{"id":474,"date":"2010-12-02T19:17:34","date_gmt":"2010-12-02T17:17:34","guid":{"rendered":"http:\/\/www.shukko.com\/x3\/?p=474"},"modified":"2010-12-02T19:17:34","modified_gmt":"2010-12-02T17:17:34","slug":"secure-tmp-and-vartmp-openvz","status":"publish","type":"post","link":"https:\/\/www.shukko.com\/x3\/2010\/12\/02\/secure-tmp-and-vartmp-openvz\/","title":{"rendered":"Secure \/tmp and \/var\/tmp OpenVZ"},"content":{"rendered":"<p>First open fstab using nano, or your chosen editor:<br \/>\nnano -w \/etc\/fstab<\/p>\n<p>Next append the following like to the fstab file you just opened:<br \/>\nnone \/tmp tmpfs nodev,nosuid,noexec 0 0<\/p>\n<p>If you opened using nano you can now close using ctrl+x and then answering \u201cy\u201d to save.<br \/>\nTo apply the changes we now need to simply remount:<br \/>\nmount -o remount \/tmp<\/p>\n<p>Its always a good idea to test it worked so run the following command:<br \/>\ndf -h<\/p>\n<p>Within the output you should see something like:<br \/>\nnone          4.1G   0  4.1MG   3% \/tmp<\/p>\n<p>There is also a \/var\/tmp dir that needs to be secured.<br \/>\nSo firstly make a backup (don\u2019t skip this step, you need the files in a bit)<br \/>\nmv \/var\/tmp \/var\/tmpfiles<\/p>\n<p>We can now make a link to map \/tmp to \/var\/tmp<br \/>\nln -s \/tmp \/var\/tmp<\/p>\n<p>Restore the files from the backup you made before<br \/>\ncp \/var\/tmpfiles\/* \/tmp\/<\/p>\n<p>Restore the files from the backup you made before, and make sure that the files in tmpfiles are now in tmp.<br \/>\nls \/var\/tmpfiles<br \/>\nls \/var\/tmp<\/p>\n<p>If it looks ok, you can remove the tmpfiles directory.<br \/>\nRm -rf \/var\/tmpfiles<\/p>\n","protected":false},"excerpt":{"rendered":"<p>First open fstab using nano, or your chosen editor: nano -w \/etc\/fstab Next append the following like to the fstab file you just opened: none \/tmp tmpfs nodev,nosuid,noexec 0 0 If you opened using nano you can now close using ctrl+x and then answering \u201cy\u201d to save. To apply the changes we now need to [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-474","post","type-post","status-publish","format-standard","hentry","category-kategerisiz"],"_links":{"self":[{"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/posts\/474","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/comments?post=474"}],"version-history":[{"count":1,"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/posts\/474\/revisions"}],"predecessor-version":[{"id":475,"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/posts\/474\/revisions\/475"}],"wp:attachment":[{"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/media?parent=474"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/categories?post=474"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/tags?post=474"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}