Details

The /var/tmp directory is normally a standalone directory in the /var file system. Binding

/var/tmp to /tmp establishes an unbreakable link to /tmp that cannot be removed (even by

the root user). It also allows /var/tmp to inherit the same mount options that /tmp owns,

allowing /var/tmp to be protected in the same manner /tmp is protected. It will also prevent

/var from filling up with temporary files as the contents of /var/tmp will actually reside in

the file system containing /tmp.

*Rationale*

All programs that use /var/tmp and /tmp to read/write temporary files will always be

written to the /tmp file system, preventing a user from running the /var file system out of

space or trying to perform operations that have been blocked in the /tmp filesystem.

Solution

# mount –bind /tmp /var/tmpand edit the /etc/fstab file to contain the following line-/tmp /var/tmp none bind 0 0

Supportive Information

The following resource is also helpful.

• https://workbench.cisecurity.org/files/91

This control applies to the following type of system Unix.

References

• CSCv6|3.1

Source

• Tenable.com/audits