Security class

BCC BCC

  • API Reference
    • Appendix
    • Automatic Snapshot Policy Related Interfaces
      • Bind automatic snapshot policy
      • Create automatic snapshot policy
      • Delete automatic snapshot policy
      • Query details of automatic snapshot policy
      • Query the list of automatic snapshot policies
      • Unbind automatic snapshot policy
      • Update automatic snapshot policy
    • Cluster Management Related Interfaces
      • Create EHC Cluster
      • Delete EHC Cluster
      • EHC Cluster List
      • Modify EHC Cluster
    • Common Request Headers and Response Headers
    • Dedicated Cluster Related Interfaces
      • Canceling Dedicated Cluster Auto-Renewal
      • Create a dedicated cluster
      • Dedicated Cluster Renewal
      • Dedicated Cluster Tag Binding
      • Dedicated Cluster Tag Unbinding
      • Enabling Dedicated Cluster Auto-Renewal
      • Querying Dedicated Cluster Details
      • Querying Dedicated Cluster List
      • Resizing Dedicated Cluster
    • Deployment Group Related Interfaces
      • Adjust Deployment Group
      • Create Deployment Group
      • Delete Deployment Group
      • Get Deployment Group Details
      • Modify deployment group
      • Query the deployment group list
      • Remove Instance from Deployment Group
    • Disk Related Interfaces
      • Attach a CDS disk
      • Bind a tag to a disk
      • Cancel Auto-renewal
      • Create a CDS disk
      • Detach a CDS disk
      • Disk Expansion and Type Change
      • Enable auto-renewal
      • Get Purchasable Disk Information
      • Modify disk properties
      • Query CDS Price
      • Query disk details
      • Query the disk list
      • Release a CDS disk (new)
      • Release a CDS disk
      • Rename a disk
      • Renew a disk
      • Roll back disk data
      • Shift charge for disks
      • Unbind a tag from a disk
    • Error response
    • General Description
    • Image Related Interfaces
      • Bind a tag to an image
      • Cancel cross-region replication of custom images
      • Create a custom image
      • Delete a custom image
      • Import an image
      • Modify Custom Image Name
      • Query available public image based on instance specifications
      • Query image details
      • Query List of Users with Shared Image Access
      • Query OS information based on instance IDs in batch
      • Query the image list
      • Replicate a custom image across regions
      • Share a custom image
      • Unbind a tag from an image
      • Unshare a custom image
    • Instance Related Interfaces
      • Add an instance to a security group
      • Add IPv6
      • Batch Adding Secondary IP Addresses for Primary Network Interface Card
      • Batch Convert to Postpay
      • Batch Unsubscribe Prepaid Instances
      • Billing Change - Convert to Subscription
      • Bind a role
      • Bind a tag to an instance
      • Change the instance subnet
      • Change the instance VPC
      • Convert to prepay in batch
      • Create an instance (by specifying instance package specifications)
      • Create automatic renewal rules
      • Create instance
      • Delete automatic renewal rules
      • Delete secondary IP address from the primary network interface card in batch
      • Early Release of Prepaid Instances
      • Enter rescue mode
      • Exit rescue mode
      • Instance Resizing (By Specifying Instance Package Specification)
      • Modify instance attributes
      • Modify instance description
      • Modify instance hostname
      • Modify the instance password
      • Query Instance List by Instance ID
      • Query instance list
      • Query Multiple Instance Details
      • Query recycle bin instance list
      • Query resizing specifications
      • Query the custom data of the instance
      • Query the details of a specified instance
      • Query the list of BCC instances eligible for no charge for stopped instances
      • Query the VNC address of the instance
      • Reboot an instance
      • Reinstall an instance
      • Reinstall OS for Instances (Batch Reinstallation)
      • Release instances in batch
      • Release IPv6
      • Release Postpay Instances (Release via POST Request)
      • Release recycle bin instances
      • Remove an instance from a security group
      • Remove the relationship between an instance and its deployment group
      • Renew an instance
      • Resize instances in batches
      • Resuming Billing for BCC in Recycle Bin
      • Retrieve a list of instance roles
      • Retrieve network interface card information for an instance
      • Set Auto-release of Spot Instance EIP
      • Set Instance Deletion Protection
      • Setting Auto-Release for Postpay
      • Start an instance
      • Starting Instances (Batch Start)
      • Stop an instance
      • Stopping Instances (Batch Stop)
      • Unbind a role
      • Unbind a tag from an instance
    • Key Pair Related Interfaces
      • Bind a key pair
      • Change description of key pair
      • Create a key pair
      • Delete a key pair
      • Import a key pair
      • Query key pair details
      • Query the key pair list
      • Rename a key pair
      • Unbind a key pair
    • Maintenance platform APIs
      • Maintenance Records Related Interfaces
      • Maintenance Task Related Interfaces
      • Pre-authorization Related Interfaces
    • Other APIs
      • Query instance package price
      • Query instance package specifications (new)
      • Querying Availability Zones By Package Specification
    • Overview
    • Region and Availability Zone Related Interfaces
      • Query list of availability zones
      • Retrieve the Domain Name List API
    • Reserved Instance Related Interfaces
      • Accept Reserved Instance Transfer
      • Adjust reserved instance
      • Bind Tag to Reserved Instance
      • Create Auto-renewal Rule for Reserved Instance
      • Create reserved instances
      • Disable Auto-renewal Rule for Reserved Instance
      • Initiate Reserved Instance Transfer
      • Query Reserved Instance
      • Reject Reserved Instance Transfer
      • Renew reserved instances
      • Reserved Instance Inbound List
      • Reserved Instance Outbound List
      • Revoke Reserved Instance Transfer
      • Unbind Tag from Reserved Instance
    • Security Group Related Interfaces
      • Authorize security group rules
      • Create a security group
      • Delete a security group
      • Delete security group rules
      • Instance associating with security group
      • Query the security group list
      • Replace security group for instance
      • Revoke security group rules
      • Unbind security group from instance
      • Update security group rules
    • Service domain
    • Snapshot Related Interfaces
      • Bind a tag to a snapshot chain
      • Create a snapshot
      • Delete a snapshot
      • Query snapshot chain list
      • Query snapshot details
      • Query the snapshot list
      • Replicate a snapshot across regions
      • Unbind a tag from a snapshot chain
    • Spot Instance Related Interfaces
      • Cancel Spot Instance Order
      • Create spot instances
      • Query Spot Instance Packages
      • Query Spot Price
  • Cloud Assistant API and SDK Reference
    • Python SDK
      • Batch Retrieval of bsm-agent State within Instances
      • CaClient
      • Command Interface
      • Historical records
      • Initialization
      • Install SDK
      • Log API
  • Cloud Assistant API Reference
    • Batch Retrieve Instance BSM-Agent Status
    • Command Interface
    • Common Request and Response Headers
    • Error response
    • General Description
    • Historical records
    • Log API
    • Service domain
  • FAQs
    • Billing class
    • Common Questions Overview
    • Images
    • Instances
    • Network class
    • Performance
    • Reserved Instance
    • Security class
    • Snapshots
    • Storage class
    • Virtual machine operation and maintenance class
  • Fault handling
    • GPU Instance Downtime Troubleshooting
    • Linux Baidu Cloud Compute Entering Single User Mode to Reset Paasword Reports Error-Authentication token lock busy
    • Linux Baidu Cloud Compute Entering Single User Mode to Reset Paasword Reports Error-Authentication token manipulation error
    • Linux Baidu Cloud Compute Entering Single User Mode to Reset Root Paasword
    • Linux Baidu Cloud Compute Execution Yum Update Reports Dependency Conflict
    • Linux Baidu Cloud Compute Setting Login Method
    • Unable to Remotely Connect to Linux Instance
    • Unable to Remotely Connect to Windows Instance
    • Windows Server Cannot Ping
  • Function Release Records
  • Go-SDK
    • Automatic snapshot policy
    • Availability zone
    • Dedicated CDS Cluster
    • Deployment group
    • Disk
    • Elastic high-performance computing cluster
    • Image
    • Initialization
    • Instance
    • Key pair
    • Overview
    • Region
    • Reserved Instance
    • Security group
    • Snapshot
  • Java-SDK
    • Automatic snapshot policy
    • Availability zone
    • BCC instance
    • BccClient
    • Deployment group
    • Disk
    • Exception handling
    • Image
    • Install the SDK Package
    • Key pair
    • Log
    • Overview
    • Quick Start
    • Region
    • Reserved Instance
    • Security group
    • Snapshot
    • Version Change Records
  • Operation guide
    • Deployment group
      • Adjust Deployment Group for Existing Instances
      • Create BCC Instance within Deployment Group
      • Create Deployment Group
      • Delete Deployment Group
      • Modify Deployment Group Information
      • Overview of deployment policy
      • Remove BCC Instance from Deployment Group
    • Elastic high-performance computing cluster
      • Create Elastic High-performance Computing Cluster
      • Overview of elastic hyper-computing cluster
    • Image
      • Baidu AI Cloud Image Service Agreement
      • Create a custom image
      • Creating Linux Image Based on Local System
      • Cross-region image replication
      • Data and Personal Information Protection Statement
      • Delete a custom image
      • How to Set Network Adapter Multi-Queue Properties
      • Image List
      • Image Overview
      • Image Quick Guide
      • Import Custom Image
        • Checking Network Configuration
        • Checking Virtio Driver
        • Creating Instance Using Imported Custom Image
        • Detecting Image Using Image Detection Tool
        • Image format check
        • Image Format Conversion
        • Image Import Restrictions
        • Import Overview
        • Install cloudbase-init
        • Installing Virtio Driver
        • System Optimization Operations (Linux)
      • OS Official End of Maintenance Plan
      • Public Image Release Records
        • 2023 BCC Public Image Release Records
        • 2023 EBC Public Image Release Records
        • 2024 BCC Public Image Release Records
        • 2024 EBC Public Image Release Records
        • 2025 BCC Public Image Release Records
      • Reinstall OS
      • Share a custom image
      • Windows Image Creation
    • Instance
      • Batch Sequential Naming
      • Change Availability Zone
      • Change Charge Type
        • Postpay to Subscription
        • Subscription to Postpay
      • Change Instance Configuration
      • Create instance
        • Create Instance Navigation
        • Create Instance via Custom Image
        • Create Instance via Purchase Page
        • Create Instances with Launch Templates
        • Purchase Instance with Same Configuration
      • Cross-AZ migration
      • Functional restrictions
      • Instance Overview
      • Modify instance name
      • Postpay Instance No Charge for Stopped Instances
      • Reboot an instance
      • Reclaim instance
      • Release an instance
      • Renew an instance
      • Reset password
      • Set IAM Role
      • Sign in to instance
        • Log in to Linux Instance
          • Connect to Baidu Cloud Compute Using SmartTerm
          • Connect to Linux instance using user name-password certification
          • Log in to Linux Instance Using SSH Key on Linux or Mac
          • Log in to Linux Instance Using SSH Key via SecureCRT
          • Remotely sign in to Baidu Cloud Computer via VNC
          • Sign in to Linux instances via SSH key in Putty
          • Sign in to Linux instances via SSH key in Xshell
        • Log in to Windows Instance
          • Remotely sign in to Baidu Cloud Computer via VNC
          • Sign in to Windows instance via remote desktop
        • Login Method Overview
      • Spot instances
        • Create spot instances
        • What Is Spot Instance
      • Start an instance
      • Stop an instance
        • Elastic Baremetal Instance and Elastic High-performance Computing Cluster Instance Halt Capability Configuration Instructions
        • Stop an instance
      • View instance
    • Launch Template
    • Network
      • Bind and Unbind EIP
      • Change Internal IP
      • Change subnet
      • Change VPC
      • Configure Dual Network Interface Card External Network Access for Windows Baidu Cloud Compute
      • Configure IPv6 Address
      • Elastic network interface
        • Configure elastic network interface
        • Create elastic network interface
        • Elastic Network Interface Overview
        • Mount elastic network interface
      • Elastic RDMA Network Interface
        • Elastic RDMA Network Interface Overview
        • Instructions for use
    • Operations and Monitor
      • Cloud Assistant
        • Cloud Assistant Overview
        • Cloud Assistant Usage Notes
        • Create command
        • FAQs
        • Historical records
        • Identity and access management
        • Instance list
        • My commands
        • Public commands
        • Upload files
      • Evacuate Faulty Instance
      • Instance Health Check
      • Maintenance Platform
        • Maintenance Platform Access Instructions
        • Maintenance Platform Overview
        • Maintenance Records Query
        • Maintenance Task
        • Pre-authorization Rule Settings
      • Monitor and Alarm
      • Self-Service Diagnostic Tool
        • Application Performance Diagnostic Tool Btune
        • Self-Service Diagnostic Tool Overview
      • Use Rescue Mode
    • Reserved Instance
      • FAQ
      • Introduction to reserved instance
      • Renew reserved instances
      • Reserved Instance AZ Change
      • Reserved Instance Cross-Account Transfer
      • Reserved Instance EHC Cluster Change
      • Reserved Instance Purchase
    • Resource Assessment
    • Security
      • Identity and access management
        • Identity and access management
        • Price Permission Control
      • Key pair
        • Bind SSH Key Pair
        • Create SSH Key Pair
        • Delete SSH Key Pair
        • SSH Key Pair Overview
        • Unbind SSH Key Pair
      • Security group
        • Associate with security group
        • Copy security group
        • Create a security group
        • Delete a security group
        • Disassociate security group
        • Edit security group
        • Security group overview
    • Server Migration
      • Migration Operation Steps
      • Server Migration Operation Process
      • Server Migration Overview
    • Snapshot
      • Automatic snapshot
      • Create disk snapshot
      • Delete a snapshot
      • Rollback snapshot
      • Snapshot Overview
    • Storage
      • Overview
      • System disk expansion
    • Tag Management
      • Configure Tag
      • Tag Management Overview
      • View Resource Bill Based on Tag
  • Operations Reference
    • Linux Operations Reference
      • Baidu Cloud Compute Delete or Modify File Prompting File System Read-Only
      • CentOS 7 Install Docker
      • Configure Linux Analysis Tools atop and kdump
      • Enter Single User Mode
        • CentOS 6 Enter Single User
        • CentOS 7 Enter Single User
        • CentOS 8 Enter Single User
        • FreeBSD 11 Single User Modify Password SOP
        • opensuse42
          • 3 Enter Single User
        • Ubuntu Enter Single User
        • OpenSUSE 42_3 Enter Single User
      • How to Enable or Disable Intel CPU Vulnerability Patch in Linux Image
      • How to Handle System Boot Exception Caused by fstab Configuration
      • How to Resolve Unable to Log in to Linux BCC Instance via SSH
      • Linux BCC Instance Insufficient Space Issue Resolution
      • Linux BCC Instance Lagging Issue
      • Linux Format and Mount Instance Mount Local Disk
      • Linux Modify Default Remote Connection Port
      • Linux Server CPU and Memory Full Issue Troubleshooting
      • Linux System Install Graphical Interface and Remote Connection
        • CentOS
          • CentOS 8 Install Graphical Interface and Connect Using VNC Viewer
          • CentOS6
            • 5 Install KDE Desktop Graphical Interface and Connect Using VNC Viewer
          • CentOS7
            • 2 Install GNOME Graphical Interface and Connect Using VNC Viewer
          • Install GNOME GUI on CentOS 7_2 and Connect via VNC Viewer
          • Install GUI on CentOS 8 and Connect via VNC Viewer
          • Install KDE Desktop GUI on CentOS 6_5 and Connect via VNC Viewer
        • opensuse
          • opensuse42
            • 3 Install Graphical Interface and Connect Using VNC Viewer
          • Install GUI on OpenSUSE 42_3 and Connect via VNC Viewer
        • Ubuntu
          • Ubuntu14
            • 04 Install Graphical Interface and Connect Using VNC Viewer
          • Ubuntu18
            • 04 Install Graphical Interface and Connect Using VNC Viewer
          • Install GUI on Ubuntu 14_04 and Connect via VNC Viewer
          • Install GUI on Ubuntu 18_04 and Connect via VNC Viewer
      • Performance test
        • Linux CPU Performance Test
        • Linux Disk IO Performance Test
        • Linux Network Performance Test
      • Ubunut16_04 Subscription Extended Security Maintenance (ESM)
    • Server configuration
      • Debian 9 Software Source Configuration Update
      • Linux PIP Configuration with Baidu Source
      • Online Instance with OFED Driver Kernel Replacement Solution
      • Windows PIP Configuration with Baidu Source
    • Windows Operations Reference
      • Blue Screen Crash General Handling Method
      • Configure Multi-User Access to Windows Server
      • Connecting to Windows Server Using Xshell
      • Data Disk Not Displayed After Server Reboot
      • Desktop and Application Color Turning Black Handling Method
      • Local Playback of Sound from Windows Server
      • Performance Resources
      • Remote Connection to Windows Unable to Use Clipboard
      • System Activation
      • System Black Screen Handling Method
      • Tutorial on Disabling Windows Firewall
      • Windows Allow Single User to Connect Multiple Sessions Method
      • Windows automatic update-related configuration
      • Windows BCC Instance Achieve SID Uniqueness After Joining Domain
      • Windows BCC Instance Lagging Issue
      • Windows CPU and Memory Full Troubleshooting Steps
      • Windows Delete Hardware Reserved Memory
      • Windows Instance Disk Space Insufficient Cleanup Tutorial
      • Windows Modify Default Remote Connection Port
      • Windows Quick Login
      • Windows Server Disable IE Enhanced Security Configuration Tutorial
      • Windows Set Only Allow Local & Fixed IP Access Remote Port
      • Windows Virtual Machine Auto Login Failure Handling Method
  • Product Description
    • Application scenarios
    • Correspondence Between Original and New Model Names
    • Discontinued Instance Specifications
    • Models and Their Regions
    • Product advantages
    • Usage restrictions
    • What Is Baidu Cloud Compute BCC
    • Instance specification
  • Product pricing
    • Billing overview
    • Charge type
      • Postpay Pricing
      • Reserved instances
      • Subscription (Prepay) Pricing
      • Reserved Instance
    • Refund policy
  • Python-SDK
    • BccClient
    • Disk
    • Image
    • Initialization
    • Install the SDK Package
    • Instance
    • Overview
    • Region
    • Reserved Instance
    • Security group
    • Snapshot
    • Version Change Records
  • Python3-SDK
    • Automatic snapshot policy
    • BccClient
    • Dedicated CDS Cluster
    • Deployment group
    • Disk
    • Image
    • Initialization
    • Install the SDK Package
    • Instance
    • Key pair
    • Overview
    • Region
    • Reserved Instance
    • Security group
    • Snapshot
  • Quick Start
    • Baidu Cloud Compute Security Description
    • Quick Configuration of Linux Baidu Cloud Compute
    • Quick Configuration of Windows Baidu Cloud Compute
  • Resources
    • Baidu AI Cloud Image Service Agreement
    • Image Quick Guide
  • Service Level Agreement (SLA)
    • Baidu Intelligent Cloud Baidu Cloud Compute Trusted Cloud
    • BCC Service Level Agreement SLA (V3_0)
  • Tag Service API Reference
    • Appendix 1
    • Domain name
    • General Description
    • Interface List
      • Create tag
      • Delete tag
      • Tag List
      • View resources bound to a tag
    • Introduction
  • Transfer
    • Site Offline Migration Solution
    • Site Smooth Migration Solution
  • Typical Practices
    • Connecting to Windows Server Using Xshell
    • Environment Setup
      • Manual Deployment of SQL Server 2008 R2 Express Edition
      • One-Click Setup for Linux Palworld Server
      • One-Click Setup for Windows Palworld Server
      • Set Up FTP Service on Linux
      • Setting Up Baota on Linux
      • Setting Up Baota on Windows
      • Tutorial on Setting Up IIS and FTP on Windows
      • Typical Practice for Setting Up Access VPN
      • Installing MySQL 8_0 Using Yum on CentOS 7 yum
    • Set Up FTP Service on Linux
    • Tag Management Practice
    • Tutorial on Disabling IE Enhanced Security Configuration on Windows Server 2008
    • Tutorial on Disabling Windows Firewall
    • Website Building Tutorial
      • Building a Website Using IIS Service on Windows 2008 and Windows 2012
      • Deploy SSL Certificate on Baidu Cloud Compute - Apache
      • Deploy SSL Certificate on Baidu Cloud Compute - IIS
      • Deploy SSL Certificate on Baidu Cloud Compute - Nginx
      • Deploy SSL Certificate on Baidu Cloud Compute - Tomcat
      • Installing and Configuring Apache Environment on Windows
      • Installing and Configuring Nginx Environment on Windows
      • CentOS-7_2 LNMP Environment Deployment
      • Deploy LAMP Environment on CentOS-7_2
  • Video Zone
    • Fault handling
    • Operation guide
      • Basic Functions
      • Environment Setup
      • Network Related
      • Operations Reference
      • Paasword Function
    • Operation guide
    • Product introduction
All documents
menu
No results found, please re-enter

BCC BCC

  • API Reference
    • Appendix
    • Automatic Snapshot Policy Related Interfaces
      • Bind automatic snapshot policy
      • Create automatic snapshot policy
      • Delete automatic snapshot policy
      • Query details of automatic snapshot policy
      • Query the list of automatic snapshot policies
      • Unbind automatic snapshot policy
      • Update automatic snapshot policy
    • Cluster Management Related Interfaces
      • Create EHC Cluster
      • Delete EHC Cluster
      • EHC Cluster List
      • Modify EHC Cluster
    • Common Request Headers and Response Headers
    • Dedicated Cluster Related Interfaces
      • Canceling Dedicated Cluster Auto-Renewal
      • Create a dedicated cluster
      • Dedicated Cluster Renewal
      • Dedicated Cluster Tag Binding
      • Dedicated Cluster Tag Unbinding
      • Enabling Dedicated Cluster Auto-Renewal
      • Querying Dedicated Cluster Details
      • Querying Dedicated Cluster List
      • Resizing Dedicated Cluster
    • Deployment Group Related Interfaces
      • Adjust Deployment Group
      • Create Deployment Group
      • Delete Deployment Group
      • Get Deployment Group Details
      • Modify deployment group
      • Query the deployment group list
      • Remove Instance from Deployment Group
    • Disk Related Interfaces
      • Attach a CDS disk
      • Bind a tag to a disk
      • Cancel Auto-renewal
      • Create a CDS disk
      • Detach a CDS disk
      • Disk Expansion and Type Change
      • Enable auto-renewal
      • Get Purchasable Disk Information
      • Modify disk properties
      • Query CDS Price
      • Query disk details
      • Query the disk list
      • Release a CDS disk (new)
      • Release a CDS disk
      • Rename a disk
      • Renew a disk
      • Roll back disk data
      • Shift charge for disks
      • Unbind a tag from a disk
    • Error response
    • General Description
    • Image Related Interfaces
      • Bind a tag to an image
      • Cancel cross-region replication of custom images
      • Create a custom image
      • Delete a custom image
      • Import an image
      • Modify Custom Image Name
      • Query available public image based on instance specifications
      • Query image details
      • Query List of Users with Shared Image Access
      • Query OS information based on instance IDs in batch
      • Query the image list
      • Replicate a custom image across regions
      • Share a custom image
      • Unbind a tag from an image
      • Unshare a custom image
    • Instance Related Interfaces
      • Add an instance to a security group
      • Add IPv6
      • Batch Adding Secondary IP Addresses for Primary Network Interface Card
      • Batch Convert to Postpay
      • Batch Unsubscribe Prepaid Instances
      • Billing Change - Convert to Subscription
      • Bind a role
      • Bind a tag to an instance
      • Change the instance subnet
      • Change the instance VPC
      • Convert to prepay in batch
      • Create an instance (by specifying instance package specifications)
      • Create automatic renewal rules
      • Create instance
      • Delete automatic renewal rules
      • Delete secondary IP address from the primary network interface card in batch
      • Early Release of Prepaid Instances
      • Enter rescue mode
      • Exit rescue mode
      • Instance Resizing (By Specifying Instance Package Specification)
      • Modify instance attributes
      • Modify instance description
      • Modify instance hostname
      • Modify the instance password
      • Query Instance List by Instance ID
      • Query instance list
      • Query Multiple Instance Details
      • Query recycle bin instance list
      • Query resizing specifications
      • Query the custom data of the instance
      • Query the details of a specified instance
      • Query the list of BCC instances eligible for no charge for stopped instances
      • Query the VNC address of the instance
      • Reboot an instance
      • Reinstall an instance
      • Reinstall OS for Instances (Batch Reinstallation)
      • Release instances in batch
      • Release IPv6
      • Release Postpay Instances (Release via POST Request)
      • Release recycle bin instances
      • Remove an instance from a security group
      • Remove the relationship between an instance and its deployment group
      • Renew an instance
      • Resize instances in batches
      • Resuming Billing for BCC in Recycle Bin
      • Retrieve a list of instance roles
      • Retrieve network interface card information for an instance
      • Set Auto-release of Spot Instance EIP
      • Set Instance Deletion Protection
      • Setting Auto-Release for Postpay
      • Start an instance
      • Starting Instances (Batch Start)
      • Stop an instance
      • Stopping Instances (Batch Stop)
      • Unbind a role
      • Unbind a tag from an instance
    • Key Pair Related Interfaces
      • Bind a key pair
      • Change description of key pair
      • Create a key pair
      • Delete a key pair
      • Import a key pair
      • Query key pair details
      • Query the key pair list
      • Rename a key pair
      • Unbind a key pair
    • Maintenance platform APIs
      • Maintenance Records Related Interfaces
      • Maintenance Task Related Interfaces
      • Pre-authorization Related Interfaces
    • Other APIs
      • Query instance package price
      • Query instance package specifications (new)
      • Querying Availability Zones By Package Specification
    • Overview
    • Region and Availability Zone Related Interfaces
      • Query list of availability zones
      • Retrieve the Domain Name List API
    • Reserved Instance Related Interfaces
      • Accept Reserved Instance Transfer
      • Adjust reserved instance
      • Bind Tag to Reserved Instance
      • Create Auto-renewal Rule for Reserved Instance
      • Create reserved instances
      • Disable Auto-renewal Rule for Reserved Instance
      • Initiate Reserved Instance Transfer
      • Query Reserved Instance
      • Reject Reserved Instance Transfer
      • Renew reserved instances
      • Reserved Instance Inbound List
      • Reserved Instance Outbound List
      • Revoke Reserved Instance Transfer
      • Unbind Tag from Reserved Instance
    • Security Group Related Interfaces
      • Authorize security group rules
      • Create a security group
      • Delete a security group
      • Delete security group rules
      • Instance associating with security group
      • Query the security group list
      • Replace security group for instance
      • Revoke security group rules
      • Unbind security group from instance
      • Update security group rules
    • Service domain
    • Snapshot Related Interfaces
      • Bind a tag to a snapshot chain
      • Create a snapshot
      • Delete a snapshot
      • Query snapshot chain list
      • Query snapshot details
      • Query the snapshot list
      • Replicate a snapshot across regions
      • Unbind a tag from a snapshot chain
    • Spot Instance Related Interfaces
      • Cancel Spot Instance Order
      • Create spot instances
      • Query Spot Instance Packages
      • Query Spot Price
  • Cloud Assistant API and SDK Reference
    • Python SDK
      • Batch Retrieval of bsm-agent State within Instances
      • CaClient
      • Command Interface
      • Historical records
      • Initialization
      • Install SDK
      • Log API
  • Cloud Assistant API Reference
    • Batch Retrieve Instance BSM-Agent Status
    • Command Interface
    • Common Request and Response Headers
    • Error response
    • General Description
    • Historical records
    • Log API
    • Service domain
  • FAQs
    • Billing class
    • Common Questions Overview
    • Images
    • Instances
    • Network class
    • Performance
    • Reserved Instance
    • Security class
    • Snapshots
    • Storage class
    • Virtual machine operation and maintenance class
  • Fault handling
    • GPU Instance Downtime Troubleshooting
    • Linux Baidu Cloud Compute Entering Single User Mode to Reset Paasword Reports Error-Authentication token lock busy
    • Linux Baidu Cloud Compute Entering Single User Mode to Reset Paasword Reports Error-Authentication token manipulation error
    • Linux Baidu Cloud Compute Entering Single User Mode to Reset Root Paasword
    • Linux Baidu Cloud Compute Execution Yum Update Reports Dependency Conflict
    • Linux Baidu Cloud Compute Setting Login Method
    • Unable to Remotely Connect to Linux Instance
    • Unable to Remotely Connect to Windows Instance
    • Windows Server Cannot Ping
  • Function Release Records
  • Go-SDK
    • Automatic snapshot policy
    • Availability zone
    • Dedicated CDS Cluster
    • Deployment group
    • Disk
    • Elastic high-performance computing cluster
    • Image
    • Initialization
    • Instance
    • Key pair
    • Overview
    • Region
    • Reserved Instance
    • Security group
    • Snapshot
  • Java-SDK
    • Automatic snapshot policy
    • Availability zone
    • BCC instance
    • BccClient
    • Deployment group
    • Disk
    • Exception handling
    • Image
    • Install the SDK Package
    • Key pair
    • Log
    • Overview
    • Quick Start
    • Region
    • Reserved Instance
    • Security group
    • Snapshot
    • Version Change Records
  • Operation guide
    • Deployment group
      • Adjust Deployment Group for Existing Instances
      • Create BCC Instance within Deployment Group
      • Create Deployment Group
      • Delete Deployment Group
      • Modify Deployment Group Information
      • Overview of deployment policy
      • Remove BCC Instance from Deployment Group
    • Elastic high-performance computing cluster
      • Create Elastic High-performance Computing Cluster
      • Overview of elastic hyper-computing cluster
    • Image
      • Baidu AI Cloud Image Service Agreement
      • Create a custom image
      • Creating Linux Image Based on Local System
      • Cross-region image replication
      • Data and Personal Information Protection Statement
      • Delete a custom image
      • How to Set Network Adapter Multi-Queue Properties
      • Image List
      • Image Overview
      • Image Quick Guide
      • Import Custom Image
        • Checking Network Configuration
        • Checking Virtio Driver
        • Creating Instance Using Imported Custom Image
        • Detecting Image Using Image Detection Tool
        • Image format check
        • Image Format Conversion
        • Image Import Restrictions
        • Import Overview
        • Install cloudbase-init
        • Installing Virtio Driver
        • System Optimization Operations (Linux)
      • OS Official End of Maintenance Plan
      • Public Image Release Records
        • 2023 BCC Public Image Release Records
        • 2023 EBC Public Image Release Records
        • 2024 BCC Public Image Release Records
        • 2024 EBC Public Image Release Records
        • 2025 BCC Public Image Release Records
      • Reinstall OS
      • Share a custom image
      • Windows Image Creation
    • Instance
      • Batch Sequential Naming
      • Change Availability Zone
      • Change Charge Type
        • Postpay to Subscription
        • Subscription to Postpay
      • Change Instance Configuration
      • Create instance
        • Create Instance Navigation
        • Create Instance via Custom Image
        • Create Instance via Purchase Page
        • Create Instances with Launch Templates
        • Purchase Instance with Same Configuration
      • Cross-AZ migration
      • Functional restrictions
      • Instance Overview
      • Modify instance name
      • Postpay Instance No Charge for Stopped Instances
      • Reboot an instance
      • Reclaim instance
      • Release an instance
      • Renew an instance
      • Reset password
      • Set IAM Role
      • Sign in to instance
        • Log in to Linux Instance
          • Connect to Baidu Cloud Compute Using SmartTerm
          • Connect to Linux instance using user name-password certification
          • Log in to Linux Instance Using SSH Key on Linux or Mac
          • Log in to Linux Instance Using SSH Key via SecureCRT
          • Remotely sign in to Baidu Cloud Computer via VNC
          • Sign in to Linux instances via SSH key in Putty
          • Sign in to Linux instances via SSH key in Xshell
        • Log in to Windows Instance
          • Remotely sign in to Baidu Cloud Computer via VNC
          • Sign in to Windows instance via remote desktop
        • Login Method Overview
      • Spot instances
        • Create spot instances
        • What Is Spot Instance
      • Start an instance
      • Stop an instance
        • Elastic Baremetal Instance and Elastic High-performance Computing Cluster Instance Halt Capability Configuration Instructions
        • Stop an instance
      • View instance
    • Launch Template
    • Network
      • Bind and Unbind EIP
      • Change Internal IP
      • Change subnet
      • Change VPC
      • Configure Dual Network Interface Card External Network Access for Windows Baidu Cloud Compute
      • Configure IPv6 Address
      • Elastic network interface
        • Configure elastic network interface
        • Create elastic network interface
        • Elastic Network Interface Overview
        • Mount elastic network interface
      • Elastic RDMA Network Interface
        • Elastic RDMA Network Interface Overview
        • Instructions for use
    • Operations and Monitor
      • Cloud Assistant
        • Cloud Assistant Overview
        • Cloud Assistant Usage Notes
        • Create command
        • FAQs
        • Historical records
        • Identity and access management
        • Instance list
        • My commands
        • Public commands
        • Upload files
      • Evacuate Faulty Instance
      • Instance Health Check
      • Maintenance Platform
        • Maintenance Platform Access Instructions
        • Maintenance Platform Overview
        • Maintenance Records Query
        • Maintenance Task
        • Pre-authorization Rule Settings
      • Monitor and Alarm
      • Self-Service Diagnostic Tool
        • Application Performance Diagnostic Tool Btune
        • Self-Service Diagnostic Tool Overview
      • Use Rescue Mode
    • Reserved Instance
      • FAQ
      • Introduction to reserved instance
      • Renew reserved instances
      • Reserved Instance AZ Change
      • Reserved Instance Cross-Account Transfer
      • Reserved Instance EHC Cluster Change
      • Reserved Instance Purchase
    • Resource Assessment
    • Security
      • Identity and access management
        • Identity and access management
        • Price Permission Control
      • Key pair
        • Bind SSH Key Pair
        • Create SSH Key Pair
        • Delete SSH Key Pair
        • SSH Key Pair Overview
        • Unbind SSH Key Pair
      • Security group
        • Associate with security group
        • Copy security group
        • Create a security group
        • Delete a security group
        • Disassociate security group
        • Edit security group
        • Security group overview
    • Server Migration
      • Migration Operation Steps
      • Server Migration Operation Process
      • Server Migration Overview
    • Snapshot
      • Automatic snapshot
      • Create disk snapshot
      • Delete a snapshot
      • Rollback snapshot
      • Snapshot Overview
    • Storage
      • Overview
      • System disk expansion
    • Tag Management
      • Configure Tag
      • Tag Management Overview
      • View Resource Bill Based on Tag
  • Operations Reference
    • Linux Operations Reference
      • Baidu Cloud Compute Delete or Modify File Prompting File System Read-Only
      • CentOS 7 Install Docker
      • Configure Linux Analysis Tools atop and kdump
      • Enter Single User Mode
        • CentOS 6 Enter Single User
        • CentOS 7 Enter Single User
        • CentOS 8 Enter Single User
        • FreeBSD 11 Single User Modify Password SOP
        • opensuse42
          • 3 Enter Single User
        • Ubuntu Enter Single User
        • OpenSUSE 42_3 Enter Single User
      • How to Enable or Disable Intel CPU Vulnerability Patch in Linux Image
      • How to Handle System Boot Exception Caused by fstab Configuration
      • How to Resolve Unable to Log in to Linux BCC Instance via SSH
      • Linux BCC Instance Insufficient Space Issue Resolution
      • Linux BCC Instance Lagging Issue
      • Linux Format and Mount Instance Mount Local Disk
      • Linux Modify Default Remote Connection Port
      • Linux Server CPU and Memory Full Issue Troubleshooting
      • Linux System Install Graphical Interface and Remote Connection
        • CentOS
          • CentOS 8 Install Graphical Interface and Connect Using VNC Viewer
          • CentOS6
            • 5 Install KDE Desktop Graphical Interface and Connect Using VNC Viewer
          • CentOS7
            • 2 Install GNOME Graphical Interface and Connect Using VNC Viewer
          • Install GNOME GUI on CentOS 7_2 and Connect via VNC Viewer
          • Install GUI on CentOS 8 and Connect via VNC Viewer
          • Install KDE Desktop GUI on CentOS 6_5 and Connect via VNC Viewer
        • opensuse
          • opensuse42
            • 3 Install Graphical Interface and Connect Using VNC Viewer
          • Install GUI on OpenSUSE 42_3 and Connect via VNC Viewer
        • Ubuntu
          • Ubuntu14
            • 04 Install Graphical Interface and Connect Using VNC Viewer
          • Ubuntu18
            • 04 Install Graphical Interface and Connect Using VNC Viewer
          • Install GUI on Ubuntu 14_04 and Connect via VNC Viewer
          • Install GUI on Ubuntu 18_04 and Connect via VNC Viewer
      • Performance test
        • Linux CPU Performance Test
        • Linux Disk IO Performance Test
        • Linux Network Performance Test
      • Ubunut16_04 Subscription Extended Security Maintenance (ESM)
    • Server configuration
      • Debian 9 Software Source Configuration Update
      • Linux PIP Configuration with Baidu Source
      • Online Instance with OFED Driver Kernel Replacement Solution
      • Windows PIP Configuration with Baidu Source
    • Windows Operations Reference
      • Blue Screen Crash General Handling Method
      • Configure Multi-User Access to Windows Server
      • Connecting to Windows Server Using Xshell
      • Data Disk Not Displayed After Server Reboot
      • Desktop and Application Color Turning Black Handling Method
      • Local Playback of Sound from Windows Server
      • Performance Resources
      • Remote Connection to Windows Unable to Use Clipboard
      • System Activation
      • System Black Screen Handling Method
      • Tutorial on Disabling Windows Firewall
      • Windows Allow Single User to Connect Multiple Sessions Method
      • Windows automatic update-related configuration
      • Windows BCC Instance Achieve SID Uniqueness After Joining Domain
      • Windows BCC Instance Lagging Issue
      • Windows CPU and Memory Full Troubleshooting Steps
      • Windows Delete Hardware Reserved Memory
      • Windows Instance Disk Space Insufficient Cleanup Tutorial
      • Windows Modify Default Remote Connection Port
      • Windows Quick Login
      • Windows Server Disable IE Enhanced Security Configuration Tutorial
      • Windows Set Only Allow Local & Fixed IP Access Remote Port
      • Windows Virtual Machine Auto Login Failure Handling Method
  • Product Description
    • Application scenarios
    • Correspondence Between Original and New Model Names
    • Discontinued Instance Specifications
    • Models and Their Regions
    • Product advantages
    • Usage restrictions
    • What Is Baidu Cloud Compute BCC
    • Instance specification
  • Product pricing
    • Billing overview
    • Charge type
      • Postpay Pricing
      • Reserved instances
      • Subscription (Prepay) Pricing
      • Reserved Instance
    • Refund policy
  • Python-SDK
    • BccClient
    • Disk
    • Image
    • Initialization
    • Install the SDK Package
    • Instance
    • Overview
    • Region
    • Reserved Instance
    • Security group
    • Snapshot
    • Version Change Records
  • Python3-SDK
    • Automatic snapshot policy
    • BccClient
    • Dedicated CDS Cluster
    • Deployment group
    • Disk
    • Image
    • Initialization
    • Install the SDK Package
    • Instance
    • Key pair
    • Overview
    • Region
    • Reserved Instance
    • Security group
    • Snapshot
  • Quick Start
    • Baidu Cloud Compute Security Description
    • Quick Configuration of Linux Baidu Cloud Compute
    • Quick Configuration of Windows Baidu Cloud Compute
  • Resources
    • Baidu AI Cloud Image Service Agreement
    • Image Quick Guide
  • Service Level Agreement (SLA)
    • Baidu Intelligent Cloud Baidu Cloud Compute Trusted Cloud
    • BCC Service Level Agreement SLA (V3_0)
  • Tag Service API Reference
    • Appendix 1
    • Domain name
    • General Description
    • Interface List
      • Create tag
      • Delete tag
      • Tag List
      • View resources bound to a tag
    • Introduction
  • Transfer
    • Site Offline Migration Solution
    • Site Smooth Migration Solution
  • Typical Practices
    • Connecting to Windows Server Using Xshell
    • Environment Setup
      • Manual Deployment of SQL Server 2008 R2 Express Edition
      • One-Click Setup for Linux Palworld Server
      • One-Click Setup for Windows Palworld Server
      • Set Up FTP Service on Linux
      • Setting Up Baota on Linux
      • Setting Up Baota on Windows
      • Tutorial on Setting Up IIS and FTP on Windows
      • Typical Practice for Setting Up Access VPN
      • Installing MySQL 8_0 Using Yum on CentOS 7 yum
    • Set Up FTP Service on Linux
    • Tag Management Practice
    • Tutorial on Disabling IE Enhanced Security Configuration on Windows Server 2008
    • Tutorial on Disabling Windows Firewall
    • Website Building Tutorial
      • Building a Website Using IIS Service on Windows 2008 and Windows 2012
      • Deploy SSL Certificate on Baidu Cloud Compute - Apache
      • Deploy SSL Certificate on Baidu Cloud Compute - IIS
      • Deploy SSL Certificate on Baidu Cloud Compute - Nginx
      • Deploy SSL Certificate on Baidu Cloud Compute - Tomcat
      • Installing and Configuring Apache Environment on Windows
      • Installing and Configuring Nginx Environment on Windows
      • CentOS-7_2 LNMP Environment Deployment
      • Deploy LAMP Environment on CentOS-7_2
  • Video Zone
    • Fault handling
    • Operation guide
      • Basic Functions
      • Environment Setup
      • Network Related
      • Operations Reference
      • Paasword Function
    • Operation guide
    • Product introduction
  • Document center
  • arrow
  • BCCBCC
  • arrow
  • FAQs
  • arrow
  • Security class
Table of contents on this page
  • How to do if the password is lost?
  • The password reset failed. Are there any password rules?
  • Why can't I reset the password for my BCC?
  • Why doesn't the new password take effect after resetting the password for a windows virtual machine?
  • How to do if the server is invaded since the server password is set too simply, and antivirus measures are ineffective?
  • How to perform regular comprehensive checks on the status of BCC resources?
  • How to quickly check which ports are open on BCC and whether they are accessible?
  • How to add an IP to sign in to the allow list?
  • Is the "Network Level Authentication" function required for signing in to windows BCC?
  • What should I do if a new security group is created and associated with the original instance, but one still remains in the default security group?
  • How to prevent DDOS attacks and CC attacks?
  • How to deal with the IP attacked by DDOS?
  • Is it possible to enable SSH access between several BCC instances without requiring a password?
  • How to prevent servers and websites from being attacked by hackers?
  • How to fix Dirty COW (CVE-2016-5195) Linux vulnerability?

Security class

Updated at:2025-10-20

How to do if the password is lost?

Click "Reset Password" on the Instance Details page and follow the instructions to complete the password reset.

The password reset failed. Are there any password rules?

The current password rules for resetting passwords are as follows: 8-32 characters; there must be at least three of the following: uppercase letters, lowercase letters, numbers and special symbols; symbols limited to !@#$%^*().

Why can't I reset the password for my BCC?

For security reasons, the password rules on the Console page for resetting password are relatively complex and must meet the following requirements:

  • 8-32 characters
  • There must be at least three of the following: uppercase letters, lowercase letters, numbers and special symbols
  • Symbols are limited to !@#$%^*()

Ensure that your new password complies with the specified rules. Only the special symbols listed in the rules are allowed.

Why doesn't the new password take effect after resetting the password for a windows virtual machine?

Resetting the password for a Windows virtual machine relies on the cloudinit service. If the cloudinit service is disabled or restricted by security management software within the virtual machine, the password reset may fail.

First check whether the cloudinit service within the system is running normally to ensure that the password reset takes effect:

  1. Log in to the Windows virtual machine, click Start, and navigate to Management Tools -> Services.

  1. Double-click the Cloud Initialization Service, and in the pop-up box, click the Start button.
  • If the cloudinit service starts normally, the service is functioning correctly, and you can proceed with resetting the password in the BCC console.
  • If an error occurs while starting the cloudinit service, the issue lies with the service itself. Proceed to step 3.

  1. Switch to the "Log On" tab and verify the login account used for the cloudinit service. Ensure the login account is set to "Local System Account" as improper permissions may prevent the cloudinit service from running correctly.

  1. If you still cannot sign in to the Windows virtual machine with the new password, please enter a ticket with details.

Note:

After installing the security software, manually "start" the cloudinit service once (see step 2). If the security software shows pop-ups indicating that the cloudinit service is calling system commands, make sure to approve them. Otherwise, cloudinit won't be able to execute system commands properly, making the service unavailable.

How to do if the server is invaded since the server password is set too simply, and antivirus measures are ineffective?

You can reset the password in the Baidu AI Cloud console. On the Instance Details page of BCC, you'll find the Reset Password option.

If the system already contains viruses or Trojans, you can select Reinstall OS to clean the system, but be aware that this will result in the loss of system disk data!

It's recommended to check for vulnerabilities and backdoors in the program to minimize the risk of unauthorized access.

How to perform regular comprehensive checks on the status of BCC resources?

You can activate the "Cloud Advisor" service to regularly receive inspection reports on the security, availability, performance and cost of cloud resources.
The reports include several BCC-related inspection items, such as BCC-Host Security Inspection Results, BCC-Low Utilization, BCC-Shared Images, BCC-Availability Zone Distribution, BCC-Security Risk Detection (SRD) Inspection Results, BCC-Install Host Security Client, BCC-Instance Deactivation, BCC-OS Version and BCC-High Utilization.
Please visit Cloud Advisor Homepage to learn about or activate the Cloud Advisor service

How to quickly check which ports are open on BCC and whether they are accessible?

You can use BCC Port Verification Tool for rapid detection to quickly check which ports are currently open on the BCC serverimage.png

  • Basic detection: Click Start Detection to check whether some commonly used ports are accessible image.png
  • Advanced detection: Click Advanced Detection to customize the port to be detected. You can select multiple ports. image.png

How to add an IP to sign in to the allow list?

Baidu AI Cloud blocks IPs that fail multiple password attempts in a short time. If you believe your IP has been blocked and want to unblock it, go to the console, find the Host Security product, select Configuration Management - Sign-in Management Settings, click Add Allow List, and add your public IP to unblock it.

Changes generally take effect within 10 minutes. If you're still unable to establish a remote connection after 10 minutes, the issue likely isn't due to our block. In this case, we recommend submitting a Compute and Network/Baidu Cloud Compute (BCC) ticket, providing details about your issue along with the instance ID, instance IP, and remote port. Our engineers will investigate and resolve the issue for you.

Is the "Network Level Authentication" function required for signing in to windows BCC?

Method 1: For security reasons, the remote desktop on cloud servers running Windows systems is set by default to allow only "Remote desktop computer connections with network-level authentication.\

The local Windows server must support the "Network Level Authentication" function; otherwise, you will not be able to sign in to the Windows cloud server. The method for checking is as follows: a. Start remote desktop connection b. Right-click the window title bar and click About c. In the pop-up window, you should see the text "Support network level authentication" If you do not see the text "Support network level authentication" in the above operations, you will need to install the corresponding patch package to support this function.

Method 2: Disable the "Network Level Authentication" function. First, the user needs to remotely sign in to the Windows BCC server with VNC: a. Enter gpedit.msc in the running status to access the local group policy settings; b. Navigate to Computer Configuration - Management Template - Windows Component - Remote Desktop Service - Remote Desktop Session Host - Security - Require User Authentication for Remote Connection by Network Level Authentication and set it to Disabled; c. Open Computer - Attributes - Advanced System Settings - Remote, and select "Allow connections from computers running any version of remote desktop (less secure)" under Remote Desktop.

What should I do if a new security group is created and associated with the original instance, but one still remains in the default security group?

  1. A security group can only be deleted when all BCC instances have been disassociated from it. The Count of Associated Instances column in the security group list indicates How many BCC instances are currently associated with the security group?

  2. Cloud servers can be assigned to multiple security groups. For instance, Security Group A might allow access only to port 22, while Security Group B allows pinging. Combining Security Group A and B will allow both access to port 22 and pinging. After associating a new security group, you can manually disassociate any unneeded security groups via the cloud server's security group page.

    Note: Every cloud server must be associated with at least one security group.

How to prevent DDOS attacks and CC attacks?

Baidu AI Cloud provides a free BSS (Baidu Security Service) product to protect against CC and DDoS attacks for BCC. Users can configure traffic cleaning thresholds based on their application needs.

How to deal with the IP attacked by DDOS?

The default DDoS protection threshold for BCC servers is currently 5 Gbps (BCC in mainland regions is 5 Gbps, and BCC in Hong Kong region is 1 Gbps). Once the threshold is triggered and blackholing occurs, the IP will be blocked by the ISP for 24 hours and cannot be unblocked.
If you want better protection against DDoS attacks, we recommend using our DDoS High Defense service. For details, please refer to DDoS High Defense IP

Is it possible to enable SSH access between several BCC instances without requiring a password?

You can achieve this by using key pairs. For details, please refer to the Key Pair Document

How to prevent servers and websites from being attacked by hackers?

Server security:

  1. It is recommended to block ports not required by your applications in the firewall or security group settings and not expose them externally. Please refer to the Security Group Document
  2. Regularly change passwords and increase password complexity
  3. Install security antivirus software on OS
  4. Use automatic snapshot policies to regularly create snapshots. This allows you to roll back data promptly in case of issues. Please refer to Automatic Snapshot

For more security recommendations, you can search for "security hardening" on Baidu to find relevant tutorials for reference

How to fix Dirty COW (CVE-2016-5195) Linux vulnerability?

A race condition occurred in the Linux kernel's memory subsystem during copy-on-write (COW) operations. A malicious user could exploit this to trick the system into altering read-only user-space code and executing it. A local user with low privileges could use this vulnerability to write to otherwise read-only memory mappings.

  • Vulnerability number: CVE-2016-5195
  • Vulnerability impact: After retrieving low-privilege user access through remote intrusion, a hacker can exploit this vulnerability on all versions of the Linux system to achieve local privilege escalation and gain root access to the server.

  • Affected scope: This vulnerability can be exploited for privilege escalation on all versions of the Linux system (Linux kernel >= 2.6.22):

    Plain Text 
    1CentOS 6.5 32-bit/64-bit
2 CentOS 7.1 32-bit/64-bit
3 Debian 7.5 64-bit
4 Debian 8.1 64-bit
5 Ubuntu Server 12.04.4 LTS 32-bit/64-bit
6 Ubuntu Server 14.04.1 LTS 32-bit/64-bit
  • Vulnerability fix solution:
  1. Download the fix-tool-allinone.tar compressed package provided by Baidu AI Cloud to the server.

  2. Unzip the compressed package

    Plain Text 
    1root@linux ~]# tar xf fix-tool-allinone.tar.gz

  3. Enter the fix-tool-allinone directory

    Plain Text 
    1[root@linux ~]# cd fix-tool-allinone
2[root@linux fix-tool-allinone]# ls
3fix-tool-32-bit.tar.gz  
4fix-tool-64-bit.tar.gz  
5run.sh

  4. Run run.sh.

    Plain Text 
    1[root@linux fix-tool-allinone]# ./run.sh
2DirtyCow check and fix needs quite some time, please be patient.
3
4pokeball
5   (___)
6   (o o)_____/
7    @@ `     \
8     \ ____, /miltank
9     //    //
10    ^^    ^^
11mmap 7f804ec7f000
12
13madvise 0
14
15ptrace 0
16
17Your kernel is 3.10.0 which IS vulnerable.
18Updating linux kernel to fix DirtyCow vulnerablity!
19Please confirm whether to continue the operation or not.[y/n]

This tool integrates the pokemon program, which exploits the DirtyCow vulnerability to enable a regular user to modify files with read-only permissions. The tool first creates a regular user and copies the test program and the test file used by the program to the regular user's home directory. Then, it runs the pokemon program to detect the vulnerability.

If the vulnerability is detected, the above prompt will be displayed. If the user enters 'y', the kernel will be upgraded to fix the vulnerability. If the user enters 'n', the program will exit directly.

  1. After upgrading the kernel, users must manually restart the server. If ongoing application operations make it inconvenient to upgrade the kernel immediately, users can enter 'n' after the detection completes and perform the upgrade when the server is idle.

Previous
Reserved Instance
Next
Snapshots