How to secure /tmp and /dev/shm partitions?
It is highly recommended to mount /tmp and /dev/shm partitions in noexec,nosuid mode in order to prevent files been executed under those partitions. To mount /tmp and /dev/shm in noexec,nosuid more, edit the /etc/fstab file and
search for the word
"defaults"
in front of the 2 partitions and replace them with
rw,noexec,nosuid
The entry should look like the following:
tmpfs /dev/shm tmpfs rw,noexec,nosuid 0 0
and same for /tmp partition as well.
Save the /etc/fstab file. You now need to remount the partitions for the changes to take effect. Execute the following remount commands:
root@host [~]# mount -o remount /tmp root@host [~]# mount -o remount /dev/shm
You can now check the mounted partitions using the command:
root@host [~]# mount
Related Links:
How to secure /tmp on a VPS?
Comments are closed.