tencent cloud

文档反馈

DescribeBaselineItemDetectList

最后更新时间:2024-08-27 11:41:42

1. API Description

Domain name for API request: cwp.tencentcloudapi.com.

This API is used to obtain the list of baseline detection items.

A maximum of 20 requests can be initiated per second for this API.

We recommend you to use API Explorer
Try it
API Explorer provides a range of capabilities, including online call, signature authentication, SDK code generation, and API quick search. It enables you to view the request, response, and auto-generated examples.

2. Input Parameters

The following request parameter list only provides API request parameters and some common parameters. For the complete common parameter list, see Common Request Parameters.

Parameter Name Required Type Description
Action Yes String Common Params. The value used for this API: DescribeBaselineItemDetectList.
Version Yes String Common Params. The value used for this API: 2018-02-28.
Region No String Common Params. This parameter is not required.
Filters.N No Array of Filter
  • HostId - string - required: no - host ID
  • RuleId - int64 - required: no - rule ID
  • PolicyId - int64 - required: no - policy ID
  • ItemName - string - required: no - item name
  • DetectStatus - int - required: no - detection status
  • Level - int - required: no - risk level
  • StartTime - string - required: no - start time
  • EndTime - string - required: no - end time
  • Limit No Integer Limit Entries, 10 by default, up to 100
    Offset No Integer Offset, which is 0 by default.
    Order No String Sorting Method: [ASC: Ascending Order, DESC: Descending Order]
    By No String Sorting column: [HostCount|FirstTime|LastTime]

    3. Output Parameters

    Parameter Name Type Description
    Total Integer Total number
    List Array of BaselineItemDetect None
    RequestId String The unique request ID, generated by the server, will be returned for every request (if the request fails to reach the server for other reasons, the request will not obtain a RequestId). RequestId is required for locating a problem.

    4. Example

    Example1 Obtaining the Baseline Check Item List

    Input Example

    POST / HTTP/1.1
    Host: cwp.tencentcloudapi.com
    Content-Type: application/json
    X-TC-Action: DescribeBaselineItemDetectList
    <Common request parameters>
    
    {}
    

    Output Example

    {
        "Response": {
            "List": [
                {
                    "ItemId": 2162,
                    "ItemName": "Ensure that permissions on /etc/shadow are set",
                    "ItemDesc": "The /etc/shadow file is used to store information about user accounts, which is crucial for the security of these accounts, such as hashed passwords and other security information.",
                    "FixMethod": "Run the following command to set permissions on /etc/shadow:\n# chown root:root /etc/shadow# chmod 000 /etc/shadow\n",
                    "RuleId": 13,
                    "RuleName": "International standard - CentOS 7 security baseline check level 1",
                    "HostCount": 1,
                    "FirstTime": "2022-07-18 13:33:12",
                    "LastTime": "2022-07-21 21:25:01",
                    "DetectStatus": 3,
                    "Level": 2,
                    "DetectResult": "",
                    "PassedHostCount": 1,
                    "NotPassedHostCount": 0
                },
                {
                    "ItemId": 2163,
                    "ItemName": "Ensure that the rsync service is not enabled",
                    "ItemDesc": "The rsyncd service can be used to synchronize files between systems over network links.",
                    "FixMethod": "Run the following command to disable rsync:\n #systemctl disable rsyncd \n",
                    "RuleId": 13,
                    "RuleName": "International standard - CentOS 7 security baseline check level 1",
                    "HostCount": 1,
                    "FirstTime": "2022-07-18 13:33:12",
                    "LastTime": "2022-07-21 21:25:01",
                    "DetectStatus": 3,
                    "Level": 2,
                    "DetectResult": "",
                    "PassedHostCount": 1,
                    "NotPassedHostCount": 0
                },
                {
                    "ItemId": 2164,
                    "ItemName": "Ensure that the noexec option is set on the /var/tmp partition",
                    "ItemDesc": "The noexec mounting option specifies that the file system cannot contain executable binary files.",
                    "FixMethod": "Edit the /etc/fstab file and add noexec to the fourth field of the /var/tmp partition.\nRun the following command to remount /var/tmp:\n# mount -o remount,noexec /var/tmp\n",
                    "RuleId": 13,
                    "RuleName": "International standard - CentOS 7 security baseline check level 1",
                    "HostCount": 1,
                    "FirstTime": "2022-07-18 13:33:12",
                    "LastTime": "2022-07-21 21:25:01",
                    "DetectStatus": 3,
                    "Level": 2,
                    "DetectResult": "",
                    "PassedHostCount": 1,
                    "NotPassedHostCount": 0
                },
                {
                    "ItemId": 2166,
                    "ItemName": "Ensure that the HTTP proxy service is not enabled",
                    "ItemDesc": "Squid is the standard proxy server used in many distributions and environments.",
                    "FixMethod": "Run the following command to disable Squid:\n #systemctl disable squid \n",
                    "RuleId": 13,
                    "RuleName": "International standard - CentOS 7 security baseline check level 1",
                    "HostCount": 1,
                    "FirstTime": "2022-07-18 13:33:12",
                    "LastTime": "2022-07-21 21:25:01",
                    "DetectStatus": 3,
                    "Level": 2,
                    "DetectResult": "",
                    "PassedHostCount": 1,
                    "NotPassedHostCount": 0
                },
                {
                    "ItemId": 2169,
                    "ItemName": "Ensure that the noexec option is set on the /tmp partition",
                    "ItemDesc": "File systems with the noexec mounting option cannot contain executable binary files.",
                    "FixMethod": "Edit /etc/systemd/system/local-fs.target.wants/tmp.mount and add noexec to /tmp:\n[Mount]Options=mode=1777,strictatime,noexec,nodev,nosuid\nRun the following command to remount /tmp:\n# mount -o remount,noexec /tmp\n",
                    "RuleId": 13,
                    "RuleName": "International standard - CentOS 7 security baseline check level 1",
                    "HostCount": 1,
                    "FirstTime": "2022-07-18 13:33:12",
                    "LastTime": "2022-07-21 21:25:01",
                    "DetectStatus": 3,
                    "Level": 2,
                    "DetectResult": "",
                    "PassedHostCount": 1,
                    "NotPassedHostCount": 0
                },
                {
                    "ItemId": 2172,
                    "ItemName": "Ensure that the TFTP service is disabled",
                    "ItemDesc": "Trivial File Transfer Protocol (TFTP) is a simple file transfer protocol typically used for automatic transfer of configuration from a boot server or computer. The tftp-server package is used for defining and supporting the TFTP server.",
                    "FixMethod": "Run the following command to disable TFTP:\n# systemctl disable tftp.socket",
                    "RuleId": 13,
                    "RuleName": "International standard - CentOS 7 security baseline check level 1",
                    "HostCount": 1,
                    "FirstTime": "2022-07-18 13:33:12",
                    "LastTime": "2022-07-21 21:25:01",
                    "DetectStatus": 3,
                    "Level": 2,
                    "DetectResult": "",
                    "PassedHostCount": 1,
                    "NotPassedHostCount": 0
                },
                {
                    "ItemId": 2179,
                    "ItemName": "Ensure that no residual entry with the character + exists in /etc/shadow",
                    "ItemDesc": "The character + in various files once served as a mark for the system to insert data from NIS maps at a certain point in system configuration files. Entries with this character are no longer needed on most systems but may exist in files imported from other platforms.\n",
                    "FixMethod": "Remove entries with the character + from /etc/shadow",
                    "RuleId": 13,
                    "RuleName": "International standard - CentOS 7 security baseline check level 1",
                    "HostCount": 1,
                    "FirstTime": "2022-07-18 13:33:12",
                    "LastTime": "2022-07-21 21:25:01",
                    "DetectStatus": 3,
                    "Level": 2,
                    "DetectResult": "",
                    "PassedHostCount": 1,
                    "NotPassedHostCount": 0
                },
                {
                    "ItemId": 2181,
                    "ItemName": "Ensure that Avahi Server is disabled",
                    "ItemDesc": "Avahi allows programs to publish and discover services and hosts running on a local network without specific configuration.",
                    "FixMethod": "Run the following command to disable avahi-daemon:\n #systemctl disable avahi-daemon \n",
                    "RuleId": 13,
                    "RuleName": "International standard - CentOS 7 security baseline check level 1",
                    "HostCount": 1,
                    "FirstTime": "2022-07-18 13:33:12",
                    "LastTime": "2022-07-21 21:25:01",
                    "DetectStatus": 3,
                    "Level": 2,
                    "DetectResult": "",
                    "PassedHostCount": 1,
                    "NotPassedHostCount": 0
                },
                {
                    "ItemId": 2185,
                    "ItemName": "Ensure that the nodev option is set on the /var/tmp partition",
                    "ItemDesc": "The nodev mounting option specifies that the file system cannot contain special devices.",
                    "FixMethod": "Edit the /etc/fstab file and add nodev to the fourth field of the /var/tmp partition (mounting option).\nRun the following command to remount /var/tmp:\n# mount -o remount,nodev /var/tmpq\n",
                    "RuleId": 13,
                    "RuleName": "International standard - CentOS 7 security baseline check level 1",
                    "HostCount": 1,
                    "FirstTime": "2022-07-18 13:33:12",
                    "LastTime": "2022-07-21 21:25:01",
                    "DetectStatus": 3,
                    "Level": 2,
                    "DetectResult": "",
                    "PassedHostCount": 1,
                    "NotPassedHostCount": 0
                },
                {
                    "ItemId": 2189,
                    "ItemName": "Ensure that the HTTP service is disabled",
                    "ItemDesc": "The HTTP or Web server provides the feature of managing website content.",
                    "FixMethod": "Run the following command to disable HTTPd:\n #systemctl disable httpd \n",
                    "RuleId": 13,
                    "RuleName": "International standard - CentOS 7 security baseline check level 1",
                    "HostCount": 1,
                    "FirstTime": "2022-07-18 13:33:12",
                    "LastTime": "2022-07-21 21:25:01",
                    "DetectStatus": 3,
                    "Level": 2,
                    "DetectResult": "",
                    "PassedHostCount": 1,
                    "NotPassedHostCount": 0
                }
            ],
            "RequestId": "d93119fb-5ea9-4dc4-8e1a-b878dc62c67c",
            "Total": 169
        }
    }
    

    5. Developer Resources

    SDK

    TencentCloud API 3.0 integrates SDKs that support various programming languages to make it easier for you to call APIs.

    Command Line Interface

    6. Error Code

    The following only lists the error codes related to the API business logic. For other error codes, see Common Error Codes.

    Error Code Description
    FailedOperation Operation failed.
    InternalError Internal error
    InvalidParameter Incorrect parameter.