Hardening /tmp location is very important as you may risk running rootkits, ircbots and trojans from that location. Today we had a similar problem with one of our plesk server where these bots were getting uploaded in /tmp location. However there is NO perfect solution to find how these are getting uploaded under /tmp but its better take preventive mesaures for not letting them execute.
Hardening /tmp
Since /tmp was not seperately mounted there is no need to take the backup of /etc/fstab file. However its good to take in case anything goes wrong.
Create a separate partition for /tmp. For that we need to create a separate device with a certain space. The space allocation is actually depending on the apps running on your machine. Here I’m creating a separate device of size 100M and formatting it with ext3 filesystem.
dd if=/dev/zero of=/dev/tmpFS bs=1024 count=100000
mke2fs –j /dev/tmpFS
Copying existing data which is in the /tmp directory to a sperate temporary directory.
cp –pRf /tmp /tmp_bkp
Mounting the new partition that we’ve created in the /tmp directory and setting the necessary permissions.
mount -o loop,noexec,nosuid,rw /dev/tmpFS /tmp
chmod 1777 /tmp
Copy the old data which is int /tmp_bkp directory to the new /tmp directory.
cp –pRf /tmp_bkp/* /tmp
Finally add the following entry to the fstab to make the changes permanent.
/dev/tmpFS /tmp ext3 loop,nosuid,noexec,rw 0 0
That’s it. Your /tmp location is secured now.
