Monday, 1 October 2012

Securing /tmp - Server Hardening


Before securing the tmp directories, we need to understand the importance of securing

it and why we are doing this. As you know that most of the application uses /tmp

directory for storing data temporarily. So this directory can be used by rootkits,

trojans if it’s not secured properly.These are steps to secure temp directories (/tmp,

/var/tmp, /dev/shm).
We’re going to secure temp direcotries with noexec,nosuid paramaters. Before that we

need to find out whether /tmp directories are already secured. You can check this by

executing the command mount and also checking the fstab entries.

Securing /tmp
-----------------

First we need to take a backup of your present fstab entries so that if anything goes

wrong we can change it back to the old configuration.

cp -p /etc/fstab /etc/fstab_bkp

Create a separate partition for /tmp. For that we need to create a separate device with

a certain space. The space allocation is actually depending on the apps running on your

machine. Here I’m creating a separate device of size 100M and formatting it with ext3

filesystem.

dd if=/dev/zero of=/dev/tmpFS bs=1024 count=100000
mke2fs –j /dev/tmpFS

Copying existing data which is in the /tmp directory to a sperate temporary directory.

cp –pRf  /tmp /tmp_bkp

Mounting the new partition that we’ve created in the /tmp directory and setting the

necessary permissions.

mount -o loop,noexec,nosuid,rw /dev/tmpFS /tmp
chmod 1777 /tmp

Copy the old data which is int /tmp_bkp directory to the new /tmp directory.

cp –pRf  /tmp_bkp/* /tmp

Finally add the following entry to the fstab to make the changes permanent.

/dev/tmpFS /tmp ext3 loop,nosuid,noexec,rw 0 0

Now we’ve completed securing the /tmp directory.


Securing /var/tmp
--------------------

First move the contents of /var/tmp to a temporary location.

mv /var/tmp /var/tmp_bkp

Create a symlink of /var/tmp to the /tmp

ln –s /tmp /var/tmp

Lastly copy the contents back to the /tmp folder.

mv /var/tmp_bkp/* /var/tmp


Securing /dev/shm
---------------------

Edit your fstab entry and locate the line which specifies the mount point of shm.

vi /etc/fstab

And the line should be something like this.


tmpfs                   /dev/shm                tmpfs   defaults        0 0


You need to modify it with nosuid,noexec parameters.

tmpfs                   /dev/shm                tmpfs   defaults,nosuid,noexec,rw 0 0


After that remount /dev/shm

mount –o remount /dev/shm

Note: After securing the /tmp folder, you must restart the services (mysql) that uses /tmp.

.



Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)