I am starting to get into securing things on my box. I have RH 7.0 and applied the security patches for the RH site. I have purchased the book Linux Security Tools. The first chapter talks about pam in the last part of the first chapter. My question is, when do I know when pam is being used for authentication and when is it not. I log in to my machine from work using telnet. Would pam be used for that or some other service. Second question: I am getting messages like : portmap[9271] connect from 202.105.205.141 to dump(): request from unauthorized host portmap[?] connct from 200.221.96.88 to getport(status) request from unauthoriezed host What are these unauthorized people trying to do? I have in my hosts.deny all:all and hosts.allow the only two ip that I would log in from. TIA for all comments John Miller