Updated on 2024-08-14 GMT+08:00

Image Baseline Check

Your private image repository is scanned for unsafe configurations and provides suggestions for modifying the configurations, helping you fight intrusions and meet compliance requirements.

Check Frequency

A comprehensive check is automatically performed by at 04:10 every day.

Prerequisites

Container protection has been enabled.

Constraints

Only configuration risks in Linux images can be detected.

Check Items

  • Accounts with duplicate names or UIDs
  • Non-root accounts whose UIDs are 0
  • Password check in code
  • Accounts with duplicate password hash values
  • Weak password hash algorithms
  • The account password is not empty.
  • Duplicate group names or GIDs
  • Non-privileged account incorrectly included in the privilege group
  • Old "+" entries in the /etc/passwd file
  • Old "+" entries in the /etc/shadow file
  • Old "+" entries in the /etc/group file
  • Ensuring all groups in the /etc/passwd file are in the /etc/group file
  • Unconfigured password validity period
  • Ensuring that the password change dates of all users are past dates.
  • Host trust relationship
  • Preset root-level trust relationship establishment
  • The default group of user root is GID 0.
  • Members in the shadow group

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner of the page, select a region, and choose Security > Host Security Service.
  3. In the navigation tree on the left, choose Prediction > Container Images.
  4. Click the Unsafe Settings tab to view the unsafe settings in the image.
  5. Click next to a check item to view its details and suggestions, and modify your unsafe settings accordingly.