Summary of the invention
The invention provides a kind of system, the method and apparatus that prevent server data from distorting, solve server data by malicious modification, and server data is by the problem that cannot guarantee data integrity after malicious modification.
Prevent the system that server data is distorted, comprising:
Fixed host computer, for recording login user information and retouching operation information, authentication of users key before transmission user modify instruction, if user key is correct, then host verification information is added access customer modify instruction, be sent to master server and backup server, and confirmation of receipt information, if user key mistake, then produce alarm signal;
Master server, for receiving user's modify instruction, and judge whether transmitting terminal is fixed host computer, if, then modify according to user's modify instruction, record modification time and action type, and return confirmation, otherwise confirm as unauthorized access, and record unauthorized access number of times and unauthorized access information;
Master server receives and records the ruuning situation information of backup server transmission, has judged whether suspicious process or wrong file, if had, then sends amendment information and produces alarm signal;
Backup server, for receiving user's modify instruction, and judge whether transmitting terminal is fixed host computer, if, then modify according to user's modify instruction, record modification time and action type, and return confirmation, otherwise confirm as unauthorized access, and record unauthorized access number of times and unauthorized access information;
Backup server, for sending the amendment information of ruuning situation information and the transmission of reception master server to master server, and judge whether transmitting terminal is master server, if, the amendment information then sent according to master server carries out file modification, otherwise confirm as unauthorized access, and record unauthorized access number of times and unauthorized access information.
In described system, described host verification information at least comprises: the MAC Address of fixed host computer, IP address and CPU information.
In described system, when the unauthorized access number of times of master server or backup server is greater than preset value, master server or backup server produce alarm signal.
In described system, described unauthorized access information at least comprises: Hostname, IP address and action type.
In described system, described master server connects local area network (LAN), and backup server connects outer net, and master server and backup server adopt different framework and operating system.
Prevent the method that server data is distorted, be applicable to the fixed host computer in the system preventing server data from distorting, described method comprises:
Record login user information and retouching operation information;
Authentication of users key before transmission user modify instruction, if user key is correct, then adds access customer modify instruction by host verification information, is sent to master server and backup server, and confirmation of receipt information, if user key mistake, then produce alarm signal.
In described method, described host verification information at least comprises: the MAC Address of fixed host computer, IP address and CPU information.
Described user key can be various ways, as Ukey or disc key etc.
A kind of fixed host computer equipment, comprising:
Logging modle, for recording login user information and retouching operation information;
Key verification module, for sending authentication of users key before modify instruction, if user key is correct, then enters distribution module, otherwise entering alarm module;
Distribution module, for when verifying correct for key, adding access customer modify instruction by host verification information, being sent to master server and backup server, and confirmation of receipt information;
Alarm module, for when authentication of users wrong cipher key, produces alarm signal.
Described equipment, in it is characterized in that, described host verification information at least comprises: the MAC Address of fixed host computer, IP address and CPU information.
Prevent the method that server data is distorted, be applicable to the master server in the system preventing server data from distorting, comprise:
Receive the ruuning situation information of user's modify instruction or backup server transmission;
If user's modify instruction, then judge whether transmitting terminal is fixed host computer, if, then modify according to user's modify instruction, record modification time and action type, and return confirmation, otherwise confirm as unauthorized access, and record unauthorized access number of times and unauthorized access information;
If the ruuning situation information that backup server sends, then record backup server ruuning situation information, and judged whether suspicious process or wrong file, if had, then send amendment information and produce alarm signal.
In described method, when unauthorized access number of times is greater than preset value, produce alarm signal.
In described method, described unauthorized access information at least comprises: access Hostname, IP address and action type.
In described method, described ruuning situation information at least comprises:
MD5 information and operation process title and the number of backup server master file.
In described method, described amendment information is the fileinfo on master server that apocrypha is corresponding.
In described method, the method for misjudgment file can be, the MD5 value of master file that backup server sends is compared with the MD5 value of corresponding document in master server, and if the same file is correct, otherwise file error.If file is correct, then not feeding back any information, if file error, is then the file of master server by the file amendment of backup server.
A kind of master server equipment, comprising:
Receiver module, for receiving the ruuning situation information of user's modify instruction or backup server transmission;
Fixed host computer authentication module, during for receiving user's modify instruction, judging whether transmitting terminal is fixed host computer, if so, then modifying according to user's modify instruction, otherwise confirm as unauthorized access;
Logging modle, for record modification time and action type, unauthorized access number of times and unauthorized access information and backup server ruuning situation information;
Detect and modified module, for receive backup server send ruuning situation information time, judged whether suspicious process or wrong file, if enter alarm module and sending module;
Alarm module, for generation of alarm signal;
Sending module, for returning confirmation or sending amendment information to backup server to fixed host computer.
In described equipment, when unauthorized access number of times is greater than preset value, alarm module produces alarm signal.
Described logging modle also can carry out recording the expansion of content according to demand, as record master server sends time of amendment information and file content etc. to backup server.
Prevent the method that server data is distorted, be applicable to the backup server in the system preventing server data from distorting, comprise:
Receive user's modify instruction or send ruuning situation information to master server;
If receive user's modify instruction, then judge whether transmitting terminal is fixed host computer, if, then modify according to user's modify instruction, record modification time and action type, and return confirmation, otherwise confirm as unauthorized access, and record unauthorized access number of times and unauthorized access information;
If send ruuning situation information to master server, then receive the amendment information that master server sends, and judge whether transmitting terminal is master server, if, the amendment information then sent according to master server carries out file modification, otherwise confirm as unauthorized access, and record unauthorized access number of times and unauthorized access information.
In described method, when unauthorized access number of times is greater than preset value, produce alarm signal.
In described method, described unauthorized access information at least comprises: access Hostname, IP address and action type.
In described method, described ruuning situation information at least comprises: MD5 information and operation process title and the number of backup server master file.
A kind of backup server equipment, comprising:
Receiver module, for receiving the amendment information of user's modify instruction and master server transmission;
Fixed host computer and master server authentication module, for when receiving the amendment information of user's modify instruction or master server transmission, judge whether transmitting terminal is fixed host computer or master server, if fixed host computer, then enter modified module, if master server, then enter master server modified module, otherwise confirm as unauthorized access;
Logging modle, for record modification time and action type and unauthorized access number of times and unauthorized access information;
Modified module, for modifying according to user's modify instruction, and returns confirmation;
Safe reporting module, for sending ruuning situation information to master server;
Master server modified module, for receiving the amendment information that master server sends, carries out file modification according to the amendment information that master server sends.
In described equipment, also comprise alarm module, for when unauthorized access number of times is greater than preset value, produce alarm signal.
In the present invention, master server is not directly connected to outer net, but only exists in a local network, and backup server connects with outer net, and has link with main servers.In order to the safety of Deterministic service device, two-server adopts the CPU of different framework, and installs different operating system, considerably increases the difficulty of distorting server data, thus improves the fail safe of server.Have also been made strict restriction in server content amendment, fixing machine can only be used to modify, fixed host computer also can carry out external key checking when in use simultaneously.
The invention provides a kind of system, the method and apparatus that prevent server data from distorting.System comprises fixed host computer, master server and backup server, and described fixed host computer, for recording login user information and retouching operation information and authentication of users key, sends modify instruction to master server and backup server; The ruuning situation information that master server sends for the modify instruction and backup server receiving fixed host computer transmission, when receiving the information of on-fixed main frame or backup server transmission, record unauthorized access information is also reported to the police; Backup server is for receiving the modify instruction of fixed host computer and master server transmission.Described master server connects local area network (LAN), and described backup server connects outer net, and master server and backup server adopt different framework and operating system.Effectively prevent server content by method of the present invention to be tampered, improve Server Security.
Embodiment
In order to make those skilled in the art person understand technical scheme in the embodiment of the present invention better, and enable above-mentioned purpose of the present invention, feature and advantage become apparent more, below in conjunction with accompanying drawing, technical scheme in the present invention is described in further detail.
The invention provides a kind of system, the method and apparatus that prevent server data from distorting, solve server data by malicious modification, and server data is by the problem that cannot guarantee data integrity after malicious modification.
Prevent the system that server data is distorted, as shown in Figure 1, comprising:
Fixed host computer 101, for recording login user information and retouching operation information, authentication of users key before transmission user modify instruction, if user key is correct, then host verification information is added access customer modify instruction, be sent to master server and backup server, and confirmation of receipt information, if user key mistake, then produce alarm signal;
Master server 102, for receiving user's modify instruction, and judge whether transmitting terminal is fixed host computer, if, then modify according to user's modify instruction, record modification time and action type, and return confirmation, otherwise confirm as unauthorized access, and record unauthorized access number of times and unauthorized access information;
Master server receives and records the ruuning situation information of backup server transmission, has judged whether suspicious process or wrong file, if had, then sends amendment information and produces alarm signal;
Backup server 103, for receiving user's modify instruction, and judge whether transmitting terminal is fixed host computer, if, then modify according to user's modify instruction, record modification time and action type, and return confirmation, otherwise confirm as unauthorized access, and record unauthorized access number of times and unauthorized access information;
Backup server 103 sends ruuning situation information to master server and receives the amendment information of master server transmission, and judge whether transmitting terminal is master server, if, the amendment information then sent according to master server carries out file modification, otherwise confirm as unauthorized access, and record unauthorized access number of times and unauthorized access information.
In described system, described host verification information at least comprises: the MAC Address of fixed host computer, IP address and CPU information.
In described system, when the unauthorized access number of times of master server or backup server is greater than preset value, master server or backup server produce alarm signal.
In described system, described unauthorized access information at least comprises: Hostname, IP address and action type.
In described system, described master server connects local area network (LAN), and backup server connects outer net, and master server and backup server adopt different framework and operating system.As master server adopts X86-based window operating system, backup server adopts ARM framework (SuSE) Linux OS.
Prevent the method that server data is distorted, be applicable to the fixed host computer in the system preventing server data from distorting, as shown in Figure 2, described method comprises:
S201: record login user information and retouching operation information;
S202: authentication of users key before transmission user modify instruction, if user key is correct, then performs S203, if user key mistake, then perform S205;
S203: host verification information is added access customer modify instruction, is sent to master server and backup server;
S204: confirmation of receipt information, terminates amendment;
S205: produce alarm signal.
In described method, described host verification information at least comprises: the MAC Address of fixed host computer, IP address and CPU information.
Described user key can be various ways, as Ukey or disc key etc.
A kind of fixed host computer equipment, as shown in Figure 3, comprising:
Logging modle 301, for recording login user information and retouching operation information;
Key verification module 302, for sending authentication of users key before modify instruction, if user key is correct, then enters distribution module, otherwise entering alarm module;
Distribution module 303, for when verifying correct for key, adding access customer modify instruction by host verification information, being sent to master server and backup server, and confirmation of receipt information;
Alarm module 304, for when authentication of users wrong cipher key, produces alarm signal.
Described equipment, in it is characterized in that, described host verification information at least comprises: the MAC Address of fixed host computer, IP address and CPU information.
Prevent the method that server data is distorted, be applicable to the master server in the system preventing server data from distorting, as shown in Figure 4, comprising:
S401: the ruuning situation information receiving user's modify instruction or backup server transmission; If user's modify instruction, then perform S402, if the ruuning situation information that backup server sends, then perform S405;
S402: judge whether transmitting terminal is fixed host computer, if so, then performs S403, otherwise confirms as unauthorized access, performs S404;
S403: modify according to user's modify instruction, record modification time and action type, and return confirmation;
S404: record unauthorized access number of times and unauthorized access information, but do not return any information;
S405: record backup server ruuning situation information;
S406: judged whether suspicious process or wrong file, if had, then performs S407, if do not had, does not then do any response;
S407: send amendment information and produce alarm signal.
In described method, when unauthorized access number of times is greater than preset value, produce alarm signal.
In described method, described unauthorized access information at least comprises: access Hostname, IP address and action type.
In described method, described ruuning situation information at least comprises:
MD5 information and operation process title and the number of backup server master file.
In described method, described amendment information is the fileinfo on master server that apocrypha is corresponding.
In described method, the method for misjudgment file can be, the MD5 value of master file that backup server sends is compared with the MD5 value of corresponding document in master server, and if the same file is correct, otherwise file error.If file is correct, then not feeding back any information, if file error, is then the file of master server by the file amendment of backup server.
A kind of master server equipment, as shown in Figure 5, comprising:
Receiver module 501, for receiving the ruuning situation information of user's modify instruction or backup server transmission;
Fixed host computer authentication module 502, during for receiving user's modify instruction, judging whether transmitting terminal is fixed host computer, if so, then modifying according to user's modify instruction, otherwise confirm as unauthorized access;
Logging modle 503, for record modification time and action type, unauthorized access number of times and unauthorized access information and backup server ruuning situation information;
Detect and modified module 504, for receive backup server send ruuning situation information time, judged whether suspicious process or wrong file, if enter alarm module and sending module;
Alarm module 505, for generation of alarm signal;
Sending module 506, for returning confirmation or sending amendment information to backup server to fixed host computer.
In described equipment, when unauthorized access number of times is greater than preset value, alarm module produces alarm signal.
Described logging modle also can carry out recording the expansion of content according to demand, as record master server sends time of amendment information and file content etc. to backup server.
Prevent the method that server data is distorted, be applicable to the backup server in the system preventing server data from distorting, as shown in Figure 6, comprising:
S601: receive user's modify instruction or send ruuning situation information to master server; If receive user's modify instruction, then perform S602, if send ruuning situation information to master server, then perform S605;
S602: judge whether transmitting terminal is fixed host computer, if so, then performs S603, otherwise confirms as unauthorized access, and perform S604;
S603: modify according to user's modify instruction, record modification time and action type, and return confirmation;
S604: record unauthorized access number of times and unauthorized access information, but do not return any information;
S605: receive the amendment information that master server sends;
S606: judge whether transmitting terminal is master server, if so, then performs S607, otherwise confirms as unauthorized access, and perform S608;
S607: carry out file modification according to the amendment information that master server sends;
S608: record unauthorized access number of times and unauthorized access information, but do not return any information.
In described method, when unauthorized access number of times is greater than preset value, produce alarm signal.
In described method, described unauthorized access information at least comprises: access Hostname, IP address and action type.
In described method, described ruuning situation information at least comprises: MD5 information and operation process title and the number of backup server master file.
A kind of backup server equipment, as shown in Figure 7, comprising:
Receiver module 701, for receiving the amendment information of user's modify instruction and master server transmission;
Fixed host computer and master server authentication module 702, for when receiving the amendment information of user's modify instruction or master server transmission, judge whether transmitting terminal is fixed host computer or master server, if fixed host computer, then enter modified module 704, if master server, then enter master server modified module 406, otherwise confirm as unauthorized access;
Logging modle 703, for record modification time and action type and unauthorized access number of times and unauthorized access information;
Modified module 704, for modifying according to user's modify instruction, and returns confirmation;
Safe reporting module 705, for sending ruuning situation information to master server;
Master server modified module 706, for receiving the amendment information that master server sends, carries out file modification according to the amendment information that master server sends.
In described equipment, also comprise alarm module 707, for when unauthorized access number of times is greater than preset value, produce alarm signal.
In the present invention, master server is not directly connected to outer net, but only exists in a local network, and backup server connects with outer net, and has link with main servers.In order to the safety of Deterministic service device, two-server adopts the CPU of different framework, and installs different operating system, considerably increases the difficulty of distorting server data, thus improves the fail safe of server.Have also been made strict restriction in server content amendment, fixing machine can only be used to modify, fixed host computer also can carry out external key checking when in use simultaneously.
The invention provides a kind of system, the method and apparatus that prevent server data from distorting.System comprises fixed host computer, master server and backup server, and described fixed host computer, for recording login user information and retouching operation information and authentication of users key, sends modify instruction to master server and backup server; The ruuning situation information that master server sends for the modify instruction and backup server receiving fixed host computer transmission, when receiving the information of on-fixed main frame or backup server transmission, record unauthorized access information is also reported to the police; Backup server is for receiving the modify instruction of fixed host computer and master server transmission.Described master server connects local area network (LAN), and described backup server connects outer net, and master server and backup server adopt different framework and operating system.Effectively prevent server content by method of the present invention to be tampered, improve Server Security.
Although depict the present invention by embodiment, those of ordinary skill in the art know, the present invention has many distortion and change and do not depart from spirit of the present invention, and the claim appended by wishing comprises these distortion and change and do not depart from spirit of the present invention.