Mounting Partitions in CentOS 5.x

This is a basic security tip that can be executed to help protect your system. This is not an end-all guide for server security, admins must always be diligent.

At install time, the easiest thing to do is to mount your /tmp partition with the noexec,nosuid options, and mount the /home partition with the nosuid option. This is done in your /etc/fstab and requires those paths to exist as partitions, and not just as subdirectories of /.

Be very careful when editing your /etc/fstab, as any errors could prevent your system from starting up.

Backup your fstab:

cp /etc/fstab /etc/fstab.bak

Create 1GB tmpmnt partition file

cd /var
dd if=/dev/zero of=tmpMnt bs=1024 count=1048576

Format new partition

mkfs.ext3 -j /var/tmpMnt

Press Y when asked

Backup old /tmp

cp -Rp /tmp /tmp_backup

Mount the new /tmp filesystem

mount -o loop,noexec,nosuid,rw /var/tmpMnt /tmp

Set the appropriate permissions

chmod 1777 /tmp

Copy files back to /tmp

cp -Rp /tmp_backup/* /tmp/

Add new /tmp to fstab

echo "/var/tmpMnt /tmp ext3 loop,rw,noexec,nosuid,nodev 0 0? >> /etc/fstab

Symlink /var/tmp to /tmp

rm -rf /var/tmp/
ln -s /tmp/ /var/tmp
  • mount, centos, dedicated servers, virtual private servers
  • 2 Users Found This Useful
Was this answer helpful?

Related Articles

Binding multiple IPs to one interface in Centos

The steps to add additional IP's to one network card / interface in Centos are as follows:1.)...

Installation of Directadmin on CentOS

In this guide I will be explaining how to install Direct Admin on a clean installation of CentOS...

Installation CSF Firewall on CentOS 5 and 6

The ConfigServer Security & Firewall is a popular open source Stateful Packet Inspection...

Installation of SpamAssassin on DirectAdmin

In this guide I will be explaining how to install and configure SpamAssasin on a Direct Admin...

Installation Rootkit Hunter (rkhunter) on CentOS

Rootkit Hunter (rkhunter) is a Unix-based tool that scans for rootkits, backdoors and possible...