Updated on 2022-12-29 GMT+08:00

Suggestions on Fixing Unsafe Settings

This topic provides suggestions on how to fix unsafe settings found by HSS.

Changing the Password Complexity Policy

After modifying the password complexity policy, you are advised to perform manual detection in the upper part of the Baseline Checks page to verify the result. If you do not perform manual verification, HSS will automatically check the settings the next day in the early morning.

Improving Password Strength

  • To enhance server security, you are advised to modify the accounts with weak passwords for logging in to the system in a timely manner, such as SSH accounts.
  • To protect internal data of your server, you are advised to modify software accounts that use weak passwords, such as MySQL accounts and FTP accounts.

After modifying weak passwords, you are advised to perform manual detection immediately to verify the result. If you do not perform manual verification, HSS will automatically check the settings the next day in the early morning.

Handling Unsafe Configurations

Insecure configurations of key applications will probably be exploited by hackers to intrude servers. Such configurations include insecure encryption algorithms used by SSH and Tomcat startup with root permissions.

HSS can detect unsafe configurations provide detailed suggestions.

  1. On the HSS console, choose Asset Management > Servers & Quota and click the Servers tab.

    If your servers are managed by enterprise projects, you can select the target enterprise project to view or operate the asset and detection information.

  2. Search for the target server and click the server name to go to the server details page.

    Figure 1 Locating the target server

  3. Click the Baseline Checks and click the Unsafe Configurations tab. Click the icon before a risk item to expand and view all check item details.

    Figure 2 Viewing check item details

  4. Handle risk items.

    • Ignoring risks

      Click Ignore in the Operation column of the target check item to ignore a single check item.

      Select multiple check items and click Ignore to ignore them in batches.

      Figure 3 Ignoring risks
    • Fixing risks
      1. Click View Details in the Operation column of the target risk item to view the check item details.
      2. View the audit description and suggestions, and handle the risks based on the suggestions or the expected results of the test case information.

        Fix the settings with high severity immediately and repair those with medium or low severity based on service requirements.

        Figure 4 Viewing the handling suggestions