Secure /tmp and /var/tmp
Posted on Sunday March 13, 2016 by Eric Potvin
Temporary storage directories such as /tmp, /var/tmp and /dev/shm gives the ability to hackers to provide storage space for malicious executables.
Securing /tmp folder
Let's create a 1GB (or what is best for you) filesystem file for the /tmp parition.
sudo dd if=/dev/zero of=/usr/tmpDSK bs=1024 count=1024000
This might take a little while, be patient if it is the case.
Create a backup of the current /tmp folder:
sudo cp -Rpf /tmp /tmpbackup
Mount the new /tmp partition and set the right permissions.
sudo mount -t tmpfs -o loop,noexec,nosuid,rw /usr/tmpDSK /tmp sudo chmod 1777 /tmp
Copy the data from the backup folder, and remove backup folder.
sudo cp -Rpf /tmpbackup/* /tmp/ sudo rm -rf /tmpbackup/*
Set the /tmp in the fbtab.
/usr/tmpDSK /tmp tmpfs loop,nosuid,noexec,rw 0 0
Test your fstab entry:
sudo mount -o remount /tmp
If you try to execute a script or run a binary file on the /tmp and you get a
permission denied, that mean everything works properly.
Securing the /var/tmp should be done because some software this folder as a temporary folder. Any files and folders within this directory needs to be serured. We will use the /tmp folder we just created by creating a symbolic link.
sudo mv /var/tmp /var/tmpold sudo ln -s /tmp /var/tmp sudo cp -prf /var/tmpold/* /tmp/
You should restart and services that uses /tmp partition