securing /tmp
 

i'm looking for way to secure my /tmp directory
i have fedora core 2 work as web server with apache
sometimes crackers puts binary files in my /tmp directory
also i find some processes runs as http and when i restart the serveice i found that these prcesses are still working.
i want to find something to monitor my /tmp directory and to take action.

du -h /tmp to see how large your /tmp is.

Create a partition large enough to hold /tmp, then edit /etc/fstab to show the new partition. Mount it noexec to prevent executable files from running in /tmp.

mv the current /tmp into the new partition.

The problem is not with /tmp. You need to investigate what web content on your servers are allowing people to upload to your system. Secure your applications. Creating a larger /tmp without fixing the hole is only giving people more storage space on your system.

sometimes i find that the load average is high then when i make #top -c to show what are the most processes that consumes more cpu cycles and memory,i find normal processes nobody with http and when i restart the httpd service i found that everything is cool and the load average reduced.
and sometimes when i stop the service httpd i find running http service and i don't know what is it?
i think that it is some of processes that crackers wants to execute from /tmp.

Like Stickman says, harden the box. If I understand correctly what you write then in your case you have to check your system, auth and daemon logs because it sounds like your box is/was a target. Did you run any auditing apps like Tiger, Chkrootkit / Rootkit Hunter?

yes,Rootkit Hunter is running.

That's an interesting point about mounting /tmp as noexec (and nosuid). I'll be doing that for my home system, thanks.

yes,Rootkit Hunter is running.

Thanks...
 

Thanks all the problem was solved.