Using /scripts/securetmp to secure /tmp

**keddie** · 03-02-2009 04:59 AM

When I run this script, I get the following:

root@server [~]# /scripts/securetmp
Would you like to secure /tmp & /var/tmp at boot time? (y/n) y
Would you like to secure /tmp & /var/tmp now? (y/n) y
Securing /tmp & /var/tmp
The system does not support loop devices.

Then the script exits without applying any changes.

Has anyone else seen this issue?

Regards,

Al

**cpanelkenneth** · 03-02-2009 08:55 AM

The problem is clearly stated: your system lacks support for loop devices. This means the loopback file created by securetmp cannot be mounted and used. You'll need to contact your host provider to get this resolved.

**keddie** · 03-02-2009 09:36 AM

Hi Kenneth, thanks for the speedy response.

The system is running on a Centos VPS, and I have root access.

Could anyone enlighten me on how to enable support for loop devices so that I can run this script?

Is this a common issue when this script is used to secure /tmp ?

Regards,

Al

**cpanelkenneth** · 03-03-2009 10:08 AM

If you are using Virtuozzo, I believe this must be done from the host node, rather than inside the guest.

**keddie** · 03-03-2009 05:42 PM

Thanks again for your reply Kenneth.

I am using Virtuozzo and I also have root access to the host node (I have 3 WHM / Centos VPS's on it).

I have tried googling around and searching other sites for how to enable loop support but I can't seem to find any information on this.

On the node I entered:

modprobe loop

to enable the loop kernel module on the node. lsmod shows the loop module as being loaded. I restarted the VE then reran the script but still the same thing. I'm wondering if there is further configuration required to enable loop on the guest VEs?

I also tried adding:

BINDMOUNT="/tmp,nosuid,noexec,nodev /var/tmp,nosuid,noexec,nodev "

to vz.conf on the node, still no luck securing /tmp

Really, I'm wondering how other VPS based cpanel admins deal with securing /tmp? Given the large number of Virtuozzo VPS's in use, this issue must crop up a fair bit?

My apologies if this is a little off topic,

**cpanelkenneth** · 03-04-2009 10:24 AM

Hmmm, it may not be possible on Virtuozzo systems. I know we added the loop device detection specifically for VPS environments. From your description I do believe it was for Virtuozzo.

**keddie** · 03-04-2009 11:48 AM

That would make sense.

I'll keep looking and post back if I find a solution.

Al

LinkBack

Thread Tools

Using /scripts/securetmp to secure /tmp

Secure temp (/scripts/securetmp) not working!!!!

How to know if tmp is secure with /scripts/securetmp

Create /tmp partition as noexec or /scripts/securetmp

How large is /tmp when created with /scripts/securetmp?

/scripts/securetmp restores with incorrect /tmp permissions