Title

NixOS must not allow an unattended or automatic logon to the system via the console. (Cat I impact)

Discussion

Failure to restrict system access via the console to authenticated users negatively impacts operating system security.

Check Content

Verify NixOS does not allow an unattended or automatic logon to the system via the console with the following command: $ grep -iR autologon.user /etc/nixos If "services.xserver.displayManager.autologon.user" is defined and is not "null", this is a finding.

Fix Text

Configure NixOS to not allow an unattended or automatic logon to the system via the console. Add the following Nix code to the NixOS Configuration, usually located in /etc/nixos/configuration.nix or /etc/nixos/flake.nix: services.xserver.displayManager.autologon.user = null; Rebuild and switch to the new NixOS configuration: $ sudo nixos-rebuild switch A reboot is required for the changes to take effect.

Additional Identifiers

Rule ID: SV-268172r1131152_rule

Vulnerability ID: V-268172

Group Title: SRG-OS-000480-GPOS-00229

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.