A brief about OS
Before getting into why is linux more secure than other operating systems, let us have a look into the brief on Operating Systems. Operating System is a software, that manages all hardware resources associated with the computer. Generally, Operating System is comprised of number of pieces such as the Boot loader, the Kernel, Daemons, Desktop environment and applications. Typically, OS is deployed in any system when multi-tasking required to be performed, which is achieved by resource management functionality of the OS as mentioned above.
Along with that, the user also requires interface with the system to interact and invoke various applications. In modern day OS, these interfaces (popularly known as GUI) are expected to provide best-in-class User Experience (UX) to the users, by making it easy to use the system.
Linux is a free, open-source software OS distribution built around Linux Kernel. It was first developed for personal computers based on x86 architecture. From initial days, Linux has grown leaps and bounds which is now supporting every popular architecture that we can think of (ex: ARM). To suite any type of user / customer requirements, Linux has a number of different versions. They are called as “distributions” or “distros” in short. Popular distributions are Ubuntu (Normal user), Suse / Redhat (Enterprise servers), Cent OS (Cloud platforms). In fact, Android is also based on Linux Kernel, which has become very popular OS for mobile phones and embedded devices. There are more flavor/versions of Linux available other than the above mentioned.
Linux and Security
Linux systems are rarely infected by malware such as viruses, worms etc, thereby making it as a very secure OS. As a normal user, we will never come across a situation where Antivirus software is been sold for Linux. This means, Linux is inherently secure and there are many reasons associated with it. Let us look into the key reasons that describes why is linux more secure than other operating systems.
What makes Linux secure?
To start with, Linux has clearly defined privileges at multiple levels, thereby restricting access. For example, there is a ‘root’ level access rights (which you can relate with ‘administrator’ in any OS) which are not given to any normal user. Users are given access only to lower level accounts with limited access. When a Linux system is compromised, virus or malware will not get the root access to damage system wide. Only local files and programs of users will be affected, as the normal user will not have access permission to all the files in the system. This leads to least effect of virus in systems with Linux. As Linux users don’t have root access, it is difficult to cause damage on Linux.
Let us take the example of file permissions! The example below contains local files and permissions. The permission information of each file or directory is mentioned as a combination of 9 characters for three levels (owner, group and all users) with three different permissions (read, write and execute).
Considering drwxrwxr-x, where d in drwxrwxr-x stands for directory, first rwx represents owner permissions which applies only to owner of the directory. This won’t impact the action of other users. The second set of rwx is the group permissions and third set of r-x denotes permission for all users. Similar permission information for all the files in a particular user’s directory is given below.
Fig 1: Example for user permissions
Also in Linux, “everything is a file” (which is popularly known as Virtual File System) which includes, directory, a normal file, character device, block device, hard-drive, keyboards and printers etc. Since, everything is a file in Linux, access restriction can be done, thereby making Linux as a secure OS. An example of different types of files is given below.
Fig 2: Example – Directory, block device, character device and permissions
As most of you may be aware, Linux Kernel is an open source software. This means the code is developed and maintained by set of highly passionate individuals who is often called as “community”. Since the beginning of Linux, its creator Linus Torvalds has been a strong supporter of getting more “eye-balls” looking into the code. This means the more people see the code and review or test it, the quality improves. Even though this concept applies to all open source software development, for Linux it is followed very religiously.
The Linux Kernel development happens in a highly process oriented, engineered approach. The whole source code is divided into multiple subsystems (ex: Memory management) which is maintained by a subsystem maintainers. This maintainer, with a set of reviewers thoroughly review each and every change that is getting into the mainline Kernel thereby making it secure by design. The image given below gives a glimpse of this development process.
Fig 3: Linux Kernel – Development Process
Along with entry level quality control, developers will keep providing fixes for security vulnerabilities / issues in terms of “patches”. A patch is a piece of software designed to fix bugs. By regular release of patches for Linux Kernel, users can upgrade their Kernel to keep it stable and secure. Check out the Linux CVE link to get a view of these patches.
Memory access and management plays a key role in security of an OS. There are various memory management models adapted by different Operating Systems. In this blog, let us compare Linux with another operating system – VxWorks.
In OS like VxWorks, ‘flat memory model’ is been followed, where user space and kernel space are not well separated. Here, the system allocates memory in the physical address space. Typical VxWorks doesn’t have virtual memory support (however it can be added / enabled). Since physical memory is directly available for access, security threat prevails in this Operating System, as the malware programs can manipulate the memory and eventually bring down the system.
Whereas in Linux, user space and kernel space are well separated. Here, actual physical address allocated for any process will not be displayed to users. For example, try printing address of parent process and child process created using fork() system call. Address of both parent and child processes will be the same which is the virtual address. This is because, any application can access only the virtual address which is mapped to the physical address. Due to this, no damage can be made to actual physical address space. This way of managing memory makes Linux more secure.
Find image below which describes virtual address – physical address mapping.
Fig 4: Physical address – virtual address mapping
Having this kind of memory management approach has got its own disadvantages a well.
- Example-1: When the user application invokes a system call, there is a soft interrupt triggered from the user-space to kernel space which introduces delay.
- Example-2: When the virtual address needs to be translated into physical address, the translation process will introduce some delay.
This is one of the reasons why Linux is not preferred much for Real Time Systems (RTS), as linux it not matching up to the time expectations imposed by Real Time Operating Systems (RTOS).
Recording system events
A log file is maintained where file accesses and system accesses are written to it in Linux. If some user tries to enter into safe system file, these can be reviewed by the system administrator. Failed login attempts, security issues etc., are also written and available for system administrator to study later. Hence, by maintaining a log file to record system events, effective monitoring and preventive actions can be taken in Linux.
Log files contain messages about the system, kernel, services and applications running on it. There are different types of log files available for different kind of information. Most of the log files are located in /var/log directory.
Fig 2: Example – /var/log files
The following list contains various types of log files and what they contain.
|1. /var/log/messages||General message and system related stuff|
|2. /var/log/auth.log||Authentication logs|
|3. /var/log/kern.log||Kernel logs|
|4. /var/log/qmail/||Qmail log directory (more files inside this directory)|
|5. /var/log/yum.log||Yum command log file.|
|6. /var/log/mysqld.log||MySQL database server log file|
|7. /var/log/lighttpd/||Lighttpd access and error logs directory|
|8. /var/log/maillog||Mail server logs|
|9. /var/log/cron.log||Crond logs (cron job)|
|10. /var/log/httpd/||Apache access and error logs directory|
|11. /var/log/boot.log||System boot log|
|12. /var/log/secure or /var/log/auth.log||Authentication log|
|13. /var/log/utmp or /var/log/wtmp||Login records file|
We can monitor all kind of above mentioned logs using their respective log files and this monitoring helps in improving the security better.
SELinux is a security enhancement to Linux which allows users and administrators have more control over file access. It provides a flexible mandatory access control (MAC) system built into the Linux Kernel. Any process or application that is currently running as a user, has permissions to access objects such as files, sockets etc.
In general, when a file is created by a person he will have read, write permissions and he can grant access to users and groups or change the owner of the file. This may leave critical files exposed to users who doesn’t require the access at all. System administrator cannot enforce security to every file in the system.
Considering another scenario where a developer is executing files from home directory and may view log files. They may use sudo or su commands where it puts system files under risk. To avoid this, SELinux comes into play, where access control requirements can be fine-tuned. With this, system administrator can define what a process or user should do. Hence SELinux takes Linux to next level of security making it more secure.
In conclusion, system administrators should decide on how strict the policies should be for their server environment. MAC kernel helps in protecting system from the applications that could cause damage to the system. This is a next level of security in Linux.
Security is a very fast and evolving topic! Given the fact that Linux is an Open Source and many “eye-balls” are watching it, many of the security issues are taken care by releasing frequent patches. Added go that there are some OS design level aspects like memory management, user / kernel memory space separation, virtual memory, log management, file access control makes it all the more secure when it comes to security.
However, Linux systems are not certainly flawless, no operating system is. Using Linux can reduces the chances of security breach. What makes an Operating System secure is purely based on how the OS is used. Linux in wrong hands may lead to security breach. User’s choice matters the more in making Linux a secure OS, whatever the flavor may be!