Secure tmp folder openvz

How to secure /tmp, /var/tmp and /dev/shm with OpenVZ

First open fstab using nano, or your chosen editor:

nano -w /etc/fstab

Next append the following like to the fstab file you just opened:

none /tmp tmpfs nodev,nosuid,noexec 0 0

If you opened using nano you can now close using ctrl+x and then answering “y” to save.

To apply the changes we now need to simply remount all:

mount -a

Then secure /dev/shm:

change

none /dev/shm tmpfs defaults 0 0

none /dev/shm tmpfs nodev,nosuid,noexec 0 0

and save file.

Then use command:

mount -o remount /dev/shm

to update mount options for /dev/shm

now mount command should show you something like:

mount

/dev/simfs on / type reiserfs (rw,usrquota,grpquota)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
none on /dev type tmpfs (rw)
none on /dev/pts type devpts (rw)
none on /dev/shm type tmpfs (rw,noexec,nosuid,nodev)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
none on /tmp type tmpfs (rw,noexec,nosuid,nodev)

and you could see that /tmp and /de/shm now secured.

There is also a /var/tmp dir that needs to be secured.

So first make a backup of the files in the folder:

mv /var/tmp /var/tmpfiles

Now make a symlink to map /tmp to /var/tmp

ln -s /tmp /var/tmp

next is to restore the files from the backup we have made before:

cp /var/tmpfiles/* /tmp/

Restore the files from the backup you made before, and make sure that the files in tmpfiles are now in tmp.

ls -la /var/tmpfiles

ls -la /var/tmp

You can remove the tmpfiles directory now with the following Linux command:

rm -rf /var/tmpfiles