How to Add /tmp Security in Centos7?

December 26, 2022 / cPanel

In this post, we will demonstrate how you can add /tmp security in Centos7.

Primarily, a Centos7 server terminal is needed.

The servers are not safe when cyber criminals attempt to hack systems or servers by utilizing a hacking script. Nobody is aware of how to prevent these cyber criminals from putting these kinds of scripts on the computer system.

And this is where /tmp security comes in, it gives us the ability to defend our systems against any kind of attack.

To prevent hackers from running scripts on the server, we employ /tmp.

It is incredibly challenging to breach the /tmp’s security. With the use of this technique, several different brute-force attacks and PHP injection rootkits may be stopped.

Follow these steps to add /tmp security:

  • On your hard disc, create a 2000MB or 1000MB /tmp partition.

For 2000Mb, type this command.

“ #dd if=/dev/zero of=/var/tmpMount bs=1024 count=2000000 “

To send 1000MB, type this command.

“ #dd if=/dev/zero of=/var/tmpMount bs=1024 count=1000000 “

  • The ext3 extension is used by the partition format.

“ #mkfs.ext3 /var/tmpMount “

Press “Y” once the instruction has been executed.

  • Duplicate the /tmp folder. We won’t have a problem because we have a backup plan in case something goes wrong.

“ #cp -R /tmp /tmpbak “

  • Mount the /tmp filesystem now with the noexec option: noexec (script cannot be implemented because it doesn’t have the authorization to run). It is not allowed to let any hacking script operate on that system.

          “ #mount -o loop,noexec,nosuid,rw /var/tmpMount /tmp “

  • The /tmp folder should be accessible. The /tmp subdirectory consequently has complete access to all files and directories.

          “ #chmod 1777 /tmp “

  • Replace the tmp backup folder with the /tmp folder.

“ #cp -R /tmpbak/* /tmp/ “

“ #rm -rf /tmpbak “

  • Create a permanent mount point for the /tmp partition now by editing the /etc/fstab file. However, before you do anything else, create a backup of the /etc/fstab file since it is crucial and if you make a mistake, your server will crash.

          “ #vim /etc/fstab “

Here, add one more line.

“ /var/tmpMount /tmp ext2 loop,noexec,nosuid,rw  0  0 “

Save this file with this command: wq

After making any alterations to /etc/fstab, be sure to run #mount -a to make sure you didn’t make any errors.

If mount -a executes without generating any errors, everything has been configured properly. The occurrence of an error proves that you made a mistake.

Any script you attempt to run will now be denied permission if you mount /tmp using the noexec option.

  • For /tmp, build a symbolic link.

          “ #cp -rvf /var/tmp /var/tmpbak “

          “ #ln -s /tmp /var/tmp “

          “ #cp -R /var/tmpbak/* /tmp/ “

          “ #rm -rf /var/tmpbak “

  • Secure the /dev/shm folder now in /etc/fstab with noexec permission.

“ #vim /etc/fstab “

Insert this line

“ tmpfs /dev/shm tmpfs defaults,nosuid,noexec,rw 0 0 “

  • Now, Mount temporary /dev/shm

“ #mount -o remount /dev/shm “

You may effectively add /tmp security Centos7 in this manner.

For more information or assistance, you can reach out to our round-the-clock customer support team who would gladly assist you with any query.

Leave a Reply

Your email address will not be published. Required fields are marked *