Image Baseline Check

Check Frequency

A comprehensive check is automatically performed by HSS at 04:10 every day.

Prerequisites

Container protection has been enabled.

Constraints

Only configuration risks in Linux images can be detected.

Check Items

• Accounts with duplicate names or UIDs
• Non-root accounts whose UIDs are 0
• Password check in code
• Accounts with duplicate password hash values
• Weak password hash algorithms
• The account password is not empty.
• Duplicate group names or GIDs
• Non-privileged account incorrectly included in the privilege group
• Old "+" entries in the /etc/passwd file
• Old "+" entries in the /etc/shadow file
• Old "+" entries in the /etc/group file
• Ensuring all groups in the /etc/passwd file are in the /etc/group file
• Unconfigured password validity period
• Ensuring that the password change dates of all users are past dates.
• Host trust relationship
• Preset root-level trust relationship establishment
• The default group of user root is GID 0.
• Members in the shadow group

Procedure

1. Log in to the management console.
2. Click in the upper left corner of the page, select a region, and choose Security > Host Security Service.
3. In the navigation tree on the left, choose Prediction > Container Images.
4. Click the Unsafe Settings tab to view the unsafe settings in the image.
5. Click next to a check item to view its details and suggestions, and modify your unsafe settings accordingly.