How To Harden The Security Of /tmp Directory?

Users must take the following measures for hardening the /tmp directory
A. Creating /tmp as a different partition : As a default function, the /tmp directory has read, write, and execute permissions set to ON. This is the main reason for the servers vulnerability. You can move it over to a different partition altogether instead of letting it be in the root / partition.By doing this, even if an attacker manages to get an access to the /tmp directory, he wouldn’t be able to get an access to the system files.

B. Setting /tmp as non-executable attributes : You can make /tmp noexec in /etc/fstab. Once done, you should be able to relate it to : /tmp ext3 loop,noexec,nosuid,rw 0 0 . You may read the distribution documentations to get the appropriate settings. It is recommended to take backup of your server before making any amendments to the fstab.

mount -o loop,noexec,nosuid,nodev,rw /usr/Tmp /tmp
This is a key step where you mount /usr/Tmp as the new /tmp filesystem, with noexec (no executables), nosuid (no Suid binaries or scripts) and nodev (no devices can be mounted here)

C. Installing ModSecurity on server : ModSecurity is an application firewall which helps in protecting the server from various sorts of script exploits that can be found in the web applications. With it, server admins can harden the security of the server, adding an enhanced protective layer to the network firewall.  With this you would be able to avoid attackers to exploit the web scripts, with which they can gain access to the /tmp.

D. Refraining the use of /tmp for web scripts : Incase if the applications are exposed to the web, you may opt for using an entirely separate and additionally secure temporary directories. You can set fewer permissions to it.

By making these modifications to the default settings, you need to also ensure that none of the applications that are operating over the server face a negative impact. Further, some may face an issue wherein the hosting control panels such as the cPanel might not be able to work efficiently after implementing some of the above settings and amendments.

  • 0 用戶發現這個有用
這篇文章有幫助嗎?

相關文章

How To: Back Up MySQL Databases From The Command Line

While automated backups are important, sometimes you just want to take a quick and dirty snapshot...

How To Install MariaDB on CentOS 6

MariaDB is a drop-in replacement for MySQL. It is easy to install, offers many speed and...

How to Display (List) All Jobs in Cron / Crontab

View Root’s Cron Jobs crontab -l  View a User’s Cron Jobs crontab -u username -l Example with...

How To: Automate Server Scripts With Cron

Servers can automatically perform tasks that you would otherwise have to perform yourself, such...

How to find sending spam emails and enable mail header in php.ini

- In Linux servers if there are a lot of emails in the queue "over 100" emails. you can check if...