The /tmp folder on Linux system is most commonly used by hackers to upload malicious script and execute code to make mass replacement or modification. The reason is this is well known path for world writable folder (for sessions and temporary files which anyone can have write access to).

You can secure this threat to some extent by properly security the /tmp of your servers.
First of all do not use /tmp as simply a folder on / partition.

Create the separate partition for /tmp during setup of your server.If you have already partitioned the system with default layout and there is no free blocks left on your hard drive for new partition then create Virtual Disk. and mount it on /tmp

You can use following options while mounting /tmp

noexec,nosuid,nodev,bind

noexec = This mount option do not allow execution of any script (shell / bash / perl etc..) in /tmp
nosuid = special userID or Group ID will not take any effect. The files upload will not execute by the owners / group owners permissions.

nodev = Thi will not interpret character or block special devices on the file system mounted with this iption.

bind = Remount a subtree somewhere else (so that its contents are available in both places)

You can use following command to mount temp partition.

[root@server~]# mount -t ext3 -o rw,nosuid,nodev,noexec /dev/sda6 /tmp

if you have virtual file system use following.

[root@server~]# mount -t ext3 -o loop,defaults,rw,nosuid,nodev,noexec /var/TempFS /tmp

/var/TempFS is the file name which has virtual file system.

also add / edit the /etc/fstab for /tmp partition mount option.

/dev/sda6         /tmp                 ext3     rw,noexec,nosuid,nodev,bind             0         0
/tmp                 /var/tmp           none r  w,noexec,nosuid,nodev,bind              0         0

Posted in: Linux.
Last Modified: October 24, 2013

Leave a reply