Piccoli appunti per grandi appassionati di sistemi open source …

A chi non è capitato di essere “bucato” e di essersi salvato per il rotto della cuffia. Piuttosto di “ringraziare la Madonna” (come dice il nostro “amatissimo” Totò Cuffaro) ecco un paio di dritte per mettere in sicurezza /tmp e /dev/shm …

Step 1: Securing /tmp

Step 1.1: Backup your fstab file

cp /etc/fstab /etc/fstab.bak

Step 1.2: Creating /tmp filesystem

cd /var
dd if=/dev/zero of=/var/tmpFS bs=1024 count=1048576
mkfs.ext3 -j /var/tmpFS

Step 1.3: Making backup of old /tmp

mkdir /tmp_backup
mv /tmp/* /tmp_backup/
mv /tmp/.* /tmp_backup/

Step 1.4: Adding new /tmp filesystem to fstab

echo “/var/tmpFS /tmp ext3 loop,rw,noexec,nosuid,nodev 0 0″ >> /etc/fstab
rm -rf /tmp
mkdir /tmp
mount /var/tmpFS
chmod 1777 /tmp

Step 1.5: Moving /tmp backup to the new /tmp filesystem

mv /tmp_backup/* /tmp/
mv /tmp_backup/.* /tmp/
rm -rf /tmp_backup

Step 2: No need for 2 tmp filesystems, so we symlink /tmp to /var/tmp

rm -rf /var/tmp/
ln -s /tmp/ /var/

Step 3: Securing /dev/shm
Remove the tmpfs /dev/shm line, and replace it with this:

tmpfs /dev/shm tmpfs rw,noexec,nosuid,nodev 0 0

Step 4: Double Check your fstab, it should look like this:

/dev/VolGroup00/LogVol00 / ext3 defaults 1 1
LABEL=/boot /boot ext3 defaults 1 2
devpts /dev/pts devpts gid=5,mode=620 0 0
tmpfs /dev/shm tmpfs rw,noexec,nosuid,nodev 0 0
proc /proc proc defaults 0 0
sysfs /sys sysfs defaults 0 0
/dev/VolGroup00/LogVol01 swap swap defaults 0 0
/var/tmpFS /tmp ext3 loop,rw,noexec,nosuid,nodev 0 0

Check for duplicates etc, anything that may be wrong.

Link: http://www.securecentos.com/tag/securing-tmp.html