Richard G
Verified User
I always use a method to secure my /tmp folder, the /var/tmp (removed and symlinked to /tmp) and the /dev/shm.
Like this:
and after that:
in /etc/fstab change:
none /dev/shm tmpfs defaults,rw 0 0
to
none /dev/shm tmpfs defaults,nosuid,noexec,rw 0 0
and do mount -o remount /dev/shm
But I now have the first server with Centos 7 which uses a completely different way.
Seems I have to put things in a /etc/systemd/system file which I completely don't understand yet, even not from the docs. Centos 6 was way easier.
In the way described above, for example I can't remove the /var/tmp directory because the device our resources is busy and in df -h the /tmp is not mounted like in Centos 6, in Centos 7 it looks like a /dev/loop or something like that.
Anyway, can somebody tell me (prefereble by the use this, change that method or by changing my method above), how it's done in Centos 7 now? Also for /dev/shm?
Like this:
Code:
dd if=/dev/zero of=/var/tmpMnt bs=1024 count=5000000
/sbin/mkfs.ext4 -j /var/tmpMnt
cd /
cp -a /tmp /tmp_backup
rm -rf /tmp/.??* /tmp/*
mount -o loop,noexec,nosuid,nodev,rw /var/tmpMnt /tmp
chmod 1777 /tmp
cp -a /tmp_backup/.??* /tmp_backup/* /tmp/
rm -rf /tmp_backup
echo "/var/tmpMnt /tmp ext4 loop,noexec,nosuid,nodev,rw 0 0" >> /etc/fstab
cp -a /var/tmp/.??* /var/tmp/* /tmp
rm -rf /var/tmp
ln -s /tmp /var/tmp
cp -a /home/tmp/.??* /home/tmp/* /tmp
rm -rf /home/tmp
ln -s /tmp /home/tmp
and after that:
in /etc/fstab change:
none /dev/shm tmpfs defaults,rw 0 0
to
none /dev/shm tmpfs defaults,nosuid,noexec,rw 0 0
and do mount -o remount /dev/shm
But I now have the first server with Centos 7 which uses a completely different way.
Seems I have to put things in a /etc/systemd/system file which I completely don't understand yet, even not from the docs. Centos 6 was way easier.
In the way described above, for example I can't remove the /var/tmp directory because the device our resources is busy and in df -h the /tmp is not mounted like in Centos 6, in Centos 7 it looks like a /dev/loop or something like that.
Anyway, can somebody tell me (prefereble by the use this, change that method or by changing my method above), how it's done in Centos 7 now? Also for /dev/shm?