User account menu

  • Log in
BXTra.net

Breadcrumb

  • Home
  • Articles
  • How to secure /tmp and /dev/shm Partition

How to secure /tmp and /dev/shm Partition

By BXTra | 7:51 PM PDT, Sun August 29, 2010
CentOS

How to secure /tmp if we didn't partition /tmp when installed CentOS. Also, secure /dev/shm to protect rootkits.

1. Secure /tmp partition

1.1: Backup your fstab file

cp /etc/fstab /etc/fstab.bak

1.2: Creating tmpMnt partition file (~ 1Gb in size)

cd /var
dd if=/dev/zero of=tmpMnt bs=1024 count=1048576

1.3: Format new partition

mkfs.ext3 -j /var/tmpMnt

It will show

/var/tmpMnt is not a block special device.
Proceed anyway? (y,n)

Just press Y

1.4: Making backup of old /tmp

cp -Rp /tmp /tmp_backup

1.5: Mount the tmp filesystem

mount -o loop,noexec,nosuid,rw /var/tmpMnt /tmp

1.6: Set the right permissions

chmod 0777 /tmp

1.7: Copy the files back to new tmp folder

cp -Rp /tmp_backup/* /tmp/

1.8: Adding new /tmp filesystem to fstab

echo “/var/tmpMnt /tmp ext3 loop,rw,noexec,nosuid,nodev 0 0″ >> /etc/fstab

1.9: No need for 2 tmp partitions, so we symlink /var/tmp to /tmp

rm -rf /var/tmp/
ln -s /tmp/ /var/tmp

2: Secure /dev/shm

To stop rootkits to run in /dev/shm, You should secure it.

2.1: Edit your /etc/fstab:

nano -w /etc/fstab

2.2: Change

tmpfs    /dev/shm     tmpfs   defaults   0 0

to

tmpfs    /dev/shm     tmpfs   defaults,nosuid,noexec   0 0

2.3: Remount /dev/shm:

mount -o remount /dev/shm

 

Note : CentOS 5.5 - 64 bits

Source : http://sysadmingear.blogspot.com/2007/10/how-to-secure-tmp-and-devshm-partition.html

About text formats
  • No HTML tags allowed.
  • Web page addresses and email addresses turn into links automatically.
  • Lines and paragraphs break automatically.

  • Will the router get the Openvpn as a client option?
    6 years ago
  • cancellation
    6 years 1 month ago
  • Router ASUS RT-N12 D1 tomatoes passwort falsch
    7 years 8 months ago
  • WPS button = 30/30/30 hard reset button
    7 years 9 months ago
  • Save my day!
    8 years 3 months ago
  • How to
    8 years 6 months ago
  • Can i still access my modem (the one with the ISP provided)?
    8 years 6 months ago
  • A saving step!
    8 years 10 months ago
  • Problem with Asus n12e-c1
    8 years 11 months ago
  • don't use Hostgator
    9 years 2 months ago

© 2007 - 2023 BXTra.net. All Rights Reserved. 
Certain other content, photos and artwork displayed on BXTra.net are protected by copyright and are the property of their respective owners.

Privacy Policy