Skip to content
Log In

Anduril NixOS Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • SRG-OS-000298-GPOS-00116

    Group
    Show

  • SRG-OS-000002-GPOS-00002

    Group
    Show

  • NixOS emergency or temporary user accounts must be provisioned with an expiration time of 72 hours or less.

    If emergency or temporary user accounts remain active when no longer needed or for an excessive period, these accounts may be used to gain unauthorized access. To mitigate this risk, automated term...
    Rule Medium Severity
    Show

  • SRG-OS-000004-GPOS-00004

    Group
    Show

  • NixOS must enable the audit daemon.

    Once an attacker establishes access to a system, the attacker often attempts to create a persistent method of reestablishing access. One way to accomplish this is for the attacker to create an acco...
    Rule Medium Severity
    Show

  • SRG-OS-000021-GPOS-00005

    Group
    Show

  • NixOS must enforce the limit of three consecutive invalid login attempts by a user during a 15-minute time period.

    By limiting the number of failed login attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking...
    Rule Medium Severity
    Show

  • SRG-OS-000023-GPOS-00006

    Group
    Show

  • SRG-OS-000023-GPOS-00006

    Group
    Show

  • SRG-OS-000023-GPOS-00006

    Group
    Show

  • NixOS must be configured to display the Standard Mandatory DOD Notice and Consent Banner before granting local or remote access to the system via a graphical user login.

    Display of a standardized and approved use notification before granting access to the operating system ensures privacy and security notification verbiage used is consistent with applicable federal ...
    Rule Medium Severity
    Show

  • SRG-OS-000027-GPOS-00008

    Group
    Show

  • NixOS must be configured to limit the number of concurrent sessions to ten for all accounts and/or account types.

    Operating system management includes the ability to control the number of users and user sessions that use an operating system. Limiting the number of allowed users and sessions per user is helpful...
    Rule Low Severity
    Show

  • SRG-OS-000029-GPOS-00010

    Group
    Show

  • SRG-OS-000030-GPOS-00011

    Group
    Show

  • SRG-OS-000032-GPOS-00013

    Group
    Show

  • NixOS must monitor remote access methods.

    Remote access services, such as those providing remote access to network devices and information systems, which lack automated monitoring capabilities, increase risk and make remote user access man...
    Rule Medium Severity
    Show

  • SRG-OS-000033-GPOS-00014

    Group
    Show

  • SRG-OS-000037-GPOS-00015

    Group
    Show

  • SRG-OS-000042-GPOS-00020

    Group
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules