mmmhkay let me add my babbling =) IMHO, one of the best solutions to have *good* security on a box is someone watching its logfiles and maybe have running a network traffic analyzer. I do have a box on the internet, and I do have a few users on it (basically, I give away shells, sometimes, for those poor ppl that are stuck with a dialup connection), and there were few attempts to root my box. Neverthless, every single try to root the box was defended either by myself watching the culprit, or by my co-admin. If you have a trustworthy coadmin that can keep an eye on your box while you cannot (work, school, whatever..), that might be worth more then spending 100'000 bucks on the latest stateful firewall (and another 30k to train your network engineers on it). Also, I found it very crucial to be careful about *who is granted shell access. If you dont run many services on your box, surely no portmapper or suchlike, then your chance of getting rooted has already reduced by an order of magnitude. Infact, almost all the root attempts I had came from local users. The very first time one of my boxen got rooted was because I like gave out an account. It took them dudes like 45 seconds to gain root (rootcron.sh on a SuSE 6.2....h0h0h0!). But like, because I was using the elite "w" command, I was instantly able to spot that there were two logins from different IPs to the account I gave out, so a lill "shutdown", followed by a reinstall from trusted media solved my problem ;-) So, as for a conclusion: 1) get a trustworthy co-admin 2) be careful about who gets shell accounts on your box NB: I like to thank Marc from SuSE (I think it was him, correct me if Im wrong =) for auditing the SuSE version of wu-ftpd! Cheers Chris Burri jun. Systems- & Network Engineer Synecta Informatik AG Zwinglistrasse 3 9000 St. Gallen Switzerland .-. /v\ L I N U X // \\ >Phear the Penguin< /( )\ ^^-^^