Suggestions on Fixing Unsafe Settings
This topic provides suggestions on how to fix unsafe settings found by HSS.
Changing the Password Complexity Policy
- To monitor the password complexity policy on a Linux server, install the Pluggable Authentication Modules (PAM) on the server. For details, see How Do I Install a PAM in a Linux OS?
- For details about how to modify the password complexity policy on a Linux server, see How Do I Install a PAM and Set a Proper Password Complexity Policy in a Linux OS?
- For details about how to modify the password complexity policy on a Windows server, see How Do I Set a Secure Password Complexity Policy in a Windows OS?
After modifying the password complexity policy, you are advised to perform manual detection in the upper part of the Baseline Checks page to verify the result. If you do not perform manual verification, HSS will automatically check the settings the next day in the early morning.
Improving Password Strength
- To enhance server security, you are advised to modify the accounts with weak passwords for logging in to the system in a timely manner, such as SSH accounts.
- To protect internal data of your server, you are advised to modify software accounts that use weak passwords, such as MySQL accounts and FTP accounts.
After modifying weak passwords, you are advised to perform manual detection immediately to verify the result. If you do not perform manual verification, HSS will automatically check the settings the next day in the early morning.
Handling Unsafe Configurations
Insecure configurations of key applications will probably be exploited by hackers to intrude servers. Such configurations include insecure encryption algorithms used by SSH and Tomcat startup with root permissions.
HSS can detect unsafe configurations provide detailed suggestions.
- On the HSS console, choose Asset Management > Servers & Quota and click the Servers tab.
If your servers are managed by enterprise projects, you can select the target enterprise project to view or operate the asset and detection information.
- Search for the target server and click the server name to go to the server details page.
Figure 1 Locating the target server
- Click the Baseline Checks and click the Unsafe Configurations tab. Click the icon before a risk item to expand and view all check item details.
Figure 2 Viewing check item details
- Handle risk items.
- Ignoring risks
Click Ignore in the Operation column of the target check item to ignore a single check item.
Select multiple check items and click Ignore to ignore them in batches.
Figure 3 Ignoring risks
- Fixing risks
- Click View Details in the Operation column of the target risk item to view the check item details.
- View the audit description and suggestions, and handle the risks based on the suggestions or the expected results of the test case information.
Fix the settings with high severity immediately and repair those with medium or low severity based on service requirements.
Figure 4 Viewing the handling suggestions
- Ignoring risks
Feedback
Was this page helpful?
Provide feedbackFor any further questions, feel free to contact us through the chatbot.
Chatbot
