1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
documentation_complete: true # switch to true when rule is ready to be enabled
title: Configure Polyinstantiation of /tmp Directories
description: |-
To configure polyinstantiated /tmp directories, first create the parent directories
which will hold the polyinstantiation child directories. Use the following command:
<pre>$ sudo mkdir --mode 000 /tmp/tmp-inst</pre>
Then, add the following entry to <tt>/etc/security/namespace.conf</tt>:
<pre>/tmp /tmp/tmp-inst/ level root,adm</pre>
rationale: |-
Polyinstantiation of temporary directories is a proactive security measure
which reduces chances of attacks that are made possible by /tmp
directories being world-writable.
severity: low
identifiers:
cce@rhel8: CCE-83732-8
cce@rhel9: CCE-90827-7
cce@rhel10: CCE-88705-9
cce@sle12: CCE-91506-6
cce@sle15: CCE-91197-4
ocil_clause: is not configured
ocil: |-
Run the following command to ensure that <tt>/tmp</tt> is configured as a
polyinstantiated directory:
<pre>$ sudo grep /tmp /etc/security/namespace.conf</pre>
The output should return the following:
<pre>/tmp /tmp/tmp-inst/ level root,adm</pre>
|
