This topic describes the managed rules that are provided in the BestPracticesForNetwork compliance package template.
Rule name | Description |
---|---|
slb-loadbalancer-bandwidth-limit | If the available bandwidth of each Server Load Balancer (SLB) instance is greater than or equal to the value specified by the input parameter, the evaluation result is compliant. |
slb-listener-https-enabled | If ports 80 and 8080 are used by the HTTPS listeners of each SLB instance, the evaluation result is compliant. |
sg-public-access-check | If the inbound authorization policy of each security group is set to Allow and you set the port range to -1/-1 or the authorized IP address to 0.0.0.0/0, the evaluation result is compliant. |
sg-risky-ports-check | If 0.0.0.0/0 is added to the IP address whitelist of each security group and ports 22 and 3389 are disabled, the evaluation result is compliant. |
eip-bandwidth-limit | If the available bandwidth of an elastic IP address (EIP) is greater than or equal to the value specified by the input parameter, the evaluation result is compliant. |
cdn-domain-https-enabled | If HTTPS is enabled for each domain name accelerated by Alibaba Cloud CDN, the evaluation result is compliant. |
slb-aliyun-certificate-required | If each SLB instance uses the certificates that are issued by Alibaba Cloud, the evaluation result is compliant. |
vpn-ipsec-connection-health-check-open | If the health check feature is enabled for each IPsec-VPN connection, the evaluation result is compliant. |
vpc-flow-logs-enabled | If the flow log feature is enabled for each virtual private cloud (VPC), the evaluation result is compliant. |
slb-delete-protection-enabled | If the release protection feature is enabled for each SLB instance, the evaluation result is compliant. |
slb-server-certificate-expired | If the certificates used by each SLB instance are valid, the evaluation result is compliant. |
slb-status-active-check | If each SLB instance is in the Running state, the evaluation result is compliant. |
slb-servercertificate-expired-check | If the remaining validity period before the server certificate of SLB expires is longer than or equal to the period specified by the input parameter, the evaluation result is compliant. |
slb-instance-expired-check | If the remaining validity period of each subscription SLB instance is longer than or equal to the period specified by the input parameter, the evaluation result is compliant. |
slb-instance-loadbalancerspec-check | If all SLB instances in use are high-performance SLB instances, the evaluation result is compliant. |
slb-instance-autorenewal-check | If the auto-renewal feature is enabled for each subscription SLB instance, the evaluation result is compliant. |
slb-backendserver-weight-check | If each SLB instance has a backend server and the weight of the backend server is not set to 0, the evaluation result is compliant. |