Skip to content

System Security Settings

Checks if critical system security settings are properly configured

Checks

Details

wheel_only

Description: Only wheel group members should be allowed to use sudo

How to fix: Set security.sudo.execWheelOnly = true

ssh_password_authentication

Description: Password authentication should be disabled for SSH

How to fix: Set services.openssh.settings.PasswordAuthentication = false

users_immutable

Description: Users should be managed through NixOS configuration

How to fix: Set users.mutableUsers = false

firewall_enabled

Description: The system firewall should be enabled for better security

How to fix: Set networking.firewall.enable = true

log_refused_connections

Description: The logging of refused connections should be deactivated to avoid flooding the logs and possibly leaving important messages unseen. Consider using it only for debugging firewall rules.

How to fix: Set networking.firewall.logRefusedConnections = false