The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Using /scripts/securetmp to secure /tmp

Discussion in 'General Discussion' started by keddie, Mar 2, 2009.

  1. keddie

    keddie Well-Known Member

    Joined:
    Nov 17, 2007
    Messages:
    50
    Likes Received:
    0
    Trophy Points:
    6
    When I run this script, I get the following:

    root@server [~]# /scripts/securetmp
    Would you like to secure /tmp & /var/tmp at boot time? (y/n) y
    Would you like to secure /tmp & /var/tmp now? (y/n) y
    Securing /tmp & /var/tmp
    The system does not support loop devices.

    Then the script exits without applying any changes.

    Has anyone else seen this issue?

    Regards,

    Al
     
  2. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,458
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    The problem is clearly stated: your system lacks support for loop devices. This means the loopback file created by securetmp cannot be mounted and used. You'll need to contact your host provider to get this resolved.
     
  3. keddie

    keddie Well-Known Member

    Joined:
    Nov 17, 2007
    Messages:
    50
    Likes Received:
    0
    Trophy Points:
    6
    Hi Kenneth, thanks for the speedy response.

    The system is running on a Centos VPS, and I have root access.

    Could anyone enlighten me on how to enable support for loop devices so that I can run this script?

    Is this a common issue when this script is used to secure /tmp ?

    Regards,

    Al
     
  4. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,458
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    If you are using Virtuozzo, I believe this must be done from the host node, rather than inside the guest.
     
  5. keddie

    keddie Well-Known Member

    Joined:
    Nov 17, 2007
    Messages:
    50
    Likes Received:
    0
    Trophy Points:
    6
    Thanks again for your reply Kenneth.

    I am using Virtuozzo and I also have root access to the host node (I have 3 WHM / Centos VPS's on it).

    I have tried googling around and searching other sites for how to enable loop support but I can't seem to find any information on this.

    On the node I entered:

    modprobe loop

    to enable the loop kernel module on the node. lsmod shows the loop module as being loaded. I restarted the VE then reran the script but still the same thing. I'm wondering if there is further configuration required to enable loop on the guest VEs?

    I also tried adding:

    BINDMOUNT="/tmp,nosuid,noexec,nodev /var/tmp,nosuid,noexec,nodev "

    to vz.conf on the node, still no luck securing /tmp

    Really, I'm wondering how other VPS based cpanel admins deal with securing /tmp? Given the large number of Virtuozzo VPS's in use, this issue must crop up a fair bit?

    My apologies if this is a little off topic,
     
  6. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,458
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Hmmm, it may not be possible on Virtuozzo systems. I know we added the loop device detection specifically for VPS environments. From your description I do believe it was for Virtuozzo.
     
  7. keddie

    keddie Well-Known Member

    Joined:
    Nov 17, 2007
    Messages:
    50
    Likes Received:
    0
    Trophy Points:
    6
    That would make sense.

    I'll keep looking and post back if I find a solution.

    Al
     
Loading...

Share This Page