Secure the /tmp partition on FreeBSD
Log onto the server as root:
Is the /tmp directory in its own partition?
- Edit /etc/fstab
Do you see a /tmp partition? If YES, then move to step B; otherwise move to step C.
- Modify /etc/fstab to change the definition for /tmp
Change what is present for /tmp to rw,nosuid,nodev
Skip to step D
- Modify /etc/fstab to create a new /tmp partition and have it point to your current /tmp directory
The typical format is "Device Mountpoint FStype Options Dump Pass#"
So you might have something like
/hard_drive_device_name /tmp ufs rw,nosuid,nodev 2 2
- Link /var/tmp to /tmp
cd /var && mv ./tmp/* /tmp/ && rm -rf tmp && ln -s /tmp tmp
Notes: The /etc/fstab entry means it will be mounted automatically on boot up.
nosuid, noexec are to help protect against hackers putting root kits in /tmp and building / executing them
IMPORTANT NOTE: This document is based on FreeBSD. The concepts
should be similar across operating systems, but the commands will very likely be different. Also, never
assume the directory structures exist in your system as written in the document. Never blindly follow
security instructions -- read, review, compare, apply as it fits your system.
|
