This will cover securing /tmp /var/tmp and /dev/shm Secure /tmp:
Step 1: Backup your /etc/fstab file
Code:
cp /etc/fstab /etc/fstab.bak
Step 2: Make a 3GB file for /tmp parition and an ext3 filesystem for tmp:
Code:
dd if=/dev/zero of=/var/tempFS bs=1024 count=3072000 /sbin/mkfs.ext3 /var/tempFS *Change the count= to something higher if you need more space*
Step 3: Create a backup copy of your current /tmp drive:
Code:
cp -Rpf /tmp /tmpbackup
Step 4: Mount our new tmp parition and change permissions:
Code:
mount -o loop,noexec,nosuid,rw /var/tempFS /tmp chmod 1777 /tmp
Step 5: Copy the old data:
Code:
cp -Rpf /tmpbackup/* /tmp/ * If your /tmp was empty earlier, you might get this error : cp: cannot stat `/tmp.bak/*’: No such file or directory
Step 6: Edit /etc/fstab and add this:
Code:
nano -w /etc/fstab And ADD this line:
Code:
/var/tempFS /tmp ext3 loop,nosuid,noexec,rw 0 0
Step 7: Test your fstab entry:
Code:
mount -o remount /tmp
Step 8: Verify that your /tmp mount is working:
Code:
df -h Should look something like this:
Code:
/var/tempFS 962M 18M 896M 2% /tmp
Secure /var/tmp:
Step 1: Use /tmp as /var/tmp.
Code:
mv /var/tmp /var/vartmp ln -s /tmp /var/tmp
Step 2: Copy the old data back
Code:
cp /var/vartmp/* /tmp/ * If your /var/tmp was empty earlier, you might get this error : cp: cannot stat `/var/vartmp/*’: No such file or directory
Secure /dev/shm:
Step 1: Edit your /etc/fstab:
Code:
nano -w /etc/fstab Locate:
Code:
none /dev/shm tmpfs defaults,rw 0 0 Change it to:
Code:
none /dev/shm tmpfs defaults,nosuid,noexec,rw 0 0
Step 2: Remount /dev/shm:
Code:
mount -o remount /dev/shm
You should restart services that uses /tmp partition