Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

Hardening Linux Web Servers - tmp directory
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Joseph_sys
Advocate
Advocate


Joined: 08 Jun 2004
Posts: 2716
Location: Edmonton, AB
PostPosted: Sun Jul 02, 2006 5:42 am    Post subject: Hardening Linux Web Servers - tmp directory Reply with quote
In article "Hardening Linux Web Servers" there is a section regarding "tmp" directory that has a good pointer:
http://www.freesoftwaremagazine.com/articles/hardening_linux?page=0%2C3

Quote:
Rootkits typically write to the /tmp directory and then attempt to run from /tmp. A crafty way to prevent this is to mount the /tmp directory on a separate partition with the noexec, nodev, and nosuid options enabled. This prevents binaries from being executed under /tmp, disables any binary to be suid root, and disables any block or character devices from being created under /tmp.

Edit /etc/fstab with your favorite editor, find the line corresponding to /tmp and change it to look like this one.
/dev/hda2 /tmp ext3 nodev,nosuid, noexec 0 0

My "tmp" dir like everybody else is in "/" so there is not much I can do but is it possible to change the permission to make it not executable to make the same effect?
from:
drwxrwxrwt 26 root root 36864 Jul 1 23:16 tmp
to:
drw-rw-rwt 26 root root 36864 Jul 1 23:16 tmp
Back to top
View user's profile Send private message
nielchiano
Veteran
Veteran


Joined: 11 Nov 2003
Posts: 1287
Location: 50N 3E
PostPosted: Sun Jul 02, 2006 9:02 am    Post subject: Re: Hardening Linux Web Servers - tmp directory Reply with quote
Joseph_sys wrote:
but is it possible to change the permission to make it not executable to make the same effect?
from:
drwxrwxrwt 26 root root 36864 Jul 1 23:16 tmp
to:
drw-rw-rwt 26 root root 36864 Jul 1 23:16 tmp

yes, that is possible, but it DOES NOT have the same effect:
this removes the execute permission from the DIRECTORY, not from the files within. execute on a directory is needed if you want to enter it (eg with cd)
All this does is make tmp a non-enterable directory, which certainly will stop rootkits living there, but also everything else.

In your explanation I see no reason why you couldn't make a seperate partition for /tmp (providing you have still some space left on your disk)
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy