{"description": "The <tt>/tmp</tt> directory is a world-writable directory used\nfor temporary file storage. Ensure it has its own partition or\nlogical volume at installation time, or migrate it using LVM.", "rationale": "The <tt>/tmp</tt> partition is used as temporary storage by many programs.\nPlacing <tt>/tmp</tt> in its own partition enables the setting of more\nrestrictive mount options, which can help protect programs which use it.", "severity": "low", "references": {"cis-csc": ["12", "15", "8"], "cobit5": ["APO13.01", "DSS05.02"], "isa-62443-2013": ["SR 3.1", "SR 3.5", "SR 3.8", "SR 4.1", "SR 4.3", "SR 5.1", "SR 5.2", "SR 5.3", "SR 7.1", "SR 7.6"], "iso27001-2013": ["A.13.1.1", "A.13.2.1", "A.14.1.3"], "nist": ["CM-6(a)", "SC-5(2)"], "nist-csf": ["PR.PT-4"], "srg": ["SRG-OS-000480-GPOS-00227"], "cis": ["1.1.2.1.1"]}, "control_references": {"cis": ["1.1.2.1.1"]}, "components": [], "identifiers": {}, "ocil_clause": "\"/tmp is not a mountpoint\" is returned", "ocil": "Verify that a separate file system/partition has been created for <code>/tmp</code> with the following command:\n\n<pre>$ mountpoint /tmp</pre>\n", "oval_external_content": null, "fixtext": "Migrate the \"/tmp\" path onto a separate file system.", "checktext": "", "vuldiscussion": "", "srg_requirement": "Ubuntu 22.04 must use a separate file system for /tmp.", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {"stig": {"srg_requirement": "Ubuntu 22.04 must use a separate file system for /tmp.", "vuldiscussion": "The \"/tmp\" partition is used as temporary storage by many programs. Placing \"/tmp\" in its own partition enables the setting of more restrictive mount options, which can help protect programs that use it.", "checktext": "Verify that a separate file system/partition has been created for \"/tmp\" with the following command:\n\n$ mount | grep /tmp\n\n/dev/mapper/rhel-tmp on /tmp type xfs (rw,nodev,nosuid,noexec,seclabel)\n\nIf a separate entry for \"/tmp\" is not in use, this is a finding.", "fixtext": "Migrate the \"/tmp\" path onto a separate file system."}}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": ["not container"], "cpe_platform_names": [], "inherited_cpe_platform_names": ["not_container"], "bash_conditional": null, "fixes": {}, "title": "Ensure /tmp Located On Separate Partition", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/software/disk_partitioning/partition_for_tmp/rule.yml", "template": {"name": "mount", "vars": {"mountpoint": "/tmp", "min_size": 1073741824}, "backends": {}}}