Details
The CIS NGINX Benchmark recommends using the NGINX binary provided by your vendor for most situations.
As an alternative, packages from [nginx.org](https://nginx.org/) are available for a variety of platforms, including Linux and FreeBSD.
Rationale:
The main benefits of using NGINX packages from your vendor are:
– Ease of installation
– Dependency resolution
– Increased effectiveness of maintenance and security patches
– Q&A procedures carried out by your vendor
Solution
Configure repo:
Example:
#Configure your repo
cat /etc/yum.repos.d/nginx.repo
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=1
enabled=1
EOF
Download signing key:
Example:
#Download Signing Key From The Internet
curl -O https://nginx.org/keys/nginx_signing.key
#import signing key so you do not get an error installing nginx
rpm –import nginx_signing.key
Install NGNIX:
Example:
yum install nginx -y
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: System and Information Integrity.This control applies to the following type of system Unix.