Home
secure /tmp partition
  • Block executing commands on the /tmp Partition

 

Several script languages like PHP, holds temporary files like session,upload and cache on the /tmp partition on Linux systems. İf the attacker has an access to this folder then those scripts can be run from this point so with this way, all system files can be reached or accessed by root. To block running of files which are in the /tmp partition, it must not be given run permission while mounting /tmp partition.

To do this process, you have to choose /tmp partition as seperate partition while installaing the system. Enter this command in the command line to check this setting:

df -h # or
mount

Enter this command:

[root@xxx ~]# df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/mapper/VolGroup00-LogVol00 2.9G  820M  1.9G  30% /
/dev/mapper/VolGroup00-LogVol02 2.9G  288M  2.4G  11% /tmp
/dev/mapper/VolGroup00-LogVol04 7.8G  3.8G  3.7G  51% /var
/dev/mapper/VolGroup00-LogVol05 44G   35G  6.6G  85% /hsphere
/dev/mapper/VolGroup00-LogVol03 4.8G  908M  3.6G  20% /usr
/dev/sda1              99M   36M   58M  39% /boot
tmpfs                 2.0G     0  2.0G   0% /dev/shm

If you can not see a seperate  /tmp partition like in the example, create a new 250 MB /tmp partition by applying steps below. If there is a /tmp partition then follow with the solution 2:

Solution 1:

cd /dev/
dd if=/dev/zero of=Tmp bs=1024 count=250000
mkfs -t ext3 /dev/Tmp
cd /
cp -aR  /tmp  /tmp_backup
mount  -o  loop,noexec,nosuid,rw  /dev/Tmp  /tmp
cp -aR /tmp_backup/* /tmp/
chmod 0777 /tmp
chmod +t  /tmp

Add information of the newly created partition into the /etc/fstab in order to make it available after next boot.

/dev/Tmp          /tmp          ext3          loop,rw,nosuid,noexec     0 0

If you already have  /tmp partition, please apply the below steps.

Solution 2:

/etc/fstab içerisindeki /tmp defaults değerini değiştirin

/dev/VolGroup00/LogVol02 /tmp                    ext3    defaults 1 2
/dev/VolGroup00/LogVol02 /tmp                    ext3     rw,nosuid,noexec 1 2

Change defaults region as rw,nosuid,noexec then save and exit. Remount /tmp partition in order to make changes available immediately:

mount -oremount loop,rw,nosuid,noexec /tmp

Navigation
Previous Table of Contents Next

WARNING: This document is prepared for CentOS5.5 but expected to be compatible with other versions and differs some commands or command paths. Please, check the used services before applying these steps.
 
VeriTeknik I.T. Solutions Ltd., is a DataCenter company in Turkey.
VeriTeknik Telecom Ltd., is an Internet Service Provider in Turkey.

VeriTeknik I.T. Sloutions Ltd., VeriTeknik Telecom Ltd. 2004 - 2010
Eskişehir Yolu 17.km. Çamlık Park Sitesi 2365. sk. No:7 Bağlıca Ankara Turkey +90.312 234 20 00
Copyright © 2004 - 2010. VeriPortal Datacenter Ankara Turkey | Server Housing | Co-Location & Dedicated Servers.