I only modified this by changing the values for the count= to 500mb instead of what the original
One method is to create a loopback filesystem that will be mounted as /tmp
and can use the same restrictive mount options. To create a 500mb loopback
filesystem, execute:
dd if=/dev/zero of=/.tmpfs bs=1024 count=500000
mke2fs -j /.tmpfs
cp -av /tmp /tmp.old
mount -o loop,noexec,nosuid,nodev,rw /.tmpfs /tmp
chmod 1777 /tmp
mv -f /tmp.old/* /tmp/
rmdir /tmp.old
Once this is complete, edit /etc/fstab to have the loopback filesystem mounted
automatically at boot:
/.tmpfs /tmp ext3 loop,nosuid,noexec,nodev,rw 0 0
---
There is another method here:
http://www.tuxhelper.info/2008/06/secur ... ctory.html
Original Author:
http://blogs.techrepublic.com.com/opensource/?p=171
HowTo: secure /tmp files, for hard drive users
- klhrevolutionist
- Posts: 1121
- Joined: Wed 08 Jun 2005, 10:09
HowTo: secure /tmp files, for hard drive users
Last edited by klhrevolutionist on Fri 27 Jun 2008, 23:53, edited 2 times in total.
Heaven is on the way, until then let's get the truth out!
- klhrevolutionist
- Posts: 1121
- Joined: Wed 08 Jun 2005, 10:09
With the link I provided you can see why one might want to make such changes to /tmp I also forgot to mention that not only did i change the count= I also added "nodev" onto the mounting permissions.
http://blogs.techrepublic.com.com/opensource/?p=171
One problem with directories meant to store temporary files is that they can often be targeted as places to store bots and rootkits that compromise the system. This is because in most cases, anyone (or any process) can write to these directories. Insecure permissions are problematic as well; most Linux distributions set the sticky bit on directories meant to contain temporary files — this means that user A cannot remove a file belonging to user B, and vice versa. Depending on the permissions of the file itself, user A may be able to view and/or modify the contents of that file, however.
http://blogs.techrepublic.com.com/opensource/?p=171
Heaven is on the way, until then let's get the truth out!