This topic describes how to use the baseline check feature and handle risks found in server configurations.
After you enable baseline check, Security Center automatically detects risks related to systems, accounts, databases, passwords, and security compliance configurations of your servers, and provides fixes accordingly. For more information about the check items, see the Baseline check items table.
Security Center automatically runs baseline checks between 00:00 to 06:00 every two days. You can create and manage baseline check policies. You can customize the check items, interval, and effective time period in a baseline check policy, and select the servers to which you want to apply this policy.
Baseline check is a value-added service of Security Center. Only Enterprise edition users can activate and use this service. You must upgrade the Basic or Advanced edition to the Enterprise edition before you can use this feature.
Some check items on weak passwords, system security compliance, and Center for Internet Security (CIS) standards are disabled by default. MySQL, PostgreSQL, and Microsoft SQL Server weak password checks may be conducted through logon attempts, which consume server resources and generate multiple logon failure records. Before you check these items, be aware of the risks and select the check items when you customize the baseline check policy.
Baseline check items
|Databases||Detection for risks in Redis, Memcached, MongoDB, MySQL, and Oracle 11g monitoring and startup permission configurations.|
The classified protection standard compliance check that covers check items following
the level 2 and level 3 security requirements stated in China Classified Protection
Standard 2.0. The security baseline check that follows the security standards of Alibaba
Cloud and CIS. Security Center checks these items on the following systems:
|Weak passwords||Weak passwords in PostgreSQL|
|Weak passwords in Windows|
|Weak passwords in Microsoft SQL Server|
|Weak passwords in Linux|
|Weak passwords in MySQL|
|Weak passwords in MongoDB, including 2.x versions|
|Anonymous FTP logon configurations|
|FTP weak passwords|
|Middleware||Baseline checks following Alibaba Cloud security standards on Apache, Apache Tomcat, Docker, IIS 8, Nginx, WebSphere Application Server, and WebLogic Server 12c.|