The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Secure /tmp

Discussion in 'General Discussion' started by mariot, Nov 20, 2007.

  1. mariot

    mariot Member

    Joined:
    Aug 11, 2007
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    Hi to all

    Can sombody explane me how to step by step secure /tmp dir

    I have alredy installed BFD/APF/Rkhunter

    df -h |grep tmp

    /usr/tmpDSK 485M 39M 421M 9% /tmp
    /tmp 485M 39M 421M 9% /var/tmp

    pico /etc/fstab :

    # This file is edited by fstab-sync - see 'man fstab-sync' for details
    /dev/VolGroup00/LogVol00 / ext3 defaults,usrquota 1 1
    LABEL=/boot /boot ext3 defaults 1 2
    none /dev/pts devpts gid=5,mode=620 0 0
    none /dev/shm tmpfs defaults 0 0
    none /proc proc defaults 0 0
    none /sys sysfs defaults 0 0
    /dev/VolGroup00/LogVol01 swap swap defaults 0 0
    /dev/hda /media/cdrom auto pamconsole,exec,noauto,managed 0 0
    /dev/fd0 /media/floppy auto pamconsole,exec,noauto,managed 0 0
    /usr/tmpDSK /tmp ext3 defaults,noauto 0 0

    tnx alot

    Gretings from Austria
     
  2. jayh38

    jayh38 Well-Known Member

    Joined:
    Mar 3, 2006
    Messages:
    1,215
    Likes Received:
    0
    Trophy Points:
    36
    in your fstab, mount your shm as so:

    none /dev/shm tmpfs rw,noexec,nosuid,nodev

    then umount and remount to take effect without restarting and chmod to 1777

    umount /dev/shm
    mount /dev/shm
    chmod 1777 /tmp


    Also run the script
    /scripts/securetmp
     
  3. mariot

    mariot Member

    Joined:
    Aug 11, 2007
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    [root@ns ~]# none /dev/shm tmpfs rw,noexec,nosuid,nodev

    -bash: none: command not found:confused:
     
  4. jayh38

    jayh38 Well-Known Member

    Joined:
    Mar 3, 2006
    Messages:
    1,215
    Likes Received:
    0
    Trophy Points:
    36
    That would be

    pico /etc/fstab


    modify your /dev/shm as per my example.
    save and exit
     
  5. AnilR

    AnilR Active Member

    Joined:
    Nov 24, 2007
    Messages:
    28
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    India
    Secure the tmp partitions (/tmp and /dev/shm)

    # cd /dev/shm
    # nano /etc/fstab

    In your fstab file find the /dev/shm line
    and change it from "defaults" to "rw,noexec,nosuid,nodev" and do mount -a.

    Also remove /usr/local/apache/proxy
     
  6. Zepplin

    Zepplin Well-Known Member

    Joined:
    Oct 23, 2006
    Messages:
    93
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Blue Mountains, Australia
    cPanel Access Level:
    Root Administrator
    Works like a charm...
     
Loading...

Share This Page