Title

NixOS must protect wireless access to the system using authentication of users and/or devices. (Cat II impact)

Discussion

Allowing devices and users to connect to the system without first authenticating them allows untrusted access and can lead to a compromise or attack. Wireless technologies include, for example, microwave, packet radio (UHF/VHF), 802.11x, and Bluetooth. Wireless networks use authentication protocols (e.g., EAP/TLS, PEAP), which provide credential protection and mutual authentication. This requirement applies to operating systems that control wireless devices.

Check Content

Verify NixOS disables Bluetooth adapters by running the following command: $ grep -R hardware.bluetooth /etc/nixos/ /etc/nixos/configuration.nix:hardware.bluetooth.enable = false; If "hardware.bluetooth.enable", does not equal false, is missing, or is commented out, this is a finding.

Fix Text

Configure /etc/nixos/configuration.nix to disable Bluetooth adapters by adding the following configuration settings: hardware.bluetooth.enable = false; Rebuild the system with the following command: $ sudo nixos-rebuild switch

Additional Identifiers

Rule ID: SV-268147r1039329_rule

Vulnerability ID: V-268147

Group Title: SRG-OS-000300-GPOS-00118

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.