How to secure /tmp if we didn't partition /tmp when installed CentOS. Also, secure /dev/shm to protect rootkits.

1. Secure /tmp partition

1.1: Backup your fstab file

cp /etc/fstab /etc/fstab.bak

1.2: Creating tmpMnt partition file (~ 1Gb in size)

cd /var
dd if=/dev/zero of=tmpMnt bs=1024 count=1048576

1.3: Format new partition

mkfs.ext3 -j /var/tmpMnt

It will show

/var/tmpMnt is not a block special device.
Proceed anyway? (y,n)

Just press Y

1.4: Making backup of old /tmp

cp -Rp /tmp /tmp_backup

1.5: Mount the tmp filesystem

mount -o loop,noexec,nosuid,rw /var/tmpMnt /tmp

1.6: Set the right permissions

chmod 0777 /tmp

1.7: Copy the files back to new tmp folder

cp -Rp /tmp_backup/* /tmp/

1.8: Adding new /tmp filesystem to fstab

echo “/var/tmpMnt /tmp ext3 loop,rw,noexec,nosuid,nodev 0 0″ >> /etc/fstab

1.9: No need for 2 tmp partitions, so we symlink /var/tmp to /tmp

rm -rf /var/tmp/
ln -s /tmp/ /var/tmp

2: Secure /dev/shm

To stop rootkits to run in /dev/shm, You should secure it.

2.1: Edit your /etc/fstab:

nano -w /etc/fstab

2.2: Change

tmpfs    /dev/shm     tmpfs   defaults   0 0

to

tmpfs    /dev/shm     tmpfs   defaults,nosuid,noexec   0 0

2.3: Remount /dev/shm:

mount -o remount /dev/shm

Note : CentOS 5.5 - 64 bits

Source : http://sysadmingear.blogspot.com/2007/10/how-to-secure-tmp-and-devshm-partition.html