noexec mount option is enabled for /var/tmp directory
Description
Mounting is the attaching of an additional block devices to the currently accessible filesystem of a computer. The /var/tmp directory directory is used for temporary storage and world-writable, therefore it can be accessed by all users and some applications. Therefore, it is recommended to enable noexec mount option for /var/tmp directory so that it can't contain any executable binaries.
Severity
important
Category
Linux - Mounting Options Security
Resolution
Follow the below steps to resolve the misconfiguration.
Edit the /etc/fstab file and add noexec to the fourth field (mounting options) for the /var/tmp partition.
Run the following command to remount /var/tmp :
mount -o remount,noexec /var/tmp
Potential issues that may arise after applying the resolution
Altering the existing security setting may create the following impact in your network operations.
Does remediation require reboot?
No
Vulnerability Manager Plus tracks security configurations and remediate misconfigurations in your network systems from a centralized console. View a list of all the security misconfigurations detected by Vulnerability Manager Plus.
