{"description": "The <tt>/var/tmp</tt> directory is a world-writable directory used\nfor temporary file storage. Ensure it has its own partition or\nlogical volume at installation time, or migrate it using LVM.", "rationale": "The <tt>/var/tmp</tt> partition is used as temporary storage by many programs.\nPlacing <tt>/var/tmp</tt> in its own partition enables the setting of more\nrestrictive mount options, which can help protect programs which use it.", "severity": "medium", "references": {"srg": ["SRG-OS-000480-GPOS-00227"], "anssi": ["R28"], "cis": ["1.1.2.5.1"]}, "control_references": {"anssi": ["R28"], "cis": ["1.1.2.5.1"]}, "components": [], "identifiers": {}, "ocil_clause": "\"/var/tmp is not a mountpoint\" is returned", "ocil": "Verify that a separate file system/partition has been created for <code>/var/tmp</code> with the following command:\n\n<pre>$ mountpoint /var/tmp</pre>\n", "oval_external_content": null, "fixtext": "Migrate the \"/var/tmp\" path onto a separate file system.", "checktext": "", "vuldiscussion": "", "srg_requirement": "Ubuntu 22.04 must use a separate file system for /var/tmp.", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {"stig": {"srg_requirement": "Ubuntu 22.04 must use a separate file system for /var/tmp.", "vuldiscussion": "The \"/var/tmp\" partition is used as temporary storage by many programs. Placing \"/var/tmp\" in its own partition enables the setting of more restrictive mount options, which can help protect programs that use it.", "checktext": "Verify that a separate file system/partition has been created for \"/var/tmp\" with the following command:\n\n$ mount | grep /var/tmp\n\n/dev/mapper/rhel-tmp on /var/tmp type xfs (rw,nosuid,nodev,noexec,relatime,seclabel,attr2,inode64,logbufs=8,logbsize=32k)\nNote: Options displayed for mount may differ.\n\nIf a separate entry for \"/var/tmp\" is not in use, this is a finding.", "fixtext": "Migrate the \"/var/tmp\" path onto a separate file system."}}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": ["not container"], "cpe_platform_names": [], "inherited_cpe_platform_names": ["not_container"], "bash_conditional": null, "fixes": {}, "title": "Ensure /var/tmp Located On Separate Partition", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/software/disk_partitioning/partition_for_var_tmp/rule.yml", "template": {"name": "mount", "vars": {"mountpoint": "/var/tmp", "min_size": 1073741824}, "backends": {}}}