FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 12-12-2009, 06:33 PM
"Thomas Dukes"
 
Default Deleting contents of /tmp on shutdown

I use to have a line of code in /etc/init.d/syslog (I think this was the
file) to delete the contents of my /tmp directory on shutdown. It originally
came from fedora. I have searched for it but can't find it again.

Anyone happen to have it?

TIA

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 12-12-2009, 08:49 PM
Keith Keller
 
Default Deleting contents of /tmp on shutdown

On Sat, Dec 12, 2009 at 02:33:33PM -0500, Thomas Dukes wrote:
> I use to have a line of code in /etc/init.d/syslog (I think this was the
> file) to delete the contents of my /tmp directory on shutdown.

In /etc/init.d/syslog? That seems like a bad place to put it, even if
it does check (as I assume it must have) the current runlevel, and only
deletes in runlevels [016] or [06]; if it gets killed too early, you
could delete a file from /tmp that is needed to cleanly kill off a
subsequent process.

/etc/init.d/halt calls /sbin/halt.local, which might be a good place,
except that it's already umounted nonessential filesystems by then, so
if you have /tmp on a different fs putting it there won't work. (You
could mount it from halt.local, clean it, then umount it, but that seems
extremely kludgy.) You could write your own simple script and link it in
/etc/rc[06].d/ to run after S00killall but before S01halt or S01reboot.
(It is not clear to me whether enough processes are killed off that cleaning
/tmp is safe here; might be worth testing in a noncritical environment
first.)

--keith


--
kkeller@speakeasy.net

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 12-12-2009, 09:05 PM
"Thomas Dukes"
 
Default Deleting contents of /tmp on shutdown

> -----Original Message-----
> From: centos-bounces@centos.org
> [mailto:centos-bounces@centos.org] On Behalf Of Keith Keller
> Sent: Saturday, December 12, 2009 4:50 PM
> To: CentOS mailing list
> Subject: Re: [CentOS] Deleting contents of /tmp on shutdown
>
> On Sat, Dec 12, 2009 at 02:33:33PM -0500, Thomas Dukes wrote:
> > I use to have a line of code in /etc/init.d/syslog (I think
> this was
> > the
> > file) to delete the contents of my /tmp directory on shutdown.
>
> In /etc/init.d/syslog? That seems like a bad place to put
> it, even if it does check (as I assume it must have) the
> current runlevel, and only deletes in runlevels [016] or
> [06]; if it gets killed too early, you could delete a file
> from /tmp that is needed to cleanly kill off a subsequent process.
>
> /etc/init.d/halt calls /sbin/halt.local, which might be a
> good place, except that it's already umounted nonessential
> filesystems by then, so if you have /tmp on a different fs
> putting it there won't work. (You could mount it from
> halt.local, clean it, then umount it, but that seems
> extremely kludgy.) You could write your own simple script
> and link it in /etc/rc[06].d/ to run after S00killall but
> before S01halt or S01reboot.
> (It is not clear to me whether enough processes are killed
> off that cleaning /tmp is safe here; might be worth testing
> in a noncritical environment
> first.)
>
> --keith

As I said, I think that was were the code was added. Just not really sure.
I remember the files were deleted on shutdown/reboot.

Been reading and have seen it may be better to delete the tmp directory
files on boot before any services start. What do you think?

Thanks,

Eddie

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 12-12-2009, 09:21 PM
Geerd-Dietger Hoffmann
 
Default Deleting contents of /tmp on shutdown

On Sat, Dec 12, 2009 at 10:05 PM, Thomas Dukes <tdukes@sc.rr.com> wrote:
>
>
>> -----Original Message-----
>> From: centos-bounces@centos.org
>> [mailto:centos-bounces@centos.org] On Behalf Of Keith Keller
>> Sent: Saturday, December 12, 2009 4:50 PM
>> To: CentOS mailing list
>> Subject: Re: [CentOS] Deleting contents of /tmp on shutdown
>>
>> On Sat, Dec 12, 2009 at 02:33:33PM -0500, Thomas Dukes wrote:
>> > I use to have a line of code in /etc/init.d/syslog (I think
>> this was
>> > the
>> > file) to delete the contents of my /tmp directory on shutdown.
>>
>> In /etc/init.d/syslog? *That seems like a bad place to put
>> it, even if it does check (as I assume it must have) the
>> current runlevel, and only deletes in runlevels [016] or
>> [06]; if it gets killed too early, you could delete a file
>> from /tmp that is needed to cleanly kill off a subsequent process.
>>
>> /etc/init.d/halt calls /sbin/halt.local, which might be a
>> good place, except that it's already umounted nonessential
>> filesystems by then, so if you have /tmp on a different fs
>> putting it there won't work. *(You could mount it from
>> halt.local, clean it, then umount it, but that seems
>> extremely kludgy.) *You could write your own simple script
>> and link it in /etc/rc[06].d/ to run after S00killall but
>> before S01halt or S01reboot.
>> (It is not clear to me whether enough processes are killed
>> off that cleaning /tmp is safe here; might be worth testing
>> in a noncritical environment
>> first.)
>>
>> --keith
>
> As I said, I think that was were the code was added. *Just not really sure.
> I remember the files were deleted on shutdown/reboot.
>
> Been reading and have seen it may be better to delete the tmp directory
> files on boot before any services start. *What do you think?

I have the /tmp in memory, which effectively deletes everything on
reboot. Maybe another solution?

Cheers Didi


--

My www page: www.ribalba.de
Email / Jabber: ribalba@gmail.com
Skype : ribalba
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 12-12-2009, 09:29 PM
"Thomas Dukes"
 
Default Deleting contents of /tmp on shutdown

> -----Original Message-----
> From: centos-bounces@centos.org
> [mailto:centos-bounces@centos.org] On Behalf Of Geerd-Dietger Hoffmann
> Sent: Saturday, December 12, 2009 5:22 PM
> To: CentOS mailing list
> Subject: Re: [CentOS] Deleting contents of /tmp on shutdown
>
> On Sat, Dec 12, 2009 at 10:05 PM, Thomas Dukes
> <tdukes@sc.rr.com> wrote:
> >
> >
> >> -----Original Message-----
> >> From: centos-bounces@centos.org
> >> [mailto:centos-bounces@centos.org] On Behalf Of Keith Keller
> >> Sent: Saturday, December 12, 2009 4:50 PM
> >> To: CentOS mailing list
> >> Subject: Re: [CentOS] Deleting contents of /tmp on shutdown
> >>
> >> On Sat, Dec 12, 2009 at 02:33:33PM -0500, Thomas Dukes wrote:
> >> > I use to have a line of code in /etc/init.d/syslog (I think
> >> this was
> >> > the
> >> > file) to delete the contents of my /tmp directory on shutdown.
> >>
> >> In /etc/init.d/syslog? *That seems like a bad place to put
> it, even
> >> if it does check (as I assume it must have) the current
> runlevel, and
> >> only deletes in runlevels [016] or [06]; if it gets killed
> too early,
> >> you could delete a file from /tmp that is needed to
> cleanly kill off
> >> a subsequent process.
> >>
> >> /etc/init.d/halt calls /sbin/halt.local, which might be a
> good place,
> >> except that it's already umounted nonessential filesystems
> by then,
> >> so if you have /tmp on a different fs putting it there
> won't work. *
> >> (You could mount it from halt.local, clean it, then umount it, but
> >> that seems extremely kludgy.) *You could write your own
> simple script
> >> and link it in /etc/rc[06].d/ to run after S00killall but before
> >> S01halt or S01reboot.
> >> (It is not clear to me whether enough processes are killed
> off that
> >> cleaning /tmp is safe here; might be worth testing in a
> noncritical
> >> environment
> >> first.)
> >>
> >> --keith
> >
> > As I said, I think that was were the code was added. *Just
> not really sure.
> > I remember the files were deleted on shutdown/reboot.
> >
> > Been reading and have seen it may be better to delete the tmp
> > directory files on boot before any services start. *What do
> you think?
>
> I have the /tmp in memory, which effectively deletes
> everything on reboot. Maybe another solution?
>
> Cheers Didi

Hi Didi,

I read that was an option also. How would I move my /tmp to RAM?

TIA

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 12-12-2009, 10:46 PM
Larry Brower
 
Default Deleting contents of /tmp on shutdown

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Thomas Dukes wrote:
<snip>
>>
>> I have the /tmp in memory, which effectively deletes
>> everything on reboot. Maybe another solution?
>>
>> Cheers Didi
>
> Hi Didi,
>
> I read that was an option also. How would I move my /tmp to RAM?
>
> TIA
>
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos

+1 for tmpfs

Heres an example:

http://www.howtoforge.com/storing-files-directories-in-memory-with-tmpfs


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJLJCtyAAoJEJgMwfbkYL1RUlIQAIF3TrtIqE nWPaXmkiyml5uq
mMLDM22i6cpvqp5XbkSyS7PJXBEBfn9GfNeEYF+H9KBldyjDbV NpxsIzhkSGDoFQ
JsZqnh7BZyIvfOLsoxk9bjj8UHldfLKw3h7n/JJ6lFUhk16GgZFeZBqanY3osvFJ
REASuLaMIcDso6LOA9Ckq6kJOy2SBrc5JD9UWxvjp6a1FnkwxF oBEJGsiC1zicU9
1nWy0EwcTPLKCSnAy11uX+VBCjUOg7lMMspN0p8N0PmHoZcPdY 9M1wftFZ2jX1VL
OAGB5z34REmgyEHr/8k1G4f/Rm7tzbEKgmxXM2bc5CASs7t+kNYrqjk+uuGMyP0z
K3uIQjGn+gqsvU0FzNGc7iWuVupyzrpJECkkT8CvORjmUuskgp eZpmp7gum+knVp
mgdoqv/We8gBBEt3Myvq6tlv38iCEIlJomaca2HHytSjie58FbS9QBPWr mJo0RBd
5T2xiBI3pbl0mh0bIkdIY90cVLYuBE6wflV49F2ZW5kdNeLtDO Cgv5ihTdNs5iHt
EoMrFdyx4W6znpP2TeToGmKZndXobHpS5pm2bvZjAX2IbWWVd+ eZ1MiF/c9GzyMW
tUNLoEgzLfLCU+tPumxaZwo/f1iK+7cyw8uzk6NDc1zoV/bJI8erbgwIYz/hzcAb
rgnLjFR2c71oiox2/BOK
=7pPE
-----END PGP SIGNATURE-----
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 12-12-2009, 11:35 PM
"Thomas Dukes"
 
Default Deleting contents of /tmp on shutdown

> -----Original Message-----
> From: centos-bounces@centos.org
> [mailto:centos-bounces@centos.org] On Behalf Of Larry Brower
> Sent: Saturday, December 12, 2009 6:47 PM
> To: CentOS mailing list
> Subject: Re: [CentOS] Deleting contents of /tmp on shutdown
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Thomas Dukes wrote:
> <snip>
> >>
> >> I have the /tmp in memory, which effectively deletes everything on
> >> reboot. Maybe another solution?
> >>
> >> Cheers Didi
> >
> > Hi Didi,
> >
> > I read that was an option also. How would I move my /tmp to RAM?
> >
> > TIA
> >
> > _______________________________________________
> > CentOS mailing list
> > CentOS@centos.org
> > http://lists.centos.org/mailman/listinfo/centos
>
> +1 for tmpfs
>
> Heres an example:
>
> http://www.howtoforge.com/storing-files-directories-in-memory-
> with-tmpfs
>
>

Thanks for the link. It's a little over my head though. I run a simple
system that requires very little involvement on my part.

Today, I found upd.pl in my tmp directory. The date was oct 09. I also
found my /etc/passwd and /etc/shadow had been changed with a user of
0Profile added. I deleted the old files and restored those from backup. I
ran my chkrootkit and installed mod_security. SSH is not running so I don't
know how this happened.

I'm running CentOS 5.4 and everyone should check their system!!

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 12-13-2009, 01:19 AM
Keith Keller
 
Default Deleting contents of /tmp on shutdown

On Sat, Dec 12, 2009 at 07:35:51PM -0500, Thomas Dukes wrote:
>
> Thanks for the link. It's a little over my head though.

No it isn't. The main thing you need is

mount -t tmpfs -o size=100M,mode=0755 tmpfs /var/www/www.example.com/cache

You would adjust size to be the size of the vmdisk you want, and adjust
/var/www... to be /tmp. If you want this on boot, put the appropriate
entry into /etc/fstab:

tmpfs /var/www/www.example.com/cache tmpfs size=100M,mode=0755 0 0

(same adjustments here)

> Today, I found upd.pl in my tmp directory. The date was oct 09. I also
> found my /etc/passwd and /etc/shadow had been changed with a user of
> 0Profile added. I deleted the old files and restored those from backup. I
> ran my chkrootkit and installed mod_security. SSH is not running so I don't
> know how this happened.

Perhaps your system is not as simple as you think it is. ;-/

--keith

--
kkeller@speakeasy.net

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 12-13-2009, 02:10 AM
"Thomas Dukes"
 
Default Deleting contents of /tmp on shutdown

> -----Original Message-----
> From: centos-bounces@centos.org
> [mailto:centos-bounces@centos.org] On Behalf Of Keith Keller
> Sent: Saturday, December 12, 2009 9:19 PM
> To: CentOS mailing list
> Subject: Re: [CentOS] Deleting contents of /tmp on shutdown
>
> On Sat, Dec 12, 2009 at 07:35:51PM -0500, Thomas Dukes wrote:
> >
> > Thanks for the link. It's a little over my head though.
>
> No it isn't. The main thing you need is
>
> mount -t tmpfs -o size=100M,mode=0755 tmpfs
> /var/www/www.example.com/cache
>
> You would adjust size to be the size of the vmdisk you want,
> and adjust /var/www... to be /tmp. If you want this on boot,
> put the appropriate entry into /etc/fstab:
>
> tmpfs /var/www/www.example.com/cache tmpfs size=100M,mode=0755 0 0
>
> (same adjustments here)
>
> > Today, I found upd.pl in my tmp directory. The date was oct 09. I
> > also found my /etc/passwd and /etc/shadow had been changed
> with a user
> > of 0Profile added. I deleted the old files and restored those from
> > backup. I ran my chkrootkit and installed mod_security.
> SSH is not
> > running so I don't know how this happened.
>
> Perhaps your system is not as simple as you think it is. ;-/
>
> --keith


Thanks, Keith!

Guess I'd better brush up on my vi commands in case I have to boot from a
rescue disk. :-)

Just guessing here, but to do this, I need to add:

tmpfs /tmp tmpfs size=100M,mode=0755 0 0
To my /etc/fstb and cross my fingers?

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 12-13-2009, 02:17 AM
Geerd-Dietger Hoffmann
 
Default Deleting contents of /tmp on shutdown

On Sun, Dec 13, 2009 at 3:10 AM, Thomas Dukes <tdukes@sc.rr.com> wrote:
>> > Today, I found upd.pl in my tmp directory. *The date was oct 09. *I
>> > also found my /etc/passwd and /etc/shadow had been changed
>> with a user
>> > of 0Profile added. *I deleted the old files and restored those from
>> > backup. *I ran my chkrootkit and installed mod_security.
>> SSH is not
>> > running so I don't know how this happened.
>>
>> Perhaps your system is not as simple as you think it is. *;-/
>>
>> --keith
>
>
> Thanks, Keith!
>
> Guess I'd better brush up on my vi commands in case I have to boot from a
> rescue disk. :-)

All you need is [Esc]q!

>
> Just guessing here, but to do this, I need to add:
>
> tmpfs /tmp tmpfs size=100M,mode=0755 0 0
> To my /etc/fstb and cross my fingers?

I would make it a little bigger as 100M depending on how much memory
you have. And the mode should be the same as /tmp would normally be =>
mode=777

If you have been hacked, like it seams you have, you should first find
out how the guy got in. Do you have a webserver running? Firewall
enabled? Then just to be safe I would always reinstall as you never
know what he might have done.

Then you can modify the tmp in fstab

Cheers Didi

--

My www page: www.ribalba.de
Email / Jabber: ribalba@gmail.com
Skype : ribalba
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 08:23 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org