Ensure access logs are sent to a remote syslog server
Details Centralized log management helps ensure logs are forensically sound and are available at a central location for auditing and...
- Home
- Security Hardening
- CIS Nginx Benchmark V1.0.0 L2 Webserver
CIS Nginx Benchmark V1.0.0 L2 Webserver
Ensure allow and deny filters limit access to specific IP addresses
Details IP-based restrictions act as a defense in depth mechanism. They allow you to whitelist legitimate paths to your applications...Ensure error logs are sent to a remote syslog server
Details Centralized log management helps ensure logs are forensically sound and are available at a central location for auditing and...Ensure hidden file serving is disabled
Details Disabling hidden files is a defense-in-depth mechanism to help prevent accidentally exposing sensitive information. Rationale: Disabling hidden files prevents...Ensure HTTP/2.0 is used
Details HTTP/2.0 is an optimized and more secure version of the HTTP protocol. It should be enabled so users can...Ensure HTTP Public Key Pinning is enabled
Details HTTP Public Key Pinning, also known as certificate pinning, allows a site to specify exactly which certificates the browser...Ensure HTTP WebDAV module is not installed
Details The http_dav_module enables HTTP Extensions for Web Distributed Authoring and Versioning (WebDAV) as defined by RFC 4918. This enables...Ensure modules with gzip functionality are disabled
Details gzip is used for compression. Compression functionality should be disabled to prevent certain types of attacks from being performed...Ensure NGINX is installed from source
Details Installing NGINX directly from source allows you to install NGINX without the use of a package manager. Rationale: Installing...Ensure only required modules are installed
Details This NGINX installation comes with several modules out of the box. These modules are not all always needed. Installations...