Unix security: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 10:48, 13 April 2024 edit MüllerMarcus (talk \| contribs) 368 edits m →Service details: loose collection of really at most marginally related topics – every service giving access to ''anything'' is relevant to security, so why mention e.g. SMTP. ← Previous edit		Latest revision as of 13:11, 2 February 2025 edit undo IXNL-UUCP (talk \| contribs) Extended confirmed users 512 edits Spam - Undid revision 1273468989 by 73.180.167.130 (talk) Tag: Undo
(13 intermediate revisions by 9 users not shown)
Line 1: {{Multiple issues\| ~~{{refimprove\|date=September 2014}}~~ {{One source\|date=April 2024}} {{More footnotes needed\|date=April 2024}} }} '''Unix security''' refers to the means of [[Computer security\|securing]] a [[Unix]] or [[Unix-like]] [[operating system]]. Line 5 ⟶ 8: ===Permissions=== {{Main\|File system permissions}} A core security feature in these systems is the [[file system permissions]]. All files in a typical [[Unix filesystem]] have permissions set enabling different access to a file. [[Unix permissions]] permit different users access to a file with different privilege (e.g., reading, writing, execution). Like users, different ''user groups'' have different permissions on a file. ~~[[Unix permissions]] permit different users access to a file. Different ''user groups'' have different permissions on a file.~~ ===User groups=== Line 27 ⟶ 29: ===Patching=== Operating systems, like all software, may contain bugs in need of fixing or may be enhanced with the addition of new features; many UNIX systems come with a package manager for this. Patching the operating system in a secure manner requires that the software come from a trustworthy source and not have been altered since it was packaged. Common methods for verifying that operating system patches have not been altered include the use of the [[digital signature]] of a [[cryptographic hash]], such as a [[SHA-2\|SHA-256]] based checksum, or the use of read-only media.{{Citation needed\|date=April 2024}} ==Viruses and virus scanners== Unix-like operating systems are immune to most Microsoft Windows viruses because binaries created to run on Windows generally won't run on other platforms. However, many Unix like installations provide file storage services to Microsoft Windows clients, such as through the use of [[Samba software]], and may unintentionally become a repository for viruses stored by users. It is common for Unix servers to act as [[mail transfer agent]]s and as a consequence email virus scanning is often installed. The [[ClamAV]] virus scanner is available in source code form and may be used to scan Unix file systems for viruses which infect other operating systems. There are viruses and worms that target Unix-like operating systems. In fact, the first computer worm—the [[Morris worm]]—targeted Unix systems. There are [[Antivirus software\|virus scanners]] for UNIX-like systems, from [[Comparison_of_antivirus_software\|multiple vendors]]. ==Firewalls==<!-- This section is linked from [[Unix security]] --> Line 38 ⟶ 40: ===iptables=== ~~{{Overly detailed/sandbox\|This section\|date=2024-04-13}}~~ {{Update section\|date=January 2014\|reason=Iptables is no longer the "current interface"\|inaccurate=yes}} [[iptables]] is the current user interface for interacting with [[Linux]] kernel [[netfilter]] functionality. It replaced [[ipchains]]. Other [[Unix]] like operating systems may provide their own native functionality and other [[open source]] firewall products exist. ~~==Advanced==~~ [[rootkit]]s, kernel modules, chkrootkit exploit details, [[buffer overflow]]s, local vs remote ==References==