You can call this operation to query specified at-risk items and check items of a server.
Debugging
Request parameters
| Parameter | Type | Required | Example | Description |
|---|---|---|---|---|
| Action | String | Yes | DescribeCheckWarnings | The operation that you want to perform. Set the value to DescribeCheckWarnings. |
| RiskId | Long | Yes | 1 | The ID of the at-risk check item.
Note To query specified at-risk check items and check items of a specified server, you must specify the IDs of the at-risk check items. You can call the DescribeCheckWarningSummary operation to query the check item IDs.
|
| Uuid | String | Yes | d42f938c-d962-48a0-90f9-05********** | The ID of the server on which the baseline check is run. The ID of the at-risk check item.
Note To query specified at-risk check items and check items of a specified server, you must specify the ID of the server on which the baseline check is run. You can call the DescribeWarningMachines operation to query the server ID.
|
| CurrentPage | Integer | No | 1 | The number of the page to return. Pages start from page 1. The default value is 1, which indicates that the first page is displayed. |
| Lang | String | No | zh | The language of the request and response. Valid values:
|
| PageSize | Integer | No | 20 | The number of entries to return on each page. The default value is 20, which indicates that 20 entries are returned on each page. |
| SourceIp | String | No | 1.2.3.4 | The source IP address of the request. |
Response parameters
| Parameter | Type | Example | Description |
|---|---|---|---|
| CheckWarnings | Array | The information about the check item. |
|
| CheckId | Long | 1 | The ID of the check item. |
| CheckWarningId | Long | 10 | The ID of the alert. |
| Item | String | Password expiration alert | The name of the check item. |
| Level | String | high | The risk level of the at-risk check item. Valid values:
|
| Status | Integer | 1 | The status of the check item. Valid values:
|
| Type | String | Identity authentication | The type of the check item. |
| Uuid | String | d42f938c-d962-48a0-90f9-*********** | The ID of the server on which the baseline check was run. |
| Count | Integer | 10 | The number of entries returned on the current page. |
| CurrentPage | Integer | 1 | The page number of the returned page. |
| PageSize | Integer | 20 | The number of entries returned per page. |
| RequestId | String | 0DFCADBA-7065-42DA-AF17-6868B9C2A8CF | The ID of the request. |
| TotalCount | Integer | 100 | The total number of returned entries. |
Examples
Sample requests
http(s)://[Endpoint]/? Action=DescribeCheckWarnings
&RiskId=1
&Uuid=d42f938c-d962-48a0-90f9-05e4eaf92e34
&Lang=zh
&SourceIp=127.0.0.1
&CurrentPage=1
&PageSize=20
&<Common request parameters>
Sample success responses
XML format
<DescribeCheckWarnings>
<TotalCount>16</TotalCount>
<CheckWarnings>
<Status>6</Status>
<Item>Check accounts without passwords in the system
</Item>
<Type>Identity authentication</Type>
<Uuid>974af549-3248-44dd-9180-***</Uuid>
<CheckId>1</CheckId>
<CheckWarningId>1393768</CheckWarningId>
<Level>high</Level>
</CheckWarnings>
<CheckWarnings>
<Status>6</Status>
<Item>Check password complexity</Item>
<Type>Identity authentication</Type>
<Uuid>974af549-3248-44dd-9180-***</Uuid>
<CheckId>52</CheckId>
<CheckWarningId>1393774</CheckWarningId>
<Level>high</Level>
</CheckWarnings>
<CheckWarnings>
<Status>6</Status>
<Item>Make sure that root is the only account whose UID is 0</Item>
<Type>Identity authentication</Type>
<Uuid>974af549-3248-44dd-9180-***</Uuid>
<CheckId>15</CheckId>
<CheckWarningId>1393773</CheckWarningId>
<Level>high</Level>
</CheckWarnings>
<CheckWarnings>
<Status>6</Status>
<Item>Enable address space layout randomization</Item>
<Type>Intrusion prevention</Type>
<Uuid>974af549-3248-44dd-9180-***</Uuid>
<CheckId>14</CheckId>
<CheckWarningId>1393772</CheckWarningId>
<Level>high</Level>
</CheckWarnings>
<CheckWarnings>
<Status>6</Status>
<Item>Specify permissions on the user permission configuration file</Item>
<Type>File permissions</Type>
<Uuid>974af549-3248-44dd-9180-***</Uuid>
<CheckId>13</CheckId>
<CheckWarningId>1393767</CheckWarningId>
<Level>high</Level>
</CheckWarnings>
<CheckWarnings>
<Status>6</Status>
<Item>Specify permissions on the access control configuration file</Item>
<Type>File permissions</Type>
<Uuid>974af549-3248-44dd-9180-***</Uuid>
<CheckId>12</CheckId>
<CheckWarningId>1393771</CheckWarningId>
<Level>high</Level>
</CheckWarnings>
<CheckWarnings>
<Status>6</Status>
<Item>Make sure that SSH LogLevel is set to INFO</Item>
<Type>Service configuration</Type>
<Uuid>974af549-3248-44dd-9180-***</Uuid>
<CheckId>11</CheckId>
<CheckWarningId>1393766</CheckWarningId>
<Level>high</Level>
</CheckWarnings>
<CheckWarnings>
<Status>6</Status>
<Item>Make sure that the rsyslog service is enabled</Item>
<Type>Security audit</Type>
<Uuid>974af549-3248-44dd-9180-***</Uuid>
<CheckId>10</CheckId>
<CheckWarningId>1393770</CheckWarningId>
<Level>high</Level>
</CheckWarnings>
<CheckWarnings>
<Status>6</Status>
<Item>Specify the SSH idle connection timeout period</Item>
<Type>Service configuration</Type>
<Uuid>974af549-3248-44dd-9180-***</Uuid>
<CheckId>8</CheckId>
<CheckWarningId>1393765</CheckWarningId>
<Level>high</Level>
</CheckWarnings>
<CheckWarnings>
<Status>6</Status>
<Item>Make sure that SSH V2 is used</Item>
<Type>Service configuration</Type>
<Uuid>974af549-3248-44dd-9180-***</Uuid>
<CheckId>7</CheckId>
<CheckWarningId>1393764</CheckWarningId>
<Level>high</Level>
</CheckWarnings>
<CheckWarnings>
<Status>6</Status>
<Item>Make sure that SSH MaxAuthTries is set to a value between 3 and 6</Item>
<Type>Service configuration</Type>
<Uuid>974af549-3248-44dd-9180-***</Uuid>
<CheckId>6</CheckId>
<CheckWarningId>1393763</CheckWarningId>
<Level>high</Level>
</CheckWarnings>
<CheckWarnings>
<Status>6</Status>
<Item>Make sure that alerts are triggered at least 7 days before passwords expire</Item>
<Type>Identity authentication</Type>
<Uuid>974af549-3248-44dd-9180-***</Uuid>
<CheckId>5</CheckId>
<CheckWarningId>1393769</CheckWarningId>
<Level>high</Level>
</CheckWarnings>
<CheckWarnings>
<Status>6</Status>
<Item>Set the shortest interval between password modifications</Item>
<Type>Identity authentication</Type>
<Uuid>974af549-3248-44dd-9180-***</Uuid>
<CheckId>4</CheckId>
<CheckWarningId>1393761</CheckWarningId>
<Level>high</Level>
</CheckWarnings>
<CheckWarnings>
<Status>6</Status>
<Item>Set the password validity period</Item>
<Type>Identity authentication</Type>
<Uuid>974af549-3248-44dd-9180-***</Uuid>
<CheckId>3</CheckId>
<CheckWarningId>1393760</CheckWarningId>
<Level>high</Level>
</CheckWarnings>
<CheckWarnings>
<Status>6</Status>
<Item>Disable SSH logon for accounts without specified passwords
</Item>
<Type>Service configuration</Type>
<Uuid>974af549-3248-44dd-9180-***</Uuid>
<CheckId>2</CheckId>
<CheckWarningId>1393762</CheckWarningId>
<Level>high</Level>
</CheckWarnings>
<CheckWarnings>
<Status>6</Status>
<Item>Check whether password reuse is restricted</Item>
<Type>Identity authentication</Type>
<Uuid>974af549-3248-44dd-9180-***</Uuid>
<CheckId>58</CheckId>
<CheckWarningId>1393775</CheckWarningId>
<Level>high</Level>
</CheckWarnings>
<PageSize>20</PageSize>
<RequestId>C1E6C4FE-DE00-4B75-A01E-FCAB55A36449</RequestId>
<CurrentPage>1</CurrentPage>
<Count>16</Count>
</DescribeCheckWarnings>JSON format
{
"Count":16,
"TotalCount":16,
"PageSize":20,
"RequestId":"C1E6C4FE-DE00-4B75-A01E-FCAB55A36449",
"CurrentPage":1,
"CheckWarnings":[
{
"Uuid":"974af549-3248-44dd-9180-***",
"Status":6,
"CheckWarningId":1393768,
"Item":"Check accounts without passwords in the system\r\n \r\n ",
"Type":"Identity authentication",
"Level":"high",
"CheckId":1
},
{
"Uuid":"974af549-3248-44dd-9180-***",
"Status":6,
"CheckWarningId":1393774,
"Item":"Check password complexity",
"Type":"Identity authentication",
"Level":"high",
"CheckId":52
},
{
"Uuid":"974af549-3248-44dd-9180-***",
"Status":6,
"CheckWarningId":1393773,
"Item":"Make sure that root is the only account whose UID is 0",
"Type":"Identity authentication",
"Level":"high",
"CheckId":15
},
{
"Uuid":"974af549-3248-44dd-9180-***",
"Status":6,
"CheckWarningId":1393772,
"Item":"Enable address space layout randomization",
"Type":"Intrusion prevention",
"Level":"high",
"CheckId":14
},
{
"Uuid":"974af549-3248-44dd-9180-***",
"Status":6,
"CheckWarningId":1393767,
"Item":"Specify permissions on the user permission configuration file",
"Type":"File permissions",
"Level":"high",
"CheckId":13
},
{
"Uuid":"974af549-3248-44dd-9180-***",
"Status":6,
"CheckWarningId":1393771,
"Item":"Specify the permissions on the access control configuration file",
"Type":"File permissions",
"Level":"high",
"CheckId":12
},
{
"Uuid":"974af549-3248-44dd-9180-***",
"Status":6,
"CheckWarningId":1393766,
"Item":"Make sure that SSH LogLevel is set to INFO",
"Type":"Service configuration",
"Level":"high",
"CheckId":11
},
{
"Uuid":"974af549-3248-44dd-9180-***",
"Status":6,
"CheckWarningId":1393770,
"Item":"Make sure that the rsyslog service is enabled",
"Type":"Security audit",
"Level":"high",
"CheckId":10
},
{
"Uuid":"974af549-3248-44dd-9180-***",
"Status":6,
"CheckWarningId":1393765,
"Item":"Specify the SSH idle connection timeout period",
"Type":"Service configuration",
"Level":"high",
"CheckId":8
},
{
"Uuid":"974af549-3248-44dd-9180-***",
"Status":6,
"CheckWarningId":1393764,
"Item":"Make sure that SSH V2 is used",
"Type":"Service configuration",
"Level":"high",
"CheckId":7
},
{
"Uuid":"974af549-3248-44dd-9180-***",
"Status":6,
"CheckWarningId":1393763,
"Item":"Make sure that SSH MaxAuthTries is set to a value between 3 and 6",
"Type":"Service configuration",
"Level":"high",
"CheckId":6
},
{
"Uuid":"974af549-3248-44dd-9180-***",
"Status":6,
"CheckWarningId":1393769,
"Item":"Make sure that alerts are triggered at least 7 days before passwords expire",
"Type":"Identity authentication",
"Level":"high",
"CheckId":5
},
{
"Uuid":"974af549-3248-44dd-9180-***",
"Status":6,
"CheckWarningId":1393761,
"Item":"Set the shortest interval between password modifications",
"Type":"Identity authentication",
"Level":"high",
"CheckId":4
},
{
"Uuid":"974af549-3248-44dd-9180-***",
"Status":6,
"CheckWarningId":1393760,
"Item":"Set the password validity period",
"Type":"Identity authentication",
"Level":"high",
"CheckId":3
},
{
"Uuid":"974af549-3248-44dd-9180-***",
"Status":6,
"CheckWarningId":1393762,
"Item":"Disable SSH logon for accounts with empty password strings \r\n \r\n \r\n ",
"Type":"Service configuration",
"Level":"high",
"CheckId":2
},
{
"Uuid":"974af549-3248-44dd-9180-***",
"Status":6,
"CheckWarningId":1393775,
"Item":"Check whether password reuse is restricted",
"Type":"Identity authentication",
"Level":"high",
"CheckId":58
}
]
}Error codes
For a list of error codes, visit the API Error Center.