how to secure tmp partation in linux

-
1. Create separte partation for tmp , if you don't have the space to create a fresh /tmp partition on existing drives, you can use the loopback capabilities of the Linux kernel by creating a loopback filesystem that will be mounted as /tmp and can use the same restrictive mount options.
To create a 1GB loopback filesystem, execute the following commands.

[root@Centos7 ~]# dd if=/dev/zero of=/dev/tmpDIR bs=1024 count=1000000
1000000+0 records in
1000000+0 records out
1024000000 bytes (1.0 GB) copied, 5.32903 seconds, 192 MB/s


2. Backup Current /tmp Directory: Now backup the current /tmp directory using the syntax below which will keep the same permissions for the files currently in /tmp.

[root@Centos7 ~]# cp -Rpf /tmp /tmpbak

3.Modify fstab: You should add a line to the end of the /etc/fstab file so the tmp partation so tmp is mounted when the server reboots.

/dev/mapper/centos-tmp  /tmp                    xfs     rw,noexec,nosuid,nodev        0 0
/tmp                    /var/tmp                none rw,noexec,nosuid,nodev,bind 0 0


## Bind /var/tmp to /tmp
 mount -o rw,noexec,nosuid,nodev,bind /tmp/ /var/tmp/

## Remount /tmp
 mount -o remount,noexec,nosuid,nodev /tmp

## Remount /dev/shm
 mount -o remount,noexec,nosuid,nodev /dev/shm

4. Modify /tmp Directory Permissions:

Comments

Post a Comment

Popular Posts

Install and configure rsyslog Centralized logging server in CentOS

-
 Install and configure rsyslog Centralized logging server in CentOS 6.5 In this tutorial we will learn, how to install and configure rsyslog 7.6 version on RHEL 6.5/CentOS 6.5 .The scenario is, install and setup rsyslog Centralized Logging Server in RHEL/CentOS 6.5. All the logs from client servers will be sent to Centralized logging server i.e rsyslog server. Check Pre-installed rsyslog package Step 1: First of all check the rsyslog package is installed in your system.Generally by-default we get rsyslog version 5.x , after minimal installation of CentOS 6.x / RHEL 6.x We will install the latest rsyslog package. At the time of writing this post, rsyslog stable version 7.6 was available. You can find the latest package information from rsyslog official website Note: By default, RHEL 6.x and CentOS 6.x has rsyslog version 5.x. So here we will update the rsyslog with new version. You can get the rsyslog version information, by using below given two commands rpm -qa|grep rsy...
Read more

Connecting to Your Linux Instance from Windows Using PuTTY

-
Image
1.     To generate an RSA key pair to work with version 2 of the protocol, type the following command at a shell prompt: 2.   ssh-keygen -t rsa [pravesh@localhost ~]$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/pravesh/.ssh/id_rsa): pravesh Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in pravesh. Your public key has been saved in pravesh.pub. The key fingerprint is: ed:5e:fb:5d:87:a2:12:ac:5d:98:1c:59:df:e3:81:1a pravesh@localhost.localdomain The key's randomart image is: +--[ RSA 2048]----+ |                 | |          .      | |         o . o   | |        o.E o +  | | ...
Read more

How to fix postfix/smtp Network is unreachable error

-
While configuration postfix authentication getting the error status=deferred (delivery temporarily suspended: connect to smtp.office365.com[2603:1026:3:ca::2]:587: Network is unreachable) its because of you were not using IPv6/ wrong settings for ipv6. You can either use IPv4, or correct your IPv6 settings. [root@mailserver postfix]# netstat -nutlap | grep 25 tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      3956/master tcp        0      0 127.0.0.1:38442         127.0.0.1:3306          ESTABLISHED 2596/httpd [root@mailserver postfix]# vi /etc/postfix/main.cf [root@mailserver...
Read more