4.1.3 Ensure private key permissions are restricted

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version


The server's private key should be protected from unauthorized access by limiting access based on the principle of least privilege.


A server's private key file should be restricted to 400 permissions. This ensures only the owner of the private key file can access it. This is the minimum necessary permissions for the server to operate. If the private key file is not protected, an unauthorized user with access to the server may be able to find the private key file and use it to decrypt traffic sent to your server.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.


Run the following command on your key file to ensure its permissions are set to 400. The file name /etc/nginx/nginx.key should be replaced with the location of your key file.

sudo chmod 400 /etc/nginx/nginx.key

See Also