Server Compliance

A security measure to enforce all network connected servers to comply with a set of international security standards and practices. To enforce the standards, a piece of agent software will need to be installed on each campus server for conducting compliance assessment and detecting security vulnerability (the cost is HK$200 for each physical CPU core).  Newly installed servers will have to get the agent software installed and keep it online upon the assignment of a fixed IP address by ITS.  Please fill in this form for update of server information.

Annual and quarterly reports on the compliance level of the servers and the list of non-compliance items will be sent to departments for taking remedial actions, if any.  Compliance level is assessed based on a set of HKU Server Compliance Baseline Policies and 65% is set as the alarm level.  Departments will be urged to take immediate remedial actions if the alarm level was hit in two consecutive quarterly reports.

For security reasons, IP addresses of the servers will be blocked if

  1. they are not installed with the agent software; or
  2. they are not listed in the quarterly compliance reports for 2 consecutive months (e.g. the agent software is turned off); or
  3. no remedial action is taken after the alarm level was hit in 2 consecutive months

Baseline Policies and Software Agent Packages

Baseline policies are hardening checklist formulated based on the Policy Statement and Checklists produced by DISA (Defense Information Systems Agency) (reference here). Our Baseline Policies are distilled from the DISA lists which only include the most critical items. These policies are specific to individual operating systems and the currently available policies are listed below-

 Supported PlatformsSoftware Agent PackagesSuggested Compliance Guidelines
Microsoft Windows PlatformsWindows Server 2016 – 2022Microsoft Windows Platform Agent Installation Package (Windows Server 2016 – 2022)

2016

2019

2022

Linux PlatformsRHEL 7-9 and it’s derivatives (such as CentOS/Rocky/AlmaLinux/CloudLinux/OEL)IEM Agent Packages for RHEL derivatives (7-9, 64bits)

RHEL/CentOS 7

RHEL/CentOS 8

RHEL 9 derivatives

Other Platforms IEM Agent Packages for UbuntuUbuntu
20.04
22.04

MFA

Multi-Factor Authentication

February 2024
February 2024

Mandatory for all staff accounts

May 2024
May 2024

Mandatory for all student accounts