Get your server issues fixed by our experts for a price starting at just 25 USD/Hour. Click here to register and open a ticket with us now!

Author Topic: Secure /tmp Directory  (Read 6308 times)

0 Members and 1 Guest are viewing this topic.

sajugovind

  • Guest
Secure /tmp Directory
« on: April 06, 2014, 12:10:54 am »
The /tmp directory present in your Linux web hosting UK server is susceptible to attempted attacks. Despite the fact that its tasks is simply to store the temporary files required by applications, but users with destructive intentions can exploit an under-protected /tmp directory for executing scripts or bots.

How To Harden The Security Of /tmp Directory ?

Users must take the following measures for hardening the /tmp directory

A. Creating /tmp as a different partition :
As a default function, the /tmp directory has read, write, and execute permissions set to ON. This is the main reason for the servers vulnerability. You can move it over to a different partition altogether instead of letting it be in the root / partition.By doing this, even if an attacker manages to get an access to the /tmp directory, he wouldn’t be able to get an access to the system files.

B. Setting /tmp as non-executable attributes : You can make /tmp noexec in /etc/fstab. Once done, you should be able to relate it to : /tmp ext3 loop,noexec,nosuid,rw 0 0 . You may read the distribution documentations to get the appropriate settings. It is recommended to take backup of your server before making any amendments to the fstab.

C. Installing ModSecurity on server : ModSecurity is an application firewall which helps in protecting the server from various sorts of script exploits that can be found in the web applications. With it, server admins can harden the security of the server, adding an enhanced protective layer to the network firewall.  With this you would be able to avoid attackers to exploit the web scripts, with which they can gain access to the /tmp.

D. Refraining the use of /tmp for web scripts :
Incase if the applications are exposed to the web, you may opt for using an entirely separate and additionally secure temporary directories. You can set fewer permissions to it.

By making these modifications to the default settings, you need to also ensure that none of the applications that are operating over the server face a negative impact. Further, some may face an issue wherein the hosting control panels such as the cPanel might not be able to work efficiently after implementing some of the above settings and amendments.