Secure shared memory

webserver ram

In my Ubuntu deployment script I have written a function to secure shared memory. For a web server it's important to secure the shared memory to tighten up security. Below you can find the code:

echo "tmpfs       /dev/shm     tmpfs   tdefaults,noexec,nosuid        0 0" >> /etc/fstab

When I reboot the web server it gets stuck. I can't see where it goes wrong. Do you have an idea, please let me know.


Unless theres's a typo in your question, I think you're options are off. First, don't specify 'defaults' (or tdefaults, as you have it.. Here's the output of my shm directory taken from cat /proc/mounts:

none /run/shm tmpfs rw,nosuid,nodev,relatime 0 0

Note that on my ubuntu (12.10) it is mounted in /run and not /dev, although I doubt that matters. Try changing your string to

echo "tmpfs /dev/shm tmpfs rw,nosuid,nodev,relatime 0 0" >> /etc/fstab

and see what happens.


I think the /dev/shm matters. I have had problems mounting /dev/shm on 14.04 (Trusty) with noexec. Using /run/shm works flawlessly. e.g.

none    /run/shm        tmpfs   rw,nodev,nosuid,noexec  0       0

Related

I can't check Python version on Ubuntu 20.04 [duplicate]
Broken Package Manager? The suggested "apt-get -f install" is failing!
Swapfile size is 2G. What would be the best size to allocate to it?
Xrandr command in startup script has no effect, but script does run and command work from terminal
pam / ad issue with cron
How can I conveniently pause and play my iPhone audio with minimal touching of the phone?
identify if Filevault is enabled on remote Mac
Why is Java using so Much Real Memory?
Why can't I restore apps to iPhone 5 from 4s?
Is it good for performance to sleep a Mac rather than shut it down?
I want to remove all songs from iPhone 5, have unchecked and synced but iTunes still says I have 5GB of audio!
iOS 7 clouds don't move on weather app