I am currently writing the lab for a module based around auditing the operating system for security issues relating to an Oracle installation for the new SANS "Securing Oracle track" so late last night i found myself surfing for Windows shells. I knew about Cygwin and the MKS toolkit which are Unix like environments for Windows and I had also considered Perl for my own use. I was looking for the options for creating universal (ish) scripts to audit certain aspects of the operating system and I found a blog entry on Wesner Moise's site about a new shell for Windows called Monad. Wesner says:
"Microsoft is introducing a new command-line shell, codenamed Monad, into Longhorn. If you have a Longhorn build, you can use the new shell by launching "msh.exe."
The post was made in May this year so is a little old but it looks interesting as a possible tool for security audits. He goes on to discuss the good features:
"The Good
New-style commands (or commandlets, as they are called in Longhorn) are .NET libraries (plus associated .msh or .cmdlet file) that consist of classes driving from CmdLet. Through the magic of reflection, Monad performs all the parsing and validation of switches and maps them to properties of your new class. Attributes are used to indicate whether properties are mandatory, optional, or produce prompting if omitted. Monad also will eventually support Intellisense and help for cmdlets.
Commands can output .NET objects not just text. For example, you can enter
get/process | where "handlecount -gr 400" | sort handlecount | format/table processname,handlecountYou get:
ProcessName HandleCount
---------------- ---------------
processname handlecount
... ...
Get/Process returns a sequence of process objects, which is filtered to include only those processes with a HandleCount property exceeding 400, then sorted and formatted to show a table of two columns. These objects are treated like records, and can be output to various formats besides text, such as an Excel spreadsheet.
Other notables: In addition to the standard input, output, and error steams, there can be additional streams used by cmdlets such as for verbose mode, progress status, and debug mode. Drives can not just be mapped to the filesystem, but also to other heirarchies like the registry database. The scripting language is designed to be as powerful as Perl, as it includes typed variables, functions, property accessors and method calls, and associative arrays."
and then the bad:
"The Bad
The new shell, as it stands now, is not very usable as a routine interactive shell, so, at least in this build, you'll gravitate back to the familiarity and simplicity of cmd.exe.
Monad is not quite a superset of the XP cmd shell. You can execute traditional commands as before, but the built-in commands all behave different. For example, in the most basic of operations, listing the current directory (ie, typing "dir") produces the directory contents but in user-unfriendly manner. I sure hope that the new shell undergoes usability testing, since the new shell syntax is unfamiliar and does require learning."
The shell sounds like its a bit green and needs more testing and features but it sounds like Windows could finally be getting a "real" shell like bash, ksh, csh available on Unix / Linux. Keep an eye out on progress on monad it could be useful for oracle security auditors.
Blog
Pete Finnigan's Oracle Security Weblog
This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.
[Previous entry: "Auditing DBA's?"] [Next entry: "check_parameter.sql : script added to my tools page"]
October 2004
- find_all_privs.sql : A script to find all privileges allocated to a user or role - 10/02/2004 by 10/02/2004
- PeteFinnigan.com Tools page updated - 10/03/2004 by 10/03/2004
- who_has_role.sql : A script to find which users and roles have been granted a role - 10/05/2004 by 10/05/2004
- Howard Rogers writes about Virtual Private databases - 10/06/2004 by 10/06/2004
- Tools page has been updated again - 10/07/2004 by 10/07/2004
- who_has_priv.sql : script to find user who have been granted a system privilege - 10/09/2004 by 10/09/2004
- Oracle remids all customers to apply Patches for alert #68 - 10/10/2004 by 10/10/2004
- preventing password leakage with SQL*Loader - 10/11/2004 by 10/11/2004
- which special characters can be used in Oracle database passwords - 10/12/2004 by 10/12/2004
- expired passwords, ORA-01045 and password changes - 10/13/2004 by 10/13/2004
- SQL Injection papers - 10/14/2004 by 10/14/2004
- where is the next monthly patch? - 10/15/2004 by 10/15/2004
- computerworld have also picked up the patch quickly story - 10/16/2004 by 10/16/2004
- Listener security guide - 10/17/2004 by 10/17/2004
- A tuning book and security? - 10/18/2004 by 10/18/2004
- An interesting SQL Injection paper - 10/19/2004 by 10/19/2004
- Internetnews article : "Customers Gripe About Oracle's Patch Plan" - 10/20/2004 by 10/20/2004
- Auditing DBA's? - 10/21/2004 by 10/21/2004
- You can search inside the SANS Oracle security step-by-step guide - 10/22/2004 by 10/22/2004
- Is setting trace a security risk? - part 1 - 10/23/2004 by 10/23/2004
- technewsworld.com says "Oracle's Security Luck Runs Out" - 10/24/2004 by 10/24/2004
- Another issue with alert 68 on AIX 32 bit - 10/25/2004 by 10/25/2004
- Writing to the alert log - 10/26/2004 by 10/26/2004
- more info on DBMS_SYSTEM.KSDWRT - 10/27/2004 by 10/27/2004
- massive data theft from a database in California - 10/28/2004 by 10/28/2004
- Can I connect to the database as the user PUBLIC? - 10/29/2004 by 10/29/2004
- Interesting question about Sarbanes-Oxley on Oracle 7.3.3 - 10/30/2004 by 10/30/2004
- Howard Rogers new paper on secure application roles - 10/31/2004 by 10/31/2004
Archives
Syndication
Powered by gm-rss 2.0.0
