Enabling Container Protection

Before enabling protection for a container node, you need to allocate quota to a specified node. If the protection is disabled or the node is deleted, the quota can be allocated to other nodes.

Check Frequency

HSS performs a full check in the early morning every day.

After you enable server protection, you can view scan results after the automatic scan in the next early morning.

Constraints

Currently, HSS can only protect Docker and Containerd containers.

Prerequisites

Choose and click the Container Nodes tab. The Agent Status of the target node is Online and the Protection Status is Unprotected.
You have created nodes on CCE.

Procedure

Log in to the management console.
Click in the upper left corner and select a region or project.
In the upper left corner of the page, click and choose Security > Host Security Service.
In the navigation pane, choose Asset Management > Containers. The Container Nodes tab is displayed.
In the Operation column of the node list, click Enable Protection.
In the displayed dialog box, confirm the server information.
Click OK. If the Protection Status of the server changes to Protected, protection has been enabled.
- A container security quota protects one cluster node.
- If the version of the agent installed on the Linux server is 3.2.8 or later or the version of the agent installed on the Windows server is 4.0.16 or later, ransomware prevention is automatically enabled with the container edition. To enhance ransomware prevention, you can configure specified protected directories. You are also advised to enable backup so that you can restore data in the case of a ransomware attack to minimize losses. For details, see Modifying a Protection Policy and Enabling Ransomware Backup.

Related Operations

Disabling protection for a node

Choose Asset Management > Containers. In the node list on the Container Nodes tab, click Disable Protection in the Operation column.

Before disabling protection, perform a comprehensive detection on the container, handle detected risks, and record operation information to prevent O&M errors and attacks on the container.
After protection is disabled, clear important data on the container, stop important applications on the container, and disconnect the container from the external network to avoid unnecessary loss caused by attacks.

Parent topic: Enabling Protection

Previous topic: Enabling Web Tamper Protection

Next topic: Checking the Dashboard

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.

Chatbot