Additional recommendation: If it doesn't break your scripts also remove ed, uu[encode/decode], dd, etc. Mount every filesystem you can noexec, and mount those you can't from read-only media. While these steps make administering the machine somewhat more difficult, they also make executing unauthorized code on that machine quite difficult.
z Question for all: > Third, before placing the machine in the DMZ, we always > uninstall all the text editors (VI, EMACS, etc.). This way > even if the box is hacked, they have a LOT of work in front > of them to actually DO anything to it. (Can you imagine > having to run "ed" on the httpd.conf or html pages?) We also > uninstall any compilers and browsers as well (gcc, lynx, etc.).
