I’ll Tell You What…

So I’m sitting there at work minding my own business when a co-worker walks up and tells me that the “powers-that-be” are testing the security of the UNIX/Linux systems by intentionally doing things that trigger events in our audit logs. I just roll my eyes and think happy thoughts for a minute or two while the situation sinks in. It’s never a good idea to let non-technical people do technical things unsupervised, I think. I’m told that “they” are just trying to make sure that everything we say that we review during a weekly audit gets reviewed. That’s ok. I would hate for someone to gundeck the logs and miss something important. That someone would learn an alternate meaning to “man on the street” I can assure you.

Anyway, much of what we see come to the UNIX/Linux side of the house with regards to security policy comes from the Windows side and the plethora of problems that are encountered there. One thing that is checked is date/time continuity. Let me first say that I am all for ensuring that the time does NOT change in any way except via ntp. Any other change in the date/time of the machine indicates tampering and warrants further investigation.

If you have used a Windows computer for any length of time you’ve discovered the wonders that is the Windows Clock on the Taskbar (also known as the Date and Time Properties). It is one the most useful items in Windows (any version). This thing has been around for so many years that it’s use is part of everyday (or every other day) computer life. Imagine, if you will, an email from a co-worker asking if you can attend a concert or sporting event on a particular date. Your first thought is, “What day of the week is that?” That’s usually my first thought. What’s the quickest way to find out? Yep. Double-click the clock in the Taskbar and check the visual calendar. Virtually everyone I know has done this a few times in their life.

Now imagine a situation where you would not want people to change the date/time because you log important events that are security relevant. One of the programs you would lock down is the Date and Time Properties. Now, if anyone tried to change the time by double-clicking the clock he or she would be told that he or she did not have permission to do that. Also, an event would be logged for the auditor to find. I can’t remember the event number off hand. My point is that this warning and subsequent event can be avoided (for the most part) if another policy were set in place removing the clock in the Taskbar altogether! It’s not that hard to do and can be pushed down from your domain controller so you don’t have to touch each machine.

In the Windows registry (XP or Vista), look for the key

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

It should be there but if not just create it. In fact, it may be in a couple of places. F3 is your friend.

If you examine this key, you will see a few of No* DWORDs. You will want to look for NoTrayItemsDisplay in particular because setting that value to 1 (TRUE) will prevent the Taskbar from displaying all the mini-icons on the right-hand side. If this 32-bit DWORD does not exist just create it.

Once you have logged off and back on the little annoying icons should be gone. They’re still running but the mini-icons are block from being shown.

Save yourself a headache or tow or three or four and set that key so the auditors can look for the really important date/time events such as 520 and 577 (assuming that Audit privilege use is set in your Audit Policy)!

I’d forgotten how much I enjoyed xkcd.

Some of the things Bruce Schneier says reminds me of me. In his latest commentary in Wired.com, Bruce points out that it takes a different kind of person to see through security-tinted glasses.

In the continuing saga that is my professional life and programming, I seem to be doing more in Perl than anything else at the moment. Even with the motivation to read and study Java and Python I seem to be falling back on what I know better. And that’s not a bad thing, mind you. I just think I’m falling victim to the old jump in the deep end before you can swim routine with these other languages.

For the most part, though, I think that it’s good to jump into a project and just flail away at the new APIs, functions and such. But there are other times when trying to learn a language on the side is tedious. Life gets in the way sometimes and the time between picking up the books lengthens. The fundamentals that you read about in the beginning didn’t stick like they should and you find yourself going back and reading it again. That sounds pretty negative but if you think about it we learn a lot when that happens. I had a Murphy’s Law page a day calendar several years ago and one of the days said, “Snider’s Law: Nothing can be done in one trip.” All the things I know really well took a lot of repetition to learn. Sometimes it just takes time and a little patience goes a long way.

There a few big projects that I would like to attack but the foundation just isn’t there and I think it would only disappoint more that educate. For example, I would like to create a Java app that would serve as the central control panel for the the tedious things we have to keep up t0 date at work such as updating the Message of the Day, managing the sudoers file, ssh keys, etc. Not necessarily like the Solaris Management Console but similar, I suppose. Who knows if that project will come to fruition. But, the idea is there and there’s a need so who knows. I like to create and solve problems.

So, where am I now? A little further along in … some direction. And some direction is better than standing/sitting still.

I think it’s time to trade this body in for a new one.

Two bottles of beer on the wall.
Two bottles of beer.
Take one down.
Pass it around.
One bottle of beer on the wall.

One bottle of beer on the wall.
One bottle of beer.
Take it down.
Pass it around.
No more bottles of beer on the wall.

#!/usr/bin/perl -w

use strict;
use Lingua::EN::Inflect qw( NUMWORDS );

my ($beerNumber, $beerNum, @num_word);
my $word = "bottles";

$beerNumber = 99;

while ( $beerNumber > 0 ) {
	$beerNum = wordize($beerNumber);
	
	print "$beerNum " . $word . " of beer on the wall.\n";
	print "$beerNum " . $word . " of beer.\n";
	
	if ($beerNumber == 1) {
		print "Take it down.\n";
		$word = "bottle";
	} else {
		print "Take one down.\n";
	}
	
	print "Pass it around.\n";
	
	$beerNumber--;

	if ($beerNumber == 1) {
		$word = "bottle";
	}
	
	$beerNum = wordize($beerNumber);
	
	if ($beerNumber > 0) {
		print "$beerNum " . $word . " of beer on the wall.\n\n";
	} else {		
		print "No more bottles of beer on the wall.\n";
	}
}

sub wordize {
	my (@beerNumWord, $beerNumReturned);
	
	@beerNumWord = NUMWORDS ( shift @_ );
	$beerNumReturned = ucfirst(shift @beerNumWord); 
	return $beerNumReturned;
}

/**
 * Simple program that prints out the words
 * to the 99 Bottles of Beer on the Wall
 * song.
 *
 * Based on the BeerSong example in the
 * _Head_First_Java_ book with corrections.
 */
public class BeerSong {
    public static void main (String[] args) {
        int beerNum = 99;
        String word = "bottles";

        while (beerNum > 0) {

            System.out.println(beerNum + " " + word + " of beer on the wall.");
            System.out.println(beerNum + " " + word + " of beer.");

            if (beerNum == 1) {
                System.out.println("Take it down.");
                word = "bottle";
            } else {
                System.out.println("Take one down.");
            }

            System.out.println("Pass it around.");
            beerNum--;

            if (beerNum == 1) {
                word = "bottle";
            }

            if (beerNum > 0) {
                System.out.println(beerNum + " " + word + " of beer on the wall.\n");
            } else {
                System.out.println("No more bottles of beer on the wall.");
            }
        }
    }
}

public class hello
{
    public static void main(String[] args)
    {
        System.out.println("hello, hello...");
    }
}