_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- Hackers Information Report 9 Network-Tuned OS Overview By Axon _-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- Recently, I've been messing with different Operating Systems. As many people have, I've had my usual Windows 95 experience, and those of us who have been around a while have had our fun with MS (or IBM, Free, Dr) DOS. I found Linux, and was instantly lured by its stability, speed and lack of hardware requirements (I've been able to run it on some pretty minimal systems with good results). Converting directly from "the OTHER, unstable and proprietary operating system" to Linux got me really thinking about what a difference the Operating system makes to performance. I'm sorry, but I want an operating system with Services! Back in the days of Windows 95, I would try all sorts of software that added "servers" to the system. I loved them, but they crashed often. Windows 95 was NOT intended to run as a machine with open services. Being an Information Technology Major, I have to take classes that deal with network servers, and these classes break into three tracks. Students MUST take at least the "introductory level" class in two of the tracks, and then take the "advanced" class in one of those, in order to get the degree. The Three tracks are "Windows NT" (NT4), "UNIX" (Solaris), and "Netware" (Whatver version came out this week. The netware class actually changed what version of Netware they were using halfway through the course due to a new version coming out...scary). I'm not touching netware now. I might later, but netware isn't really a contender for the "Internet Services" networks, and is more tuned for File and Print sharing. So, UNIX and NT it is (as far as my degree's concerned) The UNIX class isn't ever full enough so they keep postponing it, so I haven't had a chance to play with Solaris yet. This semester looks promising, as the class actually filled up completely, and I'm one of the lucky ones who got in. At defcon, I was exposed to FreeBSD, and decided to give it a try. It's TRULY different than Linux. Little differences will be pointed out later in this article. I hope to eventually try almost all of the major OS's for the Intel (x86) platform, although I know I can't possibly mess with EVERY little obscure OS that was written for x86. I decided I would do this study on just a few of the OS's that were tuned towards being "Servers". The system I am using for this experiment is a Second Generation Classis Pentium system, running at 120 MHz, not overclocked. It's got 64 Megs of RAM. The Operating systems were placed on Wetern Digital Caviar 22000 (2.0 Gig) Drives, placed inside Removeable Cartridges that slide into a Bay Receptacle inside the system. As you can see, I took time to make sure all the OS's had a fair chance at proving how well they hold their own on a system. I chose the P120 because it's pretty much a "Generic" machine. It's pretty stripped down, having only the hard drive, a 12x IDE CD-Rom Drive, and a 3com Etherlink III (3c509) NIC, and of course the floppy drive. I figured this type of machine would be powerful enough to run all the OS's I wanted to try. Here are the contestants: _-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- OS Reason I tried it _-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_ -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- Linux (RedHat 5.2) with updates I'm most familiar with RedHat FreeBSD 2.2.8 FTP install Recognized for security/stability FreeBSD 3.1 from CD-ROM Test the diffs between versions Windows NT4 Server, SP4 You think the whole world uses a REAL OS? _-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- What really got me thinking about this "contest" was the fact that I am basically being *FORCED* to take a class on Windows NT4 Administration. I knew it was more power-hungry and less stable than any UNIX will ever be, but I wanted to know HOW they all stacked up... so here is where I tried. The Following Categories are addressed here: I. Boot-up time in seconds II. Features that differentiate each OS III. "Processing Power" on a relative scale put together by Axon IV. Ease of administration, Things that make administration easier V. Woes of administration VI. "Out of the box" security VII. Software installation IIX. From the user's standpoint IX. Ease of cross-platform network integration X. Closing Notes _-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- I. Boot-up time in seconds Granted, this may not be a "totally fair" method of testing boot- up time, as there may be more stuff running on one OS than the others. This isn't meant to be some sort of judging scale, just an estimate of about how long a "server-ized, yet close to default" install will take to boot to a login screen. Redhat: 109 Seconds FBSD228: 117 Seconds FBSD31: 99 Seconds NT4SP4: 138 Seconds _-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- II. Run-of-the-mill features that differentiate each OS RH52: Setup is a breeze. If there was ever such a thing as a "fool proof" Linux install, this would probably go up there. It's well documented in the manual, however the startup screen never mentions that the manual is on CD, or where it can be found. It just says "if you have this manual read the section on `foo' before fooing". Initial setup is basically a "one size fits all" kernel that is slower than a custom-compiled one, but it usually gets the job done nicely. Linux has tons of freely-available software, and a long list of supported hardware makes this a REALLY robust Operating system. FBSD: FreeBSD has an interesting package management system that can keep track of your files, and upgrade packages nicely. Not quite as friendly as RedHat's RPM, but it does its job nicely. Both FreeBSD Versions I tried had one thing that I loved at first sight: "Ports". This is a selling point of FreeBSD. It has a very unique build environment in /usr/ports that breaks ported software down into sections such as "security", "shells", "x11-wm" (WindowManagers), etc. Then each specific ported program has a directory of its own. There is NO source code by default in any of the program build directories. You just type "make install", and it fetches the tarball, applies some patches to make it work with FreeBSD, configures the Makefile, compiles, and installs. Like that! Down-side: installing ports can be tedious on a slow-compiling machine or if your bandwidth sucks. On a more positive note: The stuff is compiled on your system, works great, and "make deinstall" is cool! There is quite a bit for Free Software out that works with FreeBSD, but Hardware support and major program support lacks behind Linux so far. FreeBSD has an amazing feel of stability, form, and function while using it. NT40: While not being quite the heavy hitters the more UNIX-ish OS's were on the lower-end test system, it's a cinch to admin. It's somewhat difficult to navigate all the strange menus to do all your sysadmin work, but after using it for a while, you learn where stuff is. This is a good Server OS for file sharing and the like on a Windows network if you need an easier-to-maintain server. NT can be made to handle modem-dialup connections and establish PPP/TCP-IP/IPX connections over the modem, just like the UNIX-type OS's. Full remote program execution is limited, however NT can act as a "terminal server", where terminals (Network Computers) feed off the NT box. Software that adds other fun server functionalities is widely available, but most of it is commercial (expensive). _-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- III. "Processing Power" on a relative scale put together by Axon FBSD: FreeBSD 3.1 came in first as far as using the default kernel setup. It runs more things at once smoother than any of the other OS's tested. FreeBSD 2.2.8 came in a close second. This is truly a "Pocket Rocket" OS. RH52: While RedHat Linux really screams on the P120, (compared to other OS's), it was outperformed by Both FreeBSD's. One must compare need for hardware/software support before choosing FreeBSD or Linux. It WAY outperforms DOS and Windows 95 (which aren't part of this article). It easily roasts NT4.0 when it comes to processing power. NT40: Bogged down, but useable. The UI was kind of choppy and crufty on our little 120 MHz box. _-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- IV. Ease of administration, Things that make administration easier NT40: By far, the winner of the "ease of administration" award. If it is possible to sit a monkey at a server to keep it alive, this is the OS that I would choose. Graphical menus and help systems make it so that anyone can keep the box alive after 2 weeks of experimenting with it. RH52 Redhat is controversial throughout the Linux world. Some people argue that it's "Too MS-ish". Redhat comes loaded with goodies. It's been built around administrative tools that require X-Window System. These admin tools are kinda MS-ish, but they get the job done. It would definitely take longer for someone to learn and get comfortable administrating a RedHat box, but the admin tools are good for the beginners. I like the fact that I can edit the config files with vi, and get the same results without a GUI front-end program. There are even front-end programs to help you select kernel options before you re- compile your kernel. FBSD FreeBSD 2.2.8 is next in line. There is the added bonus that there are less config files than Linux, and the config files are larger, and control more aspects of the system, resulting in more centralized control of the OS. FreeBSD 3.1 comes in dead last, but not far behind FreeBSD 2.2.8. This is due to even MORE options for the kernel and config files. FreeBSD's package management will not only fetch the latest versions of the software you try to install, but will also self-grab/install any other programs or libraries that the program needs (Known as dependencies), resulting in an install-and-go package installation. The FreeBSD project has done a really good job on their "FreeBSD Handbook" which, when I printed it, took up a whole 3-inch ring binder. _-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- V. Woes of administration NT40 It does take real skills and knowledge to use the advanced aspects of NT, including security. Learning the menu structures is a pain, and I still get lost now and again when going on a clicking rampage. Any powerful remote administration abilities are non-existant without outside Third-party programs such as VNC (See HiR7, article 6). RH52 The graphical admin tools can also be just as confusing as Windows NT's stuff. Also, RPM (Redhat Package Manager, used for installing programs) makes the Admin get any dependent libraries or programs and install them separately. FBSD Administration's just difficult! FreeBSD totally sacrifices user-friendliness for speed and stability. There's not really a good administration tool. Anything you can set during the installation process can be changed with the "sysinstall" tool, but that's about it. Anything else must be edited in the config files by hand. Kernel compile options are read from, you guessed it, a config text file that you have to edit by hand, and documented lines in the default config file are scarce. To really tap the power of the kernel, you have to access the FreeBSD Handbook and see what it has to say. Kernel options are documented well in there. _-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- VI. "Out of the box" security FBSD FreeBSD 2.2.8 wins out on being most secure out of the box. FreeBSD 3.1 came in second. FreeBSD just doesn't care about user friendliness. Bost FreeBSD 2.2.8 and 3.1 came stock with a system known as S/Key, a one-time password system. All you had to do is run a keyinit program for each user that you want to be authenticated in this manner. I found no vulnerabilities in 2.2.8 and in FreeBSD 3.1, there was only the Free86 vulnerability out of the box, and it was easily fixed. RH52 Out of the box, not horribly secure. Redhat 5.2 shipped with a lot of little holes, but they were simple to fix with the RPM files from RedHat's site. NT40 Okay... Just NT4.0 with no service packs... it's scary, and easily exploitable. I upgraded to SP4, and it still had some unresolved issues, all the way to allowing a user to add him/her self to the local machine's Administrators group. This is a VERY bad thing, and the exploits are as simple as running a program. Point. Click. Admin! _-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- VII. Software installation This is REALLY a personal-preference deal. You'll see. FBSD Both 3.1 and 2.2.8 are the same here. Ease of software installation is a plus, but it's slow, because it usually involves compiling the program. It's really a "start installing and switch to another console" situation. No questions asked, and if it needs another program, it goes and gets it without complaining. RH52 RPM (as I said before) will install a binary package in a hurry. The problem is that IF it needs another program, it requires user interaction to go and get it. Oh well. Not quite as easy as FreeBSD. Not all Linux Distributions use "RPM". Debian GNU/Linux uses a different packaging tool that DOES go-fetch the other packages. NT40 If clicking around menus and asking if/where to install stuff is for you, then I guess NT is the OS of champions. Otherwise, I consider it bothersome and time-consuming. _-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- IIX. From the user's standpoint NT40 Clicky, clicky! This is by far the easiest OS for the end users to adapt to. This technology dates back to when cavemen pointed to objects with sticks (equivalent to the mouse) and made grunting noises (equivalent to clicking mouse buttons). It's almost natural, or something. Unfortunately, this method of machine interaction requires the computer to do extra work determining what the user is trying to do, and drawing pretty pictures on the screen to ensure that even the most idiotic user knows what's going on. RH52 Don't get me wrong, UNIX systems have Graphical User Interfaces, too. They just aren't as friendly, and the user still needs to know how to use a keyboard for some practical applications and file manipulation. Redhat has tried to make the X window system more friendly, but they haven't gone as far as MS has (yet). FBSD FreeBSD 2.2.8 and 3.1 are both the same here, as well. There aren't as many cool user-geared graphical things distributed with them. There are a few, but not as many as there are for linux. This would be the hardest OS for an end-user to get used to. _-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- IX. Ease of cross-platform network integration RH52 RedHat made sure they packed their distribution of Linux chock full of networking abilities by default. Redhat can do Apple Talk, TCP/IP, Netware, and over TCP/IP it can act like a Windows NT file/print server, as well as utilizing resources on an NT Network. Usually, the protocols can be set into action without so much as a reboot. FBSD FreeBSD can integrate with any network that Linux can, but it's a little more difficult to implement. NT40 NT can handle most of the protocols, but I don't think that it does appletalk by default. Windows 2000 adds this ability, but only as an AppleTalk SERVER. It can't browse resources on an appletalk network. _-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- X. Closing Notes Really, it's hard to tell "what's the better OS here?". That is totally based on application of the server. This article was not designed to flaunt one OS over another (okay... just a little), but you probably see some definite pros and cons to each OS. This is meant to be a "Guiding Light", so that you know what will be the wise choice. I do not promote OS bashing too much. Each Operating system is good and bad in it's own ways. 100% "BAD" operating systems hat have nothing to offer over other operating systems quickly disappear or become scarce in the world (ahem, OS/2?, CP/M? what???). You get my picture. I'm outta here. Happy serverizing, guys! --Axon