From 64de36e47d65b0002d0d98795eb555725b8c0fd4 Mon Sep 17 00:00:00 2001 From: ChiefGyk Date: Sat, 17 Dec 2016 16:17:25 -0500 Subject: [PATCH] Secured the shared memory partition as suggested here https://www.thefanclub.co.za/how-to/how-secure-ubuntu-1604-lts-server-part-1-basics whilst I was working on my own servers --- setup/preflight.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/setup/preflight.sh b/setup/preflight.sh index 4be2ec41..6875d4d5 100644 --- a/setup/preflight.sh +++ b/setup/preflight.sh @@ -47,6 +47,9 @@ if [ -n "$MOUNTED_TMP_AS_NO_EXEC" ]; then exit fi +#make sure that shared memory is secured +grep -q -F 'tmpfs /run/shm tmpfs defaults,noexec,nosuid 0 0' /etc/fstab || echo 'tmpfs /run/shm tmpfs defaults,noexec,nosuid 0 0' >> /etc/fstab + # Check that no .wgetrc exists if [ -e ~/.wgetrc ]; then echo "Mail-in-a-Box expects no overrides to wget defaults, ~/.wgetrc exists"