-
August 7th, 2008, 19:16
#1
مدیر کل
امن کردن پارتیشن /tmp در سرور های CPANEL
If you are renting a server then chances are everything is lumped in / and a small amount partitioned for /boot and some for swap. With this current setup, you have no room for making more partitions unless you have a second hard-drive. Learn how to create a secure /tmp partition even while your server is already up and running.
Recently, I found out it would be worthwhile to give /tmp it's own partition and mount it using noexec- This would protect your system from MANY local and remote exploits of rootkits being run from your /tmp folder.
What we are doing it creating a file that we will use to mount at /tmp. So log into SSH and SU to root so we may being! code:
cd /dev
Create 100MB file for our /tmp partition. If you need more space, make count size larger.
code:
dd if=/dev/zero of=tmpMnt bs=1024 count=100000
Make an extended filesystem for our tmpMnt file
code:
/sbin/mke2fs /dev/tmpMnt
Backup your /tmp dir- I had mysql.sock file that I needed to recreate the symbolic link for. Other programs may use it to store cache files or whatever.
code:
cd /
Article provided by WebHostGear.com
code:
cp -R /tmp /tmp_backup Mount the new /tmp filesystem with noexec
code:
mount -o loop,noexec,nosuid,rw /dev/tmpMnt /tmp
code:
chmod 1777 /tmp
Copy everything back to new /tmp and remove backup
code:
cp -R /tmp_backup/* /tmp/
code:
rm -rf /tmp_backup
Now we need to add this to fstab so it mounts automatically on reboots.
code:
pico -w /etc/fstab
You should see something like this:
code:
/dev/hda3 / ext3 defaults,usrquota 1 1
/dev/hda1 /boot ext3 defaults 1 2
none /dev/pts devpts gid=5,mode=620 0 0
none /proc proc defaults 0 0
none /dev/shm tmpfs defaults 0 0
/dev/hda2 swap swap defaults 0 0
At the bottom add
code:
/dev/tmpMnt /tmp ext2 loop,noexec,nosuid,rw 0 0
(Each space is a tab)
Save it!
Ctrl + X and Y
Your done- /tmp is now mounted as noexec. You can sleep a little bit safer tonight. I created a hello world c++ and compiled it then moved it to /tmp. Upon trying to run it (even chmod +x'ed), it gives the following error:
code:
bash: ./a.out: Permission denied
Yay! /tmp no longer has execute permissions :-D
برای پیش رفت در علم آسانسوری وجود ندارد پله ها را باید پیاده رفت /./ همیشه این یادتان باشد که دست بالای دست بسیار است.
يادمان باشد براي يك بار ايستادن صد ها بار افتاده ايم /./ بک آپ مهمترین رمز موفقیت هاستینگ /./ امنیت مطلق نیست.
ارتباط مستقیم با من :
Admin -{(@)}- WebHostingTalk . ir
-
تعداد تشکر ها ازVahid به دلیل پست مفید
-
August 7th, 2008 19:16
# ADS
-
June 19th, 2011, 15:46
#2
عضو انجمن
پاسخ : امن کردن پارتیشن /tmp در سرور های CPANEL
-
تعداد تشکر ها از DeltaGostar به دلیل پست مفید
پاسخ با نقل قول
