CN109905347A - Security baseline configuration method, device, equipment, cloud host, medium and system - Google Patents
Security baseline configuration method, device, equipment, cloud host, medium and system Download PDFInfo
- Publication number
- CN109905347A CN109905347A CN201711286982.5A CN201711286982A CN109905347A CN 109905347 A CN109905347 A CN 109905347A CN 201711286982 A CN201711286982 A CN 201711286982A CN 109905347 A CN109905347 A CN 109905347A
- Authority
- CN
- China
- Prior art keywords
- configuration
- cloud host
- configuration information
- electronic equipment
- baseline
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of security baseline configuration method, device, electronic equipment, cloud host, storage medium and systems, which comprises receives configuration-direct, wherein includes the identification information of baseline configuration element in configuration-direct;According to the OS Type of cloud host to be configured, middleware type and baseline configuration element, configuration information is generated;Send configuration information to cloud host;It is executed instruction to the transmission of cloud host, cloud host is made to execute the configuration that configuration information carries out security baseline.Due in embodiments of the present invention, electronic equipment by being equipped with management platform generates configuration information, and send configuration information to cloud host, so that cloud host is executed the configuration that configuration information carries out security baseline, configuration information is not generated on cloud host, cloud host does not have the permission for generating configuration information yet, configuration information is avoided to be tampered in generating process, it also avoids cloud host and goes beyond one's commission to generate configuration information, reduce security risk, improve the safety of cloud host.
Description
Technical field
The present invention relates to security baseline configuration methods a kind of in field of cloud computer technology more particularly to cloud security, device, electricity
Sub- equipment, cloud host, storage medium and system.
Background technique
Cloud computing refers to the delivery of information technology (Information Technology, IT) infrastructure and uses mould
Formula refers to the resource (hardware, platform, software) needed for obtaining by network with on-demand, easy extension way.Resource in " cloud " exists
User appears to be can be with infinite expanding, and can obtain at any time, uses as needed, extends at any time, pay-per-use." cloud "
It is a computing resource pool, usually some large server clusters, including calculation server, storage server or bandwidth resources
Etc.." cloud computing puts together all computing resources, is supplied to user by network, this to be not necessarily to using supplier
It is worried for cumbersome details, the business of oneself can be focused more on, is conducive to innovate and reduce cost.
With the extensive use of cloud computing, the safety for providing the cloud host of service in cloud platform for user becomes especially to weigh
It wants.In the prior art, to cloud host carry out security baseline configuration when, be equipped with management platform electronic equipment by with cloud
The agency plant (agent) of host is communicated, and issues configuration-direct to cloud host, after cloud host receives configuration-direct, root
Configuration information is generated according to baseline configuration element, and executes the configuration that configuration information carries out security baseline, cloud host itself has life
At the permission of configuration information, it is easy to cause that configuration information is tampered during generation or cloud host does not receive peace
When the configuration-direct of the electronic equipment equipped with management platform, goes beyond one's commission and carry out the generation of configuration information and the configuration of security baseline, give
The safety belt of cloud host carrys out hidden danger.
Summary of the invention
The present invention provides a kind of security baseline configuration method, device, electronic equipment, cloud host, storage medium and system, uses
There are security risks when solving the problem of in the prior art under cloud computing scene to the progress security baseline configuration of cloud host.
The invention discloses a kind of security baseline configuration methods, described applied to the electronic equipment for being equipped with management platform
Method includes:
Configuration-direct is received, wherein including the identification information of baseline configuration element in the configuration-direct;
Matched according to the OS Type of cloud host to be configured, middleware type and the baseline configuration element, generation
Confidence breath;
The configuration information is sent to the cloud host;
Configuration information is sent to the cloud host to execute instruction, and so that the cloud host is executed configuration information and is carried out security baseline
Configuration.
Further, the configuration information includes:
For carrying out the executable script of security baseline configuration;Or,
For carrying out the executable file of security baseline configuration.
Further, after the generation configuration information, before Xiang Suoshu cloud host transmission configuration information executes instruction, institute
State method further include:
According to the configuration information and preset algorithm, the first Hash values are generated;
The second hash value that the cloud host is sent is received, judge whether are first hash value and second hash value
It is identical, wherein second hash value is that the cloud host is generated according to the configuration information and the preset algorithm that receive
's;
If so, carrying out subsequent step.
Further, if first hash value is different from second hash value, the method also includes:
Generate the warning information of the identification information comprising the cloud host.
Further, the method also includes:
The security baseline configuration result that the cloud host is sent is received, wherein including institute in the security baseline configuration result
The information that whether each baseline configuration element has configured as requested in the security baseline of cloud host configuration stated.
The invention discloses a kind of security baseline configuration methods, are applied to cloud host, which comprises
It receives and the configuration information that the electronic equipment of management platform is sent is installed, wherein the configuration information is to be equipped with pipe
The electronic equipment of platform is generated according to the OS Type of the cloud host, middleware type and baseline configuration element;
Receive be equipped with management platform electronic equipment send configuration information execute instruction, execute the configuration information into
The configuration of row security baseline.
Further, the configuration information includes:
For carrying out the executable script of security baseline configuration;Or,
For carrying out the executable file of security baseline configuration.
Further, after the configuration information that the electronic equipment that the reception is equipped with management platform is sent, the method
Further include:
The second Hash values are generated according to the configuration information and preset algorithm;
Second hash value is sent to the electronic equipment for being equipped with management platform.
Further, the configuration information is executed to complete to postpone matching for security baseline, the method also includes:
It examines whether the security baseline after the completion of configuration has configured as requested, generates security baseline configuration result, and
The security baseline configuration result is sent to the electronic equipment for being equipped with management platform, wherein the security baseline configuration result
In the information that whether has configured as requested of each baseline configuration element in the security baseline comprising cloud host configuration.
Further, the method also includes:
Delete the configuration information.
The invention discloses a kind of security baseline configuration devices, described applied to the electronic equipment for being equipped with management platform
Device includes:
First receiving module, for receiving configuration-direct, wherein including the mark of baseline configuration element in the configuration-direct
Know information;
Generation module, for being matched according to the OS Type of cloud host to be configured, middleware type and the baseline
Element is set, configuration information is generated;
First sending module, for the configuration information to be sent to the cloud host;
Second sending module is executed instruction for sending configuration information to the cloud host, matches the cloud host execution
Confidence breath carries out the configuration of security baseline.
The invention discloses a kind of security baseline configuration devices, are applied to cloud host, and described device includes:
Receiving module, for receiving the configuration information for being equipped with the electronic equipment of management platform and sending, wherein the configuration
Information be equipped with management platform electronic equipment matched according to OS Type, middleware type and the baseline of the cloud host
Set element generation;
Order receiver module is executed, the configuration information execution for receiving the electronic equipment transmission for being equipped with management platform refers to
It enables, executes the configuration that the configuration information carries out security baseline.
The invention discloses a kind of electronic equipments for being equipped with management platform, comprising: memory, processor and transceiver;
The processor executes following process: receiving configuration-direct, wherein described for reading the program in memory
It include the identification information of baseline configuration element in configuration-direct;According to OS Type, the middleware of cloud host to be configured
Type and the baseline configuration element generate configuration information;The configuration information is sent to the cloud host by transceiver;
Configuration information is sent to the cloud host to execute instruction, and the cloud host is made to execute the configuration that configuration information carries out security baseline.
Further, the processor is also used to generate the first Hash according to the configuration information and preset algorithm
Value;The second hash value sent by cloud host described in transceiver, judges first hash value and the 2nd Hash
Whether value is identical, wherein second hash value is the cloud host according to the configuration information and the preset algorithm received
It generates;It is executed instruction if so, sending configuration information to the cloud host.
Further, the processor generates if it is different from second hash value to be also used to first hash value
The warning information of identification information comprising the cloud host.
Further, the processor, the security baseline configuration for being also used to send by cloud host described in transceiver
As a result, each baseline configuration element in the security baseline wherein configured in the security baseline configuration result comprising the cloud host
The information whether configured as requested.
The invention discloses a kind of cloud hosts, comprising: memory, processor and transceiver;
The processor executes following process: being equipped with pipe by transceiver for reading the program in memory
The configuration information that the electronic equipment of platform is sent, wherein the configuration information be equipped with the electronic equipment of management platform according to
What OS Type, middleware type and the baseline configuration element of the cloud host generated;It receives and management platform is installed
The configuration information that electronic equipment is sent executes instruction, and executes the configuration that the configuration information carries out security baseline.
Further, the processor is also used to generate the second Hash according to the configuration information and preset algorithm
Hash value;Second hash value is sent to the electronic equipment for being equipped with management platform by transceiver.
Further, the processor is also used to examine whether the security baseline after the completion of configuration has matched as requested
It sets, generates security baseline configuration result, and be sent to be equipped with to manage by the security baseline configuration result by transceiver and put down
The electronic equipment of platform, wherein each baseline in the security baseline configured in the security baseline configuration result comprising the cloud host
The information whether configuration key element has configured as requested.
Further, the processor is also used to delete the configuration information.
The invention discloses a kind of electronic equipment, comprising: processor, communication interface, memory and communication bus, wherein
Processor, communication interface, memory complete mutual communication by communication bus;
It is stored with computer program in the memory, when described program is executed by the processor, so that the place
Manage the step of device executes any of the above-described the method.
The invention discloses a kind of electronic equipment, comprising: processor, communication interface, memory and communication bus, wherein
Processor, communication interface, memory complete mutual communication by communication bus;
It is stored with computer program in the memory, when described program is executed by the processor, so that the place
Manage the step of device executes any of the above-described the method.
The invention discloses a kind of computer readable storage medium, it is stored with the computer journey that can be executed by electronic equipment
Sequence, when described program is run on the electronic equipment, so that the electronic equipment executes any of the above-described the method
Step.
The invention discloses a kind of computer readable storage medium, it is stored with the computer journey that can be executed by electronic equipment
Sequence, when described program is run on the electronic equipment, so that the electronic equipment executes any of the above-described the method
Step.
The invention discloses a kind of security baseline to configure system, the system comprises: include above-mentioned security baseline configuration dress
The electronic equipment for being equipped with management platform and at least one cloud host comprising above-mentioned security baseline configuration device set.
Further, the cloud host is equipped with the agency for being communicated with the electronic equipment for being equipped with management platform
Agent program.
The invention discloses a kind of security baseline configuration method, device, electronic equipment, cloud host, storage medium and system,
The described method includes: the electronic equipment for being equipped with management platform receives configuration-direct, wherein including baseline in the configuration-direct
The identification information of configuration key element;According to the OS Type of cloud host to be configured, middleware type and the baseline configuration
Element generates configuration information;The configuration information is sent to the cloud host;Configuration information is sent to the cloud host to execute
Instruction makes the cloud host execute the configuration that configuration information carries out security baseline.Due in embodiments of the present invention, by being equipped with
The electronic equipment for managing platform is raw according to the OS Type of cloud host to be configured, middleware type and baseline configuration element
At configuration information, and the configuration information of generation is sent to cloud host to be configured, is sent to cloud host to be configured and match confidence
Breath executes instruction, and so that cloud host to be configured is executed the configuration that configuration information carries out security baseline, does not generate and match on cloud host
Confidence breath, cloud host do not have the permission for generating configuration information yet, avoid configuration information and be tampered in generating process, keep away yet
Cloud host is exempted from and has gone beyond one's commission to generate configuration information, has reduced security risk, improve the safety of cloud host.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with
It obtains other drawings based on these drawings.
Fig. 1 is a kind of security baseline configuration process schematic diagram that the embodiment of the present invention 1 provides;
Fig. 2 is a kind of security baseline configuration process schematic diagram that the embodiment of the present invention 2 provides;
Fig. 3 is a kind of security baseline configuration process schematic diagram that the embodiment of the present invention 4 provides;
Fig. 4 is a kind of security baseline configuration device structural schematic diagram that the embodiment of the present invention 7 provides;
Fig. 5 is a kind of security baseline configuration device structural schematic diagram that the embodiment of the present invention 8 provides;
Fig. 6 is a kind of electronic equipment schematic diagram that the embodiment of the present invention 9 provides;
Fig. 7 is a kind of cloud host schematic diagram that the embodiment of the present invention 10 provides;
Fig. 8 is a kind of electronic equipment schematic diagram that the embodiment of the present invention 11 provides;
Fig. 9 is a kind of electronic equipment schematic diagram that the embodiment of the present invention 12 provides;
Figure 10 is that a kind of security baseline that the embodiment of the present invention 15 provides configures system structure diagram.
Specific embodiment
To make the objectives, technical solutions, and advantages of the present invention clearer, make below in conjunction with the attached drawing present invention into one
Step ground detailed description, it is clear that described embodiment is only a part of the embodiments of the present invention, rather than whole implementation
Example.Based on the embodiments of the present invention, obtained by those of ordinary skill in the art without making creative efforts
Every other embodiment, shall fall within the protection scope of the present invention.
Embodiment 1:
Fig. 1 is a kind of security baseline configuration process schematic diagram provided in an embodiment of the present invention, which includes:
S101: receiving configuration-direct, wherein including the identification information of baseline configuration element in the configuration-direct.
Security baseline configuration method provided in an embodiment of the present invention is applied to be equipped with the electronics of management platform in cloud platform
Equipment, the electronic equipment for being equipped with management platform can service for any one constituted in server of cloud platform cluster
Device.Security baseline configuration method provided in an embodiment of the present invention can be to vSphere, Hyper-V, Xen be used, and KVM etc. is virtual
Change technology and cloud host tenant's cluster for generating carry out the configuration of security baseline.
Security baseline is the guarantee of an information system security and reliability, i.e., the information system basic need meets
Safety requirements.The safety of information system is generally required between the cost paid safely and the security risk being able to bear
It is balanced, and security baseline is exactly the reasonable line of demarcation of this balance.The most basic security baseline demand of discontented pedal system,
Also with regard to the unbearable various security risks of thus bring.And if excess meets basic security baseline requirement, non-basic peace
The satisfaction of full demand will bring paying for excess safety cost, so oneself warp of tectonic information system security baseline becomes system and pacifies
The first step of full engineering, while being also the prerequisite for carrying out security evaluation, solving the problems, such as information system security.It is flat in cloud
Each cloud host in platform can be used as an information system, baseline configuration method provided in an embodiment of the present invention, for pair
Cloud host in cloud platform carries out the configuration of security baseline.
In the electronic equipment for being equipped with management platform, pre-save for in cloud host operating system and cloud host
Between part carry out security baseline configuration baseline configuration element information, it is preparatory that the information of the baseline configuration element can be user
It imports in the electronic equipment for being equipped with management platform, is also possible to user and is previously written the electronic equipment for being equipped with management platform
In.The electronic equipment for being equipped with management platform is provided with the page that baseline configuration element is selected for user, and user can basis
The configuration needs of cloud host operating system and/or cloud host middleware carry out the selection of baseline configuration element under the page,
After the completion of user selects baseline configuration element, it can be matched by configuring button to the electronic equipment transmission for being equipped with management platform
Instruction is set, wherein the identification information of the baseline configuration element comprising user's selection in configuration-direct.The electricity of management platform is installed
Sub- equipment receives configuration-direct, by the identification information for the baseline configuration element for including in configuration-direct, determines that user selects
Baseline configuration element.
S102: raw according to the OS Type of cloud host to be configured, middleware type and the baseline configuration element
At configuration information.
Because the operating system and middleware of different cloud hosts have differences, in order to guarantee that cloud host is able to carry out configuration information
The configuration for carrying out security baseline, be equipped with the electronic equipment of management platform according to the OS Type of cloud host to be configured,
Middleware type and baseline configuration element generate configuration information.Wherein, the middleware of cloud host include Apache, Tomcat,
Nginx, MySQL, IIS, BIND etc..In embodiments of the present invention, according to the OS Type of cloud host, middleware type and
Baseline configuration element, generating configuration information is the prior art, is no longer repeated.
S103: the configuration information is sent to the cloud host.
S104: Xiang Suoshu cloud host sends configuration information and executes instruction, and so that the cloud host is executed configuration information and is pacified
The configuration of full baseline.
Specifically, be equipped with management platform electronic equipment send configuration information to cloud host to be configured after, to
The cloud host of configuration sends configuration information and executes instruction, and cloud host to be configured receives the electronic equipment for being equipped with management platform
After what is sent executes instruction, the configuration that configuration information carries out security baseline is executed.
In addition, the electronic equipment for being equipped with management platform is also provided with the page for carrying out cloud Selection of chiller for user, user
It can select to need to carry out the cloud host of security baseline configuration under the page, wherein user selection needs to carry out security baseline
The cloud host of configuration can be one, or more, if user has selected at least two to need to carry out baseline configuration
Cloud host is equipped with every cloud host needing carry out baseline configuration of the electronic equipment of management platform respectively by user's selection and makees
For cloud host to be configured, the step of being carried out S102-S104 for each cloud host to be configured, matching for security baseline is carried out
It sets.
Due in embodiments of the present invention, by being equipped with the electronic equipment of management platform according to the behaviour of cloud host to be configured
Make system type, middleware type and baseline configuration element and generate configuration information, and the configuration information of generation is sent to wait match
The cloud host set sends configuration information to cloud host to be configured and executes instruction, cloud host to be configured is made to execute configuration information
The configuration for carrying out security baseline does not generate configuration information on cloud host, and cloud host does not have the permission for generating configuration information yet,
It avoids configuration information to be tampered in generating process, also avoids cloud host and go beyond one's commission to generate configuration information, it is hidden to reduce safety
Suffer from, improves the safety of cloud host.
Embodiment 2:
The configuration that security baseline is carried out for the ease of cloud host, on the basis of the above embodiments, in the embodiment of the present invention
In, the configuration information includes:
For carrying out the executable script of security baseline configuration;Or,
For carrying out the executable file of security baseline configuration.
Specifically, the electronic equipment for managing platform is installed when generating configuration information, it can be according to cloud master to be configured
OS Type, middleware type and the baseline configuration element of machine generate the executable foot for carrying out security baseline configuration
This, or generate the executable file for carrying out security baseline configuration.
In addition, configuration information is tampered in transmission process in order to prevent, and after the generation configuration information, Xiang Suoshu cloud
Before host transmission configuration information executes instruction, the method also includes:
According to the configuration information and preset algorithm, the first Hash (Hash) value is generated;
The second hash value that the cloud host is sent is received, judge whether are first hash value and second hash value
It is identical, wherein second hash value is that the cloud host is generated according to the configuration information and the preset algorithm that receive
's;
If so, carrying out subsequent step.
If first hash value is different from second hash value, the method also includes:
Generate the warning information of the identification information comprising the cloud host.
Specifically, locally all being preserved in the electronic equipment and cloud host to be configured for being equipped with management platform identical pre-
If algorithm, such as Message-Digest Algorithm 5 (Message-Digest Algorithm 5, MD5) etc..Management platform is installed
After the configuration information of generation is sent to cloud host to be configured by electronic equipment, the electronic equipment of management platform is installed according to matching
Confidence breath and preset algorithm, generate the first hash value, and receive what cloud host to be configured was sent, according to the configuration received
The second hash value that information and preset algorithm generate, judges whether the first hash value is identical as the second hash value, if identical,
Then illustrate that configuration information is not tampered in transmission process, configuration information is accurate, sends configuration information to cloud host to be configured
It executes instruction, cloud host to be configured is made to execute the configuration that configuration information carries out security baseline.
In addition, if the first hash value is different from second hash value, then illustrate configuration information quilt in transmission process
It distorts, or is tampered in cloud host side, generate the warning information of the identification information comprising cloud host to be configured.
Fig. 2 is a kind of security baseline configuration process schematic diagram provided in an embodiment of the present invention, which includes:
S201: receiving configuration-direct, wherein including the identification information of baseline configuration element in the configuration-direct.
S202: raw according to the OS Type of cloud host to be configured, middleware type and the baseline configuration element
At configuration information;
S203: the configuration information is sent to the cloud host.
S204: according to the configuration information and preset algorithm, the first hash value is generated.
S205: the second hash value that the cloud host is sent is received, judges first hash value and the 2nd Hash
Whether value is identical, if so, S206 is carried out, if not, carrying out S207.
S206: Xiang Suoshu cloud host sends configuration information and executes instruction, and so that the cloud host is executed configuration information and is pacified
The configuration of full baseline.
S207: the warning information of the identification information comprising the cloud host is generated.
Wherein, step S204 generates the process of the first hash value, Ke Yi according to the configuration information and preset algorithm
The configuration information is sent to after the process of the cloud host by step S203, described can also will match confidence in step S203
Breath is sent to before the process of the cloud host, in embodiments of the present invention, is not specifically limited.
Embodiment 3:
Know to guarantee that management equipment carries out security baseline configuration result to cloud host, in the base of the various embodiments described above
On plinth, in embodiments of the present invention, the method also includes:
The security baseline configuration result that the cloud host is sent is received, wherein including institute in the security baseline configuration result
The information that whether each baseline configuration element has configured as requested in the security baseline of cloud host configuration stated.
Cloud host to be configured is completed to postpone matching for security baseline in execution configuration information, according to each in configuration information
Baseline configuration element, verifies whether each baseline configuration element in the security baseline of itself configuration has configured as requested, and
Whether configured as requested according to each baseline configuration element in the security baseline of itself configuration, has generated security baseline configuration
As a result, and the security baseline configuration result is sent to be equipped with management platform electronic equipment, be equipped with management platform electricity
Sub- equipment receives the security baseline configuration result that cloud host to be configured is sent, and saves for the cloud host to be configured, just
Know in the security baseline configuration result of the user cloud host to be configured to this.In embodiments of the present invention, cloud host generates
The process of security baseline configuration result is the prior art, is no longer repeated.
Embodiment 4:
Fig. 3 is a kind of security baseline configuration process schematic diagram provided in an embodiment of the present invention, which includes:
S301: receiving and be equipped with the configuration information that the electronic equipment of management platform is sent, wherein the configuration information is peace
Electronic equipment equipped with management platform is generated according to the OS Type of cloud host, middleware type and baseline configuration element
's.
Security baseline configuration method provided in an embodiment of the present invention is applied to the cloud host in cloud platform, and the cloud host can
Think any one server constituted in server of cloud platform cluster.
In cloud platform, the operating system of cloud host is all mirror image template one by one, cloud service provider and cloud before being initiated
Tenant is if it is desired to allow the booting of cloud host to run certain agency's (agent) program or certain softwares, then only needing will be corresponding
Agent program and software package are added in the mirror image template of cloud host, then are packaged and are generated new mirror image template.In the present invention
In embodiment, in order to guarantee to be communicatively coupled between cloud host and the electronic equipment for being equipped with management platform, in cloud host
In operating system added with for the agent program that is communicated of electronic equipment that is equipped with management platform, cloud host can be with
It is communicated with the electronic equipment for being equipped with management platform using socket (socket) by the agent program.
Specifically, cloud host receive be equipped with the electronic equipment of management platform according to the OS Type of the cloud host,
The configuration information that middleware type and baseline configuration element generate.
S302: the configuration information for receiving the electronic equipment transmission for being equipped with management platform executes instruction, and executes the configuration
The configuration of information progress security baseline.
If the configuration information that cloud host receives the electronic equipment transmission for being equipped with management platform executes instruction, execution is matched
Confidence breath carries out safety according to operating system and/or middleware of the baseline configuration element for including in configuration information to cloud host
The configuration of baseline.In embodiments of the present invention, it is the prior art that cloud host, which executes configuration information and carries out the configuration of security baseline, no
It is repeated again.
Due in embodiments of the present invention, by being equipped with the electronic equipment of management platform according to the operating system class of cloud host
Type, middleware type and baseline configuration element generate configuration information, and the configuration information of generation is sent to cloud host, Xiang Yunzhu
Machine sends configuration information and executes instruction, and cloud host is made to execute the configuration that configuration information carries out security baseline, raw not on cloud host
At configuration information, cloud host does not have the permission for generating configuration information yet, avoids configuration information and is tampered in generating process,
It also avoids cloud host and goes beyond one's commission to generate configuration information, eliminate security risk, improve user experience.
Embodiment 5:
The configuration that security baseline is carried out for the ease of cloud host, on the basis of the above embodiments, in the embodiment of the present invention
In, the configuration information includes:
For carrying out the executable script of security baseline configuration;Or,
For carrying out the executable file of security baseline configuration.
Specifically, the electronic equipment for managing platform is installed when generating configuration information, it can be according to the operation of cloud host
System type, middleware type and baseline configuration element generate the executable script for carrying out security baseline configuration, Huo Zhesheng
At the executable file for carrying out security baseline configuration.
In addition, configuration information is tampered in transmission process in order to prevent, the reception is equipped with the electronics of management platform
After the configuration information that equipment is sent, the method also includes:
The second Hash values are generated according to the configuration information and preset algorithm;
Second hash value is sent to the electronic equipment for being equipped with management platform.
Specifically, locally all preserving identical preset calculation in the electronic equipment and cloud host for being equipped with management platform
Method, such as Message-Digest Algorithm 5 (Message-Digest Algorithm 5, MD5) etc..Cloud host is receiving configuration information
Afterwards, it tests for the ease of being equipped with the electronic equipment of management platform whether the configuration information that cloud host receives is tampered
Card, cloud host generates the second hash value according to the configuration information received and preset algorithm, and the second hash value is sent to
The electronic equipment of management platform is installed.
Embodiment 6:
Security baseline configuration result is known for the ease of being equipped with the electronic equipment of management platform, in above-mentioned each implementation
On the basis of example, in embodiments of the present invention, executes the configuration information and complete to postpone matching for security baseline, the method is also wrapped
It includes:
It examines whether the security baseline after the completion of configuration has configured as requested, generates security baseline configuration result, and
The security baseline configuration result is sent to the electronic equipment for being equipped with management platform, wherein the security baseline configuration result
In the information that whether has configured as requested of each baseline configuration element in the security baseline comprising cloud host configuration.
The method also includes:
Delete the configuration information.
Specifically, cloud host is completed to postpone matching for security baseline in execution configuration information, according to each in configuration information
Baseline configuration element, verifies whether each baseline configuration element in the security baseline of itself configuration has configured as requested, and
Whether configured as requested according to each baseline configuration element in the security baseline of itself configuration, has generated security baseline configuration
As a result, and the security baseline configuration result is sent to be equipped with management platform electronic equipment, be equipped with management platform electricity
Sub- equipment receives the security baseline configuration result of cloud host transmission and saves for the cloud host, convenient for user to the cloud host
Security baseline configuration result know.
In addition, in order to save memory space, and configuration information is prevented to be tampered in cloud host side, cloud host is by safe base
After line configuration result is sent to the electronic equipment for being equipped with management platform, configuration information is deleted.
Embodiment 7:
Fig. 4 is a kind of security baseline configuration device structural schematic diagram provided in an embodiment of the present invention, applied to being equipped with pipe
The electronic equipment of platform, the device include:
First receiving module 41, for receiving configuration-direct, wherein comprising baseline configuration element in the configuration-direct
Identification information;
Generation module 42, for according to the OS Type of cloud host to be configured, middleware type and the baseline
Configuration key element generates configuration information;
First sending module 43, for the configuration information to be sent to the cloud host;
Second sending module 44 executes instruction for sending configuration information to the cloud host, executes the cloud host
The configuration of configuration information progress security baseline.
Wherein, the configuration information includes:
For carrying out the executable script of security baseline configuration;Or,
For carrying out the executable file of security baseline configuration.
Described device further include:
Authentication module 45, for generating the first Hash values according to the configuration information and preset algorithm;Receive institute
The second hash value for stating the transmission of cloud host, judges whether first hash value and second hash value are identical, wherein described
Second hash value is that the cloud host is generated according to the configuration information and the preset algorithm that receive;If so, triggering
Second sending module.
Described device further include:
Alarm module 46, if for authentication module verification result being no, identification information of the generation comprising the cloud host
Warning information.
Described device further include:
Second receiving module 47, the security baseline configuration result sent for receiving the cloud host, wherein the safety
As requested whether each baseline configuration element in security baseline comprising cloud host configuration in baseline configuration result
The information of configuration.
Embodiment 8:
Fig. 5 is a kind of security baseline configuration device structural schematic diagram provided in an embodiment of the present invention, is applied to cloud host, should
Device includes:
Receiving module 51, for receiving the configuration information for being equipped with the electronic equipment of management platform and sending, wherein described match
Confidence breath is to be equipped with the electronic equipment of management platform according to OS Type, middleware type and the baseline of the cloud host
What configuration key element generated;
Order receiver module 52 is executed, for receiving the configuration information execution for being equipped with the electronic equipment of management platform and sending
Instruction executes the configuration that the configuration information carries out security baseline.
Wherein, the configuration information includes:
For carrying out the executable script of security baseline configuration;Or,
For carrying out the executable file of security baseline configuration.
Described device further include:
Sending module 53 is generated, for generating the second Hash values according to the configuration information and preset algorithm;It will
Second hash value is sent to the electronic equipment for being equipped with management platform.
Described device further include:
Sending module 54 is examined, for examining whether the security baseline after the completion of configuration has configured as requested, is generated
Security baseline configuration result, and the security baseline configuration result is sent to the electronic equipment for being equipped with management platform, wherein
In the security baseline configuration result comprising the cloud host configuration security baseline in each baseline configuration element whether
The information configured as requested.
Described device further include:
Removing module 55, for deleting the configuration information.
Embodiment 9:
As shown in fig. 6, additionally providing a kind of be equipped with based on the same inventive concept, in the embodiment of the present invention manages platform
Electronic equipment, since the principle that above-mentioned electronic equipment solves the problems, such as is similar to security baseline configuration method, above-mentioned electronics is set
Standby implementation may refer to the implementation of method, and overlaps will not be repeated.
As shown in fig. 6, it is the structural schematic diagram of electronic equipment provided in an embodiment of the present invention, wherein in Fig. 6, bus
Framework may include the bus and bridge of any number of interconnection, 61 He of one or more processors for specifically having processor 61 to represent
The various circuits for the memory 63 that memory 63 represents link together.Bus architecture can also will such as peripheral equipment, pressure stabilizing
Various other circuits of device and management circuit or the like link together, and these are all it is known in the art, therefore, this
Text is no longer described further it.Bus interface provides interface.Transceiver 62 can be multiple element, that is, include transmitter
And transceiver, the unit for communicating over a transmission medium with various other devices is provided.Processor 61 is responsible for the total coil holder of management
Structure and common processing, memory 63 can store the used data when executing operation of processor 61.
In electronic equipment provided in an embodiment of the present invention:
The processor 61 executes following process for reading the program in memory 63: configuration-direct is received, wherein
It include the identification information of baseline configuration element in the configuration-direct;According to the OS Type of cloud host to be configured, in
Between part type and the baseline configuration element, generate configuration information;The configuration information is sent to by transceiver 62 described
Cloud host;Configuration information is sent to the cloud host to execute instruction, and so that the cloud host is executed configuration information and is carried out security baseline
Configuration.
The processor 61 is also used to generate the first hash value according to the configuration information and preset algorithm;Pass through receipts
Hair machine 62 receives the second hash value that the cloud host is sent, judge first hash value and second hash value whether phase
Together, wherein second hash value is that the cloud host is generated according to the configuration information and the preset algorithm that receive;
It is executed instruction if so, sending configuration information to the cloud host.
The processor 61, if be also used to, first hash value is different from second hash value, and generating includes institute
State the warning information of the identification information of cloud host.
The processor 61 is also used to receive the security baseline configuration result that the cloud host is sent by transceiver 62,
Whether each baseline configuration element in the security baseline wherein configured in the security baseline configuration result comprising the cloud host
The information configured as requested.
Embodiment 10:
As shown in fig. 7, a kind of cloud host is additionally provided based on the same inventive concept, in the embodiment of the present invention, due to above-mentioned
The principle that cloud host solves the problems, such as is similar to security baseline configuration method, therefore the implementation of above-mentioned cloud host may refer to method
Implement, overlaps will not be repeated.
As shown in fig. 7, it is the structural schematic diagram of cloud host provided in an embodiment of the present invention, wherein in Fig. 7, total coil holder
Structure may include the bus and bridge of any number of interconnection, specifically has the one or more processors 71 of the representative of processor 71 and deposits
The various circuits for the memory 73 that reservoir 73 represents link together.Bus architecture can also will such as peripheral equipment, voltage-stablizer
It is linked together with various other circuits of management circuit or the like, these are all it is known in the art, therefore, herein
No longer it is described further.Bus interface provides interface.Transceiver 72 can be multiple element, that is, include transmitter and
Transceiver provides the unit for communicating over a transmission medium with various other devices.Processor 71 is responsible for management bus architecture
With common processing, memory 73 can store the used data when executing operation of processor 71.
In cloud host provided in an embodiment of the present invention:
The processor 71 executes following process: being received and pacified by transceiver 72 for reading the program in memory 73
Equipped with management platform electronic equipment send configuration information, wherein the configuration information be equipped with management platform electronics set
For what is generated according to the OS Type of the cloud host, middleware type and baseline configuration element;Reception is equipped with management
The configuration information that the electronic equipment of platform is sent executes instruction, and executes the configuration that the configuration information carries out security baseline.
The processor 71 is also used to generate the second Hash values according to the configuration information and preset algorithm;It is logical
It crosses transceiver 72 and second hash value is sent to the electronic equipment for being equipped with management platform.
The processor 71 is also used to examine whether the security baseline after the completion of configuration has configured as requested, generates
Security baseline configuration result, and the security baseline configuration result is sent to the electricity for being equipped with management platform by transceiver 72
Sub- equipment, wherein each baseline configuration is wanted in the security baseline configured in the security baseline configuration result comprising the cloud host
The information whether element has configured as requested.
The processor 71, is also used to delete the configuration information.
Embodiment 11:
On the basis of the various embodiments described above, the embodiment of the invention also provides a kind of electronic equipment, as shown in figure 8, packet
It includes: processor 81, communication interface 82, memory 83 and communication bus 84, wherein processor 81, communication interface 82, memory 83
Mutual communication is completed by communication bus 84;
It is stored with computer program in the memory 83, when described program is executed by the processor 81, so that institute
It states processor 81 and executes following steps:
Configuration-direct is received, wherein including the identification information of baseline configuration element in the configuration-direct;
Matched according to the OS Type of cloud host to be configured, middleware type and the baseline configuration element, generation
Confidence breath;
The configuration information is sent to the cloud host;
Configuration information is sent to the cloud host to execute instruction, and so that the cloud host is executed configuration information and is carried out security baseline
Configuration.
Embodiment 12:
On the basis of the various embodiments described above, the embodiment of the invention also provides a kind of electronic equipment, as shown in figure 9, packet
It includes: processor 91, communication interface 92, memory 93 and communication bus 94, wherein processor 91, communication interface 92, memory 93
Mutual communication is completed by communication bus 94;
It is stored with computer program in the memory 93, when described program is executed by the processor 91, so that institute
It states processor 91 and executes following steps:
It receives and the configuration information that the electronic equipment of management platform is sent is installed, wherein the configuration information is to be equipped with pipe
The electronic equipment of platform is generated according to the OS Type of the cloud host, middleware type and baseline configuration element;
Receive be equipped with management platform electronic equipment send configuration information execute instruction, execute the configuration information into
The configuration of row security baseline.
Embodiment 13:
On the basis of the various embodiments described above, the embodiment of the invention also provides a kind of computers to store readable storage medium
Matter is stored with the computer program that can be executed by electronic equipment in the computer readable storage medium, when described program is in institute
It states when being run on electronic equipment, so that the electronic equipment realizes following steps when executing:
Configuration-direct is received, wherein including the identification information of baseline configuration element in the configuration-direct;
Matched according to the OS Type of cloud host to be configured, middleware type and the baseline configuration element, generation
Confidence breath;
The configuration information is sent to the cloud host;
Configuration information is sent to the cloud host to execute instruction, and so that the cloud host is executed configuration information and is carried out security baseline
Configuration.
Embodiment 14:
On the basis of the various embodiments described above, the embodiment of the invention also provides a kind of computers to store readable storage medium
Matter is stored with the computer program that can be executed by electronic equipment in the computer readable storage medium, when described program is in institute
It states when being run on electronic equipment, so that the electronic equipment realizes following steps when executing:
It receives and the configuration information that the electronic equipment of management platform is sent is installed, wherein the configuration information is to be equipped with pipe
The electronic equipment of platform is generated according to the OS Type of the cloud host, middleware type and baseline configuration element;
Receive be equipped with management platform electronic equipment send configuration information execute instruction, execute the configuration information into
The configuration of row security baseline.
Embodiment 15:
Figure 10 is that a kind of security baseline provided in an embodiment of the present invention configures system structure diagram, which includes:
Containing security baseline configuration device as shown in Figure 4 be equipped with management platform electronic equipment 101 and at least one include as scheme
The cloud host 102 of security baseline configuration device shown in 5.
Preferably, cloud host 102 is equipped with for being communicated with the electronic equipment 101 for being equipped with management platform
Agent program.
The invention discloses a kind of security baseline configuration method, device, electronic equipment, cloud host, storage medium and system,
The described method includes: the electronic equipment for being equipped with management platform receives configuration-direct, wherein including baseline in the configuration-direct
The identification information of configuration key element;According to the OS Type of cloud host to be configured, middleware type and the baseline configuration
Element generates configuration information;The configuration information is sent to the cloud host;Configuration information is sent to the cloud host to execute
Instruction makes the cloud host execute the configuration that configuration information carries out security baseline.Due in embodiments of the present invention, by being equipped with
The electronic equipment for managing platform is raw according to the OS Type of cloud host to be configured, middleware type and baseline configuration element
At configuration information, and the configuration information of generation is sent to cloud host to be configured, is sent to cloud host to be configured and match confidence
Breath executes instruction, and so that cloud host to be configured is executed the configuration that configuration information carries out security baseline, does not generate and match on cloud host
Confidence breath, cloud host do not have the permission for generating configuration information yet, avoid configuration information and be tampered in generating process, keep away yet
Cloud host is exempted from and has gone beyond one's commission to generate configuration information, has reduced security risk, improve the safety of cloud host.
For systems/devices embodiment, since it is substantially similar to the method embodiment, so the comparison of description is simple
Single, the relevent part can refer to the partial explaination of embodiments of method.
It should be understood by those skilled in the art that, embodiments herein can provide as method, system or computer program
Product.Therefore, complete hardware embodiment, complete software embodiment or reality combining software and hardware aspects can be used in the application
Apply the form of example.Moreover, it wherein includes the computer of computer usable program code that the application, which can be used in one or more,
The computer program implemented in usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) produces
The form of product.
The application is referring to method, the process of equipment (system) and computer program product according to the embodiment of the present application
Figure and/or block diagram describe.It should be understood that every one stream in flowchart and/or the block diagram can be realized by computer program instructions
The combination of process and/or box in journey and/or box and flowchart and/or the block diagram.It can provide these computer programs
Instruct the processor of general purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce
A raw machine, so that being generated by the instruction that computer or the processor of other programmable data processing devices execute for real
The device for the function of being specified in present one or more flows of the flowchart and/or one or more blocks of the block diagram.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates,
Enable the manufacture of device, the command device realize in one box of one or more flows of the flowchart and/or block diagram or
The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that counting
Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer or
The instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram one
The step of function of being specified in a box or multiple boxes.
Although the preferred embodiment of the application has been described, it is created once a person skilled in the art knows basic
Property concept, then additional changes and modifications can be made to these embodiments.So it includes excellent that the following claims are intended to be interpreted as
It selects embodiment and falls into all change and modification of the application range.
Obviously, various changes and modifications can be made to the invention without departing from essence of the invention by those skilled in the art
Mind and range.In this way, if these modifications and changes of the present invention belongs to the range of the claims in the present invention and its equivalent technologies
Within, then the present invention is also intended to include these modifications and variations.
Claims (26)
1. a kind of security baseline configuration method, which is characterized in that applied to the electronic equipment for being equipped with management platform, the method
Include:
Configuration-direct is received, wherein including the identification information of baseline configuration element in the configuration-direct;
According to the OS Type of cloud host to be configured, middleware type and the baseline configuration element, generates and match confidence
Breath;
The configuration information is sent to the cloud host;
Configuration information is sent to the cloud host to execute instruction, and so that the cloud host is executed configuration information and is carried out matching for security baseline
It sets.
2. the method as described in claim 1, which is characterized in that the configuration information includes:
For carrying out the executable script of security baseline configuration;Or,
For carrying out the executable file of security baseline configuration.
3. the method as described in claim 1, which is characterized in that after the generation configuration information, Xiang Suoshu cloud host is sent
Before configuration information executes instruction, the method also includes:
According to the configuration information and preset algorithm, the first Hash values are generated;
Receive the second hash value that the cloud host is sent, judge first hash value and second hash value whether phase
Together, wherein second hash value is that the cloud host is generated according to the configuration information and the preset algorithm that receive;
If so, carrying out subsequent step.
4. method as claimed in claim 3, which is characterized in that if first hash value and second hash value are not
Together, the method also includes:
Generate the warning information of the identification information comprising the cloud host.
5. the method as described in claim 1, which is characterized in that the method also includes:
The security baseline configuration result that the cloud host is sent is received, wherein including the cloud in the security baseline configuration result
The information that whether each baseline configuration element has configured as requested in the security baseline of host configuration.
6. a kind of security baseline configuration method, which is characterized in that be applied to cloud host, which comprises
It receives and the configuration information that the electronic equipment of management platform is sent is installed, wherein the configuration information is flat to be equipped with management
The electronic equipment of platform is generated according to the OS Type of the cloud host, middleware type and baseline configuration element;
The configuration information for receiving the electronic equipment transmission for being equipped with management platform executes instruction, and executes the configuration information and is pacified
The configuration of full baseline.
7. method as claimed in claim 6, which is characterized in that the configuration information includes:
For carrying out the executable script of security baseline configuration;Or,
For carrying out the executable file of security baseline configuration.
8. method as claimed in claim 6, which is characterized in that the electronic equipment that the reception is equipped with management platform was sent
After configuration information, the method also includes:
The second Hash values are generated according to the configuration information and preset algorithm;
Second hash value is sent to the electronic equipment for being equipped with management platform.
9. method as claimed in claim 6, which is characterized in that it executes the configuration information and completes to postpone matching for security baseline,
The method also includes:
It examines whether the security baseline after the completion of configuration has configured as requested, generates security baseline configuration result, and by institute
It states security baseline configuration result and is sent to the electronic equipment for being equipped with management platform, wherein being wrapped in the security baseline configuration result
The information that whether each baseline configuration element has configured as requested in the security baseline of the configuration containing the cloud host.
10. method as claimed in claim 9, which is characterized in that the method also includes:
Delete the configuration information.
11. a kind of security baseline configuration device, which is characterized in that applied to the electronic equipment for being equipped with management platform, the dress
It sets and includes:
First receiving module, for receiving configuration-direct, wherein the mark in the configuration-direct comprising baseline configuration element is believed
Breath;
Generation module, for being wanted according to the OS Type of cloud host to be configured, middleware type and the baseline configuration
Element generates configuration information;
First sending module, for the configuration information to be sent to the cloud host;
Second sending module executes instruction for sending configuration information to the cloud host, executes the cloud host with confidence
Breath carries out the configuration of security baseline.
12. a kind of security baseline configuration device, which is characterized in that be applied to cloud host, described device includes:
Receiving module, for receiving the configuration information for being equipped with the electronic equipment of management platform and sending, wherein the configuration information
It is wanted to be equipped with the electronic equipment of management platform according to OS Type, middleware type and the baseline configuration of the cloud host
What element generated;
Order receiver module is executed, the configuration information for receiving the electronic equipment transmission for being equipped with management platform executes instruction,
Execute the configuration that the configuration information carries out security baseline.
13. a kind of electronic equipment for being equipped with management platform characterized by comprising memory, processor and transceiver;
The processor executes following process: configuration-direct is received, wherein the configuration for reading the program in memory
It include the identification information of baseline configuration element in instruction;According to the OS Type of cloud host to be configured, middleware type
And the baseline configuration element, generate configuration information;The configuration information is sent to the cloud host by transceiver;To institute
It states cloud host transmission configuration information to execute instruction, the cloud host is made to execute the configuration that configuration information carries out security baseline.
14. electronic equipment as claimed in claim 13, which is characterized in that the processor is also used to according to described with confidence
Breath and preset algorithm generate the first hash value;The second hash value sent by cloud host described in transceiver, judges institute
It states the first hash value and whether second hash value is identical, wherein second hash value is the cloud host according to receiving
Configuration information and the preset algorithm generate;It is executed instruction if so, sending configuration information to the cloud host.
15. electronic equipment as claimed in claim 14, which is characterized in that the processor, if being also used to described first
Hash value is different from second hash value, generates the warning information of the identification information comprising the cloud host.
16. electronic equipment as claimed in claim 13, which is characterized in that the processor is also used to pass through transceiver
The security baseline configuration result that the cloud host is sent, wherein being configured in the security baseline configuration result comprising the cloud host
Security baseline in the information that whether has configured as requested of each baseline configuration element.
17. a kind of cloud host characterized by comprising memory, processor and transceiver;
The processor, for reading the program in memory, execute following process: it is flat to be equipped with management by transceiver
The configuration information that the electronic equipment of platform is sent, wherein the configuration information is to be equipped with the electronic equipment of management platform according to
What OS Type, middleware type and the baseline configuration element of cloud host generated;Receive the electronics for being equipped with management platform
The configuration information that equipment is sent executes instruction, and executes the configuration that the configuration information carries out security baseline.
18. cloud host as claimed in claim 17, which is characterized in that the processor is also used to according to the configuration information
And preset algorithm generates the second Hash values;Second hash value is sent to by transceiver, management platform is installed
Electronic equipment.
19. cloud host as claimed in claim 17, which is characterized in that the processor, after the completion of being also used to examine configuration
Whether security baseline has configured as requested, generates security baseline configuration result, and passes through transceiver for the security baseline
Configuration result is sent to the electronic equipment for being equipped with management platform, wherein including the cloud master in the security baseline configuration result
The information that whether each baseline configuration element has configured as requested in the security baseline of machine configuration.
20. cloud host as claimed in claim 19, which is characterized in that the processor is also used to delete the configuration information.
21. a kind of electronic equipment characterized by comprising processor, communication interface, memory and communication bus, wherein place
Reason device, communication interface, memory complete mutual communication by communication bus;
It is stored with computer program in the memory, when described program is executed by the processor, so that the processor
Perform claim requires the step of any one of 1-5 the method.
22. a kind of electronic equipment characterized by comprising processor, communication interface, memory and communication bus, wherein place
Reason device, communication interface, memory complete mutual communication by communication bus;
It is stored with computer program in the memory, when described program is executed by the processor, so that the processor
Perform claim requires the step of any one of 6-10 the method.
23. a kind of computer readable storage medium, which is characterized in that it is stored with the computer journey that can be executed by electronic equipment
Sequence, when described program is run on the electronic equipment, so that the electronic equipment perform claim requires described in any one of 1-5
The step of method.
24. a kind of computer readable storage medium, which is characterized in that it is stored with the computer journey that can be executed by electronic equipment
Sequence, when described program is run on the electronic equipment, so that the electronic equipment perform claim requires any one of 6-10 institute
The step of stating method.
25. a kind of security baseline configures system, which is characterized in that the system comprises: include safety as claimed in claim 11
The electronic equipment for being equipped with management platform of baseline configuration device and at least one include safe base as claimed in claim 12
The cloud host of line configuration device.
26. system as claimed in claim 25, which is characterized in that the cloud host be equipped with for management platform is installed
Electronic equipment communicated act on behalf of agent program.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711286982.5A CN109905347A (en) | 2017-12-07 | 2017-12-07 | Security baseline configuration method, device, equipment, cloud host, medium and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711286982.5A CN109905347A (en) | 2017-12-07 | 2017-12-07 | Security baseline configuration method, device, equipment, cloud host, medium and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109905347A true CN109905347A (en) | 2019-06-18 |
Family
ID=66939477
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711286982.5A Pending CN109905347A (en) | 2017-12-07 | 2017-12-07 | Security baseline configuration method, device, equipment, cloud host, medium and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109905347A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110995462A (en) * | 2019-10-31 | 2020-04-10 | 北京浪潮数据技术有限公司 | Cloud host function expansion method, system, equipment and computer storage medium |
| CN113688015A (en) * | 2021-08-25 | 2021-11-23 | 深圳华远云联数据科技有限公司 | Alarm notification method, device, server and storage medium |
Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020184533A1 (en) * | 2001-05-30 | 2002-12-05 | Fox Paul D. | System and method for providing network security policy enforcement |
| CN101594226A (en) * | 2009-06-17 | 2009-12-02 | 中兴通讯股份有限公司 | The data guard method and the system that are used for file transfer |
| US20100070319A1 (en) * | 2008-09-12 | 2010-03-18 | Hemma Prafullchandra | Adaptive configuration management system |
| CN103414585A (en) * | 2013-08-01 | 2013-11-27 | 华南师范大学 | Method and device for building safety baselines of service system |
| CN103518359A (en) * | 2013-02-08 | 2014-01-15 | 华为技术有限公司 | Method, device and network for achieving attack resistance of cloud computing |
| CN103746988A (en) * | 2013-12-31 | 2014-04-23 | 曙光云计算技术有限公司 | Security management method and system of cloud host machine |
| CN104657250A (en) * | 2014-12-16 | 2015-05-27 | 无锡华云数据技术服务有限公司 | Monitoring method for monitoring performance of cloud host |
| CN105159744A (en) * | 2015-08-07 | 2015-12-16 | 浪潮电子信息产业股份有限公司 | Virtual machine measurement method and apparatus |
| CN105302571A (en) * | 2015-11-20 | 2016-02-03 | 浪潮电子信息产业股份有限公司 | IIS security baseline configuration mode |
| CN105897489A (en) * | 2016-06-21 | 2016-08-24 | 浪潮(北京)电子信息产业有限公司 | Automatic compliance configuration method and device for cloud data centre server |
| CN105955728A (en) * | 2016-04-26 | 2016-09-21 | 浪潮电子信息产业股份有限公司 | Safe baseline inspection repair way based on user custom script |
| US9516063B2 (en) * | 2015-03-10 | 2016-12-06 | Raytheon Company | System, method, and computer-readable medium for performing automated security validation on a virtual machine |
| CN107026730A (en) * | 2017-04-01 | 2017-08-08 | 北京深思数盾科技股份有限公司 | Data processing method, apparatus and system |
-
2017
- 2017-12-07 CN CN201711286982.5A patent/CN109905347A/en active Pending
Patent Citations (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020184533A1 (en) * | 2001-05-30 | 2002-12-05 | Fox Paul D. | System and method for providing network security policy enforcement |
| US20100070319A1 (en) * | 2008-09-12 | 2010-03-18 | Hemma Prafullchandra | Adaptive configuration management system |
| CN101594226A (en) * | 2009-06-17 | 2009-12-02 | 中兴通讯股份有限公司 | The data guard method and the system that are used for file transfer |
| CN103518359A (en) * | 2013-02-08 | 2014-01-15 | 华为技术有限公司 | Method, device and network for achieving attack resistance of cloud computing |
| CN103414585A (en) * | 2013-08-01 | 2013-11-27 | 华南师范大学 | Method and device for building safety baselines of service system |
| CN103746988A (en) * | 2013-12-31 | 2014-04-23 | 曙光云计算技术有限公司 | Security management method and system of cloud host machine |
| CN104657250A (en) * | 2014-12-16 | 2015-05-27 | 无锡华云数据技术服务有限公司 | Monitoring method for monitoring performance of cloud host |
| US9516063B2 (en) * | 2015-03-10 | 2016-12-06 | Raytheon Company | System, method, and computer-readable medium for performing automated security validation on a virtual machine |
| CN105159744A (en) * | 2015-08-07 | 2015-12-16 | 浪潮电子信息产业股份有限公司 | Virtual machine measurement method and apparatus |
| CN105302571A (en) * | 2015-11-20 | 2016-02-03 | 浪潮电子信息产业股份有限公司 | IIS security baseline configuration mode |
| CN105955728A (en) * | 2016-04-26 | 2016-09-21 | 浪潮电子信息产业股份有限公司 | Safe baseline inspection repair way based on user custom script |
| CN105897489A (en) * | 2016-06-21 | 2016-08-24 | 浪潮(北京)电子信息产业有限公司 | Automatic compliance configuration method and device for cloud data centre server |
| CN107026730A (en) * | 2017-04-01 | 2017-08-08 | 北京深思数盾科技股份有限公司 | Data processing method, apparatus and system |
Non-Patent Citations (3)
| Title |
|---|
| 张倩等: "基于私有云平台的云主机资源监控方案", 《计算机系统应用》 * |
| 赖建华,林宁思: "IaaS 环境下云主机安全配置基线设计", 《情报探索》 * |
| 陈松: "基于Android平台的家居远程语音控制系统研究", 《赤峰学院学报(自然科学版)》 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110995462A (en) * | 2019-10-31 | 2020-04-10 | 北京浪潮数据技术有限公司 | Cloud host function expansion method, system, equipment and computer storage medium |
| CN113688015A (en) * | 2021-08-25 | 2021-11-23 | 深圳华远云联数据科技有限公司 | Alarm notification method, device, server and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107408064B (en) | Method for executing commands in virtual machine instances and system for implementing the method | |
| CN105556478B (en) | System and method for protecting virtual-machine data | |
| US10333784B2 (en) | Cloud system order and configuration using customized templates | |
| US10013491B2 (en) | Methods and systems of workload mobility across divergent platforms | |
| US20130263120A1 (en) | Virtual machine placement framework | |
| US20120173871A1 (en) | System for securing virtual machine disks on a remote shared storage subsystem | |
| US20130097651A1 (en) | Capturing data parameters in templates in a networked computing environment | |
| US8595839B2 (en) | Selecting one of a plurality of scanner nodes to perform scan operations for an interface node receiving a file request | |
| US10402216B1 (en) | Live support integration in a virtual machine based development environment | |
| US9710292B2 (en) | Allowing management of a virtual machine by multiple cloud providers | |
| US9052963B2 (en) | Cloud computing data center machine monitor and control | |
| JP2018523192A (en) | Executing commands on virtual machine instances in distributed computing environments | |
| US20160042030A1 (en) | Performing actions on objects as a result of applying tags to the objects | |
| US10984108B2 (en) | Trusted computing attestation of system validation state | |
| US10027692B2 (en) | Modifying evasive code using correlation analysis | |
| CN109766319A (en) | Compression duty processing method, device, storage medium and electronic equipment | |
| CN109905347A (en) | Security baseline configuration method, device, equipment, cloud host, medium and system | |
| CN112463294A (en) | Physical GPU virtualization management method, system, equipment and product | |
| US9813305B2 (en) | Enabling a tag to show status | |
| CN113544679A (en) | Incremental decryption and integrity verification of secure operating system images | |
| US20190156028A1 (en) | Detection of malicious code fragments via data-flow isolation | |
| CN117034257A (en) | Information acquisition method, device, equipment and medium under virtualization management | |
| CN113609156B (en) | Data query and write method and device, electronic equipment and readable storage medium | |
| US20230044731A1 (en) | Attestation of a secure guest | |
| US10893041B2 (en) | Single use passcode authentication |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |