Introduction

In this article, i will explain how to secure/harden /tmp directory of a linux system. Securing/Hardening /tmp  is so important as an attacker can inject the malicious code through the we application exploit and bring down the server. By default files in /tmp  is used by all applications to store  the data temporarily, and also user can execute files. When we harden the /tmp  folder using noexec mode the user will not able to execute the script and it will prevent these types of attacks.

Procedure

  1. create a backup existing /tmp folder.
$ cp -rf /tmp /tmp_bak

2. create /tmp as a different partition.

By default, /tmp folder has all permissions such as read, write, and execute. This is the main reason why the server becomes vulnerable. We need to secure /tmp folder in a different partition. If an attacker gets access to /tmp folder he would not able to access the system file. The space allocation depends up on your server. Here I am creating a partition of 2G size and ext4 filesystem.

$ dd if=/dev/zero of=/dev/securetmp bs=1024 count=2000000

$ mkfs.ext4 /dev/securetmp

3. Change /tmp to non-executable.

Make the /tmp noexec in /etc/fstab and mount it. This will help to prevent the server from being hacked via /tmp folder.

$ chmod 1777 /tmp

4. Copy all old data to /tmp folder by using the command below.

$ cp –rf  /tmp_bak/* /tmp

5. Update /etc/fstab entry to make the mount permanent

$ /dev/securetmp /tmp ext4 loop,nosuid,noexec,rw 0 0

6. Mount the partition using

$ mount -a

Congratulations. You have successfully secured the /tmp partition