Chapter 33. Auditing UNIX/Linux

The UNIX operating system, although now in widespread use in environments concerned about security, was not really designed with security in mind. This does not mean that UNIX does not provide any security mechanisms; indeed, several very good ones are available. However, most “out of the box” installation procedures still install the operating system with little or no security enabled.

History

UNIX was originally designed by technical programmers as an operating system for use by other programmers. The environment in which it was used was one of open cooperation, not one of privacy. Programmers typically collaborated with each other on projects, and hence preferred to share their files with each other without having to climb over security hurdles.

By the early 1980s, many universities began to move their UNIX systems out of the research laboratories and into the computer centers, enabling their user population as a whole to use this new and wonderful system. Many businesses and government sites began to install UNIX systems as well, particularly as desktop workstations became more powerful and affordable. In these environments the UNIX operating system was no longer being used where open collaboration was the goal.

Universities required their students to use the system for class assignments, yet they did not want the students to be able to copy from each other. Businesses used their UNIX systems for confidential tasks such as bookkeeping and payroll. ...

Get Auditor’s Guide to Information Systems Auditing now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.