Find

find /  -path /proc -prune -o -type f \( -perm -4000 -o -perm -2000 \) -exec ls -l {} \;

Unset UID

chmod u-s /path/to/binary_file

Unset GID

chmod g-s /path/to/binary_file

find / -path /proc -prune -o -perm -2 ! -type l –ls

Block execution of programs, device files or setuid bit

/dev/sda5 	 /nas          ext4    defaults,nosuid,nodev,noexec 1 2

To prevent privilege-escalation and arbitrary script execution create a separate partition for /tmp and mount it as nosuid, nodev and noexec.

/dev/sda6  	/tmp         ext4    defaults,nosuid,nodev,noexec 0 0

# systemctl mask ctrl-alt-del.target