MRKAVANA (mrkavana@gmail.com) - www.facebook.com/kavanathai

Aug 25, 2011

How to secure the /tmp partition on a VPS with noexec,nosuid option?


How to secure the /tmp and /var/tmp partition on a VPS?
On a VPS, there are 2 ways to mount OR secure /tmp and /var/tmp partitions with the noexec,nosuid option. One way is to mount these partitions from the Node the VPS resides on.
1) Login to the Node server and execute the following command:
# vzctl set VEID --bindmount_add /tmp,noexec,nosuid,nodev --save
# vzctl set VEID --bindmount_add /var/tmp,noexec,nosuid,nodev --save
The “bindmount_add” option is use to mount the partition inside the VPS. The ‘VEID’ is the VPS ID you are working on.
2) The second option is to mount these partition from within the VPS itself. It is useful incase you don’t have access to the Node server. To mount /tmp and /var/tmp from within the VPS, execute:
# mount -t tmpfs -o noexec,nosuid,nodev tmpfs /tmp
# mount -t tmpfs -o noexec,nosuid,nodev tmpfs /var/tmp
To check the mounted ‘tmp’ partitions, execute
root@server [~]# mount | grep tmp
tmpfs on /tmp type tmpfs (rw,noexec,nosuid)
tmpfs on /var/tmp type tmpfs (rw,noexec,nosuid,nodev)

No comments:

Post a Comment