Article Number
000036249
Applies To
RSA Product Name | Versions | Platforms |
---|
RSA Identity Governance & Lifecycle | 7.1 | RSA hardware appliance Virtual application (OVA) with RSA-provided database Virtual application (OVA) with customer-supplied database |
RSA Identity Governance & Lifecycle | 7.0.2 7.0.1 | RSA hardware appliance |
RSA Via Lifecycle & Governance | 7.0 | RSA hardware appliance |
Article Summary
Resolution steps for capacity overflow attack vulnerability on /var file system.
Alert Impact
Impacted - Apply RSA Remedy
Alert Impact Explanation
The /var/tmp directory contains temporary files written by programs. There are several known capacity overflow attacks for the /var file system.
Resolution
A capacity overflow attack on the /var file system can be mitigated by binding the /var/tmp directory to the /tmp directory. This ensures no user or programs can consume all of the space in the /var file system.
The following steps can be taken to automatically bind /var/tmp to /tmp at system boot time.
- Log in to the appliance using root
- Search /etc/fstab to check that /var/tmp is not already bound to another directory. Issue the following command:
grep /var/tmp /etc/fstab
If the grep command returns no output, or returns only lines that do not "bind" /var/tmp, continue with step 3 below.
If the grep command returns an error, or finds a line that "binds" /var/tmp, do not continue.
- Use the commands below to backup the current /etc/fstab file. Each command should return no output and no errors:
mkdir /tmp/ACM-83001-backup
cp /etc/fstab /tmp/ACM-83001-backup
- Use the following command to add a line to file /etc/fstab to mount /tmp to /var/tmp. The command should return no output and no errors.
echo "/tmp /var/tmp none bind 0 0" >> /etc/fstab
- Check that file /etc/fstab has been modified correctly by typing the command:
cat /etc/fstab
The cat command should show that the last line in /etc/fstab is now:
/tmp /var/tmp none bind 0 0
- Reboot the appliance.
Notes
Reboot Required
A reboot is required to perform the mount because there are many lock files and communication-related temporary files maintained in /var/tmp. Running an explicit mount command in a running system may lead to issues when a local Oracle database is in use.
Backout
Should this change need to be backed out, the original /etc/fstab file can be copied from the backup directory to its original location with the following command:
cp /tmp/ACM-83001-backup/fstab /etc