How to Secure tmp Directory-Interserver Tips

22.03.2021


How to secure tmp path in CentOS operating system

The tmp path is the place to create and execute temporary files that we need to run fast and correctly. Normally in CentOS operating system, which is suitable for hosting servers, this path is not properly secured, and we must take a number of measures to secure this path so that hackers can not execute malicious commands in this path as much as possible and ensure server security. Jeopardize. The tmp, var / tmp, and dev / shm paths are the ones we need to secure and restrict.

What do we need before we start?

This is usually done before there is information and an account on the server and therefore there is not much risk. But if you have important information and accounts in the server where you intend to do this, you must make a complete and safe backup of the server before doing so so that you can use it in case of any problem. We also need root access in the SSH environment to do the job. Note how many files need to be edited, which we do with the nano tool in the SSH environment. If you do not have this tool, you can install it with the yum install nano command.

Steps to secure temporary file paths in CentOS

First, we suggest that you prepare to do the job through the following tutorials:

  • SSH login tutorial
  • Learn CentOS update via SSH

After that, we will edit the fstab file with nano / etc / fstab, which contains the properties of the temporary file execution paths. In the content of this file, there is a value of tmp / defaults, to which you must also add the values ​​nodev, nosuid, noexec. In fact, the values ​​should be in the form of defaults, nodev, nosuid, noexec. For tmpfs, which is in the next line or lines, we should do the same and add the values ​​of nodev, nosuid, noexec to the end of the defaults value, which will eventually be defaults, nodev, nosuid, noexec. Finally, we need to put the following value as the last line of this file and save the file with the ctrl + x key combination.

/ tmp / var / tmp none rw, noexec, nosuid, nodev, bind 0 0

At the end of the work, we must enter the following commands in order to apply the added properties to the storage and execution of temporary files.

mount -o rw, noexec, nosuid, nodev, bind / tmp / / var / tmp / mount -o remount, noexec, nosuid, nodev / tmp mount -o remount, noexec, nosuid, nodev / dev / shm

After doing the above, you must restart the operating system with the reboot command to perform them properly.

Read more in here


© 2021 Antonín Jelen. Všechna práva vyhrazena.
Vytvořeno službou Webnode
Vytvořte si webové stránky zdarma! Tento web je vytvořený pomocí Webnode. Vytvořte si vlastní stránky zdarma ještě dnes! Vytvořit stránky