…Details…

Icon

Thoughts that's escape, only details.

Securing “tmp” without repartition

1. First you should secure /tmp:

Make a 1GB file for /tmp parition and an ext3 filesystem for tmp:

# dd if=/dev/zero of=/dev/tmpFS bs=1024 count=1000000
# /sbin/mkfs.ext3 /dev/tmpFS

Create a backup copy of your current /tmp drive:

# cp -Rpf /tmp /tmpbackup

Mount our new tmp parition and change permissions:

# mount -o loop,noexec,nosuid,rw /dev/tmpFS /tmp
# chmod 1777 /tmp

Copy the old data:
cp -Rpf /tmpbackup/* /tmp/

If you run the mount command and you should get something like this:
/dev/tmpMnt on /tmp type ext3 (rw,noexec,nosuid,loop=/dev/loop0)

Edit /etc/fstab and add this:

/dev/tmpMnt /tmp ext3 loop,nosuid,noexec,rw 0 0

Test your fstab entry:

# mount -o remount /tmp

You can test it runnig a script on /tmp partition, if you get “permission denied” it is fine :)

2. Secure /var/tmp:

It should be done because some applications use /var/tmp as the temporary folder, and anything that’s accessible by all, needs to be secured.

Rename it and create a symbolic link to /tmp:

# mv /var/tmp /var/tmp1
# ln -s /tmp /var/tmp

Copy the old data back:

# cp /var/tmpold/* /tmp/

Note: you should restart and services that uses /tmp partition

Category: Linux

Tagged: , , , ,

Leave a Reply

You must be logged in to post a comment.

Archive