Users must take the following measures for hardening the /tmp directory
A. Creating /tmp as a different partition : As a default function, the /tmp directory has read, write, and execute permissions set to ON. This is the main reason for the servers vulnerability. You can move it over to a different partition altogether instead of letting it be in the root / partition.By doing this, even if an attacker manages to get an access to the /tmp directory, he wouldn’t be able to get an access to the system files.
B. Setting /tmp as non-executable attributes : You can make /tmp noexec in /etc/fstab. Once done, you should be able to relate it to : /tmp ext3 loop,noexec,nosuid,rw 0 0 . You may read the distribution documentations to get the appropriate settings. It is recommended to take backup of your server before making any amendments to the fstab.
mount -o loop,noexec,nosuid,nodev,rw /usr/Tmp /tmp
This is a key step where you mount /usr/Tmp as the new /tmp filesystem, with noexec (no executables), nosuid (no Suid binaries or scripts) and nodev (no devices can be mounted here)
C. Installing ModSecurity on server : ModSecurity is an application firewall which helps in protecting the server from various sorts of script exploits that can be found in the web applications. With it, server admins can harden the security of the server, adding an enhanced protective layer to the network firewall. With this you would be able to avoid attackers to exploit the web scripts, with which they can gain access to the /tmp.
D. Refraining the use of /tmp for web scripts : Incase if the applications are exposed to the web, you may opt for using an entirely separate and additionally secure temporary directories. You can set fewer permissions to it.
By making these modifications to the default settings, you need to also ensure that none of the applications that are operating over the server face a negative impact. Further, some may face an issue wherein the hosting control panels such as the cPanel might not be able to work efficiently after implementing some of the above settings and amendments.