CN110765463B - WebLogic-based safety baseline reinforcement method - Google Patents
WebLogic-based safety baseline reinforcement method Download PDFInfo
- Publication number
- CN110765463B CN110765463B CN201911062355.2A CN201911062355A CN110765463B CN 110765463 B CN110765463 B CN 110765463B CN 201911062355 A CN201911062355 A CN 201911062355A CN 110765463 B CN110765463 B CN 110765463B
- Authority
- CN
- China
- Prior art keywords
- weblogic
- information
- domain
- setting
- host
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Abstract
The invention discloses a safety baseline reinforcing method based on WebLogic, which comprises the following steps: filling in WebLogic information and host IP information to be reinforced; judging whether the WebLogic information and the host IP information to be reinforced are correct or not, and if the WebLogic information and the host IP information to be reinforced are incorrect, outputting the WebLogic information and the host IP information to be reinforced into a log; if the WebLogic information and the host IP information to be reinforced are correct, setting parameter values in file contents; and the server node running each domain of the WebLogic is connected to the specified domain to change. The WebLogic-based safety baseline reinforcement method provided by the invention can be operated only after parameters are configured, so that the labor force is greatly reduced, and the working efficiency is improved.
Description
Technical Field
The invention relates to a safety baseline reinforcing method, in particular to a safety baseline reinforcing method based on WebLogic.
Background
WebLogic is a Java application server based middleware for developing, integrating, deploying and managing large distributed Web applications, web applications and database applications. The dynamic functionality of Java and the security of Java Enterprise standards are introduced into the development, integration, deployment and management of large-scale network applications. WebLogic service functionality includes 1) establishing different sites having the same domain name on one computer using an IP address, or on multiple computers bundled together using a cluster, or on multiple computers managed by a proxy server. 2) Server JAVA code written based on the J2EE standard is deployed, including servlets, JSPs, javabeans, and EJBs. 3) The distributed system is integrated using J2EE extended web services, including JDBC for database connection, JMS for information delivery, JNDI for web directory access, JTA for distributed transactions, and JavaMail for email processing. 4) Pure Java distributed applications using Remote Method Invocation (RMI) are deployed. 5) The distributed application system, which approximates CORBA, is deployed by using RMI-IIOP (RMI over Internet Inter-ORB Protocol) Protocol. 6) Powerful security is achieved through the use of Secure Sockets Layer (SSL) and Weblogic's inherent support for user authentication and authorization. 7) High availability, load balancing and fault tolerance are provided by grouping a plurality of Weblogic servers into a cluster. 8) The Java server is deployed on Windows NT/2000,Sun Solairs,HP/UX and other Weblogic supported operating systems using Java's multi-platform capabilities. 9) On either platform, one or more WebLogic servers can be easily managed on the network by using WebLogic to intuitively perform Web-based management and monitoring tools.
The safety baseline reinforcing method based on WebLogic is necessary to be developed, so that the labor is greatly reduced, and the working efficiency is improved.
Disclosure of Invention
The technical problem to be solved by the invention is to provide a WebLogic-based safety baseline reinforcement method, which can be operated only after parameters are configured, so that the labor force is greatly reduced, and the working efficiency is improved.
The technical scheme adopted by the invention for solving the technical problems is to provide a WebLogic-based safety baseline reinforcement method, which comprises the following steps:
step S101: filling in WebLogic information and host IP information to be reinforced;
step S102: judging whether the WebLogic information and the host IP information to be reinforced are correct, and if the WebLogic information and the host IP information to be reinforced are incorrect, jumping to step S104: outputting the data to a log;
if the WebLogic information and the host IP information to be consolidated are correct, the step S103 is skipped: setting parameter values in file contents;
step S105: and the server node running each domain of the WebLogic is connected to the specified domain to change.
And the server node running each domain of the WebLogic is connected to the specified domain to change.
Preferably, the number of files reserved in the log is 180, and the log polling mode is time polling.
Preferably, the console session timeout of the domain is set to 300 seconds, the lockout threshold of user lockout of the domain is 5 times, the lockout duration of user lockout of the domain is 3 minutes, and the lockout reset duration of user lockout of the domain is 10 minutes.
Preferably, the setting the parameter value in the file content includes setting the maximum time of the sticky thread of the node to 600 seconds, setting the maximum open socket number of the node to 2101, and setting the minimum password length to 8.
Preferably, the WebLogic information and the host IP information to be consolidated include a main definition serial number, a system name, a domain name, a WebLogic console URL, a WebLogic console user, a WebLogic console password, a domain directory path, an IP address, an operating system user, and an operating system password.
Preferably, the method further comprises the following steps:
and running WLS _security_rendition_scripts, and executing domain baseline security reinforcement set by WLS_configuration.xls files under the conf folder.
Compared with the prior art, the invention has the following beneficial effects: the WebLogic-based safety baseline reinforcement method provided by the invention can be operated only after parameters are configured, so that the labor force is greatly reduced, and the working efficiency is improved.
Drawings
FIG. 1 is a flowchart of a security baseline reinforcement method based on WebLogic in an embodiment of the invention.
Detailed Description
The invention is further described below with reference to the drawings and examples.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention. However, it will be apparent to one of ordinary skill in the art that the present invention may be practiced without these specific details. Accordingly, the specific details are set forth merely as examples, and the specific details may vary from the spirit and scope of the disclosure and are still considered within the spirit and scope of the disclosure.
According to the WebLogic-based safety baseline reinforcement method, the operation can be performed only after the parameters are configured, so that the labor force is greatly reduced, and the working efficiency is improved.
The embodiment discloses a secure baseline reinforcement method based on WebLogic, which comprises the following steps:
step S101: filling in WebLogic information and host IP information to be reinforced;
step S102: judging whether the WebLogic information and the host IP information to be reinforced are correct, and if the WebLogic information and the host IP information to be reinforced are incorrect, jumping to step S104: outputting the data to a log;
if the WebLogic information and the host IP information to be consolidated are correct, the step S103 is skipped: setting parameter values in file contents;
step S105: and the server node running each domain of the WebLogic is connected to the specified domain to change.
And the server node running each domain of the WebLogic is connected to the specified domain to change.
The invention relates to a script tool for reinforcing a safety base line of WebLogic middleware software by one key, which has the main function of reinforcing the safety base line of a plurality of WebLogic Domain domains. The operation can be performed only after the parameter configuration is finished, so that the labor is greatly reduced, and the working efficiency is improved. The set of tools may be executed on Windows or Linux, only requiring the platform to be installed with the python tool. The operating system platform supporting the remote server comprises AIX and LINUX, and WebLogic versions comprise: webLogic 11G, webLogic C.
This module is responsible for outputting of script execution and redirecting output to the file for use as a log record.
This module is responsible for interfacing with the WebLogic console for configuration changes of the domain.
The modules/wls _upload_execute.py. This module is responsible for reading configuration, uploading files, executing commands remotely.
modes/__ init __. Py this module is responsible for the identifier of the python package, changing the folder to a python module.
Preferably, the number of files reserved in the log is 180, and the log polling mode is time polling.
Preferably, the console session timeout of the domain is set to 300 seconds, the lockout threshold of user lockout of the domain is 5 times, the lockout duration of user lockout of the domain is 3 minutes, and the lockout reset duration of user lockout of the domain is 10 minutes.
Preferably, the setting the parameter value in the file content includes setting the maximum time of the sticky thread of the node to 600 seconds, setting the maximum open socket number of the node to 2101, and setting the minimum password length to 8.
conf/wls_configuration. Xls file: this configuration file defines mainly sequence numbers, system names, domain names, webLogic console URLs, webLogic console users, webLogic console passwords, domain directory paths, IP addresses, operating system users, operating system passwords. The configuration file is also used for storing related information of a remote server and WebLogic, so that scripts can be conveniently read and used.
conf/wlssecuritiyparameter.ini file: the configuration file mainly defines the values of all security baseline parameters of the WebLogic, and is convenient for script reading and use.
wlst_security.log_year_month_day_time_minute_seconds: one-key WebLogic security baseline reinforcement script.
And wls _security_rendition_scripts.py, and is convenient for a user to review.
Preferably, the method further comprises the following steps:
and running WLS _security_rendition_scripts, and executing domain baseline security reinforcement set by WLS_configuration.xls files under the conf folder.
Compared with the prior art, the invention has the following beneficial effects: the WebLogic-based safety baseline reinforcement method provided by the invention can be operated only after parameters are configured, so that the labor force is greatly reduced, and the working efficiency is improved.
While the invention has been described with reference to the preferred embodiments, it is not intended to limit the invention thereto, and it is to be understood that other modifications and improvements may be made by those skilled in the art without departing from the spirit and scope of the invention, which is therefore defined by the appended claims.
Claims (2)
1. The WebLogic-based safety baseline reinforcement method is characterized by comprising the following steps of:
step S101: filling in WebLogic information and host IP information to be reinforced;
step S102: judging whether the WebLogic information and the host IP information to be reinforced are correct, and if the WebLogic information and the host IP information to be reinforced are incorrect, jumping to step S104: outputting the data to a log;
if the WebLogic information and the host IP information to be consolidated are correct, the step S103 is skipped: setting parameter values in file contents;
step S105: the server nodes running each domain of the WebLogic are connected to a specified domain to change;
setting the overtime of the console session of the domain to 300 seconds, setting the blocking threshold value of the user blocking of the domain to 5 times, setting the blocking duration of the user blocking of the domain to 3 minutes, and setting the blocking reset duration of the user blocking of the domain to 10 minutes;
the parameter values in the content of the setting file comprise setting the maximum time of the viscous thread of the node to 600 seconds, setting the maximum number of open sockets of the node to 2101 and setting the minimum password length to 8;
the WebLogic information and the host IP information to be reinforced comprise main definition serial numbers, system names, domain names, webLogic control console URLs, webLogic control console users, webLogic control console passwords, domain directory paths, IP addresses, operating system users and operating system passwords;
the method also comprises the following steps:
and running WLS _security_rendition_scripts, and executing domain baseline security reinforcement set by WLS_configuration.xls files under the conf folder.
2. The WebLogic-based security baseline reinforcement method of claim 1, wherein the number of files reserved in the log is 180, and the log polling mode is time polling.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911062355.2A CN110765463B (en) | 2019-11-02 | 2019-11-02 | WebLogic-based safety baseline reinforcement method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911062355.2A CN110765463B (en) | 2019-11-02 | 2019-11-02 | WebLogic-based safety baseline reinforcement method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110765463A CN110765463A (en) | 2020-02-07 |
| CN110765463B true CN110765463B (en) | 2023-05-26 |
Family
ID=69335405
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911062355.2A Active CN110765463B (en) | 2019-11-02 | 2019-11-02 | WebLogic-based safety baseline reinforcement method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110765463B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CA2737631A1 (en) * | 2010-04-18 | 2011-10-18 | Layer 7 Technologies Inc. | Protected application stack and method and system of utilizing |
| CN104346574A (en) * | 2014-10-23 | 2015-02-11 | 武汉大学 | Automatic host computer security configuration vulnerability restoration method and system based on configuration specification |
| CN105302571A (en) * | 2015-11-20 | 2016-02-03 | 浪潮电子信息产业股份有限公司 | IIS security baseline configuration mode |
| CN107229977A (en) * | 2016-03-25 | 2017-10-03 | 中国移动通信集团内蒙古有限公司 | A kind of automatic reinforcement means of Host Security baseline and system |
| US10250619B1 (en) * | 2015-06-17 | 2019-04-02 | Mission Secure, Inc. | Overlay cyber security networked system and method |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10417073B2 (en) * | 2017-04-12 | 2019-09-17 | Bank Of America Corporation | Application server deployment system for domain generation and testing with an administrative server virtual machine and managed server virtual machines |
-
2019
- 2019-11-02 CN CN201911062355.2A patent/CN110765463B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CA2737631A1 (en) * | 2010-04-18 | 2011-10-18 | Layer 7 Technologies Inc. | Protected application stack and method and system of utilizing |
| CN104346574A (en) * | 2014-10-23 | 2015-02-11 | 武汉大学 | Automatic host computer security configuration vulnerability restoration method and system based on configuration specification |
| US10250619B1 (en) * | 2015-06-17 | 2019-04-02 | Mission Secure, Inc. | Overlay cyber security networked system and method |
| CN105302571A (en) * | 2015-11-20 | 2016-02-03 | 浪潮电子信息产业股份有限公司 | IIS security baseline configuration mode |
| CN107229977A (en) * | 2016-03-25 | 2017-10-03 | 中国移动通信集团内蒙古有限公司 | A kind of automatic reinforcement means of Host Security baseline and system |
Non-Patent Citations (3)
| Title |
|---|
| 李绍龙 ; 彭润 ; 罗成 ; .构建网络信息安全服务平台初探.中国公共安全(学术版).2009,(第03期),全文. * |
| 章 ; 施永益 ; 陈红燕 ; .J2EE应用集群技术的研究和实践.计算机安全.2008,(第01期),全文. * |
| 赖建华 ; 林宁思 ; .IaaS环境下云主机安全配置基线设计.情报探索.2017,(第01期),全文. * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110765463A (en) | 2020-02-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101194233B (en) | System and method of testing wireless component applications | |
| US7334162B1 (en) | Dynamic distribution of test execution | |
| US7987449B1 (en) | Network for lifecycle management of firmware and software in electronic devices | |
| US20020032768A1 (en) | Method and system for configuring remotely located applications | |
| US20090158272A1 (en) | Configuration management center | |
| US7747709B2 (en) | Method and system for automatically cloning IT resource structures | |
| US20090300180A1 (en) | Systems and methods for remote management of networked systems using secure modular platform | |
| US20020116507A1 (en) | Distributed testing of an implementation of a remote access protocol | |
| US20070074227A1 (en) | Interceptor method and system for web services for remote portlets | |
| US8949400B2 (en) | Server management systems | |
| US20080229142A1 (en) | Self-service recovery of application data | |
| US7296190B2 (en) | Parallel text execution on low-end emulators and devices | |
| US20030212756A1 (en) | Download management system | |
| US8250226B2 (en) | Generating one or more clients for generating one or more synthetic transactions with one or more web service operations | |
| US8978104B1 (en) | Access control center workflow and approval | |
| US20050193119A1 (en) | Method, system and program product for resolving prerequisites for a client device in an open service gateway initiative (OSGi) framework | |
| US7865880B2 (en) | System and/or method for implementing efficient techniques for testing common information model providers | |
| CN110765463B (en) | WebLogic-based safety baseline reinforcement method | |
| Cisco | Quick Start Guide for Ciscoworks IP Telephony Environment Monitor Release 1.3 | |
| CN111176782B (en) | Online experiment method and device | |
| Cisco | Upgrading Cisco CallManager Release 3.0(11) from the Web | |
| Cisco | Upgrading Cisco CallManager Release 3.0(10) from the Web | |
| WO2001079998A2 (en) | Method and system for configuring remotely located applications | |
| CN115334152B (en) | Method for submitting structured machine learning calculation task to calculation cluster | |
| CA2429876A1 (en) | Testing computer applications |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |