Halo provides preset configuration polices around OSes and some other common applications, but you can also build your own polices for specific applications. In this blog entry we’ll go over how to build a policy for Nginx and use that policy to help harden your web-servers.
Halo can identify if a server is currently compliant with the Nginx security policy you create. We’ll be using the hardening guide here for recommendations on different settings we may want to adjust. We’ll create a few checks from the guide. We won’t cover every step, some checks will relate to the OS and others directly to application settings done outside of the configuration file. You can always add more checks or customize them specifically for your environment.
Create a Configuration Check for each of the hardening settings you want to cover.
Below are a list of the different settings we’re going to create rules for:
1. Control Simultaneous Connections
In the nginx.conf file you can use NginxHttpLimitZone module to limit the number of simultaneous connections either for the assigned session or as a special case, from one IP address.
File Integrity Monitoring and we’ll be well on our way to a secure and hardened Nginx server.