The version of curl that's on my DirectAdmin-based VPS is in /usr/local/bin and isn't owned by any rpm. This leads me to believe it's there as part of DirectAdmin. I was planning to "chmod go-rx" the file to remove one avenue of use by a hacker, but it's owned by root and I wonder if that would prevent DA from being able to use it. The directadmin daemons run as "nobody" so it seems likely I'd break something by doing that. In any case, is this technique really useful any longer as part of a layered defense?