CentOS TMPFS and Secured TMP

CentOS TMPFS and Secured TMP

You would be known well about temporary directory such as /dev/shm, /var/tmp and /tmp which helps hackers to give a way to run their program and script. These executables are enrolled only to hack your information and takes more source from your server. /tmp has the permission in limited counts for execution. Mostly, users of Vultr won’t use /tmp for any type of configuration because it is well known for malicious activity.

You can’t take your partition of /tmp while installing CentOS by default.

To make changes on the home directory use code:
Code:
cd /home
You can name the home directory as per your wish. Here, we create 2 GB file using the file name “mntTmp’ :
Code:
dd if=/dev/zero of=mntTmp bs=1024 count=2000000
To create a file system in extended motion for the file using the below code:
Code:
mkfs.ext4 /home/mntTmp
Now, take backup on the directory /tmp:
Code:
cp -Rpf /tmp /tmp_backup1
Go to the directory base:
Code:
cd /
Use text editor for executing created /tmp which runs from the boot:
Code:
nano /etc/fstab
Go to fstab file for adding the line mentioned below separately. Make sure below you found a empty space:
Code:
/home/mntTmp /tmp   ext4    loop,nosuid,noexec,nodev,rw 0 0
You need to change another line too! So, keep it as it is!

A temporary filesystem called “tmpfs” is used in CentOS by shm which is executed as virtual memory. We have more options to safeguard shm so, go to the fstab file for checking the line /shm. Check the word “default” to replace “'defaults,nosuid,noexec,nodev'”

Save the file once you make changes!

Now, start mounting on the file system /tmp:
Code:
mount -o loop,nosuid,noexec,nodev /home/mntTmp /tmp
Give permissions such as read, write and execute:
Code:
chmod 777 /tmp
Use the settings of new boot to cross-check any errors by mounting:
Code:
mount -o remount /tmp
You would have taken backup of /tmp already so, place the backup to the /tmp mounted file system:
Code:
mv /tmp_backup1/* /tmp/
Start removing the created backup:
Code:
rm -Rf /tmp_backup1
Take backup of /var/tmp :
Code:
cp -Rpf var/tmp /tmp_backup2
Do directory removal of /var/tmp:
Code:
rm -Rf /var/tmp
Do link creation inbetween /var/tmp - /tmp:
Code:
ln -s /tmp /var/tmp
Just copy backup of /var/tmp to /tmp:
Code:
mv /tmp_backup2/* /tmp/
Do backup removal:
Code:
rm -Rf /tmp_backup2
Overall, we have completed directory work step by step. It's all code execution that’s it!
Author
kumkumsharma
Views
346
First release
Last update
Rating
0.00 star(s) 0 ratings

More resources from kumkumsharma

Top