RSA Identity Governance & Lifecycle Capacity Overflow Attack Vulnerability

000036249

Resolution steps for capacity overflow attack vulnerability on /var file system.

Impacted - Apply RSA Remedy

The /var/tmp directory contains temporary files written by programs. There are several known capacity overflow attacks for the /var file system.

A capacity overflow attack on the /var file system can be mitigated by binding the /var/tmp directory to the /tmp directory.  This ensures no user or programs can consume all of the space in the /var file system. 

The following steps can be taken to automatically bind /var/tmp to /tmp at system boot time.

1. Log in to the appliance using root
2. Search /etc/fstab to check that /var/tmp is not already bound to another directory.  Issue the following command:

 

3. Use the commands below to backup the current /etc/fstab file. Each command should return no output and no errors:

4. Use the following command to add a line to file /etc/fstab to mount /tmp to /var/tmp.  The command should return no output and no errors.

5. Check that file /etc/fstab has been modified correctly by typing the command:

6. Reboot the appliance.

Reboot Required

A reboot is required to perform the mount because there are many lock files and communication-related temporary files maintained in /var/tmp. Running an explicit mount command in a running system may lead to issues when a local Oracle database is in use.
 

Backout

Should this change need to be backed out, the original /etc/fstab file can be copied from the backup directory to its original location with the following command: