Query specified at-risk items and check items on a specified server.
You can call this operation to query specified at-risk items and check items on a specified server.
Debugging
Alibaba Cloud provides OpenAPI Explorer to simplify API usage. You can use OpenAPI Explorer to search for API operations, call API operations, and dynamically generate SDK example code.
Request Parameters
| Parameter | Type | Required | Example | Description |
|---|---|---|---|---|
| Action | String | Yes | DescribeCheckWarnings |
The operation that you want to perform. Set the value to DescribeCheckWarnings. |
| RiskId | Long | Yes | 1 |
The ID of the at-risk item. |
| Uuid | String | Yes | d42f938c-d962-48a0-90f9-05********** |
The ID of the server on which a baseline check is executed. |
| CurrentPage | Integer | No | 1 |
The number of the page to return. Pages start from page 1. The default value is 1, indicating that the first page is displayed by default. |
| Lang | String | No | zh |
The language type. Valid values:
|
| PageSize | Integer | No | 20 |
The number of entries to return on each page. The default value is 20, indicating that the system displays 20 entries on each page. |
| SourceIp | String | No | 1.2.3.4 |
The source IP address. |
Response parameters
| Parameter | Type | Example | Description |
|---|---|---|---|
| CheckWarnings |
The list of check items. |
||
| CheckId | Long | 1 |
The ID of the check item. |
| CheckWarningId | Long | 10 |
The ID of the alert. |
| Item | String | Password expiration warning |
The name of the check item. |
| Level | String | high |
The level of the check item. |
| Status | Integer | 1 |
The status of the check item. Valid values:
|
| Type | String | Identity authentication |
The type of the check item. |
| Uuid | String | d42f938c-d962-48a0-90f9-*********** |
The ID of the server on which a baseline check is executed. |
| Count | Integer | 10 |
The current number of entries. |
| CurrentPage | Integer | 1 |
The current page number. |
| PageSize | Integer | 20 |
The number of entries returned per page. |
| RequestId | String | 0DFCADBA-7065-42DA-AF17-6868B9C2A8CF |
The ID of the request. |
| TotalCount | Integer | 100 |
The total number of check items. |
Examples
Sample requests
http(s)://[Endpoint]/? Action=DescribeCheckWarnings
&RiskId=1
&Uuid=d42f938c-d962-48a0-90f9-05e4eaf92e34
&Lang=zh
&SourceIp=127.0.0.1
&CurrentPage=1
&PageSize=20
&<Common request parameters>
Sample success responses
XML format
<DescribeCheckWarnings>
<TotalCount>16</TotalCount>
<CheckWarnings>
<Status>6</Status>
<Item>Check accounts without passwords in the system
</Item>
<Type>Identity authentication</Type>
<Uuid>974af549-3248-44dd-9180-************</Uuid>
<CheckId>1</CheckId>
<CheckWarningId>1393768</CheckWarningId>
<Level>high</Level>
</CheckWarnings>
<CheckWarnings>
<Status>6</Status>
<Item>Check password complexity</Item>
<Type>Identity authentication</Type>
<Uuid>974af549-3248-44dd-9180-************</Uuid>
<CheckId>52</CheckId>
<CheckWarningId>1393774</CheckWarningId>
<Level>high</Level>
</CheckWarnings>
<CheckWarnings>
<Status>6</Status>
<Item>Ensure that only the UID of the root user is 0</Item>
<Type>Identity authentication</Type>
<Uuid>974af549-3248-44dd-9180-1bd7c9f60bd5</Uuid>
<CheckId>15</CheckId>
<CheckWarningId>1393773</CheckWarningId>
<Level>high</Level>
</CheckWarnings>
<CheckWarnings>
<Status>6</Status>
<Item>Enable address space layout randomization</Item>
<Type>Intrusion prevention</Type>
<Uuid>974af549-3248-44dd-9180-1bd7c9f60bd5</Uuid>
<CheckId>14</CheckId>
<CheckWarningId>1393772</CheckWarningId>
<Level>high</Level>
</CheckWarnings>
<CheckWarnings>
<Status>6</Status>
<Item>Specify permissions on the user permission configuration file</Item>
<Type>File permissions</Type>
<Uuid>974af549-3248-44dd-9180-1bd7c9f60bd5</Uuid>
<CheckId>13</CheckId>
<CheckWarningId>1393767</CheckWarningId>
<Level>high</Level>
</CheckWarnings>
<CheckWarnings>
<Status>6</Status>
<Item>Specify the permissions on the access control configuration file</Item>
<Type>File permissions</Type>
<Uuid>974af549-3248-44dd-9180-1bd7c9f60bd5</Uuid>
<CheckId>12</CheckId>
<CheckWarningId>1393771</CheckWarningId>
<Level>high</Level>
</CheckWarnings>
<CheckWarnings>
<Status>6</Status>
<Item>Ensure that SSH LogLevel is set to INFO</Item>
<Type>Service configuration</Type>
<Uuid>974af549-3248-44dd-9180-1bd7c9f60bd5</Uuid>
<CheckId>11</CheckId>
<CheckWarningId>1393766</CheckWarningId>
<Level>high</Level>
</CheckWarnings>
<CheckWarnings>
<Status>6</Status>
<Item>Ensure that the rsyslog service is enabled</Item>
<Type>Security audit</Type>
<Uuid>974af549-3248-44dd-9180-1bd7c9f60bd5</Uuid>
<CheckId>10</CheckId>
<CheckWarningId>1393770</CheckWarningId>
<Level>high</Level>
</CheckWarnings>
<CheckWarnings>
<Status>6</Status>
<Item>Specify the SSH idle connection timeout period</Item>
<Type>Service configuration</Type>
<Uuid>974af549-3248-44dd-9180-1bd7c9f60bd5</Uuid>
<CheckId>8</CheckId>
<CheckWarningId>1393765</CheckWarningId>
<Level>high</Level>
</CheckWarnings>
<CheckWarnings>
<Status>6</Status>
<Item>Ensure that SSH V2 is used</Item>
<Type>Service configuration</Type>
<Uuid>974af549-3248-44dd-9180-1bd7c9f60bd5</Uuid>
<CheckId>7</CheckId>
<CheckWarningId>1393764</CheckWarningId>
<Level>high</Level>
</CheckWarnings>
<CheckWarnings>
<Status>6</Status>
<Item>Ensure that SSH MaxAuthTries is set to a value between 3 and 6</Item>
<Type>Service configuration</Type>
<Uuid>974af549-3248-44dd-9180-1bd7c9f60bd5</Uuid>
<CheckId>6</CheckId>
<CheckWarningId>1393763</CheckWarningId>
<Level>high</Level>
</CheckWarnings>
<CheckWarnings>
<Status>6</Status>
<Item>Ensure that password expiration warning days is 7 or more</Item>
<Type>Identity authentication</Type>
<Uuid>974af549-3248-44dd-9180-1bd7c9f60bd5</Uuid>
<CheckId>5</CheckId>
<CheckWarningId>1393769</CheckWarningId>
<Level>high</Level>
</CheckWarnings>
<CheckWarnings>
<Status>6</Status>
<Item>Set the shortest interval between password modifications</Item>
<Type>Identity authentication</Type>
<Uuid>974af549-3248-44dd-9180-1bd7c9f60bd5</Uuid>
<CheckId>4</CheckId>
<CheckWarningId>1393761</CheckWarningId>
<Level>high</Level>
</CheckWarnings>
<CheckWarnings>
<Status>6</Status>
<Item>Set the password duration</Item>
<Type>Identity authentication</Type>
<Uuid>974af549-3248-44dd-9180-1bd7c9f60bd5</Uuid>
<CheckId>3</CheckId>
<CheckWarningId>1393760</CheckWarningId>
<Level>high</Level>
</CheckWarnings>
<CheckWarnings>
<Status>6</Status>
<Item>Disable SSH logon for accounts without specified passwords
</Item>
<Type>Service configuration</Type>
<Uuid>974af549-3248-44dd-9180-1bd7c9f60bd5</Uuid>
<CheckId>2</CheckId>
<CheckWarningId>1393762</CheckWarningId>
<Level>high</Level>
</CheckWarnings>
<CheckWarnings>
<Status>6</Status>
<Item>Check whether password reuse is restricted</Item>
<Type>Identity authentication</Type>
<Uuid>974af549-3248-44dd-9180-1bd7c9f60bd5</Uuid>
<CheckId>58</CheckId>
<CheckWarningId>1393775</CheckWarningId>
<Level>high</Level>
</CheckWarnings>
<PageSize>20</PageSize>
<RequestId>C1E6C4FE-DE00-4B75-A01E-FCAB55A36449</RequestId>
<CurrentPage>1</CurrentPage>
<Count>16</Count>
</DescribeCheckWarnings>
JSON format
{
"Count":16,
"TotalCount":16,
"PageSize":20,
"RequestId":"C1E6C4FE-DE00-4B75-A01E-FCAB55A36449",
"CurrentPage":1,
"CheckWarnings":[
{
"Uuid":"974af549-3248-44dd-9180-************",
"Status":6,
"CheckWarningId":1393768,
"Item":"Check accounts without passwords in the system\r\n \r\n ",
"Type":"Identity authentication",
"Level":"high",
"CheckId":1
},
{
"Uuid":"974af549-3248-44dd-9180-************",
"Status":6,
"CheckWarningId":1393774,
"Item":"Check password complexity",
"Type":"Identity authentication",
"Level":"high",
"CheckId":52
},
{
"Uuid":"974af549-3248-44dd-9180-1bd7c9f60bd5",
"Status":6,
"CheckWarningId":1393773,
"Item":"Ensure that only the UID of the root user is 0",
"Type":"Identity authentication",
"Level":"high",
"CheckId":15
},
{
"Uuid":"974af549-3248-44dd-9180-1bd7c9f60bd5",
"Status":6,
"CheckWarningId":1393772,
"Item":"Enable address space layout randomization",
"Type":"Intrusion prevention",
"Level":"high",
"CheckId":14
},
{
"Uuid":"974af549-3248-44dd-9180-1bd7c9f60bd5",
"Status":6,
"CheckWarningId":1393767,
"Item":"Specify permissions on the user permission configuration file",
"Type":"File permissions",
"Level":"high",
"CheckId":13
},
{
"Uuid":"974af549-3248-44dd-9180-1bd7c9f60bd5",
"Status":6,
"CheckWarningId":1393771,
"Item":"Specify the permissions on the access control configuration file",
"Type":"File permissions",
"Level":"high",
"CheckId":12
},
{
"Uuid":"974af549-3248-44dd-9180-1bd7c9f60bd5",
"Status":6,
"CheckWarningId":1393766,
"Item":"Ensure that SSH LogLevel is set to INFO",
"Type":"Service configuration",
"Level":"high",
"CheckId":11
},
{
"Uuid":"974af549-3248-44dd-9180-1bd7c9f60bd5",
"Status":6,
"CheckWarningId":1393770,
"Item":"Ensure that the rsyslog service is enabled",
"Type":"Security audit",
"Level":"high",
"CheckId":10
},
{
"Uuid":"974af549-3248-44dd-9180-1bd7c9f60bd5",
"Status":6,
"CheckWarningId":1393765,
"Item":"Specify the SSH idle connection timeout period",
"Type":"Service configuration",
"Level":"high",
"CheckId":8
},
{
"Uuid":"974af549-3248-44dd-9180-1bd7c9f60bd5",
"Status":6,
"CheckWarningId":1393764,
"Item":"Ensure that SSH V2 is used",
"Type":"Service configuration",
"Level":"high",
"CheckId":7
},
{
"Uuid":"974af549-3248-44dd-9180-1bd7c9f60bd5",
"Status":6,
"CheckWarningId":1393763,
"Item":"Ensure that SSH MaxAuthTries is set to a value between 3 and 6",
"Type":"Service configuration",
"Level":"high",
"CheckId":6
},
{
"Uuid":"974af549-3248-44dd-9180-1bd7c9f60bd5",
"Status":6,
"CheckWarningId":1393769,
"Item":"Ensure that password expiration warning days is 7 or more",
"Type":"Identity authentication",
"Level":"high",
"CheckId":5
},
{
"Uuid":"974af549-3248-44dd-9180-1bd7c9f60bd5",
"Status":6,
"CheckWarningId":1393761,
"Item":"Set the shortest interval between password modifications",
"Type":"Identity authentication",
"Level":"high",
"CheckId":4
},
{
"Uuid":"974af549-3248-44dd-9180-1bd7c9f60bd5",
"Status":6,
"CheckWarningId":1393760,
"Item":"Set the password duration",
"Type":"Identity authentication",
"Level":"high",
"CheckId":3
},
{
"Uuid":"974af549-3248-44dd-9180-1bd7c9f60bd5",
"Status":6,
"CheckWarningId":1393762,
"Item":"Disable SSH logon for accounts without specified passwords \r\n \r\n \r\n ",
"Type":"Service configuration",
"Level":"high",
"CheckId":2
},
{
"Uuid":"974af549-3248-44dd-9180-1bd7c9f60bd5",
"Status":6,
"CheckWarningId":1393775,
"Item":"Check whether password reuse is restricted",
"Type":"Identity authentication",
"Level":"high",
"CheckId":58
}
]
}Error codes
For more information about error codes, visit API Error Center.