When "high" security is selected, would it be a good idea to drop many of the suid bits on programs like ping, traceroute, passwd, chsh, etc...for example /usr/sbin/usernetctl IMHO should not be availible for anyone on a high-security server...network configuration should be taken care of on boot and that's it =) -dwild