How To Secure /tmp and /dev/shm partition
Keep you server clean of rookits is a good idea to get a good security level. A sysadministrator can create a seperate partition for /tmp and mount it with noexec and nosuid parameters. And to do it is not necessary to reboot or repartition your drive.
1. First you should secure /tmp:
Make a 1GB file for /tmp parition and an ext3 filesystem for tmp:
# dd if=/dev/zero of=/dev/tmpFS bs=1024 count=1000000
# /sbin/mkfs.ext3 /dev/tmpFS
Create a backup copy of your current /tmp drive:
# cp -Rpf /tmp /tmpbackup
Mount our new tmp parition and change permissions:
# mount -o loop,noexec,nosuid,rw /dev/tmpFS /tmp
# chmod 1777 /tmp
Copy the old data:
cp -Rpf /tmpbackup/* /tmp/
If you run the mount command and you should get something like this:
/dev/tmpMnt on /tmp type ext3 (rw,noexec,nosuid,loop=/dev/loop0)
Edit /etc/fstab and add this:
/dev/tmpMnt /tmp ext3 loop,nosuid,noexec,rw 0 0
# mount -o remount /tmp
You can test it runnig a script on /tmp partitio, if you get "permission denied" it is fine :)
2. Secure /var/tmp:
It should be done because some applications use /var/tmp as the temporary folder, and anything that's accessible by all, needs to be secured.
Rename it and create a symbolic link to /tmp:
# mv /var/tmp /var/tmp1
# ln -s /tmp /var/tmp
Copy the old data back:
# cp /var/tmpold/* /tmp/
Note: you should restart and services that uses /tmp partition
3. Securing /dev/shm:
To get all the work well done, you should secure /dev/shm to stop rootkits running here.
Edit your /etc/fstab:
# nano /etc/fstab
change:
"none /dev/shm tmpfs defaults,rw 0 0" to
"none /dev/shm tmpfs defaults,nosuid,noexec,rw 0 0"
Remount /dev/shm:
# mount -o remount /dev/shm
It should be fine now. You can also read related posts:
How to install Rkhunter
How to install Rootcheck
1 Comments:
/dev/tmpMnt /tmp ext3 loop,nosuid,noexec,rw 0 0
this seems to be a mistyped, since it should be
/dev/tmpFS /tmp ext3 loop,nosuid,noexec,rw 0 0
Post a Comment