Security Center checks whether the baseline configurations of your servers contain
risks based on baseline check policies. This topic describes how to create, modify,
and delete baseline check policies.
Prerequisites
You have purchased the Advanced or Enterprise Edition of Security Center. Only the
Advanced and Enterprise Editions support the baseline check feature.
Note Before you use the baseline check feature, upgrade the Basic or Basic Anti-Virus Edition
to the Advanced or Enterprise Edition.
Background information
After you enable the baseline check feature, Security Center automatically scans all
assets based on the
default policy. The following content describes the time and targets of the automatic scan based
on the
default policy:
- Scan time: once every second day, from 00:00 to 06:00.
- Scan targets: All assets under your Alibaba Cloud account.

You can also create custom policies to check the baseline items that are not specified
in the default policy.
Note Only the Enterprise edition of Security Center supports custom check policies. The
Advanced edition does not support custom check policies. The Advanced edition supports
baseline checks based on the default check policy and existing check policies.
Based on Alibaba Cloud threat intelligence, Security Center provides default rules
to detect weak passwords. You can also create custom rules to detect weak passwords.
For more information, see Custom rules to detect weak passwords.
Manage baseline check policies
- Log on to the Security Center console.
- In the left-side navigation pane, choose .
- On the Baseline Check page, click Manage Policies in the upper-right corner.
- On the Manage Policies page, you can create, modify, or delete custom baseline check policies. You can also
modify the default policy on this tab.
Custom rules to detect weak passwords
Security Center provides default rules to detect weak passwords. You can also create
custom rules to detect weak passwords. To create a custom rule, take the following
steps:
- Log on to the Security Center console.
- In the left-side navigation pane, choose .
- On the Baseline Check page, click Manage Policies in the upper-right corner.
- In the Custom Weak Password Rules section, click Download.

- After you specify weak passwords in the downloaded template, click Import File.
Note The file must meet the following requirements:
- The file size cannot exceed 5 KB.
- Each line in the file contains only one weak password.
- The file contains at most 2,000 weak passwords.
Related topics
After you create a custom policy, you can use it to check whether your servers contain
risks. For more information, see Run a baseline check.