User Tools

Site Tools


server-management:securing-tmp-and-dev-shm-on-openvz-vps

Backup /etc/fstab

cp /etc/fstab /etc/fstab.bak

Backup, remove and recreate /tmp

cp -Rpf /tmp /tmpbackup
rm -rf /tmp
mkdir /tmp

Mount tmp system and change permissions

mount -t tmpfs -o rw,noexec,nosuid tmpfs /tmp
chmod 1777 /tmp

Add the new /tmp to /etc/fstab for automounting

echo "tmpfs /tmp tmpfs rw,noexec,nosuid 0 0" >> /etc/fstab

Restore /tmp

cp -Rpf /tmpbackup/* /tmp/ >/dev/null 2>&1

Remove /tmp backup

rm -rf /tmpbackup

Backup /var/tmp y and symlink it to /tmp

mv /var/tmp /var/tmpbackup
ln -s /tmp /var/tmp

Restore old /tmp data

cp -Rpf /var/tmpbackup/* /tmp/ >/dev/null 2>&1

Remove /var/tmp backup

rm -rf /var/tmpbackup

All together (copy & paste)

cp /etc/fstab /etc/fstab.bak
cp -Rpf /tmp /tmpbackup
rm -rf /tmp
mkdir /tmp
mount -t tmpfs -o rw,noexec,nosuid tmpfs /tmp
chmod 1777 /tmp
echo "tmpfs /tmp tmpfs rw,noexec,nosuid 0 0" >> /etc/fstab
cp -Rpf /tmpbackup/* /tmp/ >/dev/null 2>&1
rm -rf /tmpbackup
mv /var/tmp /var/tmpbackup
ln -s /tmp /var/tmp
cp -Rpf /var/tmpbackup/* /tmp/ >/dev/null 2>&1
rm -rf /var/tmpbackup

Securing /dev/shm

Open /etc/fstab and add this line:

none /dev/shm tmpfs rw,noexec,nosuid,nodev 0 0

Then just remount.

server-management/securing-tmp-and-dev-shm-on-openvz-vps.txt · Last modified: 2015/12/11 17:15 by osiux