One of the security product offers free-of-charge by AliCloud is Server Guard. Server Guard is a host-based intrusion detection system (HIDS) that monitors and analyzes the internals system of an ECS instance.
First thing first, Alibaba CLoud should really need to improve their UI. When I access to the Server Guard (YunDun) console, part of the description is displayed in Chinese, despite I am on the English console.
The Server Guard Agent plug-in was integrated and enabled into the system image during my purchase of the ECS instance. (Do read my first review on Ali Cloud) If it is not enabled during the purchased of an ECS instance, you can install it using CLI.
You can log on to the Alibaba Cloud Security Server Guard console and check the Server Guard Agent online status of each server on the asset management page.
My newly created ECS instance has 13 vulnerabilities.
Click on the number to see the detail information. (Again,the explaination are in Chinese)
This is a good feature to inform system administrator the need of to keep software packages up-to-date.
Server Guard also detects the following:
Suspicious file
Suspicious process
Abnormal connection
Screenshoot of abnormal login shown that my SSH session to the server with root. (This is a bad practise!)
Lastly, you can setup notification for Remote login, Brute-force attack and Protection Against Backdoors.
Server Security Server Guard is a good feature and should enable by default for an ECS instance. However, Ali Cloud team need to work on to provide better user interface and offer more security features.
Want to try out Alibaba Cloud with $300 free credit?