2.4.1 Ensure NGINX only listens for network connections on authorized ports

Information

NGINX can be configured to listen on any port, but it should be configured to listen on authorized ports only.

Rationale:

Limiting the listening ports to only those that are authorized helps to ensure no unauthorized services are running through the use of NGINX.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

If any ports are listening that are not authorized, comment out or delete the associated configuration for that listener.

Default Value:

Only port 80 is listening by default.

See Also

https://workbench.cisecurity.org/files/4212