Help Center> Host Security Service (New)> User Guide (Ankara Region)> Risk Prevention> Baseline Inspection> Managing Baseline Check Policies
Updated on 2024-04-15 GMT+08:00
View PDF

Managing Baseline Check Policies

You can create, edit, and delete check policies for manual baseline checks, and can customize check item as required.

Constraints

  • The policies on the Prediction > Baseline Checks page only take effect on manual baseline checks. For details about how to configure the policies, see "Configuration Check" and "Weak Password Scan" in Modifying a Policy.
  • Servers that are not protected by HSS do not support baseline-related operations.

Creating a Baseline Check Policy

  1. Log in to the management console.
  2. In the upper left corner of the page, click , select a region, and choose Security > Host Security Service.
  3. In the navigation pane on the left, choose Prediction > Baseline Checks.
  4. Click Policies in the upper right corner of the page.
  5. Click Create Policy and configure the policy information by referring to Table 1.

    To check baseline details, click Rule Details on the right of a baseline name.

    If you select Linux for OS, you can select any checks included in Baseline and edit rules. This function is not supported for Windows servers.

    Table 1 Baseline policy parameters

    Parameter

    Description

    Example Value

    Policy Name

    Policy name

    linux_web1_security_policy

    OS

    OS that will be checked.

    • Linux
    • Windows

    Linux

    Baseline

    Baseline used for a check. Check items are as follows:

    • For Linux:
      • Huawei Cloud security practices: Apache 2, Docker, MongoDB, Redis, MySQL 5, Nginx, Tomcat, SSH, vsftp, CentOS 7, EulerOS, EulerOS_ext, Kubernetes-Node, and Kubernetes-Master.
      • DJCP MLPS compliance: Apache 2, MongoDB, MySQL 5, Nginx, Tomcat, CentOS 6, CentOS 7, CentOS 8, Debian 9, Debian 10, Debian 11, Red Hat 6, Red Hat 7, Red Hat 8, Ubuntu 12, Ubuntu 14, Ubuntu 16, Ubuntu 18, Alma.
    • For Windows:
      • The cloud security practice baseline can check MongoDB, Apache2, MySQL, Nginx, Redis, Tomcat, Windows_2008, Windows_2012, Windows_2016, and Windows_2019.

    Cloud security practices: Select all.

    DJCP MLPS: Select all.

  6. Confirm the information, click Next, and select the server to be associated with the application based on the server name, server ID, EIP, or private IP address.

  7. Confirm the information and click OK. The baseline policy will be displayed in the policy list.

Editing a Baseline Check Policy

  1. Log in to the HSS management console.
  2. In the navigation pane on the left, choose Prediction > Baseline Checks.
  3. Click Policies in the upper right corner of the page.
  4. Click Edit in the Operation column of a policy. On the policy details page that is displayed, configure the policy name and check items.

    If you select Linux for OS, you can select any checks included in Baseline and edit rules. This function is not supported for Windows servers.

  5. Confirm the configuration, click Next, and select servers.
  6. Confirm the information and click OK. You can view the updated policy in the policy list.

Deleting a Baseline Check Policy

  1. Log in to the HSS management console.
  2. In the navigation pane on the left, choose Prediction > Baseline Checks.
  3. Click Policies in the upper right corner of the page.
  4. Click Delete in the Operation column of a policy. In the dialog box that is displayed, confirm the information and click OK.
Parent topic: Baseline Inspection