Linux-Noob Forums

Full Version: Securing your /tmp directory
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

Securing your /tmp directory could save you from an un-updated PHP script, where someone attempts to write an executable program with malicous code too.

 

I AM NOT RESPONSIBLE FOR ANY PROBLEMS THIS MAY CAUSE


 

that being said, lets get to it:

 



Code:
cd /dev




 

Create 500MB file for our /tmp partition. If you need more space, make count size larger.

 



Code:
dd if=/dev/zero of=tmpMnt bs=1024 count=500000




 

Make an extended filesystem for our tmpMnt file

 



Code:
/sbin/mke2fs /dev/tmpMnt




 

Backup your /tmp dir- I had mysql.sock file that I needed to recreate the symbolic link for. Other programs may use it to store cache files or whatever.

 



Code:
cd /




 



Code:
cp -pR /tmp /tmp_backup




 

Mount the new /tmp filesystem with noexec

 



Code:
mount -o loop,noexec,nosuid,rw /dev/tmpMnt /tmp




 



Code:
chmod 0777 /tmp




 

Copy everything back to new /tmp and remove backup

 



Code:
cp -pR /tmp_backup/* /tmp/




 

Now we need to add this to fstab so it mounts automatically on reboots.

 



Code:
pico -w /etc/fstab




 

You should see something like this:

 

 

Code:
/dev/hda3