• Domains
  • Web Hosting
  • WordPress Hosting
  • Reseller Hosting
  • Cloud VPS
  • Dedicated Servers
  • Domains
  • Web Hosting
  • WordPress Hosting
  • Reseller Hosting
  • Cloud VPS
  • Dedicated Servers
home/Knowledge Base/Dedicated Servers/Linux Guides/Secure TMP and TMPFS on CentOS 6
Popular Search:Dedicated Server, CentOS, Web Hosting

Secure TMP and TMPFS on CentOS 6

30 views 0 December 6, 2019 Updated on December 27, 2019 aklwebhost

Temporary directories such as /tmp, /var/tmp, and /dev/shm offer a platform for hackers to run scripts and programs. These malicious executables are used to abuse or compromise your server. Ideally the /tmp directory should be mounted on its own partition with limited permissions.

This guide is for AKLWEB Host users whose server configuration does not include a mounted /tmp directory on its own partition, which leaves these directories insecure and vulnerable. Implementing this guide will make it extremely difficult for hackers to use these directories.

Note: Default CentOS installations do not mount the /tmp directory on its own partition.

Change to the home directory.

 cd /home

Make a file in the home directory with any name. Here we are using ‘mntTmp’ and creating a 2GB file. You can adjust this to suit your needs.

 dd if=/dev/zero of=mntTmp bs=1024 count=2000000

Make an extended filesystem for this file.

 mkfs.ext4  /home/mntTmp

Back up your current /tmp directory.

 cp -Rpf /tmp /tmp_backup1

Return to the base directory.

 cd /

Create the /tmp mounting option to run at boot by using a text editor.

 nano /etc/fstab

Add the following to the bottom of the fstab file on a separate line. Then press enter to ensure there is an empty line beneath it (the empty line is important to avoid running into problems when rebooting).

 /home/mntTmp   /tmp    ext4    loop,nosuid,noexec,nodev,rw 0 0

Note: This mount may need to be temporarily removed when you compile or install software

Keep the file open as another line is going to be changed.

CentOS uses a temporary filesytem (tmpfs) in virtual memory called “shm”. It appears mounted despite the fact that it is not a physical file system. We can apply permissions to secure shm. Look for the line in the fstab file with tmpfs and /shm. Replace 'defaults' with 'defaults,nosuid,noexec,nodev'. Save the file.

You can now mount the /tmp file system.

 mount -o loop,nosuid,noexec,nodev /home/mntTmp /tmp

Set read, write, execute permissions.

 chmod 777 /tmp

Check for any mounting errors with the new boot settings.

 mount -o remount /tmp

Move the /tmp backup which you created back to the mounted /tmp file system.

 mv /tmp_backup1/* /tmp/

Remove the backup that you created.

 rm -Rf /tmp_backup1

Backup up /var/tmp.

 cp -Rpf var/tmp /tmp_backup2

Remove the /var/tmp directory.

 rm -Rf /var/tmp

Create a symbolic link from /var/tmp to /tmp.

 ln -s /tmp /var/tmp

Copy the /var/tmp backup to /tmp.

 mv /tmp_backup2/* /tmp/

Remove the backup.

 rm -Rf /tmp_backup2

Optional

Depending on the specific software you are using, you may have a “tmp” directory in the home directory. You can remove this directory and create a symbolic link to /tmp. Care should exercised when doing this as it may break the software, particularly web hosting software.

 rm -Rf /home/tmp
 ln -s /tmp /home/tmp
Tags:Secure TMP and TMPFS on CentOS 6

Was this helpful?

Yes  No
Related Articles
  • Setup Spigot Server on Arch Linux
  • How To Install OSSEC HIDS on a CentOS 7 Server
  • Initial Setup of a CentOS 7 Server
  • Using StrongSwan for IPSec VPN on CentOS 7
  • Hot Backups with Percona XtraBackup on the One-Click WordPress App
  • Installing Rust on Ubuntu 14.04
Leave A Comment Cancel reply

Linux Guides
  • Secure TMP and TMPFS on CentOS 6
  • Setup Spigot Server on Arch Linux
  • How To Install OSSEC HIDS on a CentOS 7 Server
  • Initial Setup of a CentOS 7 Server
  • Using StrongSwan for IPSec VPN on CentOS 7
  • Hot Backups with Percona XtraBackup on the One-Click WordPress App
View All 190  
Popular Articles
  • Using StrongSwan for IPSec VPN on CentOS 7
  • Disabling SSDP (Linux / Windows)
  • Can I pay by Western Union?
  • Can a Coupon Code Discount Be Carried Forward While I Upgrade My VPS Account
  • Can I pay multiple due invoices using a single transaction?
KB Categories
  • Billing
  • Cloud Hosting
  • CMS Hosting
  • cPanel/WHM Control Panel Guide
  • Dedicated Servers
    • AMD Opteron 6272
    • Arch
    • Backup Storage
    • Bandwidth
    • Basic Security
    • BSD
    • CentOS
    • Containers
    • CoreOS
    • DDoS Protection
    • Debian
    • Dedicated Server Control Panel
    • Intel Core i5 3550
    • Intel Core i5 4570
    • Intel Core i7 3770
    • Intel Core i7 4770
    • Intel Xeon E3 1230 V3
    • Intel Xeon E3 1245 V2
    • IP Space
    • Linux Guides
    • Minecraft
    • Networking
    • Server Apps
    • Server Troubleshooting
    • Ubuntu
    • Windows Guides
    • Windows Server 2008
    • Windows Server 2012
  • Domain Names
  • Email Support Documentation
    • Setup IMAP or POP
    • User Features – How To
    • Webmail – How To
  • FTP (File Transfer Protocol
    • CuteFTP Guide
    • FileZilla Guide
  • Game Servers
  • MySQL and MariaDB
  • Node.js
  • Plesk Web Hosting Guide
  • VPS Server
  • Web Servers

  Reset the Root Password in CentOS

Set Hostname on CentOS  

  • Privacy Policy
  • Terms of Use
  • © 2022 AKLWEB HOST LLC, All Rights Reserved.

Popular Search:Dedicated Server, CentOS, Web Hosting