Title

NixOS must not allow an unattended or automatic login to the system via the console. (Cat I impact)

Discussion

Failure to restrict system access via the console to authenticated users negatively impacts operating system security.

Check Content

Verify NixOS does not allow an unattended or automatic login to the system via the console with the following command: $ grep -iR autologin.user /etc/nixos If "services.xserver.displayManager.autoLogin.user" is defined and is not "null", this is a finding.

Fix Text

Configure the operating system to not allow an unattended or automatic login to the system via the console. Note: Once set, the system must be rebooted for any changes to apply. Add or update the following configuration in /etc/nixos/configuration.nix: services.xserver.displayManager.autoLogin.user = null; Rebuild the NixOS configuration with the following command: $ sudo nixos-rebuild switch

Additional Identifiers

Rule ID: SV-268172r1039586_rule

Vulnerability ID: V-268172

Group Title: SRG-OS-000480-GPOS-00229

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.