Quick Linux Partitioning Tip
By Ian Scott
One way that black hat hackers can get access to your server is by locating a vulnerable application or script that might allow them to upload files to the server. The tmp (/tmp) directory is a directory where such files might get uploaded to.
This quick tip won’t guarantee that your Linux box will never be hacked or cracked or intruded upon, but it can minimize the ability of a cracker to get access and then run executables that have been uploaded to the /tmp directory.
Here’s what you do:
First, you create the /tmp directory on its own partition. This is easiest of course when you are first installing Linux on your computer and are asked if you want to manually partition the hard drives. If you didn’t manually partition the drives and place /tmp on its own partition, it can still be done - but I’ll leave that for another post.
Once the /tmp directory has its own partition and you’ve installed the operating system, you then open up the /etc/fstab file using your favorite editor such as Vi or Emacs.
Remove the word defaults and replace with rw,nosuid,noexec then save the file.
You’ll then need to remount the /tmp partition with the following command:
mount -oremount loop,rw,nosuid,noexec /tmp
Of course, you will need to be root to do the above.
This won’t stop nasty people from uploading files to your /tmp directory, but it will prevent them from being able to run any executable programs from the /tmp directory.
Read more in: Computer Security |