Portal Home > Knowledgebase > Articles Database > secure tmp directory qustion
secure tmp directory qustion
| Posted by roeybl, 02-10-2011, 10:49 PM |
| hi
i have a dedicited server
i used this guid
Create a ~800Mb partition
-----command-----
cd /dev/; dd if=/dev/zero of=tmpMnt bs=1024 count=800000
-----command-----
Format the partion
-----command-----
mkfs.ext2 /dev/tmpMnt
-----command-----
When it asks about not being a block special device press Y
Make a backup of the old data
-----command-----
cp -Rp /tmp /tmp_backup
-----command-----
Mount the temp filesystem
-----command-----
mount -o loop,noexec,nosuid,rw /dev/tmpMnt /tmp
-----command-----
Set the permissions
-----command-----
chmod 0777 /tmp
-----command-----
Copy the old files back
-----command-----
cp -Rp /tmp_backup/* /tmp/
-----command-----
Once you do that go ahead and restart mysql and make sure it works ok. We do this because mysql places the mysql.sock in /tmp which neeeds to be moved. If not it migth have trouble starting. If it does you can add this line to the bottom of the /etc/fstab to automatically have it mounted:
Open the file in pico:
-----command-----
pico -w /etc/fstab
-----command-----
Now add this single line at the bottom:
/dev/tmpMnt /tmp ext2 loop,noexec,nosuid,rw 0 0
While we are at it we are going to secure /dev/shm. Look for the mount line for /dev/shm and change it to the following:
none /dev/shm tmpfs noexec,nosuid 0 0
Umount and remount /dev/shm for the changes to take effect.
-----command-----
umount /dev/shm
mount /dev/shm
-----command-----
Next delete the old /var/tmp and create a link to /tmp
-----command-----
rm -rf /var/tmp/
ln -s /tmp/ /var/
-----command-----
If everything still works fine you can go ahead and delete the /tmp_backup directory.
-----command-----
rm -rf /tmp_backup
-----command-----
to secure my tmp folder
all is good but when i reset my system
the mount of tmp deirctory is gone ...
all keeps working good but when i do df -h
i cant see the tmp deirctory mount
i need to munt it again
why is that ?
i need some help ?
|
| Posted by artemirk, 02-11-2011, 04:12 AM |
| After reset server try to run:
mount -a
Does /tmp mount after?
|
| Posted by madaboutlinux, 02-11-2011, 07:40 AM |
| Does the /etc/fstab contains the old /tmp entry? If yes, remove it and make sure only one tmp partition entry remains in the file.
If it's still not working, paste the output of following commands:
|
| Posted by roeybl, 02-11-2011, 08:35 AM |
| this is my fstab
[root@server ibmonitor]# nano /etc/fstab
GNU nano 1.3.12 File: /etc/fstab
/dev/VolGroup00/LogVol00 / ext3 defaults,usrquota,grpquota 1 1
LABEL=/boot /boot ext3 defaults 1 2
none /dev/shm tmpfs noexec,nosuid 0 0
devpts /dev/pts devpts gid=5,mode=620 0 0
sysfs /sys sysfs defaults 0 0
proc /proc proc defaults 0 0
/dev/VolGroup00/LogVol01 swap swap defaults 0 0
/dev/tmpMnt /tmp ext2 loop,noexec,nosuid,rw 0 0
is it ok ?
|
| Posted by madaboutlinux, 02-11-2011, 09:07 AM |
| The file is OK but change ext2 to ext3 in the fstab file while mounting the /tmp partition i.e.
to
The older extension could be causing issues.
|
| Posted by Lightwave, 02-11-2011, 09:59 AM |
| The "files" in /dev are created by udev.
Putting some random file in there is not going to be recreated upon reboot.
Put your tmp file in a regular partition ie /tmpMnt not /dev/tmpMnt
|
| Posted by roeybl, 02-11-2011, 01:36 PM |
| ok
so insted of
cd /dev/; dd if=/dev/zero of=tmpMnt bs=1024 count=800000
what should i do ?
tnx
Last edited by roeybl; 02-11-2011 at 01:39 PM.
|
| Posted by madaboutlinux, 02-11-2011, 02:56 PM |
| Looks like you have one big LVM partition created instead of separate partitions, so no problems creating the tmp file anywhere. The following command will create the tmp file under /usr directory
|
| Posted by roeybl, 02-11-2011, 04:23 PM |
| tnx
that did it
|
Add to Favourites 
Print this Article
Also Read
nginx help (Views: 818)