CSF: “Check /dev/shm is mounted in noexec,nosuid”

To keep your server up and running in smooth way, we have to keep on eye on our server but for security point of view, what we will do? for that, in our mind the only one thing is there, that is called firewall and what kind of firewall we are going to use either hardware or software. For hardware we need to spend more money but software no need to spend even single rupees because lots of opensource software readily available to install and configure.

In my server I have installed CSF firewall, When i checking in configuration @ WHM >> ConfigServer Security & Firewall >> Check Server Security. I found that “Check /dev/shm is mounted in noexec,nosuid” and need to configure it properly to secure that partition.

How to resolve this issue ?

We need to Secure “/dev/shm” partition to solve the issue. Login to ssh & edit the file /etc/fstab and modify the following line.

[email protected] [~]# nano /etc/fstab
  GNU nano 2.0.9                                           File: /etc/fstab


#
# /etc/fstab
# Created by anaconda on Sat Oct 20 05:18:25 2012
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
UUID=02b56de1-a737-48ec-945f-c6f6301541aa       /       ext3    usrjquota=quota.user,jqfmt=vfsv0        1       1
UUID=b18386ae-633c-430c-85be-76132db5dd5a /boot                   ext2    defaults        1 2
UUID=d6059278-6690-4877-8660-c70d05af30fe swap                    swap    defaults        0 0
tmpfs                   /dev/shm                tmpfs   defaults        0 0
devpts                  /dev/pts                devpts  gid=5,mode=620  0 0
sysfs                   /sys                    sysfs   defaults        0 0
proc                    /proc                   proc    defaults        0 0

Add this (“noexec,nosuid”) followed by the defaults like shown below.

[email protected] [~]# nano /etc/fstab
  GNU nano 2.0.9                                           File: /etc/fstab


#
# /etc/fstab
# Created by anaconda on Sat Oct 20 05:18:25 2012
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
UUID=02b56de1-a737-48ec-945f-c6f6301541aa       /       ext3    usrjquota=quota.user,jqfmt=vfsv0        1       1
UUID=b18386ae-633c-430c-85be-76132db5dd5a /boot                   ext2    defaults        1 2
UUID=d6059278-6690-4877-8660-c70d05af30fe swap                    swap    defaults        0 0
tmpfs                   /dev/shm                tmpfs   defaults,noexec,nosuid        0 0
devpts                  /dev/pts                devpts  gid=5,mode=620  0 0
sysfs                   /sys                    sysfs   defaults        0 0
proc                    /proc                   proc    defaults        0 0
tmpfs /dev/shm tmpfs defaults,noexec,nosuid 0 0

Then run the following commands to make it work properly

[email protected] [~]# umount /dev/shm

[email protected] [~]# mount /dev/shm
or
[email protected] [~]# mount -o remount /dev/shm

Go to >> WHM>> ConfigServer Security & Firewall>> Check Server Security. Now its secured..keep..smile.)

Magesh Maruthamuthu

Love to play with all Linux distribution

You may also like...

Shares
Close
Please support the site
By clicking any of these buttons you help our site to get better