ConfigServer Security & Firewall - csf v3.28

[optrex]

I am in the process of setting up the security and firewall and I've come across the following warnings.

• Check /tmp is mounted as a filesystem WARNING /tmp should be mounted as a separate filesystem. Consider using /scripts/securetmp

• Check /var/tmp is mounted as a filesystem WARNING /var/tmp should either be symlinked to /tmp or mounted as a filesystem

I've done this process on 2 other VPS that are currently running, but I've not actually come across these 2 particular warnings before.

Does anyone know how I go about making the changes required ?

I warn you now, if I need to SSH I will need a step by step command line that I need to type

[optrex]

any ideas from the crew?

[Nicolaus]

Note that unlike with a dedicated server, this /tmp partition isn't a real partition. What it basically does is to create a ramdisk on the hardware node for the vps, of which the disk usage isn't accounted towards the quota of the rest of the vps. The usage is accounted against the "shmpages" of the vps, which can only be set from the hardware node. Usually this is set to either 32mb or 64mb. Also note that the /tmp ramdisk isn't the only thing that consumes the shmpages, there are also several other things that use up the space.

You may try the following to secure your VPS more. Its a step by step description.

(This secures your /tmp)

Once logged into ssh, fire the following commands.

1. - Edit /etc/fstab
2. - Under the existing line (there should only be one line) added ie.
none /tmp tmpfs nodev,nosuid,noexec 0 0
3.- Reboot the VPS to make the changes take effect.
4.- Log back in and enter "df -h" to see whether the changes have taken effect

(you should see a seperated /tmp partition now)

[optrex]

thanks nick, that was perfect