Sounds like you are being very thorough in your security. If you want to add another layer of defense, you can change your Apache config to forbid download of the passwd file.
If your /etc/passwd file was really downloaded, it is conceivable a password could be cracked, but you limit connections to just a couple of addresses. If I were in your place, I wouldn't be too worried about this message, but I'd take measures to make sure my passwd file was not downloadable. Best, Aleksey -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
