Here is a little tip for Linux users who want to secure their box even more! Everyone knows that /tmp directory can sometimes be very insecure, because the permission for this directory is 777. Malicious scripts can be uploaded to /tmp to do bad things! This is why it’s smart to make the /tmp directory a little stricter by editing /etc/fstab file.
In /etc/fstab, go to the line that says something similar to [your-device-parameter-here /tmp ext3 defaults 0 0], replace the part that says defaults with [loop,noexec,nosuid,rw]. After finishing up the editing of /etc/fstab to make the /tmp more secure, you should see something similar to [/dev/sda2 /tmp ext3 loop,noexec,nosuid,rw 0 0]. Don’t forget to save the /etc/fstab file to make the change. To activate the change of /tmp to the system, you can either reboot your computer, or you can remount the /tmp. To remount /tmp, do [mount -o remount /tmp] as root.
The security tip for /tmp in this article works pretty much with all Linux distributions! Wanting to secure your Linux box even more? Although the security tips that I’d written in “Tighten Up Ubuntu’s Security,” is distribution specific, some tips should work for other Linux distributions too. Have a merry secure Linux box!
Update: Some people forgot to install /tmp as a separate partition, these people need to create a /tmp partition first before they can use this article’s tighten up /tmp tip. How to create /tmp partition on a working Linux box? You can google for how to do just that, or you have to wait for another article that I may write soon on creating /tmp partition.
2nd Update: Anytime you need to do yum update or aptitude update and aptitude safe-upgrade, you need to revert your changed /tmp directory back to the default. That’s, to have the setting of /tmp as [/dev/sda2 /tmp ext3 defaults 0 0], and then execute this command line [mount -o remount /tmp] to apply the change of /tmp to the system.
Without reverting /tmp to the default setting, when updating your Linux box with yum or aptitude, yum and aptitude may not be able to use /tmp directory to configure the settings of updating software.
If you know how to write shell script, you can create a short shell script to automatically revert the /tmp back to default before yum or aptitude works its magic, and eventually the shell script reverts the /tmp directory back to a more secure setting again. Even better, you can add a cron job to /etc/crontab to run the shell script that you had written for loosening up /tmp security and updating your Linux box and tighten up /tmp security at the end — doing all of that automatically daily (without your intervention).