Suspicious file in /var/tmp/.X1-unix
Hello,
i want to ask i got warning from firewall:
File: /var/tmp/.X1-unix
Reason: Suspicious directory
it has rights of one of the cpanel accounts. i want to ask what is this /var/tmp and how it could create this file, how to prevent?
-
/var/tmp is /tmp is symbolically linked 0 -
You can find many threads around the fourm regarding securing tmp folder. Use : /scripts/securetmp 0 -
You can find many threads around the fourm regarding securing tmp folder. Use : /scripts/securetmp
/scripts/securetmp failes because OpenVZ which im using do not work with "loop devices", you taking like there can be more ways on how to secure /tmp, what are other ways except using loop device/s? thank you0 -
Under VPS edit /etc/fstab, nano /etc/fstab and insert below lines, mount /dev/loop0 -o noexec,nosuid,rw /dev/tmpFS /tmp mount /dev/loop0 /dev/tmpFS -o noexec,nosuid,rw
Now run command below,mount -obind,nosuid,noexec,nodev,rw /usr/tmp /tmp
You /tmp is mounted now with noexec secure!0 -
Hello :) Feel free to try the steps offered in the previous post and let us know if that helps. Thank you. 0 -
Feel free to try the steps offered in the previous post and let us know if that helps.
I want to try it and update this thread with results, but can You please tell me what it basically do? How i can safelly revert that process? Thank you0 -
I would advise against editing your /etc/fstab unless you are fully aware of the changes you are making and the implications of them. You can backup the file first before editing it and revert, however, you are changing file system mounting configuration by editing that file. If in doubt consult with your host. You mention that /scripts/securetmp fails due to lack of support for loop devices on your virtualiztaion platform: the advice given is using /dev/loop0 which will likely not work if the securetmp script does not work. 0
Please sign in to leave a comment.
Comments
7 comments