Skip to content

1.1.2.2.1 Ensure /tmp is a separate partition

Audit#

Run the following command and verify the output shows that /tmp is mounted. Particular requirements pertaining to mount options are covered in ensuing sections. 

1
2
# findmnt -kn /tmp
/tmp tmpfs tmpfs rw,nosuid,nodev,noexec,inode6
Ensure that systemd will mount the /tmp partition at boot time 
1
2
# systemctl is-enabled tmp.mount
generated
Note that by default systemd will output generated if there is an entry in /etc/fstab for /tmp. This just means systemd will use the entry in /etc/fstab instead of it's default unit file configuration for /tmp.

Remediation#

First ensure that systemd is correctly configured to ensure that /tmp will be mounted at boot time. 

1
# systemctl unmask tmp.mount
For specific configuration requirements of the /tmp mount for your environment, modify /etc/fstab. Example of using tmpfs with specific mount options: 
tmpfs /tmp tmpfs defaults,rw,nosuid,nodev,noexec,relatime,size=2G 0 0
Example of using a volume or disk with specific mount options. The source location of the volume or disk will vary depending on your environment: 
1
<device> /tmp <fstype> defaults,nodev,nosuid,noexec 0 0