Monthly Archives: December 2010

OS X: Change google Chrome to Search .co.uk instead of .com


I’ve just gotten around to solving this little niggle; having google search google.com by default instead of google.co.uk was one of those little annoyances that I was just living with.

Today I found a solution on Chrome Bug 1521 on Comment 39

- Quit Chrome
- Open ~/Library/Application Support/Google/Chrome/Local State in your favorite text editor.
- Search for the strings ‘last_known_google_url’ and ‘last_prompted_google_url’ adn replace their values to your preferred Google base URL (e.g. www.google.com)
- Save and start chrome back up.

Yep, that works!

Cisco: Uninstalling the CSD ActiveX Control

I’m installing Cisco Secure Desktop (CSD) for a customer and needed to re-test the installation process. Within internet explorer’s (IE Version 7 & 8 ) managed add-on feature, I noticed that the CSD ActiveX Control doesn’t have an uninstall feature.

To remove the control I had to close IE, browse to…

C:\Windows\Downloaded Program Files

..and remove the following files..

CSDWebInstaller.inf
CSDWebInstaller.ocx

When re-starting IE the control was gone and I could test the re-install, I hope this helps some other googler! :cool:

SELINUX and OSSEC IPTables error

OSSEC is my favourite linux HIDS however now that I’m running a SELINUX secured web server I noticed that my active responses were not working after a reboot.

After enabling SELINUX, I started getting alerts about the following problem in my messages file….

Nov 11 12:16:22 amy kernel: type=1400 audit(1289477782.569:8): avc:  denied  { read write } for  pid=2551 comm="iptables" path="socket:[5261]" dev=sockfs ino=5261 scontext=system_u:system_r:iptables_t:s0 tcontext=system_u:system_r:initrc_t:s0 tclass=unix_dgram_socket

This appears to be ossec trying to update iptables, but failing as they’re in different contexts… now I’m no selinx expert but this CentOS Wiki Page helped… run the following command which will create osseciptables.pp in the current directtory…

root@amy# grep iptable /var/log/messages | audit2allow -M osseciptables

This creates a new binary module that can be installed with….

/usr/sbin/semodule -i osseciptables.pp

You can view current selinux modules with …

/usr/sbin/semodule -l

If you want to see what is being created by audit to allow, try the following…

root@amy# grep iptable /var/log/messages | audit2allow -m osseciptables

module osseciptables 1.0;

require {
        type iptables_t;
        type initrc_t;
        class unix_dgram_socket { read write };
}

#============= iptables_t ==============
allow iptables_t initrc_t:unix_dgram_socket { read write };
root@amy#

I hope this helps some future googler!

Cisco ASA – First steps to a Check Point Style Policy

I’ve just spotted this in the Cisco ASA 8.3 release notes

You can now configure access rules that are applied globally, as well as access rules that are applied to an interface. If the configuration specifies both a global access policy and interface-specific access policies, the interface-specific policies are evaluated before the global policy.

The following command was modified: access-group global

For users/companies which have migrated from Check Point to Cisco (usually to save on licensing fees), getting their head around a new interface level policy rather than a system (global) level is usually a bit of a challenge.

I’m looking forward to seeing if this really helps with policy migrations!