Skip to content

限制/tmp分区的执行权限

Linux的提权rootkit基本都是已编译的执行文件。禁止其在/tmp下的运行可降低黑客入侵的可能性。 Perl、PHP脚本属于解释型语言,可通过perl/php命令直接调用,即使脚本存放于/tmp也不受限制。

先以有独立/tmp分区的为例

1.mount 查看一下/tmp为default

/dev/mapper/VolGroup00-LogVol01 on / type ext3 (rw) proc on /proc type proc (rw) sysfs on /sys type sysfs (rw) devpts on /dev/pts type devpts (rw,gid=5,mode=620) /dev/mapper/VolGroup01-LogVol00 on /opt type ext3 (rw) /dev/mapper/VolGroup00-LogVol03 on /var type ext3 (rw) /dev/mapper/VolGroup00-LogVol02 on /tmp type ext3 (rw) /dev/sda1 on /boot type ext3 (rw) tmpfs on /dev/shm type tmpfs (rw) none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)

2.给/tmp加上(nosuid,noexec) vi /etc/fstab

/dev/VolGroup00/LogVol01 / ext3 defaults 1 1 /dev/VolGroup01/LogVol00 /opt ext3 defaults 1 2 /dev/VolGroup00/LogVol03 /var ext3 defaults 1 2 /dev/VolGroup00/LogVol02 /tmp ext3 defaults,nosuid,noexec 1 2 LABEL=/boot /boot ext3 defaults 1 2 tmpfs /dev/shm tmpfs defaults 0 0 devpts /dev/pts devpts gid=5,mode=620 0 0 sysfs /sys sysfs defaults 0 0 proc /proc proc defaults 0 0 /dev/VolGroup00/LogVol00 swap swap defaults 0 0

3.依据fstab重新载入/tmp mount -oremount /tmp

4.再次查看 mount

/dev/mapper/VolGroup00-LogVol01 on / type ext3 (rw) proc on /proc type proc (rw) sysfs on /sys type sysfs (rw) devpts on /dev/pts type devpts (rw,gid=5,mode=620) /dev/mapper/VolGroup01-LogVol00 on /opt type ext3 (rw) /dev/mapper/VolGroup00-LogVol03 on /var type ext3 (rw) /dev/mapper/VolGroup00-LogVol02 on /tmp type ext3 (rw,noexec,nosuid) /dev/sda1 on /boot type ext3 (rw) tmpfs on /dev/shm type tmpfs (rw) none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)

5.执行文件测试 vi test.sh

#!/bin/bash echo ‘/tmp test’

chmod u+x ./test.sh ./test.sh -bash: ./test.sh: /bin/bash: bad interpreter: Permission denied

6.迁移/var/tmp目录

mv /var/tmp/* /tmp/ rm -fr /var/tmp ln -s /tmp /var/tmp

对不存在独立/tmp分区的可以用dd创建个10G大小文件作/tmp

cd /usr/ dd if=/dev/zero of=Tmp bs=1024 count=10000000 mkfs -t ext3 /usr/Tmp mkdir /tmp_backup cp -ar /tmp /tmp_backup mount -o loop,rw,noexec,nosuid /usr/Tmp /tmp cp -ar /tmp_backup/tmp/* /tmp/ chmod 0777 /tmp chmod +t /tmp rm -rf /tmp_backup #放入fstab 中启动加载 echo “/usr/Tmp /tmp ext3 loop,rw,noexec,nosuid 0 0” >> /etc/fstab

Posted in 安全.

Tagged with , .

rev="post-1360" No comments

By C1G 2012/04/06

No Responses (yet)

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.



Some HTML is OK

or, reply to this post via trackback.

« »