Tuesday, November 20, 2012

Increase /tmp Partition Size in cPanel and secure it


cPanel’s new securetmp script is handy to prevent users from executing malicious code in /tmp or /var/tmp but if your software is like a lot out there and doesn’t have any garbage collection, you’ll find your /tmp partition filling up quickly. By default, cPanel’s script uses a limit of 512MB, and for those with large session data files (storing image data, for instance) this amount is fairly small. I played around with the script and although the 512MB value is easily changed, a good amount of the code would have to be tweaked in order to re-do an existing secured /tmp.
I have included below the sequence of commands I used to expand the “partition” to 1GB. I quote it because it’s not really a partition in the normal sense, but a 1GB file mounted as a loop block device. Note that in the instructions below I only stop MySQL, which is due the mysql.sock file it uses, however you will want to stop any other processes using /tmp as well. You can find these by running lsof|grep /tmp and using the output PID/process name to stop accordingly (commonly you will also need to stop the cpanel and apache services as well).
Here are the steps:
# /etc/init.d/mysql stop
# cp -af /var/tmp /var/tmp.bak
# umount /var/tmp
# umount /tmp
# rm -f /usr/tmpDSK
# dd if=/dev/zero of=/usr/tmpDSK bs=1024 count=1048576
# mkfs /usr/tmpDSK
# tune2fs -j /usr/tmpDSK
# mount -t ext3 -o nosuid,noexec,loop /usr/tmpDSK /tmp
# mount -o bind,noexec,nosuid /tmp /var/tmp
# cp -a /var/tmp.bak/* /tmp/
# rm -rf /var/tmp.bak/
# chmod 1777 /tmp
# /etc/init.d/mysql start

You should now see the increase /tmp partition size:

root@server [~]# df -h|grep tmp
/usr/tmpDSK           1006M   13M  993M   1% /tmp

OR Follow below steps:

1. Stop cpanel, apache (litespeed), mysql services:
/etc/init.d/cpanel stop
/etc/init.d/httpd stop
/etc/init.d/lsws stop
/etc/init.d/mysql stop
2. Umount /tmp and /var/tmp:
umount -l /tmp
umount -l /var/tmp
3. Move /usr/tmpDSK file to another location (just in case you’ll need to mount it somewhere else to preserve data):
mv /usr/tmpDSK /usr/tmpDSK_back
4. Modify /scripts/securetmp to set tmpdsksize to desired size:
vi /scripts/securetmp
$tmpdsksize = 2048000
5. Run:
/scripts/securetmp
6. Start cpanel, apache (litespeed), mysql services:
/etc/init.d/cpanel start
/etc/init.d/httpd start
/etc/init.d/lsws start
/etc/init.d/mysql start
at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)