Optimize and Tweak High-Traffic Servers Published: Dec 12, 2003
  • Rating

    4/5

If you are renting a server then chances are you only have one big partition. Learn how to create a secure /tmp partition even while your server is already up and running on Cpanel/WHM.

Securing Your /tmp Partition with Cpanel/WHM

If you are renting a server then chances are everything is lumped in / and a small amount partitioned for /boot and some for swap. With this current setup, you have no room for making more partitions unless you have a second hard-drive. Learn how to create a secure /tmp partition even while your server is already up and running.
Recently, I found out it would be worthwhile to give /tmp it's own partition and mount it using noexec- This would protect your system from MANY local and remote exploits of rootkits being run from your /tmp folder.

What we are doing it creating a file that we will use to mount at /tmp. So log into SSH and SU to root so we may being!

code:
cd /dev

Create 100MB file for our /tmp partition. If you need more space, make count size larger.

code:
dd if=/dev/zero of=tmpMnt bs=1024 count=100000

Make an extended filesystem for our tmpMnt file

code:
/sbin/mke2fs /dev/tmpMnt

Backup your /tmp dir- I had mysql.sock file that I needed to recreate the symbolic link for. Other programs may use it to store cache files or whatever.

code:
cd /

code:
cp -R /tmp /tmp_backup

Mount the new /tmp filesystem with noexec

code:
mount -o loop,noexec,nosuid,rw /dev/tmpMnt /tmp

code:
chmod 1777 /tmp

Copy everything back to new /tmp and remove backup

code:
cp -R /tmp_backup/* /tmp/

code:
rm -rf /tmp_backup

Now we need to add this to fstab so it mounts automatically on reboots.

code:
pico -w /etc/fstab

You should see something like this:
code:
/dev/hda3               /                       ext3    defaults,usrquota        1 1
/dev/hda1               /boot                   ext3    defaults        1 2
none                    /dev/pts                devpts  gid=5,mode=620  0 0
none                    /proc                   proc    defaults        0 0
none                    /dev/shm                tmpfs   defaults        0 0
/dev/hda2               swap                    swap    defaults        0 0

At the bottom add
code:
/dev/tmpMnt             /tmp                    ext2    loop,noexec,nosuid,rw  0 0

(Each space is a tab)
Save it!
Ctrl + X and Y

Your done- /tmp is now mounted as noexec. You can sleep a little bit safer tonight. I created a hello world c++ and compiled it then moved it to /tmp. Upon trying to run it (even chmod +x'ed), it gives the following error:

code:
bash: ./a.out: Permission denied

Yay! /tmp no longer has execute permissions :-D

  • Rating

    4/5

Related Articles

Comments (3)

  • Gravatar - Richy C
    Richy C 16:22, January 23, 2004
    Where is the "How to log slow queries:

    # vi /etc/rc.d/init.d/mysqld"

    file under Cpanel?
  • Gravatar - elhoim
    elhoim 09:34, April 16, 2004
    What about putting all links of the article in anchor tags, because i am tired of copy/pasting them...
    Anyway, good work guy!!!!
  • Gravatar - Steve
    Steve 18:50, April 16, 2004
    Use the print article feature so the lines don't wrap....

    http://www.webhostgear.com/index.php?print/id:49

Add Your Thoughts

WebHostGear.com is a hosting directory, not a web host.

Copyright © 1998-2017 WebHostGear.com