CN110968476B - Method and device for automatically monitoring login information of Linux system - Google Patents
Method and device for automatically monitoring login information of Linux system Download PDFInfo
- Publication number
- CN110968476B CN110968476B CN201911116596.0A CN201911116596A CN110968476B CN 110968476 B CN110968476 B CN 110968476B CN 201911116596 A CN201911116596 A CN 201911116596A CN 110968476 B CN110968476 B CN 110968476B
- Authority
- CN
- China
- Prior art keywords
- tested
- server
- servers
- value
- login information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 43
- 238000012544 monitoring process Methods 0.000 title claims abstract description 24
- 238000004806 packaging method and process Methods 0.000 claims abstract description 19
- 238000012360 testing method Methods 0.000 claims description 5
- 238000012545 processing Methods 0.000 claims description 4
- 230000008676 import Effects 0.000 claims 1
- 238000007689 inspection Methods 0.000 abstract description 20
- 238000001914 filtration Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 230000003252 repetitive effect Effects 0.000 description 3
- 230000008569 process Effects 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 101000643431 Homo sapiens Protein phosphatase Slingshot homolog 2 Proteins 0.000 description 1
- 244000000188 Vaccinium ovalifolium Species 0.000 description 1
- 239000008186 active pharmaceutical agent Substances 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000012216 screening Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/3051—Monitoring arrangements for monitoring the configuration of the computing system or of the computing system component, e.g. monitoring the presence of processing resources, peripherals, I/O links, software programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/3089—Monitoring arrangements determined by the means or processing involved in sensing the monitored data, e.g. interfaces, connectors, sensors, probes, agents
- G06F11/3093—Configuration details thereof, e.g. installation, enabling, spatial arrangement of the probes
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Quality & Reliability (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Debugging And Monitoring (AREA)
Abstract
The invention provides a method for automatically monitoring login information of a Linux system in order to solve the problems in the prior art, which comprises the following steps: packaging the fail _ logic _ linux.sh program into a script; the script loads configuration information of a plurality of servers to be tested through the configuration file and circularly traverses all the servers to be tested through the thread pool; the invention also provides a device for automatically monitoring the login information of the Linux system, which effectively solves the problems of low efficiency and untimely inspection caused by manual retrieval of a system security manager, effectively improves the security of the Linux system, improves the inspection efficiency and ensures the security of the Linux server.
Description
Technical Field
The invention relates to the field of security of a Linux system, in particular to a method and a device for automatically monitoring login information of the Linux system.
Background
With the development of internet technology, more and more users exist in the Linux system, the security of the Linux system becomes more and more important to the security of the Linux system, and the security requirement on the Linux system is higher.
Currently, when a system security administrator checks whether a Linux system user is secure, the Linux system security administrator can check log failure and users who are successful in login but are suspicious. Authentication failure occurs when there is an illegal or invalid credential to log in, and is recorded by PAM (into which an authentication module can be inserted) in the Linux system.
However, a system security administrator needs to manually search during inspection, and because the number of maintenance servers is large, the inspection is not timely enough, and suspicious information cannot be received at the first time, so that the security of the system is reduced, and the security of the Linux system is not improved.
Disclosure of Invention
The invention aims to solve the problems in the prior art, and innovatively provides a method and a device for automatically monitoring the login information of a Linux system, so that the problems of low efficiency and untimely check caused by manual retrieval of a system security manager are effectively solved, the security of the Linux system is effectively improved, and the check efficiency is improved.
The first aspect of the present invention provides a method for automatically monitoring login information of a Linux system, comprising:
packaging the fail _ logic _ linux.sh program into a script;
the script loads configuration information of a plurality of servers to be tested through the configuration file and circularly traverses all the servers to be tested through the thread pool;
the script establishes a session with the server to be tested through the created Jsch connection object and the configuration information of the server to be tested, acquires a log path of the server to be tested, scans the log of the server to be tested, and acquires suspicious login information.
With reference to the first aspect, in a first possible implementation manner of the first aspect, before the packaging the fail _ logic _ linux.sh program into the script, the method further includes introducing a plurality of plug-ins, where each plug-in includes: com.
With reference to the first aspect, in a second possible implementation manner of the first aspect, the method further includes:
and counting the suspicious login information, and pushing the suspicious login information to the browser in real time through a dwr command.
With reference to the first aspect, in a third possible implementation manner of the first aspect, the loading, by the script, configuration information of a plurality of servers to be tested through the configuration file, and circularly traversing all the servers to be tested through the thread pool specifically includes:
the script loads configuration information of a plurality of servers to be tested through the configuration file, whether the number of the servers to be tested is not greater than a first numerical value or not is judged, if not, threads corresponding to the number of the servers to be tested are established in the thread pool, and each thread correspondingly executes tasks of the servers to be tested;
if the number of the servers to be tested is larger than a first value but smaller than a second value, creating threads corresponding to the first value by the thread pool, wherein each thread in the threads of the first value correspondingly executes a task of the server to be tested, and adding a task of a difference value between the second value and the first value into a cache queue to wait for an idle thread to execute;
and if the number of the servers to be tested is greater than or equal to the second value, adopting a task rejection strategy for processing.
And further, adding the task of the difference value between the second numerical value and the first numerical value into a cache queue to wait for an idle thread to execute, if the adding fails, creating a thread of the difference value between the second numerical value and the first numerical value by a thread pool, and executing the task of the server to be tested of the difference value between the second numerical value and the first numerical value correspondingly by the thread of the difference value between the second numerical value and the first numerical value.
With reference to the first aspect, in a fourth possible implementation manner of the first aspect, the creating, by the script, a connection session with the server to be tested through the created Jsch connection object and the server configuration information to be tested, acquiring a log path of the server to be tested, scanning the log of the server to be tested, and acquiring the suspicious login information specifically includes:
the method comprises the steps that a Jsch connection object is created through a script, and a connection session with a server to be tested is established through the Jsch connection object and configuration information of the server to be tested;
the method comprises the steps of obtaining a log path of a server to be tested, opening an execution pipeline, scanning the log of the server to be tested according to keyword information corresponding to suspicious login information, storing the scanned log information in a database, wherein the scanned log information comprises the suspicious login information, and closing an execution channel.
With reference to the first aspect, in a fifth possible implementation manner of the first aspect, the pushing suspicious login information to the browser in real time through the dwr command specifically includes: if the number of the current browsers is one, pushing the current browsers to the uppermost page of the browser in real time; and if the number of the current browsers is multiple, pushing each browser in real time.
The second aspect of the present invention provides an apparatus for automatically monitoring login information of a Linux system, comprising:
the packaging module is used for packaging the fail _ logic _ linux.sh program into a script;
the loading module loads configuration information of a plurality of servers to be tested through the configuration files by the script and circularly traverses all the servers to be tested through the thread pool;
and the establishing module is used for establishing a connection session with the server to be tested through the created Jsch connection object and the configuration information of the server to be tested by the script, acquiring a log path of the server to be tested, scanning the log of the server to be tested and acquiring suspicious login information.
With reference to the second aspect, in a first possible implementation manner of the second aspect, the method further includes an introducing module that introduces a plurality of plug-ins, where each plug-in includes: com.
With reference to the second aspect, in a second possible implementation manner of the second aspect, the method further includes:
and the statistics pushing module is used for counting the suspicious login information and pushing the suspicious login information to the browser in real time through a dwr command.
The technical scheme adopted by the invention comprises the following technical effects:
1. the method effectively solves the problems of low efficiency and untimely inspection caused by manual retrieval of a system security administrator, effectively improves the security of the Linux system, improves the inspection efficiency and ensures the security of the Linux server.
2. The invention uniformly manages and distributes the tasks of scanning a plurality of servers to be tested through the thread pool, and the tasks are performed simultaneously, thereby improving the efficiency of executing the scanning tasks and saving the time.
3. According to the invention, by counting and pushing the suspicious login information, a system security administrator can conveniently and effectively check the suspicious login information in time, and repetitive work is avoided.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the invention, as claimed.
Drawings
In order to more clearly illustrate the embodiments or technical solutions in the prior art of the present invention, the drawings used in the embodiments or technical solutions in the prior art are briefly described below, and it is obvious for those skilled in the art to obtain other drawings without creative efforts.
FIG. 1 is a schematic flow chart of a first embodiment of the present invention;
FIG. 2 is a schematic flow chart of step S2 in the first embodiment of the present invention;
FIG. 3 is a schematic diagram of the method of step S3 in the first embodiment of the present invention;
FIG. 4 is a schematic flow chart of example two of the present invention;
FIG. 5 is a schematic flow chart of example three of the present invention;
FIG. 6 is a schematic flow chart of a fourth embodiment of the present invention;
FIG. 7 is a schematic structural diagram of example V in an embodiment of the present invention;
FIG. 8 is a schematic structural diagram of a sixth embodiment of the present invention;
FIG. 9 is a schematic flow chart of example seven of the present invention;
fig. 10 is a schematic flow chart of an embodiment eight of the present invention.
Detailed Description
In order to clearly explain the technical features of the present invention, the following detailed description of the present invention is provided with reference to the accompanying drawings. The following disclosure provides many different embodiments, or examples, for implementing different features of the invention. To simplify the disclosure of the present invention, the components and arrangements of specific examples are described below. Moreover, the present disclosure may repeat reference numerals and/or letters in the various examples. This repetition is for the purpose of simplicity and clarity and does not in itself dictate a relationship between the various embodiments and/or configurations discussed. It should be noted that the components illustrated in the figures are not necessarily drawn to scale. Descriptions of well-known components and processing techniques and procedures are omitted so as to not unnecessarily limit the invention.
Example one
As shown in fig. 1, the present invention provides a method for automatically monitoring login information of a Linux system, including:
s1, packaging a fail _ logic _ linux.sh program into a script;
s2, loading configuration information of a plurality of servers to be tested through a configuration file by a script, and circularly traversing all the servers to be tested through a thread pool;
and S3, establishing a connection session with the server to be tested by the script through the created Jsch connection object and the configuration information of the server to be tested, acquiring a log path of the server to be tested, scanning the log of the server to be tested, and acquiring suspicious login information.
In step S1, the script is preset with keyword information corresponding to the suspicious login information, where the keyword information may include Failed password, user unknown, or other keyword information, and the keyword information may only correspond to the suspicious login information, for example, the login information may be obtained through the following command: listing the information of all the users which log in recently through a lastlog command; listing the information of the users who are logged in the system currently and once through a last command; listing login information for the failed attempt by a lastb command; the keyword information corresponding to the suspicious login information can be screened out by acquiring the login information.
As shown in fig. 2, step 2 specifically includes:
s21, loading configuration information of a plurality of servers to be tested through the configuration file by the script, judging whether the number of the servers to be tested is not more than a first numerical value, if so, executing a step S22, and if not, executing a step S23;
s22, creating threads corresponding to the number of the servers to be tested in the thread pool, wherein each thread correspondingly executes the tasks of the servers to be tested;
s23, judging whether the number of the servers to be tested is larger than the first numerical value but smaller than the second numerical value, if so, executing a step S24, and if not (namely, the number of the servers to be tested is larger than or equal to the second numerical value), executing a step S25;
s24, creating threads corresponding to the first numerical value by the thread pool, wherein each thread in the threads of the first numerical value correspondingly executes a task of the server to be tested, and adding a task of a difference value between the second numerical value and the first numerical value into a cache queue to wait for an idle thread to execute;
and S25, adopting a task rejection strategy to process.
In step S21, the server configuration information may include: IP, username, password.
In steps S22-S25, the thread pool creates a thread to execute the machineTask, in the addtask method, the submitted task creates a Worker object, calls the thread factory to create a new thread tread, assigns the reference of the thread tread to the member variable thread of the Worker object, and then adds the Worker object to the working set through the Worker. The task machineTask is executed through a run method, and after the task machineTask is executed by calling runTask (), new tasks are continuously taken from a task cache queue in a while loop to execute.
The first value may be the number of servers that are frequently used in the project and the second value may be the number of servers that are all in the project. Further, in step S24, if the adding fails, the thread pool creates a thread of a difference between the second value and the first value, and the thread of the difference between the second value and the first value correspondingly executes a task of the server to be tested of the difference between the second value and the first value.
Because the number of servers is variable and the scanning servers cannot be managed in a process mode, time and efficiency are greatly wasted. Therefore, in the technical scheme of the invention, the scanning servers are uniformly distributed by the thread pool and are carried out concurrently, so that the efficiency of executing the scanning task is improved, the time is saved, and the task is reasonably distributed.
As shown in fig. 3, step S3 specifically includes:
s31, a Jsch connection object is created by a script, and a connection session with a server to be tested is established through the Jsch connection object and the configuration information of the server to be tested;
s32, acquiring a log path of the server to be tested, opening an execution pipeline, scanning the log of the server to be tested according to the keyword information corresponding to the suspicious login information, storing the scanned log information in a database, wherein the scanned log information comprises the suspicious login information, and closing an execution channel.
In step S31, JSch is an abbreviation of Java Secure Channel, is a pure Java language implementation of SSH2, allows you to connect to an SSH server, and can use port forwarding, file transfer, etc., and can connect directly to a remote host without public key confirmation when SSH connection is set.
In step S32, by commanding the catsyslglepath | grep-wsysStr, keyword information corresponding to suspicious login information under the syslglepath log path can be acquired.
By the method for automatically monitoring the login information of the Linux system, the problems of low efficiency and untimely check caused by manual retrieval of a system security administrator are effectively solved, the security of the Linux system is effectively improved, the check efficiency is improved, and the security of a Linux server is ensured.
Example two
As shown in fig. 4, the present invention further provides a method for automatically monitoring the login information of the Linux system, including:
s1, introducing a plurality of plug-ins, wherein the plug-ins comprise: com.jcraft.jsch, com.jcraft.jsch.jschexception;
s2, packaging the fail _ logic _ linux.sh program into a script;
s3, loading configuration information of a plurality of servers to be tested through the configuration file by the script, and circularly traversing all the servers to be tested through the thread pool;
and S4, establishing a connection session with the server to be tested through the created Jsch connection object and the configuration information of the server to be tested by the script, acquiring a log path of the server to be tested, scanning the log of the server to be tested, and acquiring suspicious login information.
In the step S1, a plurality of plug-ins are introduced to facilitate implementation of the later scheme, wherein the java has a huge ecological environment, and a rich third-party library is provided for us to use, so as to improve the program development efficiency, and the introduced plug-ins can be specifically as follows:
(1) com. Jcraft. Jsch: JSch is an abbreviation for javasecuncechannel. JSch is a pure Java implementation of SSH 2. It allows you to connect to an SSH server and can use port forwarding, file transfer, etc., although you can also integrate its functionality into your own application;
(2) com.jcraft.jsch.jschexception: exception thrown when no Linux server is connected;
(3) com. Jcraft. Jsch. Channel: is a tool (pipeline) for realizing the java implementation of the security pipeline access of the organization;
(4) com. Craft. Jsch. Channelexec: is an anomaly that occurs when a pipeline is established;
(5) com. Jcraft. Jsch. Channelsftp: uploading and downloading files and the like through a SFTP protocol of ChannelSftp, wherein the SFTP core class is realized by JSch and comprises all methods of SFTP;
(6) com.jcraft.jsch.session: establishing a packet of session with a Linux server;
(7) java. Util. Properties: acquiring a properties configuration file of a test machine;
(8) java.util.regex.mather, java.util.regex.pattern: matching the character string by the regular expression;
(9) org.directwbrenting.browser: APIs comprising a series of operations of reverse Ajax, wherein all sessions are operated, the session meeting the filtering condition is operated, the session of a specified page is operated, and the like;
(10) Direct webbrenting. Script buffer: a buffer area;
(11) Direct webbrenting. Script session: similar to httpssection, is a scope of script, typically referenced in reverse Ajax;
(12) Direct webbrenting. Script session filter: a script filter;
(13) org, directwbrenting, webcontextfactory: a factory that can obtain the current WebContext.
The method for automatically monitoring the login information of the Linux system effectively solves the problems of low efficiency and untimely inspection caused by manual retrieval of a system security administrator, effectively improves the security of the Linux system, improves the inspection efficiency and ensures the security of a Linux server.
EXAMPLE III
As shown in fig. 5, the present invention further provides a method for automatically monitoring login information of a Linux system, including:
s1, packaging a fail _ logic _ linux.sh program into a script;
s2, loading configuration information of a plurality of servers to be tested through a configuration file by a script, and circularly traversing all the servers to be tested through a thread pool;
s3, establishing a connection session with the server to be tested by the script through the created Jsch connection object and the configuration information of the server to be tested, acquiring a log path of the server to be tested, scanning the log of the server to be tested, and acquiring suspicious login information;
and S4, counting the suspicious login information, and pushing the suspicious login information to the browser in real time through a dwr command.
In step S4, the pushing suspicious login information to the browser in real time through the dwr command specifically includes: if the number of the current browsers is one, pushing the current browsers to the uppermost page of the browser in real time; and if the number of the current browsers is multiple, pushing each browser in real time. The suspicious login information is pushed to senders meeting the conditions in real time during information sending, for example, relevant system security administrators or persons with relevant authorities, filtering and screening are not needed, and because the identity authentication is already carried out when a user accesses the information for the first time, the user identity information meeting the role filtering conditions is stored in the Session, filtering is not needed. The method comprises the steps of utilizing the ReverseAjax function of a page to display the page, setting when the page is closed, informing a server to destroy a session script session, and establishing a script session at the server when the page is pushed. If the foreground page is destroyed, and the background servlet is not informed in time (the servlet is a Server end program written by Java), the background servlet always presents a wait state and waits for the response of the foreground until the timeout time is reached, thereby influencing the effective execution of other sessions.
The method effectively solves the problems of low efficiency and untimely inspection caused by manual retrieval of a system security administrator, effectively improves the security of the Linux system, improves the inspection efficiency and ensures the security of the Linux server.
The invention uniformly manages and distributes the tasks of scanning a plurality of servers to be tested through the thread pool, and the tasks are performed simultaneously, thereby improving the efficiency of executing the scanning tasks and saving the time.
By counting and pushing the suspicious login information, the invention is convenient for a system security manager to effectively check the suspicious login information in time and avoid repeated work.
Example four
As shown in fig. 6, the present invention further provides a method for automatically monitoring the login information of the Linux system, including:
s1, introducing a plurality of plug-ins, wherein the plug-ins comprise: com.jcraft.jsch, com.jcraft.jsch.jschexception;
s2, packaging the fail _ logic _ linux.sh program into a script;
s3, loading configuration information of a plurality of servers to be tested through the configuration file by the script, and circularly traversing all the servers to be tested through the thread pool;
s4, establishing a connection session with the server to be tested by the script through the created Jsch connection object and the configuration information of the server to be tested, acquiring a log path of the server to be tested, scanning the log of the server to be tested, and acquiring suspicious login information;
and S5, counting the suspicious login information, and pushing the suspicious login information to the browser in real time through a dwr command.
The method effectively solves the problems of low efficiency and untimely inspection caused by manual retrieval of a system security administrator, effectively improves the security of the Linux system, improves the inspection efficiency and ensures the security of the Linux server.
The invention uniformly manages and distributes the tasks of scanning a plurality of servers to be tested through the thread pool, and the tasks are performed simultaneously, thereby improving the efficiency of executing the scanning tasks and saving the time.
According to the invention, by counting and pushing the suspicious login information, a system security administrator can conveniently and effectively check the suspicious login information in time, and repetitive work is avoided.
EXAMPLE five
As shown in fig. 7, an embodiment of the present invention provides an apparatus for automatically monitoring login information of a Linux system, including:
the packaging module 101 packages the fail _ logic _ linux.sh program into a script;
the loading module 102 loads configuration information of a plurality of servers to be tested through the configuration file by the script and circularly traverses all the servers to be tested through the thread pool;
the establishing module 103 establishes a connection session with the server to be tested through the created Jsch connection object and the configuration information of the server to be tested by the script, obtains a log path of the server to be tested, scans the log of the server to be tested, and obtains suspicious login information.
The method effectively solves the problems of low efficiency and untimely inspection caused by manual retrieval of a system security administrator, effectively improves the security of the Linux system, improves the inspection efficiency and ensures the security of the Linux server.
The invention uniformly manages and distributes the tasks of scanning a plurality of servers to be tested through the thread pool, and the tasks are performed simultaneously, thereby improving the efficiency of executing the scanning tasks and saving the time.
EXAMPLE six
As shown in fig. 8, an embodiment of the present invention provides an apparatus for automatically monitoring login information of a Linux system, including:
the lead-in module 101 introduces a number of plug-ins, including: com.
The packaging module 102 is used for packaging the fail _ logic _ linux.sh program into a script;
the loading module 103 loads configuration information of a plurality of servers to be tested through the configuration file by the script and circularly traverses all the servers to be tested through the thread pool;
the establishing module 104 establishes a connection session with the server to be tested through the created Jsch connection object and the configuration information of the server to be tested by the script, obtains a log path of the server to be tested, scans the log of the server to be tested, and obtains suspicious login information.
The method effectively solves the problems of low efficiency and untimely inspection caused by manual retrieval of a system security administrator, effectively improves the security of the Linux system, improves the inspection efficiency and ensures the security of the Linux server.
The invention uniformly manages and distributes the tasks of scanning a plurality of servers to be tested through the thread pool, and the tasks are performed simultaneously, thereby improving the efficiency of executing the scanning tasks and saving the time.
EXAMPLE seven
As shown in fig. 9, an embodiment of the present invention provides an apparatus for automatically monitoring login information of a Linux system, including:
the packaging module 101 packages the fail _ logic _ linux.sh program into a script;
the loading module 102 loads configuration information of a plurality of servers to be tested through the configuration file by the script and circularly traverses all the servers to be tested through the thread pool;
the establishing module 103 is used for establishing a connection session with the server to be tested through the created Jsch connection object and the configuration information of the server to be tested by the script, acquiring a log path of the server to be tested, scanning the log of the server to be tested, and acquiring suspicious login information;
and the statistics pushing module 104 is used for performing statistics on the suspicious login information and pushing the suspicious login information to the browser in real time through a dwr command.
The method effectively solves the problems of low efficiency and untimely inspection caused by manual retrieval of a system security administrator, effectively improves the security of the Linux system, improves the inspection efficiency and ensures the security of the Linux server.
The invention uniformly manages and distributes the tasks of scanning a plurality of servers to be tested through the thread pool, and the tasks are performed simultaneously, thereby improving the efficiency of executing the scanning tasks and saving the time.
According to the invention, by counting and pushing the suspicious login information, a system security administrator can conveniently and effectively check the suspicious login information in time, and repetitive work is avoided.
Example eight
As shown in fig. 10, an embodiment of the present invention provides an apparatus for automatically monitoring login information of a Linux system, including:
the lead-in module 101 introduces a number of plug-ins, including: com.jcraft.jsch.jsch, com.jcraft.jsch.jschexception;
the packaging module 102 is used for packaging the fail _ logic _ linux.sh program into a script;
the loading module 103 loads configuration information of a plurality of servers to be tested through the configuration file by the script and circularly traverses all the servers to be tested through the thread pool;
the establishing module 104 is used for establishing a connection session with the server to be tested through the created Jsch connection object and the configuration information of the server to be tested by the script, acquiring a log path of the server to be tested, scanning the log of the server to be tested and acquiring suspicious login information;
and the statistics pushing module 105 is used for counting the suspicious login information and pushing the suspicious login information to the browser in real time through a dwr command.
The method effectively solves the problems of low efficiency and untimely inspection caused by manual retrieval of a system security administrator, effectively improves the security of the Linux system, improves the inspection efficiency and ensures the security of the Linux server.
The invention uniformly manages, distributes and scans the tasks of the servers to be tested through the thread pool, and performs the tasks simultaneously, thereby improving the efficiency of executing the scanning tasks and saving the time.
By counting and pushing the suspicious login information, the invention is convenient for a system security manager to effectively check the suspicious login information in time and avoid repeated work.
Although the embodiments of the present invention have been described with reference to the accompanying drawings, it is not intended to limit the scope of the present invention, and it should be understood by those skilled in the art that various modifications and variations can be made without inventive efforts by those skilled in the art based on the technical solution of the present invention.
Claims (8)
1. A method for automatically monitoring login information of a Linux system is characterized by comprising the following steps:
packaging the fail _ logic _ linux.sh program into a script;
the script loads configuration information of a plurality of servers to be tested through the configuration file and circularly traverses all the servers to be tested through the thread pool; the method includes the steps that the script loads configuration information of a plurality of servers to be tested through the configuration files, and the step of circularly traversing all the servers to be tested through the thread pool specifically comprises the following steps:
the script loads configuration information of a plurality of servers to be tested through the configuration file, whether the number of the servers to be tested is not greater than a first numerical value or not is judged, if not, threads corresponding to the number of the servers to be tested are established in the thread pool, and each thread correspondingly executes tasks of the servers to be tested;
if the number of the servers to be tested is larger than a first value but smaller than a second value, creating threads corresponding to the first value by the thread pool, wherein each thread in the threads of the first value correspondingly executes a task of the server to be tested, and adding a task of a difference value between the second value and the first value into a cache queue to wait for an idle thread to execute; if the adding fails, the thread pool creates a thread of a difference value between the second numerical value and the first numerical value, and the thread of the difference value between the second numerical value and the first numerical value correspondingly executes a task of the server to be tested of the difference value between the second numerical value and the first numerical value;
if the number of the servers to be tested is larger than or equal to the second value, adopting a task rejection strategy for processing;
the script establishes a session with the server to be tested through the created Jsch connection object and the configuration information of the server to be tested, acquires a log path of the server to be tested, scans the log of the server to be tested, and acquires suspicious login information.
2. The method for automatically monitoring login information of a Linux system according to claim 1, wherein before packaging the fail _ login _ linux.sh program into a script, the method further comprises introducing a plurality of plug-ins, wherein the plug-ins comprise: com.
3. The method for automatically monitoring login information of a Linux system according to claim 1 or 2, further comprising:
and counting the suspicious login information, and pushing the suspicious login information to the browser in real time through a dwr command.
4. The method according to claim 1, wherein the script establishes a session with the server under test through the created Jsch connection object and the configuration information of the server under test, obtains a log path of the server under test, scans the log of the server under test, and obtains suspicious login information specifically comprises:
the method comprises the steps that a Jsch connection object is created through a script, and a connection session with a server to be tested is established through the Jsch connection object and configuration information of the server to be tested;
the method comprises the steps of obtaining a log path of a server to be tested, opening an execution pipeline, scanning a log of the server to be tested according to keyword information corresponding to suspicious login information, storing the scanned log information in a database, wherein the scanned log information comprises the suspicious login information, and closing an execution channel.
5. The method for automatically monitoring login information of a Linux system as claimed in claim 3, wherein the pushing suspicious login information to the browser in real time by a dwr command is specifically: if the number of the current browsers is one, pushing the current browsers to the uppermost page of the browser in real time; and if the number of the current browsers is multiple, pushing each browser in real time.
6. A device for automatically monitoring login information of a Linux system is characterized by comprising:
the packaging module is used for packaging the fail _ logic _ linux.sh program into a script;
the loading module loads configuration information of a plurality of servers to be tested through the configuration files by the script and circularly traverses all the servers to be tested through the thread pool; the script loads configuration information of a plurality of servers to be tested through the configuration file, and the step of circularly traversing all the servers to be tested through the thread pool specifically comprises the following steps:
the script loads configuration information of a plurality of servers to be tested through the configuration file, whether the number of the servers to be tested is not greater than a first numerical value or not is judged, if not, threads corresponding to the number of the servers to be tested are established in the thread pool, and each thread correspondingly executes tasks of the servers to be tested;
if the number of the servers to be tested is larger than a first value but smaller than a second value, creating threads corresponding to the first value by the thread pool, wherein each thread in the threads of the first value correspondingly executes a task of the server to be tested, and adding a task of a difference value between the second value and the first value into a cache queue to wait for an idle thread to execute; if the adding fails, the thread pool creates a thread of a difference value between the second numerical value and the first numerical value, and the thread of the difference value between the second numerical value and the first numerical value correspondingly executes a task of the server to be tested of the difference value between the second numerical value and the first numerical value;
if the number of the servers to be tested is larger than or equal to the second value, adopting a task rejection strategy for processing;
and the establishing module is used for establishing a connection session with the server to be tested through the created Jsch connection object and the configuration information of the server to be tested by the script, acquiring a log path of the server to be tested, scanning the log of the server to be tested and acquiring suspicious login information.
7. The apparatus according to claim 6, further comprising an import module for importing a plurality of plug-ins, said plug-ins comprising: com.
8. The apparatus for automatically monitoring login information of Linux system according to claim 6 or 7, further comprising:
and the statistics pushing module is used for counting the suspicious login information and pushing the suspicious login information to the browser in real time through a dwr command.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911116596.0A CN110968476B (en) | 2019-11-15 | 2019-11-15 | Method and device for automatically monitoring login information of Linux system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911116596.0A CN110968476B (en) | 2019-11-15 | 2019-11-15 | Method and device for automatically monitoring login information of Linux system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110968476A CN110968476A (en) | 2020-04-07 |
CN110968476B true CN110968476B (en) | 2022-12-27 |
Family
ID=70030604
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201911116596.0A Active CN110968476B (en) | 2019-11-15 | 2019-11-15 | Method and device for automatically monitoring login information of Linux system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110968476B (en) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112256270A (en) * | 2020-10-19 | 2021-01-22 | 成都知道创宇信息技术有限公司 | Login operation information management method and device |
CN114153726B (en) * | 2021-11-25 | 2024-05-17 | 麒麟软件有限公司 | Login test method and device based on linux desktop operating system |
CN116233122B (en) * | 2023-05-06 | 2023-07-04 | 上海观安信息技术股份有限公司 | Heterogeneous server login method, device, equipment and medium |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103475546A (en) * | 2013-09-26 | 2013-12-25 | 北京思特奇信息技术股份有限公司 | Method and system for detecting repeated login of salesmen |
CN110377509A (en) * | 2019-06-29 | 2019-10-25 | 苏州浪潮智能科技有限公司 | A kind of method of web page real time inspection plug-in script debugging log |
-
2019
- 2019-11-15 CN CN201911116596.0A patent/CN110968476B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103475546A (en) * | 2013-09-26 | 2013-12-25 | 北京思特奇信息技术股份有限公司 | Method and system for detecting repeated login of salesmen |
CN110377509A (en) * | 2019-06-29 | 2019-10-25 | 苏州浪潮智能科技有限公司 | A kind of method of web page real time inspection plug-in script debugging log |
Also Published As
Publication number | Publication date |
---|---|
CN110968476A (en) | 2020-04-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110968476B (en) | Method and device for automatically monitoring login information of Linux system | |
US10701096B1 (en) | Systems and methods for anomaly detection on core banking systems | |
US10929538B2 (en) | Network security protection method and apparatus | |
CN109495308B (en) | Automatic operation and maintenance system based on management information system | |
US20180239902A1 (en) | Validation of security monitoring through automated attack testing | |
US7308597B2 (en) | Analysis of pipelined networks | |
US8713177B2 (en) | Remote management of networked systems using secure modular platform | |
US10108801B2 (en) | Web application vulnerability scanning | |
CN103856467A (en) | Method and distributed system for achieving safety scanning | |
CN108337266B (en) | Efficient protocol client vulnerability discovery method and system | |
CN106484425B (en) | A kind of abnormality eliminating method of policy-based configuration | |
CN109857507B (en) | Method for automatically and remotely executing Windows program | |
CN115941224A (en) | Network access information management method and device and computer readable storage medium | |
Grover | An Efficient Brute Force Attack Handling Techniques for Server Virtualization | |
CN116886286A (en) | Big data authentication service self-adaption method, device and equipment | |
US20140019610A1 (en) | Correlated Tracing of Connections through TDS | |
CN108616381B (en) | Event correlation alarm method and device | |
CN114039834B (en) | Processing method and device for realizing one-key diagnosis of end-to-end faults of optical network | |
CN111258712B (en) | Method and system for protecting safety of virtual machine under virtual platform network isolation | |
CN108196982A (en) | A kind of LINUX system restarts the configuration method of service automatically | |
CN107864057B (en) | Online automatic checking and alarming method based on networking state | |
CN111385253B (en) | Vulnerability detection system for network security of power distribution automation system | |
CN112653937B (en) | Optical network access equipment management method and device | |
CN109871267B (en) | One-key start-stop method and system for base priority | |
CN110990290B (en) | System and method for testing stability of universal big data platform |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |