Secure /tmp – /var/tmp And /shm Directories On CentOS Linux February 23, 2011Posted by Tournas Dimitrios in Linux.
Keep you server clean of rookits is a good idea to get a good security level. A sys-administrator can create a separate partition for /tmp and mount it with noexec and nosuid parameters. And to do it is not necessary to reboot or repartition your drive.
First step : Securing /tmp :
- Make a 1GB file for /tmp and parition and an ext3 filesystem for tmp:
# dd if=/dev/zero of=/dev/tmpFS bs=1024 count=1000000
# /sbin/mkfs.ext3 /dev/tmpFS
- Create a backup copy of your current /tmp drive:
# cp -Rpf /tmp /tmpbackup
- Mount our new tmp parition and change permissions:
# mount -o loop,noexec,nosuid,rw /dev/tmpFS /tmp
# chmod 1777 /tmp
- Copy the old data:
cp -Rpf /tmpbackup/.* /tmp/ (note the dot)
- Edit /etc/fstab and add this:
/dev/tmpMnt /tmp ext3 loop,nosuid,noexec,rw 0 0
- Test your fstab entry:
# mount -o remount /tmp
- Run a script on /tmp partition , if you get “permission denied” it is fine
Second step : Securing /var/tmp : It should be done because some applications use /var/tmp as the temporary folder, and anything that’s accessible by all, needs to be secured.
- Rename it and create a symbolic link to /tmp:
# mv /var/tmp /var/tmp1
# ln -s /tmp /var/tmp
- Copy the old data back:
# cp /var/tmpold/* /tmp/
- Restart all services that uses /tmp partition (Appache , Ftp …)
Third step : Securing /dev/shm : To get all the work well done, you should secure /dev/shm to stop rootkits running here.
/dev/shm is an implementation of traditional shared memory concept. It is an efficient means of passing data between programs. One program will create a memory portion, which other processes (if permitted) can access. This will result into speeding up things on Linux. shm / shmfs is also known as tmpfs, which is a common name for a temporary file storage facility on many Unix-like operating systems. It is intended to appear as a mounted file system, but one which uses virtual memory instead of a persistent storage device.
- Edit your /etc/fstab:
“none /dev/shm tmpfs defaults,rw 0 0” to
“none /dev/shm tmpfs defaults,nosuid,noexec,rw 0 0”
- Remount /dev/shm:
# mount -o remount /dev/shm