This topic provides an overview of tamper protection. Tamper protection is a value-added service provided by Security Center. This service monitors website directories in real time, and backs up and restores tampered files or directories. This service prevents Trojans, hidden links, and uploads of violent or illicit content.
To make illegal profits or conduct business attacks, attackers exploit vulnerabilities in websites to insert illegal hidden links and tamper with the websites. Defaced web pages affect user access and may lead to serious economic losses, damaged brand reputation, or political risks.
Tamper protection allows you to add Linux and Windows processes to the whitelist. This ensures that protected files are updated in real time.
How tamper protection works
The Security Center agent automatically identifies and terminates the processes that attempt to modify files in the protected directories of the protected servers.
You can log on to the Security Center console and choose . On the page that appears, you can find the alert list where you can view the alerts generated upon unusual file changes, unusual processes, and the number of times that each unusual process has attempted to write files. If a file is modified by a trusted process, you can add the process to the whitelist. After the process is added to the whitelist, tamper protection no longer blocks the process. In scenarios where the content of websites, such as news and education websites, is frequently modified, the whitelist saves you the efforts of frequently enabling and disabling tamper protection. For more information, see Add blocked processes to the whitelist.
Versions of operating systems and kernels supported by tamper protection
|OS||Supported operating system version||Supported kernel version|
|32-bit and 64-bit Windows||Windows Server 2008, 2012, 2016, and 2019||All versions|
|64-bit CentOS||6.3, 6.5, 6.6, 6.7, 6.8, 6.9, 6.10, 7.0, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.7, and 7.8
Note Tamper protection supports only 64-bit CentOS. 32-bit CentOS is not supported.
|64-bit Ubuntu||14.04, 16.04, and 18.04
Note Tamper protection supports only 64-bit Ubuntu. 32-bit Ubuntu is not supported.
- Kernel versions supported by tamper protection are listed in the preceding table. Servers that use unsupported kernel versions are not supported by the tamper protection whitelist. Make sure that your servers use supported kernel versions. If the current kernel version is not supported, you must upgrade it to a supported version. Otherwise, you cannot add processes to the whitelist.
- Before you upgrade the server kernel, create a snapshot to back up your asset data.