Results 1 to 9 of 9
  1. #1

    secure tmp directory qustion

    hi

    i have a dedicited server
    i used this guid

    Create a ~800Mb partition
    -----command-----
    cd /dev/; dd if=/dev/zero of=tmpMnt bs=1024 count=800000
    -----command-----

    Format the partion
    -----command-----
    mkfs.ext2 /dev/tmpMnt
    -----command-----
    When it asks about not being a block special device press Y

    Make a backup of the old data
    -----command-----
    cp -Rp /tmp /tmp_backup
    -----command-----

    Mount the temp filesystem
    -----command-----
    mount -o loop,noexec,nosuid,rw /dev/tmpMnt /tmp
    -----command-----

    Set the permissions
    -----command-----
    chmod 0777 /tmp
    -----command-----

    Copy the old files back
    -----command-----
    cp -Rp /tmp_backup/* /tmp/
    -----command-----

    Once you do that go ahead and restart mysql and make sure it works ok. We do this because mysql places the mysql.sock in /tmp which neeeds to be moved. If not it migth have trouble starting. If it does you can add this line to the bottom of the /etc/fstab to automatically have it mounted:

    Open the file in pico:
    -----command-----
    pico -w /etc/fstab
    -----command-----
    Now add this single line at the bottom:

    /dev/tmpMnt /tmp ext2 loop,noexec,nosuid,rw 0 0

    While we are at it we are going to secure /dev/shm. Look for the mount line for /dev/shm and change it to the following:
    none /dev/shm tmpfs noexec,nosuid 0 0

    Umount and remount /dev/shm for the changes to take effect.
    -----command-----
    umount /dev/shm
    mount /dev/shm
    -----command-----

    Next delete the old /var/tmp and create a link to /tmp
    -----command-----
    rm -rf /var/tmp/
    ln -s /tmp/ /var/
    -----command-----

    If everything still works fine you can go ahead and delete the /tmp_backup directory.
    -----command-----
    rm -rf /tmp_backup
    -----command-----



    to secure my tmp folder

    all is good but when i reset my system
    the mount of tmp deirctory is gone ...
    all keeps working good but when i do df -h
    i cant see the tmp deirctory mount
    i need to munt it again


    why is that ?
    i need some help ?

  2. #2
    After reset server try to run:

    mount -a

    Does /tmp mount after?

  3. #3
    Does the /etc/fstab contains the old /tmp entry? If yes, remove it and make sure only one tmp partition entry remains in the file.

    If it's still not working, paste the output of following commands:

    cat /etc/fstab
    mount
    | LinuxHostingSupport.net
    | Server Setup | Security | Optimization | Troubleshooting | Server Migration
    | Monthly and Task basis services.
    | MSN : madaboutlinux[at]hotmail.com | Skype : madaboutlinux

  4. #4
    this is my fstab

    [[email protected] ibmonitor]# nano /etc/fstab
    GNU nano 1.3.12 File: /etc/fstab

    /dev/VolGroup00/LogVol00 / ext3 defaults,usrquota,grpquota 1 1
    LABEL=/boot /boot ext3 defaults 1 2
    none /dev/shm tmpfs noexec,nosuid 0 0
    devpts /dev/pts devpts gid=5,mode=620 0 0
    sysfs /sys sysfs defaults 0 0
    proc /proc proc defaults 0 0
    /dev/VolGroup00/LogVol01 swap swap defaults 0 0
    /dev/tmpMnt /tmp ext2 loop,noexec,nosuid,rw 0 0


    is it ok ?

  5. #5
    The file is OK but change ext2 to ext3 in the fstab file while mounting the /tmp partition i.e.

    /dev/tmpMnt /tmp ext2 loop,noexec,nosuid,rw 0 0
    to

    /dev/tmpMnt /tmp ext3 loop,noexec,nosuid,rw 0 0
    The older extension could be causing issues.
    | LinuxHostingSupport.net
    | Server Setup | Security | Optimization | Troubleshooting | Server Migration
    | Monthly and Task basis services.
    | MSN : madaboutlinux[at]hotmail.com | Skype : madaboutlinux

  6. #6
    Join Date
    Apr 2003
    Location
    San Jose, CA.
    Posts
    1,622
    The "files" in /dev are created by udev.
    Putting some random file in there is not going to be recreated upon reboot.
    Put your tmp file in a regular partition ie /tmpMnt not /dev/tmpMnt
    Daved @ Lightwave Networking, LLC.
    AS1426 https:/www.lightwave.net
    Primary Bandwidth: EGIHosting (NLayer, NTT, HE, Cogent)
    Xen PV VPS Hosting

  7. #7
    Quote Originally Posted by Lightwave View Post
    The "files" in /dev are created by udev.
    Putting some random file in there is not going to be recreated upon reboot.
    Put your tmp file in a regular partition ie /tmpMnt not /dev/tmpMnt
    ok

    so insted of
    cd /dev/; dd if=/dev/zero of=tmpMnt bs=1024 count=800000

    what should i do ?

    tnx
    Last edited by roeybl; 02-11-2011 at 01:39 PM.

  8. #8
    Looks like you have one big LVM partition created instead of separate partitions, so no problems creating the tmp file anywhere. The following command will create the tmp file under /usr directory

    dd if=/dev/zero of=/usr/tmpMnt bs=1024 count=800000
    | LinuxHostingSupport.net
    | Server Setup | Security | Optimization | Troubleshooting | Server Migration
    | Monthly and Task basis services.
    | MSN : madaboutlinux[at]hotmail.com | Skype : madaboutlinux

  9. #9
    Quote Originally Posted by madaboutlinux View Post
    Looks like you have one big LVM partition created instead of separate partitions, so no problems creating the tmp file anywhere. The following command will create the tmp file under /usr directory
    tnx
    that did it

Similar Threads

  1. secure /tmp and /dev/shm and /var/tmp
    By agrilon in forum Hosting Security and Technology
    Replies: 7
    Last Post: 03-27-2010, 08:44 AM
  2. how can secure /tmp /var/tmp in OpenVZ VPS ?
    By anonbeat in forum Hosting Security and Technology
    Replies: 1
    Last Post: 03-15-2007, 06:28 PM
  3. how to UN-secure tmp directory?
    By alkatraz in forum Dedicated Server
    Replies: 4
    Last Post: 11-17-2004, 12:49 AM
  4. Secure tmp
    By Serverplan in forum Hosting Security and Technology
    Replies: 5
    Last Post: 06-20-2004, 08:07 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •