System Security Settings¶

Checks if critical system security settings are properly configured

Checks¶

wheel_only - Only wheel group members should be allowed to use sudo
ssh_password_authentication - Password authentication should be disabled for SSH
users_immutable - Users should be managed through NixOS configuration
firewall_enabled - The system firewall should be enabled for better security
log_refused_connections - The logging of refused connections should be deactivated to avoid flooding the logs and possibly leaving important messages unseen. Consider using it only for debugging firewall rules.

Details¶

`wheel_only`¶

Description: Only wheel group members should be allowed to use sudo

How to fix: Set security.sudo.execWheelOnly = true

`ssh_password_authentication`¶

Description: Password authentication should be disabled for SSH

How to fix: Set services.openssh.settings.PasswordAuthentication = false

`users_immutable`¶

Description: Users should be managed through NixOS configuration

How to fix: Set users.mutableUsers = false

`firewall_enabled`¶

Description: The system firewall should be enabled for better security

How to fix: Set networking.firewall.enable = true

`log_refused_connections`¶

Description: The logging of refused connections should be deactivated to avoid flooding the logs and possibly leaving important messages unseen. Consider using it only for debugging firewall rules.

How to fix: Set networking.firewall.logRefusedConnections = false

System Security Settings¶

Checks¶

Details¶

wheel_only¶

ssh_password_authentication¶

users_immutable¶

firewall_enabled¶

log_refused_connections¶

`wheel_only`¶

`ssh_password_authentication`¶

`users_immutable`¶

`firewall_enabled`¶

`log_refused_connections`¶