(Optional) Configuring Policies
You can customize security policies by configuring a process whitelist (a list of file paths allowed to be executed in the container) and file protection list (a list of the read-only file directories in the container) to prevent risks during the running of the container, and keep systems and applications secure.
Prerequisites
The cluster protection function has been enabled.
Adding a Security Policy
- Log in to the management console.
- In the upper part of the page, select a region, click , and choose Security & Compliance > Container Guard Service.
- In the navigation pane on the left, choose Security Configurations.
- Click the Policies tab. In the upper part of the policy list, click Add.
- On the displayed page, configure the policy. See Figure 1. For details, see Table 1.
Table 1 Parameter description Parameter
Description
Policy Name
Name of a policy
Process Whitelist
User-defined.
Indicates process file paths allowed to be executed in a container. The process whitelist function can effectively prevent security risks, such as abnormal processes, privilege escalation attacks, and violation operations.
File Protection
User-defined.
Indicates read-only file directories in a container. Setting the file protection list can effectively prevent security risks such as file tampering.
- Click OK.
Associating an Image
After adding a policy, you can associate an image and apply the policy to the associated image.
- Log in to the management console.
- In the upper part of the page, select a region, click , and choose Security & Compliance > Container Guard Service.
- In the navigation pane on the left, choose Security Configurations.
- Click the Policies tab. Locate the row that contains the policy which you want to associate an image with, and click Associate Image in the Operation column.
- In the Associate Image dialog box, select images, as shown in Figure 2.
- Select an image and click OK.
After the image is associated, you can view the monitoring results of malicious files and container exceptions in the image file. For details, see Viewing Malicious File Detection Results and Viewing Container Runtime Security Details.
Other Operations
- Viewing a policy
In the policy list, click the name of a policy to view its information.
- Editing a policy
In the row containing the policy to be modified, click Edit in the Operation column to modify the policy name, process name, and file protection information.
- Deleting a policy
In the row containing the policy to be deleted, click Delete in the Operation column.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot