SecureCentos.com

This will cover securing /tmp /var/tmp and /dev/shm

Secure /tmp:

Step 1: Backup your /etc/fstab file

cp /etc/fstab /etc/fstab.bak

Step 2: Make a 3GB file for /tmp parition and an ext3 filesystem for tmp:

dd if=/dev/zero of=/var/tempFS bs=1024 count=3072000
/sbin/mkfs.ext3 /var/tempFS

*Change the count= to something higher if you need more space*

Step 3: Create a backup copy of your current /tmp drive:

cp -Rpf /tmp /tmpbackup

Step 4: Mount our new tmp parition and change permissions:

mount -o loop,noexec,nosuid,rw /var/tempFS /tmp
chmod 1777 /tmp

Step 5: Copy the old data:

cp -Rpf /tmpbackup/* /tmp/

* If your /tmp was empty earlier, you might get this error : cp: cannot stat `/tmp.bak/*’: No such file or directory

Step 6: Edit /etc/fstab and add this:

nano -w /etc/fstab

And ADD this line:

/var/tempFS /tmp ext3 loop,nosuid,noexec,rw 0 0

Step 7: Test your fstab entry:

mount -o remount /tmp

Step 8: Verify that your /tmp mount is working:

df -h

Should look something like this:

/var/tempFS           962M   18M  896M   2% /tmp

Secure /var/tmp:

Step 1: Use /tmp as /var/tmp.

mv /var/tmp /var/vartmp
ln -s /tmp /var/tmp

Step 2: Copy the old data back

cp /var/vartmp/* /tmp/

* If your /var/tmp was empty earlier, you might get this error : cp: cannot stat `/var/vartmp/*’: No such file or directory

Secure /dev/shm:

Step 1: Edit your /etc/fstab:

nano -w /etc/fstab

Locate:

none /dev/shm tmpfs defaults,rw 0 0

Change it to:

none /dev/shm tmpfs defaults,nosuid,noexec,rw 0 0

Step 2: Remount /dev/shm:

mount -o remount /dev/shm

You should restart services that uses /tmp partition