Puppy Linux BlogPritloghttp://mainetrapshooting.com/blog/index.php/RShttp://mainetrapshooting.com/blog/index.php/RSS/liviewEntry/00040/secure--tmp-on-serverssecure /tmp on serverslinuxCheck if /tmp is already secure. Some servers do not use a /tmp partition while others do.<br>-----command-----<br>df -h |grep tmp<br>-----command----- <p>If that displays nothing then go below to create a tmp partition. If you do have a tmp partition you need to see if it mounted with noexec.<br>-----command-----<br>cat /etc/fstab |grep tmp<br>-----command-----</p><p>If there is a line that includes /tmp and noexec then it is already mounted as non-executable. If not follow the instructions below to create one without having to physically format your disk. Idealy you would make a real partition when the disk was originally formated, that being said I have not had any trouble create a /tmp partition using the following method. </p><p>Create a ~800Mb partition<br>-----command-----<br>cd /dev/; dd if=/dev/zero of=tmpMnt bs=1024 count=800000<br>-----command-----</p><p>Format the partion<br>-----command-----<br>mkfs.ext2 /dev/tmpMnt<br>-----command-----<br>When it asks about not being a block special device press Y</p><p>Make a backup of the old data<br>-----command-----<br>cp -Rp /tmp /tmp_backup<br>-----command-----</p><p>Mount the temp filesystem<br>-----command-----<br>mount -o loop,noexec,nosuid,rw /dev/tmpMnt /tmp<br>-----command-----</p><p>Set the permissions<br>-----command-----<br>chmod 0777 /tmp<br>-----command-----</p><p>Copy the old files back<br>-----command-----<br>cp -Rp /tmp_backup/* /tmp/<br>-----command-----</p><p>Once you do that go ahead and restart mysql and make sure it works ok. We do this because mysql places the mysql.sock in /tmp which neeeds to be moved. If not it migth have trouble starting. If it does you can add this line to the bottom of the /etc/fstab to automatically have it mounted: </p><p>Open the file in pico:<br>-----command-----<br>pico -w /etc/fstab<br>-----command-----</p><p>Now add this single line at the bottom:</p><p>/dev/tmpMnt /tmp ext2 loop,noexec,nosuid,rw 0 0</p><p>While we are at it we are going to secure /dev/shm. Look for the mount line for /dev/shm and change it to the following:<br>none /dev/shm tmpfs noexec,nosuid 0 0</p><p>Umount and remount /dev/shm for the changes to take effect.<br>-----command-----<br>umount /dev/shm<br>mount /dev/shm<br>-----command-----</p><p>Delete the old /var/tmp and create a link to /tmp<br>-----command-----<br>rm -rf /var/tmp/<br>ln -s /tmp/ /var/<br>-----command-----</p><p>If everything still works fine,&nbsp; delete the /tmp_backup directory.<br>-----command-----<br>rm -rf /tmp_backup<br>-----command-----</p><p>Your /tmp, /var/tmp, and /dev/shm are now mounted in a way that no program can be directly run from these directories. <br></p>