secure /tmp partition

[jonium]

I'm configuring a new server.
Just after the installation of Almalinux 9.1, with /tmp as a partition, I edited the /etc/fstab line of /tmp adding
noexec,nodev,nosuid
and reboot without copying its content.
Is it correct or do I need anyway to copy its content?

 

[Zhenyapan]

no, this content not important, that's why sometimes TMP partition created in RAM.
Also in old manuals /var/tmp/ was bind-mounted to /tmp - I don't know is it useful now, I didn't touch it.

 

[jonium]

ok, thanks.
I also added "noexec,nosuid,nodev" to the /dev/shm line and "nosuid" to the /home partition .
The /etc/fstab is now :

proc /proc proc defaults 0 0
devpts /dev/pts devpts gid=5,mode=620 0 0
tmpfs /dev/shm tmpfs defaults,noexec,nosuid,nodev 0 0
sysfs /sys sysfs defaults 0 0
/dev/md/0 none swap sw 0 0
/dev/md/1 /boot ext3 defaults 0 0
/dev/md/2                       /                       ext4    defaults,usrquota,grpquota      0 0
/dev/md/3               /home                   ext4    defaults,nosuid,usrquota,grpquota       0 0

correctly rebooted and going to install Directadmin.
Hope it's safe

 

[orkinoks]

Hi,
this topic seems to be the right place to discuss about the current situation of /dev/shm as well. It is a temp memory folder used by some software in older OS's and pretty much open to same vulnerabilities as /tmp and /var/tmp
What is the current situation on modern OS's like Almalinux 8 or 9? Coluld anyone guide about it?

 

[Richard G]

What is the current situation on modern OS's like Almalinux 8 or 9? Coluld anyone guide about it?

I'm running Alma 8 and still protecting /dev/shm next to the /tmp directory. I don't know if it's still required but I still do so.

For those who don't know how:
in /etc/fstab change:
none /dev/shm tmpfs defaults,rw 0 0
or similar, to
none /dev/shm tmpfs defaults,nosuid,noexec,rw 0 0
the issue this command:
mount -o remount /dev/shm

 

[orkinoks]

I'm running Alma 8 and still protecting /dev/shm next to the /tmp directory. I don't know if it's still required but I still do so.

For those who don't know how:
in /etc/fstab change:
none /dev/shm tmpfs defaults,rw 0 0
or similar, to
none /dev/shm tmpfs defaults,nosuid,noexec,rw 0 0
the issue this command:
mount -o remount /dev/shm

May I ask how much disk space you spare while adding it as a seperate partition?

 

[Richard G]

while adding it as a seperate partition?

I don't add it as seperate partition, as you can see I made a change, not bigger or smaller, just nosuid and noexec, nothing more.
So the /dev/shm stays the same as it was before. On most systems I encounter this is 30 or 32 G.
I also have one Alma 8 system where it is 16G.

 

[Zhenyapan]

At my servers it equal to half of RAM.

 

[Richard G]

Oh lol then that is the reason, the one server we have 32G ram, the other 2 we have 64G.