1.1.1 Ensure NGINX is installed

Information

The CIS NGINX Benchmark recommends using the NGINX binary provided by your vendor for most situations.

As an alternative, packages from nginx.org are available for a variety of platforms, including Linux and FreeBSD.

Rationale:

The main benefits of using NGINX packages from your vendor are:

Ease of installation

Dependency resolution

Increased effectiveness of maintenance and security patches

Q&A procedures carried out by your vendor

Solution

Configure and setup Nginx

sudo su
dnf update -y && dnf install dnf-utils -y
cat << EOF > /etc/yum.repos.d/nginx.repo
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/rhel/8/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
EOF
dnf install nginx -y

Default Value:

NGINX is not installed by default.

See Also

https://workbench.cisecurity.org/benchmarks/17381

Item Details

Category: SYSTEM AND SERVICES ACQUISITION

References: 800-53|SA-22, CSCv7|2.2

Plugin: Unix

Control ID: c9b270278ea7676dfb9c0616de7d8ad865aeb6629b22beb9ed9c4c71e634a2e4