Anduril NixOS Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-OS-000298-GPOS-00116
Group -
SRG-OS-000002-GPOS-00002
Group -
NixOS emergency or temporary user accounts must be provisioned with an expiration time of 72 hours or less.
If emergency or temporary user accounts remain active when no longer needed or for an excessive period, these accounts may be used to gain unauthorized access. To mitigate this risk, automated term...Rule Medium Severity -
SRG-OS-000004-GPOS-00004
Group -
NixOS must enable the audit daemon.
Once an attacker establishes access to a system, the attacker often attempts to create a persistent method of reestablishing access. One way to accomplish this is for the attacker to create an acco...Rule Medium Severity -
SRG-OS-000021-GPOS-00005
Group -
NixOS must enforce the limit of three consecutive invalid login attempts by a user during a 15-minute time period.
By limiting the number of failed login attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking...Rule Medium Severity -
SRG-OS-000023-GPOS-00006
Group -
SRG-OS-000023-GPOS-00006
Group -
SRG-OS-000023-GPOS-00006
Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules