hardening /tmp
Trond Endrestøl
Trond.Endrestol at fagskolen.gjovik.no
Wed Feb 8 15:44:11 UTC 2017
On Wed, 8 Feb 2017 10:22-0500, James B. Byrne via freebsd-questions wrote:
> How do most people handle hardening /tmp and /var/tmp on FreeBSD? I
> can get rid of /tmp from the file system and then simply mount it as a
> tmpfs in /etc/fstab.
>
> tmpfs /tmp tmpfs rw,nosuid,noexec,mode=01777 0 0
>
> However, /var/tmp is supposed to survive across reboots so how is this
> handled?
If ZFS is an option, then create a separate dataset/filesystem for
/var/tmp, and set its quota to something sensible.
If UFS is your (only) option, then create a separate partition of
reasonable size and mount that as your /var/tmp.
You can also consider a filebacked mfs of a certain size for your
/var/tmp.
--
+-------------------------------+------------------------------------+
| Vennlig hilsen, | Best regards, |
| Trond Endrestøl, | Trond Endrestøl, |
| IT-ansvarlig, | System administrator, |
| Fagskolen Innlandet, | Gjøvik Technical College, Norway, |
| tlf. mob. 952 62 567, | Cellular...: +47 952 62 567, |
| sentralbord 61 14 54 00. | Switchboard: +47 61 14 54 00. |
+-------------------------------+------------------------------------+
More information about the freebsd-questions
mailing list