CN107194255A - A kind of file safety management method and device - Google Patents
A kind of file safety management method and device Download PDFInfo
- Publication number
- CN107194255A CN107194255A CN201710426201.1A CN201710426201A CN107194255A CN 107194255 A CN107194255 A CN 107194255A CN 201710426201 A CN201710426201 A CN 201710426201A CN 107194255 A CN107194255 A CN 107194255A
- Authority
- CN
- China
- Prior art keywords
- file
- cryptographic hash
- module
- controlled
- folder
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/565—Static detection by checking file integrity
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/13—File access structures, e.g. distributed indices
- G06F16/137—Hash-based
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Health & Medical Sciences (AREA)
- Data Mining & Analysis (AREA)
- Databases & Information Systems (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Storage Device Security (AREA)
Abstract
The present invention provides a kind of file safety management method and device, and the above method comprises the following steps:If the cryptographic Hash for detecting controlled file in controlled listed files changes, the controlled file that cryptographic Hash changes is replaced, the self-recovery of file is realized, the propagation of virus has been interrupted, has ensured the security of system file.
Description
Technical field
The invention belongs to safety management field, more particularly to a kind of file safety management method and device.
Background technology
In internet+epoch, increasing PaaS (Platform-as-a-Service, platform is service), SaaS
(Software-as-a-Service, software are service) is applied in Linux system, and the security of Linux system just seems outstanding
To be important.
The security of system includes:1. the security of system file;2. the various application service files peace run in system
Quan Xing;3. the virus document run in system.
System file security refers to that viral code section is embedded into system file, is held with the execution of system file
OK, so as to cause viral infection;The various application service file securities run in system refer to be deployed in various in system
Application service file, these application service running papers are in Linux system, in the process of running, do various each with system
The interaction of sample, if these application service files have suffered virus, will follower's application service operation, steal system or user
Information;The virus document run in system refers to that this, without these files, is implanted into a file by hacker, transported alone in systems
OK, viral infection is caused.
Therefore, above-mentioned technical problem is solved in the urgent need to a kind of file safety management method.
The content of the invention
The present invention provides a kind of file safety management method and device, to solve the above problems.
The embodiment of the present invention provides a kind of file safety management method, and the above method comprises the following steps:If detect by
The cryptographic Hash of controlled file changes in control listed files, then replaces the controlled file that cryptographic Hash changes.
The embodiment of the present invention also provides a kind of file safety management method, and the above method comprises the following steps:
If replacing the controlled file of target in controlled listed files, obtain the cryptographic Hash of alternate file and replaced described
The cryptographic Hash of file replaces the cryptographic Hash of the controlled file of target;
The controlled file of target is replaced with the alternate file.
The embodiment of the present invention also provides a kind of file safety management method, and the above method comprises the following steps:
The file that cryptographic Hash changes is obtained, judges whether the file unnecessary file occurs;
If there is unnecessary file, Delete Folder catalogue and the backup file that the file is copied from standby system
Press from both sides to correspondence position.
The embodiment of the present invention also provides a kind of file safety management method, and the above method comprises the following steps:
The application service file that cryptographic Hash changes is obtained, and then controls the operation of application service.
The embodiments of the invention provide a kind of file security control device, including:First detection module, first replace mould
Block;Wherein, the first detection module is connected with first replacement module;
The first detection module, for detecting whether the cryptographic Hash of controlled file in controlled listed files changes simultaneously
Testing result is sent to first replacement module;
First replacement module, for replacing the controlled file that cryptographic Hash changes.
The embodiment of the present invention additionally provides a kind of file security control device, including:Second replacement module, the 3rd replace mould
Block;Second replacement module is connected with the 3rd replacement module;
Second replacement module, if for replacing the controlled file of target in controlled listed files, obtaining and replacing text
The cryptographic Hash of part and the cryptographic Hash that the cryptographic Hash of the alternate file is replaced to the controlled file of target;It is additionally operable to replace and completes
Afterwards, the 3rd replacement module is notified;
3rd replacement module, for receiving after the notice, replaces the target controlled with the alternate file
File.
The embodiment of the present invention also provides a kind of file security control device, including:Judge module, deletion backup module;Its
In, the judge module is connected with the deletion backup module;
The judge module, for obtaining the file that cryptographic Hash changes, judges whether the file occurs many
Remaining file simultaneously will determine that result is sent to the deletion backup module;
The deletion backup module, if for there is unnecessary file, Delete Folder catalogue is simultaneously copied from standby system
The backup file of file described in shellfish is to correspondence position.
The embodiment of the present invention also provides a kind of file security control device, including:Acquisition module, control module;Wherein, institute
Acquisition module is stated with the control module to be connected;
The acquisition module, for obtaining application service file that cryptographic Hash changes and being sent result is obtained to institute
State control module;
The control module, for according to result is obtained, controlling the operation of application service
Pass through following scheme:If the cryptographic Hash for detecting controlled file in controlled listed files changes, replace and breathe out
The controlled file that uncommon value changes, realizes the self-recovery of file, has interrupted the propagation of virus, has ensured system file
Security.
Pass through following scheme:If replacing the controlled file of target in controlled listed files, the Hash of alternate file is obtained
It is worth and replaces the cryptographic Hash of the alternate file cryptographic Hash of the controlled file of target;Replace described with the alternate file
The controlled file of target, solves file and cryptographic Hash not correspondence problem, realizes the self-recovery of file, ensured system file
Security.
Pass through following scheme:The file that cryptographic Hash changes is obtained, judges whether the file unnecessary text occurs
Part;If there is unnecessary file, Delete Folder catalogue and copied from standby system the backup file of the file to
Correspondence position, realizes to the intelligent decision under file with the presence or absence of unnecessary file and the self-recovery of file, interrupts
The propagation of virus, greatly improves the security of system file.
Pass through following scheme:The application service file that cryptographic Hash changes, and then the operation of control application service are obtained,
Application service file integrity detection is realized, the self-recovery of file is realized, the propagation of virus has been interrupted, has greatly improved
The security of system file.
Brief description of the drawings
Accompanying drawing described herein is used for providing a further understanding of the present invention, constitutes the part of the application, this hair
Bright schematic description and description is used to explain the present invention, does not constitute inappropriate limitation of the present invention.In the accompanying drawings:
Fig. 1 show the file safety management method process chart of the embodiment of the present invention 1;
Fig. 2 show the file safety management method process chart of the embodiment of the present invention 2;
Fig. 3 show the file safety management method process chart of the embodiment of the present invention 3;
Fig. 4 show the file safety management method process chart of the embodiment of the present invention 4;
Fig. 5 show the file security control structure drawing of device of the embodiment of the present invention 5;
Fig. 6 show the file security control structure drawing of device of the embodiment of the present invention 6;
Fig. 7 show the file security control structure drawing of device of the embodiment of the present invention 7;
Fig. 8 show the file security control structure drawing of device of the embodiment of the present invention 8.
Embodiment
Describe the present invention in detail below with reference to accompanying drawing and in conjunction with the embodiments.It should be noted that not conflicting
In the case of, the feature in embodiment and embodiment in the application can be mutually combined.
Fig. 1 show the file safety management method process chart of the embodiment of the present invention 1, comprises the following steps:
Step 101:Obtain the cryptographic Hash of controlled file in controlled listed files;
Further, before the cryptographic Hash of controlled file in obtaining controlled listed files, in addition to:In advance it is described by
The controlled file of selection is added in control listed files.
Further, stored in the controlled listed files of acquisition after the cryptographic Hash of controlled file.
Wherein, the controlled file of the selection includes:Fire wall file, network profile, service startup item file.Separately
Outside, these files are difficult excessive, are advisable less than 5M, then, get out the backup file of these files, are placed on an other machine
On, calculate the cryptographic Hash of these files and stored.
Step 102:If the cryptographic Hash for detecting controlled file in controlled listed files changes, cryptographic Hash hair is replaced
The controlled file for changing.
Further, protection thread, timing or the cryptographic Hash for detecting controlled file in real time are opened, if cryptographic Hash becomes
Change, then the controlled file for obtaining backup from system backup end replace the controlled file that changes of cryptographic Hash occurs it is abnormal by
Control file.
Fig. 2 show the file safety management method process chart of the embodiment of the present invention 2, comprises the following steps:
Step 201:If replacing the controlled file of target in controlled listed files, the cryptographic Hash of acquisition alternate file simultaneously will
The cryptographic Hash of the alternate file replaces the cryptographic Hash of the controlled file of target;
Step 202:The controlled file of target is replaced with the alternate file.
For example:If the controlled file of the target changed in controlled listed files, finds and mesh in standby system first
The corresponding backup file of controlled file is marked, the backup file is modified, and obtains the cryptographic Hash of the backup file of modification, so
The corresponding cryptographic Hash of the controlled file of target in controlled listed files is replaced afterwards, finally replaces target with amended backup file
Controlled file.
Fig. 3 show the file safety management method process chart of the embodiment of the present invention 3, comprises the following steps:
Step 301:The file that cryptographic Hash changes is obtained, judges whether the file unnecessary file occurs;
Step 302:If there is unnecessary file, Delete Folder catalogue simultaneously copies the file from standby system
Backup file is to correspondence position.
Further, in the case of there is sub-folder under mother file folder,
If the cryptographic Hash of the mother file folder, which changes, and mother file folder is lower is not present unnecessary file, judge to breathe out
The sub-folder that uncommon value changes, and then judge whether the sub-folder unnecessary file occurs;
If there is unnecessary file, delete sub-folder catalogue and the backup of the sub-folder is copied from standby system
File is to correspondence position;Or,
If the cryptographic Hash of the mother file folder changes and there is unnecessary file under mother file folder, female text is deleted
Part clip directory simultaneously copies the backup file of mother file folder to correspondence position from standby system.
If having mother file to press from both sides under A, mother file folder A has sub-folder AB1, AB2, AB3AB9, AB10 and file
ab1、ab2、ab3···ab100;
There are sub-folder ABC1, ABC2, ABC3 under sub-folder AB1, AB2, AB3AB9, AB10 respectively
ABC9, ABC10 and file abc1, abc2abc9, abc10, back up controlled file, the Kazakhstan of these files are calculated respectively
Uncommon value, and preserve.Then the cryptographic Hash (if under file ABC1 many a virus document) of these files of periodic monitor,
The cryptographic Hash of each file is detected, file A cryptographic Hash changes, judge the file under file A → detect
File AB1 cryptographic Hash changes, and judges that the cryptographic Hash of file → detection file ABC1 under file AB1 occurs
Change, without file under file ABC1, judge many virus documents under file ABC1, delete file ABC1 catalogues, and
This file is copied from standby system and clips to the system relevant position, virus document cleaning is completed.
Fig. 4 show the file safety management method process chart of the embodiment of the present invention 4, comprises the following steps:
Step 401:If protection thread is when monitoring application service file, by the application service file copy to detecting ring
In border;
Step 402:If the cryptographic Hash of the application service file changes, stop the operation and replacement of application service
After the application service file, the application service file reruned after replacing.
The core of above-mentioned technical proposal is:
The application service file that cryptographic Hash changes is obtained, and then controls the operation of application service.
For example:For the application service run in system, belong to the file that user is placed in Linux system, this kind of text
Part all than larger, calculate cryptographic Hash and takes larger system resource, cause the wasting of resources, when protection thread monitors these files
When, these big file applications are copied in another environment, big file application integrity detection is completed, in the event of change,
Then stop application service, alternate file is then turned on file service.
Fig. 5 show the file security control structure drawing of device of the embodiment of the present invention 5, including:First detection module, first
Replacement module;Wherein, the first detection module is connected with first replacement module;
The first detection module, for detecting whether the cryptographic Hash of controlled file in controlled listed files changes simultaneously
Testing result is sent to first replacement module;
First replacement module, for replacing the controlled file that cryptographic Hash changes.
Fig. 6 show the file security control structure drawing of device of the embodiment of the present invention 6, including the second replacement module, the 3rd
Replacement module;Second replacement module is connected with the 3rd replacement module;
Second replacement module, if for replacing the controlled file of target in controlled listed files, obtaining and replacing text
The cryptographic Hash of part and the cryptographic Hash that the cryptographic Hash of the alternate file is replaced to the controlled file of target;It is additionally operable to replace and completes
Afterwards, the 3rd replacement module is notified;
3rd replacement module, for receiving after the notice, replaces the target controlled with the alternate file
File.
Fig. 7 show the file security control structure drawing of device of the embodiment of the present invention 7, including:Judge module, deletion backup
Module;Wherein, the judge module is connected with the deletion backup module;
The judge module, for obtaining the file that cryptographic Hash changes, judges whether the file occurs many
Remaining file simultaneously will determine that result is sent to the deletion backup module;
The deletion backup module, if for there is unnecessary file, Delete Folder catalogue is simultaneously copied from standby system
The backup file of file described in shellfish is to correspondence position.
Fig. 8 show the file security control structure drawing of device of the embodiment of the present invention 8, including:Acquisition module, control mould
Block;Wherein, the acquisition module is connected with the control module;
The acquisition module, for obtaining application service file that cryptographic Hash changes and being sent result is obtained to institute
State control module;
The control module, for according to result is obtained, controlling the operation of application service.
Pass through following scheme:If the cryptographic Hash for detecting controlled file in controlled listed files changes, replace and breathe out
The controlled file that uncommon value changes, realizes the self-recovery of file, has ensured the security of system file.
Pass through following scheme:If replacing the controlled file of target in controlled listed files, the Hash of alternate file is obtained
It is worth and replaces the cryptographic Hash of the alternate file cryptographic Hash of the controlled file of target;Replace described with the alternate file
The controlled file of target, solves file and cryptographic Hash not correspondence problem, realizes the self-recovery of file, has further ensured and is
The security of system file.
Pass through following scheme:The file that cryptographic Hash changes is obtained, judges whether the file unnecessary text occurs
Part;If there is unnecessary file, Delete Folder catalogue and copied from standby system the backup file of the file to
Correspondence position, realizes to the intelligent decision under file with the presence or absence of unnecessary file and the self-recovery of file, interrupts
The propagation of virus, greatly improves the security of system file.
Pass through following scheme:The application service file that cryptographic Hash changes, and then the operation of control application service are obtained,
Application service file integrity detection is realized, the self-recovery of file is realized, the propagation of virus has been interrupted, has greatly improved
The security of system file.
The preferred embodiments of the present invention are the foregoing is only, are not intended to limit the invention, for the skill of this area
For art personnel, the present invention can have various modifications and variations.Within the spirit and principles of the invention, that is made any repaiies
Change, equivalent substitution, improvement etc., should be included in the scope of the protection.
Claims (10)
1. a kind of file safety management method, it is characterised in that comprise the following steps:
If the cryptographic Hash for detecting controlled file in controlled listed files changes, it is controlled that replacement cryptographic Hash changes
File.
2. a kind of file safety management method, it is characterised in that comprise the following steps:
If replacing the controlled file of target in controlled listed files, the cryptographic Hash of alternate file is obtained and by the alternate file
Cryptographic Hash replace the cryptographic Hash of the controlled file of target;
The controlled file of target is replaced with the alternate file.
3. a kind of file safety management method, it is characterised in that comprise the following steps:
The file that cryptographic Hash changes is obtained, judges whether the file unnecessary file occurs;
If there is unnecessary file, Delete Folder catalogue and copied from standby system the backup file of the file to
Correspondence position.
4. file safety management method according to claim 3, it is characterised in that there is sub-folder under mother file folder
In the case of,
If the cryptographic Hash of the mother file folder, which changes, and mother file folder is lower is not present unnecessary file, cryptographic Hash is judged
The sub-folder changed, and then judge whether the sub-folder unnecessary file occurs;
If there is unnecessary file, delete sub-folder catalogue and the backup file of the sub-folder is copied from standby system
Press from both sides to correspondence position;Or,
If the cryptographic Hash of the mother file folder changes and there is unnecessary file under mother file folder, mother file folder is deleted
Catalogue simultaneously copies the backup file of mother file folder to correspondence position from standby system.
5. a kind of file safety management method, it is characterised in that comprise the following steps:Obtain the application clothes that cryptographic Hash changes
Business file, and then control the operation of application service.
6. method according to claim 5, it is characterised in that
If protection thread monitors application service file, by the application service file copy into detection environment;
If the cryptographic Hash of the application service file changes, stop the operation of application service and replace the application service
After file, the application service file reruned after replacing.
7. a kind of file security control device, it is characterised in that including:First detection module, the first replacement module;Wherein, institute
First detection module is stated with first replacement module to be connected;
The first detection module, for detect the cryptographic Hash of controlled file in controlled listed files whether change and will inspection
Result is surveyed to send to first replacement module;
First replacement module, for replacing the controlled file that cryptographic Hash changes.
8. a kind of file security control device, it is characterised in that including:Second replacement module, the 3rd replacement module;Described second
Replacement module is connected with the 3rd replacement module;
Second replacement module, if for replacing the controlled file of target in controlled listed files, obtaining alternate file
Cryptographic Hash and the cryptographic Hash that the cryptographic Hash of the alternate file is replaced to the controlled file of target;It is additionally operable to after the completion of replacement,
Notify the 3rd replacement module;
3rd replacement module, for receiving after the notice, the controlled file of target is replaced with the alternate file.
9. a kind of file security control device, it is characterised in that including:Judge module, deletion backup module;Wherein, it is described to sentence
Disconnected module is connected with the deletion backup module;
The judge module, for obtaining the file that cryptographic Hash changes, judges whether the file unnecessary text occurs
Part simultaneously will determine that result is sent to the deletion backup module;
The deletion backup module, if for there is unnecessary file, Delete Folder catalogue simultaneously copies institute from standby system
The backup file of file is stated to correspondence position.
10. a kind of file security control device, it is characterised in that including:Acquisition module, control module;Wherein, the acquisition mould
Block is connected with the control module;
The acquisition module, for obtaining application service file that cryptographic Hash changes and being sent result is obtained to the control
Molding block;
The control module, for according to result is obtained, controlling the operation of application service.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710426201.1A CN107194255A (en) | 2017-06-08 | 2017-06-08 | A kind of file safety management method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710426201.1A CN107194255A (en) | 2017-06-08 | 2017-06-08 | A kind of file safety management method and device |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107194255A true CN107194255A (en) | 2017-09-22 |
Family
ID=59876549
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710426201.1A Pending CN107194255A (en) | 2017-06-08 | 2017-06-08 | A kind of file safety management method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107194255A (en) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101359353A (en) * | 2008-09-05 | 2009-02-04 | 成都市华为赛门铁克科技有限公司 | File protection method and device |
CN105183508A (en) * | 2015-08-26 | 2015-12-23 | 北京元心科技有限公司 | Method for monitoring application in container system and intelligent terminal |
CN106055692A (en) * | 2016-06-12 | 2016-10-26 | 上海爱数信息技术股份有限公司 | Automatic testing method and system for comparison files or folders |
CN106354497A (en) * | 2016-08-25 | 2017-01-25 | 成都索贝数码科技股份有限公司 | Version management method and system based on file signature |
-
2017
- 2017-06-08 CN CN201710426201.1A patent/CN107194255A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101359353A (en) * | 2008-09-05 | 2009-02-04 | 成都市华为赛门铁克科技有限公司 | File protection method and device |
CN105183508A (en) * | 2015-08-26 | 2015-12-23 | 北京元心科技有限公司 | Method for monitoring application in container system and intelligent terminal |
CN106055692A (en) * | 2016-06-12 | 2016-10-26 | 上海爱数信息技术股份有限公司 | Automatic testing method and system for comparison files or folders |
CN106354497A (en) * | 2016-08-25 | 2017-01-25 | 成都索贝数码科技股份有限公司 | Version management method and system based on file signature |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11500897B2 (en) | Allocation and reassignment of unique identifiers for synchronization of content items | |
CN102902909B (en) | A kind of system and method preventing file to be tampered | |
TWI575362B (en) | Backup method, pre-testing method for enviornment updating and system thereof | |
CN102999726B (en) | File macro virus immunization method and device | |
TWI608419B (en) | Method for pre-testing software compatibility and system thereof | |
EP3563280B1 (en) | Malware detection and content item recovery | |
US9678967B2 (en) | Information source agent systems and methods for distributed data storage and management using content signatures | |
US10129264B2 (en) | Method and apparatus for implementing document sharing between user groups | |
CN102930205A (en) | Monitoring unit and method | |
US20070276823A1 (en) | Data management systems and methods for distributed data storage and management using content signatures | |
US20120124007A1 (en) | Disinfection of a file system | |
CN104715001A (en) | Method and system performing wirite operation on shared resource in cluster of data processing system | |
US9614826B1 (en) | Sensitive data protection | |
US10324802B2 (en) | Methods and systems of a dedupe storage network for image management | |
US9847906B1 (en) | Distributed dynamic system configuration | |
JP2018073166A (en) | Program operation monitoring control device, distributed object generation management device, program, and program operation monitoring system | |
CN107194255A (en) | A kind of file safety management method and device | |
US10102204B2 (en) | Maintaining access control lists in non-identity-preserving replicated data repositories | |
CN103034809B (en) | Method and device for immunizing file macro virus | |
CN108038028B (en) | File backup method and device and file restoration method and device | |
CN115794758A (en) | Extension control method and system for data file sharing | |
CN115203757A (en) | Cloud mirror image processing method and equipment applied to big data and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170922 |
|
RJ01 | Rejection of invention patent application after publication |