Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

tmp folder

Discussion in 'Data Protection' started by mmscwebmaster, Mar 8, 2007.

  1. mmscwebmaster

    mmscwebmaster Member

    Joined:
    Mar 6, 2007
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    151
    Location:
    UK
    There is a folder called tmp at the root level on the cPanel website which I am now managing. Can all these historic files be deleted without upsetting anything?
     
  2. 1a-Websolutions

    1a-Websolutions Active Member

    Joined:
    Aug 24, 2006
    Messages:
    42
    Likes Received:
    0
    Trophy Points:
    156
    Hi,

    don't delete mysql.sock - all other Data can you delete.

    If you delte mysql.sock you need to restart the Mysql - if it don't work - restart the Server.

    Regards
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. shivinvijai

    shivinvijai Member

    Joined:
    Mar 1, 2007
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    151
    Securing /tmp Partition

    Hi,

    It would be worthwhile to give /tmp it's own partition and mount it using noexec- This would protect your system from MANY local and remote exploits of rootkits being run from your /tmp folder.

    What we are doing it creating a file that we will use to mount at /tmp. So log into SSH and SU to root so we may being!

    cd /dev

    dd if=/dev/zero of=tmpMnt bs=1024 count=100000

    Make an extended filesystem for our tmpMnt file

    /sbin/mke2fs /dev/tmpMnt

    Backup your /tmp dir- I had mysql.sock file that I needed to recreate the symbolic link for. Other programs may use it to store cache files or whatever.

    cd /

    cp -R /tmp /tmp_backup

    Mount the new /tmp filesystem with noexec

    mount -o loop,noexec,nosuid,rw /dev/tmpMnt /tmp

    chmod 1777 /tmp

    Copy everything back to new /tmp and remove backup

    cp -R /tmp_backup/* /tmp/

    rm -rf /tmp_backup

    Now we need to add this to fstab so it mounts automatically on reboots.

    vi /etc/fstab

    You should see something like this:

    /dev/hda3 / ext3 defaults,usrquota 1 1
    /dev/hda1 /boot ext3 defaults 1 2
    none /dev/pts devpts gid=5,mode=620 0 0
    none /proc proc defaults 0 0
    none /dev/shm tmpfs defaults 0 0
    /dev/hda2 swap swap defaults 0 0

    At the bottom add
    /dev/tmpMnt /tmp ext2 loop,noexec,nosuid,rw 0 0

    (Each space is a tab)
    Save it!

    Your done- /tmp is now mounted as noexec. You can sleep a little bit safer tonight. I created a hello world c++ and compiled it then moved it to /tmp. Upon trying to run it (even chmod +x'ed), it gives the following error:

    bash: ./a.out: Permission denied

    Thanks
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. ramprage

    ramprage Well-Known Member

    Joined:
    Jul 21, 2002
    Messages:
    655
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Canada
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,563
    Likes Received:
    42
    Trophy Points:
    308
    cPanel Access Level:
    Root Administrator
    /scripts/securetmp also creates a loopback file to mount noexec on /tmp

    It does that if /tmp is not already a partition (slice for FreeBSD)

    It usually runs in /etc/rc.local
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,309
    Likes Received:
    393
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Lots of great stuff there too. :)



    typo check


    :p
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice