CN102143168B - Linux platform-based server safety performance real-time monitoring method and system - Google Patents
Linux platform-based server safety performance real-time monitoring method and system Download PDFInfo
- Publication number
- CN102143168B CN102143168B CN201110047132.6A CN201110047132A CN102143168B CN 102143168 B CN102143168 B CN 102143168B CN 201110047132 A CN201110047132 A CN 201110047132A CN 102143168 B CN102143168 B CN 102143168B
- Authority
- CN
- China
- Prior art keywords
- server
- access
- legal
- visitor
- submodule
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000012544 monitoring process Methods 0.000 title claims abstract description 62
- 238000000034 method Methods 0.000 title claims abstract description 28
- 238000012550 audit Methods 0.000 claims description 17
- 238000005516 engineering process Methods 0.000 claims description 16
- 230000003139 buffering effect Effects 0.000 claims description 6
- 230000007246 mechanism Effects 0.000 description 7
- 238000004364 calculation method Methods 0.000 description 5
- 239000000203 mixture Substances 0.000 description 5
- 238000004458 analytical method Methods 0.000 description 4
- 238000007405 data analysis Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 238000007726 management method Methods 0.000 description 3
- 238000013474 audit trail Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 241001269238 Data Species 0.000 description 1
- 241000700605 Viruses Species 0.000 description 1
- 238000007906 compression Methods 0.000 description 1
- 230000006835 compression Effects 0.000 description 1
- 239000012141 concentrate Substances 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000007123 defense Effects 0.000 description 1
- 230000008260 defense mechanism Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000007613 environmental effect Effects 0.000 description 1
- 238000009472 formulation Methods 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 238000010606 normalization Methods 0.000 description 1
- GOLXNESZZPUPJE-UHFFFAOYSA-N spiromesifen Chemical compound CC1=CC(C)=CC(C)=C1C(C(O1)=O)=C(OC(=O)CC(C)(C)C)C11CCCC1 GOLXNESZZPUPJE-UHFFFAOYSA-N 0.000 description 1
Abstract
The invention discloses a linux platform-based server safety performance real-time monitoring method and a linux platform-based server safety performance real-time monitoring system, which aim to overcome the shortcoming of real-time monitoring realization incapability of a conventional linux platform-based server safety performance monitoring scheme. The system comprises an access control module, a data control module and a service control module, wherein the access control module is used for generating an access log to monitor the safety performance of a server in real time when a server access request submitted by an accessor is legal; the data control module is used for generating an operating log according to operations corresponding to operating requests to monitor the safety performance of the server in real time when the legal accessor has the rights of operating target data in the server; and the service control module is used for generating a service log to monitor the safety performance of the server in real time when the server externally performs service accessing according to standard accessing rules. By the system and the method, the real-time monitoring of the safety performance of the server is realized.
Description
Technical field
The present invention relates to server security performance monitoring technology, relate in particular to a kind of server security performance method for real-time monitoring and system based on linux platform.
Background technology
Along with the quickening of IT application process, computer and network are used widely in all trades and professions, and it is more and more important that safety issue has become.The client that data security is had relatively high expectations, provides safety guarantee in the urgent need to fail safe server.On the other hand, service management personnel also improve the security performance of self system in the urgent need to security architecture technology.
At present, although the server security performance monitoring scheme of existing a small amount of linux platform, but also all can not accomplish real-time monitoring, and higher to the occupancy of host resource in the time of monitoring, versatility is also poor, mainly carry out for concrete industry or application, can not expand dynamic flexible.
Summary of the invention
Technical problem to be solved by this invention is that a kind of server security performance Real-time Monitor Technique need to be provided, and overcomes the existing server security performance monitoring scheme based on linux platform and can not realize the defect of real-time monitoring.
In order to solve the problems of the technologies described above, first the present invention provides a kind of server security performance real-time monitoring system based on linux platform, comprising:
Access control module, the access request to this server of submitting to for receiving visitor generates access log according to this access request in the time that this visitor is legal, monitors in real time the security performance of this server according to this access log;
Data Control module, for receiving the operation requests of this legal visitor to this server target data, the operation generating run daily record corresponding according to this operation requests in the time that this legal visitor possesses operating right to this target data, monitors the security performance of this server in real time according to this Operation Log;
Message control module, generates business diary while externally carrying out Operational Visit for this server according to the access rule of standard, and monitors in real time the security performance of this server according to this business diary.
Preferably, this access control module comprises:
First receives submodule, this access request of submitting to for receiving this visitor;
Whether first judges submodule, legal for judging this access request;
First enables submodule, first judges that submodule judges this access request and allow the Operational Visit of this visitor to this server when legal for this;
First generates submodule, generates access log for legal visitor while this server being carried out to this Operational Visit according to this access request;
The first monitoring submodule, for monitoring in real time the security performance of this server according to this access log.
Preferably, this access control module comprises:
Second receives submodule, thinks legal this visitor this operation requests to this server target data for receiving this access control module;
Second judges submodule, for judging that according to this operation requests this access control module thinks whether this legal visitor possesses this operating right to this server target data;
Second enables submodule, judges this access control module think that this legal visitor allows the operation of this legal visitor to this target data when this server target data is possessed to this operating right for this second judge module;
Second generates submodule, second enables submodule while allowing this legal visitor to the operation of this target data for this, and according to this operation requests, corresponding operation generates this Operation Log;
The second monitoring submodule, for monitoring in real time the security performance of this server according to this Operation Log.
Preferably, this message control module comprises:
Formulate submodule, for formulate this access rule of standard according to the business tine of the feature of the external Operational Visit of this server and user's care;
The 3rd generates submodule, generates this business diary for this server according to this access rule of standard while externally carrying out this Operational Visit;
The 3rd monitoring submodule, for monitoring in real time the security performance of this server according to this business diary.
Preferably, this system further comprises:
Audit module, for carrying out follow-up auditing to this access log, Operation Log and business diary.
In order to solve the problems of the technologies described above, the present invention also provides a kind of server security performance method for real-time monitoring based on linux platform, comprising:
Receive the access request to this server that visitor submits to, in the time that this visitor is legal, generate access log according to this access request, monitor in real time the security performance of this server according to this access log;
Receive the operation requests of this legal visitor to target data in this server, the operation generating run daily record corresponding according to this operation requests in the time that this legal visitor possesses operating right to this target data, monitors the security performance of this server in real time according to this Operation Log;
In the time that this server externally carries out Operational Visit according to the access rule of standard, generate business diary, and monitor in real time the security performance of this server according to this business diary.
Preferably, in the time that this visitor is legal, generate the step of access log according to this access request, comprising:
Judge that whether this access request is legal;
Judge this access request and allow the Operational Visit of this visitor to this server when legal;
Legal visitor generates access log while this server being carried out to this Operational Visit according to this access request.
Preferably, in the time that possessing operating right to this target data, this legal visitor according to the step of operation generating run daily record corresponding to this operation requests, comprising:
Judge that according to this operation requests this access control module thinks whether this legal visitor possesses this operating right to target data in this server;
Judge this access control module and think that legal this visitor allows the operation of this legal visitor to this target data when target data possesses this operating right in this server;
While allowing this legal visitor to the operation of this target data, according to this operation requests, corresponding operation generates this Operation Log.
Preferably, in the time that this server externally carries out Operational Visit according to the access rule of standard, generate the step of business diary, comprising:
Formulate this access rule of standard according to the business tine of the feature of the external Operational Visit of this server and user's care;
This server generates this business diary while externally carrying out this Operational Visit according to this access rule of standard.
Preferably, the method further comprises:
This access log, Operation Log and business diary are carried out to follow-up auditing.
In technical scheme of the present invention, comprise transmission and the analysis of daily record, monitoring and the data analysis etc. of host computer system status data all realizes based on linux technology, therefore technical scheme of the present invention is the dynamic state server security performance monitoring technique based on linux platform, it is compared with traditional server performance monitor technology, and main advantage shows:
(1) data message obtaining in time, accurate, expandability is good, can fill at any time monitor event, meets security monitoring demand; All at the safe condition of monitoring server, guarantee the timely and accuracy of obtaining information from start to finish; Utilize Data Control module and message control module to define flexibly according to the feature of application, and provide on limits interface to define monitor event for user, therefore extendibility and highly versatile, meets obstructed user's monitoring demand.
(2) flexible, low to server resource occupancy, by introducing buffer technology, batch updating buffered data, has improved the resource utilization of server, has alleviated the burden of server; By introducing buffer technology, the a large amount of access log producing in access control module is first submitted to buffering area, in the time that a period of time or buffering area are full, is submitted on hard disk in batches again, avoid like this contention of disk I/O, the burden of writing that has alleviated server, has improved disk I/O performance.
(3) adopt text file format as transfer files, greatly reduce the network bandwidth; In technical scheme of the present invention, the access log generating all records with text formatting and transmits, be so convenient to process, and Document type data itself to take byte few, when transfer of data, save the network bandwidth.
(4) safe, utilize layered defense mechanism, greatly improve server security; In technical scheme of the present invention, first mask illegal requestor by access control module, then carry out further control section legitimate request person's access by Data Control module, finally also record legitimate request person's behavior by message control module, by defending layer by layer, greatly improve the fail safe of server.
Other features and advantages of the present invention will be set forth in the following description, and, partly from specification, become apparent, or understand by implementing the present invention.Object of the present invention and other advantages can be realized and be obtained by specifically noted structure in specification, claims and accompanying drawing.
Brief description of the drawings
Accompanying drawing is used to provide the further understanding to technical solution of the present invention, and forms a part for specification, for explaining technical scheme of the present invention, does not form the restriction to technical solution of the present invention together with embodiments of the present invention.In the accompanying drawings:
Fig. 1 is the composition schematic diagram of the embodiment of the present invention one server safe monitoring system;
Fig. 2 is the composition schematic diagram of middle access control module embodiment illustrated in fig. 1;
Fig. 3 is the composition schematic diagram of middle Data Control module embodiment illustrated in fig. 1;
Fig. 4 is the composition schematic diagram of another embodiment of the present invention server safe monitoring system;
Fig. 5 is the schematic flow sheet of the embodiment of the present invention two server safe monitoring methods.
Embodiment
Describe embodiments of the present invention in detail below with reference to drawings and Examples, to the present invention, how application technology means solve technical problem whereby, and the implementation procedure of reaching technique effect can fully understand and implement according to this.
First,, if do not conflicted, the mutually combining of each feature in the embodiment of the present invention and embodiment, all within protection scope of the present invention.In addition, can in the computer system such as one group of computer executable instructions, carry out in the step shown in the flow chart of accompanying drawing, and, although there is shown logical order in flow process, but in some cases, can carry out shown or described step with the order being different from herein.
Embodiment mono-, server safe monitoring system based on linux platform
As shown in Figure 1, the present embodiment safety monitoring system 100 mainly comprises access control module 110, Data Control module 120 and message control module 130, wherein:
Access control module 110, for monitoring the Operational Visit of visitor to server 200, receive the access request to server 200 of visitor's submission and judge that whether this access request is legal, this access request is legal to generate access log record, analyze and follows the tracks of the Operational Visit of server 200 according to legal visitor, and according to the security performance of this access log monitoring server 200;
Data Control module 120, be connected with this access control module 110 and server 200, think the data operation request of the legal visitor of access request to server 200 target datas for receiving access control module 110, and judge whether visitor possesses operating right to target data; In the time that this legal visitor possesses operating right to this target data according to the daily record of the corresponding operation generating run of operation requests, and according to the security performance of the real-time monitoring server 200 of Operation Log; In this process, security mechanism by database is taked monitoring strategies flexibly in the granularity of security monitoring, the tracking of implementation database rank, judges with this whether visitor possesses operating right etc. to target data, and ensures the real-time monitoring of server 200 security performances;
Message control module 130, be connected with server 200, be used for according to the external Operational Visit of the access rule monitoring server 200 of standard, in the time that externally carrying out Operational Visit according to the access rule of standard, server 200 generates business diary, and according to the security performance of the real-time monitoring server 200 of business diary; At analyzing and processing layer, the existing potential safety problem graduation of server 200 Outside Access is listed, and while guaranteeing to reach certain warning level by the access rule rule of standard, informed client in the mode such as note, mail, so that client responds in time.
This message control module 130 is by standardized access rule process, that the feature of the Operational Visit external according to server and business tine that user is concerned about carry out formulating flexibly, for example classified papers, if a unauthorized requestor (illegal request person in other words) attempts continuous 3 access to attempt opening this file, so just can trigger early warning, generate access log to record this requestor as potential object of suspicion.Such as the long-time Intranet card of server network utilance all exceedes 95%, so also can trigger early warning again, think that this server may be subject to network attack or the middle virus of certain website.3 access of these classified papers herein and 95% network card utilance are exactly the normalisation rule of respective behavior.
If continuous 3 access of definition requestor (user) are not when the classified papers to its mandate (being also that access request is illegal), its server security grade is 0, continuous while accessing these classified papers 20 times, its server security grade is 1, continuous 30 access, its server security tier definition is 2, is 2 o'clock if analyzing and processing layer counts on safe class, will forbid that server provides service for this user.As can be seen here, all analysis data all come from user's behavior record, and analyzing and processing layer can be according to these rules, and the information extracting in access log is analyzed, and lists safety problem grade.
In the present embodiment, above-mentioned access control module 110 as shown in Figure 2, can comprise that the first reception submodule 210, first judges that submodule 220, first enables submodule 230, first and generates submodule 240 and the first monitoring submodule 250, wherein:
First receives submodule 210, the access request of submitting to for receiving visitor;
Whether first judges submodule 220, is connected with the first reception submodule 210, legal for judging the access request that the first reception submodule 210 receives;
First enables submodule 230, is connected with the first judgement submodule 220, judges access request that the first reception submodule 210 receives allow the Operational Visit of visitor to this server when legal for the first judgement submodule 220;
First generates submodule 240, enables submodule 230 be connected with this first reception submodule 210 and first, generates access log for legal visitor while this server being carried out to this Operational Visit according to access request;
The first monitoring submodule 250, is connected with this first generation submodule 240, for monitor in real time the security performance of this server according to access log, and can carry out Realtime Alerts according to monitored results where necessary.
Above-mentioned Data Control module 120 is mainly used for resisting the invader who breaks through access control module 110, prevents that invader from destroying the data that in server, database is stored.This module adopts the administrative mechanism of role-view-user right to realize, and refine to the row in table data, adopts encryption mechanism processing for the critical data of database storage simultaneously.
In the administrative mechanism of above-mentioned role-view-user right, role's definition is the management for the ease of security permission, by fine-grained, certain data to be read and/or a combination of write permission, for example the data of certain table can be read and/or write to Li work, so just can define this table role, be read-write.If Wang work also has the role of this table of read-write, so directly this role is assigned to Wang work, and does not need to compose separately authority, this role can define flexibly.View is that user can only see the data that belong within the scope of authority, and can not see the data that exceed outside the scope of authority in order to shield True Data, to arrange according to user right.The above-mentioned implication that refine to the row in table data refers to that the granularity of Data Security Control can reach a column data, for example the address name of Bank Account Number table row are maintained secrecy, just can name row be encrypted and be controlled, this user's age can allow user see, can not be encrypted.
In the present embodiment, above-mentioned Data Control module 120 as shown in Figure 3, can comprise that the second reception submodule 310, second judges that submodule 320, second enables submodule 330, second and generates submodule 340 and the second monitoring submodule 350, wherein:
Second receives submodule 310, is connected with this access control module 110, thinks the legal visitor operation requests to server target data for receiving access control module 110;
Second judges submodule 320, receives submodule 310 and is connected, for judging that according to this operation requests access control module 110 thinks whether legal visitor possesses corresponding operating right to server target data with this access control module 110 and second;
Second enables submodule 330, be connected with the second judgement submodule 320, judge access control module 110 for the second judge module and think that legal visitor allows the operation of legal visitor to target data when server target data is possessed to corresponding operating right;
Second generates submodule 340, enables submodule 330 and is connected with second, enables submodule 330 while allowing legal visitor to the operation of target data, the operation generating run daily record corresponding according to operation requests for second;
The second monitoring submodule 350, is connected with the second generation submodule 340, for according to the security performance of the real-time monitoring server of Operation Log, and can carry out Realtime Alerts according to monitored results where necessary.
In the present embodiment, above-mentioned message control module 130 can comprise that formulating submodule, the 3rd generates submodule and the 3rd monitoring submodule, wherein:
Formulate submodule, for formulate this access rule of standard according to the business tine of the feature of the external Operational Visit of this server and user's care;
The 3rd generates submodule, is connected with this formulation submodule, generates business diary for this server according to this access rule of standard while externally carrying out this Operational Visit;
The 3rd monitoring submodule, generates submodule and is connected with the 3rd, for according to the security performance of the real-time monitoring server of this business diary, and can carry out Realtime Alerts according to monitored results where necessary.
As shown in Figure 4, in the embodiment of another real-time monitoring system of the present invention, can also comprise an audit module 410, wherein:
Audit module 410 is all connected with access control module 110, Data Control module 120 and message control module 130, for this access log, Operation Log and business diary are carried out to follow-up auditing.Server, in whole service process, all can trigger this audit module, and the success and failure that audit module is carried out according to event determines whether audits.If determine to audit, record of the audit can be submitted to an audit queue, in the time of audit queue full, wake an audit progress up, this audit progress reads record of the audit and audits.
Embodiment bis-, server security performance method for real-time monitoring based on linux platform
Please refer to Fig. 1 to Fig. 3 and corresponding explanatory note, the present embodiment as shown in Figure 5 mainly comprises the steps:
Step S510, receives the access request to this server that visitor submits to, in the time that this visitor is legal, generates access log according to this access request, monitors in real time the security performance of this server according to this access log;
Step S520, receive the operation requests of this legal visitor to target data in this server, the operation generating run daily record corresponding according to this operation requests in the time that this legal visitor possesses operating right to this target data, monitors the security performance of this server in real time according to this Operation Log;
Step S530 generates business diary in the time that this server externally carries out Operational Visit according to the access rule of standard, and monitors in real time the security performance of this server according to this business diary.
Wherein, the above-mentioned step that generates access log in the time that this visitor is legal according to this access request, can comprise:
Judge that whether this access request is legal;
Judge this access request and allow the Operational Visit of this visitor to this server when legal;
Legal visitor generates access log while this server being carried out to this Operational Visit according to this access request.
Wherein, above-mentioned in the time that this legal visitor possesses operating right to this target data according to the step of operation generating run daily record corresponding to this operation requests, can comprise:
Judge that according to this operation requests this access control module thinks whether this legal visitor possesses this operating right to target data in this server;
Judge this access control module and think that legal this visitor allows the operation of this legal visitor to this target data when target data possesses this operating right in this server;
While allowing this legal visitor to the operation of this target data, according to this operation requests, corresponding operation generates this Operation Log.
Wherein, the above-mentioned step that generates business diary in the time that this server externally carries out Operational Visit according to the access rule of standard, can comprise:
Formulate this access rule of standard according to the business tine of the feature of the external Operational Visit of this server and user's care;
This server generates this business diary while externally carrying out this Operational Visit according to this access rule of standard.
Wherein, the method for the present embodiment may further include step:
This access log, Operation Log and business diary are carried out to follow-up auditing.
Technical scheme of the present invention is in the time of specific implementation, and first the environmental variance of define system, comprises host information, and the installation directory of database and some other information are mainly used to certain concrete application of correct identified server.Then the monitor command that utilizes linux system self obtains time of host server operation as TOP, SAR and Uptime etc., whether system resource operation is normal, all these information are all recorded in relevant journal file, finally by Internet Transmission, corresponding journal file are copied on security server as follow-up data analysis is prepared.Whether the system always service processing result of the tested server of circulatory monitoring reaches the threshold value of a certain index.If reach this threshold value, call monitor-interface and monitor and report to the police.The major function of monitor-interface is the server security rank of obtaining according to data analysis, judge that notifying user's mode is to select mail or mobile phone mode, if level of security is higher, just directly send to user by note, if level of security is lower, send to user by mail, if just some warning, could post-processed.Be exactly according to the result of data analysis processing at result Graphics Processing, carry out the arrangement of historical data, be then depicted as the form of chart, be convenient to the security performance variation tendency of the whole server running of customer analysis.
The present invention is based on the raising server security performance of linux platform and the technical scheme of real-time early warning, in having improved server security, also add audit function, prevent from can carrying out audit-trail once there is server security problem, Nonrepudition occurs, and by real-time early warning mechanism, remind administrative staff to take timely measure.In addition, technical solution of the present invention has been introduced layered defense technology, access control module can utilize encryption mechanism and password controls, access control module can utilize database security encryption technology to be provided to encryption mechanism and the audit-trail processing of row, message control module can provide log analysis and management function, comprise the compression of daily record, dump etc.
Technical scheme of the present invention had both been suitable for the strict user's deployment secure architectural schemes of security request data, was suitable for again researching and developing fail safe server, improved the performance of security server.For attendant, can solve well by technical scheme of the present invention the denial causing because of safety problem and occur, can take measures as early as possible simultaneously, loss is dropped to minimum.And technical scheme of the present invention also has in time, accurately, extensibility is strong, to plurality of advantages such as server resource occupation rate are low.
Technical scheme of the present invention is the operation conditions of monitoring server in real time, and carrys out by customized strategy the security threat that reponse system promptly and accurately exists.Utilize buffer technology, reduce system load, and provide because Insufficient disk space adopts circular logging overlay strategy and compress backup function, these are all that traditional method for monitoring performance and general audit safety monitoring technology are difficult to realize.
Those skilled in the art should be understood that, each module in above-mentioned system of the present invention or device embodiment, submodule, and/or each step in embodiment of the method can realize with general calculation element, they can concentrate on single calculation element, or be distributed on the network that multiple calculation elements form, alternatively, they can be realized with the executable program code of calculation element, thereby, they can be stored in storage device and be carried out by calculation element, or they are made into respectively to each integrated circuit modules, or the multiple modules in them or step are made into single integrated circuit module to be realized.Like this, the present invention is not restricted to any specific hardware and software combination.
Although the disclosed execution mode of the present invention as above, the execution mode that described content just adopts for the ease of understanding the present invention, not in order to limit the present invention.Technical staff in any the technical field of the invention; do not departing under the prerequisite of the disclosed spirit and scope of the present invention; can do any amendment and variation what implement in form and in details; but scope of patent protection of the present invention, still must be as the criterion with the scope that appending claims was defined.
Claims (10)
1. the server security performance real-time monitoring system based on linux platform, comprising:
Access control module, the access request to this server of submitting to for receiving visitor generates access log according to this access request in the time that this visitor is legal, monitors in real time the security performance of this server according to this access log; Also for introducing buffer technology, a large amount of access log producing is first submitted to buffering area, be submitted on hard disk in batches when fuller until a period of time or buffering area;
Data Control module, for receiving the operation requests of this legal visitor to this server target data, the operation generating run daily record corresponding according to this operation requests in the time that this legal visitor possesses operating right to this target data, monitors the security performance of this server in real time according to this Operation Log;
Message control module, generates business diary while externally carrying out Operational Visit for this server according to the access rule of standard, and monitors in real time the security performance of this server according to this business diary.
2. system according to claim 1, wherein, this access control module comprises:
First receives submodule, this access request of submitting to for receiving this visitor;
Whether first judges submodule, legal for judging this access request;
First enables submodule, first judges that submodule judges this access request and allow the Operational Visit of this visitor to this server when legal for this;
First generates submodule, generates access log for legal visitor while this server being carried out to this Operational Visit according to this access request;
The first monitoring submodule, for monitoring in real time the security performance of this server according to this access log.
3. system according to claim 1, wherein, this access control module comprises:
Second receives submodule, thinks legal this visitor this operation requests to this server target data for receiving this access control module;
Second judges submodule, for judging that according to this operation requests this access control module thinks whether this legal visitor possesses this operating right to this server target data;
Second enables submodule, judges this access control module think that this legal visitor allows the operation of this legal visitor to this target data when this server target data is possessed to this operating right for this second judge module;
Second generates submodule, second enables submodule while allowing this legal visitor to the operation of this target data for this, and according to this operation requests, corresponding operation generates this Operation Log;
The second monitoring submodule, for monitoring in real time the security performance of this server according to this Operation Log.
4. system according to claim 1, wherein, this message control module comprises:
Formulate submodule, for formulate this access rule of standard according to the business tine of the feature of the external Operational Visit of this server and user's care;
The 3rd generates submodule, generates this business diary for this server according to this access rule of standard while externally carrying out this Operational Visit;
The 3rd monitoring submodule, for monitoring in real time the security performance of this server according to this business diary.
5. system according to claim 1, wherein, this system further comprises:
Audit module, for carrying out follow-up auditing to this access log, Operation Log and business diary.
6. the server security performance method for real-time monitoring based on linux platform, comprising:
Receive the access request to this server that visitor submits to, in the time that this visitor is legal, generate access log according to this access request, monitor in real time the security performance of this server according to this access log; Introduce buffer technology, a large amount of access log producing is first submitted to buffering area, in the time that a period of time or buffering area are full, be submitted on hard disk in batches again;
Receive the operation requests of this legal visitor to target data in this server, the operation generating run daily record corresponding according to this operation requests in the time that this legal visitor possesses operating right to this target data, monitors the security performance of this server in real time according to this Operation Log;
In the time that this server externally carries out Operational Visit according to the access rule of standard, generate business diary, and monitor in real time the security performance of this server according to this business diary.
7. method according to claim 6 wherein, generates the step of access log in the time that this visitor is legal according to this access request, comprising:
Judge that whether this access request is legal;
Judge this access request and allow the Operational Visit of this visitor to this server when legal;
Legal visitor generates access log while this server being carried out to this Operational Visit according to this access request.
8. method according to claim 6 wherein, according to the step of operation generating run daily record corresponding to this operation requests, comprising in the time that this legal visitor possesses operating right to this target data:
Judge that according to this operation requests access control thinks whether this legal visitor possesses this operating right to target data in this server;
Judge this access control and think that legal this visitor allows the operation of this legal visitor to this target data when target data possesses this operating right in this server;
While allowing this legal visitor to the operation of this target data, according to this operation requests, corresponding operation generates this Operation Log.
9. method according to claim 6 wherein, generates the step of business diary in the time that this server externally carries out Operational Visit according to the access rule of standard, comprising:
Formulate this access rule of standard according to the business tine of the feature of the external Operational Visit of this server and user's care;
This server generates this business diary while externally carrying out this Operational Visit according to this access rule of standard.
10. method according to claim 6, wherein, the method further comprises:
This access log, Operation Log and business diary are carried out to follow-up auditing.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110047132.6A CN102143168B (en) | 2011-02-28 | 2011-02-28 | Linux platform-based server safety performance real-time monitoring method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110047132.6A CN102143168B (en) | 2011-02-28 | 2011-02-28 | Linux platform-based server safety performance real-time monitoring method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102143168A CN102143168A (en) | 2011-08-03 |
| CN102143168B true CN102143168B (en) | 2014-07-09 |
Family
ID=44410390
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110047132.6A Active CN102143168B (en) | 2011-02-28 | 2011-02-28 | Linux platform-based server safety performance real-time monitoring method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102143168B (en) |
Families Citing this family (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103051496B (en) * | 2012-12-21 | 2016-06-22 | 大唐软件技术股份有限公司 | The monitoring method of a kind of monitoring point server and device |
| CN104102878B (en) * | 2013-04-10 | 2017-02-08 | 中国科学院计算技术研究所 | Malicious code analysis method and system under Linux platform |
| CN104700024B (en) * | 2013-12-10 | 2018-05-04 | 中国移动通信集团黑龙江有限公司 | A kind of method and system of Unix classes host subscriber operational order audit |
| CN105207831B (en) * | 2014-06-12 | 2017-11-03 | 腾讯科技(深圳)有限公司 | The detection method and device of Action Events |
| CN104504014B (en) * | 2014-12-10 | 2018-03-13 | 无锡城市云计算中心有限公司 | Data processing method and device based on big data platform |
| CN105450660A (en) * | 2015-12-23 | 2016-03-30 | 北京安托软件技术有限公司 | Business resource security control system |
| CN107329884A (en) * | 2017-06-30 | 2017-11-07 | 郑州云海信息技术有限公司 | The access auditing method and system of a kind of storage system |
| CN111444061A (en) * | 2020-03-30 | 2020-07-24 | 浪潮商用机器有限公司 | Server resource monitoring method and system |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101018119A (en) * | 2007-02-09 | 2007-08-15 | 浪潮电子信息产业股份有限公司 | Hardware-based server network security centralized management system without relevance to the operation system |
| CN101247263A (en) * | 2008-03-18 | 2008-08-20 | 浪潮电子信息产业股份有限公司 | Server centralized management method based on data link layer |
| US7437763B2 (en) * | 2003-06-05 | 2008-10-14 | Microsoft Corporation | In-context security advisor in a computing environment |
| CN101707632A (en) * | 2009-10-28 | 2010-05-12 | 浪潮电子信息产业股份有限公司 | Method for dynamically monitoring performance of server cluster and alarming real-timely |
| CN101826993A (en) * | 2010-02-04 | 2010-09-08 | 蓝盾信息安全技术股份有限公司 | Method, system and device for monitoring security event |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR100358387B1 (en) * | 2000-06-27 | 2002-10-25 | 엘지전자 주식회사 | Apparatus for extended firewall protecting internal resources in network system |
-
2011
- 2011-02-28 CN CN201110047132.6A patent/CN102143168B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7437763B2 (en) * | 2003-06-05 | 2008-10-14 | Microsoft Corporation | In-context security advisor in a computing environment |
| CN101018119A (en) * | 2007-02-09 | 2007-08-15 | 浪潮电子信息产业股份有限公司 | Hardware-based server network security centralized management system without relevance to the operation system |
| CN101247263A (en) * | 2008-03-18 | 2008-08-20 | 浪潮电子信息产业股份有限公司 | Server centralized management method based on data link layer |
| CN101707632A (en) * | 2009-10-28 | 2010-05-12 | 浪潮电子信息产业股份有限公司 | Method for dynamically monitoring performance of server cluster and alarming real-timely |
| CN101826993A (en) * | 2010-02-04 | 2010-09-08 | 蓝盾信息安全技术股份有限公司 | Method, system and device for monitoring security event |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102143168A (en) | 2011-08-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102143168B (en) | Linux platform-based server safety performance real-time monitoring method and system | |
| US11157629B2 (en) | Identity risk and cyber access risk engine | |
| AU2018229433B2 (en) | System for the measurement and automated accumulation of diverging cyber risks, and corresponding method thereof | |
| CN108268354A (en) | Data safety monitoring method, background server, terminal and system | |
| KR102542720B1 (en) | System for providing internet of behavior based intelligent data security platform service for zero trust security | |
| US20100325727A1 (en) | Security virtual machine for advanced auditing | |
| US20110225650A1 (en) | Systems and methods for detecting and investigating insider fraud | |
| US10225249B2 (en) | Preventing unauthorized access to an application server | |
| CN103530106A (en) | Method and system of context-dependent transactional management for separation of duties | |
| US11693981B2 (en) | Methods and systems for data self-protection | |
| EP3567509B1 (en) | Systems and methods for tamper-resistant activity logging | |
| CN102906759A (en) | Context aware data protection | |
| GB2535579A (en) | Preventing unauthorized access to an application server | |
| KR102139062B1 (en) | Security Service system based on cloud | |
| CN202218262U (en) | Safety management system for internal network information | |
| Clayton | Statement on cybersecurity | |
| CN108600178A (en) | A kind of method for protecting and system, reference platform of collage-credit data | |
| CN107241357A (en) | User access control method and apparatus in cloud computing system | |
| Sharma et al. | OVERVIEW OF DATA SECURITY, CLASSIFICATION AND CONTROL MEASURE: A STUDY. | |
| Demers et al. | Protecting Colleges & Universities Against Real Losses in a Virtual World, 33 J. Marshall J. Info. Tech. & Privacy L. 101 (2017) | |
| WO2018084695A1 (en) | System and method for controlling access of users to sensitive information content in an organization | |
| Arthur Conklin et al. | Information security foundations for the interoperability of electronic health records | |
| Hasan et al. | Beyond Media Hype: Empirical Analysis of Disclosed Privacy Breaches 2005-2006 and a DataSet/Database Foundation for Future Work | |
| Klatt | Case Study Analysis: Cybersecurity Breach at Metropolitan Health Systems | |
| Rose | Improving Cybersecurity for Telehealth Patients |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20201106 Address after: 215100 No. 1 Guanpu Road, Guoxiang Street, Wuzhong Economic Development Zone, Suzhou City, Jiangsu Province Patentee after: SUZHOU LANGCHAO INTELLIGENT TECHNOLOGY Co.,Ltd. Address before: 100085 Beijing, Haidian District on the road to information on the ground floor, building 2-1, No. 1, C Patentee before: Inspur (Beijing) Electronic Information Industry Co.,Ltd. |