Checks whether 0.0.0.0 is excluded from all IP address allowlists of an ApsaraDB for OceanBase tenant.

Scenarios

You can configure an IP address allowlist for a tenant of an ApsaraDB for OceanBase cluster based on the principle of least privilege to reduce network exposure and protect cloud network security.

Risk level

Default risk level: high.

You can change the risk level as required when you apply this rule.

Compliance evaluation logic

  • If 0.0.0.0 is excluded from all IP address allowlists of the ApsaraDB for OceanBase tenant, the evaluation result is compliant.
  • If 0.0.0.0 is included in an IP address allowlist of the ApsaraDB for OceanBase tenant, the evaluation result is non-compliant. For more information about how to correct the non-compliant configuration, see Non-compliance remediation.

Rule details

ItemDescription
Rule nameoceanbase-tenant-security-ip-check
Rule IDoceanbase-tenant-security-ip-check
TagOceanBase and Tenant
Automatic remediationNot supported
Trigger typePeriodic execution
Time interval24 hours
Supported resource typeApsaraDB for OceanBase cluster
Input parameterNone

Non-compliance remediation

Configure an IP address allowlist for the ApsaraDB for OceanBase tenant. For more information, see Whitelist group.