All these suggestions are very good, but IMHO, more work than
they're worth. I think a better way to do this, from a business
point of view, is to make sure you don't have anything but shell
users on that machine: mail, www, etc. should all be running on
other machines that users don't log in to. Users that want their
mail on the shell machine can have it forwarded from the pop3
server. If they want websites on the shell machine, they can use
a shell.mydom.com URL rather than www.mydom.com. And so on. Also
inform the users that the machine is much more subject to attack,
and is not backed up.

You can, of course, implement as many of the other suggestions
given here as you like, but this way you don't have to worry so
much about it, because a successful attack on the machine is
relatively cheap to fix: wipe it, do a fresh install, and restore
from your minimal set of backups (almost all stuff in /etc, such
as master.passwd, rc.conf, and so on).

(Oh, make sure you do have the machine on a switch or scrambling
hub so that if someone does somehow manage to get the machine
rebooted with a kernel that can sniff packets, it can't do too much
harm.)

This greatly reduces the cost of securing the damn thing.

cjs

Curt Sampson    cjs@portal.ca	   Info at http://www.portal.ca/
Internet Portal Services, Inc.	   Through infinite mist, software reverberates
Vancouver, BC  (604) 257-9400	   In code possess'd of invisible folly.