Search Engine: Elastic

Article ID: 2753, created on Oct 29, 2007, last review on May 8, 2014

  • Applies to:
  • Pro Control Panel Linux


View Knowledge
Knowledge ID 2082
Product : Ensim Pro for Linux
Version : 4.0.3
Topic : Hotfix

Securing /tmp folder

This KB helps us to build a secured /tmp folder, preventing users from executing malicious scripts form /tmp folder.

We have tested ensim regarding the issue with /tmp directory.

Please follow the given steps:(If you don't have /tmp as a different partition)
1) Create a new partition on the server with the help of fdisk

2) mke2fs -j /dev/device-you-created (formatting the new partition with the ext3 )

3) mkdir /bkp_tmp

4) cp -aR /tmp/ /bkp_tmp (backup all the contents from /tmp directory)

5) edit the fst and put the appropriate entries:
/dev/hda5 /tmp ext3 loop,noexec,nosuid,rw 0 0
Make sure you are using "noexec"

5) mount -a

6) cp -aR /bkp_tmp/* /tmp (restore the backup file to /tmp directory)


Doing so this will remove the executable permissions for that partition. Nothing will be executed from this partition, on the other hand you will be able to read and write on the partition as we are providing (rw in the syntax).

Further we have checked the appliance and few services. There were no issues for us.
You can implement the same as per your requirement.
If you face some issue after doing so, you can just change "noexec" to "exec" and remount the partition.
This is a system wide issue and not directly related with appliance, So things will act as per the system defaults after doing so.




Related Knowledge

Related Links
Last ModifiedUsageSatisfiedLast Used
9/2/2005 1:35:45 AM   

4cc899da08664637a8bc437308d3ddd7 3ccb419cf98083f3bb45808fba8dbc7c 6311ae17c1ee52b36e68aaf4ad066387

Email subscription for changes to this article
Save as PDF