if we can get away from the 'no editors or software management tools' subject for a bit and get back to the real question, i would like to offer a good link and some general advice.
ISTR this being a RedHat box. as such, a great link to review is: http://www.linuxdoc.org/LDP/solrhe/Securing-Optimizing-Linux-RH-Edition-v1.3/ secondly, the advice. people often say "remove unneeded services" and the like. ok, what's unneeded? what's needed? i want, say, a workstation. what do i need to run a workstation? most users don't know where to get the information on what's a service, what's needed and what's not. the quip "remove unneeded services" is, while true, insufficient. some ideas: use lsof or netstat -p to show you what processes are listening on ports. in general, if you don't know what it does, remove it. read the manpage, get an idea of what it does, and evaluate it in terms of what you want the system to do. as for setuid and setgid executables, a good rule of thumb is 'why the heck does just anyone need to be able to do that?' su, for example. remove world executable bits (chmod o-rwx) on those, including ping and the like. you'll go a long way towards locking down a shell box with untrusted users. these are just some ideas to keep in mind, and i hope they help. ____________________________ jose nazario [EMAIL PROTECTED] PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80 PGP key ID 0xFD37F4E5 (pgp.mit.edu)
