STIGhubSTIGhub
STIGsSearchCompareAbout

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • VPAT
  • DISA STIG Library
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Anduril NixOS Security Technical Implementation Guide

V-268173

CAT II (Medium)

NixOS must be configured to use AppArmor.

Rule ID

SV-268173r1131154_rule

STIG

Anduril NixOS Security Technical Implementation Guide

Version

V1R2

CCIs

CCI-000366, CCI-001764

Discussion

Users' home directories/folders may contain information of a sensitive nature. Nonprivileged users should coordinate any sharing of information with a system administrator (SA) through shared resources. Satisfies: SRG-OS-000480-GPOS-00230, SRG-OS-000368-GPOS-00154

Check Content

Verify NixOS is configured to use AppArmor with the following command:

$ sudo systemctl status apparmor.service

apparmor.service - Load AppArmor policies
  Loaded: loaded (/etc/systemd/system/apparmor.service; enabled; present: enabled)
  Active: active (running) since Sat 2022-06-04 02:51:43 UTC; 13min ago

 If the "apparmor.service" is not enabled and active, this is a finding.

Fix Text

Configure NixOS to use AppArmor.

Add the following Nix code to the NixOS Configuration, usually located in /etc/nixos/configuration.nix or /etc/nixos/flake.nix:

 security.apparmor.enable = true;

Rebuild and switch to the new NixOS configuration:
$ sudo nixos-rebuild switch

A reboot is required for the changes to take effect.