This is a basic security tip that can be executed to help protect your system. This is not an end-all guide for server security, admins must always be diligent.

At install time, the easiest thing to do is to mount your /tmp partition with the noexec,nosuid options, and mount the /home partition with the nosuid option. This is done in your /etc/fstab and requires those paths to exist as partitions, and not just as subdirectories of /.

Be very careful when editing your /etc/fstab, as any errors could prevent your system from starting up.

Backup your fstab:

cp /etc/fstab /etc/fstab.bak

Create 1GB tmpmnt partition file

cd /var
dd if=/dev/zero of=tmpMnt bs=1024 count=1048576

Format new partition

mkfs.ext3 -j /var/tmpMnt

Press Y when asked

Backup old /tmp

cp -Rp /tmp /tmp_backup

Mount the new /tmp filesystem

mount -o loop,noexec,nosuid,rw /var/tmpMnt /tmp

Set the appropriate permissions

chmod 1777 /tmp

Copy files back to /tmp

cp -Rp /tmp_backup/* /tmp/

Add new /tmp to fstab

echo "/var/tmpMnt /tmp ext3 loop,rw,noexec,nosuid,nodev 0 0? >> /etc/fstab

Symlink /var/tmp to /tmp

rm -rf /var/tmp/
ln -s /tmp/ /var/tmp