Navigation
Home

Secure /tmp and /dev/shm partition

PostDateIcon Sat, 04/10/2010 - 22:49 | PostAuthorIcon donie

How To Secure /tmp and /dev/shm partition

Keep you server clean of rookits is a good idea to get a good security level. A sysadministrator can create a seperate partition for /tmp and mount it with noexec and nosuid parameters. And to do it is not necessary to reboot or repartition your drive.

1. First you should secure /tmp:

Make a 1GB file for /tmp parition and an ext3 filesystem for tmp:
[root@antg ~]# dd if=/dev/zero of=/usr/tmpDSK bs=1024 count=1024000
will take a while, just wait until finished.
For some distros (eg: RHES4), /dev uses tmpfs. That's why we will use /usr/tmpDSK instead of /dev/tmpFS (like other articles recommend).
[root@antg ~]# /sbin/mkfs.ext3 /usr/tmpDSK
Proceed anyway? (y,n) y

Create a backup copy of your current /tmp drive:
[root@antg ~]# cp -Rpf /tmp /tmpbackup

Mount our new tmp parition and change permissions:
[root@antg ~]# mount -o loop,noexec,nosuid,rw /usr/tmpDSK /tmp
[root@antg ~]# chmod 1777 /tmp

Copy the old data:
[root@antg ~]# cp -Rpf /tmpbackup/* /tmp/

If you run the mount command and you should get something like this:
/usr/tmpDSK on /tmp type ext3 (rw,noexec,nosuid,loop=/dev/loop0)

Edit /etc/fstab and add this:
/usr/tmpDSK /tmp ext3 loop,nosuid,noexec,rw 0 0
Test your fstab entry:
[root@antg ~]# mount -o remount /tmp

You can test it runnig a script on /tmp partition, if you get "permission denied" it is fine :)

2. Secure /var/tmp:

It should be done because some applications use /var/tmp as the temporary folder, and anything that's accessible by all, needs to be secured.

Rename it and create a symbolic link to /tmp:
[root@antg ~]# mv /var/tmp /var/tmpold
[root@antg ~]# ln -s /tmp /var/tmp

Copy the old data back:
[root@antg ~]# cp -prf /var/tmpold/* /tmp/

Note: you should restart and services that uses /tmp partition

3. Securing /dev/shm:

To get all the work well done, you should secure /dev/shm to stop rootkits running here.

Edit your /etc/fstab:
[root@antg ~]# nano /etc/fstab

change:
"none /dev/shm tmpfs defaults,rw 0 0" to
"none /dev/shm tmpfs defaults,nosuid,noexec,rw 0 0"
Or if you have fstab content like this:
tmpfs /dev/shm tmpfs defaults,ro 0 0
Change it to:
tmpfs /dev/shm tmpfs defaults,noexec,nosuid 0 0

Remount /dev/shm:
[root@antg ~]# mount -o remount /dev/shm

To test the modification, create this following perl file in /tmp/test.pl and /dev/shm/test.pl

#!/usr/bin/perl
print "hello, noob\n";

then chmod +x /tmp/test.pl
execute : /tmp/test.pl you should get:
-bash: /tmp/test.pl: Permission denied
if you don't, then there must be something wrong with your steps.

Good luck!

PostCommentsIcon Add new comment   | PostTagIcon Tags: linux, security
Reply
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <h1> <h2> <h3> <h4> <h5> <h6> <em> <strong> <code> <del> <blockquote> <q> <cite> <sup> <sub> <p> <br> <ul> <ol> <li> <dl> <dt> <dd> <a> <b> <u> <i>
  • Lines and paragraphs break automatically.
  • You can enable syntax highlighting of source code with the following tags: <code>, <blockcode>, <c>, <cpp>, <drupal5>, <drupal6>, <java>, <javascript>, <php>, <python>, <ruby>. The supported tag styles are: <foo>, [foo].

More information about formatting options

Copyright © 2009 Yohanes Pradono. All rights reserved. All times are GMT.

Hosted by Wowrack