Question:

1. How can I monitor if script kiddies are putting stuff into these world writable directories?

2. Is there a way to prevent any script kiddies from accessing these directories? Most of the time, the script kiddies will launch IRC server (using user nobody) which does nothing because my firewall block all ports except for authorized ports.

I also read somewhere when I google that use some watch program to monitor the directories but was unable to download the source.

Some other info.
- Slackware v10.1, kernel v2.4.29
- both directory are not in separate partition, so cannot use noexec, nosuid, nodev. Anyway according to some expert these are not enuff.
- I have chkrookit and rkhunter to check for any trojan.

If you don't want world writable directories, you don't need them.

Set environment variable TMPDIR to $HOME/tmp for all users in /etc/bash.bashrc (or whatever your system uses) and you can chmod 755 /tmp /var/tmp.

R.

If I removed the writable for group and world, will the system still function properly?

I saw tmp files created by some other valid programs, eg. php session files, antivirus tmp dir, webmin, etc.

Well, my advice is to go ahead with it - do it and then check if everything works.
You can change configuration of PHP, antivirus, webmin to store their temporary files in other locations, writable only by their respective users.
I think it's worth the work anyway.