WHMSupport .Com - WHM/cPanel English Support Platform » Security
Secure Your /tmp Partition with Cpanel/WHM
WHM/cPanel Support Platform
| |||||||
 |
| | LinkBack | Thread Tools | Display Modes |
|
#1
08.11.07, 22:34
| ||||
| ||||
| Secure Your /tmp Partition with Cpanel/WHM
Securing Your /tmp Partition with Cpanel/WHM If you are renting a server then chances are everything is lumped in / and a small amount partitioned for /boot and some for swap. With this current setup, you have no room for making more partitions unless you have a second hard-drive. Learn how to create a secure /tmp partition even while your server is already up and running. Recently, I found out it would be worthwhile to give /tmp it's own partition and mount it using noexec- This would protect your system from MANY local and remote exploits of rootkits being run from your /tmp folder. What we are doing it creating a file that we will use to mount at /tmp. So log into SSH and SU to root so we may being! cd /dev Create 100MB file for our /tmp partition. If you need more space, make count size larger. dd if=/dev/zero of=tmpMnt bs=1024 count=100000 Make an extended filesystem for our tmpMnt file /sbin/mke2fs /dev/tmpMnt Backup your /tmp dir- I had mysql.sock file that I needed to recreate the symbolic link for. Other programs may use it to store cache files or whatever. cd / cp -R /tmp /tmp_backup Mount the new /tmp filesystem with noexec mount -o loop,noexec,nosuid,rw /dev/tmpMnt /tmp chmod 1777 /tmp Copy everything back to new /tmp and remove backup cp -R /tmp_backup/* /tmp/ rm -rf /tmp_backup Now we need to add this to fstab so it mounts automatically on reboots. pico -w /etc/fstab You should see something like this: /dev/hda3 / ext3 defaults,usrquota 1 1 /dev/hda1 /boot ext3 defaults 1 2 none /dev/pts devpts gid=5,mode=620 0 0 none /proc proc defaults 0 0 none /dev/shm tmpfs defaults 0 0 /dev/hda2 swap swap defaults 0 0 At the bottom add /dev/tmpMnt /tmp ext2 loop,noexec,nosuid,rw 0 0 (Each space is a tab) Save it! Ctrl + X and Y Your done- /tmp is now mounted as noexec. You can sleep a little bit safer tonight. I created a hello world c++ and compiled it then moved it to /tmp. Upon trying to run it (even chmod +x'ed), it gives the following error: bash: ./a.out: Permission denied Thanks to S. Leggett
__________________ 1.)Lütfen destek talebinde bulunmak için msn messenger üzerinden iletişime geçmeyiniz. 2.)Ücretsiz destek almak için forum sayfalarımızı kullanmanız aynı sorunu yaşayan diğer üyelerin cevaplara en kısa sürede ulaşabilmesi ve sizlere yardımcı olmak isteyen bizlerin ve diğer üyelerimizin zaman kazanmaları açısından çok önemlidir. 3.)Forumlarımızda sorunlarınızı anlatırken mümkün olduğunca çok detay vermeniz en kısa sürede sorununuza çözüm bulmanız açısından mühimdir. Daha çok öğrenmek ve öğretmek dileğiyle.. Sevgiler.. The Platform.          |
|
#2
08.11.07, 22:43
| ||||
| ||||
|
So thanks bro for this message
__________________ MyBBHost.Net - MyBB Hosting 7/24 Ticket Support %100 MyBB compatible hosting solution. |
|
| Thread Tools | |
| Display Modes | |
Linear Mode
| |
WHMDestek.Com © Nisan 2007 | Her Hakkı Saklıdır. | WHMDestek.Com © 2007 April | All rights reserved.
Lütfen, Alıntı yaparken kaynağı belirtmeyi unutmayınız. | Please dont forget to remember citing our name when quoting. (ybsg)
