پاسخ : چند سوال در مورد برطرف کردن چند اخطار در csf
how to secure /tmp - Google Search3- Check /tmp is mounted as a filesystem >> /tmp should be mounted as a separate filesystem with the noexec,nosuid options set
فقط تو اکثر آموزش ها مقدار تمپ رو 100 مگابایت هست ، شما بیشتر بزار
بعد سکیور کزدن فولدر بالا دستور زیر رو بزن4- Check /var/tmp is mounted as a filesystem >> /var/tmp should either be symlinked to /tmp or mounted as a filesystem
rm -fR /var/tmp
ln -s /tmp /var/tmp
It should be done because some applications use /var/tmp as the temporary folder, and anything that's accessible by all, needs to be secured. Rename it and create a symbolic link to /tmp:5- Check /dev/shm is mounted noexec,nosuid >> /dev/shm is not mounted with the noexec,nosuid options (currently: none). You should modify the mountpoint in /etc/fstab for /dev/shm with those options and remount
# mv /var/tmp /var/tmp1
# ln -s /tmp /var/tmp
Copy the old data back:
# cp /var/tmpold/* /tmp/
Note: you should restart and services that uses /tmp partition
3. Securing /dev/shm:
To get all the work well done, you should secure /dev/shm to stop rootkits running here.
Edit your /etc/fstab:
# nano /etc/fstab
change:
"none /dev/shm tmpfs defaults,rw 0 0" to
"none /dev/shm tmpfs defaults,nosuid,noexec,rw 0 0"
Remount /dev/shm:
# mount -o remount /dev/shm
پاسخ با نقل قول