Regarding /tmp: One of the things I normally do is mount /tmp "noexec". This can stop a lot of malware that dumps files in /tmp and tries to execute them. It's obviously not foolproof, but it's a useful extra bit of hardening. The downside is that some software installers unpack stuff into /tmp and try to execute it. OpenOffice is a big culprit in this regard. :-( (Of course, you won't normally install OO on a server...) Regards, David.