I just spent a painful hour with my osteopath. He sure does know how to inflict some serious pain, and I'm not even allowed to get even!

At least he managed to get my neck in order, but I'm sure I manage to mess it up during the flight down to Australia. I'll spens 23.5 hours in the air, if everything goes accoring to plan.

Luckily I'll have good company, my iPod and people serving me drinks, so it should be bearable.

On Friday I'm leaving the cold, dark and snowy Stockholm, together with my girlfriend, two of our friends and their two year old son. We're heading to Australia for almost a month, to pester some of our friends, and see if what Christmas looks like without snow.

We're going to keep a travel diary at http://jroller.com/page/oztrip so that you can follow the trip, and watch how we go from pale white, to hot pink, and hopefully finally to a light tan.

I just got an email from (ISC)2 saying that I passed my CISSP exam, so now I just have to send in my endorsement form, and it should get my certification.

I'm happy I passed, as I don't fancy reading the prep book again. It was a real brick, actually, like a pile of bricks. Some 1000+ pages, but it also covered the ISSEP exam.

The exam wasn't too hard, as I've covered most of the 10 security domain in my job over the last 10+ years. I thought some of the questions were a bit too much US centric though. Luckily for me, I've spent most of my career working for Sun

Have you ever wanted to restrict what processes users can see?

Restricting what files and directories users can access is simple, just run chmod 700 on a directory and no one but the owner can access it.

Now you can restrict processes in a similar way, by changing the file /etc/security/policy.conf, and replace the line #PRIV_DEFAULT=basic with PRIV_DEFAULT=basic,!proc_info. This will remove the proc_info privilege from all users, and only allow them to view their own processes.

This is how the process list looks after the change

$ ps -ef
     UID   PID  PPID   C    STIME TTY         TIME CMD
    test  8605  8568   0 10:44:01 pts/2       0:00 -sh
    test  8609  8605   0 10:44:03 pts/2       0:00 ps -ef

Note that this might break any process monitoring scripts you have running as a unprivileged user. To fix this you have to assign the profile Process Management to the user, or create your own profile, as Process Management also gives the user the possibility to stop any process.

Another way to do this is to create an entry in /etc/user_attr for each user who should be restricted, and set the default privilege for the user to basic,!proc_info. This can be done using the usermod program, e.g. usermod -K defaultpriv='basic,!proc_info' test

...makes Martin a dull boy!

I've been back from my three week trip to the Bay Area for quite some time, but as I'm leaving for a one month vacation on Friday the 10th, I've been working like crazy the last months.

The problem with being away for so long is that I have to make sure everything works smoothly while I'm away, as no one will be doing my job while I'm away.

This has caused my pet project to stall, but when I get back I'll hopefully be able to start working on it again (after cleaning up my inbox)