<blockquote>Other protections are to have a minimalist install of the system, removing or not installing in the first place as much software as you can,</blockquote>
This is a Unix old wives' tale, not real security. What you should uninstall (and restrict) are programs that are SUID/SGID. A non-priv program nothing runs setting on system system is no threat to anybody.
Only the most amateur script kiddie would be slowed down by not having their favourite shell/compiler/etc. installed. Everyone competent can easily drop-in any binaries they want.
Biting the hand that feeds IT
