King of the Potato People » security http://www.potato-people.com/blog Code, photos and ramblings of Rick Hodger Fri, 27 Aug 2010 09:56:59 +0000 en hourly 1 http://wordpress.org/?v=3.0.1 Making your webserver a little bit more secure. http://www.potato-people.com/blog/2008/04/making-your-webserver-a-little-bit-more-secure/ http://www.potato-people.com/blog/2008/04/making-your-webserver-a-little-bit-more-secure/#comments Thu, 10 Apr 2008 09:39:14 +0000 rick http://www.potato-people.com/blog/?p=3 The most common attack vector on Linux web servers, is to get something uploaded onto the server that can then be executed. Most of these automated attacks try to put their payload into /tmp, which is universally writable by any user, and then execute it.

But what if they couldn’t execute it?

This is an easy way to beef up your webserver server security a little. Create a 1GB partition on your system, and in your fstab file, add a “noexec flag” like so:

/dev/sda3 /tmp ext3 acl,user_xattr,noexec 1 1

Now, the system will prevent any executable in /tmp from being executed and thus sealing off the most common flaw that allows for most automated attacks to work.

No unallocated space on your disk and don’t want to risk resizing? Use a loopback filesystem.

/dev/loop0 /tmp ext3 acl,user_xattr,noexec 1 1

]]> http://www.potato-people.com/blog/2008/04/making-your-webserver-a-little-bit-more-secure/feed/ 0