Creating a Secure Mac OS X Installation

Securing Mac OS X begins with the initial setup of the computer, including the drive format and operating-system installation. Trying to go back and correct problems with the initial configuration can be difficult or even impossible, so it's important to plan out what you're going to do.

Considering Preinstallation Issues

Before installing Mac OS X, you should consider how the computer's hard drives will be formatted and partitioned. Several formatting and partitioning options have potential security implications.

Booting With Mac OS 9 Drivers

Each hard drive can optionally be formatted with Mac OS 9 drivers. Since the possibility of booting into Mac OS 9 is generally a security risk in a Mac OS X environment, you should omit this option whenever possible.

Macintoshes can ship with or without preinstalled Mac OS 9 drivers. If you have any doubt about the presence of Mac OS 9 drivers, open Disk Utility and click the Info button to check.

If the Mac OS 9 drivers are present, the only way to fully remove them is to erase or repartition the entire hard drive.

Note that the checkbox for installing Mac OS 9 drivers is available only when erasing an entire disk, not when erasing just a partition (even if it's the only partition on the disk). The presence or absence of a driver will not change per partition.

Disabling File Permissions

File permissions can be disabled on Mac OS Extended format (HFS Plus) volumes other than the boot volume.

Disabling (or enabling) permissions requires administrator user access, but once permissions are disabled, all users will have the equivalent of owner access to all files on the volume. If you can't count on your administrators to avoid this, you can format additional volumes in Mac OS Standard format (hierarchical file system, or HFS) rather than Mac OS Extended format (which could lead to compatibility problems, especially with older Mac OS programs). Or you can periodically run the following CLI commands to audit the volume database:

sh for V in /Volumes/*; do vsdbutil -c "$V"; done exit

Note

If you use sh or bash as your shell, the sh and exit commands can be skipped. If you don't know which shell you use, leave them in; they will not hurt anything.

If you see any local volumes listed as "disabled," you may have a problem.

Retaining Mac OS 9 Files

If the hard drive previously has been used with Mac OS 9 and contains files that need to be retained, consider copying the files temporarily to another disk, erasing the drive, and then copying the files back after installation. Files that Mac OS 9 created do not have ownership and permissions associated with them, and are readable by any user on the system. When the files are copied back under Mac OS X, they have ownership and permissions assigned based on the user who copied them.

Erasing Disks

When erasing a disk that has had important data stored on it, use one of the secure erasure features available in Disk Utility and the diskutil command-line tool, discussed in the next section.

By default, erasing a disk or volume does not actually erase the data that had been stored in files on the diskit simply removes the catalog information that specified which files existed and which blocks of data belonged to those files. Even though the disk will appear blank after such an erasure, a disk editor or data recovery program may still be able to recover files from the disk.

If a disk or volume cannot be erased, it is a good idea to erase the free blocks on it (those not currently containing live files), as the free blocks will usually contain data from previously deleted files. You can do this with either Disk Utility or the diskutil command-line tool.

Choosing Secure Installation Options

There are two significant sets of choices in the process of installing Mac OS X v10.4: installation type and optional installation packages. Both sets of choices have security implications.

Selecting Installation Type

When the installer reaches the Select a Destination screen (which enables you to choose which volume to install on), there is an innocent-looking button labeled Options near the bottom of the screen. Depending on which (if any) operating system is already installed on the volume you select, you will be allowed to choose from the applicable installation types:

• Install: Available if there is no previous operating system to upgrade or replace. This option performs a from-scratch installation of Mac OS X v10.4. If you've already performed a secure erase of the volume (as recommended above), or if the volume contains documents that should be preserved, this is the preferred option.

• Upgrade: Available if there is an older operating system on the volume. This option merges the Mac OS X v10.4 into the older system. Since it is possible that some vestiges of the old version of Mac OS X may remain, as may older configuration settings that may no longer be optimal, you should avoid this option whenever possible. For example, user accounts created under Mac OS X v10.2 and earlier have their hashed passwords stored in the local NetInfo database, which is publicly readable. Accounts inherited from Mac OS X v10.2 will retain this password mode until the next time the password is changed.

  Note

  This warning does not apply to upgrading Mac OS 9 to Mac OS X. Because the two operating systems work very differently, Mac OS X will not reuse components from Mac OS 9. It will, however, use Mac OS 9 for the Classic compatibility environment. This has its own set of security implications, discussed later in this chapter.

  
  

• Archive and Install: Available if there is an operating system on the volume. This option moves parts of the old operating system to inactive locations, and replaces them with a relatively clean installation of the new operating system. This option is less likely to cause trouble than the upgrade option, but still has the potential to leave obsolete components and settings active (especially if the Preserve Users and Network Settings option is enabled).

• Erase and Install: Always available. This option is almost always the best way to ensure a clean installation of Mac OS X with no inherited glitches. The only exception is if a secure erasure has already been performed on the volume, in which case erasing it again is redundant.

Choosing Package Customization

The next screen will, by default, offer to perform an Easy Install on the selected volume. Normally you will want to click the Customize button so you can customize which optional system components will be installed. For Mac OS X v10.4.0, the only customizable components are print-driver collections, additional fonts, a variety of language localizations, and the X11 windowing system. The first three do not have significant security implications (although trimming them down to only the needed components is a good idea). X11, on the other hand, allows remote network access of some POSIX-layer programs. While you can configure X11 for a good level of security, doing so is beyond the scope of this book. Unless you know how to secure X11, you should not install the X11 component.

Note

The default Easy Install includes all printers, fonts, and languages, but not the X11 component. As far as security is concerned, this is an acceptable combination, so customization is not necessary.