Re: [CentOS] Deleting contents of /tmp on shutdown
-Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Geerd-Dietger Hoffmann Sent: Saturday, December 12, 2009 11:22 PM To: CentOS mailing list Subject: Re: [CentOS] Deleting contents of /tmp on shutdown On Sat, Dec 12, 2009 at 10:05 PM, Thomas Dukes tdu...@sc.rr.com wrote: I have the /tmp in memory, which effectively deletes everything on reboot. Maybe another solution? How do you achieve that? -- /Sorin smime.p7s Description: S/MIME cryptographic signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Deleting contents of /tmp on shutdown
Quoting Sorin Srbu sorin.s...@orgfarm.uu.se: -Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Geerd-Dietger Hoffmann Sent: Saturday, December 12, 2009 11:22 PM To: CentOS mailing list Subject: Re: [CentOS] Deleting contents of /tmp on shutdown On Sat, Dec 12, 2009 at 10:05 PM, Thomas Dukes tdu...@sc.rr.com wrote: I have the /tmp in memory, which effectively deletes everything on reboot. Maybe another solution? How do you achieve that? -- /Sorin using tmpfs? http://kevin.vanzonneveld.net/techblog/article/create_turbocharged_storage_using_tmpfs/ -- Eero ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Deleting contents of /tmp on shutdown
-Original Message- From: Eero Volotinen [mailto:eero.voloti...@iki.fi] Sent: Monday, December 14, 2009 9:27 AM To: CentOS mailing list; Sorin Srbu Cc: 'CentOS mailing list' Subject: Re: [CentOS] Deleting contents of /tmp on shutdown I have the /tmp in memory, which effectively deletes everything on reboot. Maybe another solution? How do you achieve that? -- /Sorin using tmpfs? http://kevin.vanzonneveld.net/techblog/article/create_turbocharged_storage_ using_t mpfs/ Thanks, I'll look up on this. Have a few machines that would most probably benefit from this. Amazing, this temp-cache-in-RAM is a déjà vu from my OS/2-days some ten-ish years back... Never thought I'd use the same techniques now as then. 8-) -- /Sorin smime.p7s Description: S/MIME cryptographic signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Deleting contents of /tmp on shutdown
-Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Eero Volotinen Sent: Monday, December 14, 2009 3:27 AM To: CentOS mailing list; Sorin Srbu Cc: 'CentOS mailing list' Subject: Re: [CentOS] Deleting contents of /tmp on shutdown Quoting Sorin Srbu sorin.s...@orgfarm.uu.se: -Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Geerd-Dietger Hoffmann Sent: Saturday, December 12, 2009 11:22 PM To: CentOS mailing list Subject: Re: [CentOS] Deleting contents of /tmp on shutdown On Sat, Dec 12, 2009 at 10:05 PM, Thomas Dukes tdu...@sc.rr.com wrote: I have the /tmp in memory, which effectively deletes everything on reboot. Maybe another solution? How do you achieve that? -- /Sorin using tmpfs? http://kevin.vanzonneveld.net/techblog/article/create_turbocha rged_storage_using_tmpfs/ One thing that's not clear in the two links that have been posted about doing this is, do you add the line or replace the the line already present in /etc/fstab? /dev/VolGroup00/LogVol00 / ext3defaults1 1 LABEL=/boot /boot ext3defaults1 2 none/dev/ptsdevpts gid=5,mode=620 0 0 none/dev/shmtmpfs defaults0 0 -- none/proc procdefaults0 0 none/syssysfs defaults0 0 /dev/VolGroup00/LogVol01 swapswapdefaults0 0 Thanks ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Deleting contents of /tmp on shutdown
Ross Walker rswwal...@gmail.com wrote: On Dec 14, 2009, at 7:14 AM, Thomas Dukes tdu...@sc.rr.com wrote: -Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Eero Volotinen Sent: Monday, December 14, 2009 3:27 AM To: CentOS mailing list; Sorin Srbu Cc: 'CentOS mailing list' Subject: Re: [CentOS] Deleting contents of /tmp on shutdown Quoting Sorin Srbu sorin.s...@orgfarm.uu.se: -Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Geerd-Dietger Hoffmann Sent: Saturday, December 12, 2009 11:22 PM To: CentOS mailing list Subject: Re: [CentOS] Deleting contents of /tmp on shutdown On Sat, Dec 12, 2009 at 10:05 PM, Thomas Dukes tdu...@sc.rr.com wrote: I have the /tmp in memory, which effectively deletes everything on reboot. Maybe another solution? How do you achieve that? -- /Sorin using tmpfs? http://kevin.vanzonneveld.net/techblog/article/create_turbocha rged_storage_using_tmpfs/ One thing that's not clear in the two links that have been posted about doing this is, do you add the line or replace the the line already present in /etc/fstab? /dev/VolGroup00/LogVol00 / ext3 defaults1 1 LABEL=/boot /boot ext3 defaults1 2 none/dev/ptsdevpts gid=5,mode=620 0 0 none/dev/shmtmpfs defaults0 0 -- none/proc proc defaults0 0 none/syssysfs defaults0 0 /dev/VolGroup00/LogVol01 swapswap defaults0 0 Here is what I put in my fstab: tmpfs /tmp tmpfs defaults 0 0 And your done. By default it will use 1/2 of your memory and under pressure it's first to swap and even if you run off swap it gives comparable performance to the way it is now. -Ross Thanks, Ross Do I leave this line in tact or remove/replace it: none/dev/shmtmpfs ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Deleting contents of /tmp on shutdown
On Dec 14, 2009, at 9:55 AM, tdu...@sc.rr.com wrote: Ross Walker rswwal...@gmail.com wrote: On Dec 14, 2009, at 7:14 AM, Thomas Dukes tdu...@sc.rr.com wrote: -Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Eero Volotinen Sent: Monday, December 14, 2009 3:27 AM To: CentOS mailing list; Sorin Srbu Cc: 'CentOS mailing list' Subject: Re: [CentOS] Deleting contents of /tmp on shutdown Quoting Sorin Srbu sorin.s...@orgfarm.uu.se: -Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Geerd-Dietger Hoffmann Sent: Saturday, December 12, 2009 11:22 PM To: CentOS mailing list Subject: Re: [CentOS] Deleting contents of /tmp on shutdown On Sat, Dec 12, 2009 at 10:05 PM, Thomas Dukes tdu...@sc.rr.com wrote: I have the /tmp in memory, which effectively deletes everything on reboot. Maybe another solution? How do you achieve that? -- /Sorin using tmpfs? http://kevin.vanzonneveld.net/techblog/article/create_turbocha rged_storage_using_tmpfs/ One thing that's not clear in the two links that have been posted about doing this is, do you add the line or replace the the line already present in /etc/fstab? /dev/VolGroup00/LogVol00 / ext3 defaults1 1 LABEL=/boot /boot ext3 defaults1 2 none/dev/ptsdevpts gid=5,mode=620 0 0 none/dev/shmtmpfs defaults0 0 -- none/proc proc defaults0 0 none/syssysfs defaults0 0 /dev/VolGroup00/LogVol01 swapswap defaults0 0 Here is what I put in my fstab: tmpfs /tmp tmpfs defaults 0 0 And your done. By default it will use 1/2 of your memory and under pressure it's first to swap and even if you run off swap it gives comparable performance to the way it is now. -Ross Thanks, Ross Do I leave this line in tact or remove/replace it: none/dev/shmtmpfs No, leave the existing /dev/shm, some apps depend on it. You can use the 'none' keyword too for /tmp as in: none /tmp tmpfs defaults 0 0 Either 'tmpfs' or 'none' should work. -Ross ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Deleting contents of /tmp on shutdown
-Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Geerd-Dietger Hoffmann Sent: Saturday, December 12, 2009 10:18 PM To: CentOS mailing list Subject: Re: [CentOS] Deleting contents of /tmp on shutdown On Sun, Dec 13, 2009 at 3:10 AM, Thomas Dukes tdu...@sc.rr.com wrote: Today, I found upd.pl in my tmp directory. The date was oct 09. I also found my /etc/passwd and /etc/shadow had been changed with a user of 0Profile added. I deleted the old files and restored those from backup. I ran my chkrootkit and installed mod_security. SSH is not running so I don't know how this happened. Perhaps your system is not as simple as you think it is. ;-/ --keith Thanks, Keith! Guess I'd better brush up on my vi commands in case I have to boot from a rescue disk. :-) All you need is [Esc]q! :) Just guessing here, but to do this, I need to add: tmpfs /tmp tmpfs size=100M,mode=0755 0 0 To my /etc/fstb and cross my fingers? I would make it a little bigger as 100M depending on how much memory you have. And the mode should be the same as /tmp would normally be = mode=777 :) I have 1GB of RAM. What would be a good size? If you have been hacked, like it seams you have, you should first find out how the guy got in. Do you have a webserver running? Firewall enabled? Then just to be safe I would always reinstall as you never know what he might have done. The udp.pl file was owned by apache. Not sure that would matter. I have no cluse as to how it got there. The date on the file was oct 09 and those logs have already been rotated out. Then you can modify the tmp in fstab Cheers Didi Running a full backup now. When complete, I will make the changes to fstab. Thanks!! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Deleting contents of /tmp on shutdown
Owned by apache in tmp? Sounds like an insecure web app or injection attack. 2009/12/13 Thomas Dukes tdu...@sc.rr.com -Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Geerd-Dietger Hoffmann Sent: Saturday, December 12, 2009 10:18 PM To: CentOS mailing list Subject: Re: [CentOS] Deleting contents of /tmp on shutdown On Sun, Dec 13, 2009 at 3:10 AM, Thomas Dukes tdu...@sc.rr.com wrote: Today, I found upd.pl in my tmp directory. The date was oct 09. I also found my /etc/passwd and /etc/shadow had been changed with a user of 0Profile added. I deleted the old files and restored those from backup. I ran my chkrootkit and installed mod_security. SSH is not running so I don't know how this happened. Perhaps your system is not as simple as you think it is. ;-/ --keith Thanks, Keith! Guess I'd better brush up on my vi commands in case I have to boot from a rescue disk. :-) All you need is [Esc]q! :) Just guessing here, but to do this, I need to add: tmpfs /tmp tmpfs size=100M,mode=0755 0 0 To my /etc/fstb and cross my fingers? I would make it a little bigger as 100M depending on how much memory you have. And the mode should be the same as /tmp would normally be = mode=777 :) I have 1GB of RAM. What would be a good size? If you have been hacked, like it seams you have, you should first find out how the guy got in. Do you have a webserver running? Firewall enabled? Then just to be safe I would always reinstall as you never know what he might have done. The udp.pl file was owned by apache. Not sure that would matter. I have no cluse as to how it got there. The date on the file was oct 09 and those logs have already been rotated out. Then you can modify the tmp in fstab Cheers Didi Running a full backup now. When complete, I will make the changes to fstab. Thanks!! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Deleting contents of /tmp on shutdown
2009/12/13 Thomas Dukes tdu...@sc.rr.com: The udp.pl file was owned by apache. Not sure that would matter. I have no cluse as to how it got there. The date on the file was oct 09 and those logs have already been rotated out. I'd recommend reinstalling from scratch, just to be safe. Admittedly, I am incredibly paranoid... Ben ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Deleting contents of /tmp on shutdown
On Sat, Dec 12, 2009 at 02:33:33PM -0500, Thomas Dukes wrote: I use to have a line of code in /etc/init.d/syslog (I think this was the file) to delete the contents of my /tmp directory on shutdown. In /etc/init.d/syslog? That seems like a bad place to put it, even if it does check (as I assume it must have) the current runlevel, and only deletes in runlevels [016] or [06]; if it gets killed too early, you could delete a file from /tmp that is needed to cleanly kill off a subsequent process. /etc/init.d/halt calls /sbin/halt.local, which might be a good place, except that it's already umounted nonessential filesystems by then, so if you have /tmp on a different fs putting it there won't work. (You could mount it from halt.local, clean it, then umount it, but that seems extremely kludgy.) You could write your own simple script and link it in /etc/rc[06].d/ to run after S00killall but before S01halt or S01reboot. (It is not clear to me whether enough processes are killed off that cleaning /tmp is safe here; might be worth testing in a noncritical environment first.) --keith -- kkel...@speakeasy.net pgpyHGrV4zYRm.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Deleting contents of /tmp on shutdown
-Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Keith Keller Sent: Saturday, December 12, 2009 4:50 PM To: CentOS mailing list Subject: Re: [CentOS] Deleting contents of /tmp on shutdown On Sat, Dec 12, 2009 at 02:33:33PM -0500, Thomas Dukes wrote: I use to have a line of code in /etc/init.d/syslog (I think this was the file) to delete the contents of my /tmp directory on shutdown. In /etc/init.d/syslog? That seems like a bad place to put it, even if it does check (as I assume it must have) the current runlevel, and only deletes in runlevels [016] or [06]; if it gets killed too early, you could delete a file from /tmp that is needed to cleanly kill off a subsequent process. /etc/init.d/halt calls /sbin/halt.local, which might be a good place, except that it's already umounted nonessential filesystems by then, so if you have /tmp on a different fs putting it there won't work. (You could mount it from halt.local, clean it, then umount it, but that seems extremely kludgy.) You could write your own simple script and link it in /etc/rc[06].d/ to run after S00killall but before S01halt or S01reboot. (It is not clear to me whether enough processes are killed off that cleaning /tmp is safe here; might be worth testing in a noncritical environment first.) --keith As I said, I think that was were the code was added. Just not really sure. I remember the files were deleted on shutdown/reboot. Been reading and have seen it may be better to delete the tmp directory files on boot before any services start. What do you think? Thanks, Eddie ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Deleting contents of /tmp on shutdown
On Sat, Dec 12, 2009 at 10:05 PM, Thomas Dukes tdu...@sc.rr.com wrote: -Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Keith Keller Sent: Saturday, December 12, 2009 4:50 PM To: CentOS mailing list Subject: Re: [CentOS] Deleting contents of /tmp on shutdown On Sat, Dec 12, 2009 at 02:33:33PM -0500, Thomas Dukes wrote: I use to have a line of code in /etc/init.d/syslog (I think this was the file) to delete the contents of my /tmp directory on shutdown. In /etc/init.d/syslog? That seems like a bad place to put it, even if it does check (as I assume it must have) the current runlevel, and only deletes in runlevels [016] or [06]; if it gets killed too early, you could delete a file from /tmp that is needed to cleanly kill off a subsequent process. /etc/init.d/halt calls /sbin/halt.local, which might be a good place, except that it's already umounted nonessential filesystems by then, so if you have /tmp on a different fs putting it there won't work. (You could mount it from halt.local, clean it, then umount it, but that seems extremely kludgy.) You could write your own simple script and link it in /etc/rc[06].d/ to run after S00killall but before S01halt or S01reboot. (It is not clear to me whether enough processes are killed off that cleaning /tmp is safe here; might be worth testing in a noncritical environment first.) --keith As I said, I think that was were the code was added. Just not really sure. I remember the files were deleted on shutdown/reboot. Been reading and have seen it may be better to delete the tmp directory files on boot before any services start. What do you think? I have the /tmp in memory, which effectively deletes everything on reboot. Maybe another solution? Cheers Didi -- My www page: www.ribalba.de Email / Jabber: riba...@gmail.com Skype : ribalba ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Deleting contents of /tmp on shutdown
-Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Geerd-Dietger Hoffmann Sent: Saturday, December 12, 2009 5:22 PM To: CentOS mailing list Subject: Re: [CentOS] Deleting contents of /tmp on shutdown On Sat, Dec 12, 2009 at 10:05 PM, Thomas Dukes tdu...@sc.rr.com wrote: -Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Keith Keller Sent: Saturday, December 12, 2009 4:50 PM To: CentOS mailing list Subject: Re: [CentOS] Deleting contents of /tmp on shutdown On Sat, Dec 12, 2009 at 02:33:33PM -0500, Thomas Dukes wrote: I use to have a line of code in /etc/init.d/syslog (I think this was the file) to delete the contents of my /tmp directory on shutdown. In /etc/init.d/syslog? That seems like a bad place to put it, even if it does check (as I assume it must have) the current runlevel, and only deletes in runlevels [016] or [06]; if it gets killed too early, you could delete a file from /tmp that is needed to cleanly kill off a subsequent process. /etc/init.d/halt calls /sbin/halt.local, which might be a good place, except that it's already umounted nonessential filesystems by then, so if you have /tmp on a different fs putting it there won't work. (You could mount it from halt.local, clean it, then umount it, but that seems extremely kludgy.) You could write your own simple script and link it in /etc/rc[06].d/ to run after S00killall but before S01halt or S01reboot. (It is not clear to me whether enough processes are killed off that cleaning /tmp is safe here; might be worth testing in a noncritical environment first.) --keith As I said, I think that was were the code was added. Just not really sure. I remember the files were deleted on shutdown/reboot. Been reading and have seen it may be better to delete the tmp directory files on boot before any services start. What do you think? I have the /tmp in memory, which effectively deletes everything on reboot. Maybe another solution? Cheers Didi Hi Didi, I read that was an option also. How would I move my /tmp to RAM? TIA ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Deleting contents of /tmp on shutdown
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Thomas Dukes wrote: snip I have the /tmp in memory, which effectively deletes everything on reboot. Maybe another solution? Cheers Didi Hi Didi, I read that was an option also. How would I move my /tmp to RAM? TIA ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos +1 for tmpfs :) Heres an example: http://www.howtoforge.com/storing-files-directories-in-memory-with-tmpfs -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJLJCtyAAoJEJgMwfbkYL1RUlIQAIF3TrtIqEnWPaXmkiyml5uq mMLDM22i6cpvqp5XbkSyS7PJXBEBfn9GfNeEYF+H9KBldyjDbVNpxsIzhkSGDoFQ JsZqnh7BZyIvfOLsoxk9bjj8UHldfLKw3h7n/JJ6lFUhk16GgZFeZBqanY3osvFJ REASuLaMIcDso6LOA9Ckq6kJOy2SBrc5JD9UWxvjp6a1FnkwxFoBEJGsiC1zicU9 1nWy0EwcTPLKCSnAy11uX+VBCjUOg7lMMspN0p8N0PmHoZcPdY9M1wftFZ2jX1VL OAGB5z34REmgyEHr/8k1G4f/Rm7tzbEKgmxXM2bc5CASs7t+kNYrqjk+uuGMyP0z K3uIQjGn+gqsvU0FzNGc7iWuVupyzrpJECkkT8CvORjmUuskgpeZpmp7gum+knVp mgdoqv/We8gBBEt3Myvq6tlv38iCEIlJomaca2HHytSjie58FbS9QBPWrmJo0RBd 5T2xiBI3pbl0mh0bIkdIY90cVLYuBE6wflV49F2ZW5kdNeLtDOCgv5ihTdNs5iHt EoMrFdyx4W6znpP2TeToGmKZndXobHpS5pm2bvZjAX2IbWWVd+eZ1MiF/c9GzyMW tUNLoEgzLfLCU+tPumxaZwo/f1iK+7cyw8uzk6NDc1zoV/bJI8erbgwIYz/hzcAb rgnLjFR2c71oiox2/BOK =7pPE -END PGP SIGNATURE- smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Deleting contents of /tmp on shutdown
-Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Larry Brower Sent: Saturday, December 12, 2009 6:47 PM To: CentOS mailing list Subject: Re: [CentOS] Deleting contents of /tmp on shutdown -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Thomas Dukes wrote: snip I have the /tmp in memory, which effectively deletes everything on reboot. Maybe another solution? Cheers Didi Hi Didi, I read that was an option also. How would I move my /tmp to RAM? TIA ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos +1 for tmpfs :) Heres an example: http://www.howtoforge.com/storing-files-directories-in-memory- with-tmpfs Thanks for the link. It's a little over my head though. I run a simple system that requires very little involvement on my part. Today, I found upd.pl in my tmp directory. The date was oct 09. I also found my /etc/passwd and /etc/shadow had been changed with a user of 0Profile added. I deleted the old files and restored those from backup. I ran my chkrootkit and installed mod_security. SSH is not running so I don't know how this happened. I'm running CentOS 5.4 and everyone should check their system!! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Deleting contents of /tmp on shutdown
On Sat, Dec 12, 2009 at 07:35:51PM -0500, Thomas Dukes wrote: Thanks for the link. It's a little over my head though. No it isn't. The main thing you need is mount -t tmpfs -o size=100M,mode=0755 tmpfs /var/www/www.example.com/cache You would adjust size to be the size of the vmdisk you want, and adjust /var/www... to be /tmp. If you want this on boot, put the appropriate entry into /etc/fstab: tmpfs /var/www/www.example.com/cache tmpfs size=100M,mode=0755 0 0 (same adjustments here) Today, I found upd.pl in my tmp directory. The date was oct 09. I also found my /etc/passwd and /etc/shadow had been changed with a user of 0Profile added. I deleted the old files and restored those from backup. I ran my chkrootkit and installed mod_security. SSH is not running so I don't know how this happened. Perhaps your system is not as simple as you think it is. ;-/ --keith -- kkel...@speakeasy.net ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Deleting contents of /tmp on shutdown
-Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Keith Keller Sent: Saturday, December 12, 2009 9:19 PM To: CentOS mailing list Subject: Re: [CentOS] Deleting contents of /tmp on shutdown On Sat, Dec 12, 2009 at 07:35:51PM -0500, Thomas Dukes wrote: Thanks for the link. It's a little over my head though. No it isn't. The main thing you need is mount -t tmpfs -o size=100M,mode=0755 tmpfs /var/www/www.example.com/cache You would adjust size to be the size of the vmdisk you want, and adjust /var/www... to be /tmp. If you want this on boot, put the appropriate entry into /etc/fstab: tmpfs /var/www/www.example.com/cache tmpfs size=100M,mode=0755 0 0 (same adjustments here) Today, I found upd.pl in my tmp directory. The date was oct 09. I also found my /etc/passwd and /etc/shadow had been changed with a user of 0Profile added. I deleted the old files and restored those from backup. I ran my chkrootkit and installed mod_security. SSH is not running so I don't know how this happened. Perhaps your system is not as simple as you think it is. ;-/ --keith Thanks, Keith! Guess I'd better brush up on my vi commands in case I have to boot from a rescue disk. :-) Just guessing here, but to do this, I need to add: tmpfs /tmp tmpfs size=100M,mode=0755 0 0 To my /etc/fstb and cross my fingers? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Deleting contents of /tmp on shutdown
On Sun, Dec 13, 2009 at 3:10 AM, Thomas Dukes tdu...@sc.rr.com wrote: Today, I found upd.pl in my tmp directory. The date was oct 09. I also found my /etc/passwd and /etc/shadow had been changed with a user of 0Profile added. I deleted the old files and restored those from backup. I ran my chkrootkit and installed mod_security. SSH is not running so I don't know how this happened. Perhaps your system is not as simple as you think it is. ;-/ --keith Thanks, Keith! Guess I'd better brush up on my vi commands in case I have to boot from a rescue disk. :-) All you need is [Esc]q! :) Just guessing here, but to do this, I need to add: tmpfs /tmp tmpfs size=100M,mode=0755 0 0 To my /etc/fstb and cross my fingers? I would make it a little bigger as 100M depending on how much memory you have. And the mode should be the same as /tmp would normally be = mode=777 :) If you have been hacked, like it seams you have, you should first find out how the guy got in. Do you have a webserver running? Firewall enabled? Then just to be safe I would always reinstall as you never know what he might have done. Then you can modify the tmp in fstab Cheers Didi -- My www page: www.ribalba.de Email / Jabber: riba...@gmail.com Skype : ribalba ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Deleting contents of /tmp on shutdown
On Sun, Dec 13, 2009 at 03:17:37AM +, Geerd-Dietger Hoffmann wrote: I would make it a little bigger as 100M depending on how much memory you have. And the mode should be the same as /tmp would normally be = mode=777 :) /tmp is 1777 by default. John -- It has to be said, we must all own up that without Les Paul, generations of flash little punks like us would be in jail or cleaning toilets. This man, by his genius, made the road that we still travel today. I don't know how he did it, but I'm so grateful he did. -- Stones guitarist Keith Richards pgp03lXTYCEsC.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
