A trivial but useful tip for helping thwart the script kiddie.

Have your users tmp directory set to ~/.tmp or related to help keep /tmp clean. This is just housecleaning. In /etc/profile, export TMP=~/.tmp Now make /tmp a separate partition. The mount flags for it should be similar to this list: "noexec,nosuid,nodev,
rw,auto,async"
It is also a good idea to enforce quotas on this partition the options used prevent execution of any files stored, prevent suid operation, no special files, i.e. The kind found in /dev, allows it to be readwrite, auto mounted on boot, and the default asynchronous write operations. Therefore no more /tmp/.sh which is a suid shell created by an exploit.