You should also consider completely uninstalling anything you're sure you aren't going to use. For example, sendmail is installed setUID root,
Sendmail has not been installed setuid root since 8.12.0.
and has had a history of security problems.
That bit's true though.
> This means that if an
attacker can get access as a normal user, and is aware of a vulnerability in sendmail that you haven't patched yet, then he or she may be able to use sendmail to get root privileges.
Even though sendmail isn't setuid root any longer, a hole there could be exploited, perhaps in conjunction with a separate "local root exploit" so it's generally good advice to remove everything you're not actually using.
Bear in mind though that you may actually need sendmail or an equivalent program to send mail from your machine (e.g. output from cron jobs to be delivered locally to you) even if you're not running your own mail server.
Cheers, Paul.
