LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
LinkBack Search this Thread
Old 04-21-2005, 08:03 AM   #1
Manuel-H
Member
 
Registered: Apr 2003
Location: Singapore
Distribution: Slackware32/64, Ubuntu, Fedora, RHEL
Posts: 130

Rep: Reputation: 15
/tmp /var/tmp


Question:

1. How can I monitor if script kiddies are putting stuff into these world writable directories?

2. Is there a way to prevent any script kiddies from accessing these directories? Most of the time, the script kiddies will launch IRC server (using user nobody) which does nothing because my firewall block all ports except for authorized ports.

I also read somewhere when I google that use some watch program to monitor the directories but was unable to download the source.

Some other info.
- Slackware v10.1, kernel v2.4.29
- both directory are not in separate partition, so cannot use noexec, nosuid, nodev. Anyway according to some expert these are not enuff.
- I have chkrookit and rkhunter to check for any trojan.
 
Old 04-21-2005, 09:12 AM   #2
r0b0
Member
 
Registered: Aug 2004
Location: Europe
Posts: 600

Rep: Reputation: 49
If you don't want world writable directories, you don't need them.

Set environment variable TMPDIR to $HOME/tmp for all users in /etc/bash.bashrc (or whatever your system uses) and you can chmod 755 /tmp /var/tmp.

R.
 
Old 04-21-2005, 09:21 PM   #3
Manuel-H
Member
 
Registered: Apr 2003
Location: Singapore
Distribution: Slackware32/64, Ubuntu, Fedora, RHEL
Posts: 130

Original Poster
Rep: Reputation: 15
If I removed the writable for group and world, will the system still function properly?

I saw tmp files created by some other valid programs, eg. php session files, antivirus tmp dir, webmin, etc.
 
Old 04-23-2005, 05:30 AM   #4
r0b0
Member
 
Registered: Aug 2004
Location: Europe
Posts: 600

Rep: Reputation: 49
Well, my advice is to go ahead with it - do it and then check if everything works.
You can change configuration of PHP, antivirus, webmin to store their temporary files in other locations, writable only by their respective users.
I think it's worth the work anyway.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
/var/tmp folder hardeep_ubhi Linux - General 4 10-02-2006 07:10 AM
/var/ and /tmp/ directories puishor Linux - General 5 06-25-2005 08:36 AM
kde, /tmp, /var/tmp and all that garba Linux - Software 4 06-17-2005 12:31 PM
Cleaning up /var and /tmp.... Whitehat Linux - General 3 01-04-2004 07:07 PM
Newbie question - /tmp /var/tmp Mr happy Linux - Security 3 01-27-2003 01:03 PM


All times are GMT -5. The time now is 12:09 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration