Securing the /tmp Partition in Plesk Server

Securing the /tmp Partition

It is recommended to create /tmp as separate partition and mount it with the noexec and nosuid options.

The noexec option disables the executable file attribute within an entire file system, effectively preventing any files within that file system from being executed.

The nosuid option disables the SUID file-attribute within an entire file system. This prevents SUID attacks on, say, the /tmp file system.

To secure the /tmp partition of your Parallels Plesk Panel server:

If /tmp is a separate partition on the server, you only need to edit /etc/fstab and add the noexec and nosuid options for /tmp. Then remount the partition.

If the /tmp directory resides on the / partition:

Create a new partition for /tmp, for example with size 512 MB:

# mkdir /filesystems
# dd if=/dev/zero of=/filesystems/tmp_fs seek=512 count=512 bs=1M
# mkfs.ext3 /filesystems/tmp_fs
Add the string into /etc/fstab:
/filesystems/tmp_fs /tmp ext3 noexec,nosuid,loop 1 1

Move current /tmp directory content to another location.
Mount new /tmpp partition:
# mount /tmp
Move content from old /tmp directory to the new one.

Tags: , ,

Trackback URI | Comments RSS

Leave a Reply

You must be logged in to post a comment.