24x7Servermanagement is a leading Managed IT Services Provider equipped with a world-class support center. We are truly dedicated to provide the best budget server management services for web hosting and dedicated server owners. Our aim is to provide exclusive and quality outsourcing services. We are available 24 hours a day, 7 days a week, 365 days at your service.
-
Hardening /tmp in Plesk
Posted on July 2nd, 2010 No commentsHardening /tmp location is very important as you may risk running rootkits, ircbots and trojans from that location. Today we had a similar problem with one of our plesk server where these bots were getting uploaded in /tmp location. However there is NO perfect solution to find how these are getting uploaded under /tmp but its better take preventive mesaures for not letting them execute.
Hardening /tmp
Since /tmp was not seperately mounted there is no need to take the backup of /etc/fstab file. However its good to take in case anything goes wrong.
Create a separate partition for /tmp. For that we need to create a separate device with a certain space. The space allocation is actually depending on the apps running on your machine. Here I’m creating a separate device of size 100M and formatting it with ext3 filesystem.
dd if=/dev/zero of=/dev/tmpFS bs=1024 count=100000
mke2fs –j /dev/tmpFS
Copying existing data which is in the /tmp directory to a sperate temporary directory.
cp –pRf /tmp /tmp_bkp
Mounting the new partition that we’ve created in the /tmp directory and setting the necessary permissions.
mount -o loop,noexec,nosuid,rw /dev/tmpFS /tmp
chmod 1777 /tmp
Copy the old data which is int /tmp_bkp directory to the new /tmp directory.
cp –pRf /tmp_bkp/* /tmp
Finally add the following entry to the fstab to make the changes permanent.
/dev/tmpFS /tmp ext3 loop,nosuid,noexec,rw 0 0
That’s it. Your /tmp location is secured now.
Recent Comments