didn't want to sound like no one could tell, just trying to find a way too make my point that just because UNIX code from AT&T isn't in the OS, doesn't mean it's not something like UNIX.

Windows has a command line FTP client, well that was from UNIX, heh, so technically, you could say the same, in one way. OF course I'm just starting **** to keep this somewhat good discussion going. Catch is a buddy of mine so I don't have too worry about him flaming.