Security Configuration
enable_security_policy
Parameter description: Specifies whether the unified audit and dynamic data masking policies take effect.
This parameter is a SIGHUP parameter. Set it based on instructions provided in Table 1.
Value range: Boolean
on: The security policy is enabled.
off: The security policy is disabled.
Default value: off
use_elastic_search
Parameter description: Specifies whether to send unified audit logs to Elasticsearch. If enable_security_policy and this parameter are enabled, unified audit logs are sent to Elasticsearch through HTTP or HTTPS (used by default). After this parameter is enabled, ensure that the Elasticsearch service corresponding to elastic_search_ip_addr can be properly connected. Otherwise, the process fails to be started.
This parameter is a POSTMASTER parameter. Set it based on instructions provided in Table 1.
Value range: Boolean
on: Unified audit logs are sent to Elasticsearch.
off: Unified audit logs are not sent to Elasticsearch.
Default value: off
elastic_search_ip_addr
Parameter description: Specifies the IP address of the Elasticsearch system. If HTTPS is used, the format is https://ip:port:username. If HTTP is used, the format is http://ip:port. In the preceding command, ip indicates the IP address of the Elasticsearch server. port indicates the listening port for Elasticsearch HTTP communication, and the value ranges from 9200 to 9299. username indicates the username used for registering an Elasticsearch account. The initial user is elastic. If HTTPS is used, related certificates need to be configured. For details, see "Unified Auditing" in the Security Hardening Guide.
This parameter is a POSTMASTER parameter. Set it based on instructions provided in Table 1.
Value range: a string
Default value: ''
is_sysadmin
Parameter description: Specifies whether the current user is an initial user.
This parameter is a fixed INTERNAL parameter and cannot be modified.
Value range: Boolean
on indicates that the user is an initial user.
off indicates that the user is not an initial user.
Default value: off
block_encryption_mode
Parameter description: Specifies the block encryption mode used by the aes_encrypt and aes_decrypt functions for encryption and decryption.
This parameter is a USERSET parameter. Set it based on instructions provided in Table 1.
Value range: enumerated values. Valid values are aes-128-cbc, aes-192-cbc, aes-256-cbc, aes-128-cfb1, aes-192-cfb1, aes-256-cfb1, aes-128-cfb8, aes-192-cfb8, aes-256-cfb8, aes-128-cfb128, aes-192-cfb128, aes-256-cfb128, aes-128-ofb, aes-192-ofb, and aes-256-ofb. aes indicates the encryption or decryption algorithm. 128, 192, and 256 indicate the key length (unit: bit). cbc, cfb1, cfb8, cfb128, and ofb indicate the block encryption or decryption mode.
Default value: aes-128-cbc
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
