The core of UNIX Linux system security is:

Because its source is open, there are vulnerabilities that will be fixed quickly.

It is used by fewer people, and is generally used on the server, so that it will not be like win, and anyone can do it.

There are very few hacking tools that can be used on Linux, so that no one can do it like Win.

The file permissions at each file level are clear

The claim of security is basically a lie.

Whether it is safe or not is primarily decided by the person who uses the computer.

No matter how good the system is for computer novices, it is not safe.

UNIX system security management is divided into four main aspects:

1) Prevent unauthorized access: This is the most important issue of computer security: the system is not accessed by people who are not using the system.

User awareness, good password management (with both the system administrator and the user), login activity logging and reporting, and periodic checks of user and network activity are all key to preventing unauthorized access.

2) Preventing Leaks: This is also an important issue for computer security. Prevent authorized or unauthorized users from accessing each other's important information. File system audits, su logins and reports, user awareness, encryption are all key to preventing leaks.

3) Prevent users from rejecting the management of the system: This aspect of security should be done by the operating system. A system should not be compromised by a user who deliberately tries to use too many resources.

Unfortunately, UNIX doesn't do a very good job of restricting the user's use of resources, with one user being able to use the entire disk space of the file system, and UNIX basically can't prevent users from doing so. It is best for the system administrator to check the system periodically with PS commands, accounting programs df and du. Detect processes that occupy too much cup and files that occupy a large number of disks.

4) Prevent loss of system integrity: This security aspect is related to the actual work of a good system administrator (e.g., backing up the file system periodically, running fsck checks after a system crash, repairing the file system, and software that detects if the user is likely to crash the system when there is a new user) and maintaining a reliable operating system (i.e., the user cannot crash the system frequently).

The rest of this article mainly deals with the first two questions, and the third question is"Security audits"section discussion.

Unix system end user.

Some UNIX system administration commands can only be run by the end user. The end user has privileges that other users do not have, and the end user can read, write, and run all files, regardless of the file access permission. System administrators typically use the command:

bin su or root into the system to become the end user. In a later article, it is used to indicate that commands that must be run by the end user should be typed in, and commands that should be run by all other users should be typed in with $.

CPU MEM HDD NIC should be all there is to it.

The reason for the widespread use of the Windows operating system and the widespread use of the decimal and QWER keyboards is the same. They weren't good on their own (the decimal system wasn't good for calculations, and the qwer keyboard distribution was originally designed to limit typing speed and prevent mechanical typewriters from jamming), but because Windows was the first to occupy the PC market, and the PC market was the largest in the computer market, he used it more.

Windows is an independent kernel, Unix is the kernel of Unix, and the Linux kernel is similar to Unix, so it is a Unix Like kernel. The kernels are different, so they are very different, and the so-called perfection is the relative perfection that is compared because of this.

For example, the system that comes out of the kernel of the UNIX and Linux system does not treat the memory in the way that Windows does, but the large cache setting, so the memory usage is stable, the CPU is also very smooth, and there are few deadlocks, and the disk management is relatively rare for Windows to appear disk fragmentation, I o The management adopts a unified file access mechanism, and the file management uses a symbolic connection to access it at will, which is not possible for Windows. And it's for large machines and servers. For example, do you want the control system of a nuclear power plant to shut down for half a day for defragmenting disks?

And they install software very differently, the restart required under Windows is rare under UNIX Linux, and it is also conducive to expansion, the server is something that cannot be shut down for 24 hours and decades, so you can easily upgrade with this system without worrying about the need to restart.

Open-source is their biggest differentiator. The second is UNIX's innate anti-virus, anti-Trojan, and anti-attack, which Windows can't compare.

The most basic difference between the two is that Unix is open source and WindiAWS is closed source.

User mode and kernel mode.

Kernel stack: Each process in Linux has two stacks, which are used for user mode and kernel mode process execution, where the kernel stack is the stack used for kernel mode, which is placed in two contiguous pages and frame-sized space together with the task struct structure of the process, and more specifically, the thread info structure.

When the program runs on the 3rd level of privilege, it can be called running in the user mode, because this is the least privileged level, which is the privileged level of ordinary user processes, and most of the programs directly faced by users are running in user mode; Conversely, when a program runs on level 0 privileges, it can be said to be running in kernel mode.

Although there are many differences between programs working in user mode and kernel mode, the most important difference is the difference in privilege level, that is, the difference in power. Programs running in user mode cannot access the kernel data structure of the operating system. When we execute a program in the system, most of the time it is running in user mode.

It switches to kernel mode when it needs the help of the operating system to do something that it does not have the power and ability to do.

The 4GB address space of the Linux process, the 3G-4G part is shared, and it is the address space of the kernel state, which stores the ** of the entire kernel and all the kernel modules, as well as the data maintained by the kernel. If you want to perform file operations, network data sending and other operations, you must call the system calls such as write, send, etc., these system calls will call the ** in the kernel to complete the operation, at this time, you must switch to ring0, and then enter the kernel address space in 3GB-4GB to perform these ** completion operations, and after completion, switch back to ring3 and return to the user mode. In this way, user-mode programs cannot operate the kernel address space at will, which has a certain security protection effect.

In protected mode, the address spaces of processes do not conflict with each other and that the operations of one process do not modify the data in the address space of another process through mechanisms such as in-memory page table operations. In kernel mode, the CPU can execute any instruction, while in user mode, the CPU can only execute non-privileged instructions. When the CPU is in kernel mode, it can enter the user mode at will; When the CPU is in user mode, it can only enter the kernel mode through interrupts.

Normally, a program starts out in the user mode, and when the program needs to use system resources, it must enter the kernel state by invoking a soft interrupt.

One is open source code, and the other is fully copyrighted.

The question is too broad.

Which aspect do you mean, whether it's memory management, CPU scheduling, networking, or file system.