Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Secure /tmp

Discussion in 'General Discussion' started by mariot, Nov 20, 2007.

  1. mariot

    mariot Member

    Joined:
    Aug 11, 2007
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    51
    Hi to all

    Can sombody explane me how to step by step secure /tmp dir

    I have alredy installed BFD/APF/Rkhunter

    df -h |grep tmp

    /usr/tmpDSK 485M 39M 421M 9% /tmp
    /tmp 485M 39M 421M 9% /var/tmp

    pico /etc/fstab :

    # This file is edited by fstab-sync - see 'man fstab-sync' for details
    /dev/VolGroup00/LogVol00 / ext3 defaults,usrquota 1 1
    LABEL=/boot /boot ext3 defaults 1 2
    none /dev/pts devpts gid=5,mode=620 0 0
    none /dev/shm tmpfs defaults 0 0
    none /proc proc defaults 0 0
    none /sys sysfs defaults 0 0
    /dev/VolGroup00/LogVol01 swap swap defaults 0 0
    /dev/hda /media/cdrom auto pamconsole,exec,noauto,managed 0 0
    /dev/fd0 /media/floppy auto pamconsole,exec,noauto,managed 0 0
    /usr/tmpDSK /tmp ext3 defaults,noauto 0 0

    tnx alot

    Gretings from Austria
     
  2. jayh38

    jayh38 Well-Known Member

    Joined:
    Mar 3, 2006
    Messages:
    1,215
    Likes Received:
    0
    Trophy Points:
    166
    in your fstab, mount your shm as so:

    none /dev/shm tmpfs rw,noexec,nosuid,nodev

    then umount and remount to take effect without restarting and chmod to 1777

    umount /dev/shm
    mount /dev/shm
    chmod 1777 /tmp


    Also run the script
    /scripts/securetmp
     
  3. mariot

    mariot Member

    Joined:
    Aug 11, 2007
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    51
    [root@ns ~]# none /dev/shm tmpfs rw,noexec,nosuid,nodev

    -bash: none: command not found:confused:
     
  4. jayh38

    jayh38 Well-Known Member

    Joined:
    Mar 3, 2006
    Messages:
    1,215
    Likes Received:
    0
    Trophy Points:
    166
    That would be

    pico /etc/fstab


    modify your /dev/shm as per my example.
    save and exit
     
  5. AnilR

    AnilR Active Member

    Joined:
    Nov 24, 2007
    Messages:
    28
    Likes Received:
    0
    Trophy Points:
    51
    Location:
    India
    Secure the tmp partitions (/tmp and /dev/shm)

    # cd /dev/shm
    # nano /etc/fstab

    In your fstab file find the /dev/shm line
    and change it from "defaults" to "rw,noexec,nosuid,nodev" and do mount -a.

    Also remove /usr/local/apache/proxy
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. Zepplin

    Zepplin Well-Known Member

    Joined:
    Oct 23, 2006
    Messages:
    93
    Likes Received:
    1
    Trophy Points:
    158
    Location:
    Blue Mountains, Australia
    cPanel Access Level:
    Root Administrator
    Works like a charm...
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice