Dmitry Dovidenko’s Blog

Secure /tmp, /var/tmp, /dev/shm

By default CentOS and RHEL are not very secure when it comes to temporary directories. This is a big problem because an exploitable PHP script can be used to launch many nasty processes such as an FTP brute force scanner. If you have many clients its inevitable that some of them will have such exploitable scripts at some point. This also means that you will have to deal with the abuse complaints resulting from such exploits which will cost you time that you and your staff could spend on marketing or helping customers. You should use this guide to secure all new RHEL/CentOS installs. I may release a full security script at some point when it’s further tested.

[[ Dmitry's TMP Security Script ]]
Checking if /dev/tempFS exists… it does not.. creating!
204800+0 records in
204800+0 records out
209715200 bytes (210 MB) copied, 0.70351 seconds, 298 MB/s
mke2fs 1.39 (29-May-2006)
Filesystem label=
OS type: Linux
Block size=1024 (log=0)
Fragment size=1024 (log=0)
51200 inodes, 204800 blocks
10240 blocks (5.00%) reserved for the super user
First data block=1
Maximum filesystem blocks=67371008
25 block groups
8192 blocks per group, 8192 fragments per group
2048 inodes per group
Superblock backups stored on blocks:
8193, 24577, 40961, 57345, 73729

Writing inode tables: done
Creating journal (4096 blocks): done
Writing superblocks and filesystem accounting information: done

This filesystem will be automatically checked every 37 mounts or
180 days, whichever comes first.  Use tune2fs -c or -i to override.
/dev/tmpFS has been created!
Backing up current /tmp!
Setting up /etc/fstab and mounting!
Restoring old /tmp data and cleaning up!
Checking if /var/tmp is a symlink… it does not.. creating!
Backing up current /var/tmp!
Setting up /var/tmp as symlink to secured /tmp!
Restoring old /var/tmp data and cleaning up!
Making sure /dev/shm is secured in /etc/fstab!

Download the script and try it out. I recommend using it on a new or unmodified CentOS/RHEL install.

Download Script