This topic describes the managed rules that are provided in the BestPracticesForOSS compliance package template.
Rule name | Description |
---|---|
oss-bucket-public-read-prohibited | If the access control list (ACL) of each Object Storage Service (OSS) bucket denies read access from the Internet, the evaluation result is compliant. |
oss-bucket-public-write-prohibited | If the ACL of each OSS bucket denies write access from the Internet, the evaluation result is compliant. |
oss-bucket-server-side-encryption-enabled | If server-side encryption is enabled for each OSS bucket, the evaluation result is compliant. |
ss-bucket-referer-limit | If the hotlink protection feature is enabled for each OSS bucket, the evaluation result is compliant. |
oss-zrs-enabled | If zone-redundant storage (ZRS) is enabled for each OSS bucket, the evaluation result is compliant. |
oss-bucket-logging-enabled | If the log storage feature is enabled for each OSS bucket, the evaluation result is compliant. |
oss-bucket-versioning-enabled | If the versioning feature is enabled for each OSS bucket, the evaluation result is compliant. |