{"description": "The <tt>/tmp</tt> directory is a world-writable directory used\nfor temporary file storage. This directory is managed by <tt>systemd-tmpfiles</tt>.\nEnsure that the <tt>tmp.mount</tt> systemd unit is enabled.", "rationale": "The <tt>/tmp</tt> directory is used as temporary storage by many programs.\nPlacing <tt>/tmp</tt> in a tmpfs filesystem enables the setting of more\nrestrictive mount options, which can help protect programs which use it.\nThe <tt>tmp.mount</tt> unit configures the tmpfs filesystem and ensures\nthe <tt>/tmp</tt> directory is wiped during reboot.", "severity": "low", "references": {"anssi": ["R28"]}, "control_references": {"anssi": ["R28"]}, "components": [], "identifiers": {}, "ocil_clause": "the tmp.mount unit is masked or disabled", "ocil": "\nRun the following command to determine the current status of the\n<code>tmp</code> mount:\n<pre>$ sudo systemctl is-active tmp.mount</pre>\nIf the mount unit is running, it should return the following: <pre>active</pre>", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": ["not container"], "cpe_platform_names": [], "inherited_cpe_platform_names": ["not_container"], "bash_conditional": null, "fixes": {}, "title": "Ensure tmp.mount Unit Is Enabled", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/software/disk_partitioning/systemd_tmp_mount_enabled/rule.yml", "template": {"name": "systemd_mount_enabled", "vars": {"mountname": "tmp"}, "backends": {}}}