Securing /tmp on OpenVZ

Question

/tmp should be mounted as a separate filesystem with the noexec,nosuid options set
/var/tmp should either be symlinked to /tmp or mounted as a filesystem
/dev/shm is not mounted with the noexec,nosuid options (currently: none). You should modify the mountpoint in /etc/fstab for /dev/shm with those options and remount

This is an OpenVZ Server and I don't know how to fix those issues.

How do I make /tmp ect... safe on OpenVZ?

This for the guest. can this be done on the host?

Please do not [crosspost](http://security.stackexchange.com/q/43976/26001) — Marco, Oct 16 '13 at 22:02
Please don't vote to close, the cross-posted question on security.se has been closed. — terdon, Oct 17 '13 at 04:26

score 0 · Accepted Answer · edited Oct 16 '13 at 23:11

0

You can secure from centos secure tmp how to, then change it according to shared memory (shm) and other shared directories.

Above solution is first solution, but if you don't have any information, you can use second solution: OpenVZ make an instance from each resource but VMWare doesn't create it, you can use VMWare.

This post is very good.

edited Oct 16 '13 at 23:11

slm

363,520
117
767
871

answered Oct 16 '13 at 23:02

PersianGulf

10,728
8
51
78

Securing /tmp on OpenVZ

1 Answers1