In the security realm Windows operating systems are not the only platform of choice. Unix operating systems are usually the platform of choice by security practitioners for a wide range of tasks. Knowing many of you do not have computers that can support both a Unix and Windows environment simultaneously you are going to use a Unix environment in the ALIAS lab and a scripting environment on a Windows platform.

For this lab you will need administrator access to a computer so you can successfully load the software packages. There are two parts to the lab. The first part involves basic Unix familiarity. The second entails some Shell/Script programminghint: get started early.

Basic steps to accomplish this lab:

Go to the lab and access your Unix Virtual Machine

Once logged on explore the Unix OS, becoming acquainted with the version and utilities it offers.

As a minimum cover the following areas in the lab report :

What OS variant is the Unix Virtual Machine

What is the basic IP configuration?

Can you access the internet? How?

How does the OS compare to the OS you use on a daily basis?

Are there any scripting tools present?

Now on your home system (or the virtual Windows OS in ALIAS) download and install a scripting environment of your choice, or use the resident scripting language.

For the last phase of this lab you are to write a script that analyzes the events in your windows System Security Log. To make the lab easier export your security log entries to a CSV file which will be used by the script to perform the analysis. The script should count the number of success and failure audits logged, provide the count associated with each, and the most common event ID.

The name of the program you write should be AuditCount. It should be invoked by simply typing its name with no parameters. The CSV file should also be in the directory that the AuditCount script executes from. Prove your script is working correctly by cross correlating with output from a common spreadsheet program.

The output for the script should be in the following format:

Number of Audit Failures: 2469 failures of 19247 entries

Most common Event ID: 5038

Number of Audit Successes: 16778 successes of 19247 entries

Most common Event ID: 4624