Constraints
Server Protection Restrictions
- Elastic Cloud Server (ECS)
- Bare Metal Server (BMS)
- On-premises data center (IDC)
OS Restrictions
Currently, the HSS agent and system vulnerability scan functions are not supported in certain OSs.
For details about the OS restrictions of HSS, see:
- CentOS 6.x is no longer updated or maintained on the Linux official website, and HSS no longer supports CentOS 6.x or earlier.
- The meanings of the symbols in the table are as follows:
- √: supported
- ×: not supported
|
OS |
Agent |
System Vulnerability Scan |
|---|---|---|
|
Windows Server 2012 R2 Standard 64-bit English (40 GB) |
√ |
√ |
|
Windows Server 2012 R2 Standard 64-bit Chinese (40 GB) |
√ |
√ |
|
Windows Server 2012 R2 Datacenter 64-bit English (40 GB) |
√ |
√ |
|
Windows Server 2012 R2 Datacenter 64-bit Chinese (40 GB) |
√ |
√ |
|
Windows Server 2016 Standard 64-bit English (40 GB) |
√ |
√ |
|
Windows Server 2016 Standard 64-bit Chinese (40 GB) |
√ |
√ |
|
Windows Server 2016 Datacenter 64-bit English (40 GB) |
√ |
√ |
|
Windows Server 2016 Datacenter 64-bit Chinese (40 GB) |
√ |
√ |
|
Windows Server 2019 Datacenter 64-bit English (40 GB) |
√ |
√ |
|
Windows Server 2019 Datacenter 64-bit Chinese (40 GB) |
√ |
√ |
|
Windows Server 2022 Datacenter 64-bit English (40 GB) |
√ |
× |
|
Windows Server 2022 Datacenter 64-bit Chinese (40 GB) |
√ |
× |
|
Windows Server 2022 Standard 64-bit English (40 GB) |
√ |
× |
|
Windows Server 2022 Standard 64-bit Chinese (40 GB) |
√ |
× |
|
OS |
Agent |
System Vulnerability Scan |
|---|---|---|
|
CentOS 7.4 (64-bit) |
√ |
√ |
|
CentOS 7.5 (64-bit) |
√ |
√ |
|
CentOS 7.6 (64-bit) |
√ |
√ |
|
CentOS 7.7 (64-bit) |
√ |
√ |
|
CentOS 7.8 (64-bit) |
√ |
√ |
|
CentOS 7.9 (64-bit) |
√ |
√ |
|
CentOS 8.1 (64-bit) |
√ |
× |
|
CentOS 8.2 (64-bit) |
√ |
× |
|
CentOS 8 (64-bit) |
√ |
× |
|
Debian 9 (64-bit) |
√ |
√ |
|
Debian 10 (64-bit) |
√ |
√ |
|
Debian 11 (64-bit) |
√ |
√ |
|
Debian 12 (64-bit) |
√
NOTE:
Currently, brute-force attack detection is not supported. |
× |
|
EulerOS 2.2 (64-bit) |
√ |
√ |
|
EulerOS 2.3 (64-bit) |
√ |
√ |
|
EulerOS 2.5 (64-bit) |
√ |
√ |
|
EulerOS 2.7 (64-bit) |
√ |
× |
|
EulerOS 2.9 (64-bit) |
√ |
√ |
|
EulerOS 2.10 (64-bit) |
√ |
√ |
|
EulerOS 2.11 (64-bit) |
√ |
√ |
|
EulerOS 2.12 (64-bit) |
√ |
√ |
|
Fedora 28 (64-bit) |
√ |
× |
|
Fedora 31 (64-bit) |
√ |
× |
|
Fedora 32 (64-bit) |
√ |
× |
|
Fedora 33 (64-bit) |
√ |
× |
|
Fedora 34 (64-bit) |
√ |
× |
|
Ubuntu 16.04 (64-bit) |
√ |
√ |
|
Ubuntu 18.04 (64-bit) |
√ |
√ |
|
Ubuntu 20.04 (64-bit) |
√ |
√ |
|
Ubuntu 22.04 (64-bit) |
√ |
√ |
|
Ubuntu 24.04 (64-bit) |
√
NOTE:
Currently, brute-force attack detection is not supported. |
× |
|
AlmaLinux 8.4 (64-bit) |
√ |
√ |
|
AlmaLinux 9.0 (64-bit) |
√ |
× |
|
AlmaLinux 9.2 (64-bit) |
√ |
× |
|
AlmaLinux 9.4 (64-bit) |
√ |
× |
|
Rocky Linux 8.4 (64-bit) |
√ |
× |
|
Rocky Linux 8.5 (64-bit) |
√ |
× |
|
RockyLinux 8.6 (64-bit) |
√ |
√ |
|
RockyLinux 8.10 (64-bit) |
√ |
√ |
|
Rocky Linux 9.0 (64-bit) |
√ |
× |
|
RockyLinux 9.4 (64-bit) |
√ |
√ |
|
RockyLinux 9.5 (64-bit) |
√ |
√ |
|
HCE 1.1 CentOS-compatible edition (64-bit) |
√ |
√ |
|
HCE 2.0 standard edition (64-bit) |
√ |
√ |
|
SUSE Linux Enterprise Server 12 SP5 (64 bit) |
√ |
√ |
|
SUSE Linux Enterprise Server 15 (64 bit) |
√ |
× |
|
SUSE Linux Enterprise Server 15 SP1 (64 bit) |
√ |
√ |
|
SUSE Linux Enterprise Server 15 SP2 (64 bit) |
√ |
√ |
|
SUSE Linux Enterprise Server 15 SP3 (64 bit) |
√ |
× |
|
SUSE Linux Enterprise Server 15.5 (64 bit) |
√ |
× |
|
SUSE Linux Enterprise Server 15 SP6 (64 bit) |
√
NOTE:
Currently, brute-force attack detection is not supported. |
× |
|
Kylin V10 (64 bit) |
√ |
√ |
|
Kylin V10 SP1 (64 bit) |
√ |
√ |
|
Kylin V10 SP2 (64 bit) |
√ |
√ |
|
Kylin V10 SP3 (64 bit) |
√ |
× |
|
UnionTech OS 1050u2e |
√
NOTE:
Currently, file escape detection is not supported. |
√ |
|
OS |
Agent |
System Vulnerability Scan |
|---|---|---|
|
CentOS 7.4 (64-bit) |
√ |
√ |
|
CentOS 7.5 (64-bit) |
√ |
√ |
|
CentOS 7.6 (64-bit) |
√ |
√ |
|
CentOS 7.7 (64-bit) |
√ |
√ |
|
CentOS 7.8 (64-bit) |
√ |
√ |
|
CentOS 7.9 (64-bit) |
√ |
√ |
|
CentOS 8.0 (64-bit) |
√ |
× |
|
CentOS 8.1 (64-bit) |
√ |
× |
|
CentOS 8.2 (64-bit) |
√ |
× |
|
CentOS 9 (64-bit) |
√ |
× |
|
Debian 11 (64-bit) |
√ |
√ |
|
Debian 12 (64-bit) |
√
NOTE:
Currently, brute-force attack detection is not supported. |
× |
|
EulerOS 2.8 (64-bit) |
√ |
√ |
|
EulerOS 2.9 (64-bit) |
√ |
√ |
|
EulerOS 2.10 (64-bit) |
√ |
√ |
|
EulerOS 2.11 (64-bit) |
√ |
√ |
|
EulerOS 2.12 (64-bit) |
√ |
√ |
|
Fedora 29 (64-bit) |
√ |
× |
|
Ubuntu 18.04 (64-bit) |
√ |
√ |
|
Ubuntu 20.04 (64-bit) |
√ |
√ |
|
Ubuntu 22.04 (64-bit) |
√ |
√ |
|
Ubuntu 24.04 (64-bit) |
√
NOTE:
Currently, brute-force attack detection is not supported. |
× |
|
NeoKylin Linux Advanced Server Operating System V7 (64-bit) |
√ |
× |
|
Kylin V10 (64 bit) |
√ |
√ |
|
Kylin V10 SP1 (64 bit) |
√ |
√ |
|
Kylin V10 SP2 (64 bit) |
√ |
√ |
|
Kylin V10 SP3 (64 bit) |
√ |
× |
|
HCE 2.0 standard edition (64-bit) |
√ |
√ |
|
UnionTech OS V20 (64-bit) |
√ |
√
NOTE:
Only UnionTech OS V20 server editions E and D support system vulnerability scan. |
|
UnionTech OS V20 1050e (64-bit) |
√ |
√ |
|
UnionTech OS V20 1060e (64-bit) |
√ |
√ |
|
RockyLinux 9.5 (64-bit) |
√ |
√ |
|
CTyunOS 3-23.01 (64-bit) |
√ |
√ |
Agent Restrictions
- If third-party security software is installed on the server, uninstall the software before installing the HSS agent. If the third-party security software is incompatible with the HSS agent, the HSS protection functions will be affected.
- After the agent is installed on the server or container node, the agent may modify the following system files or configurations:
- Linux system files:
- /etc/hosts.deny
- /etc/hosts.allow
- /etc/rc.local
- /etc/ssh/sshd_config
- /etc/pam.d/sshd
- /etc/docker/daemon.json
- /etc/sysctl.conf
- /sys/fs/cgroup/cpu/ (A subdirectory will be created for the HSS process in this directory.)
- /sys/kernel/debug/tracing/instances (A CSA instance will be created in this directory.)
- Linux system configurations: iptables rules
- Windows system configurations:
- Firewall rules
- System login event audit policy and the configuration of login security layer and authentication mode
- Windows Remote Management trusted server list
- Linux system files:
Restrictions on Brute-force Attack Defense
- Before you enable protection for a Windows server, enable the Windows firewall to block the source IP addresses of brute-force attacks. If the Windows firewall is not enabled, HSS only generates alarms for detected brute-force attacks, but does not block them.
- After the Windows firewall is enabled, HSS automatically adds firewall rules hostguard_AllowAnyIn and hostguard_AllowAnyOut to allow all inbound and outbound traffic, so that the firewall will not affect your services. If HSS detects a brute-force attack, it adds an inbound rule to the firewall to block the attack source IP address. This does not affect your servers.
- Do not disable the Windows firewall when using HSS, or HSS cannot block the source IP addresses of brute-force attacks. Once it is disabled, HSS may fail to block the attack source IP addresses even after you manually enable it again.
- Brute-force attack detection does not support Debian 12, Ubuntu 24.04, or SUSE Linux Enterprise Server 15 SP6.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
