|Knowledge ID 2082|
|Product : Ensim Pro for Linux|
|Version : 4.0.3|
|Topic : Hotfix|
Securing /tmp folder
This KB helps us to build a secured /tmp folder, preventing users from executing malicious scripts form /tmp folder.
We have tested ensim regarding the issue with /tmp directory.
Please follow the given steps:(If you don't have /tmp as a different partition)
1) Create a new partition on the server with the help of fdisk
2) mke2fs -j /dev/device-you-created (formatting the new partition with the ext3 )
3) mkdir /bkp_tmp
4) cp -aR /tmp/ /bkp_tmp (backup all the contents from /tmp directory)
5) edit the fst and put the appropriate entries:
/dev/hda5 /tmp ext3 loop,noexec,nosuid,rw 0 0
Make sure you are using "noexec"
5) mount -a
6) cp -aR /bkp_tmp/* /tmp (restore the backup file to /tmp directory)
Doing so this will remove the executable permissions for that partition. Nothing will be executed from this partition, on the other hand you will be able to read and write on the partition as we are providing (rw in the syntax).
Further we have checked the appliance and few services. There were no issues for us.
You can implement the same as per your requirement.
If you face some issue after doing so, you can just change "noexec" to "exec" and remount the partition.
This is a system wide issue and not directly related with appliance, So things will act as per the system defaults after doing so.