CN102571476A - Method and device for monitoring terminal command line in real time - Google Patents
Method and device for monitoring terminal command line in real time Download PDFInfo
- Publication number
- CN102571476A CN102571476A CN2010106173256A CN201010617325A CN102571476A CN 102571476 A CN102571476 A CN 102571476A CN 2010106173256 A CN2010106173256 A CN 2010106173256A CN 201010617325 A CN201010617325 A CN 201010617325A CN 102571476 A CN102571476 A CN 102571476A
- Authority
- CN
- China
- Prior art keywords
- user
- information
- history command
- active
- end message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention provides a method and a device for monitoring a terminal command line in real time. Operation commands and other behaviors of users are collected by associating historical file names, terminal information and user information and using various log files provided by a Unix/Linux operation system, and information is transmitted to an event collection server for monitoring, managing and auditing.
Description
Technical field
The present invention relates to operating system security, and relate in particular to the method and apparatus of real-time monitor terminal order line.
Background technology
Owing to lack the monitoring tools and the monitoring means of operational order, the Unix/Linux system server often can't in time be found and the behavior of supervisory user in operating system.When the system manager need manage the server of some, how to realize user's on the real-time tracking server behavior, system failure time, downtime etc. is reduced to minimum, become vital problem.
Though Unix/Linux operating system nucleus bottom provides the audit function to user's operating command and various actions; But the audit function of open operation system kernel will greatly increase the load of system itself; The stability of reduction system impacts application and the business that operates on the operating system.Therefore, all careful this audit function of using of most Unix/Linux users of system.
In the prior art; The fort machine technology can be realized the function of log history order; But this technology can't be carried out record to the order that machine room is directly logined; Simultaneously owing to there is Single Point of Faliure, therefore need on equipment drops into, strengthen investment realizing the high available of architecture, and this has increased the difficulty of O&M.In addition, though can obtain the order that telnet (Telnet) operates through the network traffics analysis, this method can't be carried out effective recognition to the operation of SSH employing AESs such as (Secure Shell).
Usually, Unix/Linux operating system is kept at user's operating command and various actions record of the audit in the local specified file acquiescently.But be to use file that this method preserves exist by the people be distort maybe (for example, the hacker deliberately distorts and covers up malicious act or the people is misoperation), and can't manage concentratedly and monitoring in real time effectively.In addition, owing to exist in the same time period a plurality of user su (conversion identity) to same user, to operate in the system, the person liable that will cause in monitoring in real time and postaudit accurate positioning action to be ordered like this.
Therefore, need a kind of method and apparatus of real-time monitor terminal order line to solve the problems referred to above.
Summary of the invention
For addressing the above problem, the present invention provides a kind of device of real-time monitor terminal order line, and this device comprises first information reading device, it is characterized in that, first information reading device is through the behavior of following module monitors user in operating system:
First module is configured to be provided with history command file end message and the user profile of comprising by name as the environmental variance of said operating system;
Second module is configured to utilize the user profile of successfully landing in the current operation system to obtain current active end message;
Three module is configured to according to said active end message, the history command file of the terminal related user of obtaining and scanning and should enliven,
Four module is configured to utilize every order in the history command file of said active end message mark and terminal related user that should be active;
The 5th module is configured to when said active terminal is withdrawed from, preserve above-mentioned through mark and history command this active terminal related user as the first information.
Preferably, said first module environmental variance that further is configured to be provided with said operating system is for based on Termination ID and user name.
Preferably, said first module further is configured in the configuration file of said operating system, add the definition of history command filename.
Preferably; Said first module further is configured to user's history command file is arranged under the same catalogue; And in said three module,, scan said same catalogue to obtain and the history command file that is somebody's turn to do active terminal related user according to said active end message.
Preferably; Said three module further is configured in polling cycle, continue scanning and the history command file that is somebody's turn to do active terminal related user; In said four module; Further, utilize said active end message mark newly-increased with history command file this active terminal related user in order.
Preferably, every the order further being configured in the said history command file of said four module is provided with rank.
Preferably, every the order further being configured in the said history command file of said four module is provided with filtering rule.
Preferably, also comprise second information read device, be used for reading and preserving about the operational order after the user su record of said operating system, the log-on message of failing, the ftp login as second information.
Preferably, also comprise control module, be used to handle the said first information and said second information, and the information after will handling sends to the event collection server.
Preferably, said control module adopts the syslog agreement to send the information after the said processing through the socket mode.
Preferably, said end message comprises one or more in Termination ID, source IP address, the source user.
Preferably, said operating system comprises AIX, Linux and Solaris.
Preferably, the first information also comprises the one or more of date, time, host information, source user information, source IP address, user profile and end message that the history command with terminal related user that should be active produces.
According to another target of the present invention, a kind of method of real-time monitor terminal order line is provided, it is characterized in that, through the behavior of following steps supervisory user in operating system:
First step is provided with history command file end message and the user profile of comprising by name as the environmental variance of said operating system;
Second step utilizes the user profile of successfully landing in the current operation system to obtain current active end message;
Third step, according to said active end message, the history command file of the terminal related user of obtaining and scanning and should enliven,
The 4th step is utilized every order in the history command file of said active end message mark and terminal related user that should be active;
The 5th step, when said active terminal is withdrawed from, preserve above-mentioned through mark and history command this active terminal related user as the first information.
Technical scheme of the present invention is through to reading and handle the content of the self-defined texts such as utmp, sulog, failedlogin, history and ftp log in the Unix/Linux system; Adopt the syslog agreement to send to unified event collection server the information after handling, represent, alarm and audit what the information of collecting was concentrated through the event collection server through socket mode (TCP/UDP is optional).
The advantage of technical scheme of the present invention is can support a plurality of users while su in the system are arrived the accurate location of the operation behavior under the same user; Can operation behavior directly be navigated to the people, solve on the Unix/Linux platform audit information and located inaccurate problem.
The advantage of technical scheme of the present invention is to run on any Unix and Linux release version, and supports various shell, has compatible widely.
The advantage of technical scheme of the present invention is need not the audit function of open operation system kernel; Only need the environmental variance HISTFILE of retouching operation system; Can locate the operator of each bar operational order effectively exactly; Can carry out the differentiation of the serious grade of incident, reach the effect of real-time monitoring.
The advantage of technical scheme of the present invention is if the log information of operating system itself is distorted still can accurately locate, the track of the behavior that notes abnormalities.
The advantage of technical scheme of the present invention is that occupying system resources is few, and is lower to system configuration influence property.
Description of drawings
With reference to advantages after the embodiment of the present invention, those skilled in the art will become apparent various aspects of the present invention.One skilled in the art will appreciate that these accompanying drawings only are used to cooperate embodiment that technical scheme of the present invention is described, and be not to be intended to protection scope of the present invention is constituted restriction.Wherein,
Fig. 1 is the schematic representation of apparatus according to the real-time monitor terminal order line of the embodiment of the invention.
Fig. 2 is the flow chart according to the method for the real-time monitor terminal order line of the embodiment of the invention.
Embodiment
With reference to the accompanying drawings, specific embodiments of the invention is done further to describe in detail.
Embodiments of the invention are through being associated the history command filename with end message, user profile; And utilize the various journal files that Unix/Linux operating system provides to collect user's operating command and various other behavior, and these information are sent to the event collection server monitor, manage and audit.These journal files can comprise that the user profile (utmp), the user su in the system that successfully land in the current system that Unix/Linux operating system acquiescence provides write down the operational order (ftp log) after ftp lands in user's operating command (history), the system in the logon information (filedlogin) of failing in (sulog), the system, the system, and user-defined other application log.
As shown in Figure 1, comprise first information reading device, second information read device and control device according to the device of the real-time monitor terminal order line of the embodiment of the invention.In one embodiment of the invention, first information reading device is used to collect user's history command.This first information reading device can comprise with lower module, wherein:
First module is used to be provided with history command filename (HISTFILE) as the environmental variance of operating system for comprising end message and user profile.For example, operating system environment variable HISFILE She Zhiwei $TTY_$USER distinguishes the history command file of login user, and Qi Zhong $TTY is a Termination ID, and Yi Ji $USER is a user name.As an example, can the definition of environmental variance HISFILE be added to this environmental variance is set among configuration file/etc/profile.The history command file is kept under the user.home under the default situations.That is to say that each user has the history command file of oneself, the order of therefore in each user's shell, carrying out is all noted down in history command file separately, is uncurrent each other.In another embodiment of the present invention, the history command file that all users can be set under same catalogue, Li Ru $HISTFILE_DIR.So not only can improve safety of files and prevent to be distorted, but also handled easily to a great extent.
Second module, the user profile (utmp) that is used for utilizing current operation system successfully to land is obtained current active end message (TTY).This TTY is a unique value in the section at one time, and utmp writes down source IP address (org), the source user information (src) of this TTY.
Three module is used for according to active end message, the history command file of the terminal related user of obtaining and scanning and should enliven.Because the title of history command file comprises end message and user profile, so can be based on active end message scanning $HISTFILE_DIR to obtain this TTY all user's history command files under one's name.
Four module is used for utilizing for example source IP address and source user information every the order of mark and the history command file of terminal related user that should be active exactly of current slot of active end message.
In another embodiment of the present invention, three module further is configured in polling cycle, continue scanning and the history command file that is somebody's turn to do active terminal related user; Four module further be configured to utilize active end message mark newly-increased with history command file this active terminal related user in order.
The 5th module is used for when active terminal is withdrawed from, preserves above-mentioned through mark and history command this terminal related user of enlivening as the first information.
Through first information reading device, the present invention can according to end message evaded a plurality of users simultaneously su to same user order differentiation problem down.For example, the user who supposes current login be respectively A1, A2 ... Ai; Its corresponding TTY be respectively T1, T2 ... Ti, the pairing source IP address of TTY (org) is respectively S1, S2...Si.So, above-mentioned relation can form at one time unduplicated unique set F1 in the section (A1, T1, S1), F2 (A2, T2, S2) ... Fi (Ai, Ti, Si).Therefore; The active user's who obtains HISTFILE is respectively A1T1, A2T2...AiTi; The command history of supposing user's key entry of login is respectively { M1}, { M2}...{Mi}; As produce su operation, the user be respectively A1, A2 ... Ai is su to B1, B2...Bi respectively, and the HISTFILE that produces so is respectively B1T1, B2T2...BiTi.Since can through the part of the end message among the HISTFILE unique combination Fi (Ai, Ti confirm the user in Si), therefore can to for example a plurality of user A1, A2 simultaneously su distinguish to the order under the same user B1.
The formation of the first information is below described.Except history command, the first information can also comprise one or more in date, time, host information, source user information, source IP address, user profile and the end message that the history command with terminal related user that should be active produces.As an example, be located at date=Dx, in the time=TMx moment, it is Tx that first information reading device inquiry utmp file gets access to current active TTY.First information reading device scanning directory is the HISTFILE of active Tx down; According to the filename of HISTFILE (for example; Be Ux_Tx_history; Ux can be A1, A2...Ai or B1, B2...Bi any one) with TTY information Tx query set Fx obtain current TTY pairing (Ax Sx), and is packaged into the first information with these information and the command history collected:
(date=Dx,time=TMx,host=Hx,src=Ax,org=Sx,user=Ux,tty=Tx,cmd=Mx)。
Subsequently with this first be sent to the centralized collection server carry out rule treatments with represent.
In another embodiment of the present invention, can realize being provided with the functions such as level definition, filtering rule of order Mx at first information reading device.For example, can utilize four module rank or filtering rule to be set for every order in the history command file.
The present invention can comprise that second information read device is used for further reading and preserving about the operational order after the user su record of operating system, the log-on message of failing, the ftp login as second information.
The present invention can comprise that control device is used to handle the first information and second information, and the information after will handling sends to the event collection server.It will be appreciated by persons skilled in the art that event collection server of the present invention can be third-party event collection server, the for example ominibus of IBM Corporation.Control device can adopt the syslog agreement to send the information after the processing through the socket mode.
It will be appreciated by persons skilled in the art that above-mentioned end message can comprise one or more in Termination ID, source IP address, the source user.Will also be appreciated that said apparatus of the present invention can run on operating systems such as any AIX, Solaris, Unix and Linux, and support various shell.
Fig. 2 is the flow chart according to the method for the real-time monitor terminal order line of the embodiment of the invention.As shown in the figure, through the behavior of following steps supervisory user in operating system:
Related history command file and login user information and end message in first step S1 for example, are provided with history command file end message and the user profile of comprising by name as the environmental variance of operating system;
In the second step S2, obtain end message, for example, utilize the user profile of successfully landing in the current operation system to obtain current active end message;
In third step S3, obtain the history command file, for example, according to active end message, the history command file of the terminal related user of obtaining and scanning and should enliven,
Order in the 4th step S4 in the mark history command file for example, utilizes every order in end message mark that enlivens and the history command file that is somebody's turn to do active terminal related user;
In the 5th step S5, preserve the history command of mark, for example, when active terminal is withdrawed from, preserves above-mentioned through mark and history command this terminal related user of enlivening as the first information.
Preferably, in first step, the environmental variance of setting operation system is based on Termination ID and user name.
Preferably, in first step, further in the configuration file of operating system, add the definition of history command filename.
Preferably, in first step, further the history command file with the user is arranged under the same catalogue, and in third step, according to active end message, scans same catalogue to obtain and the history command file that is somebody's turn to do active terminal related user.
Preferably; In third step; Further, in polling cycle, continue scanning and the history command file that is somebody's turn to do active terminal related user, in the 4th step; Further, utilize active end message mark newly-increased with history command file this active terminal related user in order.
Preferably, in the 4th step, for every order in the history command file is provided with rank.
Preferably, in the 4th step, for every order in the history command file is provided with filtering rule.
Preferably, in the 5th step, further preserve about the operational order after the record of the user su in the operating system, the log-on message of failing, the ftp login as second information.
Preferably, in the 6th step, handle the first information and second information, and the information after will handling sends to the event collection server.
Preferably, in the 6th step, adopt the syslog agreement to send the information after the processing through the socket mode.
Through the description of above execution mode, those skilled in the art can be well understood to said apparatus of the present invention and method step can be realized by the mode of software combined with hardware platform, can certainly all implement through hardware.Those skilled in the art can understand, and under situation without departing from the spirit and scope of the present invention, can also specific embodiments of the invention do various changes and replacement.These changes and replacement all drop in claims of the present invention institute restricted portion.
Claims (26)
1. the method for a real-time monitor terminal order line is characterized in that, through the behavior of following steps supervisory user in operating system:
First step is provided with history command file end message and the user profile of comprising by name as the environmental variance of said operating system;
Second step utilizes the user profile of successfully landing in the current operation system to obtain current active end message;
Third step, according to said active end message, the history command file of the terminal related user of obtaining and scanning and should enliven,
The 4th step is utilized every order in the history command file of said active end message mark and terminal related user that should be active;
The 5th step, when said active terminal is withdrawed from, preserve above-mentioned through mark and history command this active terminal related user as the first information.
2. the method for claim 1 is characterized in that, in said first step, the environmental variance that said operating system is set is based on Termination ID and user name.
3. the method for claim 1 is characterized in that, in said first step, further in the configuration file of said operating system, adds the definition of history command filename.
4. the method for claim 1; It is characterized in that; In said first step, further the history command file with the user is arranged under the same catalogue, and in said third step; According to said active end message, scan said same catalogue to obtain and the history command file that is somebody's turn to do active terminal related user.
5. the method for claim 1; It is characterized in that, in said third step, further; In polling cycle, continue scanning and the history command file that is somebody's turn to do active terminal related user; In said the 4th step, further, utilize said active end message mark newly-increased with history command file this active terminal related user in order.
6. the method for claim 1 is characterized in that, in said the 4th step, for every order in the said history command file is provided with rank.
7. the method for claim 1 is characterized in that, in said the 4th step, for every order in the said history command file is provided with filtering rule.
8. the method for claim 1 is characterized in that, in said the 5th step, further reads and preserves about the operational order after the record of the user su in the said operating system, the log-on message of failing, the ftp login as second information.
9. method as claimed in claim 8 is characterized in that, in the 6th step, handle the said first information and said second information, and the information after will handling sends to the event collection server.
10. method as claimed in claim 11 is characterized in that, in said the 6th step, adopts the syslog agreement to send the information after the said processing through the socket mode.
11., it is characterized in that said end message comprises one or more in Termination ID, source IP address, the source user like any described method in the claim 1 to 10.
12., be characterised in that said operating system comprises AIX, Linux and Solaris like any described method in the claim 1 to 10.
13. like any described method in the claim 1 to 10; Be characterised in that the first information also comprises the one or more of date, time, host information, source user information, source IP address, user profile and end message that the history command with terminal related user that should be active produces.
14. the device of a real-time monitor terminal order line, this device comprises first information reading device, it is characterized in that, first information reading device is through the behavior of following module monitors user in operating system:
First module is configured to be provided with history command file end message and the user profile of comprising by name as the environmental variance of said operating system;
Second module is configured to utilize the user profile of successfully landing in the current operation system to obtain current active end message;
Three module is configured to according to said active end message, the history command file of the terminal related user of obtaining and scanning and should enliven,
Four module is configured to utilize every order in the history command file of said active end message mark and terminal related user that should be active;
The 5th module is configured to when said active terminal is withdrawed from, preserve above-mentioned through mark and history command this active terminal related user as the first information.
15. device as claimed in claim 14 is characterized in that, the environmental variance that said first module further is configured to be provided with said operating system is for based on Termination ID and user name.
16. device as claimed in claim 14 is characterized in that, said first module further is configured in the configuration file of said operating system, add the definition of history command filename.
17. device as claimed in claim 14; It is characterized in that; Said first module further is configured to user's history command file is arranged under the same catalogue; And in said three module,, scan said same catalogue to obtain and the history command file that is somebody's turn to do active terminal related user according to said active end message.
18. device as claimed in claim 14; It is characterized in that; Said three module further is configured in polling cycle, continue scanning and the history command file that is somebody's turn to do active terminal related user; In said four module, further, utilize said active end message mark newly-increased with history command file this active terminal related user in order.
19. device as claimed in claim 14 is characterized in that, every order that said four module further is configured in the said history command file is provided with rank.
20. device as claimed in claim 14 is characterized in that, every order that said four module further is configured in the said history command file is provided with filtering rule.
21. device as claimed in claim 14 is characterized in that, also comprises second information read device, is used for reading and preserving about the operational order after the user su record of said operating system, the log-on message of failing, the ftp login as second information.
22. device as claimed in claim 21 is characterized in that, also comprises control module, be used to handle the said first information and said second information, and the information after will handling sends to the event collection server.
23. device as claimed in claim 22 is characterized in that, said control module adopts the syslog agreement to send the information after the said processing through the socket mode.
24., it is characterized in that said end message comprises one or more in Termination ID, source IP address, the source user like any described device in the claim 14 to 23.
25., be characterised in that said operating system comprises AIX, Linux and Solaris like any described device in the claim 14 to 23.
26. like any described device in the claim 14 to 23; Be characterised in that the first information also comprises the one or more of date, time, host information, source user information, source IP address, user profile and end message that the history command with terminal related user that should be active produces.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010617325.6A CN102571476B (en) | 2010-12-27 | 2010-12-27 | A kind of method and apparatus of monitoring terminal command line in real time |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010617325.6A CN102571476B (en) | 2010-12-27 | 2010-12-27 | A kind of method and apparatus of monitoring terminal command line in real time |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102571476A true CN102571476A (en) | 2012-07-11 |
| CN102571476B CN102571476B (en) | 2015-08-19 |
Family
ID=46415999
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010617325.6A Active CN102571476B (en) | 2010-12-27 | 2010-12-27 | A kind of method and apparatus of monitoring terminal command line in real time |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102571476B (en) |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103532760A (en) * | 2013-10-18 | 2014-01-22 | 北京奇虎科技有限公司 | Equipment, system and method for analyzing commands executed on hosts |
| CN103678088A (en) * | 2012-09-14 | 2014-03-26 | 深圳中兴网信科技有限公司 | Data management and extraction method and system for operation histories |
| CN105099665A (en) * | 2015-09-15 | 2015-11-25 | 浪潮(北京)电子信息产业有限公司 | Command line interface CLI privilege management method and system |
| CN106686035A (en) * | 2015-11-10 | 2017-05-17 | 北京京东尚科信息技术有限公司 | Method and device for achieving FTP server based on Apache FtpServer |
| CN107483409A (en) * | 2017-07-21 | 2017-12-15 | 南京南瑞集团公司 | A kind of method that operational order towards industry control operating system monitors echo in real time |
| CN108521419A (en) * | 2018-04-04 | 2018-09-11 | 广州赛姆科技资讯股份有限公司 | Access processing method, device and the computer equipment of observation system file |
| CN108733546A (en) * | 2018-04-02 | 2018-11-02 | 阿里巴巴集团控股有限公司 | A kind of log collection method, device and equipment |
| CN109271787A (en) * | 2018-07-03 | 2019-01-25 | 中国银联股份有限公司 | A kind of operating system security active defense method and operating system |
| US10365992B2 (en) | 2017-04-21 | 2019-07-30 | International Business Machines Corporation | Protecting against an unintentional re-execution of commands in a shell history |
| CN111324872A (en) * | 2018-12-17 | 2020-06-23 | 上海擎感智能科技有限公司 | Method and system for redirected centralized audit of login records and operation records |
| CN115374443A (en) * | 2022-10-24 | 2022-11-22 | 北京智芯微电子科技有限公司 | Method and device for detecting file tampering, electronic equipment and readable storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1394034A (en) * | 2001-06-21 | 2003-01-29 | 华为技术有限公司 | Journal management system of integrated network manager |
| US20050038790A1 (en) * | 2001-09-20 | 2005-02-17 | Stephen Wolthusen | Device and method for establishing a security policy in a distributed system |
| CN1960273A (en) * | 2005-11-01 | 2007-05-09 | 杭州帕拉迪网络科技有限公司 | Method for dynamic real time capturing logic commands input from UNIX terminal user |
| CN101222382A (en) * | 2008-01-25 | 2008-07-16 | 中兴通讯股份有限公司 | State monitoring method and system |
-
2010
- 2010-12-27 CN CN201010617325.6A patent/CN102571476B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1394034A (en) * | 2001-06-21 | 2003-01-29 | 华为技术有限公司 | Journal management system of integrated network manager |
| US20050038790A1 (en) * | 2001-09-20 | 2005-02-17 | Stephen Wolthusen | Device and method for establishing a security policy in a distributed system |
| CN1960273A (en) * | 2005-11-01 | 2007-05-09 | 杭州帕拉迪网络科技有限公司 | Method for dynamic real time capturing logic commands input from UNIX terminal user |
| CN101222382A (en) * | 2008-01-25 | 2008-07-16 | 中兴通讯股份有限公司 | State monitoring method and system |
Cited By (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103678088A (en) * | 2012-09-14 | 2014-03-26 | 深圳中兴网信科技有限公司 | Data management and extraction method and system for operation histories |
| CN103678088B (en) * | 2012-09-14 | 2017-07-18 | 深圳中兴网信科技有限公司 | A kind of data management and extracting method and system to operation history |
| CN103532760A (en) * | 2013-10-18 | 2014-01-22 | 北京奇虎科技有限公司 | Equipment, system and method for analyzing commands executed on hosts |
| CN105099665A (en) * | 2015-09-15 | 2015-11-25 | 浪潮(北京)电子信息产业有限公司 | Command line interface CLI privilege management method and system |
| CN106686035A (en) * | 2015-11-10 | 2017-05-17 | 北京京东尚科信息技术有限公司 | Method and device for achieving FTP server based on Apache FtpServer |
| CN106686035B (en) * | 2015-11-10 | 2020-11-24 | 北京京东尚科信息技术有限公司 | Method and device for realizing customized FTP server based on Apache FtpServer |
| US10365992B2 (en) | 2017-04-21 | 2019-07-30 | International Business Machines Corporation | Protecting against an unintentional re-execution of commands in a shell history |
| CN107483409B (en) * | 2017-07-21 | 2019-02-26 | 南京南瑞集团公司 | A method of the operational order real-time monitoring echo towards industry control operating system |
| CN107483409A (en) * | 2017-07-21 | 2017-12-15 | 南京南瑞集团公司 | A kind of method that operational order towards industry control operating system monitors echo in real time |
| CN108733546A (en) * | 2018-04-02 | 2018-11-02 | 阿里巴巴集团控股有限公司 | A kind of log collection method, device and equipment |
| CN108521419A (en) * | 2018-04-04 | 2018-09-11 | 广州赛姆科技资讯股份有限公司 | Access processing method, device and the computer equipment of observation system file |
| CN108521419B (en) * | 2018-04-04 | 2021-06-01 | 广州赛姆科技资讯股份有限公司 | Access processing method and device for monitoring system file and computer equipment |
| CN109271787A (en) * | 2018-07-03 | 2019-01-25 | 中国银联股份有限公司 | A kind of operating system security active defense method and operating system |
| CN111324872A (en) * | 2018-12-17 | 2020-06-23 | 上海擎感智能科技有限公司 | Method and system for redirected centralized audit of login records and operation records |
| CN115374443A (en) * | 2022-10-24 | 2022-11-22 | 北京智芯微电子科技有限公司 | Method and device for detecting file tampering, electronic equipment and readable storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102571476B (en) | 2015-08-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102571476A (en) | Method and device for monitoring terminal command line in real time | |
| JP6687799B2 (en) | Network flow log for multi-tenant environment | |
| US11677780B2 (en) | Identifying automated response actions based on asset classification | |
| US11468641B2 (en) | Augmented reality assistant | |
| EP3646549B1 (en) | Firewall configuration manager | |
| US20120173731A1 (en) | System and method for starting cloud computing service according to user location | |
| CN105474225A (en) | Automating monitoring of computing resource in cloud-based data center | |
| JP5064912B2 (en) | Management apparatus, network system, program, and management method | |
| US20080282115A1 (en) | Client-server text messaging monitoring for remote computer management | |
| CA2838140C (en) | Customer experience monitor | |
| JP2011090512A (en) | Monitoring device, monitoring method, and monitoring program | |
| KR101078375B1 (en) | System for tracing user activity using operating system and method thereof | |
| US20200348947A1 (en) | Platform-based enterprise technology service portfolio management | |
| US10628591B2 (en) | Method for fast and efficient discovery of data assets | |
| Longo et al. | An osmotic computing infrastructure for urban pollution monitoring | |
| WO2021101664A1 (en) | Dormant account identifier | |
| JP6636605B1 (en) | History monitoring method, monitoring processing device, and monitoring processing program | |
| EP3852424A1 (en) | Application resilience system and method thereof for applications deployed on a platform | |
| KR101874484B1 (en) | A system and method for extracting, transforming, loading spatial data based on stream network | |
| CN100410876C (en) | Uniform exploitation method for security soft based on RMI standard | |
| KR20090001812A (en) | System and method for environmental managing as to the multiple monitoring areas | |
| JP2013196560A (en) | Log creation apparatus, log creation system, log creation program, and log creation method | |
| CN109684158B (en) | State monitoring method, device, equipment and storage medium of distributed coordination system | |
| US20120242836A1 (en) | Reseller video surveillance system technical and sales support platform | |
| CN109783567A (en) | Log Analysis System and its method for enterprise |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |