LinuxCommandLibrary

gixy

Analyze Nginx configuration for security vulnerabilities

TLDR

Analyze nginx configuration (default path: /etc/nginx/nginx.conf)

$ gixy
copy

Analyze nginx configuration but skip specific tests
$ gixy --skips [http_splitting]
copy

Analyze nginx configuration with the specific severity level
$ gixy [-l|-ll|-lll]
copy

Analyze nginx configuration files on the specific path
$ gixy [path/to/configuration_file_1] [path/to/configuration_file_2]
copy

SYNOPSIS

gixy /path/to/nginx.conf

PARAMETERS

/path/to/nginx.conf
    Path to the Nginx configuration file to analyze.

DESCRIPTION

Gixy is a tool to analyze NGINX configuration files. Its main goal is to prevent security misconfiguration and automate error detection.
Gixy can detect a variety of security issues, including: Use of dangerous functions like 'eval', Buffer overflows, Code injection, HTTP Parameter Pollution, and Denial-of-Service attacks.
Gixy parses the Nginx config file and uses a set of rules to identify potential issues. It provides a user-friendly output, showing the location of the problem in the config file, a description of the problem, and recommended solutions.
It is designed for ease of use and can be integrated into continuous integration and continuous delivery pipelines to ensure secure Nginx configurations. The rules are updated regularly to keep up with the latest security threats and best practices. Gixy is a valuable tool for anyone who manages Nginx servers.

OUTPUT

Gixy outputs a report detailing any found issues. The output usually includes the severity of the issue, the file and line number where the issue was found, a description of the issue, and potential solutions. The output is designed to be human-readable and easily integrated into automated workflows.

RULE SET

Gixy's rule set is continuously updated. The rules cover a wide range of potential Nginx security issues, including common misconfigurations, vulnerabilities, and best practices. The rules are written in Python and can be easily extended or customized to meet specific needs.

HISTORY

Gixy was developed by Yandex Security Team. It was designed to automate the process of reviewing Nginx configurations for security vulnerabilities and best practices. It is widely used within the company and has been released as an open-source tool to benefit the broader Nginx community.

SEE ALSO

nginx(8)

Copied to clipboard