← Back to Anduril NixOS Security Technical Implementation Guide

V-268147

CAT II (Medium)

NixOS must protect wireless access to the system using authentication of users and/or devices.

Rule ID

SV-268147r1131095_rule

STIG

Anduril NixOS Security Technical Implementation Guide

Version

V1R2

CCIs

CCI-001443

Discussion

Allowing devices and users to connect to the system without first authenticating them allows untrusted access and can lead to a compromise or attack. Wireless technologies include, for example, microwave, packet radio (UHF/VHF), 802.11x, and Bluetooth. Wireless networks use authentication protocols (e.g., EAP/TLS, PEAP), which provide credential protection and mutual authentication. This requirement applies to operating systems that control wireless devices.

Check Content

Verify NixOS disables Bluetooth adapters by running the following command: 

$ grep -R hardware.bluetooth /etc/nixos/

/etc/nixos/configuration.nix:hardware.bluetooth.enable = false;

If "hardware.bluetooth.enable", does not equal false, is missing, or is commented out, this is a finding.

Fix Text

Configure the audit service to disable Bluetooth adapters.

Add the following Nix code to the NixOS Configuration, usually located in /etc/nixos/configuration.nix or /etc/nixos/flake.nix:

 hardware.bluetooth.enable = false;

Rebuild and switch to the new NixOS configuration:
$ sudo nixos-rebuild switch