Image Baseline Check
Your private image repository is scanned for unsafe configurations and provides suggestions for modifying the configurations, helping you fight intrusions and meet compliance requirements.
Check Frequency
A comprehensive check is automatically performed by at 04:10 every day.
Prerequisites
Container protection has been enabled.
Constraints
Only configuration risks in Linux images can be detected.
Check Items
- Accounts with duplicate names or UIDs
- Non-root accounts whose UIDs are 0
- Password check in code
- Accounts with duplicate password hash values
- Weak password hash algorithms
- The account password is not empty.
- Duplicate group names or GIDs
- Non-privileged account incorrectly included in the privilege group
- Old "+" entries in the /etc/passwd file
- Old "+" entries in the /etc/shadow file
- Old "+" entries in the /etc/group file
- Ensuring all groups in the /etc/passwd file are in the /etc/group file
- Unconfigured password validity period
- Ensuring that the password change dates of all users are past dates.
- Host trust relationship
- Preset root-level trust relationship establishment
- The default group of user root is GID 0.
- Members in the shadow group
Procedure
- Log in to the management console.
- Click in the upper left corner of the page, select a region, and choose Security > Host Security Service.
- In the navigation tree on the left, choose Prediction > Container Images.
- Click the Unsafe Settings tab to view the unsafe settings in the image.
- Click next to a check item to view its details and suggestions, and modify your unsafe settings accordingly.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot