.:Raymond:.
Active Member
Hello,
So here I am again for another tut. This time we are securing /tmp and /dev/shm.
Lets get started.
Part 1 : Securing /tmp
Step 1 : Make a 1GB(Or more) file for /tmp and an ext3 filesystem for tmp
Step 2 : Create a backup copy of your current /tmp drive
Step 3 : Mount our new tmp parition and change permissions
Step 4 : Copy old data
Step 5 : Edit /etc/fstab and add this
Step 6 : Test your fstab entry
Part 2 : Secure /var/tmp
Step 1 : Rename it and create a symbolic link to /tmp
Step 2 : Copy the old data back
Step 3 : Restart services that use the /tmp partion
Part 3 : Securing /dev/shm
Step 1 : Edit your /etc/fstab
change:
"none /dev/shm tmpfs defaults,rw 0 0" to
"none /dev/shm tmpfs defaults,nosuid,noexec,rw 0 0"
Step 2 : Remount /dev/shm
And their you go All done!
*Note* if you have cpanel installed just run /scripts/securetmp in ssh
So here I am again for another tut. This time we are securing /tmp and /dev/shm.
Lets get started.
Part 1 : Securing /tmp
Step 1 : Make a 1GB(Or more) file for /tmp and an ext3 filesystem for tmp
Code:
dd if=/dev/zero of=/dev/tmpFS bs=1024 count=1000000
/sbin/mkfs.ext3 /dev/tmpFS
Step 2 : Create a backup copy of your current /tmp drive
Code:
cp -Rpf /tmp /tmpbackup
Step 3 : Mount our new tmp parition and change permissions
Code:
mount -o loop,noexec,nosuid,rw /dev/tmpFS /tmp
chmod 1777 /tmp
Step 4 : Copy old data
Code:
cp -Rpf /tmpbackup/* /tmp/
Step 5 : Edit /etc/fstab and add this
Code:
/dev/tmpMnt /tmp ext3 loop,nosuid,noexec,rw 0 0
Step 6 : Test your fstab entry
Code:
mount -o remount /tmp
Part 2 : Secure /var/tmp
Step 1 : Rename it and create a symbolic link to /tmp
Code:
mv /var/tmp /var/tmp1
ln -s /tmp /var/tmp
Step 2 : Copy the old data back
Code:
cp /var/tmpold/* /tmp/
Step 3 : Restart services that use the /tmp partion
Part 3 : Securing /dev/shm
Step 1 : Edit your /etc/fstab
Code:
nano /etc/fstab
change:
"none /dev/shm tmpfs defaults,rw 0 0" to
"none /dev/shm tmpfs defaults,nosuid,noexec,rw 0 0"
Step 2 : Remount /dev/shm
Code:
mount -o remount /dev/shm
And their you go All done!
*Note* if you have cpanel installed just run /scripts/securetmp in ssh
Last edited: