#!/bin/bash
########################################
# Title: SECURE /tmp, /var/tmp, /dev/shm
# Site: http://rootit.org/
# Dmitry Dovidenko
########################################
printf "\n\x1b\x5b1;31;40m[[ Dmitry's TMP Security Script ]]\x1b\x5b0;37;40m\n"
printf "Checking if /dev/tempFS exists... "
if [ -e /dev/tmpFS ]; then
	printf "it does.. \x1b\x5b1;31;40mPlease verify /tmp is noexec by hand (mount). Script will still verify /var/tmp and /dev/shm!\x1b\x5b0;37;40m\n"
else
	printf "it does not.. \x1b\x5b1;34;40mcreating!\x1b\x5b0;37;40m\n"
	dd if=/dev/zero of=/dev/tmpFS bs=1024 count=204800
	mkfs.ext3 -F /dev/tmpFS
	printf "/dev/tmpFS has been created!\n"
	printf "Backing up current /tmp!\n"
	cp -prf /tmp /tmp.old
	rm -rf /tmp/*
	printf "Setting up /etc/fstab and mounting!\n"
	echo "/dev/tmpFS		/tmp			ext3	loop,noexec,nosuid,rw	0 0" >> /etc/fstab
	mount -a
	chmod 1777 /tmp
	printf "Restoring old /tmp data and cleaning up!\n"
	cp -prf /tmp.old/* /tmp
	rm -rf /tmp.old
fi
printf "Checking if /var/tmp is a symlink... "
if [ -h /var/tmp ]; then
	printf "it does.. \x1b\x5b1;31;40mPlease verify that /var/tmp is symlinked to /tmp and that tmp is noexec (mount). Script will still verify /dev/shm!\x1b\x5b0;37;40m\n"
else
	printf "it does not.. \x1b\x5b1;34;40mcreating!\x1b\x5b0;37;40m\n"
	printf "Backing up current /var/tmp!\n"
	mv /var/tmp /var/tmp.old
	printf "Setting up /var/tmp as symlink to secured /tmp!\n"
	ln -s /tmp /var/tmp
	printf "Restoring old /var/tmp data and cleaning up!\n"
	cp -prf /var/tmp.old/* /var/tmp/
	rm -rf /var/tmp.old
fi
printf "Making sure /dev/shm is secured in /etc/fstab!\n"
cat /etc/fstab | sed 's/tmpfs                   \/dev\/shm                tmpfs   defaults        0 0/tmpfs                   \/dev\/shm                tmpfs   nodev,nosuid,noexec        0 0/g' > /etc/fstab.sec.tmp
cat /etc/fstab.sec.tmp > /etc/fstab
mount -o remount /dev/shm