Ensure tmp.mount Unit Is Enabled
An XCCDF Rule
Description
The /tmp directory is a world-writable directory used
for temporary file storage. This directory is managed by systemd-tmpfiles.
Ensure that the tmp.mount systemd unit is enabled.
Rationale
The /tmp directory is used as temporary storage by many programs.
Placing /tmp in a tmpfs filesystem enables the setting of more
restrictive mount options, which can help protect programs which use it.
The tmp.mount unit configures the tmpfs filesystem and ensures
the /tmp directory is wiped during reboot.
- ID
- xccdf_org.ssgproject.content_rule_systemd_tmp_mount_enabled
- Severity
- Low
- References
- Updated