Skip to main content

View Baseline check overview

The baseline check feature automatically checks the secure configurations on servers and provides detailed check results and suggestions for baseline reinforcement.

Context

After you enable the baseline check feature, Cloud automatically checks for risks related to the operating systems, accounts, databases, passwords, and security compliance configurations of your servers, and provides reinforcement suggestions.

By default, a full baseline check is automatically performed from 00:00 to 06:00 every day. You can create and manage scan policies for baseline checks. When you create or modify a policy, you can specify the baselines, interval, and period, and select the servers to which you want to apply this policy.

Precautions

By default, the following baselines are disabled. To check these baselines, make sure that these baselines do not affect your business, and select them when you customize a scan policy.

  • Baselines related to weak passwords for specific applications such as MySQL, PostgreSQL, and SQL Server.

If these baselines are enabled, the system attempts to log on to servers with weak passwords. The logon attempts consume server resources and generate a large number of logon failure records.

  • Baselines related to China's classified protection of cybersecurity.
  • Baselines related to the Center for Internet Security (CIS) standard.

Procedure

  1. On the product management page, select the Server Guard button. fg-dc-sg-3.2.2.1-1

  2. On the Server Guard page, click the Baseline Check tab. fg-dc-sg-3.2.2.1-2

  3. On the Baseline Check page, review the information. fg-dc-sg-3.2.2.1-3

Note: You can select a policy from the Select Policy drop-down list to view the following information:

  • Checked Servers: The number of servers on which the baseline check runs. These servers are specified in the selected baseline check policy.
  • Check Items: The number of check items specified in the selected baseline check policy.
  • Last Pass Rate: The pass rate of the last baseline check.

If the number below the Last Pass Rate is green, the pass rate of the checked servers is high. If the number is red, a large number of failed check items have been detected on the checked servers. We recommend that you view the check result details and manage the failed check items.

  • Select All from the Select Policy drop-down list.

The Baseline Check page displays details about all baselines, including Baseline, Checked Item, Failed Items/ Affected Servers Items, Category, and Last Check.
You can also select a baseline check policy from the Select Policy drop-down list to view the baselines specified in this policy.

  • Review the baseline details.

Evaluate the baseline information.

fg-dc-sg-3.2.2.1-4

  • Manage the failed check items.

Click the View button in the actions column to open the At-Risk Items panel.

fg-dc-sg-3.2.2.1-5