Mounting is the attaching of an additional filesystem to the currently accessible filesystem of a computer. The /tmp directory is a world-writable directory used for temporary storage by all users and some applications. Create a separate partition for /tmp directory, so that even if the /tmp directory is compromised, other directories will remain secured.
Severity
important
Category
Linux - Mounting Options Security
Resolution
Follow the below steps to resolve the misconfiguration.
Configure /etc/fstab as appropriate.
example:
tmpfs /tmp tmpfs defaults,rw,nosuid,nodev,noexec,relatime 0 0
OR
Run the following commands to enable systemd /tmp mounting:
systemctl unmask tmp.mount
systemctl enable tmp.mount
Edit /etc/systemd/system/local-fs.target.wants/tmp.mount to configure the /tmp mount:
[Mount]
What=tmpfs
Where=/tmp
Type=tmpfs
Options=mode=1777,strictatime,noexec,nodev,nosuid
Potential issues that may arise after applying the resolution
Altering the existing security setting may create the following impact in your network operations.
Does remediation require reboot?
No
Vulnerability Manager Plus tracks security configurations and remediate misconfigurations in your network systems from a centralized console. View a list of all the security misconfigurations detected by Vulnerability Manager Plus.
