ALIYUN::ThreatDetection::AntiBruteForceRule类型用于创建防暴力破解规则。
语法
{
"Type": "ALIYUN::ThreatDetection::AntiBruteForceRule",
"Properties": {
"DefaultRule": Boolean,
"AntiBruteForceRuleName": String,
"ForbiddenTime": Integer,
"UuidList": List,
"FailCount": Integer,
"Span": Integer
}
}属性
属性名称 | 类型 | 必须 | 允许更新 | 描述 | 约束 |
DefaultRule | Boolean | 否 | 是 | 防暴力破解规则是否设置为默认规则。 | 取值:
说明 资产不在其他规则时,会使用默认规则。 |
AntiBruteForceRuleName | String | 是 | 是 | 防暴力破解规则的名称。 | 无 |
ForbiddenTime | Integer | 是 | 是 | 设置禁止账号登录的时长。 | 取值:
|
UuidList | List | 是 | 是 | 防暴力破解规则生效的服务器的UUID列表。 | 无 |
FailCount | Integer | 是 | 是 | 设置账号登录失败次数的阈值。 | 单位:次。 取值:2、3、4、5、10、50、80、100。 |
Span | Integer | 是 | 是 | 设置账号登录失败的时间的阈值。 | 单位:分钟。 取值:
说明 Span、FailCount、ForbiddenTime这三个参数组合成一个防暴力破解规则,表示XX分钟内账号登录失败超过XX次,该账号禁止登录XX分钟。 |
返回值
Fn::GetAtt
DefaultRule:防暴力破解规则是否设置为默认规则。
AntiBruteForceRuleName:防暴力破解规则的名称。
ForbiddenTime:设置禁止账号登录的时长。
AntiBruteForceRuleId:防御规则的ID。
UuidList:防暴力破解规则生效的服务器的UUID列表。
FailCount:设置账号登录失败次数的阈值。
Span:设置账号登录失败的时间的阈值。
示例
YAML格式
ROSTemplateFormatVersion: '2015-09-01'
Parameters:
AntiBruteForceRuleName:
Description: The name of the defense rule.
Type: String
DefaultRule:
AllowedValues:
- 'True'
- 'true'
- 'False'
- 'false'
Description: "Specifies whether to set the defense rule as the default rule. \n\
Valid values:\n- true: yes\n- false: no"
Type: Boolean
FailCount:
AllowedValues:
- 2
- 3
- 4
- 5
- 10
- 50
- 80
- 100
Description: "The maximum number of failed logon attempts from an account. \n\
Valid values: 2, 3, 4, 5, 10, 50, 80, and 100."
Type: Number
ForbiddenTime:
AllowedValues:
- 5
- 15
- 30
- 60
- 120
- 360
- 720
- 1440
- 10080
- 52560000
Description: 'The period of time during which logons from an account are not allowed.
Unit: minutes. Valid values:
- 5: 5 minutes
- 15: 15 minutes
- 30: 30 minutes
- 60: 1 hour
- 120: 2 hours
- 360: 6 hours
- 720: 12 hours
- 1440: 24 hours
- 10080: 7 days
- 52560000: permanent'
Type: Number
Span:
AllowedValues:
- 1
- 2
- 5
- 10
- 15
Description: 'The maximum period of time during which failed logon attempts from
an account can occur.
Unit: minutes. Valid values:
- 1
- 2
- 5
- 10
- 15'
Type: Number
UuidList:
Description: The UUIDs of the servers to which you want to apply the defense rule.
Type: Json
Resources:
ExtensionResource:
Properties:
AntiBruteForceRuleName:
Ref: AntiBruteForceRuleName
DefaultRule:
Ref: DefaultRule
FailCount:
Ref: FailCount
ForbiddenTime:
Ref: ForbiddenTime
Span:
Ref: Span
UuidList:
Ref: UuidList
Type: ALIYUN::ThreatDetection::AntiBruteForceRule
Outputs:
AntiBruteForceRuleId:
Description: The ID of the defense rule.
Value:
Fn::GetAtt:
- ExtensionResource
- AntiBruteForceRuleId
AntiBruteForceRuleName:
Description: The name of the defense rule.
Value:
Fn::GetAtt:
- ExtensionResource
- AntiBruteForceRuleName
DefaultRule:
Description: "Specifies whether to set the defense rule as the default rule. \n\
Valid values:\n- true: yes\n- false: no"
Value:
Fn::GetAtt:
- ExtensionResource
- DefaultRule
FailCount:
Description: The threshold for the number of failed user logins when the brute-force
defense rule takes effect.
Value:
Fn::GetAtt:
- ExtensionResource
- FailCount
ForbiddenTime:
Description: 'The period of time during which logons from an account are not allowed.
Unit: minutes.'
Value:
Fn::GetAtt:
- ExtensionResource
- ForbiddenTime
Span:
Description: 'The period of time during which logon failures from an account are
measured. Unit: minutes. If Span is set to 10, the defense rule takes effect
when the logon failures measured within 10 minutes reaches the specified threshold.
The IP addresses of attackers cannot be used to log on to the server within
the specified period of time.'
Value:
Fn::GetAtt:
- ExtensionResource
- Span
UuidList:
Description: The UUIDs of the server to which the defense rule is applied.
Value:
Fn::GetAtt:
- ExtensionResource
- UuidListJSON格式
{
"ROSTemplateFormatVersion": "2015-09-01",
"Parameters": {
"DefaultRule": {
"Type": "Boolean",
"Description": "Specifies whether to set the defense rule as the default rule. \nValid values:\n- true: yes\n- false: no",
"AllowedValues": [
"True",
"true",
"False",
"false"
]
},
"AntiBruteForceRuleName": {
"Type": "String",
"Description": "The name of the defense rule."
},
"ForbiddenTime": {
"Type": "Number",
"Description": "The period of time during which logons from an account are not allowed.\nUnit: minutes. Valid values:\n- 5: 5 minutes\n- 15: 15 minutes\n- 30: 30 minutes\n- 60: 1 hour\n- 120: 2 hours\n- 360: 6 hours\n- 720: 12 hours\n- 1440: 24 hours\n- 10080: 7 days\n- 52560000: permanent",
"AllowedValues": [
5,
15,
30,
60,
120,
360,
720,
1440,
10080,
52560000
]
},
"UuidList": {
"Type": "Json",
"Description": "The UUIDs of the servers to which you want to apply the defense rule."
},
"FailCount": {
"Type": "Number",
"Description": "The maximum number of failed logon attempts from an account. \nValid values: 2, 3, 4, 5, 10, 50, 80, and 100.",
"AllowedValues": [
2,
3,
4,
5,
10,
50,
80,
100
]
},
"Span": {
"Type": "Number",
"Description": "The maximum period of time during which failed logon attempts from an account can occur.\nUnit: minutes. Valid values:\n- 1\n- 2\n- 5\n- 10\n- 15",
"AllowedValues": [
1,
2,
5,
10,
15
]
}
},
"Resources": {
"ExtensionResource": {
"Type": "ALIYUN::ThreatDetection::AntiBruteForceRule",
"Properties": {
"DefaultRule": {
"Ref": "DefaultRule"
},
"AntiBruteForceRuleName": {
"Ref": "AntiBruteForceRuleName"
},
"ForbiddenTime": {
"Ref": "ForbiddenTime"
},
"UuidList": {
"Ref": "UuidList"
},
"FailCount": {
"Ref": "FailCount"
},
"Span": {
"Ref": "Span"
}
}
}
},
"Outputs": {
"DefaultRule": {
"Description": "Specifies whether to set the defense rule as the default rule. \nValid values:\n- true: yes\n- false: no",
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"DefaultRule"
]
}
},
"AntiBruteForceRuleName": {
"Description": "The name of the defense rule.",
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"AntiBruteForceRuleName"
]
}
},
"ForbiddenTime": {
"Description": "The period of time during which logons from an account are not allowed. Unit: minutes.",
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"ForbiddenTime"
]
}
},
"AntiBruteForceRuleId": {
"Description": "The ID of the defense rule.",
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"AntiBruteForceRuleId"
]
}
},
"UuidList": {
"Description": "The UUIDs of the server to which the defense rule is applied.",
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"UuidList"
]
}
},
"FailCount": {
"Description": "The threshold for the number of failed user logins when the brute-force defense rule takes effect.",
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"FailCount"
]
}
},
"Span": {
"Description": "The period of time during which logon failures from an account are measured. Unit: minutes. If Span is set to 10, the defense rule takes effect when the logon failures measured within 10 minutes reaches the specified threshold. The IP addresses of attackers cannot be used to log on to the server within the specified period of time.",
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"Span"
]
}
}
}
}