Docs
uhids
Product Introduction
Main Functions

Main Functions

1. Intrusion Detection

SSH Remote Login

UHIDS collects the user’s commonly used SSH login source addresses. An alarm will be issued to notify the user if SSH logins from uncommon sources are detected.

SSH Brute Force Attack

UHIDS continually analyzes SSH login logs, detects successful brute force attacks, and alerts the user.

Backdoor Trojan

By examining network features of processes such as network connections, UHIDS will alert the user if backdoor trojans are detected.

Abnormal Process

By examining the startup directories and executed programs of processes, UHIDS will alert the user if suspicious Trojan processes are detected.

2. Vulnerability Detection

System Vulnerability Detection

UHIDS collects kernel versions, dynamic library versions, and configuration information and compares them with historical vulnerability databases. If vulnerable versions are found, an alarm is issued to notify the user.

Third-Party Software Vulnerability Detection

UHIDS collects version information of third-party software like Nginx, sshd, and MySQL and compares them with the historical third-party software vulnerability database. If vulnerable versions are found, an alarm is issued to notify the user.

3. Baseline Check

Weak Password Verification

Based on a weak password dictionary, UHIDS regularly checks the system accounts, MySQL accounts, etc., for weak passwords. If weak passwords are found, an alarm is issued to notify the user.

Application Layer Configuration Verification

UHIDS has a built-in security baseline library that is regularly updated. It reads and analyzes the configuration of application layer software (for example, PHP\Mangodb\Redis\mysql\nginx\httpd etc.) to judge whether the configuration items meet the requirements of the security baseline configuration. If not, the user is alerted.

4. Alarm Management

To enable users to understand the security status of their cloud hosts in real-time, UHIDS provides alarm management functions and a whitelist mechanism for user customization.

Login IP Whitelist

UHIDS supports the setting of a whitelist mechanism for login IP addresses.

Login Location Whitelist

UHIDS supports the setting of a whitelist mechanism for login cities.

Alarm Settings

UHIDS supports email and SMS alarm methods, which are convenient for users to detect and dispose of corresponding risks or threat events on the cloud host in real-time, thereby reducing the security risks the cloud host faces.

Product AdvantagesIntroduction to Architecture and Principles