CN107229977A - A kind of automatic reinforcement means of Host Security baseline and system - Google Patents
A kind of automatic reinforcement means of Host Security baseline and system Download PDFInfo
- Publication number
- CN107229977A CN107229977A CN201610180521.9A CN201610180521A CN107229977A CN 107229977 A CN107229977 A CN 107229977A CN 201610180521 A CN201610180521 A CN 201610180521A CN 107229977 A CN107229977 A CN 107229977A
- Authority
- CN
- China
- Prior art keywords
- reinforcement
- item
- baseline
- security
- host
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000002787 reinforcement Effects 0.000 title claims abstract description 387
- 230000003014 reinforcing effect Effects 0.000 claims abstract description 54
- 238000000034 method Methods 0.000 claims description 33
- 238000007689 inspection Methods 0.000 claims description 22
- 238000012795 verification Methods 0.000 claims description 9
- 238000013515 script Methods 0.000 description 22
- 238000007726 management method Methods 0.000 description 9
- 230000008569 process Effects 0.000 description 8
- 230000002159 abnormal effect Effects 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 3
- 238000012423 maintenance Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 230000005856 abnormality Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000007639 printing Methods 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 241000282326 Felis catus Species 0.000 description 1
- 238000012550 audit Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000007596 consolidation process Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000005728 strengthening Methods 0.000 description 1
- 239000002699 waste material Substances 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/20—Administration of product repair or maintenance
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/86—Secure or tamper-resistant housings
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Human Resources & Organizations (AREA)
- Computer Hardware Design (AREA)
- General Physics & Mathematics (AREA)
- Entrepreneurship & Innovation (AREA)
- Strategic Management (AREA)
- Tourism & Hospitality (AREA)
- Quality & Reliability (AREA)
- General Business, Economics & Management (AREA)
- Operations Research (AREA)
- Marketing (AREA)
- Economics (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a kind of automatic reinforcement means of Host Security baseline, including:Host Security baseline is set;Item is reinforced in selection, and sets selected item of reinforcing to distinguish corresponding security hardening function;Call the corresponding security hardening function pair of the reinforcing item to reinforce item to be reinforced, and obtain the currency for reinforcing item;Result is reinforced in the relation generation of baseline criteria value according to the currency of the reinforcing item with being included in the security hardening function.Meanwhile, the invention also discloses a kind of automatic hardened system of Host Security baseline.
Description
Technical Field
The invention relates to a computer security technology, in particular to a method and a system for automatically reinforcing a security baseline of a host.
Background
At present, the security of the host computer has gained more and more attention and attention of enterprises, and many enterprises, especially telecom operation enterprises, regularly make and issue new host computer security reinforcement specifications, and regularly scan and reinforce the host computer used by the service support system, so as to ensure that the service system operates in a safe and stable environment. The security baseline check and reinforcement are the main contents of the host security check and reinforcement. The security baseline is a basic security requirement in terms of equipment and configuration, and is the minimum security guarantee and the most basic security requirement that must be met for an information system. Therefore, in order to ensure the overall safety level and prevent the system equipment from bringing safety risks due to the fact that the safety configuration is not in place, it is necessary to check and reinforce the safety of the system equipment. If the system is checked and reinforced according to the safety baseline, the safety conformance of the system and the equipment can be ensured to meet the requirements, and most potential safety hazards are avoided.
In the prior art, a professional safety baseline inspection tool can be used for carrying out automatic baseline inspection on each requirement item of the baseline, but the automatic reinforcement of the safety baseline of the host cannot be realized. Due to the limitations in safety, capital, technology and the like, the safety baseline inspection and reinforcement of the host in the actual working environment are basically completed through manual operation. However, when the number of the hosts to be reinforced and the baseline inspection items related to each host are large, and the baselines of the hosts need to be periodically inspected, the manual operation is not only required to consume more human resources, but also the efficiency is low; manual misoperation is also easy to cause manual misoperation, so that the normal operation of the system is influenced; furthermore, the security baseline inspection and reinforcement of the host requires a great professional skill and problem solving ability of the maintenance personnel, however, different maintenance personnel generally understand the inspection and reinforcement method differently, namely: a unified baseline check and reinforcement flow is lacking.
Disclosure of Invention
In view of this, embodiments of the present invention are expected to provide a method and a system for automatically reinforcing a security baseline of a host, which can automatically check and reinforce the security baseline of the host.
In order to achieve the purpose, the technical scheme of the invention is realized as follows:
the invention provides a method for automatically reinforcing a safety baseline of a host, which comprises the following steps:
setting a host safety baseline;
selecting reinforcement items, and setting safety reinforcement functions corresponding to the selected reinforcement items respectively;
calling a safety reinforcement function corresponding to the reinforcement item to reinforce the reinforcement item and acquiring the current value of the reinforcement item;
and generating a reinforcement result according to the relation between the current value of the reinforcement item and the baseline standard value contained in the safety reinforcement function.
In the above scheme, the method further comprises:
the host operating system security baseline configuration file and/or the host operating system are backed up prior to setting the host security baseline.
In the above-mentioned scheme, the first step of the method,
the security hardening function further includes: keywords of the reinforcement item;
the step of calling the security reinforcement function corresponding to the reinforcement item to reinforce the reinforcement item includes: and searching a security reinforcement function with the same keyword according to the keyword contained in the reinforcement item, and calling the security reinforcement function to reinforce the reinforcement item.
In the foregoing solution, the generating a reinforcement result according to a relationship between the current value of the reinforcement item and the baseline standard value included in the security reinforcement function includes:
when the current value of the reinforcement item is the same as the baseline standard value contained in the safety reinforcement function, the current value of the reinforcement item is reserved;
and when the current value of the reinforcement item is different from the baseline standard value contained in the safety reinforcement function, restoring the current value of the reinforcement item to the baseline standard value.
In the above scheme, the method further comprises:
when the time for reinforcing one reinforcing item is greater than a preset threshold value, stopping reinforcing the reinforcing item and sending an alarm;
verifying whether the reinforcement result is effective or not, and finishing reinforcement if the reinforcement result is effective; and if the reinforcement result is not effective, sending an alarm prompt.
The invention also provides an automatic reinforcing system for the host safety baseline, which comprises: the device comprises a baseline management module, a baseline inspection module and a baseline reinforcement module; wherein,
the base line management module is used for setting a host security base line; selecting reinforcement items, and setting safety reinforcement functions corresponding to the selected reinforcement items respectively;
the baseline checking module is used for calling a safety reinforcement function corresponding to the reinforcement item to reinforce the reinforcement item and acquiring the current value of the reinforcement item;
and the baseline reinforcement module is used for generating a reinforcement result according to the relation between the current value of the reinforcement item and the baseline standard value contained in the safety reinforcement function.
In the above solution, the system further includes: and the backup module is used for backing up the configuration file of the security baseline of the host operating system and/or the host operating system before the security baseline of the host is set.
In the above solution, the security reinforcing function set by the baseline management module further includes: keywords of the reinforcement item;
the baseline inspection module calls a security reinforcement function corresponding to the reinforcement item to reinforce the reinforcement item, and the method comprises the following steps: and searching a security reinforcement function with the same keyword according to the keyword contained in the reinforcement item, and calling the security reinforcement function to reinforce the reinforcement item.
In the foregoing solution, the baseline reinforcement module is specifically configured to:
when the current value of the reinforcement item is the same as the baseline standard value contained in the safety reinforcement function, the current value of the reinforcement item is reserved;
and when the current value of the reinforcement item is different from the baseline standard value contained in the safety reinforcement function, restoring the current value of the reinforcement item to the baseline standard value.
In the above solution, the system further includes: the device comprises an alarm module and a verification module; wherein,
the alarm module is used for stopping reinforcing one reinforcing item and sending an alarm when the reinforcing time of the reinforcing item is greater than a preset threshold; receiving an alarm prompt sent by a verification module and sending an alarm;
the verification module is used for verifying whether the reinforcement result is effective or not, and if the reinforcement result is effective, the reinforcement is finished; and if the reinforcement result is not valid, sending an alarm prompt to an alarm module.
The method and the system for automatically reinforcing the host safety baseline provided by the embodiment of the invention have the advantages that the host safety baseline is set; selecting reinforcement items, and setting safety reinforcement functions corresponding to the selected reinforcement items respectively; calling a safety reinforcement function corresponding to the reinforcement item to reinforce the reinforcement item and acquiring the current value of the reinforcement item; and generating a reinforcement result according to the relation between the current value of the reinforcement item and the baseline standard value contained in the safety reinforcement function, and verifying the reinforcement result. Therefore, the embodiment of the invention can realize the automatic reinforcement of the reinforcement item by calling the safety reinforcement function of the selected reinforcement item through presetting the safety baseline of the host, selecting the reinforcement item and setting the safety reinforcement function; therefore, when the number of the hosts to be reinforced and the baseline inspection items related to each host are large, and the baselines of the hosts need to be periodically subjected to security inspection, not only is more human resources not required to be consumed, but also the working efficiency can be greatly improved; meanwhile, the manual misoperation caused by manual operation can be effectively avoided, so that the influence on the normal operation of a service system is reduced; in addition, a unified safety inspection and reinforcement flow is formulated according to the inspection requirements, so that the resource waste phenomenon caused by the lack of the unified baseline inspection and reinforcement flow of maintenance personnel can be effectively avoided, and the updating and the expansion are easy.
Drawings
FIG. 1 is a schematic diagram illustrating an implementation process of a method for automatically reinforcing a security baseline of a host according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of a component of an automatic reinforcing system for a security baseline of a host according to an embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and specific embodiments.
Example one
As shown in fig. 1, the method for automatically reinforcing the security baseline of the host according to the embodiment of the present invention includes:
step 101: setting a host safety baseline;
here, the host security baseline may be set according to a host security check standard preset by a user, or may be set according to actual operating conditions of the host under different environments.
Further, before step 101, the method further comprises: backing up a security baseline configuration file of a host operating system and/or the host operating system;
the purpose of backing up the security baseline configuration file of the host operating system and/or the host operating system is to prevent the host from being restored to the state before the reinforcement by using the backed-up configuration file and/or the system when the system cannot normally run and the like possibly occur due to unexpected events, such as configuration information misoperation, in the process of reinforcing the host.
In the embodiment of the present invention, the backup of the security baseline configuration file of the operating system of the host may be implemented in the following manner: judging whether the configuration file exists through an if (-f/etc/inetd.conf) statement, copying the current configuration file to a/bak directory for backup by using a cp command after the configuration file is searched, and printing and outputting 'file | backup success' after the backup is successful.
Step 102: selecting reinforcement items, and setting safety reinforcement functions corresponding to the selected reinforcement items respectively;
here, the user can establish a basic reinforcement item library in advance according to the host security check standard, and establish a user reinforcement item library according to the actual operation condition of the host under different environments; further, the base reinforcement item library and the user reinforcement item library may be updated according to actual needs, for example, deleting unnecessary reinforcement items, modifying existing reinforcement items, or adding new reinforcement items.
Here, the selecting a reinforcement item may be selecting one or more reinforcement items from the base reinforcement item library individually, selecting one or more reinforcement items from the user reinforcement item library individually, or selecting one or more reinforcement items from the two reinforcement item libraries individually. Of course, the selected reinforcement item may also be a reinforcement item set by the user directly according to the host security check standard and/or the actual operation condition of the host.
Here, the security reinforcement function includes a baseline standard value of a reinforcement item and a keyword of the reinforcement item; the baseline standard value is used for judging whether the reinforcement item is normal or not, namely, whether the current value of the reinforcement item is consistent with the baseline standard value or not is compared, if so, the reinforcement item is normal, otherwise, the reinforcement item is abnormal; the keywords are mainly used as search identifiers, namely when the security reinforcement functions corresponding to the reinforcement items need to be searched, the security reinforcement functions matched with the reinforcement items can be obtained through keyword search in the reinforcement items.
Further, before step 102, the method further comprises: respectively identifying the type of a host operating system, the version number of the operating system and the identity of an executing user;
specifically, different security hardening functions may need to be set for the same hardening item due to differences between different operating systems; different security hardening functions may also need to be set for the same hardening item due to differences between different operating system versions. Moreover, checking and reinforcing the host will involve the highest authority of host operations, such as account locking check, password modification policy check, etc., which present a high operational security risk. Therefore, in order to ensure the security of the host, the checking and the reinforcing of the host can be performed only by the root user which is the default of the host, so that whether the executing user is the root user needs to be identified, and if the executing user is not the root user, the checking and the reinforcing operation cannot be performed.
Step 103: calling a safety reinforcement function corresponding to the reinforcement item to reinforce the reinforcement item and acquiring the current value of the reinforcement item;
specifically, according to keywords contained in the reinforcement item, a security reinforcement function with the same keywords is searched, the security reinforcement function is called to check and reinforce the reinforcement item, and a check result of the reinforcement item is obtained and recorded, wherein the check result of the reinforcement item contains a current value of the reinforcement item.
In practical applications, the obtained inspection result of the reinforcement item may further include redundant information, such as blank spaces, comments, and the like, and therefore, the obtained inspection result of the reinforcement item may be preprocessed, and then the current value of the reinforcement item is extracted from the preprocessed inspection result of the reinforcement item.
Step 104: generating a reinforcement result according to the relation between the current value of the reinforcement item and a baseline standard value contained in the safety reinforcement function;
specifically, according to a current value of a reinforcement item extracted from an inspection result of the reinforcement item and a baseline standard value of the reinforcement item extracted from a safety reinforcement function corresponding to the reinforcement item, comparing the current value of the reinforcement item with the baseline standard value; when the current value of the reinforcement item is the same as the baseline standard value contained in the safety reinforcement function, the reinforcement item is normal, the current value of the reinforcement item is reserved, and a reinforcement result is generated; and when the current value of the reinforcement item is different from the baseline standard value contained in the safety reinforcement function, the reinforcement item is abnormal, the current value of the reinforcement item needs to be repaired to be the baseline standard value, and a reinforcement result is generated.
Here, the reinforcement result includes a process of reinforcing the reinforcement item, a value of the reinforcement item before reinforcement, and a value of the reinforcement item after reinforcement.
Further, the method further comprises: when each reinforcement item is reinforced, recording the reinforcement time of each reinforcement item; and when the time for reinforcing one reinforcing item is greater than a preset threshold value, stopping reinforcing the reinforcing item and sending an alarm.
Further, the method further comprises: verifying whether the reinforcement result is effective or not, and finishing reinforcement if the reinforcement result is effective; and if the reinforcement result is not effective, sending an alarm prompt.
Specifically, whether the reinforcement of the reinforcement item is normally completed is verified according to the reinforcement result, if the value of the reinforcement item after reinforcement is completely consistent with the baseline standard value contained in the safety reinforcement function corresponding to the reinforcement item, it is indicated that the reinforcement is normally completed, otherwise, it is indicated that the reinforcement is abnormal.
For example, the value of a reinforcement item before reinforcement is 1, and the baseline standard value included in the security reinforcement function corresponding to the reinforcement item is 2, after reinforcement is performed, if the value of the reinforcement item after reinforcement included in the reinforcement result is still 1, it indicates that there is an abnormality in reinforcement of the reinforcement item; if the value of the reinforcement item included in the reinforcement result after reinforcement is 2, it indicates that the reinforcement of the reinforcement item has been completed normally.
In the embodiment of the invention, the reinforcement result can be recorded through a log and can be output to a host screen for displaying. For example, the FIFO pipeline function of the shell can be used to record and print out the log. The FIFO type file has the characteristic of a pipeline, and the FIFO file is used for transmitting data in the process, so that the interprocess communication is more durable and stable. When the data is read out, the data in the FIFO pipeline is cleared simultaneously. The key technologies and codes of recording and printing out the log by using the FIFO pipeline function are as follows:
log _ file ═/$ (date +% Y% M% d)/$ (date +% Y% M% d% H% M% S) — log — define the log file name;
fifofile ═/$ (date +% Y% M% d)/$ (date +% Y% M% d% H% M% S) · fifo — define the pipe file name;
touch $ log _ file- -create a log file;
mkfifo $ fifo file — create fifo pipe file;
cat $ FIFO file | tee $ log _ file & exec 1> $ FIFO file 2> &1 — so that executing the log outputs and prints the log on the screen through the FIFO pipe file while writing the output log content into the log file.
The method of the present application is described in detail below with reference to specific examples.
The method comprises the steps of assuming that the host security check comprises seven fields of password policy, security policy, log audit, system service, security patch, access control, account security and the like, and setting host security baseline check standards, namely setting host security baselines, for the check fields respectively. The selected reinforcement item is FTP anonymous login in the field of password policy, a baseline standard value contained in a security reinforcement function corresponding to the reinforcement item is FTP anonymous login forbidden, and an applicable object is a host with an operating system HP-UX and a version number of 11.11. According to the type and version number of the host operating system, a user interprets and defines the host security baseline standard by adopting commands such as Trap, Debug, pipe, Stream, Post and the like in Shell and Perl languages to form an execution script. The execution script comprises selected reinforcement items and security reinforcement functions corresponding to the reinforcement items, the applicable object of the execution script is a host with an operating system type of HP-UX 11.11, and the execution user identity is a root user.
And checking and reinforcing the host with the operating system type of HP-UX 11.11 by using the execution script. Here, the user identity of the current host executing script is root user, and FTP in the field of the host password policy does not prohibit anonymous login.
Before entering the process of checking and reinforcing the host, the executing script can automatically judge whether the type of the operating system, the version of the operating system and the identity of the executing user of the host are completely consistent with the applicable object set in the script, and the executing script enters a backup stage because the type of the operating system, the version of the operating system and the identity of the executing user of the host are completely consistent with the applicable object set in the script; in the backup stage, the execution script can automatically backup the configuration file of the security baseline of the host operating system and/or the host operating system, so that the normal operation of the system is prevented from being influenced by errors such as configuration information in the process of reinforcing the security baseline of the host, and the host can be restored to the state before reinforcement by using the backed-up file.
After entering the process of checking and reinforcing the host, firstly, executing a script to check whether a security baseline configuration file and/or a host operating system of the host operating system have been backed up in advance, and if not, sending an alarm prompt; checking whether a safety reinforcement function of a reinforcement item is defined in advance, and if not, sending an alarm prompt; when the alarm prompts appear, the user can choose to quit the execution of the checking and the strengthening on the host, but the alarm prompts do not influence the normal operation of the execution script. And then, the execution script searches a security reinforcing function with the same key word according to the key word contained in the FTP anonymous login in the field of reinforcing items, namely password strategies, and calls the security reinforcing function to check and reinforce the FTP anonymous login. And if the FTP in the field of the host password policy does not prohibit anonymous login, the check result shows that the anonymous login is not prohibited in the reinforced FTP anonymous login, and the execution script restores the reinforced FTP anonymous login to the FTP anonymous login prohibited anonymous login. And after the reinforcement is finished, the execution script confirms the reinforcement result of the reinforcement item again, judges whether the reinforcement result is effective or not, and if the reinforcement item displays that anonymous login is forbidden after reinforcement, the reinforcement result is effective.
In addition, the execution script can be deployed and hardened on a single host or multiple hosts. When the reinforcement is carried out on a single host, a user can deploy the execution script under any file directory of the server in an FTP mode, and can change the execution script or increase the number of the execution users through the execution-/security.
When reinforcement is needed to be carried out on a plurality of hosts at the same time, a user can deploy the execution script on the host computer in an FTP mode, ensure that the host computer and a target host computer needing reinforcement can normally communicate through a network port, and realize functions of automatic login, reinforcement command execution, log recording and the like through the expect script. The expect script is composed as follows:
wherein, the configuration list of batch processing command and hosts is stored in the config directory; storing running log information under a log directory; storing ssh key files under the ssh-key directory; sh is a main execution program used for circularly taking values from hosts files and calling expect scripts.
As shown in fig. 2, the system for automatically reinforcing the security baseline of the host according to the embodiment of the present invention includes: a baseline management module 22, a baseline checking module 23 and a baseline reinforcing module 24; wherein,
the baseline management module 22 is used for setting a host security baseline;
here, the host security baseline may be set according to a host security check standard preset by a user, or may be set according to actual operating conditions of the host under different environments.
The system further comprises: the backup module 21 is used for backing up the configuration file of the security baseline of the host operating system and/or the host operating system before the baseline management module 22 sets the security baseline of the host;
the purpose of backing up the security baseline configuration file of the host operating system and/or the host operating system is to prevent the host from being restored to a state before the host is consolidated by using the backed-up configuration file and/or the system when the system cannot normally run and the like possibly occur due to unexpected events, such as configuration information misoperation, in the host consolidation process.
The baseline management module 22 is further configured to select a reinforcement item, and set security reinforcement functions corresponding to the selected reinforcement item respectively;
here, the user can establish a basic reinforcement item library in advance according to the host security check standard, and establish a user reinforcement item library according to the actual operation condition of the host under different environments; further, the base reinforcement item library and the user reinforcement item library may be updated according to actual needs, for example, deleting unnecessary reinforcement items, modifying existing reinforcement items, or adding new reinforcement items.
Here, the selecting a reinforcement item may be selecting one or more reinforcement items from the base reinforcement item library individually, selecting one or more reinforcement items from the user reinforcement item library individually, or selecting one or more reinforcement items from the two reinforcement item libraries individually. Of course, the selected reinforcement item may also be a reinforcement item set by the user directly according to the host security check standard and/or the actual operation condition of the host.
Here, the security reinforcement function includes a baseline standard value of a reinforcement item and a keyword of the reinforcement item; the baseline standard value is used for judging whether the reinforcement item is normal or not, namely, whether the current value of the reinforcement item is consistent with the baseline standard value or not is compared, if so, the reinforcement item is normal, otherwise, the reinforcement item is abnormal; the keywords are mainly used as search identifiers, namely when the security reinforcement functions corresponding to the reinforcement items need to be searched, the security reinforcement functions matched with the reinforcement items can be obtained through keyword search in the reinforcement items.
The baseline management module 22 is further configured to identify a type of a host operating system, a version number of the operating system, and an identity of an executing user, respectively;
specifically, different security hardening functions may need to be set for the same hardening item due to differences between different operating systems; different security hardening functions may also need to be set for the same hardening item due to differences between different operating system versions. Moreover, checking and reinforcing the host will involve the highest authority of host operations, such as account locking check, password modification policy check, etc., which present a high operational security risk. Therefore, in order to ensure the security of the host, the checking and reinforcing of the host can be performed only by the root user which is the default of the host, so that whether the performing user is the root user needs to be identified, and if not, the checking and reinforcing operation cannot be performed.
The baseline checking module 23 is configured to call a security reinforcement function corresponding to the reinforcement item to reinforce the reinforcement item, and obtain a current value of the reinforcement item;
specifically, according to keywords contained in the reinforcement item, a security reinforcement function with the same keywords is searched, the security reinforcement function is called to check and reinforce the reinforcement item, and a check result of the reinforcement item is obtained and recorded, wherein the check result of the reinforcement item contains a current value of the reinforcement item.
In practical applications, the obtained inspection result of the reinforcement item may further include redundant information, such as blank spaces, comments, and the like, and therefore, the obtained inspection result of the reinforcement item may be preprocessed, and then the current value of the reinforcement item is extracted from the preprocessed inspection result of the reinforcement item.
The baseline reinforcement module 24 is configured to generate a reinforcement result according to a relationship between the current value of the reinforcement item and a baseline standard value included in the security reinforcement function;
specifically, according to a current value of a reinforcement item extracted from an inspection result of the reinforcement item and a baseline standard value of the reinforcement item extracted from a safety reinforcement function corresponding to the reinforcement item, comparing the current value of the reinforcement item with the baseline standard value; when the current value of the reinforcement item is the same as the baseline standard value contained in the safety reinforcement function, the reinforcement item is normal, the current value of the reinforcement item is reserved, and a reinforcement result is generated; and when the current value of the reinforcement item is different from the baseline standard value contained in the safety reinforcement function, the reinforcement item is abnormal, the current value of the reinforcement item needs to be repaired to be the baseline standard value, and a reinforcement result is generated.
Here, the reinforcement result includes a process of reinforcing the reinforcement item, a value of the reinforcement item before reinforcement, and a value of the reinforcement item after reinforcement.
Further, the system further comprises: the warning module 25 is used for recording the reinforcement time of each reinforcement item when each reinforcement item is reinforced;
the alarm module 25 is further configured to, when the time for reinforcing a reinforcement item is greater than a preset threshold, suspend reinforcing the reinforcement item, and issue an alarm.
Further, the system further comprises: a verification module 26, configured to verify whether the reinforcement result is valid, and if the reinforcement result is valid, complete reinforcement; and if the reinforcement result is not effective, sending an alarm prompt to the alarm module 25.
Specifically, whether the reinforcement of the reinforcement item is normally completed is verified according to the reinforcement result, if the value of the reinforcement item after reinforcement is completely consistent with the baseline standard value contained in the safety reinforcement function corresponding to the reinforcement item, it is indicated that the reinforcement is normally completed, otherwise, it is indicated that the reinforcement is abnormal.
For example, the value of a reinforcement item before reinforcement is 1, and the baseline standard value included in the security reinforcement function corresponding to the reinforcement item is 2, after reinforcement is performed, if the value of the reinforcement item after reinforcement included in the reinforcement result is still 1, it indicates that there is an abnormality in reinforcement of the reinforcement item; if the value of the reinforcement item included in the reinforcement result after reinforcement is 2, it indicates that the reinforcement of the reinforcement item has been completed normally.
Further, the alarm module 25 is further configured to receive an alarm prompt sent by the verification module 26 and send an alarm.
In practical applications, the backup module 21, the baseline management module 22, the baseline check module 23, the baseline reinforcement module 24, the alarm module 25, and the verification module 26 may be implemented by a Central Processing Unit (CPU), a microprocessor unit (MPU), a Digital Signal Processor (DSP), a Field Programmable Gate Array (FPGA), or the like located at a terminal.
The above description is only a preferred embodiment of the present invention, and is not intended to limit the scope of the present invention. Any modification, equivalent replacement, and improvement made within the spirit and scope of the present invention are included in the protection scope of the present invention.
Claims (10)
1. A host security baseline automatic reinforcement method is characterized in that a host security baseline is set; the method further comprises the following steps:
selecting reinforcement items, and setting safety reinforcement functions corresponding to the selected reinforcement items respectively;
calling a safety reinforcement function corresponding to the reinforcement item to reinforce the reinforcement item and acquiring the current value of the reinforcement item;
and generating a reinforcement result according to the relation between the current value of the reinforcement item and the baseline standard value contained in the safety reinforcement function.
2. The method of claim 1, further comprising: the host operating system security baseline configuration file and/or the host operating system are backed up prior to setting the host security baseline.
3. The method of claim 1,
the security hardening function further includes: keywords of the reinforcement item;
the step of calling the security reinforcement function corresponding to the reinforcement item to reinforce the reinforcement item includes: and searching a security reinforcement function with the same keyword according to the keyword contained in the reinforcement item, and calling the security reinforcement function to reinforce the reinforcement item.
4. The method of claim 1, wherein generating a reinforcement result according to a relationship between current values of the reinforcement terms and baseline standard values included in the security reinforcement function comprises:
when the current value of the reinforcement item is the same as the baseline standard value contained in the safety reinforcement function, the current value of the reinforcement item is reserved;
and when the current value of the reinforcement item is different from the baseline standard value contained in the safety reinforcement function, restoring the current value of the reinforcement item to the baseline standard value.
5. The method according to any one of claims 1 to 4, further comprising:
when the time for reinforcing one reinforcing item is greater than a preset threshold value, stopping reinforcing the reinforcing item and sending an alarm;
verifying whether the reinforcement result is effective or not, and finishing reinforcement if the reinforcement result is effective; and if the reinforcement result is not effective, sending an alarm prompt.
6. An automatic reinforcement system for a host security baseline, the system comprising: the device comprises a baseline management module, a baseline inspection module and a baseline reinforcement module; wherein,
the base line management module is used for setting a host security base line; selecting reinforcement items, and setting safety reinforcement functions corresponding to the selected reinforcement items respectively;
the baseline checking module is used for calling a safety reinforcement function corresponding to the reinforcement item to reinforce the reinforcement item and acquiring the current value of the reinforcement item;
and the baseline reinforcement module is used for generating a reinforcement result according to the relation between the current value of the reinforcement item and the baseline standard value contained in the safety reinforcement function.
7. The system of claim 6, further comprising: and the backup module is used for backing up the configuration file of the security baseline of the host operating system and/or the host operating system before the security baseline of the host is set.
8. The system of claim 6,
the security reinforcement function set by the baseline management module further comprises: keywords of the reinforcement item;
the baseline reinforcement module calls a security reinforcement function corresponding to the reinforcement item to reinforce the reinforcement item, and the method comprises the following steps: and searching a security reinforcement function with the same keyword according to the keyword contained in the reinforcement item, and calling the security reinforcement function to reinforce the reinforcement item.
9. The system of claim 6, wherein the baseline reinforcement module is specifically configured to:
when the current value of the reinforcement item is the same as the baseline standard value contained in the safety reinforcement function, the current value of the reinforcement item is reserved;
and when the current value of the reinforcement item is different from the baseline standard value contained in the safety reinforcement function, restoring the current value of the reinforcement item to the baseline standard value.
10. The system of any one of claims 6 to 9, further comprising: the device comprises an alarm module and a verification module; wherein,
the alarm module is used for stopping reinforcing one reinforcing item and sending an alarm when the reinforcing time of the reinforcing item is greater than a preset threshold; receiving an alarm prompt sent by a verification module and sending an alarm;
the verification module is used for verifying whether the reinforcement result is effective or not, and if the reinforcement result is effective, the reinforcement is finished; and if the reinforcement result is not valid, sending an alarm prompt to an alarm module.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610180521.9A CN107229977A (en) | 2016-03-25 | 2016-03-25 | A kind of automatic reinforcement means of Host Security baseline and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610180521.9A CN107229977A (en) | 2016-03-25 | 2016-03-25 | A kind of automatic reinforcement means of Host Security baseline and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN107229977A true CN107229977A (en) | 2017-10-03 |
Family
ID=59932519
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610180521.9A Pending CN107229977A (en) | 2016-03-25 | 2016-03-25 | A kind of automatic reinforcement means of Host Security baseline and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107229977A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108062470A (en) * | 2017-12-13 | 2018-05-22 | 广东电网有限责任公司电力科学研究院 | A kind of computer information safe reinforcement means |
| CN110765463A (en) * | 2019-11-02 | 2020-02-07 | 上海新炬网络技术有限公司 | WebLogic-based security baseline reinforcement method |
| CN112685743A (en) * | 2020-12-28 | 2021-04-20 | 北京珞安科技有限责任公司 | Automatic reinforcing method and system for host security baseline |
| CN113783851A (en) * | 2021-08-27 | 2021-12-10 | 西安胡门网络技术有限公司 | Baseline checking and reinforcing method and system for NTLM protocol attack |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103699831A (en) * | 2013-12-31 | 2014-04-02 | 曙光云计算技术有限公司 | System and method for reinforcing mainframe in real time |
| CN104346574A (en) * | 2014-10-23 | 2015-02-11 | 武汉大学 | Automatic host computer security configuration vulnerability restoration method and system based on configuration specification |
| US20150106652A1 (en) * | 2012-06-25 | 2015-04-16 | Tencent Technology (Shenzhen) Company Limited | System repair method and device, and storage medium |
| CN105245392A (en) * | 2014-06-27 | 2016-01-13 | 北京新媒传信科技有限公司 | Method and device for base line checking and repairing |
-
2016
- 2016-03-25 CN CN201610180521.9A patent/CN107229977A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20150106652A1 (en) * | 2012-06-25 | 2015-04-16 | Tencent Technology (Shenzhen) Company Limited | System repair method and device, and storage medium |
| CN103699831A (en) * | 2013-12-31 | 2014-04-02 | 曙光云计算技术有限公司 | System and method for reinforcing mainframe in real time |
| CN105245392A (en) * | 2014-06-27 | 2016-01-13 | 北京新媒传信科技有限公司 | Method and device for base line checking and repairing |
| CN104346574A (en) * | 2014-10-23 | 2015-02-11 | 武汉大学 | Automatic host computer security configuration vulnerability restoration method and system based on configuration specification |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108062470A (en) * | 2017-12-13 | 2018-05-22 | 广东电网有限责任公司电力科学研究院 | A kind of computer information safe reinforcement means |
| CN110765463A (en) * | 2019-11-02 | 2020-02-07 | 上海新炬网络技术有限公司 | WebLogic-based security baseline reinforcement method |
| CN110765463B (en) * | 2019-11-02 | 2023-05-26 | 上海新炬网络技术有限公司 | WebLogic-based safety baseline reinforcement method |
| CN112685743A (en) * | 2020-12-28 | 2021-04-20 | 北京珞安科技有限责任公司 | Automatic reinforcing method and system for host security baseline |
| CN113783851A (en) * | 2021-08-27 | 2021-12-10 | 西安胡门网络技术有限公司 | Baseline checking and reinforcing method and system for NTLM protocol attack |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7437764B1 (en) | Vulnerability assessment of disk images | |
| US8621278B2 (en) | System and method for automated solution of functionality problems in computer systems | |
| CA2668204C (en) | Program modification and load times in computing devices | |
| CN111695156A (en) | Service platform access method, device, equipment and storage medium | |
| CN112463144B (en) | Distributed storage command line service method, system, terminal and storage medium | |
| CN101493869B (en) | Password protection for backed-up file | |
| JP6788178B2 (en) | Setting support program, setting support method and setting support device | |
| KR101579493B1 (en) | Staging control method for source code, Computer program for the same, Recording medium storing computer program for the same | |
| CN107229977A (en) | A kind of automatic reinforcement means of Host Security baseline and system | |
| KR101649909B1 (en) | Method and apparatus for virtual machine vulnerability analysis and recovery | |
| CN116361807A (en) | Risk management and control method and device, storage medium and electronic equipment | |
| CN103440460A (en) | Application system change validation method and system | |
| CN116226865A (en) | Security detection method, device, server, medium and product of cloud native application | |
| US20100064290A1 (en) | Computer-readable recording medium storing a control program, information processing system, and information processing method | |
| CN112579330B (en) | Processing method, device and equipment for abnormal data of operating system | |
| CN112256532A (en) | Test interface generation method and device, computer equipment and readable storage medium | |
| US8380729B2 (en) | Systems and methods for first data capture through generic message monitoring | |
| CN109582454A (en) | Permission releasing control method, device and equipment in a kind of distributed storage cluster | |
| US12086249B2 (en) | Detection system, detection method, and an update verification method performed by using the detection method | |
| CN112765602A (en) | Information security supervision method and device | |
| CN114327588A (en) | Method and device for processing code submission log | |
| CN106293897B (en) | Automatic scheduling system of subassembly | |
| US6802009B1 (en) | Operating system security checking system, method, and program | |
| CN115114670B (en) | File unlocking method and device based on external link, network disk and storage medium | |
| CN115639972B (en) | Data migration method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20171003 |