Secure the /tmp partition
(1 votes, average: 5.00 out of 5)
Loading ...
If you are running a shared hosting server is a very bad idea to allow perl scripts to run from /tmp
If have to have a separate /tmp partition mounted with noexec.
This is far from bullet proof but will add one more layer in your server security.
cPanel has a built in script that will mount a separate /tmp partition with noexec, all you have to do is call:
/scripts/securetmp
This will look something like:
Would you like to secure /tmp & /var/tmp at boot time? (y/n) y
Would you like to secure /tmp & /var/tmp now? (y/n) y
Securing /tmp & /var/tmp
For ultimate security I recommend using a perl wrapper. I may write a tutorial about this in the next few days so check this site from time to time.
If you enjoyed this post, make sure you subscribe to my RSS feed!
- September 9th
This was very helpful.
I think it would be great if you could also write a how to on resizing the tmp partition.
Most tmp partitions are 500M but they should be 1G.
Thanks for the informative article!
When I run this script, I get the following:
root@server [~]# /scripts/securetmp
Would you like to secure /tmp & /var/tmp at boot time? (y/n) y
Would you like to secure /tmp & /var/tmp now? (y/n) y
Securing /tmp & /var/tmp
The system does not support loop devices.
Then the script exits without applying any changes.
Any ideas?
same for me, i run /scripts/securetmp on my vps server.