What is an Operating System? Pt. 3

Linux Operating System.

Linux is a modular kernel invented by Linus Torvalds. It is operating systems have been around since the middle of the 1990s. The user-base can be found in many industries and across the globe. Linux can be found in phones, Roku devices, cars, and even refrigerators! It runs the world’s stock exchanges and most of the internet.

Linux has upheld the reputation of being one of the most reliable and secure operating systems available.

The Linux operating system has a command line called the Shell. This used to scare people away from Linux, because there was the assumption that people had to learn an outdated command line to make it work. This is not the case any longer.

With the modern Linux desktop, the user doesn’t need to ever touch the command line. Linux offers a plethora of high-quality applications that can be simply installed.

Many Linux distributers have a tool similar to the App Store that will centralize and simplify the installation of the apps. The Ubuntu software center is the Linux store that offers thousands of cost efficient or free applications for Linux.

One of the features that many users like about Linux is that the cost of entry is free. This means that Linux can be installed on as many computers as desired without costing the user any money for the software of the server licensing.

Linux has an open source license. This means that the user has the freedom to run the program, for whatever reason they need. They can make copies and redistribute the copies to their friends. The user also has the freedom to modify the Linux version they are using and distribute that as well.

Many Linux users like to boast about the fact that they have never had any issues with viruses or malware. It is known for being reliable, flexible, and secure.

It is important to note that a serious design drawback to introducing new security features into the Linux operating system is that the original applications can’t be broken. This is a rule for all the new features. Meaning, the option of creating a brand-new security system from the bottom up is not an option. The new features will have to be compatible and retrofitted with the original design of the system.

Linux also has the networking stack that has IPsec. This offers authenticity, confidentiality, and the protection of the integrity of the IP network. It can also be used for VPNs, virtual private networks.

The Linux kernel users of the cryptographic API have disk encryption schemes and module signature verification. The Linux Security modules has hooks at all the critical security points inside of the kernel.

Any information that is relevant to the security of the system is passed to the Linux Security Modules. Security Enhanced Linux (SELinux) is designed to meet many security requirements. This includes the general purpose use all the way to the government and military systems that carry classified information.

This security is administered centrally, which helps contain any attacks that exploit misconfiguration and userland software bugs. All files and processes in SELinux are assigned security labels.

Any important interactions between entities on the operating system are then hooked by LSM and sent to the SELinux module, which will go over the security policy to decide if the operation should continue.

The Linux kernel has a comprehensive audit subsystem. This subsystem was created to meet the certification requirements for the government. This feature turned out to be useful for the Linux users as well. These audit logs are great for analyzing the operating system’s behavior. It also is helpful in detecting attempts to compromise the operating system.

Linux has a mechanism that restricts the access to system calls. This mechanism is called the Secure computing mode. The idea of this mechanism is to reduce attacks of the kernel by stopping apps from entering unnecessary system calls.

Another subsystem for the kernel is the integrity management, which protects the integrity of any files on the system. The Integrity Measurement Architecture for the Linux system also performs runtime measurements of any files by using cryptographic hashes, which will compare them to a list of valid hashes. These measurements are logged through the audit subsystem.

Using the Extended Verification Module (EVM), the Linux operating system is protected from offline attacks.