Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Auditing DBA's?"] [Next entry: "check_parameter.sql : script added to my tools page"]

new shell for Windows

I am currently writing the lab for a module based around auditing the operating system for security issues relating to an Oracle installation for the new SANS "Securing Oracle track" so late last night i found myself surfing for Windows shells. I knew about Cygwin and the MKS toolkit which are Unix like environments for Windows and I had also considered Perl for my own use. I was looking for the options for creating universal (ish) scripts to audit certain aspects of the operating system and I found a blog entry on Wesner Moise's site about a new shell for Windows called Monad. Wesner says:

"Microsoft is introducing a new command-line shell, codenamed Monad, into Longhorn. If you have a Longhorn build, you can use the new shell by launching "msh.exe."

The post was made in May this year so is a little old but it looks interesting as a possible tool for security audits. He goes on to discuss the good features:

"The Good

New-style commands (or commandlets, as they are called in Longhorn) are .NET libraries (plus associated .msh or .cmdlet file) that consist of classes driving from CmdLet. Through the magic of reflection, Monad performs all the parsing and validation of switches and maps them to properties of your new class. Attributes are used to indicate whether properties are mandatory, optional, or produce prompting if omitted. Monad also will eventually support Intellisense and help for cmdlets.

Commands can output .NET objects not just text. For example, you can enter

get/process | where "handlecount -gr 400" | sort handlecount | format/table processname,handlecountYou get:

ProcessName HandleCount
---------------- ---------------
processname handlecount
... ...
Get/Process returns a sequence of process objects, which is filtered to include only those processes with a HandleCount property exceeding 400, then sorted and formatted to show a table of two columns. These objects are treated like records, and can be output to various formats besides text, such as an Excel spreadsheet.

Other notables: In addition to the standard input, output, and error steams, there can be additional streams used by cmdlets such as for verbose mode, progress status, and debug mode. Drives can not just be mapped to the filesystem, but also to other heirarchies like the registry database. The scripting language is designed to be as powerful as Perl, as it includes typed variables, functions, property accessors and method calls, and associative arrays."

and then the bad:

"The Bad

The new shell, as it stands now, is not very usable as a routine interactive shell, so, at least in this build, you'll gravitate back to the familiarity and simplicity of cmd.exe.

Monad is not quite a superset of the XP cmd shell. You can execute traditional commands as before, but the built-in commands all behave different. For example, in the most basic of operations, listing the current directory (ie, typing "dir") produces the directory contents but in user-unfriendly manner. I sure hope that the new shell undergoes usability testing, since the new shell syntax is unfamiliar and does require learning."

The shell sounds like its a bit green and needs more testing and features but it sounds like Windows could finally be getting a "real" shell like bash, ksh, csh available on Unix / Linux. Keep an eye out on progress on monad it could be useful for oracle security auditors.