This document describes how to use the Baseline Management to ensure baseline security for servers.
Overview
Tencent Cloud CWPP (Cloud Workload Protection Platform) allows you to perform periodic and quick baseline checks on servers based on default or custom baseline policies. You can also specify check items and servers to be included in baseline policies. By providing information such as baseline check pass rates, detected risks, threat levels, and suggestions on how to fix the vulnerabilities, the product helps you better manage the baseline security of your servers.
Important Notes
The Baseline Management feature is available only if you have at least one server bound to a (CWPP Pro/Ultimate) license.
Supported baseline types for check
Baseline Type
Supported Baselines for Check
Unauthorized access
Unauthorized access to CouchDB
Unauthorized access to Elasticsearch
unauthorized access to MongoDB
unauthorized access to Hadoop
unauthorized access to Kubelet
Redis baseline compliance check
unauthorized access to ZooKeeper
Weak passwords
Linux system weak passwords
MySQL weak passwords
Windows system weak passwords
Linux system weak passwords
Rsync weak passwords
Linux account with empty password
Access to Rsync without a password
Xampp default FTP password
ActiveMQ baseline compliance check
Remote code execution
JavaRMI remote code execution
Jenkins without authentication causes execution of arbitrary commands
Tencent Cloud security standards
MongoDB security baseline check
Linux security baseline check
Windows security baseline check
FTP security baseline check
Nginx security baseline check
Information leakage baseline check
Other
NFS misconfiguration causes mounting of sensitive directories
PHP-FPM misconfiguration
Docker daemon port (2375) is open
Detection of Tomcat example directories
Memcached's UDP port exploited by DDoS amplification attacks
2. Click Baseline Management on the left sidebar. The fields and operations related to the feature are described as follows.
Baseline policies
A baseline policy is a collection of user-defined baseline check items, allowing you to track baseline pass rates and detected risks based on the dimensions included in the policy.
Tencent Cloud default baseline policies: Tencent Cloud CWPP provides default baseline policies based on mainstream network security baseline check items, including: weak password policy, CIS baseline policy, and Tencent Cloud best security practice policy. You can add check items and servers to be checked to a default baseline policy, under which the check is conducted once every 7 days by default (at 00:00 of the day).
Note:
Pass rate of policy = the number of servers that pass all check items under this policy/the number of all servers checked under this policy
Add Baseline Policies
1.1 Click Baseline Settings in the upper right corner of the baseline check result section.
1.2 In the "Baseline Policy Settings" section of the "Baseline Settings" page, click Add Policies.
1.3 Enter the name of the new policy (must be different from existing policy names), specify Interval, Baseline Types, and Target Assets in the "Add Policies" page, and then click "Save and update".
Note:
A maximum of 20 baseline policies. If this limit is reached, you must delete an existing policy before you can create a new one.
Quick Check
Select the baseline policies for your check, click Quick Check (The check generally takes 2-10 minutes).
Periodic Check
1. Click Baseline Settings in the upper right corner of the baseline check result section.
2. You can set the interval of periodic checks and manage ignored check items
Visualized baseline data
After selecting baseline policies and running a check, the Baseline Management page shows the number of checked servers, number of check items, the pass rate of the baseline policies, top 5 baseline check items, and top 5 risk items, which are categorized by threat level.
Baseline check result list
At the bottom of the Baseline Management page, the list of baseline check results is shown, where you can view baseline details, perform fuzzy search and status filtering for a single baseline, and download all tables.
Field description:
Baseline Name: The name of the current baseline set, which contains multiple check items of the same category.
Threat Level: Divided into Severe, High, Medium, and Low
Baseline Check Items: The total number of check items included in the current baseline set.
Affected servers: The number of servers that do not pass every check item in the current baseline set under the baseline policy, i.e. the number of servers affected by this baseline set.
Last Checked: The time when the check items in the baseline set were last executed on a server.
Status: Pass, Fail and In Progress.
Opereation: Allows you to view baseline details and run a recheck for failed baselines.
Rescan:
Option 1: Select the baselines for a recheck, and click Recheck in the upper left corner of the list to run a recheck for the selected baselines at one time.
Option 2: Click Recheck on the right of the desired baseline to run a recheck for the baseline.
View details:
In the baseline check result list, locate the desired baseline, and then click Details in the Action column on the right to open the baseline details page.
The baseline details page shows the description and threat level of the baseline, as well as the list of affected servers.
The check details page shows the basic information including baseline name, server name, and check items.
You can run a "Recheck" or select "Ignore" for multiple check items.
You can filter check items by threat level or status.
When you hover the mouse cursor over a check item, the details of the item, and solutions to the detected issue will appear.
Yes
No
Was this page helpful?