When Apple revamped its operating system and adopted Nextstep as the base of OS X, they brought along with it an extremely powerful version of Unix based on the open-source project FreeBSD, now known as Darwin.

Unix has a long history, one that started in the basements of Bell Labs by a group of AT&T engineers some 40 years ago. A professor in a C programming course I took once said that they were supposed to be writing drivers for the AT&T hardware, but instead, they wanted some way to use the system to play games, so they invented Unix.

Unix is now a mature and robust operating system, and since OS X is based on Unix, it has inherited all of its power, and some of its complexity. The beautiful aqua interface that we are used to seeing is really all that is needed, but if you would like to take a look at what makes your computer tick, Apple included Terminal.app to act as a window into the GUI and into the Unix soul of OS X.

Nick started a great series back in January 2007 on this subject, and now I’d like to cover some of the basics again, and maybe bring a different point of view to the table as well.

Open Terminal.app (found in Applications → Utilities), and you’ll see a window with a prompt waiting for you to start typing.

At this point, it’s important to understand a few things about the Terminal. For one, the commands that you can type are interpreted and carried out immediately, no waiting around. So if you tell it to remove a file, it will do it right then, with no easy way of recovering it. There isn’t a recycle bin on the command line (not without a little coaxing, anyway). Secondly, since Unix was developed decades ago, many of the commands seem a bit archaic. Back when most of these utilities were written, they were all abbreviated to save space and cut down on the number of keystrokes you’d need to type. Below is a list of a few essentials, and another list from Nick’s post is here.

• ls (list): Probably one of the most important commands, it lets you see what’s in your current directory.
• cd (change directory): This is how you move about the filesystem in Unix, for example, to move from Library to Documents.
• file: This one isn’t short for anything, but it will give you a brief description of what a particular file is.
• cat (concatenate): Or “Grab everything in this file and let me read it.”
• man (manual): The online manual will describe most commands that you’re interested in; for example, typing man ls will give you the manual page about the ls command.

It might be helpful to open a Finder window and put it right next to the Terminal. Open the Finder so it shows your home directory. Type ls in the Terminal to see the same files that you see in the Finder. Try another command: touch. touch is designed to change the last accessed timestamp of a file, but it will also create a blank file. You can see the file created in the Finder as well. You can cat the file, and see that there is nothing in it.

Now that you’ve created a file, and looked at its (blank) contents, you can remove the file using the rm command. This is one of those dangerous commands that, if used carelessly, can really screw things up. For this example, carefully type rm file into the terminal, and watch the file disappear in the Finder. You’ll notice that your Trash stays empty — that file is goners.

The Unix filesystem is a nested hierarchy, with each directory separated by a forward slash (/). The current working directory is symbolized as a dot (.), and the parent directory is symbolized by two dots (..). The top of the hierarchy, known as the root, is symbolized by a single forward slash.

So, to move to the parent directory, you could type cd ... If you were in the Library directory and you typed this command, you would then be moved into your home directory. To see the very top of the hierarchy, you would type cd /. Type this command now.

Also, move in the Finder to the hard drive where you have OS X installed. I have mine named, originally, “OS X”. Type ls in the Terminal, and you’ll notice a few more files than you can see in the Finder. These files are important Unix system files, and should not be touched unless you really know what you’re doing…and really, not even then. To illustrate the importance of these files, you could type file mach_kernel.

This is the kernel, the core of the operating system. Do not mess with this file. Several of the other files are directories. You can change directories into /bin, for example, and type ls to list the contents of that directory. You’ll find a file in that directory named “ls,” which is the executable for the ls command. When you type ls into the terminal, it executes this tiny app. A great place to learn about Unix is to get a list of this directory, and then read the man page for every file listed.

To exit the Terminal, just CMD-Q like any other app, and you are back in the comforts of OS X.

This has been a very brief overview of how to go from absolutely no Unix knowledge whatsoever to the smallest amount of Unix knowledge necessary to poke around a bit. There’s a lot of power under there, but before you can really start to harness it, you need to get a decent understanding of the hows and whys.

Related research and analysis from GigaOM Pro:
Subscriber content. Sign up for a free trial.

• Why iPad 2 Will Lead Consumers Into the Post-PC Era
• The Near-Term Evolution of Social Commerce
• Content Farms: The Players, The Benefits, The Risks

To answer the “do we really need security tools for OS X?” question in a slightly different way than you’ve seen from many technology pundits, I’d like to turn your attention to utility called rkhunter or “rootkit hunter”. As most TAB readers should know by now, OS X has it’s origins in Unix (the “darwin” base comes from FreeBSD), and most folks believe *nix variants (linux, FreeBSD, Solaris, etc) to be extremely secure, free of the problems that plague those sad, sad Windows users. If you fall into that camp, please take a moment and browse the Secunia FreeBSD 5.x artchives. Secunia reports show over 91 vulnerabilities, with critical ones impacting core services such as file sharing and remote access. This should not be surprising since Unix systems have been favorite targets for hackers as they provide such a powerful base to launch further exploits. One of the more gnarly hacks is the installation of a rootkit – a program that can take surreptitious control of your system. And, guess what: your Mac OS X workstation/server is susceptible to rootkits just like any other Unix system, even with Leopeard’s enhanced security features. How can you fight something you can’t even see? You need a tool to help. Modern anti-virus products can and usually do cover rootkits, but the rkhunter tool may cover additional rootkits and may update rootkit signatures more frequently than a traditional vendor.

I wouldn’t recommend trying to get rkhunter installed on your Mac since it will require some enhanced Terminal-fu. Thankfully, Christian Hornung understood the need for such a tool and built a wrapper for it called (surprisingly enough), OS X Rootkit Hunter [dmg], complete with installer. After installing the package, navigate to Applications->OSXrkhnter and run the “Rootkit Hunter” app.

It’s good practice to update the rootkit database (similar to a virus engine DAT update) before each scan since there may be new rootkit signatures from new or altered exploits. When you start the scan, you will see a password dialog – just as you would with any operation that requires additional privileges to run – since OS X Rootkit Hunter needs to look in places your normal account user account cannot. You will also see Terminal windows displaying a running report of what rkhunter has or has not found (since this front-end does not free you from all the gory details of what lies beneath Aqua).

While you can download and run OS X Rootkit Hunter, I would strongly suggest that less technical users obtain one of the commercially available malware scanners since the output from OS X Rootkit Hunter can be a bit daunting. The presence and history of this tool should be enough justification for the need to run security software on your systems.

Related research and analysis from GigaOM Pro:
Subscriber content. Sign up for a free trial.

• Why iPad 2 Will Lead Consumers Into the Post-PC Era
• The Near-Term Evolution of Social Commerce
• Content Farms: The Players, The Benefits, The Risks