OpenSolaris

1
OpenSolaris

•  
• Conner Finlay
• Josh Smith

2
Overview

•  
• Some history behind OpenSolaris 
•  
• A comparison between Solaris, Windows, and Linux
  with some pros and cons of each
•  
• Interesting features of OpenSolaris
•  
• OpenSolaris for home and corporate users

3
A gray "" means that the license does not say
anything - mostly it is an implied OK. CDDL -
Common Development and Distribution License
4
History

•  
• An open-source operating system based on the code
  of Solaris 10 
•  
• Both operarting systems trace their history back
  to System V(R4) and are written in C
•  
• Similar to the BSD and Linux family 
•  
• OpenSolaris was first introduced in 2004

5
OpenSolaris vs Solaris

•  
• OpenSolaris is created as a project by Sun
  Microsystems
•  
• A way to interact between Sun and developer
  community
•  
• Take in project ideas to incorporate in to
  Solaris OS
•  
• OpenSolaris is not officially supported by Sun
•  
• No official patch release - Community based
•  
• Similar to Red Hat vs. CentOS   
•  
•  
•  

6
OpenSolaris vs Linux

•  
• Provides a Unix environment
•  
• Gnome interface with easy menus
• Similar set of software - Firefox, OpenOffice,etc
  
•  
• Different commands in terminal
•  
• Both support a wide range of architectures 
•  
• Both use a package manager

7
OpenSolaris vs Linux

• Linux            sudo bash
• OpenSolaris pfexec bash pkg install SUNWsudo  
•  
• Linux            apt-get search rsync apt-get
  install rsync
• OpenSolaris pkg-search rsync pkg install
  SUNWrsync
•  
• Linux            ifconfig
• OpenSolaris ifconfig
•  
• Linux             top
• OpenSolaris  prstat
•  
• Linux            /etc/init.d, /etc/rc.d
• OpenSolaris svccfg, svcadm, svcs

8
OpenSolaris vs Linux

• Linux            /home
• OpenSolaris /export/home 
•  
• Linux            /var/log
• OpenSolaris /var/adm, /usr/adm, /var/log
•  
• Linux            /tmp
• OpenSolaris /var/tmp
•  
• Linux            /bin, /usr/bin
• OpenSolaris /usr/bin, /bin, /usr/gnu/bin

9
OpenSolaris vs Windows

•  
• Open-sourced vs. closed-source
•  
• Filesystem differences
•  
• Different binary file format 
•  
• Difference of architecture support
•  
• "Not as vulnerable"

10
OpenSolaris at Home

•  
•  Possible lack of drivers
•  
• Able to download a LiveCD to test out hardware
•  
• Does not use the latest version of open-source
  applications - i.e. Gnome 
•  
• May not work great with a laptop (again, driver
  support)
•  
• Not "Out-of-the-Box" user friendly

11
OpenSolaris in the Office

• Can be vulnerable out of the box
•  
• Remote exploits - Default listening services
•  
• Patch and disable unneeded services
•  
• Solaris - Guaranteed Support from Sun
•  
• OpenSolaris - No support from Sun
• Only dev community

12
OpenSolaris for Sysadmins
            Demonstration Patch - Show
Services - Start/Stop Service - Config File
Locations - ZFS - Containers
13
ZFS

•  
• 128-bit OpenSource (CDDL) Filesystem that
  supports up to 16 Exbibytes 
•  
• Permissions - POSIX, NFSv4 ACLs 
•  
• Supported Operating Systems - Sun
  OpenSolaris/Solaris, Apple Mac OS X Server 10.5,
  FreeBSD, Linux via FUSE
•  
• Supports encryption
•  
• Built-in 256-bit check sum, which can correct
  errors on the fly

14
ZFS Features

•  
• Different than other filesystems - built on
  "virtual storage" devices called zpools (vdevs vs
  dev)
•  
• Can group vdevs together to form RAID Pools, this
  includes RAID 0, RAID 1, or RAID-Z (similar to
  RAID 5)
•  
•  Allows for snap shops of the Filesystem, users
  can roll back to a certain point in time
  (TimeSlider application)
•  
• Fairly resource heavy

15
TimeSlider
16
Binary Format

•  
• OpenSolaris uses ELF Binary Files
•  
• Executable and Linkable Format
•  
• Same Binary Format as Linux and Free/OpenBSD
•  
• Windows - PE Binary File (Portable Executable)
•  
• MacOS - Mach-O and ELF

17
Binary Format

•  
• Binary code for executable files, object code,
  and shared libraries
• .o, .so, .ko, binary files, etc.
•  
• Binary format not bound to any particular
  processor or architecture
•  
• Intel Assembly Code, ATT Assembly Code
•  
• readelf command - Information on binary file
•  
• GDB - command line debugger - Assembly code

18
ELF Binary Format
19
PE File Format
20
Zones

• Also known as Solaris Containers
•  
• System resource control and Boundry seperation
•  
• Kernel Level (Operating system) virtualization
•  
• Separate User Space and Kernel Space memory

21
OpenSolaris Security

• OpenSolaris supports PAM
•  
• Solaris Zones
•  
• Non-Executable Stack
•  
• Process Rights Management
•  
• IP/Packet Filtering - IPSec
•  
• Default services either disabled or listening on
  localhost by default
•  
• NSA works in conjunction with Sun and submits
  code

22
OpenSolaris Security

• Process Rights Management (Borrows from Trusted
  Solaris)
• Built in to the kernel
•  
• Checks UID of Process fork
•  
• Child Processes have the ability to have
  different Process Rights
•  
• Privileges can be granted on access when needed

23
OpenSolaris Security

• BART - Basic Auditing and Report Tool
•  
• EXAMPLE
•  
• "find /etc bart create -I gt newManifest"
•  
• "bart compare ./oldManifest ./newManifest"
•  
• Evaluates uid, gid, permissions/acls, contents,
  mtime, size, type, etc.

24
Sources

• http//wiki.genunix.org/wiki/index.php/OpenSolaris
  _FAQWhat_is_the_difference_between
•   OpenSolaris.2C_Solaris_Express.2C_Solaris_10.2C_
  etc..3F
•  
• http//blogs.sun.com/chandan/entry/copyrights_lice
  nses_and_cddl_illustrated
•  
• http//opensolaris.org/os/project/czosug/events/Op
  enSolaris_and_Linux_Basic_Comparison.pdf 
•  
• http//en.wikipedia.org/wiki/Executable_and_Linkab
  le_Format 
•  
• http//en.wikipedia.org/wiki/ZFS 
•  
• http//www.opensolaris.org/os/community/security/f
  iles/nsa-rebl-solaris.pdf 
•  
• http//www.opensolaris.org/os/community/security/f
  iles/CEC-SFT0062-Brunette.pdf 
•  
• http//www.sun.com/software/solaris/trustedsolaris
  /features.xml