/TMP Security question
Hello,
I am Using Redhat 8.0 on my server. Is there a way to prevent a DDos attack from comming in or being initiated from the /tmp folder. I have this folder Chmodded and locked down. Any way that someone can give me some advice on this? Thanks in advance. InfluxDan |
I assume you mean preventing a normal user from filling up /tmp
, or from copying files into tmp that could then do something nasty. For the first risk, I'm not aware of any easy solution, but there are a few things you can do. For the second, as long as the sticky bit is set and umasks are set correctly, /tmp should be OK. Things you can try : - Have /tmp as a separate filesystem and set the nosuid and nodev flags. - Have users use a different tmp directory by default (TMPDIR=~/tmp, for example). - Have your key applications use their own tmp directory so /tmp filling up doesn't cause them a problem. - Place a limit on the max. file size a user can create (ulimit) - nothing stopping a user creating lots of small files though. - Set up alerting so you get an email/page/... if /tmp goes over (for example) 80% full. |
All times are GMT -5. The time now is 02:13 PM. |