CIS NGINX Benchmark v2.0.1 L2 Loadbalancer

Audit Details

Name: CIS NGINX Benchmark v2.0.1 L2 Loadbalancer

Updated: 6/17/2024

Authority: CIS

Plugin: Unix

Revision: 1.1

Estimated Item Count: 30

File Details

Filename: CIS_NGINX_v2.0.1_Level_2_Loadbalancer.audit

Size: 32.8 kB

MD5: 7b27d43eb0d3071cef1a0a749d6d2bd6
SHA256: eb5cddc13177bf62e59fab295dec62d3d9f6a94db6ccd2616daa493a45f2ad04

Audit Items

DescriptionCategories
1.1.2 Ensure NGINX is installed from source

SYSTEM AND SERVICES ACQUISITION

1.1.2 Ensure NGINX is installed from source

SYSTEM AND SERVICES ACQUISITION

2.1.1 Ensure only required modules are installed

CONFIGURATION MANAGEMENT

2.1.1 Ensure only required modules are installed

CONFIGURATION MANAGEMENT

2.1.2 Ensure HTTP WebDAV module is not installed

CONFIGURATION MANAGEMENT

2.1.2 Ensure HTTP WebDAV module is not installed

CONFIGURATION MANAGEMENT

2.1.3 Ensure modules with gzip functionality are disabled

CONFIGURATION MANAGEMENT

2.1.3 Ensure modules with gzip functionality are disabled

CONFIGURATION MANAGEMENT

3.5 Ensure error logs are sent to a remote syslog server

AUDIT AND ACCOUNTABILITY

3.5 Ensure error logs are sent to a remote syslog server

AUDIT AND ACCOUNTABILITY

3.6 Ensure access logs are sent to a remote syslog server

AUDIT AND ACCOUNTABILITY

3.6 Ensure access logs are sent to a remote syslog server

AUDIT AND ACCOUNTABILITY

4.1.10 Ensure the upstream traffic server certificate is trusted

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.1.10 Ensure the upstream traffic server certificate is trusted

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.1.11 Ensure your domain is preloaded

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.1.11 Ensure your domain is preloaded

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.1.12 Ensure session resumption is disabled to enable perfect forward security

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.1.12 Ensure session resumption is disabled to enable perfect forward security

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.1.14 Ensure only Perfect Forward Secrecy Ciphers are Leveraged - proxy_ssl_ciphers

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.1.14 Ensure only Perfect Forward Secrecy Ciphers are Leveraged - proxy_ssl_ciphers

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.1.14 Ensure only Perfect Forward Secrecy Ciphers are Leveraged - ssl_ciphers

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.1.14 Ensure only Perfect Forward Secrecy Ciphers are Leveraged - ssl_ciphers

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.1.1 Ensure allow and deny filters limit access to specific IP addresses

SYSTEM AND COMMUNICATIONS PROTECTION

5.1.1 Ensure allow and deny filters limit access to specific IP addresses

SYSTEM AND COMMUNICATIONS PROTECTION

5.2.4 Ensure the number of connections per IP address is limited

SYSTEM AND SERVICES ACQUISITION

5.2.4 Ensure the number of connections per IP address is limited

SYSTEM AND SERVICES ACQUISITION

5.2.5 Ensure rate limits by IP address are set

SYSTEM AND SERVICES ACQUISITION

5.2.5 Ensure rate limits by IP address are set

SYSTEM AND SERVICES ACQUISITION

CIS_NGINX_v2.0.1_Level_2_Loadbalancer.audit from CIS NGINX Benchmark v2.0.1
CIS_NGINX_v2.0.1_Level_2_Loadbalancer.audit from CIS NGINX Benchmark v2.0.1