STIG ID: ALMA-09-026310 | SRG: SRG-OS-000368-GPOS-00154 | Severity: medium | CCI: | Vulnerability Id: V-269312
The only legitimate location for device files is the "/dev" directory located on the root partition. The only exception to this is chroot jails.
Modify "/etc/fstab" to use the "nodev" option on the "/boot" directory.
Verify that the "/boot" mount point has the "nodev" option is with the following command:
$ mount | grep '\s/boot\s'
/dev/sda2 on /boot type xfs (rw,nosuid,nodev,noexec,relatime,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota)
If the "/boot" file system does not have the "nodev" option set, this is a finding.