- Secure your /tmp folder

[king]

A lot of worms / common exploits for *nix servers target the use of the /tmp folder (as its world writable) a few basic steps can be took in order to secure your tmp folder.

The basic concept is to remove peoples ability to place files into this folder , and then execute them, fortunatly this can be achived in a few simple steps.

To achiwve this we need to mount the /tmp folder up with the following options,

noexec,nosuid,nodev

Unforunatly if your hard drive has came with all of its free space allocated this can seem a daunting process,,, thank god for unix flexabilites !

1) Ensure you stop any services that may be writing to the /tmp folder (web server , mysql , ftp daemon)

2) clean your old temp folder !

# rm /tmp -rf
# mkdir /tmp"

3) Create a blank file , in order to mount up as /tmp

# mkdir /usr/local/tmppartition
# cd /usr/local/tmppartition
# dd if=/dev/zero of=tmpMnt bs=1024 count=10000000

4) Format the file with a filesystem !

# /sbin/mke2fs /usr/local/tmppartition/tmpMnt

5) Mount the file up to the /tmp folder !

# mount -o loop,noexec,nosuid,rw /usr/local/tmppartition/tmpMnt /tmp

6) Chmod the new folder to be world writable ..

# chmod 0777 /tmp

7) add the line to your fstab file so that the file remounts each boot .

# pico /etc/fstab

add the following lines at the bottom of the fstab file
-----------------------------------------------------------------
/usr/local/tmppartition/tmpMnt /tmp ext2 loop,noexec,nosuid,nodev,rw 0 0
-----------------------------------------------------------------
(without the ----------------------'s )

8) Enjoy a secure /tmp folder !


Kev