How to secure /tmp, /var/tmp and /dev/shm with OpenVZ

First open fstab using nano, or your chosen editor:

nano -w /etc/fstab

 

Next append the following like to the fstab file you just opened:

none /tmp tmpfs nodev,nosuid,noexec 0 0

 

If you opened using nano you can now close using ctrl+x and then answering “y” to save.

To apply the changes we now need to simply remount all:

mount -a

Then secure /dev/shm:

change

none    /dev/shm        tmpfs   defaults     0 0

to

none    /dev/shm        tmpfs   nodev,nosuid,noexec     0 0

and save file.

Then use command:

mount -o remount /dev/shm 

to update mount options for /dev/shm

now mount command should show you something like:

mount


/dev/simfs on / type reiserfs (rw,usrquota,grpquota)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
none on /dev type tmpfs (rw)
none on /dev/pts type devpts (rw)
none on /dev/shm type tmpfs (rw,noexec,nosuid,nodev)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
none on /tmp type tmpfs (rw,noexec,nosuid,nodev)


and you could see that /tmp and /de/shm now secured.

There is also a /var/tmp dir that needs to be secured.

So first make a backup of the files in the folder:

mv /var/tmp /var/tmpfiles

 

Now make a symlink to map /tmp to /var/tmp

ln -s /tmp /var/tmp

 

next is to restore the files from the backup we have made before:

cp /var/tmpfiles/* /tmp/

 

Restore the files from the backup you made before, and make sure that the files in tmpfiles are now in tmp.

ls -la /var/tmpfiles

ls -la /var/tmp

 

You can remove the tmpfiles directory now with the following Linux command:

rm -rf /var/tmpfiles


  • 82 Users Found This Useful
Was this answer helpful?

Related Articles

Change of the reverse DNS record for VPS hosting and dedicated server

To change the reverse DNS record for IP address, you’ll need to contact the support department in...

Checking of open connections

If you want to see the open connections to port 25 on your virtual private server or dedicated...

Do I have full root access to my VPS

Yes you do. With virtual hosting (VPS) you get root password for access, trough which you have...

Do I have my own IP address with my virtual server

Yes you do. We provide your own IP address to each virtual private server. If you need more than...

How to create .tar.gz archive

Creating .tar.gz archive can be done with one command. Use the following: tar -pczf...