All Products
Search
Document Center

Security Center:Baseline check

Last Updated:Jan 05, 2024

Viruses and attackers can exploit the defects in the security configurations of a server to intrude into the server to steal data or insert webshells. The baseline check feature checks the configurations of operating systems, databases, software, and containers of a server. Then, you can harden the security of your assets, reduce the risks of intrusion, and meet the requirements for security compliance based on the check results. This topic describes the baseline check feature and how to use the feature.

How the baseline check feature works

The baseline check feature allows you to configure different baseline check policies. You can use the policies to scan multiple servers at a time to detect risks in systems, accounts, permissions, databases, classified protection compliance configurations, and weak passwords. The baseline check feature also provides suggestions about how to fix baseline risks and allows you to fix the risks with a few clicks. For more information about the check items that are supported, see Baselines.

Policy overview

Policies include the baselines based on which Security Center performs baseline checks. Security Center provides the following types of baseline check policies: default baseline check, standard baseline check, and custom baseline check policies.

The following table describes the baseline types, number of baselines, Security Center editions, and use scenarios that are supported by different types of baseline check policies. The policies are default baseline check, standard baseline check, and custom baseline check policies.

Policy Type

Security Center edition

Description

Scenario

Default baseline check policy

Advanced, Enterprise, and Ultimate

The default baseline check policy includes more than 70 baseline check items. You can modify the start time of baseline checks and servers to which the default baseline check policy is applied. The following baseline types are supported:

  • Unauthorized access

  • Container security

  • Best security practices

  • Weak password

Note

Security Center Advanced supports only the baselines of the weak password type.

By default, Security Center performs baseline checks based on the default baseline check policy. After you purchase the Advanced, Enterprise, or Ultimate edition of Security Center, Security Center checks all the assets within your Alibaba Cloud account from 00:00 to 06:00 every two days or during the time range that you specify based on the default baseline check policy. The default baseline check policy supports only the following types of baselines: unauthorized access, best security practices, container security, and weak passwords.

Standard baseline check policy

Enterprise and Ultimate

A standard baseline check policy includes more than 120 baseline check items. You can modify policy parameters. The following baseline types are supported:

  • Unauthorized access

  • Classified protection compliance

  • Best security practices

  • Container security

  • CIS compliance

  • Weak password

Compared with the default baseline check policy, standard baseline check policies support one more baseline type: classified protection compliance. For the baseline types that are supported by the two types of policies, standard baseline check policies support more baselines. In addition, you can modify policy parameters. You can create standard baseline check policies based on your business requirements.

Custom baseline check policy

Enterprise and Ultimate

A custom baseline check policy can include more than 50 baseline check items. You can modify policy parameters and the parameters of some baselines. You can select custom baselines for operating systems.

Custom baseline check policies are used to check whether risks exist in the configurations of your assets based on the custom baselines for operating systems. You can create custom baseline check policies and modify the parameters of baselines based on your business requirements.

Benefits

Classified protection compliance

Checks existing configurations against MLPS level 2 and level 3 standards and Center for Internet Security (CIS) standards, and meets compliance and regulatory requirements. This helps enterprises build a security system that meets the requirements for classified protection.

Comprehensive detection scope

Checks baseline configurations for weak passwords, unauthorized access, vulnerabilities, and configuration risks. The feature is available for more than 30 versions of operating systems and more than 20 types of databases and middleware.

Flexible policy configurations

Allows you to configure custom security policies, check interval, and check scope. This helps you meet the security configuration requirements of different businesses.

Fixing solution provided

Provides fixing solutions for risks that are detected on check items, which helps you quickly reinforce the security of your assets. The quick fixing capability helps you harden system baseline configurations and helps your system meet the requirements of classified protection.

Limits

  • Only users of Security Center Advanced, Enterprise, and Ultimate can enable and use the baseline check feature.

  • Only users of Security Center Enterprise and Ultimate can create standard and custom baseline check policies. Users of Security Center Advanced can run baseline checks only based on the default baseline check policy.

  • Security Center Advanced supports only the baselines of the weak password type. The Enterprise and Ultimate editions of Security Center support all baselines that are provided by the baseline check feature and allow you to fix the baseline risks that are detected on a Linux server based on the Alibaba Cloud standards or the Multi-Level Protection Scheme (MLPS) standards.

Step 1: (Optional) Create a baseline check policy

  1. Log on to the Security Center console. In the top navigation bar, select the region of the asset that you want to manage. The following regions are supported: China and Outside China.

  2. In the left-side navigation pane, choose Risk Management > Baseline Check.

  3. If you use the Basic or Anti-Virus edition of Security Center, click Upgrade Now to purchase the Advanced, Enterprise, or Ultimate edition.

  4. In the upper-right corner of the Baseline Check page, click Policy Management.

  5. In the Policy Management panel, create a baseline check policy based on your business requirements.

    • Create a standard baseline check policy

      You can create a standard baseline check policy to check baseline configurations of your assets in a more comprehensive manner.

      1. In the Policy Management panel, click Add standard policy.

      2. In the Baseline Check Policy panel, configure the following parameters and click Ok.

        Parameter

        Description

        Policy Name

        The name of the policy.

        Schedule

        The interval at which baseline checks are performed.

        Detection time

        The time range during which baseline checks are performed.

        Check Items

        The baselines that you want to use. For more information, see Baselines.

        Scan Method

        The method for scanning servers. Valid values:

        • Group: Security Center scans servers by server group. You can select one or more server groups.

        • ECS: Security Center scans Elastic Compute Service (ECS) instances. You can select some ECS instances or all ECS instances across server groups.

        Servers

        The servers to which the baseline check policy is applied.

        Note

        By default, newly purchased servers belong to All Groups > Default. To apply the policy to newly purchased servers, you must select Default. For more information about how to add or modify a server group, see Manage servers.

      Security Center runs baseline checks on your assets based on the policy that you create.

    • Create a custom baseline check policy

      You can create a custom baseline check policy to check whether risks exist in the configurations of your assets based on the custom baselines for operating systems.

      1. In the Policy Management panel, click Add custom policy.

      2. In the Baseline Check Policy panel, configure the following parameters and click Ok.

        Parameter

        Description

        Policy Name

        The name of the policy.

        Schedule

        The interval at which baseline checks are performed.

        Detection time

        The time range during which baseline checks are performed.

        Check Items

        The baselines that you want to use. For more information, see Baselines.

        Note

        You can modify the parameters of some custom baselines based on your business requirements.

        Scan Method

        The method for scanning servers. Valid values:

        • Group: Security Center scans servers by server group. You can select one or more server groups.

        • ECS: Security Center scans ECS instances. You can select some ECS instances or all ECS instances across server groups.

        Servers

        The servers to which the baseline check policy is applied.

        Note
        • You can apply only one custom baseline check policy to the servers that belong to the same server group. If a server group is selected for an existing custom baseline check policy, you can no longer select the server group for the Servers parameter when you create a custom baseline check policy.

        • By default, newly purchased servers belong to All Groups > Default. To apply the policy to newly purchased servers, you must select Default. For more information about how to add or modify a server group, see Manage server groups, importance levels, and tags.

    • You can also find a policy and click Edit or Delete in the Actions column to edit or delete the policy based on your business requirements.

      Note
      • You cannot restore a policy after you delete it.

      • You cannot delete the default baseline check policy or modify the baselines of the default baseline check policy. You can modify only the Detection time and Servers parameters of the default baseline check policy.

    • In the lower part of the Manage Policies panel, you can configure Baseline level. Valid values: High, Medium, and Low.

  6. Optional. Security Center provides built-in detection rules for weak passwords. You can also create custom rules to detect weak passwords based on the built-in detection rules.

    You can use one of the following methods to create custom rules:

    • Upload rules by using the weak password template

      1. In the Manage Policies panel, find the Custom Weak Password Rules section and click Download.

      2. Configure rules in the downloaded template based on your business requirements and save the template.

      3. Click Import File to upload the template. Custom rules used to detect weak passwords are created.

        Security Center checks whether weak passwords are configured for your assets based on the custom rules.

        Note

        Before you upload the template, make sure that the following requirements are met:

        • The size of the file does not exceed 5 KB.

        • Each line in the file contains only one weak password. Otherwise, Security Center cannot accurately detect weak passwords.

        • The file contains no more than 2,000 weak passwords.

    • Create a custom dictionary of weak passwords.

      1. In the Manage Policies panel, find the Custom Weak Password Rules section and click Custom weak password dictionary.

      2. In the Custom weak password dictionary panel, configure the following parameters.

        Parameter

        Description

        Domain

        The domain name of your asset.

        Company name

        The name of your enterprise.

        Keyword

        The keyword based on which you want Security Center to generate possible weak passwords.

        Weak password dictionary

        You do not need to configure this parameter. The default value of this parameter is the possible weak passwords that Security Center generates based on Alibaba Cloud threat intelligence.

      3. Click Generate and Import. The custom dictionary of weak passwords is created.

        Security Center checks whether weak passwords are configured for your assets based on the created custom dictionary of weak passwords.

Step 2: Run baseline checks based on the policy

The baseline check feature supports periodic and automatic checks and manual checks. The following list describes the detection modes:

  • Periodic and automatic checks: periodic checks that run automatically based on the default, standard, or custom policy. Security Center runs comprehensive baseline checks from 00:00 to 06:00 every two days or during the time range that you specify based on the default baseline check policy.

  • Manual checks: If you have created or modified a custom policy, you can select it on the Baseline Check page, and click Check Now to start a manual check. Manual baseline checks allow you to scan for baseline risks in real time.

To immediately run a baseline check, perform the following operations:

  1. On the Baseline Check Policy tab of the Baseline Check page, click the 三角 icon to the right of All Policies to view all existing baseline check policies. Then, select the baseline check policy that you want to use to immediately run a baseline check.

  2. Click Check Now.

  3. Move the pointer over Check Now. In the tooltip that appears, click View Progress to view the progress of the check.

Step 3: View baseline check results and handle baseline risks

After you complete a baseline check, you can view the baseline check results and handle baseline risks based on the results.

View baseline check results

Security Center displays baseline check results by baseline name and check item name. You can view the check results that are displayed by baseline name on the Baseline Check Policy tab. You can view the check results that are displayed by check item name on the Risk Details tab. You can view the following information:

  • Overall information about baseline check results

    In the upper part of the Baseline Check page, you can view the overall information about baseline risks that are detected on your assets. The baseline risks are detected by using security baselines, compliance baselines, and custom baselines.

  • Check results of a baseline check policy

    In the policy overview section of the Baseline Check Policy tab, you can click the 三角 icon to expand the drop-down list of baseline check policies. Then, you can select a baseline check policy to view information about the policy, such as Checked Servers, Baselines, Weak Passwords, and Last Pass Rate.

    单击基线总览

    Parameter

    Description

    Baseline Check Policy

    The baseline check policy whose check results you want to view. You can select an existing baseline check policy from the drop-down list.

    Checked Servers

    The number of servers on which the baseline check runs based on the selected baseline check policy. The servers are specified in the baseline check policy.

    Weak Passwords

    The number of weak password risks that are detected based on the selected baseline check policy. You can click the number below Weak Passwords to view the list of weak password risks that are detected.

    Important

    Weak password risks are of the High severity. We recommend that you fix the high-risk items on which weak passwords are detected at the earliest opportunity.

    Last Pass Rate

    The pass rate of the check items that are specified in the selected baseline check policy in the last baseline check. The following list describes the meaning of the color for the number below Last Pass Rate:

    • Green: high pass rate of check items.

    • Red: low pass rate of check items. We recommend that you go to the details of each check item and fix the detected baseline risks.

  • View the list of baseline check results and details of baseline risks that are displayed by baseline name

    On the Baseline Check Policy tab, you can view detailed baseline check results in the list of baseline check results.

    1. In the list of baseline check results, click the name of a baseline to go to the baseline details panel.

      In the baseline details panel, you can view the information such as affected assets, Passed Items in the baseline, and At-Risk Items in the baseline.

    2. In the baseline details panel, find an affected asset and click View in the Actions column. The At-Risk Items panel appears.

      In the At-Risk Items panel, you can view all baseline risks that are detected on the asset.

    3. In the At-Risk Items panel, find a risk item whose details you want to view and click Details in the Actions column. In the message that appears, you can view information about the risk item, including Description, Result, and Suggestion.

    4. Optional. In the upper-right corner above the list of baseline check results, click the 导出 icon. In the Select Baseline Export Task dialog box, select an export method and click Export to export the list of baseline check results.

      You can select one of the following export methods to export the result for the weak password baseline check:

      • Weak password plaintext export: exports plaintext.

      • Weak password desensitization export: exports the check result after the weak passwords in the result are masked.

  • View the list of baseline check results and details of baseline risks that are displayed by check item name

    On the Risk Details tab, you can view the baseline check results that are displayed by check item name.

    In the upper part of the list of baseline check results, you can specify search conditions, such as level, status, or type, to search for a check item. You can also enter the name of a check item in the search box to search for the check item.

    Find the required check item and click Details in the Actions column. In the details panel, you can view information about the check item, including Description and Suggestions. You can also view the list of affected assets.

Handle baseline risks

  1. On the Baseline Check page, handle baseline risks that are displayed by baseline name or check item name.

    • Handle baseline risks that are displayed by baseline name

      In the list of baseline check results on the Baseline Check Policy tab, click the name of a baseline. In the panel that appears, find a server on which baseline risks are detected and click View in the Actions column. In the At-Risk Items panel, handle the baseline risks.

    • Handle baseline risks that are displayed by check item name

      In the list of baseline check results on the Risk Details tab, find a check item based on which baseline risks are detected and click Details in the Actions column. In the details panel, handle the baseline risks.

    You can select Repair or Whitelist to handle baseline risks.

    • Repair

      Security Center allows you to fix only the baseline risks that are detected on a Linux server based on the Alibaba Cloud standards or the MLPS standards. If a baseline risk is detected on a Linux server based on the Alibaba Cloud standards or the MLPS standards, you can fix the baseline risk in the Security Center console. Otherwise, you must log on to the server to modify the configurations of the server on which the baseline risk is detected. After you modify the configurations, you can verify whether the baseline risk is fixed.

      • Fix baseline risks in the Security Center console

        1. In the At-Risk Items panel, find the check item based on which baseline risks are detected and click Repair in the Actions column.

        2. In the Fix Risks for Assets dialog box, configure the parameters.

          The following table describes the parameters.

          Parameter

          Description

          Fixing Method

          The method that you use to fix a baseline risk.

          Note

          The method varies based on the type of the baseline risk. You can configure this parameter based on your business requirements.

          Batch Handle

          Specifies whether to handle the same baseline risk for multiple assets at a time.

          System Protection

          Specifies whether to create snapshots for your system data.

          Warning

          Security Center may fail to fix baseline risks. If this issue occurs, your business may be affected. Before you fix baseline risks, we recommend that you create a backup for your system. If Security Center fails to fix the risks, you can use the backup to roll back your system to a snapshot before you fix the risks. This helps ensure that your workload runs as expected.

          • Automatically Create Snapshot and Fix Risk: If you select this option, you must configure the Snapshot Name and Snapshot Retention Period parameters. Then, click Fix Now.

            Note

            You are charged for the snapshots that are created. You can click Billing description to view the billing methods of the snapshot service.

          • Fix Vulnerability Without Creating Snapshot: If you do not want to create snapshots before you fix the baseline risks, you can click Fix Now.

        3. Click Fix Now.

      • Log on to a server to fix baseline risks

        In the At-Risk Items panel, find a risk item and click Details in the Actions column. In the message that appears, you can view the information about the risk item provided by Security Center. The information includes Description, Result, and Suggestion. Then, log on to the server on which the baseline risk is detected and modify the configurations that cause the baseline risk based on the information provided in Suggestion.

    • Whitelist

      If you trust a check item whose status is Failed for a server, you can add the check item to the whitelist. Then, the alerts that are generated for the check item on the server are ignored.

      Note

      After you add a check item of a server to the whitelist, the corresponding baseline risks that are detected on the server are ignored.

      • Add check items that are displayed by baseline name to the whitelist

        In the At-Risk Items panel, find the check item that you want to add to the whitelist and click Whitelist in the Actions column. In the Reason for Ignore dialog box, specify the reason for adding the check item to the whitelist and click OK.

        To add multiple check items to the whitelist at a time, select the check items that are in the Failed state and click Whitelist in the lower-left corner.

      • Add a check item that is displayed by check item name to the whitelist

        In the list of baseline check results, find the check item that you want to add to the whitelist and click Whitelist in the Actions column. In the Reason for Ignore dialog box, specify the reason for adding the check item to the whitelist and click OK.

        If you want to remove specific servers from the affected servers of a check item, click Details in the Actions column of the check item. In the details panel, select the servers that you want to remove and click Whitelist.

  2. Check whether a baseline risk is fixed.

    In the At-Risk Items panel, find a check item and click Verify in the Actions column. Then, check whether the baseline risk on servers is fixed. If the baseline risk is fixed, the number of At-Risk Items decreases and the status of the check item changes to Passed.

    Note

    If you do not perform manual verification, Security Center automatically checks whether the baseline risk is fixed based on the detection interval that is specified in your baseline check policy.

Rollback

If you want to fix baseline risks for an ECS instance, we recommend that you create a snapshot for the ECS instance before the fix. This way, you can roll back the instance if a service interruption error occurs because the baseline risks failed to be fixed. To perform the rollback, you can find the instance in a baseline details panel and click Rollback in the Actions column. In the Rollback dialog box, select the snapshot that you created before you perform the fix and click OK. The configurations of the instance are rolled back based on the snapshot.

Remove

If you want a check item in the whitelist to trigger alerts, you can remove the check item from the whitelist or add the removed servers to the affected servers of the baseline check policy to which the check item belong. After you remove a check item from the whitelist or add the removed servers to the affected servers of the baseline check policy to which the check item belong, the check item triggers alerts.

To remove a check item from the whitelist, find the check item in the At-Risk Items panel and click Remove in the Actions column. In the Cancel ignore operation dialog box, click OK. You can also remove multiple check items from the whitelist at a time. To remove multiple check items, select the check items and click Remove below the check item list.

Baselines

Baseline categories

Baseline category

Check standard and description

Involved operating system and service

Fixing description

Weak password

Checks whether weak passwords are configured for your assets by using a method other than brute-force logons. The method does not lock your account, which prevents your workloads from being interrupted.

Note

Security Center detects weak passwords by comparing the hash value that is read by the system with the hash value that is calculated based on the weak password dictionary. If you do not want to enable the system to read the hash value, you can remove the baseline that detects weak passwords from your baseline check policy.

  • Operating systems

    Linux and Windows

  • Databases

    MySQL, Redis, SQL Server, MongoDB, PostgreSQL, and Oracle

  • Applications

    Tomcat, FTP, rsync, SVN, ActiveMQ, RabbitMQ, OpenVPN, JBoss 6, JBoss 7, Jenkins, OpenLDAP, VNC Server, and pptpd

You must fix the baseline risks at the earliest opportunity. This way, you can prevent weak passwords from being exposed on the Internet. If weak passwords are exposed on the Internet, your assets can be attacked, and data breaches can occur.

Unauthorized access

Baselines that are used to check for unauthorized access. Check whether unauthorized access risks exist in your services. This prevents intrusions and data breaches.

Memcached, Elasticsearch, Docker, CouchDB, ZooKeeper, Jenkins, Hadoop, Tomcat, Redis, JBoss, ActiveMQ, RabbitMQ, OpenLDAP, rsync, MongoDB, and PostgreSQL

Best security practices

Alibaba Cloud standards.

Check whether risks exist in the configurations based on the Alibaba Cloud standards of best security practices. The configurations involve account permissions, identity authentication, password policies, access control, security audit, and intrusion prevention.

  • Operating systems

    • CentOS 6, CentOS 7, and CentOS 8

    • Red Hat 6, Red Hat 7, and Red Hat 8

    • Ubuntu 14, Ubuntu 16, Ubuntu 18, and Ubuntu 20

    • Debian 8, Debian 9, and Debian 10

    • Alibaba Cloud Linux 2 and Alibaba Cloud Linux 3

    • Windows Server 2008 R2, Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019

    • Rocky Linux 8

    • Alma Linux 8

    • SUSE Linux 15

    • Anolis 8

    • Kylin

    • UOS

  • Databases

    MySQL, Redis, MongoDB, SQL Server, Oracle Database 11g, CouchDB, InfluxDB, and PostgreSQL

  • Applications

    Tomcat, IIS, NGINX, Apache, Windows SMB, RabbitMQ, ActiveMQ, Elasticsearch, Jenkins, Hadoop, JBoss 6, JBoss 7, and Tomcat

We recommend that you fix the detected risks. Security Center can reinforce the security of your assets based on the standards of best security practices. This prevents attacks and malicious modifications to the configurations of your assets.

Container security

Alibaba Cloud standards.

Check whether the Kubernetes master nodes contain risks based on the Alibaba Cloud standards of best practices for container security.

  • Docker

  • Kubernetes clusters

Classified protection compliance

The standards of MLPS level 2 and MLPS level 3.

Check configurations based on the baselines for MLPS compliance for servers. The baseline checks meet the standards and requirements for computing environment that are proposed by authoritative assessment organizations.

  • Operating systems

    • CentOS 6, CentOS 7, and CentOS 8

    • Red Hat 6, Red Hat 7, and Red Hat 8

    • Ubuntu 14, Ubuntu 16, Ubuntu 18, and Ubuntu 20

    • SUSE 10, SUSE 11, SUSE 12, and SUSE 15

    • Debian 8, Debian 9, and Debian 10

    • Alibaba Cloud Linux 2 and Alibaba Cloud Linux 3

    • Windows Server 2008 R2, Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019

    • Anolis 8

    • Kylin

    • UOS

  • Databases

    Redis, MongoDB, PostgreSQL, Oracle, MySQL, SQL Server, and Informix

  • Applications

    WebSphere Application Server, JBoss 6, JBoss 7, NGINX, WebLogic, Bind, and IIS

We recommend that you fix the detected risks based on the compliance requirements for your business.

CIS compliance

Checks configurations based on the baselines for CIS compliance for operating systems.

  • CentOS 6, CentOS 7, and CentOS 8

  • Ubuntu 14, Ubuntu 16, Ubuntu 18, and Ubuntu 20

  • Debian 8, Debian 9, and Debian 10

  • Aliyun Linux 2

  • Windows Server 2008 R2, Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019

We recommend that you fix the detected risks based on the compliance requirements for your business.

Custom baseline

Checks configurations based on custom baselines for CentOS Linux 7. You can specify or edit custom baselines in a custom baseline check policy based on your business requirements.

CentOS 7, CentOS 6, Windows Server 2008 R2, Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019

We recommend that you fix the risks that are detected based on the custom baselines that you specify. Security Center can reinforce the security of your assets based on the standards of best security practices. This prevents attacks and malicious modifications to the configurations of your assets.

Baseline checks

The following table describes the default baseline checks that are provided by Security Center.

Baseline category

Baseline name

Baseline description

Number of check items

Weak password

Zabbix login weak password baseline

Checks weak passwords that are used to log on to Zabbix.

1

Samba login weak password detection

Checks weak passwords for users of Samba databases.

1

ElasticSearch login weak password baseline

Checks weak passwords that are used to log on to Elasticsearch servers.

1

Activemq login weak password baseline

Checks weak passwords that are used to log on to ActiveMQ.

1

RabbitMQ login weak password baseline

Checks weak passwords that are used to log on to RabbitMQ.

1

OpenVPN weak password detection in Linux system

Checks common weak passwords of OpenVPN accounts in Linux operating systems.

1

Jboss6/7 login weak password baseline

Checks weak passwords that are used to log on to JBoss 6 and JBoss 7.

1

Jenkins login weak password baseline

Checks weak passwords that are used to log on to Jenkins. This baseline check provides more samples to detect weak passwords than its earlier version.

1

Proftpd login weak password baseline

Checks weak passwords that are used to log on to ProFTPD. This baseline check provides more samples to detect weak passwords than its earlier version.

1

Influxdb login weak password baseline

Checks weak passwords that are used to log on to InfluxDB databases. This baseline check provides more samples to detect weak passwords than its earlier version.

1

Weblogic 12c login weak password detection

Checks weak password for users of WebLogic Server 12c.

1

Openldap login weak password baseline

Checks weak passwords that are used to log on to OpenLDAP.

1

VncServer weak password check

Checks common weak passwords that are used to log on to the VNC service.

1

pptpd login weak password baseline

Checks weak passwords that are used to log on to PPTP servers.

1

Oracle login weak password detection

Checks weak passwords for users of Oracle databases.

1

svn login weak password baseline

Checks weak passwords that are used to log on to Subversion (SVN) servers.

1

rsync login weak password baseline

Checks weak passwords that are used to log on to rsync servers.

1

MongoDB Weak Password baseline

Checks weak passwords for the MongoDB service. MongoDB 3.x and 4.x support this baseline check.

1

PostgreSQL DB login weak password baseline

Checks weak passwords that are used to log on to PostgreSQL databases.

1

SQL Server DB login weak password baseline

Checks weak passwords that are used to log on to Microsoft SQL Server databases.

1

Mysql DB login weak password baseline(Windows version)

Checks weak passwords that are used to log on to MySQL databases. This baseline check is suitable only for Windows operating systems.

1

Apache Tomcat Console weak password baseline

Checks weak passwords that are used to log on to the Apache Tomcat console. Apache Tomcat 7, 8, and 9 support this baseline check.

1

Ftp login weak password baseline

Checks weak passwords that are used to log on to FTP servers and anonymous logons to FTP servers.

1

Redis DB login weak password baseline

Checks weak passwords that are used to log on to Redis databases.

1

Windows system login weak password baseline

Checks weak passwords that are used to log on to Windows Server operating systems. This baseline check provides more samples to detect weak passwords than its earlier version.

1

Linux system login weak password baseline

Checks weak passwords that are used to log on to Linux operating systems. This baseline check provides more samples to detect weak passwords than its earlier version.

1

Mysql DB login weak password baseline

Checks weak passwords that are used to log on to MySQL databases. This baseline check provides more samples to detect weak passwords than its earlier version.

1

MongoDB Weak Password baseline(support version 2. X)

Checks weak passwords for users of the MongoDB service.

1

Unauthorized access

Influxdb unauthorized access high exploit vulnerability risk

Checks InfluxDB vulnerabilities that can be exploited by attackers to implement unauthorized access.

1

Redis unauthorized access high exploit vulnerability risk

Checks Redis vulnerabilities that can be exploited by attackers to implement unauthorized access.

1

Jboss unauthorized access high exploit vulnerability risk

Checks JBoss vulnerabilities that can be exploited by attackers to implement unauthorized access.

1

ActiveMQ unauthorized access high exploit vulnerability risk

Checks ActiveMQ vulnerabilities that can be exploited by attackers to implement unauthorized access.

1

RabbitMQ unauthorized access high exploit vulnerability risk

Checks RabbitMQ vulnerabilities that can be exploited by attackers to implement unauthorized access.

1

OpenLDAP unauthorized access vulnerability baseline (Linux)

Checks OpenLDAP vulnerabilities that can be exploited by attackers to implement unauthorized access.

1

Kubernetes-Apiserver unauthorized access to high-risk risks

Checks Kubernetes API server vulnerabilities that can be exploited by attackers to implement unauthorized access.

1

LDAP unauthorized access high exploit vulnerability risk (Windows)

Checks LDAP vulnerabilities that can be exploited by attackers to implement unauthorized access.

1

rsync unauthorized access high exploit vulnerability risk

Checks rsync vulnerabilities that can be exploited by attackers to implement unauthorized access.

1

Mongodb unauthorized access high exploit vulnerability risk

Checks MongoDB vulnerabilities that can be exploited by attackers to implement unauthorized access.

1

Postgresql unauthorized access to high-risk risk baseline

Checks PostgreSQL vulnerabilities that can be exploited by attackers to implement unauthorized access.

1

Jenkins unauthorized access high exploit vulnerability risk

Checks Jenkins vulnerabilities that can be exploited by attackers to implement unauthorized access.

1

Hadoop unauthorized access high exploit vulnerability risk

Checks Apache Hadoop vulnerabilities that can be exploited by attackers to implement unauthorized access.

1

CouchDB unauthorized access high exploit risk

Checks Apache CouchDB vulnerabilities that can be exploited by attackers to implement unauthorized access.

1

ZooKeeper unauthorized access high exploit vulnerability risk

Checks Apache ZooKeeper vulnerabilities that can be exploited by attackers to implement unauthorized access.

1

Docker unauthorized access high vulnerability risk

Checks Docker vulnerabilities that can be exploited by attackers to implement unauthorized access.

1

Memcached unauthorized access high exploit vulnerability risk

Checks memcached vulnerabilities that can be exploited by attackers to implement unauthorized access.

1

Elasticsearch unauthorized access high exploit vulnerability risk

Checks Elasticsearch vulnerabilities that can be exploited by attackers to implement unauthorized access.

1

Container security

Unauthorized access - Risk of unauthorized access to the Redis container service

Checks whether the Redis service can be accessed without permissions. The system attempts to connect to the Redis service or reads the configuration file of the service during container runtime to perform the check.

1

Unauthorized access - Risk of unauthorized access to the MongoDB container service

Checks whether the MongoDB service can be accessed without permissions. The system attempts to connect to the MongoDB service or reads the configuration file of the service during container runtime to perform the check.

1

Unauthorized access - Risk of unauthorized access to the JBoss container service

Checks whether the JBoss service can be accessed without permissions. The system attempts to connect to the JBoss service or reads the configuration file of the service during container runtime to perform the check.

1

Unauthorized access - Risk of unauthorized access to the ActiveMQ container service

Checks whether the ActiveMQ service can be accessed without permissions. The system attempts to connect to the ActiveMQ service or reads the configuration file of the service during container runtime to perform the check.

1

Unauthorized access - Risk of unauthorized access to the Rsync container service

Checks whether the rsync service can be accessed without permissions. The system attempts to connect to the rsync service or reads the configuration file of the service during container runtime to perform the check.

1

Unauthorized access - Risk of unauthorized access to the Memcached container service

Checks whether the Memcached service can be accessed without permissions. The system attempts to connect to the Memcached service or reads the configuration file of the service during container runtime to perform the check.

1

Unauthorized access - Risk of unauthorized access to the RabbitMQ container service

Checks whether the RabbitMQ service can be accessed without permissions. The system attempts to connect to the RabbitMQ service or reads the configuration file of the service during container runtime to perform the check.

1

Unauthorized access - Risk of unauthorized access to the ES container service

Checks whether the Elasticsearch service can be accessed without permissions. The system attempts to connect to the Elasticsearch service or reads the configuration file of the service during container runtime to perform the check.

1

Unauthorized access - Risk of unauthorized access to the Jenkins container service

Checks whether the Jenkins service can be accessed without permissions. The system attempts to connect to the Jenkins service or reads the configuration file of the service during container runtime to perform the check.

1

Alibaba Cloud Standard-Kubernetes-Node security baseline check

Checks whether the configurations of Kubernetes Node are compliant with the Alibaba Cloud standards of best practices.

7

Alibaba Cloud Standard-Kubernetes-Master security baseline check

Checks whether the configurations of Kubernetes Master are compliant with the Alibaba Cloud standards of best practices.

18

Alibaba Cloud Standard - Docker Security Baseline Check

Checks whether the configurations of Docker are compliant with the Alibaba Cloud standards of best practices.

17

CIS standard-Kubernetes(ACK) node security inspection inspection

Checks whether the configurations of Container Service for Kubernetes (ACK) nodes are compliant with CIS standards. The baseline is suitable for enterprise users who have professional security requirements. The baseline includes a variety of check items that you can use based on your business scenarios and requirements. You can reinforce the security of your system based on the check results.

52

CIS standard-Kubernetes(ACK) Master node security inspection inspection

Checks whether the configurations of ACK master nodes are compliant with CIS standards. The baseline is suitable for enterprise users who have professional security requirements. The baseline includes a variety of check items that you can use based on your business scenarios and requirements. You can reinforce the security of your system based on the check results.

8

Weak Password - Redis container runtime weak password risk

Checks whether weak passwords are used during Redis container runtime. The system reads files such as password configuration files to obtain authentication information and attempts to connect to the Redis service from an on-premises machine. If the service is connected, the system compares the used password against the weak password dictionary to check whether a weak password is used during Redis container runtime.

1

Weak Password - MongoDB container runtime weak password risk

Checks whether weak passwords are used during MongoDB container runtime. The system reads files such as password configuration files to obtain authentication information and attempts to connect to the MongoDB service from an on-premises machine. If the service is connected, the system compares the used password against the weak password dictionary to check whether a weak password is used during MongoDB container runtime.

1

Weak Password - Jboss container runtime weak password risk

Checks whether weak passwords are used during JBoss container runtime. The system reads files such as password configuration files to obtain authentication information and attempts to connect to the JBoss service from an on-premises machine. If the service is connected, the system compares the used password against the weak password dictionary to check whether a weak password is used during JBoss container runtime.

1

Weak Password - ActiveMQ container runtime weak password risk

Checks whether weak passwords are used during ActiveMQ container runtime. The system reads files such as password configuration files to obtain authentication information and attempts to connect to the ActiveMQ service from an on-premises machine. If the service is connected, the system compares the used password against the weak password dictionary to check whether a weak password is used during ActiveMQ container runtime.

1

Weak Password - Rsync container runtime weak password risk

Checks whether weak passwords are used during rsync container runtime. The system reads files such as password configuration files to obtain authentication information and attempts to connect to the rsync service from an on-premises machine. If the service is connected, the system compares the used password against the weak password dictionary to check whether a weak password is used during rsync container runtime.

1

Weak Password - ProFTP container runtime weak password risk

Checks whether weak passwords are used during ProFTPD container runtime. The system reads files such as password configuration files to obtain authentication information and attempts to connect to the ProFTPD service from an on-premises machine. If the service is connected, the system compares the used password against the weak password dictionary to check whether a weak password is used during ProFTPD container runtime.

1

Weak Password - SVN container runtime weak password risk

Checks whether weak passwords are used during SVN container runtime. The system reads files such as password configuration files to obtain authentication information and attempts to connect to the SVN service from an on-premises machine. If the service is connected, the system compares the used password against the weak password dictionary to check whether a weak password is used during SVN container runtime.

1

Weak Password - ES container runtime weak password risk

Checks whether weak passwords are used during Elasticsearch container runtime. The system reads files such as password configuration files to obtain authentication information and attempts to connect to the Elasticsearch service from an on-premises machine. If the service is connected, the system compares the used password against the weak password dictionary to check whether a weak password is used during Elasticsearch container runtime.

1

Weak Password - Mysql container runtime weak password risk

Checks whether weak passwords are used during MySQL container runtime. The system reads files such as password configuration files to obtain authentication information and attempts to connect to the MySQL service from an on-premises machine. If the service is connected, the system compares the used password against the weak password dictionary to check whether a weak password is used during MySQL container runtime.

1

Weak Password - Tomcat container runtime weak password risk

Checks whether weak passwords are used during Tomcat container runtime. The system reads files such as password configuration files to obtain authentication information and attempts to connect to the Tomcat service from an on-premises machine. If the service is connected, the system compares the used password against the weak password dictionary to check whether a weak password is used during Tomcat container runtime.

1

Weak Password - Jenkins container runtime weak password risk

Checks whether weak passwords are used during Jenkins container runtime. The system reads files such as password configuration files to obtain authentication information and attempts to connect to the Jenkins service from an on-premises machine. If the service is connected, the system compares the used password against the weak password dictionary to check whether a weak password is used during Jenkins container runtime.

1

CIS standard-Kubernetes(K8s) Pod node security baseline check

Checks whether the configurations of Kubernetes pod nodes are compliant with CIS standards. The baseline is suitable for enterprise users who have professional security requirements. The baseline includes a variety of check items that you can use based on your business scenarios and requirements. You can reinforce the security of your system based on the check results.

9

CIS standard-Kubernetes(ACK) Pod node security baseline check

Checks whether the configurations of ACK pod nodes are compliant with CIS standards. The baseline is suitable for enterprise users who have professional security requirements. The baseline includes a variety of check items that you can use based on your business scenarios and requirements. You can reinforce the security of your system based on the check results.

4

CIS standard - Kubernetes(K8s) Master node security baseline check

Checks whether the configurations of Kubernetes master nodes are compliant with CIS standards. The baseline is suitable for enterprise users who have professional security requirements. The baseline includes a variety of check items that you can use based on your business scenarios and requirements. You can reinforce the security of your system based on the check results.

64

CIS standard - Kubernetes(K8s) Worker node security baseline check

Checks whether the configurations of Kubernetes worker nodes are compliant with CIS standards. The baseline is suitable for enterprise users who have professional security requirements. The baseline includes a variety of check items that you can use based on your business scenarios and requirements. You can reinforce the security of your system based on the check results.

21

Best security practice

Alibaba Cloud Linux/Aliyun Linux 2 Benchmark

Checks whether the configurations of Alibaba Cloud Linux 2 are compliant with the Alibaba Cloud standards of best practices.

15

Alibaba Cloud Standard - CentOS Linux 6 Security Baseline Check

Checks whether the configurations of CentOS Linux 6 are compliant with the Alibaba Cloud standards of best practices.

15

Alibaba Cloud Standard - CentOS Linux 7/8 Security Baseline Check

Checks whether the configurations of CentOS Linux 7 or CentOS Linux 8 are compliant with the Alibaba Cloud standards of best practices.

15

Alibaba Cloud Standard - Debian Linux 8/9/10 Security Baseline

Checks whether the configurations of Debian Linux 8 are compliant with the Alibaba Cloud standards of best practices.

15

Alibaba Cloud Standard - Red Hat Enterprise Linux 6 Security Baseline Check

Checks whether the configurations of Red Hat Enterprise Linux (RHEL) 6 are compliant with the Alibaba Cloud standards of best practices.

15

Alibaba Cloud Standard - Red Hat Enterprise Linux 7/8 Security Baseline Check

Checks whether the configurations of RHEL 7 or RHEL 8 are compliant with the Alibaba Cloud standards of best practices.

15

Alibaba Cloud Standard - Ubuntu Security Baseline

Checks whether the configurations of Ubuntu are compliant with the Alibaba Cloud standards of best practices.

15

Alibaba Cloud Standard - Windows Server 2008 R2 Security Baseline Check

Checks whether the configurations of Windows Server 2008 R2 are compliant with the Alibaba Cloud standards of best practices.

12

Alibaba Cloud Standard - Windows 2012 R2 Security Baseline

Checks whether the configurations of Windows Server 2012 R2 are compliant with the Alibaba Cloud standards of best practices.

12

Alibaba Cloud Standard - Windows 2016/2019 Security Baseline

Checks whether the configurations of Windows Server 2016 and Windows Server 2019 are compliant with the Alibaba Cloud standards of best practices.

12

Alibaba Cloud Standard-SQL Server Security Baseline Check

Checks whether the configurations of SQL Server 2012 are compliant with the Alibaba Cloud standards of best practices.

17

Alibaba Cloud Standard - Memcached Security Baseline Check

Checks whether the configurations of Memcached are compliant with the Alibaba Cloud standards of best practices.

5

Alibaba Cloud Standard - MongoDB version 3.x Security Baseline Check

Checks whether the configurations of MongoDB are compliant with the Alibaba Cloud standards of best practices.

9

Alibaba Cloud Standard - Mysql Security Baseline Check

Checks whether the configurations of MySQL are compliant with the Alibaba Cloud standards of best practices. MySQL 5.1 to MySQL 5.7 support this baseline check.

12

Alibaba Cloud Standard - Oracle 11g Security Baseline Check

Checks whether the configurations of Oracle Database 11g are compliant with the Alibaba Cloud standards of best practices.

14

Alibaba Cloud Standard-PostgreSql Security Initialization Check

Checks whether the configurations of PostgreSQL are compliant with the Alibaba Cloud standards of best practices.

11

Alibaba Cloud Standard - Redis Security Baseline Check

Checks whether the configurations of Redis are compliant with the Alibaba Cloud standards of best practices.

7

Alibaba Cloud Standard - Anolis 8 Security Baseline Check

Checks whether the configurations of Anolis 8 are compliant with the Alibaba Cloud standards of best practices.

15

Alibaba Cloud Standard - Apache Security Baseline Check

Checks whether the configurations of middleware are compliant with CIS and Alibaba Cloud standards.

19

Alibaba cloud standard - CouchDB security baseline check

Checks whether the configurations of Apache CouchDB are compliant with Alibaba Cloud standards.

5

Alibaba Cloud Standard - ElasticSearch Security Baseline Check

Checks whether the configurations of Elasticsearch are compliant with the Alibaba Cloud standards of best practices.

3

Alibaba Cloud Standard - Hadoop Security Baseline Check

Checks whether the configurations of Apache Hadoop are compliant with the Alibaba Cloud standards of best practices.

3

Alibaba Cloud Standard - IIS 8 Security Baseline Check

Checks whether the configurations of Internet Information Services (IIS) 8 are compliant with the Alibaba Cloud standards of best practices.

8

Alibaba Cloud Standard - Influxdb Security Baseline Check

Checks whether the configurations of InfluxDB are compliant with the Alibaba Cloud standards of best practices.

5

Alibaba Cloud Standard -Jboss6/7 Security Baseline

Checks whether the configurations of JBoss 6 or JBoss 7 are compliant with the Alibaba Cloud standards of best practices.

11

Alibaba Cloud Standard - Kibana Security Baseline Check

Checks whether the configurations of Kibana are compliant with the Alibaba Cloud standards of best practices.

4

Alibaba Cloud Standard - Kylin Security Baseline Check

Checks whether the configurations of Kylin are compliant with Alibaba Cloud standards.

15

Alibaba Cloud Standard -Activemq Security Baseline

Checks whether the configurations of ActiveMQ are compliant with the Alibaba Cloud standards of best practices.

7

Alibaba Cloud Standard - Jenkins Security Baseline Check

Checks whether the configurations of Jenkins are compliant with the Alibaba Cloud standards of best practices.

6

Alibaba Cloud Standard - RabbitMQ Security Baseline

Checks whether the configurations of RabbitMQ are compliant with the Alibaba Cloud standards of best practices.

4

Alibaba Cloud Standard - Nginx Security Baseline Check

Checks whether the configurations of NGINX are compliant with the Alibaba Cloud standards of best practices.

13

Alibaba Cloud Standard - Windows SMB Security Baseline Check

Checks whether the configurations of Windows SMB are compliant with the Alibaba Cloud standards of best practices.

2

Alibaba Cloud Standard - SUSE Linux 15 Security Baseline Check

Checks whether the configurations of SUSE Linux 15 are compliant with the Alibaba Cloud standards of best practices.

15

Alibaba Cloud Standard - Apache Tomcat Security Baseline(on windows)

Checks whether the configurations of middleware are compliant with CIS and Alibaba Cloud standards.

8

Alibaba Cloud Standard - Uos Security Baseline Check

Checks whether the configurations of UOS are compliant with the Alibaba Cloud standards of best practices.

15

Alibaba Cloud Standard - Zabbix Security Baseline

Checks whether the configurations of Zabbix are compliant with the Alibaba Cloud standards of best practices.

6

Alibaba Cloud Standard-Apache Tomcat Security Baseline

Checks whether the configurations of middleware are compliant with CIS and Alibaba Cloud standards.

13

CIS compliance

Alibaba Cloud Linux/Aliyun Linux 2 CIS Benchmark

Checks whether the configurations are compliant with CIS standards. The baseline is suitable for enterprise users who have professional security requirements. The baseline includes a variety of check items that you can use based on your business scenarios and requirements. You can reinforce the security of your system based on the check results.

178

CIS CentOS Linux 6 LTS Benchmark

Checks whether the configurations are compliant with CIS standards. The baseline is suitable for enterprise users who have professional security requirements. The baseline includes a variety of check items that you can use based on your business scenarios and requirements. You can reinforce the security of your system based on the check results.

196

CIS CentOS Linux 7 LTS Benchmark

Checks whether the configurations are compliant with CIS standards. The baseline is suitable for enterprise users who have professional security requirements. The baseline includes a variety of check items that you can use based on your business scenarios and requirements. You can reinforce the security of your system based on the check results.

197

CIS CentOS Linux 8 LTS Benchmark

Checks whether the configurations are compliant with CIS standards. The baseline is suitable for enterprise users who have professional security requirements. The baseline includes a variety of check items that you can use based on your business scenarios and requirements. You can reinforce the security of your system based on the check results.

164

CIS Debian Linux 8 Benchmark

Checks whether the configurations are compliant with CIS standards. The baseline is suitable for enterprise users who have professional security requirements. The baseline includes a variety of check items that you can use based on your business scenarios and requirements. You can reinforce the security of your system based on the check results.

155

CIS Ubuntu Linux 14 LTS Benchmark

Checks whether the configurations are compliant with CIS standards. The baseline is suitable for enterprise users who have professional security requirements. The baseline includes a variety of check items that you can use based on your business scenarios and requirements. You can reinforce the security of your system based on the check results.

177

CIS Ubuntu Linux 16/18/20 LTS Benchmark

Checks whether the configurations are compliant with CIS standards. The baseline is suitable for enterprise users who have professional security requirements. The baseline includes a variety of check items that you can use based on your business scenarios and requirements. You can reinforce the security of your system based on the check results.

176

CIS Microsoft Windows Server 2008 R2 Benchmark

Checks whether the configurations are compliant with CIS standards. The baseline is suitable for enterprise users who have professional security requirements. The baseline includes a variety of check items that you can use based on your business scenarios and requirements. You can reinforce the security of your system based on the check results.

274

CIS Microsoft Windows Server 2012 R2 Benchmark

Checks whether the configurations are compliant with CIS standards. The baseline is suitable for enterprise users who have professional security requirements. The baseline includes a variety of check items that you can use based on your business scenarios and requirements. You can reinforce the security of your system based on the check results.

275

CIS Microsoft Windows Server 2016/2019 R2 Benchmark

Checks whether the configurations are compliant with CIS standards. The baseline is suitable for enterprise users who have professional security requirements. The baseline includes a variety of check items that you can use based on your business scenarios and requirements. You can reinforce the security of your system based on the check results.

275

Classified protection compliance

SUSE Linux 15 Baseline for China classified protection of cybersecurity-Level III

Checks whether the configurations of SUSE Linux Enterprise Server 15 are compliant with classified protection requirements. The check items included in the baseline are benchmarked against the testing standards and requirements on secure computing environments proposed by authoritative assessment organizations. During benchmarking, the MLPS 2.0 standards (level 3) are used.

18

Alibaba Cloud Linux 3 Baseline for China classified protection of cybersecurity-Level III

Checks whether the configurations of Alibaba Cloud Linux 3 are compliant with classified protection requirements. The check items included in the baseline are benchmarked against the testing standards and requirements on secure computing environments proposed by authoritative assessment organizations. During benchmarking, the MLPS 2.0 standards (level 3) are used.

19

Alibaba Cloud Linux/Aliyun Linux 2 Baseline for China classified protection of cybersecurity-Level III

Checks whether the configurations of Alibaba Cloud Linux 2 are compliant with classified protection requirements. The check items included in the baseline are benchmarked against the testing standards and requirements on secure computing environments proposed by authoritative assessment organizations. During benchmarking, the MLPS 2.0 standards (level 3) are used.

19

China's Level 3 Protection of Cybersecurity - Bind Compliance Baseline Check

Checks whether the configurations of Bind are compliant with classified protection requirements. The check items included in the baseline are benchmarked against the testing standards and requirements on secure computing environments proposed by authoritative assessment organizations. During benchmarking, the MLPS 2.0 standards (level 3) are used.

4

CentOS Linux 6 Baseline for China classified protection of cybersecurity-Level III

Checks whether the configurations of CentOS Linux 6 are compliant with classified protection requirements. The check items included in the baseline are benchmarked against the testing standards and requirements on secure computing environments proposed by authoritative assessment organizations. During benchmarking, the MLPS 2.0 standards (level 3) are used.

19

CentOS Linux 7 Baseline for China classified protection of cybersecurity-Level III

Checks whether the configurations of CentOS Linux 7 are compliant with classified protection requirements. The check items included in the baseline are benchmarked against the testing standards and requirements on secure computing environments proposed by authoritative assessment organizations. During benchmarking, the MLPS 2.0 standards (level 3) are used.

19

CentOS Linux 8 Baseline for China classified protection of cybersecurity - Level III

Checks whether the configurations of CentOS Linux 8 are compliant with classified protection requirements. The check items included in the baseline are benchmarked against the testing standards and requirements on secure computing environments proposed by authoritative assessment organizations. During benchmarking, the MLPS 2.0 standards (level 3) are used.

19

IIS Baseline for China classified protection of cybersecurity-Level III

Checks whether the configurations of Oracle are compliant with classified protection requirements. The check items included in the baseline are benchmarked against the testing standards and requirements on secure computing environments proposed by authoritative assessment organizations. During benchmarking, the MLPS 2.0 standards (level 3) are used.

5

China's Level 3 Protection of Cybersecurity - Informix Compliance Baseline Check

Checks whether the configurations of Informix are compliant with classified protection requirements. The check items included in the baseline are benchmarked against the testing standards and requirements on secure computing environments proposed by authoritative assessment organizations. During benchmarking, the MLPS 2.0 standards (level 3) are used.

6

China's Level 3 Protection of Cybersecurity - Jboss6/7 Compliance Baseline Check

Checks whether the configurations of JBoss 6 or JBoss 7 are compliant with classified protection requirements. The check items included in the baseline are benchmarked against the testing standards and requirements on secure computing environments proposed by authoritative assessment organizations. During benchmarking, the MLPS 2.0 standards (level 3) are used.

5

MongoDB Baseline for China classified protection of cybersecurity-Level III

Checks whether the configurations of MongoDB are compliant with classified protection requirements. The check items included in the baseline are benchmarked against the testing standards and requirements on secure computing environments proposed by authoritative assessment organizations. During benchmarking, the MLPS 2.0 standards (level 3) are used.

6

China's Level 3 Protection of Cybersecurity -SQL Server Compliance Baseline Check

Checks whether the configurations of SQL Server are compliant with classified protection requirements. The check items included in the baseline are benchmarked against the testing standards and requirements on secure computing environments proposed by authoritative assessment organizations. During benchmarking, the MLPS 2.0 standards (level 3) are used.

4

Equal Guarantee Level 3-MySql Compliance Baseline Check

Checks whether the configurations of MySQL are compliant with classified protection requirements. The check items included in the baseline are benchmarked against the testing standards and requirements on secure computing environments proposed by authoritative assessment organizations. During benchmarking, the MLPS 2.0 standards (level 3) are used.

5

Equal Guarantee Level 3-Nginx Compliance Baseline Check

Checks whether the configurations of NGINX are compliant with classified protection requirements. The check items included in the baseline are benchmarked against the testing standards and requirements on secure computing environments proposed by authoritative assessment organizations. During benchmarking, the MLPS 2.0 standards (level 3) are used.

3

China's Level 3 Protection of Cybersecurity - Oracle Compliance Baseline Check

Checks whether the configurations of Oracle are compliant with classified protection requirements. The check items included in the baseline are benchmarked against the testing standards and requirements on secure computing environments proposed by authoritative assessment organizations. During benchmarking, the MLPS 2.0 standards (level 3) are used.

12

Level 3-PostgreSql compliance baseline check

Checks whether the configurations of PostgreSQL are compliant with classified protection requirements. The check items included in the baseline are benchmarked against the testing standards and requirements on secure computing environments proposed by authoritative assessment organizations. During benchmarking, the MLPS 2.0 standards (level 3) are used.

4

China's Level 3 Protection of Cybersecurity - Red Hat Enterprise Linux 6 Compliance Baseline Check

Checks whether the configurations of RHEL 6 are compliant with classified protection requirements. The check items included in the baseline are benchmarked against the testing standards and requirements on secure computing environments proposed by authoritative assessment organizations. During benchmarking, the MLPS 2.0 standards (level 3) are used.

19

China's Level 3 Protection of Cybersecurity - Red Hat Enterprise Linux 7 Compliance Baseline Check

Checks whether the configurations of RHEL 7 are compliant with classified protection requirements. The check items included in the baseline are benchmarked against the testing standards and requirements on secure computing environments proposed by authoritative assessment organizations. During benchmarking, the MLPS 2.0 standards (level 3) are used.

19

Redis Baseline for China classified protection of cybersecurity-Level III

Checks whether the configurations of Redis are compliant with classified protection requirements. The check items included in the baseline are benchmarked against the testing standards and requirements on secure computing environments proposed by authoritative assessment organizations. During benchmarking, the MLPS 2.0 standards (level 3) are used.

4

SUSE Linux 10 Baseline for China classified protection of cybersecurity-Level III

Checks whether the configurations of SUSE Linux Enterprise Server 10 are compliant with classified protection requirements. The check items included in the baseline are benchmarked against the testing standards and requirements on secure computing environments proposed by authoritative assessment organizations. During benchmarking, the MLPS 2.0 standards (level 3) are used.

19

SUSE Linux 12 Baseline for China classified protection of cybersecurity-Level III

Checks whether the configurations of SUSE Linux Enterprise Server 12 are compliant with classified protection requirements. The check items included in the baseline are benchmarked against the testing standards and requirements on secure computing environments proposed by authoritative assessment organizations. During benchmarking, the MLPS 2.0 standards (level 3) are used.

19

SUSE Linux 11 Baseline for China classified protection of cybersecurity-Level III

Checks whether the configurations of SUSE Linux Enterprise Server 11 are compliant with classified protection requirements. The check items included in the baseline are benchmarked against the testing standards and requirements on secure computing environments proposed by authoritative assessment organizations. During benchmarking, the MLPS 2.0 standards (level 3) are used.

19

Ubuntu 14 Baseline for China classified protection of cybersecurity-Level III

Checks whether the configurations of Ubuntu 14 are compliant with classified protection requirements. The check items included in the baseline are benchmarked against the testing standards and requirements on secure computing environments proposed by authoritative assessment organizations. During benchmarking, the MLPS 2.0 standards (level 3) are used.

19

Waiting for Level 3-Ubuntu 16/18/20 compliance regulations inspection

Checks whether the configurations of Ubuntu 16, Ubuntu 18, or Ubuntu 20 are compliant with classified protection requirements. The check items included in the baseline are benchmarked against the testing standards and requirements on secure computing environments proposed by authoritative assessment organizations. During benchmarking, the MLPS 2.0 standards (level 3) are used.

19

China's Level 3 Protection of Cybersecurity - Websphere Application Server Compliance Baseline Check

Checks whether the configurations of WebSphere Application Server are compliant with classified protection requirements. The check items included in the baseline are benchmarked against the testing standards and requirements on secure computing environments proposed by authoritative assessment organizations. During benchmarking, the MLPS 2.0 standards (level 3) are used.

7

Weblogic Baseline for China classified protection of cybersecurity-Level III

Checks whether the configurations of WebLogic are compliant with classified protection requirements. The check items included in the baseline are benchmarked against the testing standards and requirements on secure computing environments proposed by authoritative assessment organizations. During benchmarking, the MLPS 2.0 standards (level 3) are used.

5

China's Level 3 Protection of Cybersecurity - Windows Server 2008 R2 Compliance Baseline Check

Checks whether the configurations of Windows Server 2008 R2 are compliant with classified protection requirements. The check items included in the baseline are benchmarked against the testing standards and requirements on secure computing environments proposed by authoritative assessment organizations. During benchmarking, the MLPS 2.0 standards (level 3) are used.

19

Windows 2012 R2 Baseline for China classified protection of cybersecurity-Level III

Checks whether the configurations of Windows Server 2012 R2 are compliant with classified protection requirements. The check items included in the baseline are benchmarked against the testing standards and requirements on secure computing environments proposed by authoritative assessment organizations. During benchmarking, the MLPS 2.0 standards (level 3) are used.

19

Windows 2016/2019 Baseline for China classified protection of cybersecurity-Level III

Checks whether the configurations of Windows Server 2016 R2 or Windows Server 2019 R2 are compliant with classified protection requirements. The check items included in the baseline are benchmarked against the testing standards and requirements on secure computing environments proposed by authoritative assessment organizations. During benchmarking, the MLPS 2.0 standards (level 3) are used.

19

Alibaba Cloud Linux/Aliyun Linux 2 Baseline for China classified protection of cybersecurity-Level II

Checks whether the configurations of Alibaba Cloud Linux 2 are compliant with classified protection requirements. The check items included in the baseline are benchmarked against the testing standards and requirements on secure computing environments proposed by authoritative assessment organizations. During benchmarking, the MLPS 2.0 standards (level 2) are used.

15

CentOS Linux 6 Baseline for China classified protection of cybersecurity-Level II

Checks whether the configurations of CentOS Linux 6 are compliant with classified protection requirements. The check items included in the baseline are benchmarked against the testing standards and requirements on secure computing environments proposed by authoritative assessment organizations. During benchmarking, the MLPS 2.0 standards (level 2) are used.

15

CentOS Linux 7 Baseline for China classified protection of cybersecurity-Level II

Checks whether the configurations of CentOS Linux 7 are compliant with classified protection requirements. The check items included in the baseline are benchmarked against the testing standards and requirements on secure computing environments proposed by authoritative assessment organizations. During benchmarking, the MLPS 2.0 standards (level 2) are used.

15

Debian Linux 8 Baseline for China classified protection of cybersecurity-Level II

Checks whether the configurations of Debian Linux 8 are compliant with classified protection requirements. The check items included in the baseline are benchmarked against the testing standards and requirements on secure computing environments proposed by authoritative assessment organizations. During benchmarking, the MLPS 2.0 standards (level 2) are used.

12

Redhat Linux 7 Baseline for China classified protection of cybersecurity-Level II

Checks whether the configurations of RHEL 7 are compliant with classified protection requirements. The check items included in the baseline are benchmarked against the testing standards and requirements on secure computing environments proposed by authoritative assessment organizations. During benchmarking, the MLPS 2.0 standards (level 2) are used.

15

Linux Ubuntu 16/18 Baseline for China classified protection of cybersecurity-Level II

Checks whether the configurations of Ubuntu 16 or Ubuntu 18 are compliant with classified protection requirements. The check items included in the baseline are benchmarked against the testing standards and requirements on secure computing environments proposed by authoritative assessment organizations. During benchmarking, the MLPS 2.0 standards (level 2) are used.

19

Windows 2008 R2 Baseline for China classified protection of cybersecurity-Level II

Checks whether the configurations of Windows Server 2008 R2 are compliant with classified protection requirements. The check items included in the baseline are benchmarked against the testing standards and requirements on secure computing environments proposed by authoritative assessment organizations. During benchmarking, the MLPS 2.0 standards (level 2) are used.

12

Windows 2012 R2 Baseline for China classified protection of cybersecurity-Level II

Checks whether the configurations of Windows Server 2012 R2 are compliant with classified protection requirements. The check items included in the baseline are benchmarked against the testing standards and requirements on secure computing environments proposed by authoritative assessment organizations. During benchmarking, the MLPS 2.0 standards (level 2) are used.

12

Windows 2016/2019 Baseline for China classified protection of cybersecurity-Level II

Checks whether the configurations of Windows Server 2016 R2 are compliant with classified protection requirements. The check items included in the baseline are benchmarked against the testing standards and requirements on secure computing environments proposed by authoritative assessment organizations. During benchmarking, the MLPS 2.0 standards (level 2) are used.

12

Debian Linux 8/9/10 Baseline for China classified protection of cybersecurity-Level III

Checks whether the configurations of Debian Linux 8, Debian Linux 9, or Debian Linux 10 are compliant with classified protection requirements. The check items included in the baseline are benchmarked against the testing standards and requirements on secure computing environments proposed by authoritative assessment organizations. During benchmarking, the MLPS 2.0 standards (level 3) are used.

19

China's Level 3 Protection of Cybersecurity - Kylin Compliance Baseline Check

Checks whether the configurations of Kylin are compliant with classified protection requirements. The check items included in the baseline are benchmarked against the testing standards and requirements on secure computing environments proposed by authoritative assessment organizations. During benchmarking, the MLPS 2.0 standards (level 3) are used.

19

China's Level 3 Protection of Cybersecurity - uos Compliance Baseline Check

Checks whether the configurations of UOS are compliant with classified protection requirements. The check items included in the baseline are benchmarked against the testing standards and requirements on secure computing environments proposed by authoritative assessment organizations. During benchmarking, the MLPS 2.0 standards (level 3) are used.

19

China's Level 3 Protection of Cybersecurity - Anolis 8 Compliance Baseline Check

Checks whether the configurations of Anolis 8 are compliant with classified protection requirements. The check items included in the baseline are benchmarked against the testing standards and requirements on secure computing environments proposed by authoritative assessment organizations. During benchmarking, the MLPS 2.0 standards (level 3) are used.

19

Custom baseline

Alibaba cloud standard Ubuntu custom security baseline check

Checks whether the configurations of Ubuntu 14, Ubuntu 16, Ubuntu 18, and Ubuntu 20 are compliant with the Alibaba Cloud standards of best practices.

62

Windows custom baseline

The custom template that contains all baseline check items related to Windows. You can select baseline check items and configure parameters for baseline check items by using the template. This helps best suit your business requirements.

63

CentOS Linux 6 custom baseline

The custom template that contains all baseline check items related to CentOS Linux 6. You can select baseline check items and configure parameters for baseline check items by using the template. This helps best suit your business requirements.

47

CentOS Linux 7/8 custom baseline

The custom template that contains all baseline check items related to CentOS Linux 7 and CentOS Linux 8. You can select baseline check items and configure parameters for baseline check items by using the template. This helps best suit your business requirements.

53