I'm taking my machine onto a network later today, but this is a very secure network. I need to ensure that there is no form of IRC connection leaving my machine, as if anything leaves, it will be detected and my machine will become useless on the network. Can somebody advise me on the best way to audit the whole machine and remove any form of IRC which might pop out of my interface?

I've checked netstat... nothing
I've remove all irc references from /etc/services

What else should I check?

This file only serves documentation purposes for you and for programs such as netstat, etc. You've actually made it a bit harder for you to detect an IRC connection by doing this. Your changes have no effect on the box's security, revert them if possible.

In the situation you describe, I would suggest you simply tighten-up your host's firewall regarding outgoing traffic, to make sure no IRC traffic sneaks out. Granted, there really shouldn't be any IRC traffic sneaking out in the first place if you aren't using IRC, but well it's additional peace of mind.

First, ask yourself what is the traffic you *need* to be able to leave your box. Then, set your firewall to only allow those types of packets. For example, let's say you only needed to be able to surf the Web. This would mean you want to allow outgoing DNS, HTTP, and HTTPS packets. Your setup could look like:The last line will give you a heads-up if any unwanted packets were filtered while trying to leave the box (you'll need to monitor syslog in order to see). I don't know how familiar you are with iptables, so if you have any questions please let us know. If you could post your current iptables setup when you reply it would be great:Also, what distro are you using?

A book on Linux?