The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

securing /tmp directory ?

Discussion in 'General Discussion' started by iv81, Jan 24, 2008.

  1. iv81

    iv81 Registered

    Joined:
    Jan 24, 2008
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Is there any info out there on how to properly secure a /tmp directory against executing exploits? I've had a number of spam sent out from my server and it's realy annoying to find these things in tmp folder being responsible,..

    Here is for example a part of return header sent back to me today..

    X-Source: /usr/bin/php
    X-Source-Args: php 002.php
    X-Source-Dir: /tmp/.desi

    So uppon logging in with root, I've discovered those files being in /tmp/.desi/002.php along with a txt file list off emails . I've so far deleted those files and some other suspicious txt files and suspended exim. I'd be glad if anyone out there could walk me step by step to secure /tmp against this garbage

    I've searched all httpd logs for "tmp" and found nothing relating to how some script kiddies got into my server, this is a mystery yet to be solved
     
  2. bornonline

    bornonline Well-Known Member

    Joined:
    Nov 19, 2004
    Messages:
    139
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Earth
    Tried this?
    /scripts/securetmp
     
  3. iv81

    iv81 Registered

    Joined:
    Jan 24, 2008
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Never have but this is what I've just done..

    [root@server /]# cd scripts
    [root@server scripts]# ./securetmp
    Would you like to secure /tmp & /var/tmp at boot time? (y/n) y
    Would you like to secure /tmp & /var/tmp now? (y/n) y
    Securing /tmp & /var/tmp
    /tmp is already secure
    /var/tmp is already secure
    Checking fstab for entries...Done
    Logrotate TMPDIR already configured
    Process Complete
    [root@server scripts]#


    so it sais it's already secure, does that mean it has been secure before?.. or it wasn't until now? i'm confused.

    also, is there any way to trace how those files got into tmp in the first place?.. I'd realy like to patch those holes.
     
    #3 iv81, Jan 24, 2008
    Last edited: Jan 24, 2008
Loading...

Share This Page