A good place to start would be to find what SUID and SGID files you have. This can be done in a number of ways, but I use two find commands and redirect the output to files like so:
find / -perm -4000 -print > ~/SUIDS find / -perm -2000 -print > ~/SGIDS
This will give you two files with Set User ID and Set Group ID files listed within.
Now you may want to take these Set ID bits off these files, the ones I take off are as follows: (keep in mind this is for a system that runs no servers, and that there is probably some functionality I may have broken here but never use)
Set Group IDs to remove
chmod -R g-s /var/mailman/ chmod g-s /var/spool/slrnpull/out.going chmod g-s /var/ftp/pub chmod g-s /usr/bin/{wall,write,kdesud,slrnpull,cu,uuname} chmod g-s /usr/sbin/{utempter,uucico,uuxqt} chmod g-s /sbin/netreport
Set User ID's to remove (be careful!)
chmod u-s /usr/bin/{suidperl,sperl5.6.1,chage,gpasswd,at,kon} chmod u-s /usr/bin/{newvc,chfn,chsh,newgrp,crontab,lppasswd} chmod u-s /usr/bin/{kcheckpass,ssh,rcp,rlogin,rsh,inndstart} chmod u-s /usr/bin/{rnews,startinnfeed,sudo,nwsfind,uucp,cu} chmod u-s /usr/bin/{uuname,uustat,uux} chmod u-s /usr/lib/mc/bin/cons.saver chmod -R u-s /usr/lib/amanda/ chmod u-s /usr/sbin/{ping6,traceroute6,sendmail.sendmail,usernetctl} chmod u-s /usr/sbin/{userhelper,traceroute,suexec,amcheck,uucico,uuxqt} chmod u-s /bin/ping chmod u-s /sbin/{pwdb_chkpwd,unix_chkpwd,cardctl}