re locking down ubuntu

[Peter Harmsen]

You could patch your kernel with grsecurity.
During kernel config you can assign group ID's for "no socks","no
client socks", "no server socks" and last but not least trusted path.

I think trusted path is what you are looking for. Adding users to the
trustedpath group prevents them from running anything that's not in a
proper install directory. So executing from home directories,/tmp, is
prohibited.

You could add root to the nosocks group so anything with root
credential is denied internet access.

Furthermore you can install libpam_umask and libpam_tmpdir to enforce
a umask of 077 (owner access only) amognst other things.

If anyone things it might benefit i'm willing to write a howto.

-- 
I have made this letter longer than usual, because i lack the time to
make it short.