2.1.1 Ensure chargen services are not enabled (Scored)

chargen is a network service that responds with 0 to 512 ASCII characters for each connection it receives. This service is intended for debugging and testing purposes. It is recommended that this service be disabled.

Disabling this service will reduce the remote attack surface of the system.

Run the following command and verify output shows /tmp is mounted:

# mount | grep /tmp 
tmpfs on /tmp type tmpfs (rw,nosuid,nodev,noexec,relatime)

For new installations, during installation create a custom partition setup and specify a separate partition for /tmp.
For systems that were previously installed, create a new partition and configure /etc/fstab as appropriate.

Resizing filesystems is a common activity in cloud-hosted servers. Separate filesystem partitions may prevent successful resizing, or may require the installation of additional tools solely for the purpose of resizing operations. The use of these additional tools may introduce their own security considerations.

AJ Lewis, “LVM HOWTO”, http://tldp.org/HOWTO/LVM-HOWTO/

systemd includes the tmp.mount service which should be used instead of configuring /etc/fstab.