Title

NixOS must not have the telnet package installed. (Cat I impact)

Discussion

Passwords need to be protected at all times, and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can be plainly read (i.e., clear text) and easily compromised.

Check Content

Ensure the telnet package is not installed and available with the following command: $ whereis telnet telnet: If there is a path, and the output looks like "telnet: /nix/store/sqiphymcpky1yysgdc1aj4lr9jg9n53a-inetutils-2.2/bin/telnet", this is a finding.

Fix Text

Edit the NixOS Configuration file /etc/nixos/configuration.nix or /etc/nixos/flake.nix and remove any references to pkgs.libtelnet, pkgs.busybox, or pkgs.inetutils from the environment.systemPackages list. Rebuild and switch to the new NixOS configuration: $ sudo nixos-rebuild switch

Additional Identifiers

Rule ID: SV-268131r1131067_rule

Vulnerability ID: V-268131

Group Title: SRG-OS-000074-GPOS-00042

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.