This site is hosted and sponsored by hyve.com specialists in Cloud Hosting UK and VMware Hosting. If you are interested in our services please call us for chat on 0800 612 2524

How to Secure tmp, /dev/shm and /var/tmp folders to stop upload flood hacks/root kit via php injections#

Secure /tmp folder#

• Create 2000MB file for our /tmp partition space

 dd if=/dev/zero of=/var/tmpMount bs=1024 count=2000000

OR

• Create 1000MB file for our /tmp partition space

 dd if=/dev/zero of=/var/tmpMount bs=1024 count=1000000

 mkfs.ext3 /var/tmpMount

• choose y
• Make an extended filesystem for our tmpMount file
• Backup /tmp folder

 cp -R /tmp /tmpbak

• Mount the new /tmp filesystem with noexec

 mount -o loop,noexec,nosuid,rw /var/tmpMount /tmp

 chmod 1777 /tmp

• Copy everything back to new /tmp and remove backup

 cp -R /tmpbak/* /tmp/

 rm -rf /tmpbak

• Edit fstab so it mounts on reboot

 vi /etc/fstab

LABEL=/boot             /boot                   ext3    defaults        1 2
tmpfs                   /dev/shm                tmpfs   defaults        0 0
devpts                  /dev/pts                devpts  gid=5,mode=620  0 0
sysfs                   /sys                    sysfs   defaults        0 0
proc                    /proc                   proc    defaults        0 0
/dev/VolGroup00/LogVol01 swap                    swap    defaults        0 0

• Add the following to fstab

 /var/tmpMount             /tmp                    ext2    loop,noexec,nosuid,rw 0 0

• Save

:qw

• /tmp is now mounted as noexec. Permission denied when executed

Secure /var/tmp folder#

• Rename /var/tmp and create a symbolic link to /tmp

mv /var/tmp /var/tmpbak

ln -s /tmp /var/tmp

cp -R /var/tmpbak/* /tmp/

rm -rf /var/tmpbak

Secure /dev/shm folder#

• Ensure that /dev/shm has noexec by editing fstab

tmpfs                   /dev/shm                tmpfs   defaults,nosuid,noexec,rw 0 0

mount -o remount /dev/shm

Back to linux