Hello, > what package and deamon does the audit of every file executed? if you patch the kernel with GRsecurity - you can turn on logging of executing, sended singals, failed forking, changing date/time, even changing the directory :) www.grsecurity.org all goes to syslog or you can start gradmin - but this is a little different story -- Cheers, Marcin.