How to make /tmp, /var/tmp, /dev/shm noexec,nosuid (even on OpenVZ)
(aim is to reduce chances malicious scripts are executed on the server from these directories which are writable by all users, including hackers who exploit hosted php scripts)
I tested following steps and it worked for me. Though there are two more simple tutorials (but these do not include synchronization of the tmp contents):
https://www.qhoster.com/clients/knowledgebase/144/How-to-secure-ortmp-orvarortmp-and-ordevorshm-with-OpenVZ.html
http://pingbin.com/2011/06/centos-secure-tmp/

1. Make sure each tmpfs mount point is set in /etc/fstab (i added following lines):
none /dev/shm tmpfs noexec,nosuid 0 0
tmpfs /tmp tmpfs noexec,nosuid 0 0
tmpfs /var/tmp tmpfs noexec,nosuid 0 0

2. Stop services that may work with tmp:
service httpd stop;service nginx stop;service mysql stop;service cpanel stop

3. Make backup of the directories:
mkdir -p /tmpbackup/{var,shm};rsync -a /tmp/ /tmpbackup/ && rsync -a /var/tmp/ /tmpbackup/var/ && rsync -a /dev/shm/ /tmpbackup/shm/

4. mount/remount tmpfs mount points:
mount /tmp && mount /var/tmp && mount /dev/shm && mount -o remount /tmp && mount -o remount /var/tmp && mount -o remount /dev/shm && echo "" && mount |grep -v virtfs

5. Restore backups (will not replace existing newer files on destination):
rsync -au /tmpbackup/ /tmp/ && rsync -au /tmpbackup/var/ /var/tmp/ && rsync -au /tmpbackup/shm/ /dev/shm/

6. start the services
ls -a /var/tmp /tmp /dev/shm|grep -v sess_;service httpd start;service nginx start;service mysql start;service cpanel start

you should have new noexec tmpfs (RAM) based tmp mount points. In my case:

# mount
Code:
none on /dev/shm type tmpfs (rw,nosuid,noexec,relatime)
tmpfs on /tmp type tmpfs (rw,nosuid,noexec,relatime)
tmpfs on /var/tmp type tmpfs (rw,nosuid,noexec,relatime)
# df -h|grep -v virtfs
Code:
Filesystem      Size  Used Avail Use% Mounted on
/dev/simfs      340G  104G  237G  31% /
none            9.0G  4.0K  9.0G   1% /dev
none            9.0G  4.0K  9.0G   1% /dev/shm
tmpfs           9.0G  1.8M  9.0G   1% /tmp
tmpfs           9.0G  4.0K  9.0G   1% /var/tmp
cPanel staff said this tmpfs setup is common and 9G in my case is not a problem as it is virtual size, 9G because my VPS has 18G RAM allocated.