In this article, i will explain how to secure/harden /tmp directory of a linux system. Securing/Hardening /tmp is so important as an attacker can inject the malicious code through the we application exploit and bring down the server. By default files in /tmp is used by all applications to store the data temporarily, and also user can execute files. When we harden the /tmp folder using noexec mode the user will not able to execute the script and it will prevent these types of attacks.
- create a backup existing /tmp folder.
$ cp -rf /tmp /tmp_bak
2. create /tmp as a different partition.
By default, /tmp folder has all permissions such as read, write, and execute. This is the main reason why the server becomes vulnerable. We need to secure /tmp folder in a different partition. If an attacker gets access to /tmp folder he would not able to access the system file. The space allocation depends up on your server. Here I am creating a partition of 2G size and ext4 filesystem.
$ dd if=/dev/zero of=/dev/securetmp bs=1024 count=2000000 $ mkfs.ext4 /dev/securetmp
3. Change /tmp to non-executable.
Make the /tmp noexec in /etc/fstab and mount it. This will help to prevent the server from being hacked via /tmp folder.
$ chmod 1777 /tmp
4. Copy all old data to /tmp folder by using the command below.
$ cp –rf /tmp_bak/* /tmp
5. Update /etc/fstab entry to make the mount permanent
$ /dev/securetmp /tmp ext4 loop,nosuid,noexec,rw 0 0
6. Mount the partition using
$ mount -a
Congratulations. You have successfully secured the /tmp partition