Information
System logging should be configured to meet your organizational security and privacy policies. Enabling detailed logging to include information about events, event sources, timestamps, and users may assist in incident response activities.
NOTE: Aim to keep sensitive information out of logs. For example, keep sensitive information out of query strings and URIs to avoid this.
Rationale:
Performing detailed logging ensures that incident responders, auditors, and others are able to clearly view the activity that has occurred on your server. CIS control 8.5: 'Collect Detailed Audit Logs' recommends that you configure detailed audit logging for enterprise assets containing sensitive data. It further recommends you include event source, date, username, timestamp, source addresses, destination addresses, and other useful elements that could assist in a forensic investigation.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
Edit the log format directive in /etc/nginx/nginx.conf so it logs everything needed to meet your organizational policies.
Default Value:
log_format main '$remote_addr - $remote_user [$time_local] '$request' ' '$status $body_bytes_sent '$http_referer' '
''$http_user_agent' '$http_x_forwarded_for'';