How to secure /tmp, /var/tmp and /dev/shm with OpenVZ

First open fstab using nano, or your chosen editor:

nano -w /etc/fstab

 

Next append the following like to the fstab file you just opened:

none /tmp tmpfs nodev,nosuid,noexec 0 0

 

If you opened using nano you can now close using ctrl+x and then answering “y” to save.

To apply the changes we now need to simply remount all:

mount -a

Then secure /dev/shm:

change

none    /dev/shm        tmpfs   defaults     0 0

to

none    /dev/shm        tmpfs   nodev,nosuid,noexec     0 0

and save file.

Then use command:

mount -o remount /dev/shm 

to update mount options for /dev/shm

now mount command should show you something like:

mount


/dev/simfs on / type reiserfs (rw,usrquota,grpquota)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
none on /dev type tmpfs (rw)
none on /dev/pts type devpts (rw)
none on /dev/shm type tmpfs (rw,noexec,nosuid,nodev)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
none on /tmp type tmpfs (rw,noexec,nosuid,nodev)


and you could see that /tmp and /de/shm now secured.

There is also a /var/tmp dir that needs to be secured.

So first make a backup of the files in the folder:

mv /var/tmp /var/tmpfiles

 

Now make a symlink to map /tmp to /var/tmp

ln -s /tmp /var/tmp

 

next is to restore the files from the backup we have made before:

cp /var/tmpfiles/* /tmp/

 

Restore the files from the backup you made before, and make sure that the files in tmpfiles are now in tmp.

ls -la /var/tmpfiles

ls -la /var/tmp

 

You can remove the tmpfiles directory now with the following Linux command:

rm -rf /var/tmpfiles


  • 67 Users Found This Useful
Was this answer helpful?

Related Articles

How to unzip .tar.bz2 file

To unzip bzip file use:tar -xvjf filename.tar.bz2 First make sure you have installed bzip...

Buy web hosting with SOFORT

Web Hosting with SOFORT Webhosting companies are essential in today’s current world. The...

How to change the VPS server date and time

Changing the VPS server time and date is not hard at all. The easiest way to do this is to login...

Buy web hosting with EgoPay

Web Hosting with EgoPay QHoster has added EgoPay as a payment option for their services. EgoPay...

How to install Red5 Media Server on CentOS VPS and Dedicated Servers

1. Install Java using yum. (The -y flag provides a ‘yes’ answer to all prompts.) yum -y install...