Practical Guide to Hardening Linux

Protection for the boot loader can prevent unauthorized users who have physical access to systems, e.g. attaining root privileges through single user mode. You can set password for the bootloader for prevents users from entering single user mode, changing settings at boot time, access to the bootloader console, reset the root password, if there is no password for GRUB-menu or access to non-secure operating systems. Set the owner and group of to the root user:

Set permission on the or file to read and write for root only:

Critical file systems should be separated into different partitions in ways that make your system a better and more secure. Add ro option and , and to for /boot entry:

On Linux systems, the /tmp and /var/tmp locations are world-writable.

Source: github.com