ciao Thomas Sjögren, > . Better passwords like using libpam-cracklib and dcredit,ucredit,lcredit,ocredit options and... - send syslog (better syslog-ng) entries to a log-server - chroot LAMP - run nessus against the server - run snort on server - ... (what else?) If he had enough time, he could put your LAMP-server beyond a transparent forwarding-server and log everything. HTH -- /* Paolo Pedaletti,