Updated on 2024-11-15 GMT+08:00

Handling Unsafe Containers

Scenario

HSS can detect container security risks and classify them into the following types:

  • Critical: malicious program
  • High risk: ransomware attacks, malicious programs, reverse shells, escape attacks, and dangerous commands
  • Medium risk: web shell, abnormal startup, process exception, and sensitive file access
  • Low risk: brute-force attack

To prevent containers with medium or higher security risks from affecting other containers, you can isolate, suspend, or stop risky containers.

Constraints

  • Only the HSS container edition supports this function. For details about how to purchase and upgrade HSS, see Purchasing an HSS Quota and Upgrading Your Edition.
  • Only Linux containers are supported.
  • Only containers with medium or higher security risks can be handled.

Handling Unsafe Containers

  1. Log in to the management console.
  2. In the upper left corner of the page, select a region, click , and choose Security & Compliance > HSS.
  3. In the navigation pane, choose Asset Management > Containers & Quota.

    If your servers are managed by enterprise projects, you can select the target enterprise project to view or operate the asset and detection information.

  4. Choose Containers. The container page is displayed.
  5. In the search box above the container list, choose Risks > Risky to filter risky containers.

    Figure 1 Filtering risky containers

  6. In the Operation column of the target risky container, select the operation to be performed.

    Cluster containers can be stopped. Independent containers can be isolated, suspended, and stopped.

    Only containers with medium or higher risks can be handled. You can view the security risk distribution.

    • Isolate containers: After a container is isolated, you cannot access the container when the container is running, and the container cannot access the mount directory of the host or the system file of the container.
      1. Click Isolate.
      2. In the dialog box that is displayed, click OK.
    • Suspend containers: Freeze the processes running in the container.
      1. Click Suspend.
      2. In the dialog box that is displayed, click OK.
    • Stop containers: Terminate a running container process. If autoremove is configured for the container, the container cannot be resumed.
      1. Click Stop Container.
      2. In the dialog box that is displayed, click OK.

Related Operations

Restoring a container to the running state

Restores a container from the Isolate, Waiting, or Terminated state to the Running state.

If autoremove is configured for a terminated container, the container cannot be resumed.

  1. In the row containing the target container, click Restore in the Operation column.
  2. In the dialog box that is displayed, click OK.