CN107357922A - A kind of NFS of distributed file system accesses auditing method and system - Google Patents
A kind of NFS of distributed file system accesses auditing method and system Download PDFInfo
- Publication number
- CN107357922A CN107357922A CN201710600625.5A CN201710600625A CN107357922A CN 107357922 A CN107357922 A CN 107357922A CN 201710600625 A CN201710600625 A CN 201710600625A CN 107357922 A CN107357922 A CN 107357922A
- Authority
- CN
- China
- Prior art keywords
- nfs
- audit
- daily record
- access
- accesses
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/18—File system types
- G06F16/1805—Append-only file systems, e.g. using logs or journals to store data
- G06F16/1815—Journaling file systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/18—File system types
- G06F16/182—Distributed file systems
- G06F16/1824—Distributed file systems implemented using Network-attached Storage [NAS] architecture
- G06F16/183—Provision of network file services by network file servers, e.g. by using NFS, CIFS
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/70—Software maintenance or management
- G06F8/71—Version control; Configuration management
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- Data Mining & Analysis (AREA)
- Databases & Information Systems (AREA)
- Computer Security & Cryptography (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
Auditing method is accessed the invention discloses a kind of NFS of distributed file system and system, method comprise the following steps:Open and access audit function;Daily record rank is set;Audit log is redirected;Restart NFS services;Journal file management.System includes accessing Audit Module, to be turned on and off accessing audit function;Daily record level block, to set daily record rank;Daily record redirects module, to be redirected to audit log;NFS server resets modules, to restart NFS services;Log management module, to be managed to journal file.All operations and implementing result of the present invention using journal file record NFS clients, improve the security and traceability of NFS access, a kind of more intuitively access is provided for user and operates monitoring, and user can check to the various operations of NFS clients and implementing result in real time.
Description
Technical field
The present invention relates to a kind of NFS of distributed file system to access auditing method and system, belongs to distributed field system
The NFS monitoring technologies field of system.
Background technology
Storage system is the important component of computer system, in the current big data epoch, to the performance of storage system
Propose higher requirement.Cluster NAS (Network Attached Storage, network attached storage) is must in storage system
One of indispensable technology, it is a kind of calculate node set for the loose couplings being made up of multiple nodes, and collaboration is got up externally
High-performance, High Availabitity, the NFS storage services of high capacity equilibrium are provided.
NFS (Network File System) is NFS, and it allows to pass through between the computer in network
TCP/IP network shared resources.It is achieved in that the data accessed by all users can be stored in a central main frame
On (nfs server), the user on other different main frames (NFS clients) can be accessed on same central host by NFS
Data.
But there is unsafe factor in NFS access mechanisms, it is therefore desirable to which a kind of NFS accesses audit measure and visited to improve NFS
The security and traceability asked.
The content of the invention
For the deficiency of above-mentioned technology, the embodiments of the invention provide a kind of NFS of distributed file system to access audit
Method and be, its can be provided for user it is a kind of more intuitively access operation surveillance and control measure, user can be right in real time
The various operations of NFS clients and implementing result are checked.
The embodiment of the present invention solves its technical problem and adopted the technical scheme that:
On the one hand, there is provided a kind of NFS of distributed file system accesses auditing method, and it comprises the following steps:
Open and access audit function;
Daily record rank is set;
Audit log is redirected;
Restart NFS services;
Journal file management.
Alternatively, the process of the unlatching access audit function is:Audit (audit) is added in NFS configuration files to match somebody with somebody
Item is put, Audit configuration items are configured to true or false, and audit is accessed to open to access audit or close.
Alternatively, the setting other process of journal stage is:Audit_Level (audit levels are added in NFS configuration files
Not) configuration item, Audit_Level (audit rank) configuration item includes low daily record rank configuration item, middle daily record rank configures
Item and high daily record rank configuration item.
Alternatively, it is described to be to the process that audit log redirects:Log path configuration is added in NFS configuration files
, the log path configuration item includes specific deposit position and the journal file title of journal file.
Alternatively, it is described restart NFS service process be:Weight is carried out to NFS services after preserving the NFS configuration files of modification
Open.
Alternatively, the process of the journal file management is:When journal file reaches certain capacity, file is carried out
Packing unloading, then open a new journal file and carry out recording NFS access operations.
Alternatively, when the journal file have recorded station address in each NFS clients, the file accessed, access
Between and operation result information.
On the other hand, the NFS for additionally providing a kind of distributed file system accesses auditing system, and it includes:
Audit Module is accessed, to be turned on and off accessing audit function;
Daily record level block, to set daily record rank;
Daily record redirects module, to be redirected to audit log;
NFS server resets modules, to restart NFS services;
Log management module, to be managed to journal file.
Alternatively, the daily record level block include low daily record rank configuration module, middle daily record rank configuration item module and
High daily record rank configuration module.
Alternatively, when the journal file have recorded station address in each NFS clients, the file accessed, access
Between and operation result information.
Technical scheme provided in an embodiment of the present invention has the advantages that:
Scheme of the embodiment of the present invention controls the opening and closing of access audit function by changing NFS configuration file,
The operation of NFS clients can be recorded in the case where opening access audit function state;By being added in NFS configuration files
Rank configuration item audit to set daily record rank, realizes the record operated to different stage under NFS clients;By to day of auditing
Will is redirected to change specific deposit position and the journal file name of journal file, so as to the lookup of journal file;When
When journal file reaches certain capacity, the packing unloading of journal file is carried out, a new journal file is reopened and carries out
NFS accesses the record of operation, and the operation note of NFS clients is searched according to the period, convenient and swift, there is provided the reading of file
Take efficiency.
All operations and implementing result of the scheme of the embodiment of the present invention using journal file record NFS clients, to NFS
The concrete operations such as the address of each user in client, file, access time and the operating result accessed are recorded, and are improved
The security and traceability that NFS is accessed, provide a kind of more intuitively access for user and operate monitoring, user can be real
When the various operations of NFS clients and implementing result are checked.
Brief description of the drawings
With reference to Figure of description, the present invention will be described.
Fig. 1 is that a kind of NFS of distributed file system provided in an embodiment of the present invention accesses the flow signal of auditing method
Figure;
Fig. 2 is that a kind of NFS of distributed file system provided in an embodiment of the present invention accesses the structural representation of auditing system
Figure.
Embodiment
For the technical characterstic for illustrating this programme can be understood, below by embodiment, and its accompanying drawing is combined, to this hair
It is bright to be described in detail.Following disclosure provides many different embodiments or example is used for realizing the different knots of the present invention
Structure.In order to simplify disclosure of the invention, hereinafter the part and setting of specific examples are described.In addition, the present invention can be with
Repeat reference numerals and/or letter in different examples.This repetition is that for purposes of simplicity and clarity, itself is not indicated
Relation between various embodiments are discussed and/or set.It should be noted that part illustrated in the accompanying drawings is not necessarily to scale
Draw.Present invention omits the description to known assemblies and treatment technology and process to avoid being unnecessarily limiting the present invention.
Fig. 1 is that a kind of NFS of distributed file system provided in an embodiment of the present invention accesses the flow signal of auditing method
Figure.Referring to Fig. 1, a kind of NFS of distributed file system of the embodiment of the present invention accesses auditing method, and it comprises the following steps:
Open and access audit function;Access audit function opening process be:Audit is added in NFS configuration files (to examine
Meter) configuration item, Audit configuration items are configured to true or false, to open access audit or close access audit.By repairing
Change NFS configuration file and access the opening and closing of audit function to control, access can be right under audit function state opening
The operation of NFS clients is recorded.
Daily record rank is set;The other setting up procedure of journal stage is:Audit_Level (audits are added in NFS configuration files
Rank) configuration item, Audit_Level (audit rank) configuration item includes low daily record rank configuration item, middle daily record rank is matched somebody with somebody
Put item and high daily record rank configuration item.By adding audit rank configuration item in NFS configuration files, daily record rank is set, it is real
The record now operated to different stage under NFS clients.
Audit log is redirected;The process that redirects of audit log is:Daily record road is added in NFS configuration files
Footpath configuration item, the log path configuration item include specific deposit position and the journal file title of journal file.By to examining
Meter daily record is redirected to change specific deposit position and the journal file name of journal file, so as to looking into for journal file
Look for.
Restart NFS services;NFS service restarting process be:Progress is serviced to NFS after preserving the NFS configuration files of modification
Restart.
Journal file management;The management process of journal file is:When journal file reaches certain capacity, file is carried out
Packing unloading, then open a new journal file carry out record NFS access operation.Timed task is added to realize daily record
The packing unloading of file, when journal file reaches certain capacity, the packing unloading of journal file is carried out, reopens one
New journal file carries out the record that NFS accesses operation, and the operation note of NFS clients is searched according to the period, convenient fast
It is prompt, there is provided the reading efficiency of file.
Alternatively, journal file described in the embodiment of the present invention have recorded station address in each NFS clients, access
File, access time and operation result information.
A kind of NFS access auditing methods of distributed file system of the embodiment of the present invention can also use following feasible
Implementation, it is as follows that it implements process:
First, open access audit function and daily record rank is set
1st, the unlatching of audit function is accessed:Access audit function unlatching realized by changing NFS configuration file,
Audit configuration items are added in NFS configuration files, this be configurable to true and false, come control access the unlatching audited and
Close, the operation of NFS clients can be recorded under opening;
2nd, daily record rank is set:The other switch of journal stage in NFS configuration files by adding Audit_Level configuration items
To realize, this can configure basic, normal, high three kinds of daily record ranks, realize the record operated to different stage under NFS clients;
3rd, audit log redirects:In NFS configuration files add log path configuration item log_path=/
Var/log/ganesha_audit.log, i.e. journal file specific deposit position and journal file name;
By adding Audit=true in the NFS configuration files of distributed file system, unlatching accesses audit function,
Audit_Level=LOW/MID/HIGH (daily record rank is basic, normal, high three kinds, three kinds of optional one) is added, definition is specific
Daily record rank, log path configuration item log_path=/var/log/ganesha_audit.log is added, determine the tool of daily record
Body deposit position.
2nd, NFS services are restarted
Change after NFS configuration files, it is necessary to restart NFS services, the configuration file for ensureing newly to add comes into force.
3rd, daily record rank is confirmed and to journal file management
It is confirmed whether that the operation to NFS clients records according to the daily record rank of definition, carries out in recording process, when
When journal file reaches certain capacity, the packing unloading of file is carried out, the function is appointed by adding timing in an operating system
It is engaged in realize, after the completion of daily record unloading, the operation note that a new journal file carries out NFS clients can be opened.
During daily record rank is confirmed, the operation for client, it is confirmed whether according to the daily record rank of definition to this
Item operation is recorded, and is the behaviour of rename, remove, rmdir in linux system corresponding to Audit_Level=HIGH
Make;Be corresponding to Audit_Level=MID create, read, write, setfattr, link, mkdir, rename,
Remove, rmdir operation;Be corresponding to Audit_Level=LOW access, commit, getfattr, lookup,
Readdir, readlink, create, read, write, setfattr, link, mkdir, rename, remove, rmdir's
Operation.
During journal file management, the size of journal file is judged, journal file entered more than after limitation
Row packing and unloading, then a journal file is reopened, it is not above limitation and the daily record of corresponding level is just saved in daily record
In file.
Fig. 2 is that a kind of NFS of distributed file system provided in an embodiment of the present invention accesses the structural representation of auditing system
Figure.Referring to Fig. 2, a kind of NFS of distributed file system of the embodiment of the present invention accesses auditing system, and it includes:
Audit Module is accessed, to be turned on and off accessing audit function;
Daily record level block, to set daily record rank;
Daily record redirects module, to be redirected to audit log;
NFS server resets modules, to restart NFS services;
Log management module, to be managed to journal file.
Alternatively, the daily record level block include low daily record rank configuration module, middle daily record rank configuration item module and
High daily record rank configuration module.
Alternatively, when the journal file have recorded station address in each NFS clients, the file accessed, access
Between and operation result information.
All operations and implementing result of the scheme of the embodiment of the present invention using journal file record NFS clients, to NFS
The concrete operations such as the address of each user in client, file, access time and the operating result accessed are recorded, and are improved
The security and traceability that NFS is accessed, provide a kind of more intuitively access for user and operate monitoring, user can be real
When the various operations of NFS clients and implementing result are checked.
Simply the preferred embodiment of the present invention described above, for those skilled in the art,
Without departing from the principles of the invention, some improvements and modifications can also be made, these improvements and modifications are also regarded as this hair
Bright protection domain.
Claims (10)
1. a kind of NFS of distributed file system accesses auditing method, it is characterized in that, comprise the following steps:
Open and access audit function;
Daily record rank is set;
Audit log is redirected;
Restart NFS services;
Journal file management.
2. a kind of NFS of distributed file system according to claim 1 accesses auditing method, it is characterized in that, it is described to open
Open access audit function process be:In NFS configuration files add Audit configuration items, Audit configuration items be configured to true or
False, audit is accessed to open to access audit or close.
3. a kind of NFS of distributed file system according to claim 1 accesses auditing method, it is characterized in that, it is described to set
Putting the other process of journal stage is:Audit_Level configuration items, the Audit_Level configuration items are added in NFS configuration files
Including low daily record rank configuration item, middle daily record rank configuration item and high daily record rank configuration item.
4. a kind of NFS of distributed file system according to claim 1 accesses auditing method, it is characterized in that, it is described right
The process that audit log redirects is:Log path configuration item, the log path configuration item are added in NFS configuration files
Specific deposit position and journal file title including journal file.
5. a kind of NFS of distributed file system according to claim 1 accesses auditing method, it is characterized in that, it is described heavy
Opening the process that NFS is serviced is:NFS services are restarted after preserving the NFS configuration files of modification.
6. a kind of NFS of distributed file system according to claim 1 accesses auditing method, it is characterized in that, the day
The process of will file management is:When journal file reaches certain capacity, the packing unloading of file is carried out, then opens one
New journal file carries out recording NFS access operations.
7. a kind of NFS of distributed file system according to claim 1 to 6 any one accesses auditing method, it is special
Sign is that the journal file have recorded station address, file, access time and the operation knot of access in each NFS clients
Fruit information.
8. a kind of NFS of distributed file system accesses auditing system, it is characterized in that, including:
Audit Module is accessed, to be turned on and off accessing audit function;
Daily record level block, to set daily record rank;
Daily record redirects module, to be redirected to audit log;
NFS server resets modules, to restart NFS services;
Log management module, to be managed to journal file.
9. a kind of NFS of distributed file system according to claim 8 accesses auditing system, it is characterized in that, the day
Will level block includes low daily record rank configuration module, middle daily record rank configuration item module and high daily record rank configuration module.
10. a kind of NFS of distributed file system according to claim 8 or claim 9 accesses auditing system, it is characterized in that, institute
State journal file and have recorded station address in each NFS clients, the file, access time and the operation result information that access.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710600625.5A CN107357922A (en) | 2017-07-21 | 2017-07-21 | A kind of NFS of distributed file system accesses auditing method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710600625.5A CN107357922A (en) | 2017-07-21 | 2017-07-21 | A kind of NFS of distributed file system accesses auditing method and system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107357922A true CN107357922A (en) | 2017-11-17 |
Family
ID=60285225
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710600625.5A Pending CN107357922A (en) | 2017-07-21 | 2017-07-21 | A kind of NFS of distributed file system accesses auditing method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107357922A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108132815A (en) * | 2017-12-25 | 2018-06-08 | 郑州云海信息技术有限公司 | A kind of method, apparatus and storage medium of configuration file dynamic load |
CN108920347A (en) * | 2018-06-07 | 2018-11-30 | 郑州云海信息技术有限公司 | A kind of access auditing method and system based on distributed memory system |
CN110780857A (en) * | 2019-10-23 | 2020-02-11 | 杭州涂鸦信息技术有限公司 | Unified log component |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103685579A (en) * | 2014-01-13 | 2014-03-26 | 浪潮(北京)电子信息产业有限公司 | Shared access method of cluster NAS (network attached storage) system |
CN104320401A (en) * | 2014-10-31 | 2015-01-28 | 北京思特奇信息技术股份有限公司 | Big data storage and access system and method based on distributed file system |
CN104462349A (en) * | 2014-12-05 | 2015-03-25 | 曙光信息产业(北京)有限公司 | File processing method and file processing device |
CN104881353A (en) * | 2015-06-15 | 2015-09-02 | 成都千寻科技有限公司 | Hive platform oriented user behavior auditing system and method |
CN104881483A (en) * | 2015-06-05 | 2015-09-02 | 南京大学 | Automatic detecting and evidence-taking method for Hadoop platform data leakage attack |
CN105656903A (en) * | 2016-01-15 | 2016-06-08 | 国家计算机网络与信息安全管理中心 | Hive platform user safety management system and application |
CN105827574A (en) * | 2015-01-07 | 2016-08-03 | 中国移动通信集团设计院有限公司 | File access system, file access method and file access device |
CN106446079A (en) * | 2016-09-08 | 2017-02-22 | 中国科学院计算技术研究所 | Distributed file system-oriented file prefetching/caching method and apparatus |
-
2017
- 2017-07-21 CN CN201710600625.5A patent/CN107357922A/en active Pending
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103685579A (en) * | 2014-01-13 | 2014-03-26 | 浪潮(北京)电子信息产业有限公司 | Shared access method of cluster NAS (network attached storage) system |
CN104320401A (en) * | 2014-10-31 | 2015-01-28 | 北京思特奇信息技术股份有限公司 | Big data storage and access system and method based on distributed file system |
CN104462349A (en) * | 2014-12-05 | 2015-03-25 | 曙光信息产业(北京)有限公司 | File processing method and file processing device |
CN105827574A (en) * | 2015-01-07 | 2016-08-03 | 中国移动通信集团设计院有限公司 | File access system, file access method and file access device |
CN104881483A (en) * | 2015-06-05 | 2015-09-02 | 南京大学 | Automatic detecting and evidence-taking method for Hadoop platform data leakage attack |
CN104881353A (en) * | 2015-06-15 | 2015-09-02 | 成都千寻科技有限公司 | Hive platform oriented user behavior auditing system and method |
CN105656903A (en) * | 2016-01-15 | 2016-06-08 | 国家计算机网络与信息安全管理中心 | Hive platform user safety management system and application |
CN106446079A (en) * | 2016-09-08 | 2017-02-22 | 中国科学院计算技术研究所 | Distributed file system-oriented file prefetching/caching method and apparatus |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108132815A (en) * | 2017-12-25 | 2018-06-08 | 郑州云海信息技术有限公司 | A kind of method, apparatus and storage medium of configuration file dynamic load |
CN108920347A (en) * | 2018-06-07 | 2018-11-30 | 郑州云海信息技术有限公司 | A kind of access auditing method and system based on distributed memory system |
CN110780857A (en) * | 2019-10-23 | 2020-02-11 | 杭州涂鸦信息技术有限公司 | Unified log component |
CN110780857B (en) * | 2019-10-23 | 2024-01-30 | 杭州涂鸦信息技术有限公司 | Unified log component |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10885007B2 (en) | Custom metadata extraction across a heterogeneous storage system environment | |
CN103237046B (en) | Support distributed file system and the implementation method of mixed cloud storage application | |
CN106254466B (en) | HDFS distributed file sharing method based on local area network | |
CN106156289A (en) | The method of the data in a kind of read-write object storage system and device | |
CN101442558B (en) | Method and system for providing index service for P2SP network | |
CN102111285B (en) | Method and system for managing log information | |
CN103577482B (en) | A kind of webpage collection method, device and browser | |
CN107122377A (en) | Automatic Adaptation Data collection and storage assembly | |
CN103888499A (en) | Distributed object processing method and system | |
CN107357922A (en) | A kind of NFS of distributed file system accesses auditing method and system | |
CN104239353B (en) | WEB classification control and log audit method | |
CN109491589A (en) | A kind of delamination process and device based on file content | |
CN107026876A (en) | A kind of file data accesses system and method | |
Day | The long-term preservation of web content | |
CN106850761A (en) | Journal file storage method and device | |
CN103490978A (en) | Terminal, server and message monitoring method | |
CN105975352A (en) | Cache data processing method and server | |
CN103647753B (en) | LAN file security management method, server and system | |
CN110008197A (en) | A kind of data processing method, system and electronic equipment and storage medium | |
CN106796542A (en) | Merge storage operation | |
CN114547204A (en) | Data synchronization method and device, computer equipment and storage medium | |
US20230385280A1 (en) | Database system with run-time query mode selection | |
CN108197323A (en) | Applied to distributed system map data processing method | |
CN103714089B (en) | A kind of method and system for realizing cloud rollback database | |
Johnston | Challenges in preservation and archiving digital materials |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20171117 |