The tmp path is the place to create and execute temporary files that we need in order to execute processes quickly and correctly. Normally in CentOS operating system, which is suitable for hosting servers, this path is not properly secured, and we must take a number of measures to secure this path so that hackers can not execute malicious commands in this path as much as possible and ensure server security. The tmp, /var/tmp, and /dev/shm paths are the ones we need to secure and restrict.
What do we need before we start? #
This is usually done before there are information and an account on the server and therefore there is not much risk. But if you have important information and accounts in the server where you intend to do this, you must make a complete and safe backup of the server before doing the work so that you can use it in case of any problem.
We also need root access in the SSH environment to do the job. Note how many files need to be edited, which we do with the nano tool in the SSH environment. If you do not have this tool, you can install it with the yum install nano command.
Steps to secure temporary file paths in CentOS #
First, After login into SSH, we will edit the fstab file with nano (or other command-line editor tools like vim) /etc/fstab, which contains the properties of the temporary file execution paths.
In the content of this file, there is /tmp defaults value, to which you must also add “nodev, nosuid, noexec” values to the end.
In fact, the values should be in the form of : “defaults, nodev, nosuid, noexec”.
For tmpfs, which is in the next line or lines, we should do the same and add the values ”nodev, nosuid, noexec” to the end of the defaults value, which will eventually be: “defaults, nodev, nosuid, noexec”.
Finally, we need to put the following value as the last line of this file and save the file with the ctrl + x key combination.
/tmp /var/tmp none rw,noexec,nosuid,nodev,bind 0 0
At the end of the work, we must enter the following commands in order to apply the added values in the storage and execution of temporary files.
mount -o rw,noexec,nosuid,nodev,bind /tmp/ /var/tmp/
mount -o remount,noexec,nosuid,nodev /tmp
mount -o remount,noexec,nosuid,nodev /dev/shm
After doing the above, you must restart the operating system with the reboot command to perform their function properly.