Temporary directories<\/strong>\u00a0such as\u00a0 This guide is for\u00a0AKLWEB Host users whose server configuration does not include a mounted<\/strong>\u00a0 Note: Default CentOS installations do not mount the\u00a0 Change to the home directory.<\/strong><\/p>\n Make a file in the home directory with any name.<\/strong>\u00a0Here we are using ‘mntTmp’ and creating a\u00a02GB<\/strong>\u00a0file. You can adjust this to suit your needs.<\/p>\n Make an extended filesystem for this file.<\/strong><\/p>\n Back up your current<\/strong>\u00a0 Return to the base directory.<\/strong><\/p>\n Create the<\/strong>\u00a0 Add the following to the bottom of the fstab file on a separate line.<\/strong>\u00a0Then press enter to ensure there is an empty line beneath it (the empty line is important to avoid running into problems when rebooting).<\/p>\n Note: This mount may need to be temporarily removed when you compile or install software<\/strong><\/span><\/p>\n Keep the file open as another line is going to be changed.<\/strong><\/p>\n CentOS<\/strong>\u00a0uses a temporary filesytem\u00a0(tmpfs)<\/strong>\u00a0in virtual memory called\u00a0“shm”<\/strong>. It appears mounted despite the\u00a0fact that it is not a physical file system<\/strong>. We can apply permissions to secure shm. Look for the line in the fstab file with tmpfs and\u00a0 You can now mount the\u00a0 Set read, write, execute permissions.<\/strong><\/p>\n Check for any mounting errors with the new boot settings.<\/strong><\/p>\n Move the<\/strong>\u00a0 Remove the backup that you created.<\/strong><\/p>\n Backup up<\/strong>\u00a0 Remove the<\/strong>\u00a0 Create a symbolic link from<\/strong>\u00a0 Copy the<\/strong>\u00a0 Remove the backup.<\/strong><\/p>\n Depending on the specific software you are using, you may have a\u00a0“tmp”<\/strong>\u00a0directory in the home directory.\u00a0You can remove this directory and create a symbolic link<\/strong>\u00a0to\u00a0\/tmp<\/code>,\u00a0
\/var\/tmp<\/code>, and\u00a0
\/dev\/shm<\/code>\u00a0offer a\u00a0platform for hackers<\/strong>\u00a0to run scripts and programs. These\u00a0malicious executables<\/strong>\u00a0are used to abuse or compromise your server. Ideally the\u00a0
\/tmp<\/code>\u00a0directory should be mounted on its own partition with limited permissions.<\/p>\n
\/tmp<\/code>\u00a0directory on its own partition, which leaves these\u00a0directories insecure and vulnerable<\/strong>. Implementing this guide will make it extremely difficult for hackers to use these directories.<\/p>\n
\/tmp<\/code>\u00a0directory on its own partition.<\/strong><\/p>\n
cd \/home\r\n<\/code><\/pre>\n
dd if=\/dev\/zero of=mntTmp bs=1024 count=2000000\r\n<\/code><\/pre>\n
mkfs.ext4 \/home\/mntTmp\r\n<\/code><\/pre>\n
\/tmp<\/code>\u00a0directory<\/strong>.<\/p>\n
cp -Rpf \/tmp \/tmp_backup1\r\n<\/code><\/pre>\n
cd \/\r\n<\/code><\/pre>\n
\/tmp<\/code>\u00a0mounting option to run at boot by using a text editor.<\/strong><\/p>\n
nano \/etc\/fstab\r\n<\/code><\/pre>\n
\/home\/mntTmp \/tmp ext4 loop,nosuid,noexec,nodev,rw 0 0\r\n<\/code><\/pre>\n
\/shm<\/code>. Replace\u00a0
'defaults'<\/code>\u00a0with\u00a0
'defaults,nosuid,noexec,nodev'<\/code>. Save the file.<\/p>\n
\/tmp<\/code>\u00a0file system.<\/strong><\/p>\n
mount -o loop,nosuid,noexec,nodev \/home\/mntTmp \/tmp\r\n<\/code><\/pre>\n
chmod 777 \/tmp\r\n<\/code><\/pre>\n
mount -o remount \/tmp\r\n<\/code><\/pre>\n
\/tmp<\/code>\u00a0backup which you created back to the mounted<\/strong>\u00a0
\/tmp<\/code>\u00a0file system<\/strong>.<\/p>\n
mv \/tmp_backup1\/* \/tmp\/\r\n<\/code><\/pre>\n
rm -Rf \/tmp_backup1\r\n<\/code><\/pre>\n
\/var\/tmp<\/code>.<\/p>\n
cp -Rpf var\/tmp \/tmp_backup2\r\n<\/code><\/pre>\n
\/var\/tmp<\/code>\u00a0directory.<\/strong><\/p>\n
rm -Rf \/var\/tmp\r\n<\/code><\/pre>\n
\/var\/tmp<\/code>\u00a0to<\/strong>\u00a0
\/tmp<\/code>.<\/p>\n
ln -s \/tmp \/var\/tmp\r\n<\/code><\/pre>\n
\/var\/tmp<\/code>\u00a0backup to<\/strong>\u00a0
\/tmp<\/code>.<\/p>\n
mv \/tmp_backup2\/* \/tmp\/\r\n<\/code><\/pre>\n
rm -Rf \/tmp_backup2\r\n<\/code><\/pre>\n
Optional<\/strong><\/h3>\n
\/tmp<\/code>. Care should exercised when doing this as it may break the software,\u00a0particularly web hosting software.<\/strong><\/p>\n
rm -Rf \/home\/tmp\r\n ln -s \/tmp \/home\/tmp<\/code><\/pre>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"open","ping_status":"closed","template":"","format":"standard","manualknowledgebasecat":[231,242],"manual_kb_tag":[352],"_links":{"self":[{"href":"https:\/\/support.aklwebhost.com\/wp-json\/wp\/v2\/manual_kb\/2565"}],"collection":[{"href":"https:\/\/support.aklwebhost.com\/wp-json\/wp\/v2\/manual_kb"}],"about":[{"href":"https:\/\/support.aklwebhost.com\/wp-json\/wp\/v2\/types\/manual_kb"}],"author":[{"embeddable":true,"href":"https:\/\/support.aklwebhost.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/support.aklwebhost.com\/wp-json\/wp\/v2\/comments?post=2565"}],"version-history":[{"count":1,"href":"https:\/\/support.aklwebhost.com\/wp-json\/wp\/v2\/manual_kb\/2565\/revisions"}],"predecessor-version":[{"id":2566,"href":"https:\/\/support.aklwebhost.com\/wp-json\/wp\/v2\/manual_kb\/2565\/revisions\/2566"}],"wp:attachment":[{"href":"https:\/\/support.aklwebhost.com\/wp-json\/wp\/v2\/media?parent=2565"}],"wp:term":[{"taxonomy":"manualknowledgebasecat","embeddable":true,"href":"https:\/\/support.aklwebhost.com\/wp-json\/wp\/v2\/manualknowledgebasecat?post=2565"},{"taxonomy":"manual_kb_tag","embeddable":true,"href":"https:\/\/support.aklwebhost.com\/wp-json\/wp\/v2\/manual_kb_tag?post=2565"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}