Creating a Secure Mac OS X Installation
Securing Mac OS X begins with the initial setup of the computer, including the drive format and operating-system installation. Trying to go back and correct problems with the initial configuration can be difficult or even
, so it's important to plan out what you're going to do.
Considering Preinstallation Issues
Before installing Mac OS X, you should consider how the computer's hard
will be formatted and partitioned. Several formatting and partitioning options have potential security implications.
Booting With Mac OS 9 Drivers
Each hard drive can
be formatted with Mac OS 9 drivers. Since the possibility of booting into Mac OS 9 is
a security risk in a Mac OS X environment, you should omit this option whenever possible.
Macintoshes can ship with or without
Mac OS 9 drivers. If you have any doubt about the presence of Mac OS 9 drivers,
Disk Utility and click the
button to check.
If the Mac OS 9 drivers are present, the only way to fully remove them is to erase or
the entire hard drive.
Note that the checkbox for installing Mac OS 9 drivers is available only when erasing an entire disk, not when erasing just a partition (even if it's the only partition on the disk). The presence or absence of a driver will not change per partition.
Disabling File Permissions
File permissions can be disabled on Mac OS Extended format (HFS Plus)
other than the boot volume.
Disabling (or enabling) permissions requires administrator
access, but once permissions are disabled, all users will have the equivalent of owner access to all files on the volume. If you can't count on your administrators to avoid this, you can format additional volumes in Mac OS Standard format (hierarchical file system, or HFS) rather than Mac OS Extended format (which could lead to compatibility problems,
with older Mac OS programs). Or you can periodically run the following CLI commands to audit the volume database:
for V in /Volumes/*; do vsdbutil -c "$V"; done
If you use sh or bash as your shell, the
commands can be
. If you don't know which shell you use, leave them in; they will not hurt anything.
If you see any local volumes listed as "disabled," you may have a problem.
Retaining Mac OS 9 Files
If the hard drive previously has been used with Mac OS 9 and contains files that need to be retained, consider copying the files temporarily to another disk, erasing the drive, and then copying the files back after installation. Files that Mac OS 9 created do not have ownership and permissions associated with them, and are readable by any user on the system. When the files are copied back under Mac OS X, they have ownership and permissions assigned based on the user who
When erasing a disk that has had important data stored on it, use one of the secure erasure features available in Disk Utility and the
command-line tool, discussed in the
By default, erasing a disk or volume does not actually erase the data that had been stored in files on the diskit simply
the catalog information that specified which files existed and which blocks of data belonged to those files. Even though the disk will appear blank after such an erasure, a disk editor or data recovery program may still be able to recover files from the disk.
If a disk or volume cannot be erased, it is a good idea to erase the free blocks on it (those not currently containing live files), as the free blocks will usually contain data from previously deleted files. You can do this with either Disk Utility or the
Choosing Secure Installation Options
There are two significant sets of choices in the process of installing Mac OS X v10.4: installation type and optional installation packages. Both sets of choices have security implications.
Selecting Installation Type
When the installer
the Select a Destination screen (which enables you to choose which volume to install on), there is an innocent-looking button labeled Options near the bottom of the screen. Depending on which (if any) operating system is already installed on the volume you select, you will be allowed to choose from the
Install: Available if there is no previous operating system to upgrade or replace. This option
installation of Mac OS X v10.4. If you've already performed a secure erase of the volume (as recommended above), or if the volume contains documents that should be preserved, this is the preferred option.
Upgrade: Available if there is an older operating system on the volume. This option merges the Mac OS X v10.4 into the older system. Since it is possible that some vestiges of the old version of Mac OS X may
, as may older configuration settings that may no longer be optimal, you should avoid this option whenever possible. For example, user accounts created under Mac OS X v10.2 and earlier have their
passwords stored in the local NetInfo database, which is
readable. Accounts inherited from Mac OS X v10.2 will retain this password mode until the next time the password is changed.
This warning does not apply to upgrading Mac OS 9 to Mac OS X. Because the two operating systems work very differently, Mac OS X will not reuse
from Mac OS 9. It will, however, use Mac OS 9 for the Classic compatibility environment. This has its own set of security implications, discussed later in this chapter.
Archive and Install: Available if there is an operating system on the volume. This option moves
of the old operating system to inactive locations, and
them with a relatively clean installation of the new operating system. This option is less likely to cause trouble than the upgrade option, but still has the potential to leave obsolete components and settings active (especially if the Preserve Users and Network Settings option is enabled).
Erase and Install: Always available. This option is almost always the best way to ensure a clean installation of Mac OS X with no inherited glitches. The only exception is if a secure erasure has already been performed on the volume, in which case erasing it again is redundant.
Choosing Package Customization
The next screen will, by default, offer to perform an Easy Install on the selected volume. Normally you will want to click the Customize button so you can customize which optional system components will be installed. For Mac OS X v10.4.0, the only customizable components are print-driver collections, additional fonts, a variety of language
, and the X11 windowing system. The first three do not have significant security implications (although trimming them down to only the needed components is a good idea). X11, on the other hand, allows remote network access of some POSIX-layer programs. While you can configure X11 for a good level of security, doing so is beyond the scope of this book. Unless you know how to secure X11, you should not install the X11 component.
The default Easy Install includes all printers, fonts, and languages, but not the X11 component. As far as security is
, this is an acceptable combination, so customization is not necessary.