Secure /tmp directory Exploiting the /tmp directory and using it to execute files is a very popular method hackers and those with malcious intent use now days. It's also pretty simple to prevent this, or at least put a roadblock up! First, let me say, I highly recommend taking the easy way out on this one, because the easy way in my opinion in this case is also the best way, to do this simply run this command as root: /scripts/securetmp cPanel wrote this script to make it easier on everyone, this script in my opinion also implements it more safely by not having it mount in /etc/fstab! However, if you are the type who wants to do it manually, here you go... First you will need to SSH into your server and su to root. You'll need to tart off in the /dev directory. cd /dev Now, first you will create a loopback file that is 300mybte, you can create larger by editing the count variable. dd if=/dev/zero of=tmpMnt bs=1024 count=300000 Next, you'll make this loopback file a extended filesystem: /sbin/mke2fs /dev/tmpMnt Let's back up your current /tmp directory just in case, remember /tmp directories are emptied on each reboot anyhow, but just in case: cp -R /tmp /tmp_backup Next, mount the new /tmp as noexec: mount -o loop,noexec,nosuid,rw /dev/tmpMnt /tmp Let's chmod it correctly: chmod 1777 /tmp Almost done..restore the /tmp directory and delete the backup: cp -R /tmp_backup/* /tmp/ rm -rf /tmp_backup Now, next we'll set /tmp to mount on bootup, this is the reason why I recommend at the beginning using the cPanel script, because the script does not use /etc/fstab, instead of loads it after the filesystems are mounted.
It's not very wise to load a non-partition on bootup as it can't be fsck'd if neccessary. At the bottom of your /etc/fstab, add this line: /dev/tmpMnt /tmp ext2 loop,noexec,nosuid,rw 0 0 The above lines, should look very similar. Remember each space in the above line is a tab, after this is done, just save and exit out of your editor. Lastly, you'll create a symlink between /var/tmp/ and /tmp. To do this simply: ln -s /var/tmp /tmp http://www.cpanelfaq.com/006/12.html
No comments:
Post a Comment