Summary of the invention
The invention provides a kind of system, method and apparatus that prevents that server data from distorting, solved server data by malicious modification, and the server data problem that can't guarantee data integrity after by malicious modification.
A kind of system that prevents that server data from distorting comprises:
Fixed host computer is used to write down login user information and retouching operation information, sends the preceding checking of user's modification instruction user key; If user key is correct; Then host verification information is added the user's modification instruction, send to master server and backup server, and confirmation of receipt information; If the user key mistake then produces alarm signal;
Master server is used to receive the user's modification instruction, and judges whether transmitting terminal is fixed host computer; If; Then instruction is made amendment according to user's modification, record modification time and action type, and return confirmation; Otherwise confirm as unauthorized access, and record unauthorized access number of times and unauthorized access information;
The ruuning situation information that master server receives and the record backup server sends has judged whether suspicious process or wrong file, if having, then sends modification information and produces alarm signal;
Backup server is used to receive the user's modification instruction, and judges whether transmitting terminal is fixed host computer; If; Then instruction is made amendment according to user's modification, record modification time and action type, and return confirmation; Otherwise confirm as unauthorized access, and record unauthorized access number of times and unauthorized access information;
Backup server; Be used for sending ruuning situation information and receiving the modification information that master server sends to master server; And judge whether transmitting terminal is master server, if the modification information of then sending according to master server is carried out file modification; Otherwise confirm as unauthorized access, and record unauthorized access number of times and unauthorized access information.
In the described system, described host verification information comprises at least: the MAC Address of fixed host computer, IP address and CPU information.
In the described system, when the unauthorized access number of times of master server or backup server during greater than preset value, master server or backup server produce alarm signal.
In the described system, described unauthorized access information comprises at least: Hostname, IP address and action type.
In the described system, described master server connects local area network (LAN), and backup server connects outer net, and master server adopts different frameworks and operating system with backup server.
A kind of method that prevents that server data from distorting is applicable to the fixed host computer that prevents in the system that server data distorts, and said method comprises:
Record login user information and retouching operation information;
Verify user key before sending the user's modification instruction,, then host verification information is added the user's modification instruction, send to master server and backup server if user key is correct, and confirmation of receipt information, if the user key mistake then produces alarm signal.
In the described method, described host verification information comprises at least: the MAC Address of fixed host computer, IP address and CPU information.
Said user key can be various ways, like Ukey or disc key etc.
A kind of fixed host computer equipment comprises:
Logging modle is used to write down login user information and retouching operation information;
The key authentication module is used to send the preceding checking of modify instruction user key, if user key is correct, then gets into distribution module, otherwise gets into alarm module;
Distribution module is used for being used for key when correct when checking, and host verification information is added the user's modification instruction, sends to master server and backup server, and confirmation of receipt information;
Alarm module is used for when checking user key mistake, producing alarm signal.
Described equipment, in it is characterized in that, described host verification information comprises at least: the MAC Address of fixed host computer, IP address and CPU information.
A kind of method that prevents that server data from distorting is applicable to the master server that prevents in the system that server data distorts, comprising:
Receive the ruuning situation information that user's modification instruction or backup server send;
If the user's modification instruction judges then whether transmitting terminal is fixed host computer, if; Then instruction is made amendment according to user's modification, record modification time and action type, and return confirmation; Otherwise confirm as unauthorized access, and record unauthorized access number of times and unauthorized access information;
If the ruuning situation information that backup server sends then writes down backup server ruuning situation information, and judged whether suspicious process or wrong file,, then send modification information and produce alarm signal if having.
In the described method,, produce alarm signal when unauthorized access number of times during greater than preset value.
In the described method, described unauthorized access information comprises at least: visit Hostname, IP address and action type.
In the described method, described ruuning situation information comprises at least:
The MD5 information of backup server master file and operation process title and number.
In the described method, described modification information is the fileinfo on the corresponding master server of apocrypha.
The method of misjudgment file can do, the MD5 value comparison of corresponding document in the MD5 value of the master file that backup server is sent and the master server in the said method, if identical then file is correct, otherwise file error.If file is correct, then do not feed back any information, if file error, then the file amendment with backup server is the file of master server.
A kind of master server equipment comprises:
Receiver module is used to receive the ruuning situation information that user's modification is instructed or backup server sends;
The fixed host computer authentication module when being used to receive the user's modification instruction, judges whether transmitting terminal is fixed host computer, if then instruction is made amendment according to user's modification, otherwise confirms as unauthorized access;
Logging modle is used for record modification time and action type, unauthorized access number of times and unauthorized access information and backup server ruuning situation information;
Detect and modified module, when being used to receive the ruuning situation information of backup server transmission, judged whether suspicious process or wrong file, if the alarm module of entering and sending module are arranged;
Alarm module is used to produce alarm signal;
Sending module is used for returning confirmation or sending modification information to backup server to fixed host computer.
In the described equipment, when unauthorized access number of times during greater than preset value, alarm module produces alarm signal.
Described logging modle also can be carried out the expansion of recorded content according to demand, sends time and the file content etc. of modification information to backup server like the record master server.
A kind of method that prevents that server data from distorting is applicable to the backup server that prevents in the system that server data distorts, comprising:
Receive the user's modification instruction or send ruuning situation information to master server;
If receive the user's modification instruction, judge then whether transmitting terminal is fixed host computer, if; Then instruction is made amendment according to user's modification, record modification time and action type, and return confirmation; Otherwise confirm as unauthorized access, and record unauthorized access number of times and unauthorized access information;
If send ruuning situation information to master server; Then receive the modification information that master server sends; And judge whether transmitting terminal is master server, if the modification information of then sending according to master server is carried out file modification; Otherwise confirm as unauthorized access, and record unauthorized access number of times and unauthorized access information.
In the described method,, produce alarm signal when unauthorized access number of times during greater than preset value.
In the described method, described unauthorized access information comprises at least: visit Hostname, IP address and action type.
In the described method, described ruuning situation information comprises at least: the MD5 information of backup server master file and operation process title and number.
A kind of backup server equipment comprises:
Receiver module is used to receive the modification information that user's modification is instructed and master server sends;
Fixed host computer and master server authentication module; Be used for when receiving the modification information of user's modification instruction or master server transmission, judging whether transmitting terminal is fixed host computer or master server, if fixed host computer; Then get into modified module; If master server then gets into the master server modified module, otherwise confirm as unauthorized access;
Logging modle is used for record modification time and action type and unauthorized access number of times and unauthorized access information;
Modified module is used for making amendment according to user's modification instruction, and returns confirmation;
Safe reporting module is used for sending ruuning situation information to master server;
The master server modified module is used to receive the modification information that master server sends, and carries out file modification according to the modification information that master server sends.
In the described equipment, also comprise alarm module, be used for producing alarm signal when unauthorized access number of times during greater than preset value.
Among the present invention, master server is not directly connected to outer net, but only in local area network (LAN), exists, and backup server connects with outer net, and with main servers link is arranged.In order to guarantee the safety of server, two-server adopts the CPU of different frameworks, and different operating systems is installed, and has increased the difficulty of distorting server data greatly, thereby improves the fail safe of server.Aspect the server content modification, also doing strict restriction, can only use fixing machine to make amendment, fixed host computer also can carry out the external key checking when in use simultaneously.
The invention provides a kind of system, method and apparatus that prevents that server data from distorting.System comprises fixed host computer, master server and backup server, and described fixed host computer is used to write down login user information and retouching operation information and verifies user key, sends modify instruction to master server and backup server; Master server is used to receive the modify instruction of fixed host computer transmission and the ruuning situation information that backup server sends, when receiving the information of on-fixed main frame or backup server transmission, and record unauthorized access information and warning; Backup server is used to receive the modify instruction of fixed host computer and master server transmission.Said master server connects local area network (LAN), and said backup server connects outer net, and master server adopts different frameworks and operating system with backup server.Prevented effectively that through method of the present invention server content from being distorted, improved server security property.
Embodiment
In order to make those skilled in the art person understand the technical scheme in the embodiment of the invention better, and make above-mentioned purpose of the present invention, feature and advantage can be more obviously understandable, below in conjunction with accompanying drawing technical scheme among the present invention done further detailed explanation.
The invention provides a kind of system, method and apparatus that prevents that server data from distorting, solved server data by malicious modification, and the server data problem that can't guarantee data integrity after by malicious modification.
A kind of system that prevents that server data from distorting, as shown in Figure 1, comprising:
Fixed host computer 101 is used to write down login user information and retouching operation information, sends the preceding checking of user's modification instruction user key; If user key is correct; Then host verification information is added the user's modification instruction, send to master server and backup server, and confirmation of receipt information; If the user key mistake then produces alarm signal;
Master server 102 is used to receive the user's modification instruction, and judges whether transmitting terminal is fixed host computer; If; Then instruction is made amendment according to user's modification, record modification time and action type, and return confirmation; Otherwise confirm as unauthorized access, and record unauthorized access number of times and unauthorized access information;
The ruuning situation information that master server receives and the record backup server sends has judged whether suspicious process or wrong file, if having, then sends modification information and produces alarm signal;
Backup server 103 is used to receive the user's modification instruction, and judges whether transmitting terminal is fixed host computer; If; Then instruction is made amendment according to user's modification, record modification time and action type, and return confirmation; Otherwise confirm as unauthorized access, and record unauthorized access number of times and unauthorized access information;
Backup server 103 sends ruuning situation information and receives the modification information that master server sends to master server; And judge whether transmitting terminal is master server; If; The modification information of then sending according to master server is carried out file modification, otherwise confirms as unauthorized access, and record unauthorized access number of times and unauthorized access information.
In the described system, described host verification information comprises at least: the MAC Address of fixed host computer, IP address and CPU information.
In the described system, when the unauthorized access number of times of master server or backup server during greater than preset value, master server or backup server produce alarm signal.
In the described system, described unauthorized access information comprises at least: Hostname, IP address and action type.
In the described system, described master server connects local area network (LAN), and backup server connects outer net, and master server adopts different frameworks and operating system with backup server.Adopt X86 framework window operating system like master server, backup server adopts ARM framework (SuSE) Linux OS.
A kind of method that prevents that server data from distorting is applicable to the fixed host computer that prevents in the system that server data distorts, and as shown in Figure 2, said method comprises:
S201: record login user information and retouching operation information;
S202: verify user key before sending the user's modification instruction, if user key is correct, then carry out S203, if the user key mistake is then carried out S205;
S203: host verification information is added the user's modification instruction, send to master server and backup server;
S204: confirmation of receipt information, finish to revise;
S205: produce alarm signal.
In the described method, described host verification information comprises at least: the MAC Address of fixed host computer, IP address and CPU information.
Said user key can be various ways, like Ukey or disc key etc.
A kind of fixed host computer equipment, as shown in Figure 3, comprising:
Logging modle 301 is used to write down login user information and retouching operation information;
Key authentication module 302 is used to send the preceding checking of modify instruction user key, if user key is correct, then gets into distribution module, otherwise gets into alarm module;
Distribution module 303 is used for being used for key when correct when checking, and host verification information is added the user's modification instruction, sends to master server and backup server, and confirmation of receipt information;
Alarm module 304 is used for when checking user key mistake, producing alarm signal.
Described equipment, in it is characterized in that, described host verification information comprises at least: the MAC Address of fixed host computer, IP address and CPU information.
A kind of method that prevents that server data from distorting is applicable to the master server that prevents in the system that server data distorts, and is as shown in Figure 4, comprising:
S401: receive the ruuning situation information that user's modification instruction or backup server send; If S402 is then carried out in the user's modification instruction, if the ruuning situation information that backup server sends is then carried out S405;
S402: judge whether transmitting terminal is fixed host computer, if, then carry out S403, otherwise confirm as unauthorized access, carry out S404;
S403: instruction is made amendment according to user's modification, record modification time and action type, and return confirmation;
S404: record unauthorized access number of times and unauthorized access information, but do not return any information;
S405: record backup server ruuning situation information;
S406: judged whether suspicious process or wrong file,, then carried out S407,, then do not done any replying if do not have if having;
S407: send modification information and produce alarm signal.
In the described method,, produce alarm signal when unauthorized access number of times during greater than preset value.
In the described method, described unauthorized access information comprises at least: visit Hostname, IP address and action type.
In the described method, described ruuning situation information comprises at least:
The MD5 information of backup server master file and operation process title and number.
In the described method, described modification information is the fileinfo on the corresponding master server of apocrypha.
The method of misjudgment file can do, the MD5 value comparison of corresponding document in the MD5 value of the master file that backup server is sent and the master server in the said method, if identical then file is correct, otherwise file error.If file is correct, then do not feed back any information, if file error, then the file amendment with backup server is the file of master server.
A kind of master server equipment, as shown in Figure 5, comprising:
Receiver module 501 is used to receive the ruuning situation information that user's modification is instructed or backup server sends;
Fixed host computer authentication module 502 when being used to receive the user's modification instruction, judges whether transmitting terminal is fixed host computer, if then instruction is made amendment according to user's modification, otherwise confirms as unauthorized access;
Logging modle 503 is used for record modification time and action type, unauthorized access number of times and unauthorized access information and backup server ruuning situation information;
Detect and modified module 504, when being used to receive the ruuning situation information of backup server transmission, judged whether suspicious process or wrong file, if the alarm module of entering and sending module are arranged;
Alarm module 505 is used to produce alarm signal;
Sending module 506 is used for returning confirmation or sending modification information to backup server to fixed host computer.
In the described equipment, when unauthorized access number of times during greater than preset value, alarm module produces alarm signal.
Described logging modle also can be carried out the expansion of recorded content according to demand, sends time and the file content etc. of modification information to backup server like the record master server.
A kind of method that prevents that server data from distorting is applicable to the backup server that prevents in the system that server data distorts, and is as shown in Figure 6, comprising:
S601: receive the user's modification instruction or send ruuning situation information to master server; If receive the user's modification instruction, then carry out S602, if send ruuning situation information, then carry out S605 to master server;
S602: judge whether transmitting terminal is fixed host computer, if then carry out S603, otherwise confirm as unauthorized access, and carry out S604;
S603: instruction is made amendment according to user's modification, record modification time and action type, and return confirmation;
S604: record unauthorized access number of times and unauthorized access information, but do not return any information;
S605: receive the modification information that master server sends;
S606: judge whether transmitting terminal is master server, if then carry out S607, otherwise confirm as unauthorized access, and carry out S608;
S607: the modification information according to master server sends is carried out file modification;
S608: record unauthorized access number of times and unauthorized access information, but do not return any information.
In the described method,, produce alarm signal when unauthorized access number of times during greater than preset value.
In the described method, described unauthorized access information comprises at least: visit Hostname, IP address and action type.
In the described method, described ruuning situation information comprises at least: the MD5 information of backup server master file and operation process title and number.
A kind of backup server equipment, as shown in Figure 7, comprising:
Receiver module 701 is used to receive the modification information that user's modification is instructed and master server sends;
Fixed host computer and master server authentication module 702; Be used for when receiving the modification information of user's modification instruction or master server transmission, judging whether transmitting terminal is fixed host computer or master server, if fixed host computer; Then get into modified module 704; If master server then gets into master server modified module 406, otherwise confirm as unauthorized access;
Logging modle 703 is used for record modification time and action type and unauthorized access number of times and unauthorized access information;
Modified module 704 is used for making amendment according to user's modification instruction, and returns confirmation;
Safe reporting module 705 is used for sending ruuning situation information to master server;
Master server modified module 706 is used to receive the modification information that master server sends, and carries out file modification according to the modification information that master server sends.
In the described equipment, also comprise alarm module 707, be used for producing alarm signal when unauthorized access number of times during greater than preset value.
Among the present invention, master server is not directly connected to outer net, but only in local area network (LAN), exists, and backup server connects with outer net, and with main servers link is arranged.In order to guarantee the safety of server, two-server adopts the CPU of different frameworks, and different operating systems is installed, and has increased the difficulty of distorting server data greatly, thereby improves the fail safe of server.Aspect the server content modification, also doing strict restriction, can only use fixing machine to make amendment, fixed host computer also can carry out the external key checking when in use simultaneously.
The invention provides a kind of system, method and apparatus that prevents that server data from distorting.System comprises fixed host computer, master server and backup server, and described fixed host computer is used to write down login user information and retouching operation information and verifies user key, sends modify instruction to master server and backup server; Master server is used to receive the modify instruction of fixed host computer transmission and the ruuning situation information that backup server sends, when receiving the information of on-fixed main frame or backup server transmission, and record unauthorized access information and warning; Backup server is used to receive the modify instruction of fixed host computer and master server transmission.Said master server connects local area network (LAN), and said backup server connects outer net, and master server adopts different frameworks and operating system with backup server.Prevented effectively that through method of the present invention server content from being distorted, improved server security property.
Though described the present invention through embodiment, those of ordinary skills know, the present invention has many distortion and variation and do not break away from spirit of the present invention, hope that appended claim comprises these distortion and variation and do not break away from spirit of the present invention.