NixOS must be configured to limit the number of concurrent sessions to ten for all accounts and/or account types.

An XCCDF Rule

Description

Operating system management includes the ability to control the number of users and user sessions that use an operating system. Limiting the number of allowed users and sessions per user is helpful in reducing the risks related to denial-of-service (DoS) attacks. This requirement addresses concurrent sessions for information system accounts and does not address concurrent sessions by single users via multiple system accounts. The maximum number of concurrent sessions should be defined based upon mission needs and the operational environment for each system.

ID: SV-268085r1039143_rule
Version: ANIX-00-000090
Severity: Low
References: CCI-000054
Updated: about 2 months ago

Remediation Templates

Configure the NixOS to limit the number of concurrent sessions to ten for all accounts and/or account types.

Add the following to the NixOS configuration: /etc/nixos/configuration.nix

security.pam.loginLimits = [
 {  domain = "*";
  item = "maxlogins";
  type = "hard";
  value = "10";
 }
];

Note: Security.pam.loginLimits can be set as a global domain (with the * wildcard) but may be set differently for multiple domains.

Rebuild the NixOS configuration with the following command:

$ sudo nixos-rebuild switch

NixOS must be configured to limit the number of concurrent sessions to ten for all accounts and/or account types.

Description

Remediation Templates

A Manual Procedure