This guide on how to secure you tmp directory is written for a VPS running on OpenVZ.
NOTE: You will be performing some file system changes here, which are very risky if done incorrectly or are incompatible with your OS. As always we take no responsibility for the results from running these commands, you should always have a full back up, test the process in a lab, and make sure you know what the commands actually do!
First thing that we need to do is open up the fstab file for editing, we are going to use nano for this, however any editor will do the job.
nano -w /etc/fstab
Now we need to create a new line, so navigate to the bottom of the file using your arrow key’s and append the following line, I recommend copying & pasting to ensure you don’t get it wrong.
none /tmp tmpfs nodev,nosuid,noexec 0 0
If you opened using nano you can now close using ctrl+x and then answering “y” to save.
So our changes have been applied to the configuration file, we just now need to remount the temp directory to make the changes become live on the system. Double check the changes before running this command:
mount -o remount /tmp
(You might need to reboot your VPS if the mount errors.)
There is also another temp directory which is wise to secure (/var/tmp dir)
So make a backup (don’t skip this step, you need the files in a bit)
mv /var/tmp /var/tmpfiles
We can now make a link to map /tmp to /var/tmp
ln -s /tmp /var/tmp
Restore the files from the backup you made before
cp /var/tmpfiles/* /tmp/
Restore the files from the backup you made before, and make sure that the files in tmpfiles are now in tmp.
If it looks ok, you can remove the tmpfiles directory.
rm -rf /var/tmpfiles
That’s it! You should now be a bit more secure!