[CentOS] Re: A question about RAID and partitions
Dhawal Doshy
dhawal at netmagicsolutions.com
Wed May 23 17:54:34 UTC 2007
AbbaComm.Net wrote:
>> Agreed, i would though add a /tmp of 10G or so, mounted as noexec and
>> nosuid for web servers (running maybe insecure php apps or similar).
>>
>
> Dhawal,
>
> Are you saying that in /etc/fstab that the entry should be changed from
>
> LABEL=/tmp /tmp ext3 defaults 1 2
>
> To
>
> LABEL=/tmp /tmp ext3 noop,noexec,nosuid,rw 1 2
minus the noop, which i'm not aware of..
LABEL=/tmp /tmp ext3 noexec,nosuid,rw 1 2
> Or do you do something slightly different?
>
> Any drawbacks you have noticed on an internet facing web and mail server?
One some servers, we've had buggy/older versions of software like phpbb,
awstats being exploited to to run rootkits from /tmp (OR /var/tmp),
where the web server has write access. Tuning off exec has helped in
letting the rootkit not get executed. No drawbacks so far, i can
possibly only think of some log-reporting utility using /tmp for temp
access filling it up.. but 10G ought to be sufficient in most cases if
not make it larger..
More information about the CentOS
mailing list