RHEL 9 must mount /boot with the nodev option.

STIG ID: RHEL-09-231095  |  SRG: SRG-OS-000368-GPOS-00154 |  Severity: medium |  CCI: CCI-001764 |  Vulnerability Id: V-257860 | 

Vulnerability Discussion

The only legitimate location for device files is the "/dev" directory located on the root partition. The only exception to this is chroot jails.

Check

Verify that the "/boot" mount point has the "nodev" option is with the following command:

Note: This control is not applicable to RHEL 9 system booted UEFI.

$ sudo mount | grep '\s/boot\s'

/dev/sda1 on /boot type xfs (rw,nodev,relatime,seclabel,attr2)

If the "/boot" file system does not have the "nodev" option set, this is a finding.

Fix

Modify "/etc/fstab" to use the "nodev" option on the "/boot" directory.
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.