1. Centos7 server
Nowadays servers are not secure each and every time hackers attempt to hack the servers/systems using a hacking script. No one knows how to how to stop these hackers to put these types of script on the system so that we can save our self from any type of attack.
To stop hackers that can’t run any script on the server we use /tmp security.
/tmp security is very harder to break. By this many types of attack flood hacks/rootkits via PHP injection can be stopped.
1. Create a /tmp partition with 2000Mb or 1000Mb disk space.
For 2000Mb use this command
# dd if=/dev/zero of=/var/tmpMount bs=1024 count=2000000
For 1000Mb use this command
#dd if=/dev/zero of=/var/tmpMount bs=1024 count=1000000
2. The format that partition with ext3 extension.
Press “Y” after run that command.
3. Take a backup of /tmp folder. If any error occurs, we have a backup so the problem we will face.
#cp -R /tmp /tmpbak
4. Now mount the /tmp filesystem with noexec option: noexec(not execute script don’t have permission to run) not allow any hacking script run on that system.
#mount -o loop,noexec,nosuid,rw /var/tmpMount /tmp
5. Give permission to /tmp folder. So that /tmp folder having all access on files and folders.
#chmod 1777 /tmp
6. Now remove tmp backup folder and copy everything in /tmp folder.
#cp -R /tmpbak/* /tmp/
#rm -rf /tmpbak
7. Now edit /etc/fstab file for permanent mount /tmp partition. But first, you have to take a backup of /etc/fstab file because this file is so critical if any mistake has done your server can be down.
And add this line
/var/tmpMount /tmp ext2 loop,noexec,nosuid,rw 0 0
Save the file with : wq
Whenever you made an entry in /etc/fstab make sure to run #mount -a to sure that you did not do any mistake in that file.
If mount -a run without error means all configuration is right if an error occurs means you made any mistake.
Now /tmp mount with noexec option: permission denied for any script to be run.
8. Now create symbolic link for /tmp
#cp -rvf /var/tmp /var/tmpbak
#ln -s /tmp /var/tmp
#cp -R /var/tmpbak/* /tmp/
#rm -rf /var/tmpbak
9. Now secure /dev/shm folder with noexec permission in /etc/fstab
then add this line below.
tmpfs /dev/shm tmpfs defaults,nosuid,noexec,rw 0 0
10. Mount temporary /dev/shm
# mount -o remount /dev/shm