The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Secure tmp method?

Discussion in 'General Discussion' started by Secret Agent, Feb 15, 2006.

  1. Secret Agent

    Secret Agent Guest

    I was told on ExpertExchange about this method of securing tmp partition. Do you agree this is good and will not conflict with anything on a production server?

    To protect your /tmp directory, do the following:


    # lsof | grep /tmp

    this will display a list of services using your /tmp directory, stop these services.

    then run the following:
    ==============
    cd /
    dd if=/dev/zero of=/tmpdir bs=1024 count=200000
    mkfs.ext3 -F /tmpdir
    mv /tmp /tmp.backup
    mkdir /tmp
    mount -o loop,noexec,nosuid,rw /tmpdir /tmp
    chmod 0777 /tmp
    if ! grep -qai tmpdir /etc/fstab ; then
    echo "/tmpdir /tmp ext3 loop,noexec,nosuid,rw 0 0" >> /etc/fstab
    fi
    mount -a
    cp /bin/ls /tmp/
    /tmp/ls
    ===============

    This should give you an output like this:

    -bash: /tmp/ls: Permission denied


    Then restart your services, this way scripts like that won't be allowed to to run out of your /tmp directory.
     
  2. dave9000

    dave9000 Well-Known Member

    Joined:
    Apr 7, 2003
    Messages:
    891
    Likes Received:
    1
    Trophy Points:
    16
    Location:
    arkansas
    cPanel Access Level:
    Root Administrator
    I believe thats what the /scripts/securetmp does also

    i have not compared the code side by side but i do believe they are close to the same
     
  3. abubin

    abubin Well-Known Member

    Joined:
    Dec 7, 2004
    Messages:
    393
    Likes Received:
    1
    Trophy Points:
    18
    yes, everyone should do this to your server. It won't affect anything and it's good to avoid hackers executing scripts in tmp folder.
     
  4. ShockHosts

    ShockHosts Well-Known Member

    Joined:
    Nov 25, 2005
    Messages:
    123
    Likes Received:
    0
    Trophy Points:
    16
  5. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Yes, but it's still the same as what /scripts/securetmp does, which is supported by cPanel, so you're better off using that.
     
  6. Manuel_accu

    Manuel_accu Well-Known Member

    Joined:
    Jun 19, 2005
    Messages:
    191
    Likes Received:
    0
    Trophy Points:
    16
    What if I use the below mentioned set of commands?

    Place below code to /etc/rc.local so they get set on a reboot.

    /bin/mount --bind /tmp /tmp
    /bin/mount -o remount,noexec,nosuid /tmp
    /bin/mount --bind /var/tmp /var/tmp
    /bin/mount -o remount,noexec,nosuid /var/tmp
     
Loading...

Share This Page