Performing Baseline Inspection
The baseline check supports automatic and manual baseline checks.
- Automatic baseline check: checks server configurations and common weak passwords.
- Manual baseline check: To view the real-time baseline risks of a specified server or detect the password complexity policy, you can manually perform a baseline check.
Automated Baseline Checks
HSS automatically performs a check for all server configurations and common weak passwords at 01:00 every day.
Premium edition, web tamper protection edition, and container edition allow you to customize the automatic detection period for configurations. For details, see Configuration Check.
Premium edition, web tamper protection edition, and container edition allow you to customize the automatic detection period for weak passwords. For details, see Weak Password Scan.
Manually Performing a Baseline Check
- Log in to the management console.
- In the upper left corner of the page, select a region, click , and choose Security & Compliance > HSS.
- In the navigation pane on the left, choose Risk Management > Baseline Checks.
If your servers are managed by enterprise projects, you can select an enterprise project to view or operate the asset and scan information.
Figure 1 Baseline check overview
- (Optional) Create a manual baseline check policy.
Before manually checking the baseline policy, you need to create a manual baseline check policy for the target server. If you have created a policy for the target server, skip this step.
- Click Policies in the upper right corner of the page.
- Click Create Policy and configure the policy information by referring to Table 1.
To check baseline details, click Rule Details on the right of a baseline name.
If you select Linux for OS, you can select any checks included in Baseline and edit rules. This function is not supported for Windows servers.
Figure 2 Creating a policy
- Confirm the information, click Next, and select the server to be associated with the application based on the server name, server ID, EIP, or private IP address.
- Confirm the information and click OK. The baseline policy will be displayed in the policy list.
- In the upper left corner of the Baseline Inspection page, select the target baseline inspection policy.
Figure 3 Selecting the target baseline policy
- Click Scan in the upper right corner of the page.
- If the time displayed in the Last scanned area under the Baseline Check Policy is the actual check time, the check is complete.
- After a manual check is performed, the button will display Scanning and be disabled. If the check time exceeds 30 minutes, the button will be automatically enabled again. If the time displayed in the Last scanned area becomes the current check time, it indicates the check has completed.
- After the check is complete, you can view the check results and handling suggestions by referring to Viewing and Processing Baseline Check Results.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.