Secure /tmp and /var/tmp

Posted on Sunday March 13, 2016 / by Eric Potvin

Temporary storage directories such as /tmp, /var/tmp and /dev/shm gives the ability to hackers to provide storage space for malicious executables.

Securing /tmp folder

Let's create a 1GB (or what is best for you) filesystem file for the /tmp parition.

sudo dd if=/dev/zero of=/usr/tmpDSK bs=1024 count=1024000

This might take a little while, be patient if it is the case.

Create a backup of the current /tmp folder:

sudo cp -Rpf /tmp /tmpbackup

Mount the new /tmp partition and set the right permissions.

sudo mount -t tmpfs -o loop,noexec,nosuid,rw /usr/tmpDSK /tmp
sudo chmod 1777 /tmp

Copy the data from the backup folder, and remove backup folder.

sudo cp -Rpf /tmpbackup/* /tmp/
sudo rm -rf /tmpbackup/*

Set the /tmp in the fbtab.

/usr/tmpDSK /tmp tmpfs loop,nosuid,noexec,rw 0 0

Test your fstab entry:

sudo mount -o remount /tmp

If you try to execute a script or run a binary file on the /tmp and you get a permission denied, that mean everything works properly.

Secure /var/tmp

Securing the /var/tmp should be done because some software this folder as a temporary folder. Any files and folders within this directory needs to be serured. We will use the /tmp folder we just created by creating a symbolic link.

sudo mv /var/tmp /var/tmpold
sudo ln -s /tmp /var/tmp
sudo cp -prf /var/tmpold/* /tmp/

You should restart and services that uses /tmp partition