OVH Community, your new community space.

Securing /tmp folder (Debian)


MIODude
19-08-2009, 02:32
with the recent re-image i did a couple of days ago, the / partition is now 10 GB.. (where as prior it was only 3 GB)... so.. should be good i hope (10 GB should be enough?).. Guess they changed their partitioning scheme

yonatan
19-08-2009, 02:05
Just make sure you have space in /mnt
usualy clean ovh installs come with little space on the / partition.
run
# df -h
see where you have the most free space to create your loopdisk.

derchris
18-08-2009, 23:55
It takes a file (/mnt/tmp) and mounts it as /tmp with noexec, nosuid option

MIODude
18-08-2009, 23:12
so - without having to repartition my servers so that /tmp is on their own partition and mounted with noexec.. what other options is there?

I found these steps below... but.. i'm not familiar with what its doing - is this destructive? I have 3 servers I need to secure (all debian), as i don't want the same thing to happen that happened already!

Code:
dd if=/dev/zero of=/mnt/tmp bs=1024 count=1024000
mke2fs -T ext3 /mnt/tmp

cp -aR /tmp /tmp_backup
mount -o loop,noexec,nosuid,rw /mnt/tmp /tmp
cp -aR /tmp_backup /tmp
rm -rf /tmp_backup

mv /var/tmp /tmp_backup
ln -s /tmp /var/tmp
cp -aR /tmp_backup /tmp
rm -rf /tmp_backup

chmod 1777 /tmp

cp /etc/fstab /etc/fstab.original
echo "/mnt/tmp /tmp ext3 loop,noexec,nosuid,rw     0 0" >> /etc/fstab