Query specified at-risk items and check items on a specified server.

You can call this operation to query specified at-risk items and check items on a specified server.

Debugging

Alibaba Cloud provides OpenAPI Explorer to simplify API usage. You can use OpenAPI Explorer to search for API operations, call API operations, and dynamically generate SDK example code.

Request Parameters

Parameter Type Required Example Description
Action String Yes DescribeCheckWarnings

The operation that you want to perform. Set the value to DescribeCheckWarnings.

RiskId Long Yes 1

The ID of the at-risk item.

Uuid String Yes d42f938c-d962-48a0-90f9-05**********

The ID of the server on which a baseline check is executed.

CurrentPage Integer No 1

The number of the page to return.

Pages start from page 1. The default value is 1, indicating that the first page is displayed by default.

Lang String No zh

The language type. Valid values:

  • zh: Chinese
  • en: English
PageSize Integer No 20

The number of entries to return on each page.

The default value is 20, indicating that the system displays 20 entries on each page.

SourceIp String No 1.2.3.4

The source IP address.

Response parameters

Parameter Type Example Description
CheckWarnings

The list of check items.

CheckId Long 1

The ID of the check item.

CheckWarningId Long 10

The ID of the alert.

Item String Password expiration warning

The name of the check item.

Level String high

The level of the check item.

Status Integer 1

The status of the check item. Valid values:

  • 1: failed
  • 2: verifying
  • 3: passed
  • 5: expired
  • 6: ignored
Type String Identity authentication

The type of the check item.

Uuid String d42f938c-d962-48a0-90f9-***********

The ID of the server on which a baseline check is executed.

Count Integer 10

The current number of entries.

CurrentPage Integer 1

The current page number.

PageSize Integer 20

The number of entries returned per page.

RequestId String 0DFCADBA-7065-42DA-AF17-6868B9C2A8CF

The ID of the request.

TotalCount Integer 100

The total number of check items.

Examples

Sample requests


http(s)://[Endpoint]/? Action=DescribeCheckWarnings
&RiskId=1
&Uuid=d42f938c-d962-48a0-90f9-05e4eaf92e34
&Lang=zh
&SourceIp=127.0.0.1
&CurrentPage=1
&PageSize=20
&<Common request parameters>

Sample success responses

XML format

<DescribeCheckWarnings>
  <TotalCount>16</TotalCount>
  <CheckWarnings>
    <Status>6</Status>
    <Item>Check accounts without passwords in the system
			                                
		                            </Item>
    <Type>Identity authentication</Type>
    <Uuid>974af549-3248-44dd-9180-************</Uuid>
    <CheckId>1</CheckId>
    <CheckWarningId>1393768</CheckWarningId>
    <Level>high</Level>
  </CheckWarnings>
  <CheckWarnings>
    <Status>6</Status>
    <Item>Check password complexity</Item>
    <Type>Identity authentication</Type>
    <Uuid>974af549-3248-44dd-9180-************</Uuid>
    <CheckId>52</CheckId>
    <CheckWarningId>1393774</CheckWarningId>
    <Level>high</Level>
  </CheckWarnings>
  <CheckWarnings>
    <Status>6</Status>
    <Item>Ensure that only the UID of the root user is 0</Item>
    <Type>Identity authentication</Type>
    <Uuid>974af549-3248-44dd-9180-1bd7c9f60bd5</Uuid>
    <CheckId>15</CheckId>
    <CheckWarningId>1393773</CheckWarningId>
    <Level>high</Level>
  </CheckWarnings>
  <CheckWarnings>
    <Status>6</Status>
    <Item>Enable address space layout randomization</Item>
    <Type>Intrusion prevention</Type>
    <Uuid>974af549-3248-44dd-9180-1bd7c9f60bd5</Uuid>
    <CheckId>14</CheckId>
    <CheckWarningId>1393772</CheckWarningId>
    <Level>high</Level>
  </CheckWarnings>
  <CheckWarnings>
    <Status>6</Status>
    <Item>Specify permissions on the user permission configuration file</Item>
    <Type>File permissions</Type>
    <Uuid>974af549-3248-44dd-9180-1bd7c9f60bd5</Uuid>
    <CheckId>13</CheckId>
    <CheckWarningId>1393767</CheckWarningId>
    <Level>high</Level>
  </CheckWarnings>
  <CheckWarnings>
    <Status>6</Status>
    <Item>Specify the permissions on the access control configuration file</Item>
    <Type>File permissions</Type>
    <Uuid>974af549-3248-44dd-9180-1bd7c9f60bd5</Uuid>
    <CheckId>12</CheckId>
    <CheckWarningId>1393771</CheckWarningId>
    <Level>high</Level>
  </CheckWarnings>
  <CheckWarnings>
    <Status>6</Status>
    <Item>Ensure that SSH LogLevel is set to INFO</Item>
    <Type>Service configuration</Type>
    <Uuid>974af549-3248-44dd-9180-1bd7c9f60bd5</Uuid>
    <CheckId>11</CheckId>
    <CheckWarningId>1393766</CheckWarningId>
    <Level>high</Level>
  </CheckWarnings>
  <CheckWarnings>
    <Status>6</Status>
    <Item>Ensure that the rsyslog service is enabled</Item>
    <Type>Security audit</Type>
    <Uuid>974af549-3248-44dd-9180-1bd7c9f60bd5</Uuid>
    <CheckId>10</CheckId>
    <CheckWarningId>1393770</CheckWarningId>
    <Level>high</Level>
  </CheckWarnings>
  <CheckWarnings>
    <Status>6</Status>
    <Item>Specify the SSH idle connection timeout period</Item>
    <Type>Service configuration</Type>
    <Uuid>974af549-3248-44dd-9180-1bd7c9f60bd5</Uuid>
    <CheckId>8</CheckId>
    <CheckWarningId>1393765</CheckWarningId>
    <Level>high</Level>
  </CheckWarnings>
  <CheckWarnings>
    <Status>6</Status>
    <Item>Ensure that SSH V2 is used</Item>
    <Type>Service configuration</Type>
    <Uuid>974af549-3248-44dd-9180-1bd7c9f60bd5</Uuid>
    <CheckId>7</CheckId>
    <CheckWarningId>1393764</CheckWarningId>
    <Level>high</Level>
  </CheckWarnings>
  <CheckWarnings>
    <Status>6</Status>
    <Item>Ensure that SSH MaxAuthTries is set to a value between 3 and 6</Item>
    <Type>Service configuration</Type>
    <Uuid>974af549-3248-44dd-9180-1bd7c9f60bd5</Uuid>
    <CheckId>6</CheckId>
    <CheckWarningId>1393763</CheckWarningId>
    <Level>high</Level>
  </CheckWarnings>
  <CheckWarnings>
    <Status>6</Status>
    <Item>Ensure that password expiration warning days is 7 or more</Item>
    <Type>Identity authentication</Type>
    <Uuid>974af549-3248-44dd-9180-1bd7c9f60bd5</Uuid>
    <CheckId>5</CheckId>
    <CheckWarningId>1393769</CheckWarningId>
    <Level>high</Level>
  </CheckWarnings>
  <CheckWarnings>
    <Status>6</Status>
    <Item>Set the shortest interval between password modifications</Item>
    <Type>Identity authentication</Type>
    <Uuid>974af549-3248-44dd-9180-1bd7c9f60bd5</Uuid>
    <CheckId>4</CheckId>
    <CheckWarningId>1393761</CheckWarningId>
    <Level>high</Level>
  </CheckWarnings>
  <CheckWarnings>
    <Status>6</Status>
    <Item>Set the password duration</Item>
    <Type>Identity authentication</Type>
    <Uuid>974af549-3248-44dd-9180-1bd7c9f60bd5</Uuid>
    <CheckId>3</CheckId>
    <CheckWarningId>1393760</CheckWarningId>
    <Level>high</Level>
  </CheckWarnings>
  <CheckWarnings>
    <Status>6</Status>
    <Item>Disable SSH logon for accounts without specified passwords                                
			                            
			                                
		                            </Item>
    <Type>Service configuration</Type>
    <Uuid>974af549-3248-44dd-9180-1bd7c9f60bd5</Uuid>
    <CheckId>2</CheckId>
    <CheckWarningId>1393762</CheckWarningId>
    <Level>high</Level>
  </CheckWarnings>
  <CheckWarnings>
    <Status>6</Status>
    <Item>Check whether password reuse is restricted</Item>
    <Type>Identity authentication</Type>
    <Uuid>974af549-3248-44dd-9180-1bd7c9f60bd5</Uuid>
    <CheckId>58</CheckId>
    <CheckWarningId>1393775</CheckWarningId>
    <Level>high</Level>
  </CheckWarnings>
  <PageSize>20</PageSize>
  <RequestId>C1E6C4FE-DE00-4B75-A01E-FCAB55A36449</RequestId>
  <CurrentPage>1</CurrentPage>
  <Count>16</Count>
</DescribeCheckWarnings>

JSON format

{
	"Count":16,
	"TotalCount":16,
	"PageSize":20,
	"RequestId":"C1E6C4FE-DE00-4B75-A01E-FCAB55A36449",
	"CurrentPage":1,
	"CheckWarnings":[
		{
			"Uuid":"974af549-3248-44dd-9180-************",
			"Status":6,
			"CheckWarningId":1393768,
			"Item":"Check accounts without passwords in the system\r\n                                \r\n                            ",
			"Type":"Identity authentication",
			"Level":"high",
			"CheckId":1
		},
		{
			"Uuid":"974af549-3248-44dd-9180-************",
			"Status":6,
			"CheckWarningId":1393774,
			"Item":"Check password complexity",
			"Type":"Identity authentication",
			"Level":"high",
			"CheckId":52
		},
		{
			"Uuid":"974af549-3248-44dd-9180-1bd7c9f60bd5",
			"Status":6,
			"CheckWarningId":1393773,
			"Item":"Ensure that only the UID of the root user is 0",
			"Type":"Identity authentication",
			"Level":"high",
			"CheckId":15
		},
		{
			"Uuid":"974af549-3248-44dd-9180-1bd7c9f60bd5",
			"Status":6,
			"CheckWarningId":1393772,
			"Item":"Enable address space layout randomization",
			"Type":"Intrusion prevention",
			"Level":"high",
			"CheckId":14
		},
		{
			"Uuid":"974af549-3248-44dd-9180-1bd7c9f60bd5",
			"Status":6,
			"CheckWarningId":1393767,
			"Item":"Specify permissions on the user permission configuration file",
			"Type":"File permissions",
			"Level":"high",
			"CheckId":13
		},
		{
			"Uuid":"974af549-3248-44dd-9180-1bd7c9f60bd5",
			"Status":6,
			"CheckWarningId":1393771,
			"Item":"Specify the permissions on the access control configuration file",
			"Type":"File permissions",
			"Level":"high",
			"CheckId":12
		},
		{
			"Uuid":"974af549-3248-44dd-9180-1bd7c9f60bd5",
			"Status":6,
			"CheckWarningId":1393766,
			"Item":"Ensure that SSH LogLevel is set to INFO",
			"Type":"Service configuration",
			"Level":"high",
			"CheckId":11
		},
		{
			"Uuid":"974af549-3248-44dd-9180-1bd7c9f60bd5",
			"Status":6,
			"CheckWarningId":1393770,
			"Item":"Ensure that the rsyslog service is enabled",
			"Type":"Security audit",
			"Level":"high",
			"CheckId":10
		},
		{
			"Uuid":"974af549-3248-44dd-9180-1bd7c9f60bd5",
			"Status":6,
			"CheckWarningId":1393765,
			"Item":"Specify the SSH idle connection timeout period",
			"Type":"Service configuration",
			"Level":"high",
			"CheckId":8
		},
		{
			"Uuid":"974af549-3248-44dd-9180-1bd7c9f60bd5",
			"Status":6,
			"CheckWarningId":1393764,
			"Item":"Ensure that SSH V2 is used",
			"Type":"Service configuration",
			"Level":"high",
			"CheckId":7
		},
		{
			"Uuid":"974af549-3248-44dd-9180-1bd7c9f60bd5",
			"Status":6,
			"CheckWarningId":1393763,
			"Item":"Ensure that SSH MaxAuthTries is set to a value between 3 and 6",
			"Type":"Service configuration",
			"Level":"high",
			"CheckId":6
		},
		{
			"Uuid":"974af549-3248-44dd-9180-1bd7c9f60bd5",
			"Status":6,
			"CheckWarningId":1393769,
			"Item":"Ensure that password expiration warning days is 7 or more",
			"Type":"Identity authentication",
			"Level":"high",
			"CheckId":5
		},
		{
			"Uuid":"974af549-3248-44dd-9180-1bd7c9f60bd5",
			"Status":6,
			"CheckWarningId":1393761,
			"Item":"Set the shortest interval between password modifications",
			"Type":"Identity authentication",
			"Level":"high",
			"CheckId":4
		},
		{
			"Uuid":"974af549-3248-44dd-9180-1bd7c9f60bd5",
			"Status":6,
			"CheckWarningId":1393760,
			"Item":"Set the password duration",
			"Type":"Identity authentication",
			"Level":"high",
			"CheckId":3
		},
		{
			"Uuid":"974af549-3248-44dd-9180-1bd7c9f60bd5",
			"Status":6,
			"CheckWarningId":1393762,
			"Item":"Disable SSH logon for accounts without specified passwords                                \r\n                            \r\n                                \r\n                            ",
			"Type":"Service configuration",
			"Level":"high",
			"CheckId":2
		},
		{
			"Uuid":"974af549-3248-44dd-9180-1bd7c9f60bd5",
			"Status":6,
			"CheckWarningId":1393775,
			"Item":"Check whether password reuse is restricted",
			"Type":"Identity authentication",
			"Level":"high",
			"CheckId":58
		}
	]
}

Error codes

For more information about error codes, visit API Error Center.