As we know that most of the sites are Hacked by uploading scripts to /tmp. It will be worthwhile to give /tmp it's own partition and mount it using noexec- This would protect your system from MANY local and remote exploits of rootkits being run from your /tmp folder.

On many shared servers everything is lumped in / and a small amount partitioned for /boot and some for swap. This setup leaves you no room for additional partition unless you have a second hard drive. Here you will see how to create a secure /tmp partition even while your server is already up and running.


cd /dev


Create a file for your /tmp partition of 100MB or more.

dd if=/dev/zero of=tmpMnt bs=1024 count=100000


Make an extended filesystem for our tmpMnt file

/sbin/mke2fs /dev/tmpMnt

Backup your /tmp dir.

cd /
cp -R /tmp /tmp_backup

Mount the new /tmp filesystem with noexec


mount -o loop,noexec,nosuid,rw /dev/tmpMnt /tmp

chmod 1777 /tmp


Copy everything back to new /tmp and remove backup

cp -R /tmp_backup/* /tmp/

rm -rf /tmp_backup


Now we need to add this to fstab so it mounts automatically on reboots.

pico -w /etc/fstab

You should see something like this:

/dev/hda3 / ext3 defaults,usrquota 1 1
/dev/hda1 /boot ext3 defaults 1 2
none /dev/pts devpts gid=5,mode=620 0 0
none /proc proc defaults 0 0
none /dev/shm tmpfs defaults 0 0
/dev/hda2 swap swap defaults 0 0

At the bottom add

/dev/tmpMnt /tmp ext2 loop,noexec,nosuid,rw 0 0