IntroTech PHP, MySQL, Linux, CSS, Javascript, HTML Help: How to secure the /tmp and /var/tmp partition on a VPS?

Wednesday, July 24, 2013

How to secure the /tmp and /var/tmp partition on a VPS?

On a VPS, there are 2 ways to mount OR secure /tmp and /var/tmp partitions with the noexec,nosuid option.
One way is to mount these partitions from the Node the VPS resides on.
1) Login to the Node server and execute the following command:

vzctl set VEID --bindmount_add /tmp,noexec,nosuid,nodev --save
vzctl set VEID --bindmount_add /var/tmp,noexec,nosuid,nodev --save

The “bindmount_add” option is use to mount the partition inside the VPS. The ‘VEID’ is the VPS ID you are working on.
2) The second option is to mount these partition from within the VPS itself. It is useful incase you don’t have access to the Node server. To mount /tmp and /var/tmp from within the VPS, execute:

mount -t tmpfs -o noexec,nosuid,nodev tmpfs /tmp
mount -t tmpfs -o noexec,nosuid,nodev tmpfs /var/tmp

To check the mounted ‘tmp’ partitions, execute

mount | grep tmp

IntroTech PHP, MySQL, Linux, CSS, Javascript, HTML Help

Wednesday, July 24, 2013

How to secure the /tmp and /var/tmp partition on a VPS?

No comments:

Post a Comment