Help Center/ Host Security Service/ API Reference/ API Description/ Baseline Management/ Ignoring, Unignoring, Repairing, or Verifying the Failed Configuration Check Items
Updated on 2025-08-15 GMT+08:00

Ignoring, Unignoring, Repairing, or Verifying the Failed Configuration Check Items

Function

Ignore, unignore, repair, or verify the failed configuration check items.

Calling Method

For details, see Calling APIs.

URI

PUT /v5/{project_id}/baseline/check-rule/action

Table 1 Path Parameters

Parameter

Mandatory

Type

Description

project_id

Yes

String

Project ID.

Table 2 Query Parameters

Parameter

Mandatory

Type

Description

enterprise_project_id

No

String

ID of the enterprise project that a server belongs.

An enterprise project can be configured only after the enterprise project function is enabled.

Enterprise project ID. The value 0 indicates the default enterprise project. To query servers in all enterprise projects, set this parameter to all_granted_eps. If you have only the permission on an enterprise project, you need to transfer the enterprise project ID to query the server in the enterprise project. Otherwise, an error is reported due to insufficient permission.

host_id

No

String

Server ID. If this parameter is not specified, all the servers of the user are queried.

check_cce

No

Boolean

Whether to verify CCE.

action

Yes

String

Action.

  • ignore

  • unignore

  • fix

  • verify

Request Parameters

Table 3 Request header parameters

Parameter

Mandatory

Type

Description

X-Auth-Token

Yes

String

Definition

User token, which contains user identity and permissions. The token can be used for identity authentication when an API is called. For details about how to obtain the token, see Obtaining a User Token.

Constraints

N/A

Range

The value can contain 1 to 32,768 characters.

Default Value

N/A

Table 4 Request body parameters

Parameter

Mandatory

Type

Description

check_rules

No

Array of CheckRuleKeyInfoRequestInfo objects

Check item ID list

Table 5 CheckRuleKeyInfoRequestInfo

Parameter

Mandatory

Type

Description

check_name

No

String

Name of the configuration check (baseline), for example, SSH, CentOS 7, and Windows.

check_rule_id

No

String

Check item ID, which can be obtained from the return data of this API: /v5/{project_id}/baseline/risk-config/{check_name}/check-rules

standard

No

String

Baseline standards. The options are as follows:

  • cn_standard: DJCP MLPS compliance standard

  • hw_standard: Cloud security practice standard

fix_values

No

Array of CheckRuleFixValuesInfo objects

User-entered repair parameters of check items

Table 6 CheckRuleFixValuesInfo

Parameter

Mandatory

Type

Description

rule_param_id

No

Integer

Parameter ID of the check item

fix_value

No

Integer

Parameter value of the check item

Response Parameters

Status code: 200

Request succeeded.

None

Example Requests

  • This API is used to ignore the configuration check items whose baseline name is SSH, check item ID is 1.11, check standard is cloud security practice standard, and enterprise project ID is xxx. This operation applies to all affected servers.

    PUT https://{endpoint}/v5/{project_id}/baseline/check-rule/action?enterprise_project_id=xxx&action=ignore
    
    {
      "check_rules" : [ {
        "check_name" : "SSH",
        "check_rule_id" : "1.11",
        "standard" : "hw_standard"
      } ]
    }
  • This API is used to restore the configuration check items whose baseline name is SSH, check item ID is 1.11, check standard is cloud security practice standard, and enterprise project ID is xxx. This operation applies only to the server whose ID is xxx. The restoration parameters are as follows: Set the value of the repair item whose ID is 1 to 5 and the value of the repair item whose ID is 2 to 20.

    PUT https://{endpoint}/v5/{project_id}/baseline/check-rule/action?enterprise_project_id=xxx&host_id=xxx&action=fix
    
    {
      "check_rules" : [ {
        "check_name" : "SSH",
        "check_rule_id" : "1.11",
        "standard" : "hw_standard",
        "fix_values" : [ {
          "rule_param_id" : 1,
          "fix_value" : 5
        }, {
          "rule_param_id" : 2,
          "fix_value" : 20
        } ]
      } ]
    }

Example Responses

None

SDK Sample Code

The SDK sample code is as follows.

  • This API is used to ignore the configuration check items whose baseline name is SSH, check item ID is 1.11, check standard is cloud security practice standard, and enterprise project ID is xxx. This operation applies to all affected servers.

     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    50
    51
    52
    53
    54
    55
    56
    57
    58
    59
    package com.huaweicloud.sdk.test;
    
    import com.huaweicloud.sdk.core.auth.ICredential;
    import com.huaweicloud.sdk.core.auth.BasicCredentials;
    import com.huaweicloud.sdk.core.exception.ConnectionException;
    import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
    import com.huaweicloud.sdk.core.exception.ServiceResponseException;
    import com.huaweicloud.sdk.hss.v5.region.HssRegion;
    import com.huaweicloud.sdk.hss.v5.*;
    import com.huaweicloud.sdk.hss.v5.model.*;
    
    import java.util.List;
    import java.util.ArrayList;
    
    public class ChangeCheckRuleActionSolution {
    
        public static void main(String[] args) {
            // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
            // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
            String ak = System.getenv("CLOUD_SDK_AK");
            String sk = System.getenv("CLOUD_SDK_SK");
            String projectId = "{project_id}";
    
            ICredential auth = new BasicCredentials()
                    .withProjectId(projectId)
                    .withAk(ak)
                    .withSk(sk);
    
            HssClient client = HssClient.newBuilder()
                    .withCredential(auth)
                    .withRegion(HssRegion.valueOf("<YOUR REGION>"))
                    .build();
            ChangeCheckRuleActionRequest request = new ChangeCheckRuleActionRequest();
            CheckRuleIdListRequestInfo body = new CheckRuleIdListRequestInfo();
            List<CheckRuleKeyInfoRequestInfo> listbodyCheckRules = new ArrayList<>();
            listbodyCheckRules.add(
                new CheckRuleKeyInfoRequestInfo()
                    .withCheckName("SSH")
                    .withCheckRuleId("1.11")
                    .withStandard("hw_standard")
            );
            body.withCheckRules(listbodyCheckRules);
            request.withBody(body);
            try {
                ChangeCheckRuleActionResponse response = client.changeCheckRuleAction(request);
                System.out.println(response.toString());
            } catch (ConnectionException e) {
                e.printStackTrace();
            } catch (RequestTimeoutException e) {
                e.printStackTrace();
            } catch (ServiceResponseException e) {
                e.printStackTrace();
                System.out.println(e.getHttpStatusCode());
                System.out.println(e.getRequestId());
                System.out.println(e.getErrorCode());
                System.out.println(e.getErrorMsg());
            }
        }
    }
    
  • This API is used to restore the configuration check items whose baseline name is SSH, check item ID is 1.11, check standard is cloud security practice standard, and enterprise project ID is xxx. This operation applies only to the server whose ID is xxx. The restoration parameters are as follows: Set the value of the repair item whose ID is 1 to 5 and the value of the repair item whose ID is 2 to 20.

     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    50
    51
    52
    53
    54
    55
    56
    57
    58
    59
    60
    61
    62
    63
    64
    65
    66
    67
    68
    69
    70
    71
    package com.huaweicloud.sdk.test;
    
    import com.huaweicloud.sdk.core.auth.ICredential;
    import com.huaweicloud.sdk.core.auth.BasicCredentials;
    import com.huaweicloud.sdk.core.exception.ConnectionException;
    import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
    import com.huaweicloud.sdk.core.exception.ServiceResponseException;
    import com.huaweicloud.sdk.hss.v5.region.HssRegion;
    import com.huaweicloud.sdk.hss.v5.*;
    import com.huaweicloud.sdk.hss.v5.model.*;
    
    import java.util.List;
    import java.util.ArrayList;
    
    public class ChangeCheckRuleActionSolution {
    
        public static void main(String[] args) {
            // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
            // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
            String ak = System.getenv("CLOUD_SDK_AK");
            String sk = System.getenv("CLOUD_SDK_SK");
            String projectId = "{project_id}";
    
            ICredential auth = new BasicCredentials()
                    .withProjectId(projectId)
                    .withAk(ak)
                    .withSk(sk);
    
            HssClient client = HssClient.newBuilder()
                    .withCredential(auth)
                    .withRegion(HssRegion.valueOf("<YOUR REGION>"))
                    .build();
            ChangeCheckRuleActionRequest request = new ChangeCheckRuleActionRequest();
            CheckRuleIdListRequestInfo body = new CheckRuleIdListRequestInfo();
            List<CheckRuleFixValuesInfo> listCheckRulesFixValues = new ArrayList<>();
            listCheckRulesFixValues.add(
                new CheckRuleFixValuesInfo()
                    .withRuleParamId(1)
                    .withFixValue(5)
            );
            listCheckRulesFixValues.add(
                new CheckRuleFixValuesInfo()
                    .withRuleParamId(2)
                    .withFixValue(20)
            );
            List<CheckRuleKeyInfoRequestInfo> listbodyCheckRules = new ArrayList<>();
            listbodyCheckRules.add(
                new CheckRuleKeyInfoRequestInfo()
                    .withCheckName("SSH")
                    .withCheckRuleId("1.11")
                    .withStandard("hw_standard")
                    .withFixValues(listCheckRulesFixValues)
            );
            body.withCheckRules(listbodyCheckRules);
            request.withBody(body);
            try {
                ChangeCheckRuleActionResponse response = client.changeCheckRuleAction(request);
                System.out.println(response.toString());
            } catch (ConnectionException e) {
                e.printStackTrace();
            } catch (RequestTimeoutException e) {
                e.printStackTrace();
            } catch (ServiceResponseException e) {
                e.printStackTrace();
                System.out.println(e.getHttpStatusCode());
                System.out.println(e.getRequestId());
                System.out.println(e.getErrorCode());
                System.out.println(e.getErrorMsg());
            }
        }
    }
    
  • This API is used to ignore the configuration check items whose baseline name is SSH, check item ID is 1.11, check standard is cloud security practice standard, and enterprise project ID is xxx. This operation applies to all affected servers.

     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    # coding: utf-8
    
    import os
    from huaweicloudsdkcore.auth.credentials import BasicCredentials
    from huaweicloudsdkhss.v5.region.hss_region import HssRegion
    from huaweicloudsdkcore.exceptions import exceptions
    from huaweicloudsdkhss.v5 import *
    
    if __name__ == "__main__":
        # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        ak = os.environ["CLOUD_SDK_AK"]
        sk = os.environ["CLOUD_SDK_SK"]
        projectId = "{project_id}"
    
        credentials = BasicCredentials(ak, sk, projectId)
    
        client = HssClient.new_builder() \
            .with_credentials(credentials) \
            .with_region(HssRegion.value_of("<YOUR REGION>")) \
            .build()
    
        try:
            request = ChangeCheckRuleActionRequest()
            listCheckRulesbody = [
                CheckRuleKeyInfoRequestInfo(
                    check_name="SSH",
                    check_rule_id="1.11",
                    standard="hw_standard"
                )
            ]
            request.body = CheckRuleIdListRequestInfo(
                check_rules=listCheckRulesbody
            )
            response = client.change_check_rule_action(request)
            print(response)
        except exceptions.ClientRequestException as e:
            print(e.status_code)
            print(e.request_id)
            print(e.error_code)
            print(e.error_msg)
    
  • This API is used to restore the configuration check items whose baseline name is SSH, check item ID is 1.11, check standard is cloud security practice standard, and enterprise project ID is xxx. This operation applies only to the server whose ID is xxx. The restoration parameters are as follows: Set the value of the repair item whose ID is 1 to 5 and the value of the repair item whose ID is 2 to 20.

     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    50
    51
    52
    # coding: utf-8
    
    import os
    from huaweicloudsdkcore.auth.credentials import BasicCredentials
    from huaweicloudsdkhss.v5.region.hss_region import HssRegion
    from huaweicloudsdkcore.exceptions import exceptions
    from huaweicloudsdkhss.v5 import *
    
    if __name__ == "__main__":
        # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        ak = os.environ["CLOUD_SDK_AK"]
        sk = os.environ["CLOUD_SDK_SK"]
        projectId = "{project_id}"
    
        credentials = BasicCredentials(ak, sk, projectId)
    
        client = HssClient.new_builder() \
            .with_credentials(credentials) \
            .with_region(HssRegion.value_of("<YOUR REGION>")) \
            .build()
    
        try:
            request = ChangeCheckRuleActionRequest()
            listFixValuesCheckRules = [
                CheckRuleFixValuesInfo(
                    rule_param_id=1,
                    fix_value=5
                ),
                CheckRuleFixValuesInfo(
                    rule_param_id=2,
                    fix_value=20
                )
            ]
            listCheckRulesbody = [
                CheckRuleKeyInfoRequestInfo(
                    check_name="SSH",
                    check_rule_id="1.11",
                    standard="hw_standard",
                    fix_values=listFixValuesCheckRules
                )
            ]
            request.body = CheckRuleIdListRequestInfo(
                check_rules=listCheckRulesbody
            )
            response = client.change_check_rule_action(request)
            print(response)
        except exceptions.ClientRequestException as e:
            print(e.status_code)
            print(e.request_id)
            print(e.error_code)
            print(e.error_msg)
    
  • This API is used to ignore the configuration check items whose baseline name is SSH, check item ID is 1.11, check standard is cloud security practice standard, and enterprise project ID is xxx. This operation applies to all affected servers.

     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    50
    package main
    
    import (
    	"fmt"
    	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
        hss "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/hss/v5"
    	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/hss/v5/model"
        region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/hss/v5/region"
    )
    
    func main() {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        ak := os.Getenv("CLOUD_SDK_AK")
        sk := os.Getenv("CLOUD_SDK_SK")
        projectId := "{project_id}"
    
        auth := basic.NewCredentialsBuilder().
            WithAk(ak).
            WithSk(sk).
            WithProjectId(projectId).
            Build()
    
        client := hss.NewHssClient(
            hss.HssClientBuilder().
                WithRegion(region.ValueOf("<YOUR REGION>")).
                WithCredential(auth).
                Build())
    
        request := &model.ChangeCheckRuleActionRequest{}
    	checkNameCheckRules:= "SSH"
    	checkRuleIdCheckRules:= "1.11"
    	standardCheckRules:= "hw_standard"
    	var listCheckRulesbody = []model.CheckRuleKeyInfoRequestInfo{
            {
                CheckName: &checkNameCheckRules,
                CheckRuleId: &checkRuleIdCheckRules,
                Standard: &standardCheckRules,
            },
        }
    	request.Body = &model.CheckRuleIdListRequestInfo{
    		CheckRules: &listCheckRulesbody,
    	}
    	response, err := client.ChangeCheckRuleAction(request)
    	if err == nil {
            fmt.Printf("%+v\n", response)
        } else {
            fmt.Println(err)
        }
    }
    
  • This API is used to restore the configuration check items whose baseline name is SSH, check item ID is 1.11, check standard is cloud security practice standard, and enterprise project ID is xxx. This operation applies only to the server whose ID is xxx. The restoration parameters are as follows: Set the value of the repair item whose ID is 1 to 5 and the value of the repair item whose ID is 2 to 20.

     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    50
    51
    52
    53
    54
    55
    56
    57
    58
    59
    60
    61
    62
    63
    64
    65
    package main
    
    import (
    	"fmt"
    	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
        hss "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/hss/v5"
    	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/hss/v5/model"
        region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/hss/v5/region"
    )
    
    func main() {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        ak := os.Getenv("CLOUD_SDK_AK")
        sk := os.Getenv("CLOUD_SDK_SK")
        projectId := "{project_id}"
    
        auth := basic.NewCredentialsBuilder().
            WithAk(ak).
            WithSk(sk).
            WithProjectId(projectId).
            Build()
    
        client := hss.NewHssClient(
            hss.HssClientBuilder().
                WithRegion(region.ValueOf("<YOUR REGION>")).
                WithCredential(auth).
                Build())
    
        request := &model.ChangeCheckRuleActionRequest{}
    	ruleParamIdFixValues:= int32(1)
    	fixValueFixValues:= int32(5)
    	ruleParamIdFixValues1:= int32(2)
    	fixValueFixValues1:= int32(20)
    	var listFixValuesCheckRules = []model.CheckRuleFixValuesInfo{
            {
                RuleParamId: &ruleParamIdFixValues,
                FixValue: &fixValueFixValues,
            },
            {
                RuleParamId: &ruleParamIdFixValues1,
                FixValue: &fixValueFixValues1,
            },
        }
    	checkNameCheckRules:= "SSH"
    	checkRuleIdCheckRules:= "1.11"
    	standardCheckRules:= "hw_standard"
    	var listCheckRulesbody = []model.CheckRuleKeyInfoRequestInfo{
            {
                CheckName: &checkNameCheckRules,
                CheckRuleId: &checkRuleIdCheckRules,
                Standard: &standardCheckRules,
                FixValues: &listFixValuesCheckRules,
            },
        }
    	request.Body = &model.CheckRuleIdListRequestInfo{
    		CheckRules: &listCheckRulesbody,
    	}
    	response, err := client.ChangeCheckRuleAction(request)
    	if err == nil {
            fmt.Printf("%+v\n", response)
        } else {
            fmt.Println(err)
        }
    }
    

For SDK sample code of more programming languages, see the Sample Code tab in API Explorer. SDK sample code can be automatically generated.

Status Codes

Status Code

Description

200

Request succeeded.

Error Codes

See Error Codes.