2) Is there any reason why an "attacker?!?!" would move /var/log/httpd to /home/log/httpd and then chmod the dir (other than to kill apache)? This seems like it may have happened on one of our boxes that is totally up-to-date on patches and only server admins have root accounts. A very strange situation!
This is the normal/default setup on every RaQ I've seen (no 550 to check against at the moment though)... the httpd log dir is placed under /home to prevent the /var partition from filling up too quickly.
3) Is it possible to force packages to install from the CLI?!?! , I wish to do some testing on a spare box with unofficial (and even official non-stable) pkgs and as some are not 100% compatible with my hardware (testing on a RAQ4 /550 i386) I would like to force some of them to install even if it doesn’t like them.
The only surefire way is to open the PKG and manually install the patches/RPMs contained within. I haven't looked at the 550 PKG format in quite a while, but I don't believe there is a "force" option...