This will cover securing /tmp /var/tmp and /dev/shm Secure /tmp:
Step 1: Backup your /etc/fstab file
PHP Code:
cp /etc/fstab /etc/fstab.bak
Step 2: Make a 1GB file for /tmp parition and an ext3 filesystem for tmp:
PHP Code:
dd if=/dev/zero of=/var/tempFS bs=1024 count=1000000
/sbin/mkfs.ext3 /var/tempFS
Step 3: Create a backup copy of your current /tmp drive:
PHP Code:
cp -Rpf /tmp /tmpbackup
Step 4: Mount our new tmp parition and change permissions:
PHP Code:
mount -o loop,noexec,nosuid,rw /var/tempFS /tmp
chmod 1777 /tmp
Step 5: Copy the old data:
PHP Code:
cp -Rpf /tmp.bak/* /tmp/
* If your /tmp was empty earlier, you might get this error : cp: cannot stat `/tmp.bak/*’: No such file or directory
Step 6: Edit /etc/fstab and add this:
And ADD this line:
Code:
/var/tempFS /tmp ext3 loop,nosuid,noexec,rw 0 0
Step 7: Test your fstab entry:
Code:
mount -o remount /tmp
Step 8: Verify that your /tmp mount is working:
Should look something like this:
Code:
/var/tempFS 962M 18M 896M 2% /tmp
Secure /var/tmp:
Step 1: Use /tmp as /var/tmp.
Code:
mv /var/tmp /var/vartmp
ln -s /tmp /var/tmp
Step 2: Copy the old data back
Code:
cp /var/vartmp/* /tmp/
* If your /var/tmp was empty earlier, you might get this error : cp: cannot stat `/var/vartmp/*’: No such file or directory
Secure /dev/shm:
Step 1: Edit your /etc/fstab:
Locate:
Code:
none /dev/shm tmpfs defaults,rw 0 0
Change it to:
Code:
none /dev/shm tmpfs defaults,nosuid,noexec,rw 0 0
Step 2: Remount /dev/shm:
Code:
mount -o remount /dev/shm
You should restart services that uses /tmp partition
HOWTO: Secure /tmp
Linear Mode
