1.1.3 Ensure separate file system for /tmp

Information

The operating system must use a separate file system for /tmp (or equivalent).

Rationale:

The use of separate file systems for different paths can protect the system from failures resulting from a file system becoming full or failing.

Solution

Start the tmp.mount service with the following command:

# systemctl enable tmp.mount

OR
Edit the /etc/fstab file and ensure the /tmp directory is defined in the fstab with a device and mount point.
Example: vim /etc/fstab
Add, uncomment or update this line:

tmpfs /tmp tmpfs defaults,rw,nosuid,nodev,noexec,relatime 0 0

Notes:

This Benchmark recommendation maps to:

Red Hat Enterprise Linux 7 Security Technical Implementation Guide:

Version 2, Release: 3 Benchmark Date: 26 Apr 2019



Vul ID: V-72065

Rule ID: SV-86689r3_rule

STIG ID: RHEL-07-021340

Severity: CAT III

See Also

https://workbench.cisecurity.org/files/2688

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-7(10), CSCv7|13

Plugin: Unix

Control ID: e4feaa8de46243fc814cb7cdb0e2b38824afffeb973e8194c2ef97b5854041c0