This topic describes the log entries generated during baseline checks.

Background information

When Security Center checks baselines, the Security Center baseline process in your operating system is started. For some baseline check items that involve weak password check, Security Center will test your weak password policies by using weak passwords to log on. This generates log entries in the system log.

During baseline checks, processes started in different operating systems are as follows:
  • Windows: starts the AliSecureCheck.exe process. The path of the process is C:\Program Files (x86)\Alibaba\Aegis\SecureCheck.
  • Linux: starts the AliSecureCheck process. The path of the process is /usr/local/aegis/SecureCheck.

Microsoft SQL Server weak password check log

When Security Center checks whether a Microsoft SQL Server database is using weak passwords, it attempts to log on to the Microsoft SQL Server database from the local operating system by using different combinations of weak passwords. If the Microsoft SQL Server database in your host has the logon audit feature enabled, logon events are saved to the local Windows system log.

To view the logon entries generated by the baseline process, open Computer Management and choose System Tools > Event Viewer > Windows Logs > Application.

Log description:

  • The source is the local host.
  • The logon entries display the ServerGuardHealthCheck or AliSecureCheck process name.
  • A large number of logon entries are generated in a short period of time.
SQL Server

MySQL weak password check log

When Security Center checks whether a MySQL database is using weak passwords, it attempts to log on to the MySQL database from the local operating system by using different combinations of weak passwords. Logon entries are saved to the MySQL error log.

You can view the logon entries generated by the baseline process in the MySQL error log.

Log description:

  • The source is the local operating system.
  • A large number of logon entries are generated in a short period of time.
MySQL

PostgreSQL weak password check log

When Security Center checks whether a PostgreSQL database is using weak passwords, it attempts to log on to the PostgreSQL database from the local operating system by using different combinations of weak passwords. If the PostgreSQL database has the error log feature enabled, logon events are saved to the PostgreSQL error log.

You can view the logon entries generated by the baseline process in the PostgreSQL error log.

Log description:

  • The source is the local operating system.
  • A large number of logon entries are generated in a short period of time.
PGSQL

FTP weak password check log

When Security Center checks for FTP weak passwords, it attempts to log on to the FTP server from the local operating system by using the combination of different weak passwords. If the FTP server has the error log feature enabled, logon events are saved to the FTP error log.

You can view the logon entries generated by the baseline process in the FTP error log.

Log description:

  • The source is the local operating system.
  • A large number of logon entries are generated in a short period of time.
FTP