Security Baseline Check
Security baseline checks automatically detect risks in the system, middleware, database, and account configurations on your server and provide you with remediation suggestions for any issues found.
Detection Principle
Different checks employ different detection rules, checking whether they meet some risk features to prompt risk points and remediation suggestions.
Detection Cycle
By default, checks are performed once every hour.
After risk mitigation, the risk will be checked again within 1 hour. If the risk is found to have been mitigated, the corresponding alert will be automatically deleted.
Detected Items
Category | Detected Items | Description | Corresponding Version |
---|---|---|---|
System | Existence of weak account passwords | Check if the login password of the Linux system account is weak | V3.0 |
System | Existence of non-root privilege accounts | Check if there are accounts with root privileges in the Linux system | V3.0 |
Application | Use of insecure SSH protocol version | Check if an insecure security protocol is in use | V3.0 |
Application | Allowance of SSH blank password login | Check if SSH allows blank password login | V3.0 |
Application | Detection of Nginx running with high privileges | Check if Nginx is running with root privileges | V3.0 |
Application | Apache running with high privileges | Check if Apache Httpd is running with root privileges | V3.0 |
Application | Existence of PHP version information disclosure | Check if there is improperly configured PHP causing version information disclosure | V3.0 |
Application | Existence of executable high-risk PHP functions | Check if executable high-risk functions are disabled in PHP configuration | V3.0 |
Application | Existence of Java environment vulnerabilities | Check if there are risks in Java environment variables and configurations (such as apache-log4j vulnerability) | V3.0 |
Database | Redis password verification is set | Check if password verification is enabled in redis server configuration | V3.0 |
Database | MySQL running with high privileges | Check if MySQL service is running with root privileges | V3.0 |
Database | Mongodb authentication enabled | Check if password verification is enabled in Mongodb configuration | V3.0 |
Web | Web-CMS vulnerabilities | The latest vulnerability warnings and related patches. | V3.0 |