Uncategorized

Creating tmpfs and swap space after partitions have already been written.

This how-to describes a process of creating a tmpfs and swap file system on your existing server, after the partition table has been written. I’ll start off with a little history first. I was presented with a production server where there was only a / root partition and 500MB of swap allocated. We need to bump up RAM to 1GB, and I wanted to allocate more swap space. Also, I wanted to add an extra layer of security by making the /tmp directory noexec,nosuid. This is a nice method to counter script-kiddie attacks. It’s by no means ‘rock-solid’, but can really help you on automated attacks. The solution is to use some disk space and create a file system. Once the file system has been created, you would mount it with special privileges.

This how-to describes a process of creating a tmpfs and swap file system on your existing server, after the partition table has been written. I’ll start off with a little history first. I was presented with a production server where there was only a / root partition and 500MB of swap allocated. We need to bump up RAM to 1GB, and I wanted to allocate more swap space. Also, I wanted to add an extra layer of security by making the /tmp directory noexec,nosuid. This is a nice method to counter script-kiddie attacks. It’s by no means ‘rock-solid’, but can really help you on automated attacks. The solution is to use some disk space and create a file system. Once the file system has been created, you would mount it with special privileges.

First let’s work on our swap

dd if=/dev/zero of=/.swap bs=1024 count=500000
mkswap /.swap
swapon /.swap

This created a 500 MB file using dd. Once our .swap file has been created we make the swap file system and activated the swap space.

The original /etc/fstab looked like this:

/dev/hda1 /boot ext3 noauto,noatime 1 2
/dev/hda3 / reiserfs noatime 0 1
/dev/hda2 none swap sw 0 0

Now, we’re going to add our additional swap space to /etc/fstab


/.swap swap swap defaults 0 0

Issuing a `top` command, we can see our swap now has: 1006028k (1GB).

Next, we’re going to do something similar, but create a tmpfs file system

dd if=/dev/zero of=/.tmpfs bs=1024 count=250000
mkfs -t ext3 /.tmpfs
mount -o loop,noexec,nosuid,rw /.tmpfs /tmp
chmod 0777 /tmp
chmod +t /tmp

This created a 250 MB file using dd, and mounted it to our /tmp mount point. Also, we added our permissions (noexec, nosuid) options. Now, no programs can be executed in /tmp.

All we need to do now is adjust /etc/fstab


/.tmpfs /tmp ext3 loop,rw,nosuid,noexec 0 0

This isn’t the ideal solution, but since this was a production box, rebuilding the partition table from scratch was an extremely ugly option. This addressed our problems. I’m not sure about performance loss, etc but the server seems to be responding nicely.