web analytics

Secure /tmp, /var/tmp, /dev/shm in Cpanel Server

Secure /tmp

You can use the cpanel script /scripts/securetmp to secure tmp partition.

Otherwise follow the steps below. First take a backup of the fstab file, just so that you would be able to revert it to a working copy in case of any issues.

[root@abc ~]# cp –pv /etc/fstab /etc/fstab.bak

Make a 3G file for /tmp and check the current filesystem type of /tmp

[root@abc ~]# dd if=/dev/zero of=/var/tempFS bs=1024 count=3072000
[root@abc ~]# /sbin/mkfs.ext3 /var/tempFS

Now, create a backup of current /tmp

[root@abc ~]# cp -Rpf /tmp /tmpbackup

Mount the new /tmp and set required permissions

[root@abc ~]# mount -o loop,noexec,nosuid,rw /var/tempFS /tmp
[root@abc ~]# chmod 1777 /tmp

Copy the old /tmp data and edit fstab

[root@abc ~]# cp -Rpf /tmpbackup/* /tmp/
[root@abc ~]# vi /etc/fstab and add the following line
[root@abc ~]# /var/tempFS /tmp ext3 loop,nosuid,noexec,rw 0 0

Now, time to test the fstab entry

[root@abc ~]# mount -o remount /tmp

Secure /dev/shm


Open /etc/fstab
Change the line containing /dev/shm as follows

[root@abc ~]# cp -pv /etc/fstab /etc/fstab.bak.$(date +%F)

[root@abc ~]# vi /etc/fstab

Modify, the line containing /dev/shm  as follows.

tmpfs /dev/shm tmpfs defaults,nosuid,noexec,rw 0 0

Now remount /dev/shm

[root@abc ~]# mount -o remount /dev/shm

Secure /var/tmp


Backup /var/tmp first.

[root@abc ~]# mv /var/tmp /var/tmpold

Sometimes you might get a “device resource busy” error while renaming /var/tmp. It means that some application or process is currently using /var/tmp. In that case, you need to find the processes using /var/tmp and kill them.

[root@abc ~]# fuser –mv /var/tmp
[root@abc ~]# lsof /var/tmp

If that too doesn’t work, umount /var/tmp and try.

Now, we will use /tmp itself as /var/tmp for security

[root@abc ~]# ln –s /tmp /var/tmp
[root@abc ~]# cp /var/tmpold/* /var/tmp

If your /var/tmp was empty earlier, you might get this error : cp: cannot stat `/var/vartmp/*’: No such file or directory, Once the copying is finished, remove /var/tmpold

rm –rf /var/tmpold

Leave a reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>