|RSA Product Name||Versions||Platforms|
|RSA Identity Governance & Lifecycle||7.1||RSA hardware appliance|
Virtual application (OVA) with RSA-provided database
Virtual application (OVA) with customer-supplied database
|RSA Identity Governance & Lifecycle||7.0.2|
|RSA hardware appliance|
|RSA Via Lifecycle & Governance||7.0||RSA hardware appliance|
Resolution steps for capacity overflow attack vulnerability on /var file system.
Impacted - Apply RSA Remedy
Alert Impact Explanation
The /var/tmp directory contains temporary files written by programs. There are several known capacity overflow attacks for the /var file system.
A capacity overflow attack on the /var file system can be mitigated by binding the /var/tmp directory to the /tmp directory. This ensures no user or programs can consume all of the space in the /var file system.
The following steps can be taken to automatically bind /var/tmp to /tmp at system boot time.
- Log in to the appliance using root
- Search /etc/fstab to check that /var/tmp is not already bound to another directory. Issue the following command:
grep /var/tmp /etc/fstab
If the grep command returns no output, or returns only lines that do not "bind" /var/tmp, continue with step 3 below.
If the grep command returns an error, or finds a line that "binds" /var/tmp, do not continue.
- Use the commands below to backup the current /etc/fstab file. Each command should return no output and no errors:
cp /etc/fstab /tmp/ACM-83001-backup
- Use the following command to add a line to file /etc/fstab to mount /tmp to /var/tmp. The command should return no output and no errors.
echo "/tmp /var/tmp none bind 0 0" >> /etc/fstab
- Check that file /etc/fstab has been modified correctly by typing the command:
The cat command should show that the last line in /etc/fstab is now:
/tmp /var/tmp none bind 0 0
- Reboot the appliance.
A reboot is required to perform the mount because there are many lock files and communication-related temporary files maintained in /var/tmp. Running an explicit mount command in a running system may lead to issues when a local Oracle database is in use.
Should this change need to be backed out, the original /etc/fstab file can be copied from the backup directory to its original location with the following command:
cp /tmp/ACM-83001-backup/fstab /etc