Securing Your /tmp Partition to prevent from hackers

Published August 8, 2009 by Siva

Securing your /tmp directory could save you from an un-updated PHP script, where someone attempts to write an executable program with malicous code too.

I AM NOT RESPONSIBLE FOR ANY PROBLEMS THIS MAY CAUSE

that being said, lets get to it:

cd /dev

Create 500MB file for our /tmp partition. If you need more space, make count size larger.

dd if=/dev/zero of=tmpMnt bs=1024 count=500000

Make an extended filesystem for our tmpMnt file

/sbin/mke2fs /dev/tmpMnt

Backup your /tmp dir- I had mysql.sock file that I needed to recreate the symbolic link for. Other programs may use it to store cache files or whatever.

cd /
cp -pR /tmp /tmp_backup

Mount the new /tmp filesystem with noexec

mount -o loop,noexec,nosuid,rw /dev/tmpMnt /tmp
chmod 0777 /tmp

Copy everything back to new /tmp and remove backup

cp -pR /tmp_backup/* /tmp/

Now we need to add this to fstab so it mounts automatically on reboots.

pico -w /etc/fstab

You should see something like this:

/dev/hda3               /                       ext3    defaults,usrquota        1 1
/dev/hda1               /boot                   ext3    defaults        1 2
none                    /dev/pts                devpts  gid=5,mode=620  0 0
none                    /proc                   proc    defaults        0 0
none                    /dev/shm                tmpfs   defaults        0 0
/dev/hda2               swap                    swap    defaults        0 0

At the bottom add:

/dev/tmpMnt             /tmp                    ext2    loop,noexec,nosuid,rw  0 0

(Each space is a tab)
Save it!

Ctrl + X and Y

Your done- /tmp is now mounted as noexec. You can sleep a little bit safer tonight. I created a hello world c++ and compiled it then moved it to /tmp. Upon trying to run it (even chmod +x’ed), it gives the following error:

bash: ./a.out: Permission denied

good luck! if it is causing problems with any of your software, you could remove the entry from fstab, reboot and then delete /tmp and recreate it to bring it back to normal.

*Source:  http://webhostgear.com*

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: