Image Baseline Check¶
Your private image repository is scanned for unsafe configurations and provides suggestions for modifying the configurations, helping you fight intrusions and meet compliance requirements.
Check Frequency¶
A comprehensive check is automatically performed by HSS at 04:10 every day.
Prerequisites¶
Container protection has been enabled.
Constraints¶
Only configuration risks in Linux images can be detected.
Check Items¶
Accounts with duplicate names or UIDs
Non-root accounts whose UIDs are 0
Password check in code
Accounts with duplicate password hash values
Weak password hash algorithms
The account password is not empty.
Duplicate group names or GIDs
Non-privileged account incorrectly included in the privilege group
Old "+" entries in the /etc/passwd file
Old "+" entries in the /etc/shadow file
Old "+" entries in the /etc/group file
Ensuring all groups in the /etc/passwd file are in the /etc/group file
Unconfigured password validity period
Ensuring that the password change dates of all users are past dates.
Host trust relationship
Preset root-level trust relationship establishment
The default group of user root is GID 0.
Members in the shadow group
Procedure¶
Log in to the management console.
Click in the upper left corner of the page, select a region, and choose Security > HSS. The HSS page is displayed.
In the navigation tree on the left, choose Prediction > Container Images.
Click the Unsafe Settings tab to view the unsafe settings in the image.