The baseline check feature checks the configurations of server operating systems, databases, software, and containers. The feature also provides descriptions of check results and suggestions on security hardening. You can use the feature to harden the security of your assets, reduce the risks of intrusion, and meet the requirements for security compliance.
Description
The baseline check feature checks various configurations of operating systems and services, such as the configurations for weak passwords, account permissions, identity authentication, password policies, access control, security audit, and intrusion prevention. The feature also provides check results and suggestions on handling detected risks. The services include databases, software, and containers. For more information, see Baselines.
Security Center automatically checks all the assets within your Alibaba Cloud account from 00:00 to 06:00 every two days based on the default baseline check policy. You can create custom baseline check policies. You can also create custom weak password dictionaries and specify baseline check levels. The check levels are high, medium, and low. For more information, see Create baseline check policies
Limits
The baseline check feature is a value-added feature of Security Center. Only users of the Advanced, Enterprise, and Ultimate editions can purchase and enable the feature. If you use the Basic or Anti-virus edition, you must upgrade Security Center to the Advanced, Enterprise, or Ultimate edition before you can use the baseline check feature. For more information about how to upgrade Security Center, see Upgrade and downgrade Security Center.
The following table describes the types of baselines that are supported by each edition.
| Type | Basic edition | Anti-virus edition | Advanced edition | Enterprise edition | Ultimate edition |
|---|---|---|---|---|---|
| Weak password |  |
|
 |
|
|
| Unauthorized access | |
||||
| Best security practices | |||||
| Container security | |||||
| Classified protection compliance | |||||
| Custom baseline |
Note
- Users of Security Center Advanced can use only the default baseline check policy to run baseline checks. The users cannot create standard or custom baseline check policies. For more information about baseline check policies, see Create baseline check policies.
- Users of the Enterprise and Ultimate editions of Security Center can use all baselines that are provided by the baseline check feature. The users can create standard and custom baseline check policies. The users can also edit and delete the baseline check policies that they create. The default baseline check policy cannot be deleted. If the Enterprise or Ultimate edition of Security Center detects baseline risks on Linux servers based on the Alibaba Cloud standards and the Multi-Level Protection Scheme (MLPS) standards, Security Center automatically fixes the risks.
Baselines
| Category | Check standard and description | Involved operating system and service | Fixing description |
|---|---|---|---|
| Weak password | Checks whether weak passwords are configured for your assets by using a method other
than brute-force logons. The method does not lock your account, which prevents your
workloads from being interrupted.
Note Security Center detects weak passwords by comparing the hash value that is read by
the system with the hash value that is calculated based on the weak password dictionary.
If you do not want to enable the system to read the hash value, you can remove the
baseline that detects weak passwords from your baseline check policy.
|
|
You must fix the baseline risks at the earliest opportunity. This way, you can prevent weak passwords from being exposed on the Internet. If weak passwords are exposed on the Internet, your assets can be attacked, and data breaches can occur. |
| Unauthorized access | Baselines that are used to check for unauthorized access. Check whether unauthorized access risks exist in your services. This prevents intrusions and data breaches. | Memcached, Elasticsearch, Docker, CouchDB, ZooKeeper, Jenkins, Hadoop, Tomcat, Redis, JBoss, ActiveMQ, RabbitMQ, OpenLDAP, rsync, MongoDB, and PostgreSQL | |
| Best security practices | Alibaba Cloud standards
Check whether risks exist in the configurations based on the Alibaba Cloud standards of best security practices. The configurations involve account permissions, identity authentication, password policies, access control, security audit, and intrusion prevention. |
|
We recommend that you fix the detected risks. Security Center can reinforce the security of your assets based on the standards of best security practices. This prevents attacks and malicious modifications to the configurations of your assets. |
| Container security | Alibaba Cloud standards
Check whether the Kubernetes master nodes contain risks based on the Alibaba Cloud standards of best practices for container security. |
|
|
| Classified protection compliance | The standards of MLPS level 2 and MLPS level 3
Check configurations based on the baselines for MLPS compliance for servers. The baseline checks meet the standards and requirements for computing environment that are proposed by authoritative assessment organizations. |
|
We recommend that you fix the detected risks based on the compliance requirements for your business. |
| CIS compliance | Check configurations based on the baselines for Center for Internet Security (CIS) compliance for operating systems. |
|
We recommend that you fix the detected risks based on the compliance requirements for your business. |
| Custom baseline | Checks configurations based on custom baselines for CentOS Linux 7. You can specify or edit custom baselines in a custom baseline check policy based on your business requirements. | CentOS 7, CentOS 6, Windows Server 2008 R2, Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019 | We recommend that you fix the risks that are detected based on the custom baselines that you specify. Security Center can reinforce the security of your assets based on the standards of best security practices. This prevents attacks and malicious modifications to the configurations of your assets. |
Baseline checks
Security Center provides default baseline checks. Security Center performs baseline checks on a server to detect risks and defects in the baseline configurations and applications of the server. If risks and defects are detected during baseline checks, Security Center generates alerts and provides fixing suggestions.
| Category | Baseline check | Description | Number of check items |
|---|---|---|---|
| Weak password | Zabbix login weak password baseline | Checks weak passwords that are used to log on to Zabbix. | 1 |
| Samba login weak password detection | Checks weak passwords for users of Samba databases. | 1 | |
| ElasticSearch login weak password baseline | Checks weak passwords that are used to log on to Elasticsearch servers. | 1 | |
| Activemq login weak password baseline | Checks weak passwords that are used to log on to ActiveMQ. | 1 | |
| RabbitMQ login weak password baseline | Checks weak passwords that are used to log on to RabbitMQ. | 1 | |
| OpenVPN weak password detection in Linux system | Checks common weak passwords of OpenVPN accounts in Linux operating systems. | 1 | |
| Jboss6/7 login weak password baseline | Checks weak passwords that are used to log on to JBoss 6 and JBoss 7. | 1 | |
| Jenkins login weak password baseline | Checks weak passwords that are used to log on to Jenkins. This baseline check provides more samples to detect weak passwords than its earlier version. | 1 | |
| Proftpd login weak password baseline | Checks weak passwords that are used to log on to ProFTPD. This baseline check provides more samples to detect weak passwords than its earlier version. | 1 | |
| Influxdb login weak password baseline | Checks weak passwords that are used to log on to InfluxDB databases. This baseline check provides more samples to detect weak passwords than its earlier version. | 1 | |
| Weblogic 12c login weak password detection | Checks weak password for users of WebLogic Server 12c. | 1 | |
| Openldap login weak password baseline | Checks weak passwords that are used to log on to OpenLDAP. | 1 | |
| VncServer weak password check | Checks common weak passwords that are used to log on to the VNC service. | 1 | |
| pptpd login weak password baseline | Checks weak passwords that are used to log on to PPTP servers. | 1 | |
| Oracle login weak password detection | Checks weak passwords for users of Oracle databases. | 1 | |
| svn login weak password baseline | Checks weak passwords that are used to log on to Subversion (SVN) servers. | 1 | |
| rsync login weak password baseline | Checks weak passwords that are used to log on to rsync servers. | 1 | |
| MongoDB Weak Password baseline | Checks weak passwords for the MongoDB service. MongoDB 3.x and 4.x support this baseline check. | 1 | |
| PostgreSQL DB login weak password baseline | Checks weak passwords that are used to log on to PostgreSQL databases. | 1 | |
| SQL Server DB login weak password baseline | Checks weak passwords that are used to log on to Microsoft SQL Server databases. | 1 | |
| Mysql DB login weak password baseline(Windows version) | Checks weak passwords that are used to log on to MySQL databases. This baseline check is suitable only for Windows operating systems. | 1 | |
| Apache Tomcat Console weak password baseline | Checks weak passwords that are used to log on to the Apache Tomcat console. Apache Tomcat 7, 8, and 9 support this baseline check. | 1 | |
| Ftp login weak password baseline | Checks weak passwords that are used to log on to FTP servers and anonymous logons to FTP servers. | 1 | |
| Redis DB login weak password baseline | Checks weak passwords that are used to log on to Redis databases. | 1 | |
| Windows system login weak password baseline | Checks weak passwords that are used to log on to Windows Server operating systems. This baseline check provides more samples to detect weak passwords than its earlier version. | 1 | |
| Linux system login weak password baseline | Checks weak passwords that are used to log on to Linux operating systems. This baseline check provides more samples to detect weak passwords than its earlier version. | 1 | |
| Mysql DB login weak password baseline | Checks weak passwords that are used to log on to MySQL databases. This baseline check provides more samples to detect weak passwords than its earlier version. | 1 | |
| MongoDB Weak Password baseline(support version 2. X) | Checks weak passwords for users of the MongoDB service. | 1 | |
| Unauthorized access | Influxdb unauthorized access high exploit vulnerability risk | Checks InfluxDB vulnerabilities that can be exploited by attackers to implement unauthorized access. | 1 |
| Redis unauthorized access high exploit vulnerability risk | Checks Redis vulnerabilities that can be exploited by attackers to implement unauthorized access. | 1 | |
| Jboss unauthorized access high exploit vulnerability risk | Checks JBoss vulnerabilities that can be exploited by attackers to implement unauthorized access. | 1 | |
| ActiveMQ unauthorized access high exploit vulnerability risk | Checks ActiveMQ vulnerabilities that can be exploited by attackers to implement unauthorized access. | 1 | |
| RabbitMQ unauthorized access high exploit vulnerability risk | Checks RabbitMQ vulnerabilities that can be exploited by attackers to implement unauthorized access. | 1 | |
| OpenLDAP unauthorized access vulnerability baseline (Linux) | Checks OpenLDAP vulnerabilities that can be exploited by attackers to implement unauthorized access. | 1 | |
| Kubernetes-Apiserver unauthorized access to high-risk risks | Checks Kubernetes API server vulnerabilities that can be exploited by attackers to implement unauthorized access. | 1 | |
| LDAP unauthorized access high exploit vulnerability risk (Windows) | Checks LDAP vulnerabilities that can be exploited by attackers to implement unauthorized access. | 1 | |
| rsync unauthorized access high exploit vulnerability risk | Checks rsync vulnerabilities that can be exploited by attackers to implement unauthorized access. | 1 | |
| Mongodb unauthorized access high exploit vulnerability risk | Checks MongoDB vulnerabilities that can be exploited by attackers to implement unauthorized access. | 1 | |
| Postgresql unauthorized access to high-risk risk baseline | Checks PostgreSQL vulnerabilities that can be exploited by attackers to implement unauthorized access. | 1 | |
| Jenkins unauthorized access high exploit vulnerability risk | Checks Jenkins vulnerabilities that can be exploited by attackers to implement unauthorized access. | 1 | |
| Hadoop unauthorized access high exploit vulnerability risk | Checks Apache Hadoop vulnerabilities that can be exploited by attackers to implement unauthorized access. | 1 | |
| CouchDB unauthorized access high exploit risk | Checks Apache CouchDB vulnerabilities that can be exploited by attackers to implement unauthorized access. | 1 | |
| ZooKeeper unauthorized access high exploit vulnerability risk | Checks Apache ZooKeeper vulnerabilities that can be exploited by attackers to implement unauthorized access. | 1 | |
| Docker unauthorized access high vulnerability risk | Checks Docker vulnerabilities that can be exploited by attackers to implement unauthorized access. | 1 | |
| Memcached unauthorized access high exploit vulnerability risk | Checks memcached vulnerabilities that can be exploited by attackers to implement unauthorized access. | 1 | |
| Elasticsearch unauthorized access high exploit vulnerability risk | Checks Elasticsearch vulnerabilities that can be exploited by attackers to implement unauthorized access. | 1 | |
| Container security | CIS standard-Kubernetes(ACK) node security inspection inspection | Checks the baseline against the Center for Internet Security (CIS) standard. This standard is suitable for enterprise users who have professional security skills. This baseline check provides a variety of check rules, which allows you to reinforce the security of your system based on business scenarios and requirements. | 52 |
| CIS standard-Kubernetes(ACK) Master node security inspection inspection | Checks the baseline against the CIS standard. This standard is suitable for enterprise users who have professional security skills. This baseline check provides a variety of check rules, which allows you to reinforce the security of your system based on business scenarios and requirements. | 8 | |
| Alibaba Cloud Standard-Kubernetes-Node security baseline check | Checks the baseline against the Alibaba Cloud standard of best practices for Kubernetes Master. | 7 | |
| Alibaba Cloud Standard-Kubernetes-Master security baseline check | Checks the baseline against the Alibaba Cloud standard of best practices for Kubernetes Master. | 18 | |
| Alibaba Cloud Standard -DockerSecurity Baseline Check | Checks the baseline against the Alibaba Cloud standard of best practices for Docker. | 17 | |
| Best security practices | Alibaba Cloud Linux/Aliyun Linux 2 Benchmark | Checks the baseline against the Alibaba Cloud standard of best practices for Alibaba Cloud Linux 2. | 15 |
| Alibaba Cloud Standard - CentOS Linux 6 Security Baseline Check | Checks the baseline against the Alibaba Cloud standard of best practices for CentOS Linux 6. | 15 | |
| Alibaba Cloud Standard - CentOS Linux 7/8 Security Baseline Check | Checks the baseline against the Alibaba Cloud standard of best practices for CentOS Linux 7 and CentOS Linux 8. | 15 | |
| Alibaba Cloud Standard - Debian Linux 8/9/10 Security Baseline | Checks the baseline against the Alibaba Cloud standard of best practices for Debian Linux 8, Debian Linux 9, and Debian Linux 10. | 15 | |
| Alibaba Cloud Standard - Red Hat Enterprise Linux 6 Security Baseline Check | Checks the baseline against the Alibaba Cloud standard of best practices for Red Hat Enterprise Linux (RHEL) 6. | 15 | |
| Alibaba Cloud Standard - Red Hat Enterprise Linux 7/8 Security Baseline Check | Checks the baseline against the Alibaba Cloud standard of best practices for RHEL 7 and RHEL 8. | 15 | |
| Alibaba Cloud Standard - Ubuntu Security Baseline | Checks the baseline against the Alibaba Cloud standard of best practices for Ubuntu. | 15 | |
| Alibaba Cloud Standard - Windows Server 2008 R2 Security Baseline Check | Checks the baseline against the Alibaba Cloud standard of best practices for Windows Server 2008 R2. | 12 | |
| Alibaba Cloud Standard - Windows 2012 R2 Security Baseline | Checks the baseline against the Alibaba Cloud standard of best practices for Windows Server 2012 R2. | 12 | |
| Alibaba Cloud Standard - Windows 2016/2019 Security Baseline | Checks the baseline against the Alibaba Cloud standard of best practices for Windows Server 2016 and Windows Server 2019. | 12 | |
| Alibaba Cloud Standard-SQL Server Security Baseline Check | Checks the baseline against the Alibaba Cloud standard of best practices for SQL Server 2012. | 17 | |
| Alibaba Cloud Standard - Memcached Security Baseline Check | Checks the baseline against the Alibaba Cloud standard of best practices for memcached. | 5 | |
| Alibaba Cloud Standard - MongoDB version 3.x Security Baseline Check | Checks the baseline against the Alibaba Cloud standard of best practices for MongoDB. | 9 | |
| Alibaba Cloud Standard - Mysql Security Baseline Check | Checks the baseline against the Alibaba Cloud standard of best practices for MySQL. MySQL 5.1 to MySQL 5.7 support this baseline check. | 12 | |
| Alibaba Cloud Standard - Oracle 11g Security Baseline Check | Checks the baseline against the Alibaba Cloud standard of best practices for Oracle Database 11g. | 14 | |
| Alibaba Cloud Standard-PostgreSql Security Initialization Check | Checks the baseline against the Alibaba Cloud standard of best practices for PostgreSQL. | 11 | |
| Alibaba Cloud Standard - Redis Security Baseline Check | Checks the baseline against the Alibaba Cloud standard of best practices for Redis. | 7 | |
| Alibaba Cloud Standard - Anolis 8 Security Baseline Check | Checks the baseline against the Alibaba Cloud standard of best practices for Anolis 8. | 15 | |
| Alibaba Cloud Standard - Apache Security Baseline Check | Checks the baseline of middleware against the standards of CIS and Alibaba Cloud. | 19 | |
| Alibaba cloud standard - CouchDB security baseline check | Checks the baseline against the Alibaba Cloud standard for Apache CouchDB. | 5 | |
| Alibaba Cloud Standard - ElasticSearch Security Baseline Check | Checks the baseline against the Alibaba Cloud standard of best practices for Elasticsearch. | 3 | |
| Alibaba Cloud Standard - Hadoop Security Baseline Check | Checks the baseline against the Alibaba Cloud standard of best practices for Apache Hadoop. | 3 | |
| Alibaba Cloud Standard - IIS 8 Security Baseline Check | Checks the baseline against the Alibaba Cloud standard of best practices for Internet Information Services (IIS) 8. | 8 | |
| Alibaba Cloud Standard - Influxdb Security Baseline Check | Checks the baseline against the Alibaba Cloud standard of best practices for InfluxDB. | 5 | |
| Alibaba Cloud Standard -Jboss6/7 Security Baseline | Checks the baseline against the Alibaba Cloud standard of best practices for JBoss 6 and JBoss 7. | 11 | |
| Alibaba Cloud Standard - Kibana Security Baseline Check | Checks the baseline against the Alibaba Cloud standard of best practices for Kibana. | 4 | |
| Alibaba Cloud Standard - Kylin Security Baseline Check | Checks the baseline against the Alibaba Cloud standard for Kylin. | 15 | |
| Alibaba Cloud Standard -Activemq Security Baseline | Checks the baseline against the Alibaba Cloud standard of best practices for ActiveMQ. | 7 | |
| Alibaba Cloud Standard - Jenkins Security Baseline Check | Checks the baseline against the Alibaba Cloud standard of best practices for Jenkins. | 6 | |
| Alibaba Cloud Standard - RabbitMQ Security Baseline | Checks the baseline against the Alibaba Cloud standard of best practices for RabbitMQ. | 4 | |
| Alibaba Cloud Standard - Nginx Security Baseline Check | Checks the baseline against the Alibaba Cloud standard of best practices for NGINX. | 13 | |
| Alibaba Cloud Standard - Windows SMB Security Baseline Check | Checks the baseline against the Alibaba Cloud standard of best practices for Windows SMB. | 2 | |
| Alibaba Cloud Standard - SUSE Linux 15 Security Baseline Check | Checks the baseline against the Alibaba Cloud standard of best practices for SUSE Linux 15. | 15 | |
| Alibaba Cloud Standard - Apache Tomcat Security Baseline(on windows) | Checks the baseline of middleware against the standards of CIS and Alibaba Cloud. | 8 | |
| Alibaba Cloud Standard - Uos Security Baseline Check | Checks the baseline against the Alibaba Cloud standard of best practices for UOS. | 15 | |
| Alibaba Cloud Standard - Zabbix Security Baseline | Checks the baseline against the Alibaba Cloud standard of best practices for Zabbix. | 6 | |
| Alibaba Cloud Standard-Apache Tomcat Security Baseline | Checks the baseline of middleware against the standards of CIS and Alibaba Cloud. | 13 | |
| CIS compliance | Alibaba Cloud Linux/Aliyun Linux 2 CIS Benchmark | Checks the baseline against the CIS standard. This standard is suitable for enterprise users who have professional security skills. This baseline check provides a variety of check rules, which allows you to reinforce the security of your system based on business scenarios and requirements. | 178 |
| CIS CentOS Linux 6 LTS Benchmark | Checks the baseline against the CIS standard. This standard is suitable for enterprise users who have professional security skills. This baseline check provides a variety of check rules, which allows you to reinforce the security of your system based on business scenarios and requirements. | 196 | |
| CIS CentOS Linux 7 LTS Benchmark | Checks the baseline against the CIS standard. This standard is suitable for enterprise users who have professional security skills. This baseline check provides a variety of check rules, which allows you to reinforce the security of your system based on business scenarios and requirements. | 197 | |
| CIS CentOS Linux 8 LTS Benchmark | Checks the baseline against the CIS standard. This standard is suitable for enterprise users who have professional security skills. This baseline check provides a variety of check rules, which allows you to reinforce the security of your system based on business scenarios and requirements. | 164 | |
| CIS Debian Linux 8 Benchmark | Checks the baseline against the CIS standard. This standard is suitable for enterprise users who have professional security skills. This baseline check provides a variety of check rules, which allows you to reinforce the security of your system based on business scenarios and requirements. | 155 | |
| CIS Ubuntu Linux 14 LTS Benchmark | Checks the baseline against the CIS standard. This standard is suitable for enterprise users who have professional security skills. This baseline check provides a variety of check rules, which allows you to reinforce the security of your system based on business scenarios and requirements. | 177 | |
| CIS Ubuntu Linux 16/18/20 LTS Benchmark | Checks the baseline against the CIS standard. This standard is suitable for enterprise users who have professional security skills. This baseline check provides a variety of check rules, which allows you to reinforce the security of your system based on business scenarios and requirements. | 176 | |
| CIS Microsoft Windows Server 2008 R2 Benchmark | Checks the baseline against the CIS standard. This standard is suitable for enterprise users who have professional security skills. This baseline check provides a variety of check rules, which allows you to reinforce the security of your system based on business scenarios and requirements. | 274 | |
| CIS Microsoft Windows Server 2012 R2 Benchmark | Checks the baseline against the Center for Internet Security (CIS) standard. This standard is suitable for enterprise users who have professional security skills. This baseline check provides a variety of check rules, which allows you to reinforce the security of your system based on business scenarios and requirements. | 275 | |
| CIS Microsoft Windows Server 2016/2019 R2 Benchmark | Checks the baseline against the Center for Internet Security (CIS) standard. This standard is suitable for enterprise users who have professional security skills. This baseline check provides a variety of check rules, which allows you to reinforce the security of your system based on business scenarios and requirements. | 275 | |
| Operating systems involved in MLPS compliance | SUSE Linux 15 Baseline for China classified protection of cybersecurity-Level III | Checks the baseline against the standard of MLPS 2.0 level 3 for SUSE Linux Enterprise Server 15. This checks whether your asset environments comply with the classified protection requirements. | 18 |
| Alibaba Cloud Linux 3 Baseline for China classified protection of cybersecurity-Level III | Checks the baseline against the standard of MLPS 2.0 level 3 for Alibaba Cloud Linux 3. This checks whether your asset environments comply with the classified protection requirements. | 19 | |
| Alibaba Cloud Linux/Aliyun Linux 2 Baseline for China classified protection of cybersecurity-Level III | Checks the baseline against the standard of MLPS 2.0 level 3 for Alibaba Cloud Linux 2. This checks whether your asset environments comply with the classified protection requirements. | 19 | |
| China's Level 3 Protection of Cybersecurity - Bind Compliance Baseline Check | Checks the baseline against the standard of MLPS 2.0 level 3 for Bind. This checks whether your asset environments comply with the classified protection requirements. | 4 | |
| CentOS Linux 6 Baseline for China classified protection of cybersecurity-Level III | Checks the baseline against the standard of MLPS 2.0 level 3 for CentOS Linux 6. This checks whether your asset environments comply with the classified protection requirements. | 19 | |
| CentOS Linux 7 Baseline for China classified protection of cybersecurity-Level III | Checks the baseline against the standard of MLPS 2.0 level 3 for CentOS Linux 7. This checks whether your asset environments comply with the classified protection requirements. | 19 | |
| CentOS Linux 8 Baseline for China classified protection of cybersecurity - Level III | Checks the baseline against the standard of MLPS 2.0 level 3 for CentOS Linux 8. This checks whether your asset environments comply with the classified protection requirements. | 19 | |
| IIS Baseline for China classified protection of cybersecurity-Level III | Checks the baseline against the standard of MLPS 2.0 level 3 for Oracle. This checks whether your asset environments comply with the classified protection requirements. | 5 | |
| China's Level 3 Protection of Cybersecurity - Informix Compliance Baseline Check | Checks the baseline against the standard of MLPS 2.0 level 3 for Informix. This checks whether your asset environments comply with the classified protection requirements. | 6 | |
| China's Level 3 Protection of Cybersecurity - Jboss6/7 Compliance Baseline Check | Checks the baseline against the standard of MLPS 2.0 level 3 for JBoss 6 or JBoss 7. This checks whether your asset environments comply with the classified protection requirements. | 5 | |
| MongoDB Baseline for China classified protection of cybersecurity-Level III | Checks the baseline against the standard of MLPS 2.0 level 3 for MongoDB. This checks whether your asset environments comply with the classified protection requirements. | 6 | |
| China's Level 3 Protection of Cybersecurity -SQL Server Compliance Baseline Check | Checks the baseline against the standard of MLPS 2.0 level 3 for SQL Server. This checks whether your asset environments comply with the classified protection requirements. | 4 | |
| Equal Guarantee Level 3-MySql Compliance Baseline Check | Checks the baseline against the standard of MLPS 2.0 level 3 for MySQL. This checks whether your asset environments comply with the classified protection requirements. | 5 | |
| Equal Guarantee Level 3-Nginx Compliance Baseline Check | Checks the baseline against the standard of MLPS 2.0 level 3 for NGINX. This checks whether your asset environments comply with the classified protection requirements. | 3 | |
| China's Level 3 Protection of Cybersecurity - Oracle Compliance Baseline Check | Checks the baseline against the standard of MLPS 2.0 level 3 for Oracle. This checks whether your asset environments comply with the classified protection requirements. | 12 | |
| Level 3-PostgreSql compliance baseline check | Checks the baseline against the standard of MLPS 2.0 level 3 for PostgreSQL. This checks whether your asset environments comply with the classified protection requirements. | 4 | |
| China's Level 3 Protection of Cybersecurity - Red Hat Enterprise Linux 6 Compliance Baseline Check | Checks the baseline against the standard of MLPS 2.0 level 3 for Red Hat Enterprise Linux 6. This checks whether your asset environments comply with the classified protection requirements. | 19 | |
| China's Level 3 Protection of Cybersecurity - Red Hat Enterprise Linux 7 Compliance Baseline Check | Checks the baseline against the standard of MLPS 2.0 level 3 for Red Hat Enterprise Linux 7. This checks whether your asset environments comply with the classified protection requirements. | 19 | |
| Redis Baseline for China classified protection of cybersecurity-Level III | Checks the baseline against the standard of MLPS 2.0 level 3 for Redis. This checks whether your asset environments comply with the classified protection requirements. | 4 | |
| SUSE Linux 10 Baseline for China classified protection of cybersecurity-Level III | Checks the baseline against the standard of MLPS 2.0 level 3 for SUSE Linux Enterprise Server 10. This checks whether your asset environments comply with the classified protection requirements. | 19 | |
| SUSE Linux 12 Baseline for China classified protection of cybersecurity-Level III | Checks the baseline against the standard of MLPS 2.0 level 3 for SUSE Linux Enterprise Server 12. This checks whether your asset environments comply with the classified protection requirements. | 19 | |
| SUSE Linux 11 Baseline for China classified protection of cybersecurity-Level III | Checks the baseline against the standard of MLPS 2.0 level 3 for SUSE Linux Enterprise Server 11. This checks whether your asset environments comply with the classified protection requirements. | 19 | |
| Ubuntu 14 Baseline for China classified protection of cybersecurity-Level III | Checks the baseline against the standard of MLPS 2.0 level 3 for Ubuntu 14. This checks whether your asset environments comply with the classified protection requirements. | 19 | |
| Waiting for Level 3-Ubuntu 16/18/20 compliance regulations inspection | Checks the baseline against the standard of MLPS 2.0 level 3 for Ubuntu 16, Ubuntu 18, and Ubuntu 20. This checks whether your asset environments comply with the classified protection requirements. | 19 | |
| China's Level 3 Protection of Cybersecurity - Websphere Application Server Compliance Baseline Check | Checks the baseline against the standard of Multi-Level Protection Scheme (MLPS) 2.0 level 3 for WebSphere Application Server. This checks whether your asset environments comply with the classified protection requirements. | 7 | |
| Weblogic Baseline for China classified protection of cybersecurity-Level III | Checks the baseline against the standard of MLPS 2.0 level 3 for Oracle WebLogic Server. This checks whether your asset environments comply with the classified protection requirements. | 5 | |
| China's Level 3 Protection of Cybersecurity - Windows Server 2008 R2 Compliance Baseline Check | Checks the baseline against the standard of MLPS 2.0 level 3 for Windows Server 2008 R2. This checks whether your asset environments comply with the classified protection requirements. | 19 | |
| Windows 2012 R2 Baseline for China classified protection of cybersecurity-Level III | Checks the baseline against the standard of MLPS 2.0 level 3 for Windows Server 2012 R2. This checks whether your asset environments comply with the classified protection requirements. | 19 | |
| Windows 2016/2019 Baseline for China classified protection of cybersecurity-Level III | Checks the baseline against the standard of MLPS 2.0 level 3 for Windows Server 2016 R2 and 2019 R2. This checks whether your asset environments comply with the classified protection requirements. | 19 | |
| Alibaba Cloud Linux/Aliyun Linux 2 Baseline for China classified protection of cybersecurity-Level II | Checks the baseline against the standard of MLPS 2.0 level 2 for Alibaba Cloud Linux 2. This checks whether your asset environments comply with the classified protection requirements. | 15 | |
| CentOS Linux 6 Baseline for China classified protection of cybersecurity-Level II | Checks the baseline against the standard of MLPS 2.0 level 2 for CentOS Linux 6. This checks whether your asset environments comply with the classified protection requirements. | 15 | |
| CentOS Linux 7 Baseline for China classified protection of cybersecurity-Level II | Checks the baseline against the standard of MLPS 2.0 level 2 for CentOS Linux 7. This checks whether your asset environments comply with the classified protection requirements. | 15 | |
| Debian Linux 8 Baseline for China classified protection of cybersecurity-Level II | Checks the baseline against the standard of MLPS 2.0 level 2 for Debian Linux 8. This checks whether your asset environments comply with the classified protection requirements. | 12 | |
| Redhat Linux 7 Baseline for China classified protection of cybersecurity-Level II | Checks the baseline against the standard of MLPS 2.0 level 2 for Red Hat Enterprise Linux 7. This checks whether your asset environments comply with the classified protection requirements. | 15 | |
| Linux Ubuntu 16/18 Baseline for China classified protection of cybersecurity-Level II | Checks the baseline against the standard of MLPS 2.0 level 2 for Ubuntu 16 and Ubuntu 18. This checks whether your asset environments comply with the classified protection requirements. | 19 | |
| Windows 2008 R2 Baseline for China classified protection of cybersecurity-Level II | Checks the baseline against the standard of MLPS 2.0 level 2 for Windows Server 2008 R2. This checks whether your asset environments comply with the classified protection requirements. | 12 | |
| Windows 2012 R2 Baseline for China classified protection of cybersecurity-Level II | Checks the baseline against the standard of MLPS 2.0 level 2 for Windows Server 2012 R2. This checks whether your asset environments comply with the classified protection requirements. | 12 | |
| Windows 2016/2019 Baseline for China classified protection of cybersecurity-Level II | Checks the baseline against the standard of MLPS 2.0 level 2 for Windows Server 2016 R2 and 2019 R2. This checks whether your asset environments comply with the classified protection requirements. | 12 | |
| Debian Linux 8/9/10 Baseline for China classified protection of cybersecurity-Level III | Checks the baseline against the standard of MLPS 2.0 level 3 for Debian Linux 8, Debian Linux 9, and Debian Linux 10. This checks whether your asset environments comply with the classified protection requirements. | 19 | |
| China's Level 3 Protection of Cybersecurity - Kylin Compliance Baseline Check | Checks the baseline against the standard of MLPS 2.0 level 3 for Kylin. This checks whether your asset environments comply with the classified protection requirements. | 19 | |
| China's Level 3 Protection of Cybersecurity - uos Compliance Baseline Check | Checks the baseline against the standard of MLPS 2.0 level 3 for UOS. This checks whether your asset environments comply with the classified protection requirements. | 19 | |
| China's Level 3 Protection of Cybersecurity - Anolis 8 Compliance Baseline Check | Checks the baseline against the standard of MLPS 2.0 level 3 for Anolis 8. This checks whether your asset environments comply with the classified protection requirements. | 19 | |
| Custom baseline | Alibaba cloud standard Ubuntu custom security baseline check | Checks the custom baseline against the Alibaba Cloud standard of best practices for Ubuntu 14, Ubuntu 16, Ubuntu 18, and Ubuntu 20. | 62 |
| Windows custom baseline | The custom template that contains all baseline check items related to Windows. You can select baseline check items and configure parameters for baseline check items by using the template. This helps best suit your business requirements. | 63 | |
| CentOS Linux 6 custom baseline | The custom template that contains all baseline check items related to CentOS Linux 6. You can select baseline check items and configure parameters for baseline check items by using the template. This helps best suit your business requirements. | 47 | |
| CentOS Linux 7/8 custom baseline | The custom template that contains all baseline check items related to CentOS Linux 7 and CentOS Linux 8. You can select baseline check items and configure parameters for baseline check items by using the template. This helps best suit your business requirements. | 53 |