检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Range N/A audit String Definition Audit description of the check item (rule). Range N/A remediation String Definition Modification suggestions for the check item (rule). Range N/A check_info_list Array of CheckRuleCheckCaseResponseInfo objects Definition Test case information.
View the content in the Audit Description, Suggestion, and Affected Servers. Rectify the unsafe settings. Currently, one-click fixing is supported for some EulerOS baseline configurations and CentOS 8 baseline configurations.
Example: administrators, database users, audit users Open Control Panel. Click Administrative Tools. Open Computer Management. Choose System Tools > Local Users and Groups. Create users and groups as needed. Periodically check and delete unnecessary accounts.
In the row of a baseline item, click View Details in the Operation column to view the check item description, audit description, and suggestions. You can fix the baseline items that failed to pass the check based on the suggestions.
166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 apiVersion: v1 kind: Namespace metadata: labels: admission.gatekeeper.sh/ignore: no-self-managing control-plane: controller-manager gatekeeper.sh/system: "yes" pod-security.kubernetes.io/audit
Example: administrators, database users, audit users Open Control Panel. Click Administrative Tools. Open Computer Management. Choose System Tools > Local Users and Groups. Create users and groups as needed. Periodically check and delete unnecessary accounts.
Table 26 Container audit Function Description Basic Edition Professional Edition Enterprise Edition Premium Edition WTP Edition Container Edition Container audit Keep track of the operations and activities in your container clusters, gaining insight into every phase of the container
AUDIT_READ Allow reading audit logs via multicast netlink socket. BLOCK_SUSPEND Allow suspension prevention. BPF Allow creating BPF maps, loading BPF Type Format (BTF) data, retrieve JITED code of BPF programs, and more.
You can use the following examples to learn how to query a specific trace: Use CTS to audit Elastic Volume Service (EVS) creation and deletion operations from the last two weeks. For details, see Security Auditing.
Check Whether the Audit Login Is Successful After this function is enabled, HSS reports successful logins. : enabled : disabled Block Non-whitelisted Attack IP Address After this function is enabled, HSS blocks the login of brute force IP addresses (non-whitelisted IP addresses).
enterprise_project_id=xxx Example Responses Status code: 200 Request succeeded. { "total_num" : 1, "data_list" : [ { "check_name" : "Docker", "check_rule_num" : 25, "check_type" : "Docker", "check_type_desc" : "Configuring security audit of Docker's host configurations
Linux system configurations: iptables rules Windows system configurations: Firewall rules System login event audit policy and the configuration of login security layer and authentication mode Windows Remote Management trusted server list Restrictions on Brute-force Attack Defense
operations that can be recorded by CTS Operation Resource Type Trace Name Query container image operation logs hss listContainerImageLogs Query the container image list hss listContainerImages Query the container basic information list hss listContainers Query the Kubernetes cluster audit
