CN107194255A - A kind of file safety management method and device - Google Patents

A kind of file safety management method and device Download PDF

Info

Publication number
CN107194255A
CN107194255A CN201710426201.1A CN201710426201A CN107194255A CN 107194255 A CN107194255 A CN 107194255A CN 201710426201 A CN201710426201 A CN 201710426201A CN 107194255 A CN107194255 A CN 107194255A
Authority
CN
China
Prior art keywords
file
cryptographic hash
module
controlled
folder
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710426201.1A
Other languages
Chinese (zh)
Inventor
耿志超
郭锋
韩笑莹
冀明超
齐韶阳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhengzhou Yunhai Information Technology Co Ltd
Original Assignee
Zhengzhou Yunhai Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhengzhou Yunhai Information Technology Co Ltd filed Critical Zhengzhou Yunhai Information Technology Co Ltd
Priority to CN201710426201.1A priority Critical patent/CN107194255A/en
Publication of CN107194255A publication Critical patent/CN107194255A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • G06F21/565Static detection by checking file integrity
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/13File access structures, e.g. distributed indices
    • G06F16/137Hash-based

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Health & Medical Sciences (AREA)
  • Data Mining & Analysis (AREA)
  • Databases & Information Systems (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention provides a kind of file safety management method and device, and the above method comprises the following steps:If the cryptographic Hash for detecting controlled file in controlled listed files changes, the controlled file that cryptographic Hash changes is replaced, the self-recovery of file is realized, the propagation of virus has been interrupted, has ensured the security of system file.

Description

A kind of file safety management method and device
Technical field
The invention belongs to safety management field, more particularly to a kind of file safety management method and device.
Background technology
In internet+epoch, increasing PaaS (Platform-as-a-Service, platform is service), SaaS (Software-as-a-Service, software are service) is applied in Linux system, and the security of Linux system just seems outstanding To be important.
The security of system includes:1. the security of system file;2. the various application service files peace run in system Quan Xing;3. the virus document run in system.
System file security refers to that viral code section is embedded into system file, is held with the execution of system file OK, so as to cause viral infection;The various application service file securities run in system refer to be deployed in various in system Application service file, these application service running papers are in Linux system, in the process of running, do various each with system The interaction of sample, if these application service files have suffered virus, will follower's application service operation, steal system or user Information;The virus document run in system refers to that this, without these files, is implanted into a file by hacker, transported alone in systems OK, viral infection is caused.
Therefore, above-mentioned technical problem is solved in the urgent need to a kind of file safety management method.
The content of the invention
The present invention provides a kind of file safety management method and device, to solve the above problems.
The embodiment of the present invention provides a kind of file safety management method, and the above method comprises the following steps:If detect by The cryptographic Hash of controlled file changes in control listed files, then replaces the controlled file that cryptographic Hash changes.
The embodiment of the present invention also provides a kind of file safety management method, and the above method comprises the following steps:
If replacing the controlled file of target in controlled listed files, obtain the cryptographic Hash of alternate file and replaced described The cryptographic Hash of file replaces the cryptographic Hash of the controlled file of target;
The controlled file of target is replaced with the alternate file.
The embodiment of the present invention also provides a kind of file safety management method, and the above method comprises the following steps:
The file that cryptographic Hash changes is obtained, judges whether the file unnecessary file occurs;
If there is unnecessary file, Delete Folder catalogue and the backup file that the file is copied from standby system Press from both sides to correspondence position.
The embodiment of the present invention also provides a kind of file safety management method, and the above method comprises the following steps:
The application service file that cryptographic Hash changes is obtained, and then controls the operation of application service.
The embodiments of the invention provide a kind of file security control device, including:First detection module, first replace mould Block;Wherein, the first detection module is connected with first replacement module;
The first detection module, for detecting whether the cryptographic Hash of controlled file in controlled listed files changes simultaneously Testing result is sent to first replacement module;
First replacement module, for replacing the controlled file that cryptographic Hash changes.
The embodiment of the present invention additionally provides a kind of file security control device, including:Second replacement module, the 3rd replace mould Block;Second replacement module is connected with the 3rd replacement module;
Second replacement module, if for replacing the controlled file of target in controlled listed files, obtaining and replacing text The cryptographic Hash of part and the cryptographic Hash that the cryptographic Hash of the alternate file is replaced to the controlled file of target;It is additionally operable to replace and completes Afterwards, the 3rd replacement module is notified;
3rd replacement module, for receiving after the notice, replaces the target controlled with the alternate file File.
The embodiment of the present invention also provides a kind of file security control device, including:Judge module, deletion backup module;Its In, the judge module is connected with the deletion backup module;
The judge module, for obtaining the file that cryptographic Hash changes, judges whether the file occurs many Remaining file simultaneously will determine that result is sent to the deletion backup module;
The deletion backup module, if for there is unnecessary file, Delete Folder catalogue is simultaneously copied from standby system The backup file of file described in shellfish is to correspondence position.
The embodiment of the present invention also provides a kind of file security control device, including:Acquisition module, control module;Wherein, institute Acquisition module is stated with the control module to be connected;
The acquisition module, for obtaining application service file that cryptographic Hash changes and being sent result is obtained to institute State control module;
The control module, for according to result is obtained, controlling the operation of application service
Pass through following scheme:If the cryptographic Hash for detecting controlled file in controlled listed files changes, replace and breathe out The controlled file that uncommon value changes, realizes the self-recovery of file, has interrupted the propagation of virus, has ensured system file Security.
Pass through following scheme:If replacing the controlled file of target in controlled listed files, the Hash of alternate file is obtained It is worth and replaces the cryptographic Hash of the alternate file cryptographic Hash of the controlled file of target;Replace described with the alternate file The controlled file of target, solves file and cryptographic Hash not correspondence problem, realizes the self-recovery of file, ensured system file Security.
Pass through following scheme:The file that cryptographic Hash changes is obtained, judges whether the file unnecessary text occurs Part;If there is unnecessary file, Delete Folder catalogue and copied from standby system the backup file of the file to Correspondence position, realizes to the intelligent decision under file with the presence or absence of unnecessary file and the self-recovery of file, interrupts The propagation of virus, greatly improves the security of system file.
Pass through following scheme:The application service file that cryptographic Hash changes, and then the operation of control application service are obtained, Application service file integrity detection is realized, the self-recovery of file is realized, the propagation of virus has been interrupted, has greatly improved The security of system file.
Brief description of the drawings
Accompanying drawing described herein is used for providing a further understanding of the present invention, constitutes the part of the application, this hair Bright schematic description and description is used to explain the present invention, does not constitute inappropriate limitation of the present invention.In the accompanying drawings:
Fig. 1 show the file safety management method process chart of the embodiment of the present invention 1;
Fig. 2 show the file safety management method process chart of the embodiment of the present invention 2;
Fig. 3 show the file safety management method process chart of the embodiment of the present invention 3;
Fig. 4 show the file safety management method process chart of the embodiment of the present invention 4;
Fig. 5 show the file security control structure drawing of device of the embodiment of the present invention 5;
Fig. 6 show the file security control structure drawing of device of the embodiment of the present invention 6;
Fig. 7 show the file security control structure drawing of device of the embodiment of the present invention 7;
Fig. 8 show the file security control structure drawing of device of the embodiment of the present invention 8.
Embodiment
Describe the present invention in detail below with reference to accompanying drawing and in conjunction with the embodiments.It should be noted that not conflicting In the case of, the feature in embodiment and embodiment in the application can be mutually combined.
Fig. 1 show the file safety management method process chart of the embodiment of the present invention 1, comprises the following steps:
Step 101:Obtain the cryptographic Hash of controlled file in controlled listed files;
Further, before the cryptographic Hash of controlled file in obtaining controlled listed files, in addition to:In advance it is described by The controlled file of selection is added in control listed files.
Further, stored in the controlled listed files of acquisition after the cryptographic Hash of controlled file.
Wherein, the controlled file of the selection includes:Fire wall file, network profile, service startup item file.Separately Outside, these files are difficult excessive, are advisable less than 5M, then, get out the backup file of these files, are placed on an other machine On, calculate the cryptographic Hash of these files and stored.
Step 102:If the cryptographic Hash for detecting controlled file in controlled listed files changes, cryptographic Hash hair is replaced The controlled file for changing.
Further, protection thread, timing or the cryptographic Hash for detecting controlled file in real time are opened, if cryptographic Hash becomes Change, then the controlled file for obtaining backup from system backup end replace the controlled file that changes of cryptographic Hash occurs it is abnormal by Control file.
Fig. 2 show the file safety management method process chart of the embodiment of the present invention 2, comprises the following steps:
Step 201:If replacing the controlled file of target in controlled listed files, the cryptographic Hash of acquisition alternate file simultaneously will The cryptographic Hash of the alternate file replaces the cryptographic Hash of the controlled file of target;
Step 202:The controlled file of target is replaced with the alternate file.
For example:If the controlled file of the target changed in controlled listed files, finds and mesh in standby system first The corresponding backup file of controlled file is marked, the backup file is modified, and obtains the cryptographic Hash of the backup file of modification, so The corresponding cryptographic Hash of the controlled file of target in controlled listed files is replaced afterwards, finally replaces target with amended backup file Controlled file.
Fig. 3 show the file safety management method process chart of the embodiment of the present invention 3, comprises the following steps:
Step 301:The file that cryptographic Hash changes is obtained, judges whether the file unnecessary file occurs;
Step 302:If there is unnecessary file, Delete Folder catalogue simultaneously copies the file from standby system Backup file is to correspondence position.
Further, in the case of there is sub-folder under mother file folder,
If the cryptographic Hash of the mother file folder, which changes, and mother file folder is lower is not present unnecessary file, judge to breathe out The sub-folder that uncommon value changes, and then judge whether the sub-folder unnecessary file occurs;
If there is unnecessary file, delete sub-folder catalogue and the backup of the sub-folder is copied from standby system File is to correspondence position;Or,
If the cryptographic Hash of the mother file folder changes and there is unnecessary file under mother file folder, female text is deleted Part clip directory simultaneously copies the backup file of mother file folder to correspondence position from standby system.
If having mother file to press from both sides under A, mother file folder A has sub-folder AB1, AB2, AB3AB9, AB10 and file ab1、ab2、ab3···ab100;
There are sub-folder ABC1, ABC2, ABC3 under sub-folder AB1, AB2, AB3AB9, AB10 respectively ABC9, ABC10 and file abc1, abc2abc9, abc10, back up controlled file, the Kazakhstan of these files are calculated respectively Uncommon value, and preserve.Then the cryptographic Hash (if under file ABC1 many a virus document) of these files of periodic monitor, The cryptographic Hash of each file is detected, file A cryptographic Hash changes, judge the file under file A → detect File AB1 cryptographic Hash changes, and judges that the cryptographic Hash of file → detection file ABC1 under file AB1 occurs Change, without file under file ABC1, judge many virus documents under file ABC1, delete file ABC1 catalogues, and This file is copied from standby system and clips to the system relevant position, virus document cleaning is completed.
Fig. 4 show the file safety management method process chart of the embodiment of the present invention 4, comprises the following steps:
Step 401:If protection thread is when monitoring application service file, by the application service file copy to detecting ring In border;
Step 402:If the cryptographic Hash of the application service file changes, stop the operation and replacement of application service After the application service file, the application service file reruned after replacing.
The core of above-mentioned technical proposal is:
The application service file that cryptographic Hash changes is obtained, and then controls the operation of application service.
For example:For the application service run in system, belong to the file that user is placed in Linux system, this kind of text Part all than larger, calculate cryptographic Hash and takes larger system resource, cause the wasting of resources, when protection thread monitors these files When, these big file applications are copied in another environment, big file application integrity detection is completed, in the event of change, Then stop application service, alternate file is then turned on file service.
Fig. 5 show the file security control structure drawing of device of the embodiment of the present invention 5, including:First detection module, first Replacement module;Wherein, the first detection module is connected with first replacement module;
The first detection module, for detecting whether the cryptographic Hash of controlled file in controlled listed files changes simultaneously Testing result is sent to first replacement module;
First replacement module, for replacing the controlled file that cryptographic Hash changes.
Fig. 6 show the file security control structure drawing of device of the embodiment of the present invention 6, including the second replacement module, the 3rd Replacement module;Second replacement module is connected with the 3rd replacement module;
Second replacement module, if for replacing the controlled file of target in controlled listed files, obtaining and replacing text The cryptographic Hash of part and the cryptographic Hash that the cryptographic Hash of the alternate file is replaced to the controlled file of target;It is additionally operable to replace and completes Afterwards, the 3rd replacement module is notified;
3rd replacement module, for receiving after the notice, replaces the target controlled with the alternate file File.
Fig. 7 show the file security control structure drawing of device of the embodiment of the present invention 7, including:Judge module, deletion backup Module;Wherein, the judge module is connected with the deletion backup module;
The judge module, for obtaining the file that cryptographic Hash changes, judges whether the file occurs many Remaining file simultaneously will determine that result is sent to the deletion backup module;
The deletion backup module, if for there is unnecessary file, Delete Folder catalogue is simultaneously copied from standby system The backup file of file described in shellfish is to correspondence position.
Fig. 8 show the file security control structure drawing of device of the embodiment of the present invention 8, including:Acquisition module, control mould Block;Wherein, the acquisition module is connected with the control module;
The acquisition module, for obtaining application service file that cryptographic Hash changes and being sent result is obtained to institute State control module;
The control module, for according to result is obtained, controlling the operation of application service.
Pass through following scheme:If the cryptographic Hash for detecting controlled file in controlled listed files changes, replace and breathe out The controlled file that uncommon value changes, realizes the self-recovery of file, has ensured the security of system file.
Pass through following scheme:If replacing the controlled file of target in controlled listed files, the Hash of alternate file is obtained It is worth and replaces the cryptographic Hash of the alternate file cryptographic Hash of the controlled file of target;Replace described with the alternate file The controlled file of target, solves file and cryptographic Hash not correspondence problem, realizes the self-recovery of file, has further ensured and is The security of system file.
Pass through following scheme:The file that cryptographic Hash changes is obtained, judges whether the file unnecessary text occurs Part;If there is unnecessary file, Delete Folder catalogue and copied from standby system the backup file of the file to Correspondence position, realizes to the intelligent decision under file with the presence or absence of unnecessary file and the self-recovery of file, interrupts The propagation of virus, greatly improves the security of system file.
Pass through following scheme:The application service file that cryptographic Hash changes, and then the operation of control application service are obtained, Application service file integrity detection is realized, the self-recovery of file is realized, the propagation of virus has been interrupted, has greatly improved The security of system file.
The preferred embodiments of the present invention are the foregoing is only, are not intended to limit the invention, for the skill of this area For art personnel, the present invention can have various modifications and variations.Within the spirit and principles of the invention, that is made any repaiies Change, equivalent substitution, improvement etc., should be included in the scope of the protection.

Claims (10)

1. a kind of file safety management method, it is characterised in that comprise the following steps:
If the cryptographic Hash for detecting controlled file in controlled listed files changes, it is controlled that replacement cryptographic Hash changes File.
2. a kind of file safety management method, it is characterised in that comprise the following steps:
If replacing the controlled file of target in controlled listed files, the cryptographic Hash of alternate file is obtained and by the alternate file Cryptographic Hash replace the cryptographic Hash of the controlled file of target;
The controlled file of target is replaced with the alternate file.
3. a kind of file safety management method, it is characterised in that comprise the following steps:
The file that cryptographic Hash changes is obtained, judges whether the file unnecessary file occurs;
If there is unnecessary file, Delete Folder catalogue and copied from standby system the backup file of the file to Correspondence position.
4. file safety management method according to claim 3, it is characterised in that there is sub-folder under mother file folder In the case of,
If the cryptographic Hash of the mother file folder, which changes, and mother file folder is lower is not present unnecessary file, cryptographic Hash is judged The sub-folder changed, and then judge whether the sub-folder unnecessary file occurs;
If there is unnecessary file, delete sub-folder catalogue and the backup file of the sub-folder is copied from standby system Press from both sides to correspondence position;Or,
If the cryptographic Hash of the mother file folder changes and there is unnecessary file under mother file folder, mother file folder is deleted Catalogue simultaneously copies the backup file of mother file folder to correspondence position from standby system.
5. a kind of file safety management method, it is characterised in that comprise the following steps:Obtain the application clothes that cryptographic Hash changes Business file, and then control the operation of application service.
6. method according to claim 5, it is characterised in that
If protection thread monitors application service file, by the application service file copy into detection environment;
If the cryptographic Hash of the application service file changes, stop the operation of application service and replace the application service After file, the application service file reruned after replacing.
7. a kind of file security control device, it is characterised in that including:First detection module, the first replacement module;Wherein, institute First detection module is stated with first replacement module to be connected;
The first detection module, for detect the cryptographic Hash of controlled file in controlled listed files whether change and will inspection Result is surveyed to send to first replacement module;
First replacement module, for replacing the controlled file that cryptographic Hash changes.
8. a kind of file security control device, it is characterised in that including:Second replacement module, the 3rd replacement module;Described second Replacement module is connected with the 3rd replacement module;
Second replacement module, if for replacing the controlled file of target in controlled listed files, obtaining alternate file Cryptographic Hash and the cryptographic Hash that the cryptographic Hash of the alternate file is replaced to the controlled file of target;It is additionally operable to after the completion of replacement, Notify the 3rd replacement module;
3rd replacement module, for receiving after the notice, the controlled file of target is replaced with the alternate file.
9. a kind of file security control device, it is characterised in that including:Judge module, deletion backup module;Wherein, it is described to sentence Disconnected module is connected with the deletion backup module;
The judge module, for obtaining the file that cryptographic Hash changes, judges whether the file unnecessary text occurs Part simultaneously will determine that result is sent to the deletion backup module;
The deletion backup module, if for there is unnecessary file, Delete Folder catalogue simultaneously copies institute from standby system The backup file of file is stated to correspondence position.
10. a kind of file security control device, it is characterised in that including:Acquisition module, control module;Wherein, the acquisition mould Block is connected with the control module;
The acquisition module, for obtaining application service file that cryptographic Hash changes and being sent result is obtained to the control Molding block;
The control module, for according to result is obtained, controlling the operation of application service.
CN201710426201.1A 2017-06-08 2017-06-08 A kind of file safety management method and device Pending CN107194255A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710426201.1A CN107194255A (en) 2017-06-08 2017-06-08 A kind of file safety management method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710426201.1A CN107194255A (en) 2017-06-08 2017-06-08 A kind of file safety management method and device

Publications (1)

Publication Number Publication Date
CN107194255A true CN107194255A (en) 2017-09-22

Family

ID=59876549

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710426201.1A Pending CN107194255A (en) 2017-06-08 2017-06-08 A kind of file safety management method and device

Country Status (1)

Country Link
CN (1) CN107194255A (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101359353A (en) * 2008-09-05 2009-02-04 成都市华为赛门铁克科技有限公司 File protection method and device
CN105183508A (en) * 2015-08-26 2015-12-23 北京元心科技有限公司 Method for monitoring application in container system and intelligent terminal
CN106055692A (en) * 2016-06-12 2016-10-26 上海爱数信息技术股份有限公司 Automatic testing method and system for comparison files or folders
CN106354497A (en) * 2016-08-25 2017-01-25 成都索贝数码科技股份有限公司 Version management method and system based on file signature

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101359353A (en) * 2008-09-05 2009-02-04 成都市华为赛门铁克科技有限公司 File protection method and device
CN105183508A (en) * 2015-08-26 2015-12-23 北京元心科技有限公司 Method for monitoring application in container system and intelligent terminal
CN106055692A (en) * 2016-06-12 2016-10-26 上海爱数信息技术股份有限公司 Automatic testing method and system for comparison files or folders
CN106354497A (en) * 2016-08-25 2017-01-25 成都索贝数码科技股份有限公司 Version management method and system based on file signature

Similar Documents

Publication Publication Date Title
US11500897B2 (en) Allocation and reassignment of unique identifiers for synchronization of content items
CN102902909B (en) A kind of system and method preventing file to be tampered
TWI575362B (en) Backup method, pre-testing method for enviornment updating and system thereof
CN102999726B (en) File macro virus immunization method and device
TWI608419B (en) Method for pre-testing software compatibility and system thereof
EP3563280B1 (en) Malware detection and content item recovery
US9678967B2 (en) Information source agent systems and methods for distributed data storage and management using content signatures
US10129264B2 (en) Method and apparatus for implementing document sharing between user groups
CN102930205A (en) Monitoring unit and method
US20070276823A1 (en) Data management systems and methods for distributed data storage and management using content signatures
US20120124007A1 (en) Disinfection of a file system
CN104715001A (en) Method and system performing wirite operation on shared resource in cluster of data processing system
US9614826B1 (en) Sensitive data protection
US10324802B2 (en) Methods and systems of a dedupe storage network for image management
US9847906B1 (en) Distributed dynamic system configuration
JP2018073166A (en) Program operation monitoring control device, distributed object generation management device, program, and program operation monitoring system
CN107194255A (en) A kind of file safety management method and device
US10102204B2 (en) Maintaining access control lists in non-identity-preserving replicated data repositories
CN103034809B (en) Method and device for immunizing file macro virus
CN108038028B (en) File backup method and device and file restoration method and device
CN115794758A (en) Extension control method and system for data file sharing
CN115203757A (en) Cloud mirror image processing method and equipment applied to big data and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20170922

RJ01 Rejection of invention patent application after publication