How to Secure /tmp Directory
In this tutorial we can check how to secure /tmp directory.
Securing or hardening tmp involves a large role in securing your server from external attacks. All applications use /tmp directory to store the data temporarily. There is a chance to attack the server using Trojans if it’s not secured properly. Temp hardening restricts all activities on /tmp. This prevents the attacker from executing code within the /tmp folder. The hacker tries to inject malicious scripts into /tmp folder through the web application exploit and they try to execute this file on the server bringing it down. When we harden the /tmp folder using nexus mode the user will not able to execute the script and it will prevent these types of attacks.
Before doing any change in fstab we need to take the backup of that file using the command below.
# cp -p /etc/fstab /etc/fstab.back
Follow the below steps to hardening your /tmp directory.
1) Creating /tmp as a different partition.
By default, /tmp folder has all permissions such as read, write, and execute. This is the main reason why the server becomes vulnerable. We need to secure /tmp folder in a different partition. If an attacker gets access to /tmp folder he would not able to access the system file. The space allocation depends up on your server. Here I am creating a partition of 100M size and ext3 filesystem.
# dd if=/dev/zero of=/dev/tmpFS bs=1024 count=100000
# mke2fs –j /dev/tmpFS
2) Create a backup of existing /tmp folder.
# cp -rp /tmp /tnp.back
3) Change /tmp to non-executable.
Make the /tmp no exec in /etc/fstab and mount it. It will prevent the server from being hacked via /tmp folder.
# chmod 1777 /tmp
4) Copy all old data to /tmp folder by using the command below.
# cp –rf /tmp.back/* /tmp
5) Add the below line to fstab
# vi /etc/fstab
/dev/tmpFS /tmp ext3 loop,nosuid,noexec,rw 0 0
6) Mount the partition.
# mount -a
Congrats you are now protected your /tmp directory from attacks.
Hardening /tmp on cPanel
cPanel has a custom script for hardening /tmp folder. You can just run this script on command line for securing /tmp folder.
We need to move all data in /var/tmp to a backup file.
# mv /var/tmp /var/tmp.backup
Create a symlink of /var/tmp to /tmp.
# ln -s /tmp /var/tmp
Copy old contents back to /var/tmp folder.
# mv /var/tmp.backup /var/tmp
Edit the /etc/fstab and remount the /dev/shm as non-executable.
# vi /etc/fstab
tmpfs /dev/shm tmpfs defaults,nosuid,noexec,rw 0 0
Mount the partition.
# mount -a
Install ModSecurity on server
ModSecurity is a firewall which protect your server from various script attack that can be found from web application. ModSecurity is also play an important role in securing /tmp folder.
1) Add EPEL rpm repository by using below command.
2) Install mod_security using below command.
# yum install mod_security mod_security_crs
3) Edit the configuration file of ModSecurity to enable SecRuleEngine.
# vi /etc/httpd/conf.d/mod_security.conf
4) Restart apache to enable changes.
# service httpd restart
If you need any further assistance please contact our support department.