Check: ANIX-00-000780
Anduril NixOS STIG:
ANIX-00-000780
(in version v1 r1)
Title
NixOS must not have the telnet package installed. (Cat I impact)
Discussion
Passwords need to be protected at all times, and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can be plainly read (i.e., clear text) and easily compromised.
Check Content
Ensure the telnet package is not installed and available with the following command: $ whereis telnet telnet: If there is a path, and the output looks like "telnet: /nix/store/sqiphymcpky1yysgdc1aj4lr9jg9n53a-inetutils-2.2/bin/telnet", this is a finding.
Fix Text
Edit the NixOS Configuration file with "nano /etc/nixos/configuration.nix" and remove any references to pkgs.libtelnet, pkgs.busybox, or pkgs.inetutils from the environment.systemPackages list. Rebuild the NixOS configuration with the following command: $ sudo nixos-rebuild switch
Additional Identifiers
Rule ID: SV-268131r1039281_rule
Vulnerability ID: V-268131
Group Title: SRG-OS-000074-GPOS-00042
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000197 |
For password-based authentication, transmit passwords only over cryptographically-protected channels. |
Controls
Number | Title |
---|---|
IA-5(1) |
Password-based Authentication |