|[Home] [Credit Search] [Category Browser] [Staff Roll Call]||The LINUX.COM Article Archive|
|Originally Published: Friday, 28 January 2000||Author: Derrick H. Lewis|
|Published to: news_enhance_security/Security Tips||Page: 1/1 - [Printable]|
A trivial but useful tip for helping thwart the script kiddie.
Have your users tmp directory set to ~/.tmp or related to help keep /tmp clean. This is just housecleaning. In /etc/profile, export TMP=~/.tmp Now make /tmp a separate partition. The mount flags for it should be similar to this list: "noexec,nosuid,nodev,
It is also a good idea to enforce quotas on this partition the options used prevent execution of any files stored, prevent suid operation, no special files, i.e. The kind found in /dev, allows it to be readwrite, auto mounted on boot, and the default asynchronous write operations. Therefore no more /tmp/.sh which is a suid shell created by an exploit.