Details
The PID file stores the main process ID of the nginx process. This file should be protected from unauthorized modification.
Rationale:
The PID file should be owned by root and the group root. It should also be readable to everyone, but only writable by root (permissions 644). This will prevent unauthorized modification of the PID file, which could cause a denial of service.
Solution
If the PID file is not owned by root, issue this command:
chown root:root /var/run/nginx.pid
If the PID file has permissions greater than 644, issue this command:
chown 644 /var/run/nginx.pid
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.