Chapter 7: Auditing Unix and Linux Operating Systems


Unix dates back to 1969, when it was developed by employees at AT&T for the purpose of providing a multiuser environment for running programs. Strong security was not one of the goals of its development.

In the late 1970s, students at Berkeley made extensive modifications to the AT&T Unix system, resulting in the Berkeley Software Distribution (BSD) Unix variant. This variant became very popular in academic circles. Around the same time, AT&T began a push to develop its Unix operating system into a legitimate commercial product, called AT&T System V (or often just System V).

During the 1980s, as commercial interest in the Unix operating system grew, companies faced the dilemma of deciding which of the two versions of Unix to adopt. Sun's SunOS and Digital Equipment Corporation's Ultrix were based on the Berkeley operating system. Other companies that tried to develop Unix, including Hewlett-Packard (HP), IBM, and Silicon Graphics, used System V as their standard. Microsoft developed a third version of Unix, called Xenix, and licensed it to Santa Cruz Operations (SCO). Xenix was based on a prior version of the AT&T Unix operating system.

All these versions of Unix obviously resulted in confusion in the industry and frustration for vendors who were attempting to develop software for use on Unix-based platforms. This resulted in the merging of some versions, beginning with Xenix and AT&T's System V in 1988. Next was a merger of AT&T and Sun's versions, called System V Release 4 (SVR4), which was to be compatible with programs written for either System V or BSD. Sun later named its proprietary version of this operating system Solaris. Not to be left out, a number of the other companies, such as IBM and HP, formed an organization called the Open Software Foundation (OSF), with the purpose of placing control of Unix in the hands of a not-for-profit group. The OSF operating system (OSF/1) was never adopted widely, and the individual companies continued to develop and use their own proprietary Unix variants, such as IBM's AIX, HP's HP-UX, SCO Unix, and IRIX.

Linux, a "Unix-like" operating system, came on the scene with a Usenet posting in 1991 by its author, Linus Torvalds. Strictly speaking, Linux is a kernel and not an operating system because what Torvalds developed was the piece that allows other programs to run. Most of these other programs that allow the system to be truly usable came from the GNU project. Hence many people prefer to refer to Linux as GNU/Linux when speaking of it as an entire operating system, but since this subject is a bit of a religious war, we won't go any further. From these humble, hobbyist beginnings in 1991, Linux grew to a 1.0 release in 1994 and then to the current stable branch (2.6) released in December 2003. Even before the 1.0 release, a number of Linux "distributions" were developed, combining the Linux kernel with applications and system utilities. Some examples of today's popular distributions are RedHat, Debian, Suse, and Gentoo. While many aspects of all Linux distributions will be identical or very similar, there will be some differences as well, such as package management and the init system. Support models differ as well, and when you pay for a Linux distribution, you're typically paying for the support because the software itself is free. This free software, combined with the ability to run on generic hardware, has made Linux a compelling choice for both business and personal computing needs.


As can be seen from this history, there are many variations on the Unix and Linux operating systems. Although the information and concepts in this chapter are generic and applicable to all versions, it would take more space than is feasible to note the nuances for each *nix version. This chapter therefore focuses on Solaris (Unix) and RedHat (Linux), where version-specific commands and examples are required.

IT Auditing. Using Controls to Protect Information Assets
It Auditing: Using Controls to Protect Information Assets [IT AUDITING -OS N/D]
Year: 2004
Pages: 159 © 2008-2017.
If you may any questions please contact us: