noexec – Do not allow direct execution of any binaries on the mounted filesystem.
nosuid – Do not allow set-user-identifier or set-group-identifier bits to take effect.
First, create a file called /usr/tmpDSK as follows :
# dd if=/dev/zero of=/usr/tmpDSK bs=1 count=0 seek=4G
Format the file system using the mkfs.ext4 command:
# mkfs.ext4 /usr/tmpDSK
Add nodev, nosuid, and noexec options and mount the file system at /tmp
# mount -o loop,rw,nodev,nosuid,noexec /usr/tmpDSK /tmp
# chmod 1777 /tmp
Type the following command to bind mount the /var/tmp directory onto /tmp:
# mount -o rw,noexec,nosuid,nodev,bind /tmp /var/tmp
Update /etc/fstab
Edit the file /etc/fstab, enter:
# vi /etc/fstab
Modify /tmp line as follows:
/usr/tmpDSK /tmp ext4 rw,noexec,nosuid,nodev,bind 0 0
Append the following line:
/tmp /var/tmp none rw,noexec,nosuid,nodev,bind 0 0
Save and close the file.
Không có nhận xét nào:
Đăng nhận xét