I have seen multiple script kiddies try to hide stuff in /dev/shm due to it generally being available and allowing executables. No exec is a good idea, though I would test any important apps before doing production that way.
On a side note, the best deterrent I have found for script kiddies was to lock down outbound connections to only specifically what you need. If they cannot connect out, the server becomes a lot less desirable. Of course, keeping them out in the first place is best, but you cannot always control that with other users that can run whatever they want to. -Steve Sent from my iPhone On Jul 27, 2012, at 5:38 PM, Joshua Marsh <[email protected]> wrote: > On Fri, Jul 27, 2012 at 5:05 PM, Jacob Albretsen <[email protected]> wrote: > >> I am hardening some CentOS 5 and 6 boxes, and one of the recommendations >> I'm >> reading is to mount /dev/shm with nosuid, nodev, and noexec. I've read >> about >> what /dev/shm is, but I lack a deeper understanding. I've seen some things >> online talking about it, but nothing concrete as to why it's a good idea >> other >> than "it's more secure". Can anyone enlighten me more about this? I don't >> want to run into any unintended issues down the road (will XYZ services >> still >> work, can I still run VMs, etc etc) >> >> /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
