Skip to content


限制/tmp分区的执行权限

Linux的提权rootkit基本都是已编译的执行文件。禁止其在/tmp下的运行可降低黑客入侵的可能性。
Perl、PHP脚本属于解释型语言,可通过perl/php命令直接调用,即使脚本存放于/tmp也不受限制。

先以有独立/tmp分区的为例
1.mount 查看一下/tmp为default

  1. /dev/mapper/VolGroup00-LogVol01 on / type ext3 (rw)
  2. proc on /proc type proc (rw)
  3. sysfs on /sys type sysfs (rw)
  4. devpts on /dev/pts type devpts (rw,gid=5,mode=620)
  5. /dev/mapper/VolGroup01-LogVol00 on /opt type ext3 (rw)
  6. /dev/mapper/VolGroup00-LogVol03 on /var type ext3 (rw)
  7. /dev/mapper/VolGroup00-LogVol02 on /tmp type ext3 (rw)
  8. /dev/sda1 on /boot type ext3 (rw)
  9. tmpfs on /dev/shm type tmpfs (rw)
  10. none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)

2.给/tmp加上(nosuid,noexec)
vi /etc/fstab

  1. /dev/VolGroup00/LogVol01 / ext3 defaults 1 1
  2. /dev/VolGroup01/LogVol00 /opt ext3 defaults 1 2
  3. /dev/VolGroup00/LogVol03 /var ext3 defaults 1 2
  4. /dev/VolGroup00/LogVol02 /tmp ext3 defaults,nosuid,noexec 1 2
  5. LABEL=/boot /boot ext3 defaults 1 2
  6. tmpfs /dev/shm tmpfs defaults 0 0
  7. devpts /dev/pts devpts gid=5,mode=620 0 0
  8. sysfs /sys sysfs defaults 0 0
  9. proc /proc proc defaults 0 0
  10. /dev/VolGroup00/LogVol00 swap swap defaults 0 0

3.依据fstab重新载入/tmp
mount -oremount /tmp

4.再次查看
mount

  1. /dev/mapper/VolGroup00-LogVol01 on / type ext3 (rw)
  2. proc on /proc type proc (rw)
  3. sysfs on /sys type sysfs (rw)
  4. devpts on /dev/pts type devpts (rw,gid=5,mode=620)
  5. /dev/mapper/VolGroup01-LogVol00 on /opt type ext3 (rw)
  6. /dev/mapper/VolGroup00-LogVol03 on /var type ext3 (rw)
  7. /dev/mapper/VolGroup00-LogVol02 on /tmp type ext3 (rw,noexec,nosuid)
  8. /dev/sda1 on /boot type ext3 (rw)
  9. tmpfs on /dev/shm type tmpfs (rw)
  10. none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)

5.执行文件测试
vi test.sh

  1. #!/bin/bash
  2. echo '/tmp test'

chmod u+x ./test.sh
./test.sh
-bash: ./test.sh: /bin/bash: bad interpreter: Permission denied

6.迁移/var/tmp目录

  1. mv /var/tmp/* /tmp/
  2. rm -fr /var/tmp
  3. ln -s /tmp /var/tmp

对不存在独立/tmp分区的可以用dd创建个10G大小文件作/tmp

  1. cd /usr/
  2. dd if=/dev/zero of=Tmp bs=1024 count=10000000
  3. mkfs -t ext3 /usr/Tmp
  4. mkdir /tmp_backup
  5. cp -ar /tmp /tmp_backup
  6. mount -o loop,rw,noexec,nosuid /usr/Tmp /tmp
  7. cp -ar /tmp_backup/tmp/* /tmp/
  8. chmod 0777 /tmp
  9. chmod +t /tmp
  10. rm -rf /tmp_backup
  11. #放入fstab 中启动加载
  12. echo "/usr/Tmp /tmp ext3 loop,rw,noexec,nosuid 0 0" >> /etc/fstab

Posted in 安全.

Tagged with , .


No Responses (yet)

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.



Some HTML is OK

or, reply to this post via trackback.