Handling Risk Containers
Scenario
HSS can detect container security risks and classify them into the following types:
- Critical: malicious program
- High risk: ransomware attacks, malicious programs, reverse shells, escape attacks, and dangerous commands
- Medium risk: web shell, abnormal startup, process exception, and sensitive file access
- Low risk: brute-force attack
To prevent containers with medium or higher security risks from affecting other containers, you can isolate, suspend, or kill risky containers.
Constraints
- Only the HSS container edition supports this function.
- Only Linux containers are supported.
- Only containers with medium or higher security risks can be handled.
Procedure
- Log in to the management console.
- Click in the upper left corner of the page, select a region, and choose Security > Host Security Service.
- In the navigation pane, choose Asset Management > Containers & Quota.
- Choose Containers. The container page is displayed.
- Enter Risk in the search box and click to filter containers with security risks.
- In the Operation column of the target risky container, select the operation to be performed.
Cluster containers can be killed. Single-node containers can be isolated, suspended, and killed.
Only containers with medium or higher risks can be handled. You can view the security risk distribution.
- Isolate containers: After a container is isolated, you cannot access the container when the container is running, and the container cannot access the mount directory of the host or the system file of the container.
- Click Isolate.
- In the dialog box that is displayed, click OK.
- Suspend containers: Freeze the processes running in the container.
- Click Suspend.
- In the dialog box that is displayed, click OK.
- Kill containers: Terminate a running container process. If autoremove is configured for the container, the container cannot be resumed.
- Click Kill to kill the container.
- In the dialog box that is displayed, click OK.
- Isolate containers: After a container is isolated, you cannot access the container when the container is running, and the container cannot access the mount directory of the host or the system file of the container.
Follow-up Procedure
Restoring a container to the running state
Restores a container from the Isolate, Waiting, or Terminated state to the Running state.
If autoremove is configured for a terminated container, the container cannot be resumed.
- In the row containing the target container, click Restore in the Operation column.
- In the dialog box that is displayed, click OK.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot