Making your webserver a little bit more secure.

The most common attack vector on Linux web servers, is to get something uploaded onto the server that can then be executed. Most of these automated attacks try to put their payload into /tmp, which is universally writable by any user, and then execute it.

But what if they couldn’t execute it?

This is an easy way to beef up your webserver server security a little. Create a 1GB partition on your system, and in your fstab file, add a “noexec flag” like so:

/dev/sda3 /tmp ext3 acl,user_xattr,noexec 1 1

Now, the system will prevent any executable in /tmp from being executed and thus sealing off the most common flaw that allows for most automated attacks to work.

No unallocated space on your disk and don’t want to risk resizing? Use a loopback filesystem.

/dev/loop0 /tmp ext3 acl,user_xattr,noexec 1 1

Leave a Comment