Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Is my /tmp /usr/tmpDSK secure?

Discussion in 'Security' started by lambov, Feb 14, 2017.

  1. lambov

    lambov Member

    Joined:
    Oct 9, 2016
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Earth
    cPanel Access Level:
    Root Administrator
    i found user has cron on /var/tmp/ and the file executed is unix malware based clamav scan

    why can he run the script on /var/tmp/ ?
    is my /tmp secure?

    i have run /scripts/securetmp
    and this is my fstab
    Code:
    LABEL=root      /       ext4    errors=remount-ro,usrjquota=quota.user,jqfmt=vfsv0      1       1
    none             /dev/shm      tmpfs   defaults                    0 0
    
    /dev/vda2        swap       swap       defaults        0 0
    /usr/tmpDSK             /tmp                    ext3    defaults,noauto        0 0
    /tmp             /var/tmp                    ext3    defaults,bind,noauto        0 0
    and when running /scripts/securetmp again, i get this error:
    *** Notice *** No loop module detected
    If the loopback block device is built as a module, try running `modprobe loop` as root via ssh and running this script again.
    If the loopback block device is built into the kernel itself, you can ignore this message.

    my server is KVM vps
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,419
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    The following post offers a workaround to this issue so you can mount /tmp with the noexec, nodev, and nosuid flags to help ensure /tmp is secured against attacks:

    secure /tmp directory

    Thank you.
     
  3. lambov

    lambov Member

    Joined:
    Oct 9, 2016
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Earth
    cPanel Access Level:
    Root Administrator
    my server is KVM and not openvz

    thanks
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,419
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    The workaround should help to address the issue on additional environments. Can you confirm the instructions in that thread are not working on your system?

    Thank you.
     
Loading...

Share This Page