Secure tmp folder openvz
How to secure /tmp, /var/tmp and /dev/shm with OpenVZ
First open fstab using nano, or your chosen editor:
nano -w /etc/fstab
Next append the following like to the fstab file you just opened:
none /tmp tmpfs nodev,nosuid,noexec 0 0
If you opened using nano you can now close using ctrl+x and then answering “y” to save.
To apply the changes we now need to simply remount all:
Then secure /dev/shm:
none /dev/shm tmpfs defaults 0 0
none /dev/shm tmpfs nodev,nosuid,noexec 0 0
and save file.
Then use command:
mount -o remount /dev/shm
to update mount options for /dev/shm
now mount command should show you something like:
/dev/simfs on / type reiserfs (rw,usrquota,grpquota)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
none on /dev type tmpfs (rw)
none on /dev/pts type devpts (rw)
none on /dev/shm type tmpfs (rw,noexec,nosuid,nodev)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
none on /tmp type tmpfs (rw,noexec,nosuid,nodev)
and you could see that /tmp and /de/shm now secured.
There is also a /var/tmp dir that needs to be secured.
So first make a backup of the files in the folder:
mv /var/tmp /var/tmpfiles
Now make a symlink to map /tmp to /var/tmp
ln -s /tmp /var/tmp
next is to restore the files from the backup we have made before:
cp /var/tmpfiles/* /tmp/
Restore the files from the backup you made before, and make sure that the files in tmpfiles are now in tmp.
ls -la /var/tmpfiles
ls -la /var/tmp
You can remove the tmpfiles directory now with the following Linux command:
rm -rf /var/tmpfiles