UnixServerAdmin

Server Administration & Management

How to secure /tmp directory

Step 1: Backup your /etc/fstab file

# cp /etc/fstab /etc/fstab.bak

Step 2: Make a 3GB file for /tmp parition and an ext3 filesystem for tmp:

# dd if=/dev/zero of=/var/tempFS bs=1024 count=3072000 /sbin/mkfs.ext3 /var/tempFS

*Change the count= to something higher if you need more space*

Step 3: Create a backup copy of your current /tmp drive:

# cp -Rpf /tmp /tmpbackup

Step 4: Mount our new tmp parition and change permissions

# mount -o loop,noexec,nosuid,rw /var/tempFS /tmp

# chmod 1777 /tmp

Step 5: Copy the old data

# cp -Rpf /tmpbackup/* /tmp/

* If your /tmp was empty earlier, you might get this error : cp: cannot stat `/tmp.bak/*’: No such file or directory

Step 6: Edit /etc/fstab and add this

# vi /etc/fstab

And ADD this line:

/var/tempFS /    tmp    ext3    loop,nosuid,noexec,rw    0    0

Step 7: Test your fstab entry

# mount -o remount /tmp

Step 8: Verify that your /tmp mount is working

# df -h

Should look something like this

/var/tempFS           962M   18M  896M   2% /tmp

———————————————————————————————————-

Secure /var/tmp

Step 1: Use /tmp as /var/tmp

# mv /var/tmp /var/vartmp

# ln -s /tmp /var/tmp

Step 2: Copy the old data back

# cp /var/vartmp/* /tmp/

* If your /var/tmp was empty earlier, you might get this error : cp: cannot stat `/var/vartmp/*’: No such file or directory

———————————————————————————————————-

Secure /dev/shm

Step 1: Edit your /etc/fstab

# vi /etc/fstab

Locate: none /dev/shm tmpfs defaults,rw 0 0

Change it to: none /dev/shm tmpfs defaults,nosuid,noexec,rw 0 0

Step 2: Remount /dev/shm

# mount -o remount /dev/shm

You should restart services that uses /tmp partition

———————————————————————————————————-

For cPanel

# /scripts/securetmp

April 20, 2011 - Posted by | cPanel, Security, Tips & Tricks | , , ,

4 Comments »

  1. Thanks for spending some time to line this all out for people like us. This particular blog post was in fact extremely helpful in my opinion.

    Comment by Christopher Nissen | June 15, 2011 | Reply

  2. Thank you for taking a few minutes to line all this out for people. This article has been incredibly useful to me.

    Comment by Valeri Spice | June 15, 2011 | Reply

  3. Please continue to write regarding this subject. Presently there is usually a higher demand than you may expect for this form of information and assistance. Everything you share is useful to the individual that is seeking the thoughts that you’ve put together.

    Comment by clean water | June 15, 2011 | Reply

  4. I had been seriously looking for anything about this topic and your blogging completely matches my present needs. Will you please blog much more along these lines? Viewers must discover this information and the sort of impartial judgment that you bring to the table.

    Comment by clean water | June 16, 2011 | Reply


Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

« Previous | Next »

%d bloggers like this: