CN107357736A - A kind of automated detection method for Tomcat security configurations - Google Patents

A kind of automated detection method for Tomcat security configurations Download PDF

Info

Publication number
CN107357736A
CN107357736A CN201710630202.8A CN201710630202A CN107357736A CN 107357736 A CN107357736 A CN 107357736A CN 201710630202 A CN201710630202 A CN 201710630202A CN 107357736 A CN107357736 A CN 107357736A
Authority
CN
China
Prior art keywords
tomcat
security
detection method
catalogues
security configurations
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710630202.8A
Other languages
Chinese (zh)
Inventor
刘雁鸣
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhengzhou Yunhai Information Technology Co Ltd
Original Assignee
Zhengzhou Yunhai Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhengzhou Yunhai Information Technology Co Ltd filed Critical Zhengzhou Yunhai Information Technology Co Ltd
Priority to CN201710630202.8A priority Critical patent/CN107357736A/en
Publication of CN107357736A publication Critical patent/CN107357736A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/362Software debugging
    • G06F11/3644Software debugging by instrumenting at runtime
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Quality & Reliability (AREA)
  • Mathematical Physics (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Stored Programmes (AREA)

Abstract

The present invention discloses a kind of automated detection method for Tomcat security configurations, it is related to Web security fields, for Tomcat security configuration critical checkpoints, automatic detection program is write using Python, Tomcat configuration file parsings are carried out by automatic detection programming automation, system command performs and data analysis, while compatible Windows and Linux platform so that Tomcat security configurations item can carry out one-touch automatic detection.Instant invention overcomes manual detection efficiency is low, the incomplete defect of detection, the detection efficiency of Tomcat security configurations is improved, improves and uses the safety test efficiency of Tomcat software product and comprehensive.

Description

A kind of automated detection method for Tomcat security configurations
Technical field
The present invention relates to Web security fields, specifically a kind of automatic detection side for Tomcat security configurations Method.
Background technology
Tomcat is the Web application servers of a free open source code, belongs to lightweight application server, Middle-size and small-size system and concurrent users are commonly used under many occasions, are the head of exploitation and debugging JSP programs Choosing.
With computer, the development and application of Internet technology, internet has goed deep into popular daily Working Life, network Safety problem causes popular increasing concern.And Tomcat is as Web server popular at present, its security All the more it is important.The problem of on Tomcat security configurations, except usually take in time the modes such as security patch, version updating it Outside, it is extremely important for lifting Tomcat securities that some security configurations are carried out.
The content of the invention
Demand and weak point of the present invention for the development of current technology, there is provided it is a kind of for Tomcat security configurations from Dynamicization detection method.
A kind of automated detection method for Tomcat security configurations of the present invention, solve above-mentioned technical problem and use Technical scheme it is as follows:The automated detection method for Tomcat security configurations, it is crucial for Tomcat security configurations Checkpoint, automatic detection program is write using Python, carrying out Tomcat by automatic detection programming automation matches somebody with somebody Document analysis is put, system command performs and data analysis, while compatible Windows and Linux platform so that Tomcat matches somebody with somebody safely One-touch automatic detection can be carried out by putting item;
Its specific steps of the automatic testing method include:
1)Tomcat installation path parameters are obtained, and obtain the OS Type that automatic detection program is currently run;
2)Tomcat versions are obtained by performing the version scripts under Tomcat installation directories in bin catalogues, and are output to knot In fruit file;
3)User when detecting Tomcat operations by performing Windows/Linux local commands, and judge whether the user has Administrator/root authorities, security risk is prompted in destination file if having;
4)Tomcat is detected by parsing the tomcat-users.xml configuration files under Tomcat installation directories in conf catalogues Back-stage management page account enables situation;
5)Tomcat application journeys are detected by parsing the server.xml configuration files under Tomcat installation directories in conf catalogues The preface and table of contents records priority assignation situation;
6)Tomcat access days are detected by parsing the server.xml configuration files under Tomcat installation directories in conf catalogues Will record case.
Preferably, step 2), if Windows systems then using cmd/k call orders operation version.bat, if Then version.sh is run for linux system using sh orders.
Preferably, step 3), then using tasklist/V if Windows systems | findstr " tomcat " is ordered Tomcat operation users are detected, then check that local group membership whether there is administrators using net user orders, If security risk is prompted in destination file in the presence of if;Ps-ef are then used if linux system | grep tomcat orders are examined Tomcat operation users are surveyed, security risk is then prompted in destination file if root.
Preferably, step 4)If in tomcat-users.xml<tomcat-users>User labels roles under label " manager-gui " item in property value be present, and be not annotated, then the username and password property values for obtaining this are defeated Go out into destination file, and prompt security risk.
Preferably, step 5), obtain first in server.xml<Host>The value of the appBase attributes of label, Ran Houjian The directory entry for writing and performing authority is looked under the path while exists, if being output in the presence of if in destination file and prompt safety wind Danger.
Preferably, step 5), the appBase property values of acquisition are then checked under webapps catalogues if " webapps " ROOT catalogues, manager catalogues, host-manager catalogues, if in the presence of and be not sky, will not be that empty directory entry title will be defeated Go out into destination file and prompt security risk.
Preferably, step 6), first look in server.xml<Valve>The className property values of label are Whether the item of " org.apache.catalina.valves.AccessLogValve " is annotated, if being annotated, in result text Security risk is prompted in part;If not being annotated, its pattern property value content is checked, if %h, %t, %r, %s item is not present, Item output will then be lacked in destination file and prompt security risk.
A kind of automated detection method for Tomcat security configurations of the present invention, has compared with prior art Beneficial effect is:This method is directed to Tomcat security configuration critical checkpoints, and automation carries out Tomcat configuration file parsings, is System order performs and data analysis, overcomes that manual detection efficiency is low, the incomplete defect of detection, improves Tomcat and matches somebody with somebody safely The detection efficiency put, improve and use the safety test efficiency of Tomcat software product and comprehensive.
Brief description of the drawings
Accompanying drawing 1 is the implementing procedure figure for the automated detection method of Tomcat security configurations.
Embodiment
For the object, technical solutions and advantages of the present invention are more clearly understood, below in conjunction with specific embodiment, to this hair A kind of bright automated detection method for Tomcat security configurations is further described.
Safety problem is configured for Tomcat, the present invention proposes a kind of automatic detection for Tomcat security configurations Method, for Tomcat security configuration critical checkpoints, automatic detection program is write using Python, passes through automation Detect programming automation carry out Tomcat configuration file parsings, system command perform and data analysis, while compatible Windows and Linux platform so that Tomcat security configurations item can carry out one-touch automatic detection, avoid and detect incomplete ask Topic, improve the detection efficiencies of Tomcat security configurations, improve using Tomcat software product safety test efficiency and It is comprehensive.
Embodiment:1:
The automated detection method of Tomcat security configurations is directed to described in the present embodiment, its specific steps includes:
1)Tomcat installation path parameters are obtained, and obtain the OS Type that automatic detection program is currently run;
2)Tomcat versions are obtained by performing the version scripts under Tomcat installation directories in bin catalogues, and are output to knot In fruit file;
3)User when detecting Tomcat operations by performing Windows/Linux local commands, and judge whether the user has Administrator/root authorities, security risk is prompted in destination file if having;
4)Tomcat is detected by parsing the tomcat-users.xml configuration files under Tomcat installation directories in conf catalogues Back-stage management page account enables situation;
5)Tomcat application journeys are detected by parsing the server.xml configuration files under Tomcat installation directories in conf catalogues The preface and table of contents records priority assignation situation;
6)Tomcat access days are detected by parsing the server.xml configuration files under Tomcat installation directories in conf catalogues Will record case.
Embodiment 2:
The automated detection method of Tomcat security configurations is directed to described in the present embodiment, on the basis of embodiment 1, its specific step Suddenly include:
1)Tomcat installation path parameters are obtained, and obtain the OS Type that automatic detection program is currently run, can be with Use platform.platform () method in platform modules;
2)Tomcat versions are obtained by performing the version scripts under Tomcat installation directories in bin catalogues, and are output to knot In fruit file, local command performs the subprocess.Popen methods that subprocess modules can be used;
If Windows systems then using cmd/k call orders or other orders operation version.bat, if Linux System is then using sh orders or other order operations version.sh;
3)User when detecting Tomcat operations by performing Windows/Linux local commands, and judge whether the user has Administrator/root authorities, security risk is prompted in destination file if having;
Tasklist/V is then used if Windows systems | findstr " tomcat " is ordered or other order detections Tomcat runs user, then checks that local group membership whether there is administrators using net user orders, if depositing Security risk is then being prompted in destination file;
Ps-ef are then used if linux system | grep tomcat orders or other orders detection Tomcat operation users, if Security risk is then prompted in destination file for root, otherwise check/etc/passwd in correspond to the 4th parameter of user's row and be No is 0, is root user's groups if 0, then security risk is prompted in destination file;
4)By parsing the tomcat-users.xml configuration files under Tomcat installation directories in conf catalogues, Tomcat is detected Back-stage management page account enables situation;
If in tomcat-users.xml<tomcat-users>Exist in user label roles property values under label " manager-gui " item(The login account number of the back-stage management page), and be not annotated, then obtain the user name username of this It is output to password password property values in destination file, and prompts security risk;
5)Tomcat application journeys are detected by parsing the server.xml configuration files under Tomcat installation directories in conf catalogues The preface and table of contents records priority assignation situation;
Obtain first in server.xml<Host>The value of the appBase attributes of label(Web application deployment path), then check The directory entry for writing and performing authority under the path simultaneously be present, if being output in the presence of if in destination file and prompt safety wind Danger;
6)The appBase property values obtained in step 5 are if " webapps "(That is default value), then check under webapps catalogues ROOT catalogues, manager catalogues, host-manager catalogues, if in the presence of and be not sky, will be not empty directory entry title It is output in destination file and prompts security risk;
7)By parsing the server.xml configuration files under Tomcat installation directories in conf catalogues, detection Tomcat accesses day Will record case;
First look in server.xml<Valve>The className property values of label are Whether the item of " org.apache.catalina.valves.AccessLogValve " is annotated, if being annotated(Non- record access Daily record), then security risk is prompted in destination file;If not being annotated, its pattern property value content is checked, if not depositing In %h(Record request source IP/hostname)、%t(Request time)、%r(Request message first trip:Requesting method+URL+HTTP is assisted View)、%s(Response HTTP conditional codes)Xiang Ze will lack item output in destination file and prompt security risk.
The present embodiment is directed to the specific implementation process of the automated detection method of Tomcat security configurations, as shown in Figure 1:
1st, user inputs Tomcat installation paths, obtains Tomcat installation path parameters, and it is current to obtain automatic detection program The OS Type of operation;
2nd, Tomcat versions are obtained by performing the version scripts under Tomcat installation directories in bin catalogues, and exports version Number to destination file;
User when the 3rd, detecting Tomcat operations by performing Windows/Linux local commands, obtains Tomcat and performs user, And judge to perform whether user has administrator/root authorities, output safety indicating risk is to destination file if having;
4th, by parsing the tomcat-users.xml configuration files under Tomcat installation directories in conf catalogues, can use Xml.dom.minidom module correlation techniques, to detect whether Tomcat back-stage management page accounts enable;Exported if enabling Username and password and security risk are prompted to destination file;
5th, by parsing the server.xml configuration files under Tomcat installation directories in conf catalogues, Tomcat application journeys are obtained There is the directory listing for writing and performing authority simultaneously in preface and table of contents record, prompted if the output listing in the presence of and if security risk to result text Part;
6th, in step 5, if in the absence of having the catalogue of writing and performs authority simultaneously, Tomcat default applications are detected whether It has been deleted that, export the application list if not deleting and security risk is prompted to destination file;
7th, by parsing the server.xml configuration files under Tomcat installation directories in conf catalogues, detection Tomcat accesses day Will record case;
Output safety indicating risk is to destination file if non-record access daily record;If have recorded access log, access is checked Whether daily record opens %h, %t, %r, %s item then, and output safety indicating risk is to destination file if not opening.
Embodiment is only the specific case of the present invention, and scope of patent protection of the invention is including but not limited to above-mentioned Embodiment, any person of an ordinary skill in the technical field that meet claims of the present invention and any is to it The appropriate change or replacement done, it should all fall into the scope of patent protection of the present invention.

Claims (10)

1. a kind of automated detection method for Tomcat security configurations, it is characterised in that closed for Tomcat security configurations Key checkpoint, automatic detection program is write using Python, Tomcat is carried out by automatic detection programming automation Configuration file parses, and system command performs and data analysis, while compatible Windows and Linux platform so that Tomcat safety Configuration item can carry out one-touch automatic detection;
Its specific steps includes:
1)Tomcat installation path parameters are obtained, and obtain the OS Type that automatic detection program is currently run;
2)Tomcat versions are obtained by performing the version scripts under Tomcat installation directories in bin catalogues, and are output to knot In fruit file;
3)User when detecting Tomcat operations by performing Windows/Linux local commands, and judge whether the user has Administrator/root authorities, security risk is prompted in destination file if having;
4)Tomcat is detected by parsing the tomcat-users.xml configuration files under Tomcat installation directories in conf catalogues Back-stage management page account enables situation;
5)Tomcat application journeys are detected by parsing the server.xml configuration files under Tomcat installation directories in conf catalogues The preface and table of contents records priority assignation situation;
6)Tomcat access days are detected by parsing the server.xml configuration files under Tomcat installation directories in conf catalogues Will record case.
2. a kind of automated detection method for Tomcat security configurations according to claim 1, it is characterised in that described Step 1), using platform.platform () method in platform modules, obtain the automatic test program The OS Type currently run.
3. a kind of automated detection method for Tomcat security configurations according to claim 1, it is characterised in that described Step 2), when local command performs, use the subprocess.Popen methods of subprocess modules.
4. a kind of automated detection method for Tomcat security configurations according to claim 3, it is characterised in that described Step 2), if Windows systems then using cmd/k call orders operation version.bat, then make if linux system Version.sh is run with sh orders.
A kind of 5. automated detection method for Tomcat security configurations according to claim 4, it is characterised in that institute State step 3), then use tasklist/V if Windows systems | findstr " tomcat " order detection Tomcat operations User, then check that local group membership whether there is administrators using net user orders, if in the presence of if in result Security risk is prompted in file.
A kind of 6. automated detection method for Tomcat security configurations according to claim 4, it is characterised in that institute State step 3), then use ps-ef if linux system | grep tomcat orders detection Tomcat operation users, if root Security risk is then prompted in destination file;Otherwise check/etc/passwd in whether correspond to the 4th parameter of user's row be 0, It is root user's groups if 0, then security risk is prompted in destination file.
7. according to a kind of automated detection method for Tomcat security configurations of claim 5 or 6, it is characterised in that The step 4)If in tomcat-users.xml<tomcat-users>Deposited in user label roles property values under label In " manager-gui " item, and it is not annotated, then the username and password property values for obtaining this are output to result text In part, and prompt security risk.
8. a kind of automated detection method for Tomcat security configurations according to claim 7, it is characterised in that described Step 5), obtain first in server.xml<Host>The value of the appBase attributes of label, then checks under the path while deposits The directory entry of authority is being write and is performing, if being output in the presence of if in destination file and prompt security risk.
A kind of 9. automated detection method for Tomcat security configurations according to claim 8, it is characterised in that institute State step 5), the appBase property values of acquisition if " webapps ", then check ROOT catalogues under webapps catalogues, Manager catalogues, host-manager catalogues, if in the presence of and be not sky, result will not be output to for empty directory entry title In file and prompt security risk.
A kind of 10. automated detection method for Tomcat security configurations according to claim 9, it is characterised in that institute State step 6), first look in server.xml<Valve>The className property values of label are Whether the item of " org.apache.catalina.valves.AccessLogValve " is annotated, if being annotated, in result text Security risk is prompted in part;If not being annotated, its pattern property value content is checked, if %h, %t, %r, %s item is not present, Item output will then be lacked in destination file and prompt security risk.
CN201710630202.8A 2017-07-28 2017-07-28 A kind of automated detection method for Tomcat security configurations Pending CN107357736A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710630202.8A CN107357736A (en) 2017-07-28 2017-07-28 A kind of automated detection method for Tomcat security configurations

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710630202.8A CN107357736A (en) 2017-07-28 2017-07-28 A kind of automated detection method for Tomcat security configurations

Publications (1)

Publication Number Publication Date
CN107357736A true CN107357736A (en) 2017-11-17

Family

ID=60286419

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710630202.8A Pending CN107357736A (en) 2017-07-28 2017-07-28 A kind of automated detection method for Tomcat security configurations

Country Status (1)

Country Link
CN (1) CN107357736A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108769074A (en) * 2018-07-05 2018-11-06 郑州云海信息技术有限公司 A kind of web server method for testing security and system
CN110727467A (en) * 2019-10-22 2020-01-24 普元信息技术股份有限公司 System and method for realizing server performance optimization processing under big data environment
CN112733148A (en) * 2021-01-12 2021-04-30 北京旋极安辰计算科技有限公司 Java-based trusted policy automatic adaptation method

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102118257A (en) * 2009-12-31 2011-07-06 亿阳信通股份有限公司 Method and device for remote monitoring maintenance
CN105227630A (en) * 2015-08-27 2016-01-06 浪潮电子信息产业股份有限公司 A kind of based on APACHE, MOD_JK, TOMCAT load balancing implementation
US20160342448A1 (en) * 2012-06-07 2016-11-24 Vmware, Inc. Tracking changes that affect performance of deployed applications
CN106506209A (en) * 2016-11-03 2017-03-15 用友网络科技股份有限公司 The management method and system of service

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102118257A (en) * 2009-12-31 2011-07-06 亿阳信通股份有限公司 Method and device for remote monitoring maintenance
US20160342448A1 (en) * 2012-06-07 2016-11-24 Vmware, Inc. Tracking changes that affect performance of deployed applications
CN105227630A (en) * 2015-08-27 2016-01-06 浪潮电子信息产业股份有限公司 A kind of based on APACHE, MOD_JK, TOMCAT load balancing implementation
CN106506209A (en) * 2016-11-03 2017-03-15 用友网络科技股份有限公司 The management method and system of service

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
通往圣殿的路: "Tomcat系统加固规范", 《HTTPS://BLOG.51CTO.COM/LEOMARS/1571506》 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108769074A (en) * 2018-07-05 2018-11-06 郑州云海信息技术有限公司 A kind of web server method for testing security and system
CN108769074B (en) * 2018-07-05 2021-02-09 苏州浪潮智能科技有限公司 Web server security testing method
CN110727467A (en) * 2019-10-22 2020-01-24 普元信息技术股份有限公司 System and method for realizing server performance optimization processing under big data environment
CN112733148A (en) * 2021-01-12 2021-04-30 北京旋极安辰计算科技有限公司 Java-based trusted policy automatic adaptation method
CN112733148B (en) * 2021-01-12 2021-10-01 北京旋极安辰计算科技有限公司 Java-based trusted policy automatic adaptation method

Similar Documents

Publication Publication Date Title
CN103927484B (en) Rogue program behavior catching method based on Qemu simulator
Bhatkar et al. Dataflow anomaly detection
CN110321371A (en) Daily record data method for detecting abnormality, device, terminal and medium
JP5572763B2 (en) Website scanning apparatus and method
CN107357736A (en) A kind of automated detection method for Tomcat security configurations
US20100122313A1 (en) Method and system for restricting file access in a computer system
CN104144142B (en) A kind of Web bug excavation methods and system
JPWO2018235252A1 (en) Analyzing device, log analyzing method, and analyzing program
US8904350B2 (en) Maintenance of a subroutine repository for an application under test based on subroutine usage information
KR100968126B1 (en) System for Detecting Webshell and Method Thereof
CN106330599B (en) Android application program network flow multithreading acquisition system and method
CN109190368B (en) SQL injection detection device and SQL injection detection method
CN107590253A (en) A kind of automated detection method for MySQL database configuration security
CN102045220A (en) Wooden horse monitoring and auditing method and system thereof
CN104301304A (en) Vulnerability detection system based on large ISP interconnection port and method thereof
CN111092910A (en) Database security access method, device, equipment, system and readable storage medium
CN117336098A (en) Network space data security monitoring and analyzing method
CN107480525A (en) A kind of automated detection method of RabbitMQ security configurations
CN108334629A (en) A kind of grid equipment state data acquisition system based on automated test frame
CN109194670A (en) A kind of any file download leak detection method in website
Chaturvedi et al. Improving attack detection in host-based IDS by learning properties of system call arguments
Yuan et al. Research and implementation of security vulnerability detection in application system of WEB static source code analysis based on JAVA
CN109714199B (en) Network traffic analysis and traceability system based on big data architecture
CN102137297A (en) Data detection method based on digital set top box
CN112699373A (en) Method and device for detecting SQL injection vulnerability in batch

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20171117