This topic describes how to view baseline check results and manage baseline risks in the Security Center console. The baseline check results include information about affected assets, details of the check items, and suggestions on how to manage baseline risks.

Prerequisites

A baseline check is completed. For more information, see Run a baseline check.

Background information

After you enable the baseline check feature, Security Center runs baseline checks on all assets based on the default baseline check policy. You can also create custom baseline check policies. For more information, see Set baseline check policies.
Note Only the Enterprise edition of Security Center supports custom check policies. The Advanced edition does not support custom check policies. The Advanced edition supports baseline checks based on the default check policy and existing check policies.

View the summary of baseline check results

  1. Log on to the Security Center console.
  2. In the left-side navigation pane, choose Precaution > Baseline Check.
  3. On the Baseline Check page, you can view the summary of baseline check results and filter data by policy.
    Summary

    You can select a policy from the Select Policy drop-down list to view the following information:

    • Checked Servers: the number of servers on which the baseline check runs. This number is specified in the selected baseline check policy.
    • Check Items: the number of check items specified in the selected baseline check policy.
    • Weak Passwords: the number of detected weak passwords based on the selected check policy. You can click the number below Weak Passwords to view the list of weak passwords.
    • Last Pass Rate: the pass rate of check items in the last baseline check. Each color of the number below Last Pass Rate has a different indication:
      • Green: indicates a high pass rate of check items.
      • Red: indicates a low pass rate of check items. We recommend that you go to the details page and manage the baseline risks.

      For more information about baseline risks, see View risk details.

      For more information about how to manage baseline risks, see Manage baseline risks.

View all check items

  1. Log on to the Security Center console.
  2. In the left-side navigation pane, choose Precaution > Baseline Check.
  3. In the Select Policy drop-down list, select All.
    The Baseline Check page
    The Baseline Check page in the Security Center console provides a list of baseline check items. This list contains information such as the baseline name, baseline category, last check time, number of check items, and numbers of baseline risks and affected servers.
    Note You can also select a baseline check policy from the Select Policy drop-down list to view the check items specified in this policy.

View details of a baseline

  1. Log on to the Security Center console.
  2. In the left-side navigation pane, choose Precaution > Baseline Check.
  3. In the Baseline column, click a baseline to view the baseline details.
    Baseline details
    Baseline details include the affected assets and numbers of Passed Items and At-Risk Items.
  4. You can manage baseline risks on the baseline details page.
    • Find the asset, and click View in the Actions column to go to the At-Risk Items page. For more information, see View risk details.
    • You can click Verify in the Actions column to check whether the baseline risks of an asset have been managed. If the verification is passed, the number of At-Risk Items is reduced, and the status of the check items change to Passed.
    • You can click Undo Fix in the Actions column for an asset, select a snapshot, and then click OK to roll back the system to the selected snapshot.
      Note If service interruptions occur due to risk fix failures and the asset has a snapshot, Security Center allows you to undo operations performed on the asset. After operations are undone, the asset is rolled back to the specified snapshot.

View risk details

  1. On the details page, find the asset and click View in the Actions column to view baseline risks detected on this asset.
    The list of baseline risksYou can view the check items of the asset and the status of the check items. Status includes Passed and Failed.
  2. You can click Details in the Actions column to view the description, result, and suggestion for this check item.
    Risk details
Note We recommend that you follow the suggestions to manage Failed check items at the earliest opportunity, especially the high-risk check items. For more information, see Manage baseline risks.

Manage baseline risks

On the At-Risk Items page, you can manage baseline risks as needed.

Manage baseline risks
  • Fix baseline risks
    You can fix only risks related to Alibaba Cloud standards and the classified protection baseline in Linux operating systems. Find the risk that you want to fix, and click Fix in the Actions column. In the Repair Risk Check Item dialog box, set the parameters and click Fix Now.Fix baseline risks

    You can fix this risk based on the following descriptions:

    • Batch Configuration: You can click Details on the right of Batch Configuration. Assets that have this risk are listed. Select the assets to which you want to apply the selected Repair Method.
    • Repair Method: Select a Repair Method.
      Note Different risks require different fix methods. Select a method as needed.
    • Risk Protection: Select whether to automatically create snapshots. We recommend that you select the Create snapshots automatically and fix check box.
      Note Services may be interrupted if the system fails to fix risks. We recommend that you create a snapshot of the system before you fix the risk. You can roll back the system to a snapshot as needed.

    After the fix is completed, you can manually check whether the risk is fixed. Security Center also automatically checks whether risks are fixed based on the detection interval specified in the scan policies.

  • Add check items to the whitelist
    If you want to disable alerts for a check item, click Whitelist to add the check item to the whitelist. Check items in the whitelist no longer trigger alerts. For more information, see Add a check item to the whitelist.Add check items to the whitelist
    Note You can also select multiple check items and click Whitelist in the lower-left corner to add the check items to the whitelist at a time.
  • Remove check items from the whitelist
    If you want to enable alerts for a check item in the whitelist, you can Remove the item from the whitelist. You can remove one or more check items from the whitelist at a time. After a check item is removed from the whitelist, alerts can be triggered based on the alert.Remove check items from the whitelist
  • Verify risk fixes

    After you fix a baseline risk, you can click Verify to check whether the risk has been fixed. After you click Verify, the status of the check item changes to Verifying.

    Verifying

    If you do not manually perform verification, Security Center automatically verifies the check item based on the detection interval specified in the scan policies.

    If the verification is passed, the Status of the check item changes to Passed.