CIS NGINX Benchmark v2.1.0 L2 Proxy

Audit Details

Name: CIS NGINX Benchmark v2.1.0 L2 Proxy

Updated: 10/2/2024

Authority: CIS

Plugin: Unix

Revision: 1.0

Estimated Item Count: 14

File Details

Filename: CIS_NGINX_v2.1.0_Level_2_Proxy.audit

Size: 30.9 kB

MD5: 324ebf939d63866a402976a1f845c700
SHA256: eceae7ff1ea8ac4385141033dadda7b106496f051a9ec6e9dd331a03db3c4538

Audit Items

DescriptionCategories
1.1.2 Ensure NGINX is installed from source

SYSTEM AND SERVICES ACQUISITION

2.1.1 Ensure only required modules are installed

CONFIGURATION MANAGEMENT

2.1.2 Ensure HTTP WebDAV module is not installed

CONFIGURATION MANAGEMENT

2.1.3 Ensure modules with gzip functionality are disabled

CONFIGURATION MANAGEMENT

3.5 Ensure error logs are sent to a remote syslog server

AUDIT AND ACCOUNTABILITY

3.6 Ensure access logs are sent to a remote syslog server

AUDIT AND ACCOUNTABILITY

4.1.10 Ensure the upstream traffic server certificate is trusted

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.1.11 Ensure your domain is preloaded

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.1.12 Ensure session resumption is disabled to enable perfect forward security

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.1.14 Ensure only Perfect Forward Secrecy Ciphers are Leveraged

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.1.1 Ensure allow and deny filters limit access to specific IP addresses

SYSTEM AND COMMUNICATIONS PROTECTION

5.2.4 Ensure the number of connections per IP address is limited

SYSTEM AND SERVICES ACQUISITION

5.2.5 Ensure rate limits by IP address are set

SYSTEM AND SERVICES ACQUISITION

CIS_NGINX_v2.1.0_Level_2_Proxy.audit from CIS NGINX Benchmark v2.1.0