Secure /tmp
1. #nano /etc/fstab
replace “defaults” in front of /tmp, /dev/shm to
replace “defaults” in front of /tmp, /dev/shm to
nosuid,noexec,rw
Save the file and remount the partitions:
Save the file and remount the partitions:
2. Remount Partitions:
#mount -o remount /tmp
#mount -o remount /dev/shm
#mount -o remount /dev/shm
3. To secure /var/tmp, rename the existing /var/tmp and create a symlink
a. #umount /var/tmp
b. #mv /var/tmp /var/tmp_bak
#ln -s /tmp /var/tmp
a. #umount /var/tmp
b. #mv /var/tmp /var/tmp_bak
#ln -s /tmp /var/tmp
Đối với VPS OpenVZ, bạn thực hiện các bước sau:
1. Mount partition /tmp
#mount -t tmpfs -o noexec,nosuid tmpfs /tmp
Kiểm tra lại partition đã mount
# cat /proc/mounts/dev/simfs / simfs rw,usrquota,grpquota 0 0
proc /proc proc rw 0 0
sysfs /sys sysfs rw 0 0
none /dev tmpfs rw 0 0
none /dev/pts devpts rw 0 0
none /proc/sys/fs/binfmt_misc binfmt_misc rw 0 0
tmpfs /tmp tmpfs rw,nosuid,noexec 0 0
proc /proc proc rw 0 0
sysfs /sys sysfs rw 0 0
none /dev tmpfs rw 0 0
none /dev/pts devpts rw 0 0
none /proc/sys/fs/binfmt_misc binfmt_misc rw 0 0
tmpfs /tmp tmpfs rw,nosuid,noexec 0 0
2. Sửa lại fstab
# nano /etc/fstab
Thêm:
tmpfs /tmp tmpfs noexec,nosuid 0 0
3. To secure /var/tmp, rename the existing /var/tmp and create a symlink
a. #umount /var/tmp
b. #mv /var/tmp /var/tmp_bak
#ln -s /tmp /var/tmp
a. #umount /var/tmp
b. #mv /var/tmp /var/tmp_bak
#ln -s /tmp /var/tmp
(Sưu tầm)