A security measure to enforce all network connected servers to comply with a set of international security standards and practices. To enforce the standards, a piece of agent software will need to be installed on each campus server for conducting compliance assessment and detecting security vulnerability (the cost is HK$200 for each physical CPU core). Newly installed servers will have to get the agent software installed and keep it online upon the assignment of a fixed IP address by ITS. Please fill in this form for update of server information.
Annual and quarterly reports on the compliance level of the servers and the list of non-compliance items will be sent to departments for taking remedial actions, if any. Compliance level is assessed based on a set of HKU Server Compliance Baseline Policies and 65% is set as the alarm level. Departments will be urged to take immediate remedial actions if the alarm level was hit in two consecutive quarterly reports.
For security reasons, IP addresses of the servers will be blocked if
- they are not installed with the agent software; or
- they are not listed in the quarterly compliance reports for 2 consecutive months (e.g. the agent software is turned off); or
- no remedial action is taken after the alarm level was hit in 2 consecutive months
Baseline Policies and Software Agent Packages
|Supported Platforms||Software Agent Packages||Suggested Compliance Guidelines|
|Microsoft Windows Platforms||Windows 8.1, Windows Server 2012 – 2019||Microsoft Windows Platform Agent Installation Package (Windows 8.1/ Server 2012-2019)||201220162019|
|Unix/Linux Platforms||CentOS 7-8, RHEL 7-8, AIX 7.x, Solaris 10-11 and HP-UX 11.31||IEM Agent Packages for RedHat/CentOS (7-8, 64bits)||RHEL/CentOS 7 RHEL/CentOS 8|
|Other Platforms||IEM Agent Packages for Ubuntu||Ubuntu 18.04/20.04|