Skip to Content

Security Baseline Check

The security baseline check automatically detects risk points in the system, middleware, database, and account configurations on your servers and provides repair suggestions for the identified issues.

Detection Principle

The detection mechanism works by deploying the installed client Agent on the machine system to check the corresponding application configurations, environment settings, and specific parameters. Using the loaded configuration rule files, security risk detection is performed locally. Different detection items use different rules to check for risk characteristics. When a risk rule is triggered, a risk point is highlighted and repair suggestions are provided.

Detection Cycle

  • The plugin will immediately scan and detect each time it starts or restarts, with the default scanning occurring every 12 hours.
  • After clearing risks, the system will rescan the same risk within 12 hours. If the risk is fixed, the alert will be automatically deleted.

Detection Items

CategoryDetection ItemDescriptionCorresponding Version
SystemWeak Account PasswordChecks if the login account password for Linux system is a weak passwordV3.0
SystemNon-root Privileged AccountChecks if there are non-root accounts with root privileges in the Linux systemV3.0
ApplicationInsecure SSH Protocol VersionChecks if an insecure SSH protocol version is usedV3.0
ApplicationAllows SSH Empty Password LoginChecks if SSH allows login with an empty passwordV3.0
ApplicationNginx Running with High PrivilegesChecks if Nginx is running with root privilegesV3.0
ApplicationApache Running with High PrivilegesChecks if Apache HTTPD is running with root privilegesV3.0
ApplicationPHP Version Information DisclosureChecks if PHP configuration discloses version informationV3.0
ApplicationDangerous PHP Executable FunctionsChecks if dangerous executable functions are disabled in PHP configurationV3.0
ApplicationJava Environment VulnerabilitiesChecks for risks in Java environment variables and configurations (e.g., Apache Log4J vulnerability)V3.0
DatabaseMySQL Running with High PrivilegesChecks if MySQL is running with root privilegesV3.0
DatabaseMongodb Validation DisabledChecks if password validation is enabled in Mongodb configurationV3.0
MiddlewareRedis Password Validation DisabledChecks if password validation is enabled for Redis serviceV3.0
DatabaseMongodb Validation Not EnabledChecks if Mongodb validation is disabled, which may allow risky default settingsV3.0
DatabaseMongodb Listening Address RiskAvoid setting Mongodb to listen on all addresses unnecessarily to prevent exposure to the public networkV3.0
ApplicationTomcat Account Not DisabledModify Tomcat configuration to remove or disable accounts for backend login if unnecessaryV3.0
ApplicationTomcat Running with High PrivilegesModify Tomcat process permissions to avoid running the service with high privilegesV3.0
ApplicationTomcat Sample Packages Not DeletedDelete sample packages under Tomcat Web directory to avoid leaking sensitive informationV3.0
ApplicationTomcat Directory Listing AllowedDisable directory listing in Tomcat to avoid information leakageV3.0
ApplicationTomcat Auto Deployment Not DisabledAvoid enabling auto deployment unless necessary to prevent hackingV3.0
ApplicationTomcat JMX Remote Not DisabledAvoid enabling JMX remote deployment unless necessary to prevent hackingV3.0
ApplicationCaddy Running with High PrivilegesModify Caddy process permissions to avoid running the service with high privilegesV3.0
ApplicationHadoop Access Validation Not EnabledChecks if access validation is disabled in Hadoop configurationV3.0
ApplicationApache Rewrite Configuration EnabledChecks if the rewrite configuration is enabled in Apache, which could lead to risky default settingsV3.0
ApplicationHadoop ResourceManager Public ExposureAvoid exposing the Hadoop backend service interface on a public network unless necessaryV3.0
ApplicationNginx Directory Traversal Due to MisconfigurationChecks if Nginx misconfiguration could lead to directory traversalV3.0
ApplicationNginx Directory Traversal Due to MisconfigurationChecks if Nginx misconfiguration could lead to directory traversalV3.0
ApplicationNginx CRLF Injection Due to MisconfigurationChecks if Nginx misconfiguration could lead to CRLF injectionV3.0

The corresponding version refers to the product version number. Please refer to the upgrade records for the version number and corresponding upgrade content.