Detections
Analytics

CIS NGINX Benchmark v2.0.1 L2 Webserver

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS NGINX Benchmark v2.0.1 L2 Webserver

Updated: 10/2/2024

Authority: CIS

Plugin: Unix

Revision: 1.2

Estimated Item Count: 18

Audit Items

DescriptionCategories
1.1.2 Ensure NGINX is installed from source
2.1.1 Ensure only required modules are installed
2.1.2 Ensure HTTP WebDAV module is not installed
2.1.3 Ensure modules with gzip functionality are disabled
2.5.3 Ensure hidden file serving is disabled
3.5 Ensure error logs are sent to a remote syslog server
3.6 Ensure access logs are sent to a remote syslog server
4.1.11 Ensure your domain is preloaded
4.1.12 Ensure session resumption is disabled to enable perfect forward security
4.1.13 Ensure HTTP/2.0 is used
4.1.14 Ensure only Perfect Forward Secrecy Ciphers are Leveraged - proxy_ssl_ciphers
4.1.14 Ensure only Perfect Forward Secrecy Ciphers are Leveraged - ssl_ciphers
5.1.1 Ensure allow and deny filters limit access to specific IP addresses
5.2.4 Ensure the number of connections per IP address is limited
5.2.5 Ensure rate limits by IP address are set
5.3.3 Ensure that Content Security Policy (CSP) is enabled and configured properly
5.3.4 Ensure the Referrer Policy is enabled and configured properly
CIS_NGINX_v2.0.1_Level_2_Webserver.audit from CIS NGINX Benchmark v2.0.1