Rule ID
SV-281232r1166648_rule
Version
V1R1
CCIs
The only legitimate location for device files is the "/dev" directory located on the root partition. The only exception to this is chroot jails.
Verify RHEL 10 is configured so that the "/boot" mount point has the "nodev" option with the following command: $ mount | grep '\s/boot\s' /dev/sda1 on /boot type xfs (rw,nodev,nosuid,relatime,seclabel,attr2) If the "/boot" file system does not have the "nodev" option set, this is a finding.
Configure RHEL 10 to mount "/boot" with the "nodev" option. Modify "/etc/fstab" to use the "nodev" option on the "/boot" directory. To reload all implicit mount units and update the dependency graph so that new options will apply correctly at next remount, run the following command: $ sudo systemctl daemon-reload Use the following command to apply the changes immediately without a reboot: $ sudo mount -o remount /boot