This paper studies the server security baseline, introduces the technology and inspection methods currently used. In view of the shortcomings resulted in by the current tool that security configuration coverage is difficult to guarantee, consuming a lot of manpower, long cycle, low efficiency and so on, SCAP(Security Content Automation Protocol) standard is introduced. Adopting agent/server architecture, by deploying agent program on the user's servers, realizes the automated security baseline (mainly security configuration) verification to the operating system, middleware and database in the ...