Review the Suggestions for each risk item and promptly fix risky configurations on your instances to enhance system security.
View baseline check results and suggestions
Follow these steps to view the details of failed risk items from baseline checks. This helps you identify which risk items require action and the instances they affect.
Log on to the Security Center console.
In the left-side navigation pane, choose , and then click the System Baseline Risks tab.
On the Risk Details tab, view risk items and suggestions by check item.
In the Pass Rate section, you can expand the view to see the pass rate for each baseline. Hover over the pass rate line to see the number of high-risk (red), medium-risk (orange), low-risk (yellow), and failed check items.
In the Check Item Statistics section, click the number under Failed or Total Check Items Handled to view the corresponding check items in the list below.
NoteThe list of failed check items shows data from the last 30 days only. The total for handled check items includes data from the last 365 days and excludes released assets.
View the details and suggestions for a target check item.
Use the search and filter controls above the list to filter check items by risk level, status, and type. You can also search for a specific item by entering its name.
In the Actions column for the target check item, click Details. In the details panel, you can view the Description, Suggestions, Related Baselines, and a list of affected assets.
On the Baseline Check Policy tab, view risk items and suggestions by baseline.
View the check results for all or a specific Baseline Check Policy.
In the policy overview area, the default policy is Default. Click the expand icon
to open the baseline check policy menu. You can then click All Policies or a specific policy to view its details, including Checked Servers, Baselines, High Weak Password Risk, and Last Check Pass Rate (the pass rate of the most recent baseline check).Click the number under High Weak Password Risk to view a list of high-risk weak password items.
ImportantHigh Weak Password Risk lists high-severity baseline risks that require immediate attention. For information about how to improve password security and change passwords in common systems, see Weak password security best practices.
The font color for the Last Check Pass Rate indicates the following:
Green: Indicates a high pass rate for baseline configurations on the scanned assets.
Red: Indicates a high number of failed baseline configurations on the checked assets. This can pose a security risk. Go to the baseline check details page to view and fix these risks.
View the list of baseline check results and suggestions by baseline.
In the list of baseline check results, click a baseline name. In the baseline details panel, you can view the assets affected by the baseline, as well as the counts for Passed Items and Risk Item.
In the baseline details panel, find an affected asset and click View in the Actions column. In the Risk Item panel, you can view all baseline risk items for that asset.
NoteIf a check item shows a status of Passed, it means the configuration of the corresponding instance has no risks and requires no fixes.
For example, for the Unauthorized Redis Access check, if a Redis database has no password but is bound to 127.0.0.1 (allowing only local access), the item passes the baseline check. This indicates that the current unauthorized access is secure and does not require fixing. You can decide whether to configure authorized access based on your business requirements.
In the Risk Item panel, click Details in the Actions column for a risk item. You can view information provided by Security Center for the risk item, including the Description, Check Tips, and Suggestions.
Optional: Return to the baseline details panel. In the upper-right corner of the baseline check results list, click the download icon
. In the Select Baseline Export Task dialog box, select a method to export the results.For exporting weak password information contained in the baseline, Security Center provides the following methods:
Export Weak Password in Plaintext: Exports the weak password information from the baseline check results in plaintext.
Mask and Export Weak Password: Exports the weak password information from the baseline check results in a masked format.
. In the Select Baseline Export Task dialog box, select a method to export the results.
Handle failed baseline risk items
As described earlier, you can address baseline risks by check item on the Risk Details tab, or by baseline on the Baseline Check Policy tab.
The following example shows how to handle baseline risks by baseline. It uses the Suggestions provided in the Risk Item panel.
After you view failed check items in the Risk Item panel, you can select one of the following operations in the Actions column to handle the corresponding risk item.
Fix risk items
Security Center supports one-click fixes for only some baseline risk items. A risk item is eligible for a one-click fix if the Fix button appears for it in the Risk Item panel.
If the Fix button is not available, you cannot fix the risk item in the Security Center console. You must log on to the affected instance, modify the configuration on the instance, and then return to Security Center to Verify the result.
If the Fix button is displayed, the risk item can be fixed directly in the Security Center console.
In the Risk Item panel, click Fix in the Actions column for the target check item.
In the Fix Risks for Assets dialog box, configure the following settings and then click Fix Now.
The following table describes the settings.
Parameter
Description
Fixing Method
The method to fix the baseline risk item.
NoteThe fixing method varies depending on the type of risk item. Configure this setting based on your scenario.
Batch Handle
Select whether to fix the same baseline risk item on other assets in a batch.
System Protection
Select whether to create a snapshot to back up your system data.
WarningA fix can fail and affect your business operations. We strongly recommend backing up your instance before you proceed. If the fix fails and interrupts your business, you can use the backup to quickly restore the instance to its state before the fix was applied.
Automatically Create Snapshot and Fix Risk: You must specify the Snapshot Name and Snapshot Retention Period, and then click Fix Now.
NoteCreating a snapshot incurs fees. You can click Snapshot billing on the page to learn more about snapshot billing details.
Skip Snapshot and Fix: If you are sure you want to fix the baseline risk without creating a snapshot, click Fix Now.
Roll back a fix
If you created a backup snapshot before you fixed a baseline risk item on an Alibaba Cloud ECS instance, you can roll back the changes if the fix fails and causes a business interruption. In the baseline details panel, click Roll Back in the Actions column for the instance. In the Roll Back dialog box, select the snapshot that was created before the fix, and then click Confirm.
The Roll Back operation restores the instance configuration to the state captured in the pre-fix snapshot.
Add to whitelist
If you confirm that a failed baseline check item does not need to be handled, you can use the Add to Whitelist feature to ignore alerts for the baseline risk on the target instance.
ImportantAdding a risk item to the whitelist for a specific instance exempts that instance from future checks for that risk.
For example, if a baseline check flags the use of the root account for logon, but your business scenario requires logging on with the root account, you can add this risk item to the whitelist.
In the Risk Item panel for the target asset, click Add to Whitelist in the Actions column for the check item you want to handle. In the dialog box that appears, enter a reason for whitelisting, and then click OK.
To add multiple check items to the whitelist, select the check items that have a status of Not Passed, and then click Add to Whitelist at the bottom of the list.
You can also add check items for multiple assets to the whitelist on the Risk Details tab:
Whitelist a specific check item for all assets (including new ones)
On the Risk Details tab, find the check item in the list and click Add to Whitelist in the Actions column. Alternatively, select multiple check items and click Add to Whitelist at the bottom of the list.
Whitelist some assets for a single check item
On the Risk Details tab, find the check item in the baseline check results list and click Details in the Actions column. In the instance list of the risk item details panel, select the instances you want to whitelist, and then click Add to Whitelist at the bottom of the list.
Remove from whitelist
If you want Security Center to generate alerts again for an ignored baseline check item, you can Remove from Whitelist. After the item is removed, Security Center will generate alerts for it in subsequent checks.
On the Risk Item panel, locate the check item that you want to remove from the whitelist and click Remove from Whitelist in the Actions column. In the Remove from Whitelist dialog box, click OK to remove the check item from the whitelist. You can also select multiple check items that you want to remove from the whitelist, and click Remove from Whitelist at the bottom of the list to remove them from the whitelist in a batch.
Verify the fix.
In the Risk Item panel for the asset, click Verify in the Actions column for the target check item to verify the fix. If the verification is successful, the risk is fixed. The number in the Risk Item column for the asset decreases, and the status of the risk item is updated to Passed.
NoteIf you do not manually verify the fix, Security Center automatically verifies it during the next scan cycle defined in your policy.
