1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
documentation_complete: true
title: Configure Polyinstantiation of /var/tmp Directories
description: |-
To configure polyinstantiated /tmp directories, first create the parent directories
which will hold the polyinstantiation child directories. Use the following command:
<pre>$ sudo mkdir --mode 000 /var/tmp/tmp-inst</pre>
Then, add the following entry to <tt>/etc/security/namespace.conf</tt>:
<pre>/var/tmp /var/tmp/tmp-inst/ level root,adm</pre>
rationale: |-
Polyinstantiation of temporary directories is a proactive security measure
which reduces chances of attacks that are made possible by /var/tmp
directories being world-writable.
severity: low
identifiers:
cce@rhel8: CCE-83778-1
cce@rhel9: CCE-83642-9
cce@rhel10: CCE-88424-7
cce@sle12: CCE-91507-4
cce@sle15: CCE-91198-2
ocil_clause: is not configured
ocil: |-
Run the following command to ensure that <tt>/var/tmp</tt> is configured as a
polyinstantiated directory:
<pre>$ sudo grep /var/tmp /etc/security/namespace.conf</pre>
The output should return the following:
<pre>/var/tmp /var/tmp/tmp-inst/ level root,adm</pre>
|
