Mark Priest
Oct 28 2004, 10:12 PM
Hi there.
I have read many posts on here about changing the tmp directories to noexec nouid. However they all seem to be for cPanel.
Is this the same method for plesk?
It would be nice for some plesk 7.1 users to post their comments?
Mark Priest
Oct 28 2004, 10:58 PM
OK.
Ie been reading some various posts around the 'net' and have found this?
If you have /tmp mounted on a separate partition do the following to secure it..
**************************************
mount -o noexec,nosuid,rw /tmp
(if you have the entries for it in fstab)
*************************************************
Now, in my fstab file
nano -w /etc/fstab
I have the following entry
none /tmp tmpfs defaults 0 0
Does this mean that tmp is already in its own partition and i can just run the command above?
covici
Oct 29 2004, 09:25 AM
No, you would have to repartition your drive -- unless you have already done this.
Mark Priest
Oct 29 2004, 09:27 AM
OK, So will the following work on Plesk 7.1.5?
STEPS TO SECURE TMP
If you have /tmp mounted on a separate partition do the following to secure it..
**************************************
mount -o noexec,nosuid,rw /tmp
(if you have the entries for it in fstab)
*************************************************
(if not)
************************************************
mount -o noexec,nosuid,rw /dev/devicename /tmp
ex:
mount -o noexec,nosuid,rw /dev/hda3 /tmp
*************************************************
If you do not have a separate partition for /tmp do the following...
******************************************
Create 100MB file for our /tmp partition. If you need more space, increase the count size
****************
dd if=/dev/zero of=/dev/tmp_mnt bs=1024 count=100000
*******************
Make an extended filesystem for our tmp_mnt file
************
mke2fs /dev/tmp_mnt (creates ext2 file system)
mke2fs -j /dev/tmp_mnt (create ext3 file system)
*************
Backup your existing /tmp dir-
**************
cp -R /tmp /tmp_backup
**************
Mount the new /tmp filesystem with noexec
***********
mount -o loop,noexec,nosuid,rw /dev/tmp_mnt /tmp
chmod 1777 /tmp
***********
copy the content back into new tmp and remove the backup
****************
cp -R /tmp_backup/* /tmp/
rm -rf /tmp_backup
************
Now we need to add entries for /tmp in fstab so that it mounts automatically on reboot
***************
pico -w /etc/fstab
**************
you will see something similar like...
**********
/dev/hda3 / ext3 defaults,usrquota 1 1
/dev/hda1 /boot ext3 defaults 1 2
none /dev/pts devpts gid=5,mode=620 0 0
none /proc proc defaults 0 0
none /dev/shm tmpfs defaults 0 0
/dev/hda2 swap swap defaults 0 0
**************
Add the following line at the bottom of file..
****************
(for ext2)
/dev/tmp_mnt /tmp ext2 loop,noexec,nosuid,rw 0 0
************
(for ext3)
**********************
/dev/tmp_mnt /tmp ext3 loop,noexec,nosuid,rw 0 0
***********************
/tmp is now mounted as noexec hence no longer has execute permissions
Mark Priest
Nov 1 2004, 09:06 PM
Can anyone confirm that this is the correct procedure to follow on a plesk 7.1 box????