Skip to content

Instantly share code, notes, and snippets.

@vishnumitraha

vishnumitraha/Securing tmp directory.md

Last active December 8, 2021 09:10
Show Gist options
  • Save vishnumitraha/403d0e8d77d6d3cd4257b107cf05ddc4 to your computer and use it in GitHub Desktop.
Save vishnumitraha/403d0e8d77d6d3cd4257b107cf05ddc4 to your computer and use it in GitHub Desktop.
Download ZIP
Securing tmp directory.md
Raw
Securing tmp directory.md

Securing /tmp directory

Step 1: Backup /etc/fstab

cp -a /etc/fstab /etc/fstab.bak

Step 3: Make a 3GB file and format it with ext3:

dd if=/dev/zero of=/var/tempFS bs=1024 count=3072000
/sbin/mkfs.ext3 /var/tempFS

Step 3: Create a backup copy of your current /tmp

rsync -av /tmp/ /tmpbackup/

Step 4: Mount our new tmp partition and change permissions

mount -o loop,noexec,nosuid,rw /var/tempFS /tmp
chmod 1777 /tmp

Step 5: Copy the old data

rsync -av /tmpbackup/ /tmp/

Step 6: Update fstab

vi /etc/fstab

* And add this line or replace existing /tmp line:

/var/tempFS /tmp ext3 loop,nosuid,noexec,rw 0 0

Step 7: Test your fstab entry

mount -o remount /tmp

Step 8: Verify that your /tmp mount is working

df -h

Should look something like this:

/var/tempFS           962M   18M  896M   2% /tmp

Securing /var/tmp

Step 1: Rename /var/tmp and create a symbolic link to /tmp

mv /var/tmp /var/vartmp
ln -s /tmp /var/tmp

Step 2: Copy the old data back

rsync -av /var/vartmp/ /tmp/

Step 3: Remove /var/vartmp

rm -rf /var/vartmp

Securing /dev/shm (based on your fstab entry you need to follow this step)

Step 1: Edit your /etc/fstab

vi /etc/fstab

Locate:

none /dev/shm tmpfs defaults,rw 0 0

Change it to:

none /dev/shm tmpfs defaults,nosuid,noexec,rw 0 0

Step 2: Remount /dev/shm:

mount -o remount /dev/shm
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment