<div>
One more query: 
 
in fstab, should we remove the &quot;defaults&quot; or leave it there? 
&gt;defaults,nodev,nosuid,noexec
</div>

One more query:

in fstab, should we remove the "defaults" or leave it there?
>defaults,nodev,nosuid,noexec

sunhux

<div>
<div class="content wysiwyg-content">
on my RHEL 7, /tmp &nbsp;partition is shown as xfs : 
$ mount |grep /tmp 
/dev/mapper/rhel-tmp on /tmp type xfs (rw,nosuid,nodev,noexec,relatime,seclabel,attr2,inode64,noquota) 
/dev/mapper/rhel-var_tmp on /var/tmp type xfs (rw,relatime,seclabel,attr2,inode64,noquota) 
 
So when doing CIS hardening, the benchmark doc suggests to remount as &nbsp;tmpfs: 
so should I remount as xfs &nbsp;instead? 
 
ie 
&gt;mount -o remount,nosuid,noexec,nodev tmpfs -t tmpfs 
should above be 
&gt;&nbsp;mount -o remount,nosuid,noexec,nodev xfs -t xfs /tmp 
 
and 
 
in /etc/fstab 
&gt;&nbsp;/dev/mapper/rhel-tmp &nbsp; &nbsp;/tmp &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;tmpfs &nbsp; &nbsp; defaults,nodev,nosuid,noexec &nbsp; &nbsp; &nbsp; &nbsp;0 0 
should above be 
&gt;&nbsp;/dev/mapper/rhel-tmp &nbsp; &nbsp;/tmp &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;xfs &nbsp; &nbsp; defaults,nodev,nosuid,noexec &nbsp; &nbsp; &nbsp; &nbsp;0 0 
 
and 
 
cat &nbsp;/etc/systemd/system/local-fs.target.wants/tmp.mount 
[Mount] 
What=tmpfs &nbsp;&lt;== shd it be xfs 
Where=/tmp 
Type=tmpfs 
Options=mode=1777,strictatime,noexec,nodev,nosuid
</div>
</div>

on my RHEL 7, /tmp partition is shown as xfs :
$ mount |grep /tmp
/dev/mapper/rhel-tmp on /tmp type xfs (rw,nosuid,nodev,noexec,relatime,seclabel,attr2,inode64,noquota)
/dev/mapper/rhel-var_tmp on /var/tmp type xfs (rw,relatime,seclabel,attr2,inode64,noquota)

So when doing CIS hardening, the benchmark doc suggests to remount as tmpfs:
so should I remount as xfs instead?

ie
>mount -o remount,nosuid,noexec,nodev tmpfs -t tmpfs
should above be
> mount -o remount,nosuid,noexec,nodev xfs -t xfs /tmp

and

in /etc/fstab
> /dev/mapper/rhel-tmp /tmp tmpfs defaults,nodev,nosuid,noexec 0 0
should above be
> /dev/mapper/rhel-tmp /tmp xfs defaults,nodev,nosuid,noexec 0 0

and

cat /etc/systemd/system/local-fs.target.wants/tmp.mount 
[Mount]
What=tmpfs <== shd it be xfs
Where=/tmp
Type=tmpfs
Options=mode=1777,strictatime,noexec,nodev,nosuid

should /tmp be remounted as  tmpfs  or remain as  xfs  during hardening

Linux is a UNIX-like open source operating system with hundreds of distinct distributions, including: Fedora, openSUSE, Ubuntu, Debian, Slackware, Gentoo, CentOS, and Arch Linux. Linux is generally associated with web and database servers, but has become popular in many niche industries and applications.

Linux

The Linux operating system, in all its flavors, has its own share of security flaws that allow intrusions, but there are various mechanisms by which these flaws can be removed, generally divided into two parts: authentication and access control. Authentication is responsible for ensuring that a user requesting access to the system is really the user with the account, while access control is responsible for controlling which resources each account has access to and what kind of access is permitted.