securing /tmp
i'm looking for way to secure my /tmp directory
i have fedora core 2 work as web server with apache sometimes crackers puts binary files in my /tmp directory also i find some processes runs as http and when i restart the serveice i found that these prcesses are still working. i want to find something to monitor my /tmp directory and to take action. |
du -h /tmp to see how large your /tmp is.
Create a partition large enough to hold /tmp, then edit /etc/fstab to show the new partition. Mount it noexec to prevent executable files from running in /tmp. mv the current /tmp into the new partition. |
The problem is not with /tmp. You need to investigate what web content on your servers are allowing people to upload to your system. Secure your applications. Creating a larger /tmp without fixing the hole is only giving people more storage space on your system.
|
sometimes i find that the load average is high then when i make #top -c to show what are the most processes that consumes more cpu cycles and memory,i find normal processes nobody with http and when i restart the httpd service i found that everything is cool and the load average reduced.
and sometimes when i stop the service httpd i find running http service and i don't know what is it? i think that it is some of processes that crackers wants to execute from /tmp. |
Like Stickman says, harden the box. If I understand correctly what you write then in your case you have to check your system, auth and daemon logs because it sounds like your box is/was a target. Did you run any auditing apps like Tiger, Chkrootkit / Rootkit Hunter?
|
yes,Rootkit Hunter is running.
|
That's an interesting point about mounting /tmp as noexec (and nosuid). I'll be doing that for my home system, thanks.
|
yes,Rootkit Hunter is running.
|
Thanks...
Thanks all the problem was solved.
|
All times are GMT -5. The time now is 07:25 AM. |