Details
The /var directory is used by daemons and other system services to temporarily store dynamic data. Some directories created by these processes may be world-writable.
Rationale:
Since the /var directory may contain world-writable files and directories, there is a risk of resource exhaustion if it is not bound to a separate partition.
Solution
For new installations, check the box to ‘Review and modify partitioning’ and create a separate partition for /var.
For systems that were previously installed, use the Logical Volume Manager (LVM) to create partitions.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.