Temporary directories such as /tmp, /var/tmp and /dev/shm provide space for malicious executables on operating systems.Malicious users can use this space to execute unwanted program on your server.For prevent this case you must nosuid, nodev and noexec on this partition.

  • nosuid – Do not set SUID/SGID access on this partition
  • nodev – Do not character or special devices on this partition
  • noexec – Do not set execution of any binaries on this partition

Add nosuid, nodev and noexec to /tmp, /var/tmp and /dev/shm

Edit the file /etc/fstab:

nano -w /etc/fstab

Add following to your /etc/fstab:

/tmp /tmp tmpfs defaults,nosuid,noexec 0 0
/var/tmp /var/tmp tmpfs defaults,nosuid,noexec 0 0
/dev/shm /dev/shm tmpfs defaults,noexec,nosuid 0 0

Save and exit . Now run following command:

mount -a
Print Friendly

Comments

comments

Bài viết liên quan