Wheee. This is fun. I started working on a secure logging machine paper. It's probably way overkill considering my lack of experience in the area but I am going to try some of the ideas when I get another machine (which could be quite a while from now). My naivity would be readily apparent to any experienced systems administrator if he/she were to read my beginning of the paper but it's fun because I'm getting down a few ideas. They're my ideas that are largely unaffected by the outside world. We shall see how much work I have to do yet.
I'm really starting to gain an interest in security. I am trying so hard to learn C past printf(). ;) It's not easy for me because I have a hard time remembering what I read. I used to be so good at reading/comprehension...something went wrong a long time ago and it just isn't so anymore. =(
But anyway, I just want to audit code for a while and see what I can pick up on just by reading full (not just partial clippings) code examples of bad and good code side by side. I am finally beginning my security approaches on my server because I think it's time I start using some of the things I keep talking about to other people or I just think about.
Oh and since it's pretty much a dead issue now I figure I'll go ahead and paste my codered scan count. =)
[carl@carbon]$ grep default.ida access_log.* | wc -l
1903
[carl@carbon]$ grep default.ida access_log.* | awk '{print
$1}' | sort -u | wc -l
1247
They're both from the same IP.