This document describes how to use the Baseline Management to ensure baseline security for servers.
Overview
Tencent Cloud CWPP (Cloud Workload Protection Platform) allows you to perform periodic and quick baseline checks on servers based on default or custom baseline policies. You can also specify check items and servers to be included in baseline policies. By providing information such as baseline check pass rates, detected risks, threat levels, and suggestions on how to fix the vulnerabilities, the product helps you better manage the baseline security of your servers.
Important Notes
The Baseline Management feature is available only if you have at least one server bound to a (CWPP Pro/Ultimate) license.
Supported baseline types for check
|
Unauthorized access | Unauthorized access to CouchDB Unauthorized access to Elasticsearch unauthorized access to MongoDB unauthorized access to Hadoop unauthorized access to Kubelet Redis baseline compliance check unauthorized access to ZooKeeper |
Weak passwords | Linux system weak passwords MySQL weak passwords Windows system weak passwords Linux system weak passwords Rsync weak passwords Linux account with empty password Access to Rsync without a password Xampp default FTP password ActiveMQ baseline compliance check |
| JavaRMI remote code execution Jenkins without authentication causes execution of arbitrary commands |
Tencent Cloud security standards | MongoDB security baseline check Linux security baseline check Windows security baseline check FTP security baseline check Nginx security baseline check Information leakage baseline check |
| NFS misconfiguration causes mounting of sensitive directories PHP-FPM misconfiguration Docker daemon port (2375) is open Detection of Tomcat example directories Memcached's UDP port exploited by DDoS amplification attacks IIS misconfiguration causes resolution vulnerability RPCBind misconfiguration CentOS baseline check |
Operation Guide
2. Click Baseline Management on the left sidebar. The fields and operations related to the feature are described as follows.
Baseline policies
A baseline policy is a collection of user-defined baseline check items, allowing you to track baseline pass rates and detected risks based on the dimensions included in the policy.
Tencent Cloud default baseline policies: Tencent Cloud CWPP provides default baseline policies based on mainstream network security baseline check items, including: weak password policy, CIS baseline policy, and Tencent Cloud best security practice policy. You can add check items and servers to be checked to a default baseline policy, under which the check is conducted once every 7 days by default (at 00:00 of the day).
Note:
Pass rate of policy = the number of servers that pass all check items under this policy/the number of all servers checked under this policy
Add Baseline Policies
1.1 Click Baseline Settings in the upper right corner of the baseline check result section.
1.2 In the "Baseline Policy Settings" section of the "Baseline Settings" page, click Add Policies.
1.3 Enter the name of the new policy (must be different from existing policy names), specify Interval, Baseline Types, and Target Assets in the "Add Policies" page, and then click "Save and update".
Note:
A maximum of 20 baseline policies. If this limit is reached, you must delete an existing policy before you can create a new one.
Quick Check
Select the baseline policies for your check, click Quick Check (The check generally takes 2-10 minutes).
Periodic Check
1. Click Baseline Settings in the upper right corner of the baseline check result section.
2. You can set the interval of periodic checks and manage ignored check items
Visualized baseline data
After selecting baseline policies and running a check, the Baseline Management page shows the number of checked servers, number of check items, the pass rate of the baseline policies, top 5 baseline check items, and top 5 risk items, which are categorized by threat level. Baseline check result list
At the bottom of the Baseline Management page, the list of baseline check results is shown, where you can view baseline details, perform fuzzy search and status filtering for a single baseline, and download all tables.
Field description:
Baseline Name: The name of the current baseline set, which contains multiple check items of the same category.
Threat Level: Divided into Severe, High, Medium, and Low
Baseline Check Items: The total number of check items included in the current baseline set.
Affected servers: The number of servers that do not pass every check item in the current baseline set under the baseline policy, i.e. the number of servers affected by this baseline set.
Last Checked: The time when the check items in the baseline set were last executed on a server.
Status: Pass, Fail and In Progress.
Opereation: Allows you to view baseline details and run a recheck for failed baselines.
Rescan:
Option 1: Select the baselines for a recheck, and click Recheck in the upper left corner of the list to run a recheck for the selected baselines at one time.
Option 2: Click Recheck on the right of the desired baseline to run a recheck for the baseline.
View details:
In the baseline check result list, locate the desired baseline, and then click Details in the Action column on the right to open the baseline details page.
The baseline details page shows the description and threat level of the baseline, as well as the list of affected servers.
The check details page shows the basic information including baseline name, server name, and check items.
You can run a "Recheck" or select "Ignore" for multiple check items.
You can filter check items by threat level or status.
When you hover the mouse cursor over a check item, the details of the item, and solutions to the detected issue will appear.
Was this page helpful?