AbbaComm.Net wrote: >> Agreed, i would though add a /tmp of 10G or so, mounted as noexec and >> nosuid for web servers (running maybe insecure php apps or similar). >> > > Dhawal, > > Are you saying that in /etc/fstab that the entry should be changed from > > LABEL=/tmp /tmp ext3 defaults 1 2 > > To > > LABEL=/tmp /tmp ext3 noop,noexec,nosuid,rw 1 2 minus the noop, which i'm not aware of.. LABEL=/tmp /tmp ext3 noexec,nosuid,rw 1 2 > Or do you do something slightly different? > > Any drawbacks you have noticed on an internet facing web and mail server? One some servers, we've had buggy/older versions of software like phpbb, awstats being exploited to to run rootkits from /tmp (OR /var/tmp), where the web server has write access. Tuning off exec has helped in letting the rootkit not get executed. No drawbacks so far, i can possibly only think of some log-reporting utility using /tmp for temp access filling it up.. but 10G ought to be sufficient in most cases if not make it larger..