How to secure /tmp if we didn't partition /tmp when installed CentOS. Also, secure /dev/shm to protect rootkits.
1. Secure /tmp partition
1.1: Backup your fstab file
cp /etc/fstab /etc/fstab.bak
1.2: Creating tmpMnt partition file (~ 1Gb in size)
cd /var dd if=/dev/zero of=tmpMnt bs=1024 count=1048576
1.3: Format new partition
mkfs.ext3 -j /var/tmpMnt
It will show
/var/tmpMnt is not a block special device. Proceed anyway? (y,n)
Just press Y
1.4: Making backup of old /tmp
cp -Rp /tmp /tmp_backup
1.5: Mount the tmp filesystem
mount -o loop,noexec,nosuid,rw /var/tmpMnt /tmp
1.6: Set the right permissions
chmod 0777 /tmp
1.7: Copy the files back to new tmp folder
cp -Rp /tmp_backup/* /tmp/
1.8: Adding new /tmp filesystem to fstab
echo “/var/tmpMnt /tmp ext3 loop,rw,noexec,nosuid,nodev 0 0″ >> /etc/fstab
1.9: No need for 2 tmp partitions, so we symlink /var/tmp to /tmp
rm -rf /var/tmp/ ln -s /tmp/ /var/tmp
2: Secure /dev/shm
To stop rootkits to run in /dev/shm, You should secure it.
2.1: Edit your /etc/fstab:
nano -w /etc/fstab
2.2: Change
tmpfs /dev/shm tmpfs defaults 0 0
to
tmpfs /dev/shm tmpfs defaults,nosuid,noexec 0 0
2.3: Remount /dev/shm:
mount -o remount /dev/shm
Note : CentOS 5.5 - 64 bits
Source : http://sysadmingear.blogspot.com/2007/10/how-to-secure-tmp-and-devshm-partition.html