Portal Home > Knowledgebase > VPS Hosting and Dedicated Servers > How to secure /tmp, /var/tmp and /dev/shm with OpenVZ


How to secure /tmp, /var/tmp and /dev/shm with OpenVZ




First open fstab using nano, or your chosen editor:

nano -w /etc/fstab

 

Next append the following like to the fstab file you just opened:

none /tmp tmpfs nodev,nosuid,noexec 0 0

 

If you opened using nano you can now close using ctrl+x and then answering “y” to save.

To apply the changes we now need to simply remount all:

mount -a

Then secure /dev/shm:

change

none    /dev/shm        tmpfs   defaults     0 0

to

none    /dev/shm        tmpfs   nodev,nosuid,noexec     0 0

and save file.

Then use command:

mount -o remount /dev/shm 

to update mount options for /dev/shm

now mount command should show you something like:

mount


/dev/simfs on / type reiserfs (rw,usrquota,grpquota)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
none on /dev type tmpfs (rw)
none on /dev/pts type devpts (rw)
none on /dev/shm type tmpfs (rw,noexec,nosuid,nodev)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
none on /tmp type tmpfs (rw,noexec,nosuid,nodev)


and you could see that /tmp and /de/shm now secured.

There is also a /var/tmp dir that needs to be secured.

So first make a backup of the files in the folder:

mv /var/tmp /var/tmpfiles

 

Now make a symlink to map /tmp to /var/tmp

ln -s /tmp /var/tmp

 

next is to restore the files from the backup we have made before:

cp /var/tmpfiles/* /tmp/

 

Restore the files from the backup you made before, and make sure that the files in tmpfiles are now in tmp.

ls -la /var/tmpfiles

ls -la /var/tmp

 

You can remove the tmpfiles directory now with the following Linux command:

rm -rf /var/tmpfiles




Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
VPS automatic updates (Views: 1915)

* Minimum sign up periods for cPanel Web Hosting plans: Mini - 3mo., Pro - 1mo., Biz - 1mo., cPanel Reseller Hosting, Linux VPS, Windows VPS, Managed cPanel VPS and Dedicated Servers - 1mo. secret link
Accepted payments: Credit/Debit Card, Paypal, Payza, Skrill, WebMoney, CashU, Ukash, paysafecard, Bitcoin, Perfect Money, SolidTrust Pay, OKPay, EgoPay, Western Union/MG, Wire Transfer and more.