NixOS must not have the telnet package installed.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-268131 | ANIX-00-000780 | SV-268131r1039281_rule | High |
| Description |
| Passwords need to be protected at all times, and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can be plainly read (i.e., clear text) and easily compromised. |
| STIG | Date |
| Anduril NixOS Security Technical Implementation Guide | 2024-10-25 |
Details
| Check Text (C-72055r1039279_chk) |
| Ensure the telnet package is not installed and available with the following command: $ whereis telnet telnet: If there is a path, and the output looks like "telnet: /nix/store/sqiphymcpky1yysgdc1aj4lr9jg9n53a-inetutils-2.2/bin/telnet", this is a finding. |
| Fix Text (F-71958r1039280_fix) |
| Edit the NixOS Configuration file with "nano /etc/nixos/configuration.nix" and remove any references to pkgs.libtelnet, pkgs.busybox, or pkgs.inetutils from the environment.systemPackages list. Rebuild the NixOS configuration with the following command: $ sudo nixos-rebuild switch |