How to secure /tmp in Linux


The /tmp folder on Linux system is most commonly used by hackers to upload malicious script and execute code to make mass replacement or modification. The reason is this is well known path for world writable folder (for sessions and temporary files which anyone can have write access to).

You can secure this threat to some extent by properly security the /tmp of your servers.
First of all do not use /tmp as simply a folder on / partition.

Create the separate partition for /tmp during setup of your server.If you have already partitioned the system with default layout and there is no free blocks left on your hard drive for new partition then create Virtual Disk. and mount it on /tmp

You can use following options while mounting /tmp

noexec,nosuid,nodev,bind

noexec = This mount option do not allow execution of any script (shell / bash / perl etc..) in /tmp
nosuid = special userID or Group ID will not take any effect. The files upload will not execute by the owners / group owners permissions.

nodev = Thi will not interpret character or block special devices on the file system mounted with this iption.

bind = Remount a subtree somewhere else (so that its contents are available in both places)

You can use following command to mount temp partition.

[root@server~]# mount -t ext3 -o rw,nosuid,nodev,noexec /dev/sda6 /tmp

if you have virtual file system use following.

[root@server~]# mount -t ext3 -o loop,defaults,rw,nosuid,nodev,noexec /var/TempFS /tmp

/var/TempFS is the file name which has virtual file system.

also add / edit the /etc/fstab for /tmp partition mount option.

/dev/sda6         /tmp                 ext3     rw,noexec,nosuid,nodev,bind             0         0
/tmp                 /var/tmp           none r  w,noexec,nosuid,nodev,bind              0         0

About Alex Hunt

Hi All I am Manish Kumar Jha aka Alex Hunt. I am currently working in VMware Software India Pvt Ltd as Operations System Engineer (vCloud Air Operations). I have around 5 Years of IT experience and have exposure on VMware vSphere, vCloud Director, RHEL and modern data center technologies like Cisco UCS and Cisco Nexus 1000v and NSX. If you find any post informational to you please press like and share it across social media and leave your comments if you want to discuss further on any post. Disclaimer: All the information on this website is published in good faith and for general information purpose only. I don’t make any warranties about the completeness, reliability and accuracy of this information. Any action you take upon the information you find on this blog is strictly at your own risk. The Views and opinions published on this blog are my own and not the opinions of my employer or any of the vendors of the product discussed.
This entry was posted in Linux/CentOS. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s