You can call this operation to query specified at-risk items and check items of a server.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes DescribeCheckWarnings

The operation that you want to perform. Set the value to DescribeCheckWarnings.

RiskId Long Yes 1

The ID of the at-risk check item.

Note To query specified at-risk check items and check items of a specified server, you must specify the IDs of the at-risk check items. You can call the DescribeCheckWarningSummary operation to query the check item IDs.
Uuid String Yes d42f938c-d962-48a0-90f9-05**********

The ID of the server on which the baseline check is run.

The ID of the at-risk check item.

Note To query specified at-risk check items and check items of a specified server, you must specify the ID of the server on which the baseline check is run. You can call the DescribeWarningMachines operation to query the server ID.
CurrentPage Integer No 1

The number of the page to return.

Pages start from page 1. The default value is 1, which indicates that the first page is displayed.

Lang String No zh

The language of the request and response. Valid values:

  • zh: Chinese
  • en: English
PageSize Integer No 20

The number of entries to return on each page.

The default value is 20, which indicates that 20 entries are returned on each page.

SourceIp String No 1.2.3.4

The source IP address of the request.

Response parameters

Parameter Type Example Description
CheckWarnings Array

The information about the check item.

CheckId Long 1

The ID of the check item.

CheckWarningId Long 10

The ID of the alert.

Item String Password expiration alert

The name of the check item.

Level String high

The risk level of the at-risk check item. Valid values:

  • high
  • medium
  • low
Status Integer 1

The status of the check item. Valid values:

  • 1: failed
  • 2: verifying
  • 3: passed
  • 5: expired
  • 6: ignored
Type String Identity authentication

The type of the check item.

Uuid String d42f938c-d962-48a0-90f9-***********

The ID of the server on which the baseline check was run.

Count Integer 10

The number of entries returned on the current page.

CurrentPage Integer 1

The page number of the returned page.

PageSize Integer 20

The number of entries returned per page.

RequestId String 0DFCADBA-7065-42DA-AF17-6868B9C2A8CF

The ID of the request.

TotalCount Integer 100

The total number of returned entries.

Examples

Sample requests


http(s)://[Endpoint]/? Action=DescribeCheckWarnings
&RiskId=1
&Uuid=d42f938c-d962-48a0-90f9-05e4eaf92e34
&Lang=zh
&SourceIp=127.0.0.1
&CurrentPage=1
&PageSize=20
&<Common request parameters>

Sample success responses

XML format

<DescribeCheckWarnings>
  <TotalCount>16</TotalCount>
  <CheckWarnings>
        <Status>6</Status>
        <Item>Check accounts without passwords in the system
                                
                            </Item>
        <Type>Identity authentication</Type>
        <Uuid>974af549-3248-44dd-9180-***</Uuid>
        <CheckId>1</CheckId>
        <CheckWarningId>1393768</CheckWarningId>
        <Level>high</Level>
  </CheckWarnings>
  <CheckWarnings>
        <Status>6</Status>
        <Item>Check password complexity</Item>
        <Type>Identity authentication</Type>
        <Uuid>974af549-3248-44dd-9180-***</Uuid>
        <CheckId>52</CheckId>
        <CheckWarningId>1393774</CheckWarningId>
        <Level>high</Level>
  </CheckWarnings>
  <CheckWarnings>
        <Status>6</Status>
        <Item>Make sure that root is the only account whose UID is 0</Item>
        <Type>Identity authentication</Type>
        <Uuid>974af549-3248-44dd-9180-***</Uuid>
        <CheckId>15</CheckId>
        <CheckWarningId>1393773</CheckWarningId>
        <Level>high</Level>
  </CheckWarnings>
  <CheckWarnings>
        <Status>6</Status>
        <Item>Enable address space layout randomization</Item>
        <Type>Intrusion prevention</Type>
        <Uuid>974af549-3248-44dd-9180-***</Uuid>
        <CheckId>14</CheckId>
        <CheckWarningId>1393772</CheckWarningId>
        <Level>high</Level>
  </CheckWarnings>
  <CheckWarnings>
        <Status>6</Status>
        <Item>Specify permissions on the user permission configuration file</Item>
        <Type>File permissions</Type>
        <Uuid>974af549-3248-44dd-9180-***</Uuid>
        <CheckId>13</CheckId>
        <CheckWarningId>1393767</CheckWarningId>
        <Level>high</Level>
  </CheckWarnings>
  <CheckWarnings>
        <Status>6</Status>
        <Item>Specify permissions on the access control configuration file</Item>
        <Type>File permissions</Type>
        <Uuid>974af549-3248-44dd-9180-***</Uuid>
        <CheckId>12</CheckId>
        <CheckWarningId>1393771</CheckWarningId>
        <Level>high</Level>
  </CheckWarnings>
  <CheckWarnings>
        <Status>6</Status>
        <Item>Make sure that SSH LogLevel is set to INFO</Item>
        <Type>Service configuration</Type>
        <Uuid>974af549-3248-44dd-9180-***</Uuid>
        <CheckId>11</CheckId>
        <CheckWarningId>1393766</CheckWarningId>
        <Level>high</Level>
  </CheckWarnings>
  <CheckWarnings>
        <Status>6</Status>
        <Item>Make sure that the rsyslog service is enabled</Item>
        <Type>Security audit</Type>
        <Uuid>974af549-3248-44dd-9180-***</Uuid>
        <CheckId>10</CheckId>
        <CheckWarningId>1393770</CheckWarningId>
        <Level>high</Level>
  </CheckWarnings>
  <CheckWarnings>
        <Status>6</Status>
        <Item>Specify the SSH idle connection timeout period</Item>
        <Type>Service configuration</Type>
        <Uuid>974af549-3248-44dd-9180-***</Uuid>
        <CheckId>8</CheckId>
        <CheckWarningId>1393765</CheckWarningId>
        <Level>high</Level>
  </CheckWarnings>
  <CheckWarnings>
        <Status>6</Status>
        <Item>Make sure that SSH V2 is used</Item>
        <Type>Service configuration</Type>
        <Uuid>974af549-3248-44dd-9180-***</Uuid>
        <CheckId>7</CheckId>
        <CheckWarningId>1393764</CheckWarningId>
        <Level>high</Level>
  </CheckWarnings>
  <CheckWarnings>
        <Status>6</Status>
        <Item>Make sure that SSH MaxAuthTries is set to a value between 3 and 6</Item>
        <Type>Service configuration</Type>
        <Uuid>974af549-3248-44dd-9180-***</Uuid>
        <CheckId>6</CheckId>
        <CheckWarningId>1393763</CheckWarningId>
        <Level>high</Level>
  </CheckWarnings>
  <CheckWarnings>
        <Status>6</Status>
        <Item>Make sure that alerts are triggered at least 7 days before passwords expire</Item>
        <Type>Identity authentication</Type>
        <Uuid>974af549-3248-44dd-9180-***</Uuid>
        <CheckId>5</CheckId>
        <CheckWarningId>1393769</CheckWarningId>
        <Level>high</Level>
  </CheckWarnings>
  <CheckWarnings>
        <Status>6</Status>
        <Item>Set the shortest interval between password modifications</Item>
        <Type>Identity authentication</Type>
        <Uuid>974af549-3248-44dd-9180-***</Uuid>
        <CheckId>4</CheckId>
        <CheckWarningId>1393761</CheckWarningId>
        <Level>high</Level>
  </CheckWarnings>
  <CheckWarnings>
        <Status>6</Status>
        <Item>Set the password validity period</Item>
        <Type>Identity authentication</Type>
        <Uuid>974af549-3248-44dd-9180-***</Uuid>
        <CheckId>3</CheckId>
        <CheckWarningId>1393760</CheckWarningId>
        <Level>high</Level>
  </CheckWarnings>
  <CheckWarnings>
        <Status>6</Status>
        <Item>Disable SSH logon for accounts without specified passwords                                
                            
                                
                            </Item>
        <Type>Service configuration</Type>
        <Uuid>974af549-3248-44dd-9180-***</Uuid>
        <CheckId>2</CheckId>
        <CheckWarningId>1393762</CheckWarningId>
        <Level>high</Level>
  </CheckWarnings>
  <CheckWarnings>
        <Status>6</Status>
        <Item>Check whether password reuse is restricted</Item>
        <Type>Identity authentication</Type>
        <Uuid>974af549-3248-44dd-9180-***</Uuid>
        <CheckId>58</CheckId>
        <CheckWarningId>1393775</CheckWarningId>
        <Level>high</Level>
  </CheckWarnings>
  <PageSize>20</PageSize>
  <RequestId>C1E6C4FE-DE00-4B75-A01E-FCAB55A36449</RequestId>
  <CurrentPage>1</CurrentPage>
  <Count>16</Count>
</DescribeCheckWarnings>

JSON format

{
	"Count":16,
	"TotalCount":16,
	"PageSize":20,
	"RequestId":"C1E6C4FE-DE00-4B75-A01E-FCAB55A36449",
	"CurrentPage":1,
	"CheckWarnings":[
		{
			"Uuid":"974af549-3248-44dd-9180-***",
			"Status":6,
			"CheckWarningId":1393768,
			"Item":"Check accounts without passwords in the system\r\n                                \r\n                            ",
			"Type":"Identity authentication",
			"Level":"high",
			"CheckId":1
		},
		{
			"Uuid":"974af549-3248-44dd-9180-***",
			"Status":6,
			"CheckWarningId":1393774,
			"Item":"Check password complexity",
			"Type":"Identity authentication",
			"Level":"high",
			"CheckId":52
		},
		{
			"Uuid":"974af549-3248-44dd-9180-***",
			"Status":6,
			"CheckWarningId":1393773,
			"Item":"Make sure that root is the only account whose UID is 0",
			"Type":"Identity authentication",
			"Level":"high",
			"CheckId":15
		},
		{
			"Uuid":"974af549-3248-44dd-9180-***",
			"Status":6,
			"CheckWarningId":1393772,
			"Item":"Enable address space layout randomization",
			"Type":"Intrusion prevention",
			"Level":"high",
			"CheckId":14
		},
		{
			"Uuid":"974af549-3248-44dd-9180-***",
			"Status":6,
			"CheckWarningId":1393767,
			"Item":"Specify permissions on the user permission configuration file",
			"Type":"File permissions",
			"Level":"high",
			"CheckId":13
		},
		{
			"Uuid":"974af549-3248-44dd-9180-***",
			"Status":6,
			"CheckWarningId":1393771,
			"Item":"Specify the permissions on the access control configuration file",
			"Type":"File permissions",
			"Level":"high",
			"CheckId":12
		},
		{
			"Uuid":"974af549-3248-44dd-9180-***",
			"Status":6,
			"CheckWarningId":1393766,
			"Item":"Make sure that SSH LogLevel is set to INFO",
			"Type":"Service configuration",
			"Level":"high",
			"CheckId":11
		},
		{
			"Uuid":"974af549-3248-44dd-9180-***",
			"Status":6,
			"CheckWarningId":1393770,
			"Item":"Make sure that the rsyslog service is enabled",
			"Type":"Security audit",
			"Level":"high",
			"CheckId":10
		},
		{
			"Uuid":"974af549-3248-44dd-9180-***",
			"Status":6,
			"CheckWarningId":1393765,
			"Item":"Specify the SSH idle connection timeout period",
			"Type":"Service configuration",
			"Level":"high",
			"CheckId":8
		},
		{
			"Uuid":"974af549-3248-44dd-9180-***",
			"Status":6,
			"CheckWarningId":1393764,
			"Item":"Make sure that SSH V2 is used",
			"Type":"Service configuration",
			"Level":"high",
			"CheckId":7
		},
		{
			"Uuid":"974af549-3248-44dd-9180-***",
			"Status":6,
			"CheckWarningId":1393763,
			"Item":"Make sure that SSH MaxAuthTries is set to a value between 3 and 6",
			"Type":"Service configuration",
			"Level":"high",
			"CheckId":6
		},
		{
			"Uuid":"974af549-3248-44dd-9180-***",
			"Status":6,
			"CheckWarningId":1393769,
			"Item":"Make sure that alerts are triggered at least 7 days before passwords expire",
			"Type":"Identity authentication",
			"Level":"high",
			"CheckId":5
		},
		{
			"Uuid":"974af549-3248-44dd-9180-***",
			"Status":6,
			"CheckWarningId":1393761,
			"Item":"Set the shortest interval between password modifications",
			"Type":"Identity authentication",
			"Level":"high",
			"CheckId":4
		},
		{
			"Uuid":"974af549-3248-44dd-9180-***",
			"Status":6,
			"CheckWarningId":1393760,
			"Item":"Set the password validity period",
			"Type":"Identity authentication",
			"Level":"high",
			"CheckId":3
		},
		{
			"Uuid":"974af549-3248-44dd-9180-***",
			"Status":6,
			"CheckWarningId":1393762,
			"Item":"Disable SSH logon for accounts with empty password strings                                \r\n                            \r\n                                \r\n                            ",
			"Type":"Service configuration",
			"Level":"high",
			"CheckId":2
		},
		{
			"Uuid":"974af549-3248-44dd-9180-***",
			"Status":6,
			"CheckWarningId":1393775,
			"Item":"Check whether password reuse is restricted",
			"Type":"Identity authentication",
			"Level":"high",
			"CheckId":58
		}
	]
}

Error codes

For a list of error codes, visit the API Error Center.