Before securing the tmp directories, we need to understand the importance of securing
it and why we are doing this. As you know that most of the application uses /tmp
directory for storing data temporarily. So this directory can be used by rootkits,
trojans if it’s not secured properly.These are steps to secure temp directories (/tmp,
/var/tmp, /dev/shm).
We’re going to secure temp direcotries with noexec,nosuid paramaters. Before that we
need to find out whether /tmp directories are already secured. You can check this by
executing the command mount and also checking the fstab entries.
Securing /tmp
-----------------
First we need to take a backup of your present fstab entries so that if anything goes
wrong we can change it back to the old configuration.
cp -p /etc/fstab /etc/fstab_bkp
Create a separate partition for /tmp. For that we need to create a separate device with
a certain space. The space allocation is actually depending on the apps running on your
machine. Here I’m creating a separate device of size 100M and formatting it with ext3
filesystem.
dd if=/dev/zero of=/dev/tmpFS bs=1024 count=100000
mke2fs –j /dev/tmpFS
Copying existing data which is in the /tmp directory to a sperate temporary directory.
cp –pRf /tmp /tmp_bkp
Mounting the new partition that we’ve created in the /tmp directory and setting the
necessary permissions.
mount -o loop,noexec,nosuid,rw /dev/tmpFS /tmp
chmod 1777 /tmp
Copy the old data which is int /tmp_bkp directory to the new /tmp directory.
cp –pRf /tmp_bkp/* /tmp
Finally add the following entry to the fstab to make the changes permanent.
/dev/tmpFS /tmp ext3 loop,nosuid,noexec,rw 0 0
Now we’ve completed securing the /tmp directory.
Securing /var/tmp
--------------------
First move the contents of /var/tmp to a temporary location.
mv /var/tmp /var/tmp_bkp
Create a symlink of /var/tmp to the /tmp
ln –s /tmp /var/tmp
Lastly copy the contents back to the /tmp folder.
mv /var/tmp_bkp/* /var/tmp
Securing /dev/shm
---------------------
Edit your fstab entry and locate the line which specifies the mount point of shm.
vi /etc/fstab
And the line should be something like this.
tmpfs /dev/shm tmpfs defaults 0 0
You need to modify it with nosuid,noexec parameters.
tmpfs /dev/shm tmpfs defaults,nosuid,noexec,rw 0 0
After that remount /dev/shm
mount –o remount /dev/shm
Note: After securing the /tmp folder, you must restart the services (mysql) that uses /tmp.
it and why we are doing this. As you know that most of the application uses /tmp
directory for storing data temporarily. So this directory can be used by rootkits,
trojans if it’s not secured properly.These are steps to secure temp directories (/tmp,
/var/tmp, /dev/shm).
We’re going to secure temp direcotries with noexec,nosuid paramaters. Before that we
need to find out whether /tmp directories are already secured. You can check this by
executing the command mount and also checking the fstab entries.
Securing /tmp
-----------------
First we need to take a backup of your present fstab entries so that if anything goes
wrong we can change it back to the old configuration.
cp -p /etc/fstab /etc/fstab_bkp
Create a separate partition for /tmp. For that we need to create a separate device with
a certain space. The space allocation is actually depending on the apps running on your
machine. Here I’m creating a separate device of size 100M and formatting it with ext3
filesystem.
dd if=/dev/zero of=/dev/tmpFS bs=1024 count=100000
mke2fs –j /dev/tmpFS
Copying existing data which is in the /tmp directory to a sperate temporary directory.
cp –pRf /tmp /tmp_bkp
Mounting the new partition that we’ve created in the /tmp directory and setting the
necessary permissions.
mount -o loop,noexec,nosuid,rw /dev/tmpFS /tmp
chmod 1777 /tmp
Copy the old data which is int /tmp_bkp directory to the new /tmp directory.
cp –pRf /tmp_bkp/* /tmp
Finally add the following entry to the fstab to make the changes permanent.
/dev/tmpFS /tmp ext3 loop,nosuid,noexec,rw 0 0
Now we’ve completed securing the /tmp directory.
Securing /var/tmp
--------------------
First move the contents of /var/tmp to a temporary location.
mv /var/tmp /var/tmp_bkp
Create a symlink of /var/tmp to the /tmp
ln –s /tmp /var/tmp
Lastly copy the contents back to the /tmp folder.
mv /var/tmp_bkp/* /var/tmp
Securing /dev/shm
---------------------
Edit your fstab entry and locate the line which specifies the mount point of shm.
vi /etc/fstab
And the line should be something like this.
tmpfs /dev/shm tmpfs defaults 0 0
You need to modify it with nosuid,noexec parameters.
tmpfs /dev/shm tmpfs defaults,nosuid,noexec,rw 0 0
After that remount /dev/shm
mount –o remount /dev/shm
Note: After securing the /tmp folder, you must restart the services (mysql) that uses /tmp.
No comments:
Post a Comment