My question is, what is the effect that this does on the linux box?
The effect is that any and all tools that will *only* look for a path using this /proc entry will not find the binary. If /sbin is in the path they'll find it. Else they could piggy-back their module onto another one. Else they could introduce a custom modutils package.
Is this a recommended thing to do?
No, because of the above. If you take away the CAP_SYS_MODULE capability not even the root account user will be able to load modules. Look for 'lcap' (system-wide) or the GRSecurity kernel patch (more granular control over a cornucopia of things). I don't know if taking away capabilities is in the LSM framework.
Is this something that a hacker can undo once they are in the server?
Only if they're able to elevate their privileges to a point where they can do something useful.
That being said, suckit isn't an lkm rootkit. It works by writing to /dev/kmem.
Again the GRSecurity kernel patch will help by denying writing to /dev/kmem. Note this might break some applications on Desktops though.
do a full re-install from trusted media
I second that, and if you didn't disconnect the box from the 'net I would urge you to do so now. Before you re-install, have a quick look at possible means of entry (services *and* user accounts) and save your authentication databases and logfiles for later perusal. After you've re-installed please make sure you choose different passwords for all accounts and harden the box before you put it back on the 'net. Please check out the LQ FAQ: Security references