CN108092936A - A kind of Host Supervision System based on plug-in architecture - Google Patents
A kind of Host Supervision System based on plug-in architecture Download PDFInfo
- Publication number
- CN108092936A CN108092936A CN201611032382.1A CN201611032382A CN108092936A CN 108092936 A CN108092936 A CN 108092936A CN 201611032382 A CN201611032382 A CN 201611032382A CN 108092936 A CN108092936 A CN 108092936A
- Authority
- CN
- China
- Prior art keywords
- client
- module
- plug
- server
- management module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/3051—Monitoring arrangements for monitoring the configuration of the computing system or of the computing system component, e.g. monitoring the presence of processing resources, peripherals, I/O links, software programs
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
- H04L67/025—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1001—Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- Quality & Reliability (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a kind of Host Supervision System based on plug-in architecture, wherein, including:Server-side and at least a client;Client includes:Insert receptacle and a variety of safety inserts, insert receptacle are used to configure a variety of safety inserts;Server-side includes monitoring system, and monitoring system includes system management module, audit management module, policy management module, assets management module, situation monitoring module, organization and administration module and document management module;System management module is used for the configuration management at management service end;Audit management module is used for client log management;Policy management module is used for managing security policies, and is sent to client, and safety insert is configured according to security strategy according to end;Assets management module is used to be managed client;Situation monitoring module is monitored for the state of each client;Organization and administration module is used to be managed user information;Document management module is used for the upgrading of the safety insert of management client.
Description
Technical field
The invention belongs to technical field of network security, more particularly to a kind of Host Supervision System based on plug-in architecture.
Background technology
In recent years, it is continuously increased with the scale of the applications of computer network with complexity, network security problem has become
Focus of concern.Most government, enterprise all deploy a system such as antivirus software, fire wall, intruding detection system at present
Row protection capacity of safety protection software, this solves external safety problem to a certain extent.But according to statistics, the network security more than 50%
Problem is derived from carried out by internal staff.Therefore, in order to meet the needs to internal information spy, Host Supervision System is met the tendency of
And give birth to, it can effectively control use of the internal user to end host and network, prevent the generation of internal unlawful practice, simultaneously
There is powerful log audit, so that in the future related personnel examines, collects evidence.
Good pipe in order to ensure Host Supervision System, handy for administrator and user, good software architecture is set
Meter seems most important.
In computer safety monitoring correlative technology field, the patent of Application No. CN201210510366.4 discloses one kind
The reinforcement means of Intrusion Detection based on host monitor operating system, it solves the safety controlled using the kernel level control based on Rootkit
Property, reliability, the management complexity of a catenet group of planes/net group is solved using tree-like security domain system, using distributed strategy
Description language solves monitoring demand and the flexible of methods, deep layer statement.Although the method is to the security function of end host
It is described in detail with security model, but is the absence of the global design to client-server end-rack structure, one can not be built
Complete user's operation flow, therefore with certain use limitation.The patent of Application No. CN201520188838.8 is public
A kind of host monitor and auditing system based on server architecture are opened, it is by setting interchanger to be used as relay device, certification
Server, network monitoring server, vulnerability scanning server are connected with interchanger, and the relevant information of monitored computer is passed through
Interchanger is transmitted to administrative center, and topological structure is simple, can realize certification and monitoring to the computer that is monitored.Though this system
The certification and monitoring to the computer that is monitored so are realized, but flexibility and ease for use are lacked to the management of its security function:It is first
First, server-side administrative staff dynamically can not be increased, be changed or be deleted to the security function on terminal computer;Secondly,
Terminal user lacks for the current safe condition of terminal intuitively, clearly to be grasped.
By the above, from the angle of software user, at present Host Supervision System also there are software ease for use and
The problem of scalability:After software deployment success, terminal user is difficult to know the current SOT state of termination and specific safety
Strategy causes inconvenient for use;Meanwhile if administrator wants to increase or repairs some security function, technical staff's modification must be allowed whole
A client software, then update, causes management inconvenient;In addition, when network size gradually increases, administrator it is difficult to ensure that
It being capable of reduction even collapse of the huge terminal of controlling quantity without causing performance simultaneously.
The content of the invention
It is an object of the invention to provide a kind of Host Supervision System based on plug-in architecture, for solving above-mentioned existing skill
The problem of art.
A kind of Host Supervision System based on plug-in architecture of the present invention, wherein, including:Server-side and at least a client
End;Client includes:Insert receptacle and a variety of safety inserts, insert receptacle are used to configure a variety of safety inserts;Server-side includes
Monitoring system, monitoring system include system management module, audit management module, policy management module, assets management module, situation
Monitoring module, organization and administration module and document management module;System management module is used for the configuration management at management service end;It examines
Management module is counted to be used for client log management;Policy management module is used for managing security policies, and is sent to client, root
Safety insert is configured according to security strategy according to end;Assets management module is used to be managed client;Situation monitoring module is used
It is monitored in the state of each client;Organization and administration module is used to be managed user information;Document management module is used for
The upgrading of the safety insert of management client.
One embodiment of the Host Supervision System according to the present invention based on plug-in architecture, wherein, client further includes visitor
Family end interface, for providing a user operation interface.
One embodiment of the Host Supervision System according to the present invention based on plug-in architecture, wherein, server-side further includes:It is negative
Balance module is carried, for carrying out load balancing to multiple monitoring systems in server-side.
One embodiment of the Host Supervision System according to the present invention based on plug-in architecture, wherein, the insert receptacle is to visitor
All kinds of safety inserts on the end of family are managed and control work.
One embodiment of the Host Supervision System according to the present invention based on plug-in architecture, wherein, which also wraps
It includes:Server-side heartbeat module, for sending heartbeat message to server-side, to maintain to be connected with the communication data of server-side.
One embodiment of the Host Supervision System according to the present invention based on plug-in architecture, wherein, which also wraps
It includes:Plug-in unit end heartbeat module for receiving the heartbeat message of the respectively safety insert, maintains the communication data with the respectively safety insert
Connection.
One embodiment of the Host Supervision System according to the present invention based on plug-in architecture, wherein, which receives visitor
After the log-on message at family end, organize the user belonging to module polls active client and organization whether there is, if not
In the presence of then returning to mistake;If in the presence of the current client for initiating registration request is converted into providing in net by assets management module
Production, and uniformly safeguarded in follow-up management.
One embodiment of the Host Supervision System according to the present invention based on plug-in architecture, wherein, which is taking
Business end completes to set, and after server-side sets security strategy, policy management module can be by the security strategy and corresponding safety
Plug-in unit pushes to bound client in the form of data flow;After client receives data flow, safety insert is placed on
In insert receptacle;And security strategy is stored.
One embodiment of the Host Supervision System according to the present invention based on plug-in architecture, wherein, insert receptacle includes:Match somebody with somebody
Module is put, for reading and writing client and server-side configuration information;Registration module, for initiating registration request to server-side;Strategy
Module for receiving the security strategy issued from server-side, and distributes to specified safety insert;Audit Module, for collecting visitor
The User operation log that family end generates, and report to server-side;Control module, for providing the startup of safety insert, restarting, stop
Only with status inquiry interface;Patch module issues for receiving and updating the patch from server-side.
One embodiment of the Host Supervision System according to the present invention based on plug-in architecture, wherein, safety insert includes:Outside
If controlling plug-in unit, for carrying out the control of permission to USB port, serial ports, wireless network card, CD-ROM drive and printer;Software controls
Plug-in unit, for carrying out the control of permission to the software process run in client;Network controls plug-in unit, for Configuration network address
Blacklist or network address white list carry out the permission control of the access of network;Illegal external connection plug-in unit is for detecting customer terminal
It is no to be connected to external network;Document control plug-in unit is for user under monitor client specified directory to the operation behavior of file.
The Host Supervision System based on plug-in architecture of the present invention takes into full account the ease for use of Host Supervision System and can expand
The principle of malleability comprehensively utilizes server-side-client framework and plug-in architecture, selectively using light weight, cross-platform, high efficiency
Python Flask and Qt technologies, compensate for deficiency of the legacy hosts monitoring system on using, effectively reduce administrator
Maintenance difficulties and improve reliability.It is embodied in:(1) by server-side-client framework, both ends hardware is made full use of
Task is reasonably allocated to client and server-side to realize by the advantage of environment, is reduced system communication expense, while is being serviced
End introduces load balancing and vessel isolation mechanism, has ensured the high concurrent and high fault tolerance of Web application services;(2) plug-in unit is used
Framework makes client software possess good function extensibility, while customizability is high, can adapt to different exploitation needs,
And it supports gradual exploitation, function can be stepped up, the loading and unloading that in addition plug-in unit can be independent so that it compares appearance
Easily deployment;(3) by introducing outstanding third party software Development Framework so that whole system possesses cross-platform, exploitation efficiently, clearly
The characteristics of clear easy-to-use, reliable and stable.
Description of the drawings
Fig. 1 show the module map of the Host Supervision System the present invention is based on plug-in architecture;
Fig. 2 show the Organization Chart of Host Supervision System server-side;
Fig. 3 show the Organization Chart of insert receptacle;
The storing directory specification schematic diagram of the relevant information file of safety insert shown in Fig. 4;
Fig. 5 show the execution specification figure of safety insert;
Fig. 6 show the work flow diagram of the Host Supervision System the present invention is based on plug-in architecture.
Specific embodiment
To make the purpose of the present invention, content and advantage clearer, with reference to the accompanying drawings and examples, to the present invention's
Specific embodiment is described in further detail.
Fig. 1 show the module map of the Host Supervision System the present invention is based on plug-in architecture, as shown in Figure 1, base of the present invention
It is mainly made of in the Host Supervision System of plug-in architecture server-side and client two large divisions.The present embodiment include server-side 1,
Client 2 and client 3.Client 2 includes:Insert receptacle 21, safety insert 1-k, client end interface 23.Client 3 is wrapped
It includes:Insert receptacle 31, safety insert 1-t, client end interface 33.
As shown in Figure 1, to meet the requirement of high concurrent caused by ten hundreds of terminals, server-side is born using Nginx
A kind of balanced 12 (high performance HTTP and Reverse Proxies) are carried to realize load balancing;Simultaneously as rear end
Tomcat (a kind of lightweight Web Application Server software based on Java) handles the limited capacity of client access request, adopts
With the Docker containers increased income, Tomcat is copied into multiple, be deployed in respectively in each Docker 1-n.Each Docker is
One flexibly configurable and the independent operating environment managed, internal Tomcat runs a set of Web service, being capable of complete independently
Related work.Which can increase the isolation between Tomcat while server access pressure is reduced, and avoid mutually
It influences, therefore ensures that the reliable of entire server-side.Host monitor is provided from the Web service in the angle of function, Tomcat
Management and control function needed for system.
Fig. 2 show the Organization Chart of Host Supervision System server-side, as shown in Fig. 2, the work(of Host Supervision System server-side
Energy module is arranged in Tomcat, including seven modules, system management module 13, audit management module 14, policy management module
15th, assets management module 16, situation monitoring module 17, organization and administration module 18 and document management module 19.
As shown in Fig. 2, system management module 13 is responsible for the superior and the subordinate's platform cascade, the Admin Access's control of server-side 1
System, menu resource distribution, data backup restoration and system security configuration.Audit management module is mainly realized to terminal daily record and use
The collection of family daily record, arrangement are presented, imported and exported.Policy management module 15 is the core of the host monitor function of server-side 1,
It can generate, issue and managing security policies, including terminal authentication control strategy, software white list control strategy, peripheral hardware control
Make strategy, Network Acccss Control Policy, illegal external connection control strategy, file operation control strategy.Assets management module 16 is responsible for
Each Terminal Type in network is managed, is considered as an assets per station terminal, its registration, registration, information conversion and
It destroys, is realized by the module.Situation monitoring module 17 can carry out unified prison to the sub-network in network and affiliated terminal
Control supports the visualization of the physical location based on map and the logical place based on state to present, administrator can be facilitated quick
Terminal or the inquiry of user are carried out, and learns current all kinds of violation warning information accurately and in time.It is main to organize module 18
It is responsible for the management to organization and user's personal information, including inquiring about, adding, changing, deleting and converting.Document management module
19 are responsible for the Miscellaneous Documents needed for terminal, including:Security strategy performs relied on safety insert, terminal operating system liter
Patch file, client terminal software updating installation kit needed for grade.
Fig. 3 show the Organization Chart of insert receptacle, as shown in Figure 1 and Figure 3, by taking client 2 as an example, 21 He of insert receptacle
Safety insert 1-k is together constituted " plug-in architecture ", and safety insert 1-k is independent mutually, can effectively avoid what is interdepended from asking
Topic.In the present embodiment, the operation of insert receptacle 21 includes following eight modules:Plug-in unit end heartbeat module 218 is responsible for receiving all kinds of
The heartbeat message of safety insert, maintenance are connected with the communication data of plug-in unit.Configuration module 217, be responsible for read, write-in client and
Server-side configuration information, such as IP address, port, interface name.Registration module 215 is responsible for initiating registration request to server-side,
It is the premise that client successfully networks.Policy module 213 is responsible for checking, be dispatched, the security strategy that update is issued from server-side,
And distribute to specified safety insert.Audit Module 126 is responsible for collecting the User operation log that client generates, and reports to clothes
Business end.Control module 214 is responsible for providing the startup of safety insert, restarts, stops and status inquiry interface, for interface program or
Server-side is called.Patch module 212 is responsible for patch of the reception from server-side and issues request, and is performed locally patch
Download and installation.Server-side heartbeat module 211 is responsible for sending heartbeat message to server-side, believes including end message, patch
Breath, safety insert status information etc., maintenance are connected with the communication data of server-side.
As shown in figure 3, insert receptacle 21 has lightweight, advantage cross-platform, expansible, development efficiency is high, therefore can
To be suitable for multiclass hardware and software platform, as the Windows/Linux operating systems under x86 frameworks, the production domesticization under ARM frameworks are grasped
Make system etc..Meanwhile insert receptacle 21 employs Flask Web technologies, between terminal and server, play data processing and
The effect of communication agent directly communicates with server-side, reception and reported data.In addition, insert receptacle 21 can AM automatic monitoring
Socket connections in client 2 provide management and control ability for all kinds of safety inserts in terminal.
With reference to figure 3, the associated safety plug-in unit of the present embodiment is sketched:Safety insert includes peripheral hardware control plug-in unit, software control
Plug-in unit, network control plug-in unit, illegal external connection plug-in unit, document control plug-in unit etc., they are the final executors of security strategy.Peripheral hardware
Control plug-in unit:" permission " or the control of " forbidding " are carried out to USB port, serial ports, wireless network card, CD-ROM drive, printer etc..Software control
Plug-in unit processed:The control of " RUN " or " forbidding " is carried out to the software process run in client.Network controls plug-in unit:It can configure
Network address blacklist or network address white list, forbid or allow the access of network.Illegal external connection plug-in unit:Detecting customer terminal is
It is no to be connected to external network, such as internet, and corresponding control measure are taken, such as suspension, shutdown.Document control plug-in unit:Monitoring
User is to the operation behavior of file under client specified directory, including operations such as file reading and writing, renaming, deletions.
As shown in figure 3, such as peripheral hardware control plug-in unit, when server-side issues the peace of one " forbidding using USB storage device "
It after full strategy, is forwarded via the information of insert receptacle, peripheral hardware control plug-in unit can read this strategy, then start in the plug-in unit
USB storage device monitoring programme, once user is inserted into USB storage device, monitoring programme then blocks user's operation so that should
USB storage device fails, and generates a daily record in real time, records the violation operation of the user.
The storing directory specification schematic diagram of the relevant information file of safety insert shown in Fig. 4, as shown in figure 4, in bin catalogues
Store the executable program of safety insert;Safety insert is stored in libs catalogues and performs relied on dynamic library file;Md5 files
The plug-in unit is uniquely determined, the update of plug-in unit can be conducive to;Log catalogues store the daily record of plug-in unit generation;Policy catalogues are deposited
Put the Java.policy that server-side issues;Correlated variables during var catalogues storage plug-in component operation.
Fig. 5 show the execution specification figure of safety insert, as shown in figure 5, start, starts plug-in unit, and remain on shape
State;Stop stops plug-in unit;Restart restarts running plug-in unit;Status, the current state of query plugin, that is, transport
Row stops.
Client end interface is then located at the upper strata of insert receptacle, is responsible for directly interacting with terminal user.It is presented to use
Family is the safe condition of insert receptacle and the state of safety insert, i.e. present terminal, and provides operate interface and carried out for user
Mouse, keyboard operation, including checking system resource, startup/stopping safety insert, inquiry audit log, configuration system information, end
End registration etc..Client end interface is suitable for multiclass hardware and software platform, while has abundant API, and 2D/3D figures is supported to render,
Good usage experience can be provided to the user.
A kind of Host Supervision System based on plug-in architecture of the present invention, typically used as flow comprise the following steps:
Step 1:Client registers are to server-side.
The purpose of this step is the management in order to which client is made to receive server-side.
Step 2:Server-side issues security strategy to client.
The purpose of this step is to ensure that client possesses specific security monitoring ability.
Step 3:Client reports audit log to server-side.
The purpose of this step is audit, the retrospect for facilitating server-side to client and user.
Step 4:Server-side updates security strategy to client.
The purpose of this step is to ensure that the security function of client possesses flexible configurability.
Fig. 6 show the work flow diagram of the Host Supervision System the present invention is based on plug-in architecture, as shown in fig. 6, this hair
The workflow of the bright Host Supervision System based on plug-in architecture comprises the following steps:
Step 1:Client registers are to server-side.
(1) user configures server-side IP address, port numbers and local IP address on client end interface, at this time insert receptacle
In configuration module can store the data to local data base, and by server-side heartbeat module read data, start by client
Heartbeat message is sent to server-side.
(2) user inputs the information such as user name, account, organization in client, performs registration operation.Plug-in unit holds at this time
The user's information can be sent to the assets management module of server-side by the registration module in device.
(3) server-side receives the log-on message of client, and the organization and administration module of server-side can inquire about active client institute
The user of category and organization whether there is, if being not present, prompt error message;If in the presence of assets management module will provide
Conversion operation is produced, the current client for initiating registration request is converted into net assets, and is uniformly tieed up in follow-up management
Shield.Client is connected with the heartbeat of server-side at this time will keep stablizing.
Step 2:Server-side issues security strategy to client.
(1) administrator writes the safety insert of completion in server-side by document management module upload in advance, this is inserted safely
Part exists in the form of compressed file, and the catalogue format after decompression meets the plug-in unit catalogue specification defined in the present invention.
(2) administrator creates a certain security strategy in server-side, and the strategy then is tied to one or more assets
(i.e. client), the policy management module of server-side can be by the security strategy and corresponding safety insert with data flow at this time
Form push to bound client.
(3) after the server-side heartbeat module in client plug-in container receives data flow, safety insert can be put first
It puts in insert receptacle;Policy data circulation is sent to policy module simultaneously, the latter can incite somebody to action according to certain form automatically
The data flow is assembled, and generates the strategy file of xml forms, and is stored under the policy catalogues of corresponding safety insert.
Step 3:Client reports audit log to server-side.
(1) after security strategy issues, the safety insert of client reads the Java.policy under policy catalogues, and certainly
Dynamic triggering start orders go to perform, and can open the process of the host monitor of such safety insert in client background at this time.With this
It, can also be right on client end interface by the control module in insert receptacle meanwhile if client user possesses certain permission
Safety insert is manually started, is stopped, being restarted, status inquiry operation.
(2) if a certain operation of user violates the security strategy, such as the corresponding current safety of peripheral hardware control plug-in unit
Strategy is " USB device is forbidden to be inserted into ", and user inserts USB device, the background monitoring process meeting of the plug-in unit of peripheral hardware control at this time
The operation is captured in time, and is blocked.Background monitoring process can automatically generate audit log simultaneously, record violation operation
The information such as time of origin, user, main body, object, event description, event result, and audit log is stored in the form of a file
In the log subdirectories of corresponding safety insert catalogue.
(3) the Audit Module Xun Huan of client plug-in container reads the journal file of log subdirectories in each plug-in unit catalogue,
After reading successfully, Audit Module can be handled the log information in this document twice:The local of client is stored in first
Database reads the log information in local data base by client end interface program timing, and by the presentation of information in client
Interface is voluntarily checked for client user;Log information can then be sent to the audit management module of server-side, server-side into
Filtering, matching, conversion and the preservation of row Audit data, and be shown in Web page, it is checked for administrator.Administrator
Can unified log query be carried out to all clients in network by situation monitoring module and pass through system management module
Daily record data is backed up or is recovered.
Step 4:Server-side updates safety insert and security strategy to client.
(1) may need to upgrade optimization due to function, some safety insert is changed.Administrator is in server-side at this time
Pass amended safety insert.Since the plug-in unit end heartbeat module in client plug-in container periodically detection can work as anterior plug-in
Whether md5 values and the plug-in unit md5 values that server-side is sent are consistent, therefore after administrator uploads new safety insert success, client
End can detect that two md5 values are inconsistent, and client plug-in container is then thought to need to update when anterior plug-in, can be sent to server-side
Update request, the new safety insert of active push to client, the latter covers new safety insert after server-side receives request
Fall old safety insert, and retain current security strategy and current plug-in component operation state, client secure is completed with this and is inserted
" silence " update of part.
(2) if certain security strategy needs to change, administrator changes the security strategy in server-side.Since client is inserted
Server-side heartbeat module in part container can periodically send the cryptographic Hash of current all security strategies, while server-side to server-side
The cryptographic Hash of client transmission can be matched and whether the cryptographic Hash of current safety strategy matches, therefore when administrator changes certain peace
After full strategy, server-side can detect that the tactful cryptographic Hash that the cryptographic Hash of current strategies and client are sent is inconsistent, server-side
It is thus regarded that the security strategy of client needs to update, then new security strategy can be issued to client, to replace client
Strategy file old in plug-in unit catalogue policy subdirectories is held, while does not influence the normal operation of current safety plug-in unit, it is complete with this
" silence " into client secure strategy updates.
To solve the above-mentioned problems, the present invention proposes a kind of Host Supervision System based on plug-in architecture.By to calculating
The fine granularity centralized management of the key elements such as personnel, hardware, software and strategy in environment realizes that information entity is secure and trusted, believes
Cease the controllable basic calculation environment of flow.On the one hand, with reference to C/S's (client-side/server-side) and B/S (browser/server-side)
Use pattern is provided which good user experience in terminal and browser;It on the other hand, will using plug-in architecture
Terminal security function is designed to the form of " kernel+plug-in unit ", reduces the coupling between module with this, realizes terminal security work(
The dynamic adjustment of energy module, reduces the maintenance difficulties of administrator, increases software reliability to a certain extent.
Compared with prior art, the present invention has the following advantages:
The present invention takes into full account the ease for use of Host Supervision System and the principle of scalability, comprehensively utilizes server-side-visitor
Family end-rack structure and plug-in architecture selectively using light weight, cross-platform, efficient Python Flask and Qt technologies, make up
Deficiency of the legacy hosts monitoring system on using, effectively reduces the maintenance difficulties of administrator and improves reliability.Tool
Body is shown as:(1) by server-side-client framework, the advantage of both ends hardware environment is made full use of, task is reasonably allocated to
Client and server-side are realized, are reduced system communication expense, while are introduced load balancing and vessel isolation machine in server-side
System, has ensured the high concurrent and high fault tolerance of Web application services;(2) using plug-in architecture, possess client software good
Function extensibility, while customizability is high, can adapt to different exploitation needs, and support gradual exploitation, it can be progressively
Increase function, the loading and unloading that in addition plug-in unit can be independent so that it is easier to dispose;(3) by introducing outstanding
Software of the third party Development Framework so that whole system possesses the characteristics of cross-platform, exploitation is efficient, clear easy-to-use, reliable and stable.
The above is only the preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art
For member, without departing from the technical principles of the invention, several improvement and deformation can also be made, these are improved and deformation
Also it should be regarded as protection scope of the present invention.
Claims (10)
1. a kind of Host Supervision System based on plug-in architecture, which is characterized in that including:
Server-side and at least a client;Client includes:Insert receptacle and a variety of safety inserts, insert receptacle are used to configure
A variety of safety inserts;Server-side includes monitoring system, and monitoring system includes system management module, audit management module, strategy pipe
Manage module, assets management module, situation monitoring module, organization and administration module and document management module;
System management module is used for the configuration management at management service end;Audit management module is used for client log management;Plan
Slightly management module is for managing security policies, and is sent to client, and safety insert is configured according to security strategy according to end;Assets
Management module is used to be managed client;Situation monitoring module is monitored for the state of each client;Organization and administration
Module is used to be managed user information;Document management module is used for the upgrading of the safety insert of management client.
2. the Host Supervision System based on plug-in architecture as described in claim 1, which is characterized in that client further includes client
Interface is held, for providing a user operation interface.
3. the Host Supervision System based on plug-in architecture as described in claim 1, which is characterized in that server-side further includes:It is negative
Balance module is carried, for carrying out load balancing to multiple monitoring systems in server-side.
4. the Host Supervision System based on plug-in architecture as described in claim 1, which is characterized in that the insert receptacle is to client
All kinds of safety inserts on end are managed and control work.
5. the Host Supervision System based on plug-in architecture as described in claim 1, which is characterized in that the insert receptacle is also wrapped
It includes:Server-side heartbeat module, for sending heartbeat message to server-side, to maintain to be connected with the communication data of server-side.
6. the Host Supervision System based on plug-in architecture as described in claim 1, which is characterized in that the insert receptacle is also wrapped
It includes:Plug-in unit end heartbeat module for receiving the heartbeat message of the respectively safety insert, maintains the communication data with the respectively safety insert
Connection.
7. the Host Supervision System based on plug-in architecture as described in claim 1, which is characterized in that the server-side receives client
After the log-on message at end, organize the user belonging to module polls active client and organization whether there is, if not depositing
Then returning to mistake;If in the presence of, the current client for initiating registration request is converted into net assets by assets management module,
And it is uniformly safeguarded in follow-up management.
8. the Host Supervision System based on plug-in architecture as described in claim 1, which is characterized in that the safety insert is servicing
End completes to set, and after server-side sets security strategy, policy management module can insert the security strategy and corresponding safety
Part pushes to bound client in the form of data flow;After client receives data flow, safety insert is placed on slotting
In part container;And security strategy is stored.
9. the Host Supervision System based on plug-in architecture as described in claim 1, which is characterized in that insert receptacle includes:Match somebody with somebody
Module is put, for reading and writing client and server-side configuration information;Registration module, for initiating registration request to server-side;Strategy
Module for receiving the security strategy issued from server-side, and distributes to specified safety insert;Audit Module, for collecting visitor
The User operation log that family end generates, and report to server-side;Control module, for providing the startup of safety insert, restarting, stop
Only with status inquiry interface;Patch module issues for receiving and updating the patch from server-side.
10. the Host Supervision System based on plug-in architecture as described in claim 1, which is characterized in that safety insert includes:Outside
If controlling plug-in unit, for carrying out the control of permission to USB port, serial ports, wireless network card, CD-ROM drive and printer;Software controls
Plug-in unit, for carrying out the control of permission to the software process run in client;Network controls plug-in unit, for Configuration network address
Blacklist or network address white list carry out the permission control of the access of network;Illegal external connection plug-in unit is for detecting customer terminal
It is no to be connected to external network;Document control plug-in unit is for user under monitor client specified directory to the operation behavior of file.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611032382.1A CN108092936A (en) | 2016-11-22 | 2016-11-22 | A kind of Host Supervision System based on plug-in architecture |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611032382.1A CN108092936A (en) | 2016-11-22 | 2016-11-22 | A kind of Host Supervision System based on plug-in architecture |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108092936A true CN108092936A (en) | 2018-05-29 |
Family
ID=62168707
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201611032382.1A Pending CN108092936A (en) | 2016-11-22 | 2016-11-22 | A kind of Host Supervision System based on plug-in architecture |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108092936A (en) |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108881211A (en) * | 2018-06-11 | 2018-11-23 | 杭州盈高科技有限公司 | A kind of illegal external connection detection method and device |
CN111385285A (en) * | 2019-12-30 | 2020-07-07 | 杭州迪普科技股份有限公司 | Method and device for preventing illegal external connection |
CN111741078A (en) * | 2020-05-29 | 2020-10-02 | 深圳市伟众信息技术有限公司 | White list platform message system and method |
CN111865971A (en) * | 2020-07-17 | 2020-10-30 | 成都三零凯天通信实业有限公司 | Kubernetes service container security detection method based on sidecar scheme |
CN113157441A (en) * | 2021-03-24 | 2021-07-23 | 北京云上曲率科技有限公司 | Distributed decentralized load balancing method and system |
CN113541308A (en) * | 2021-06-18 | 2021-10-22 | 广西电网有限责任公司梧州供电局 | Network security visualization system of smart power grid server |
CN113596187A (en) * | 2021-06-25 | 2021-11-02 | 新浪网技术(中国)有限公司 | Domain name configuration management system |
CN114780353A (en) * | 2022-06-15 | 2022-07-22 | 统信软件技术有限公司 | File log monitoring method and system and computing device |
Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070039049A1 (en) * | 2005-08-11 | 2007-02-15 | Netmanage, Inc. | Real-time activity monitoring and reporting |
CN101567888A (en) * | 2008-12-29 | 2009-10-28 | 郭世泽 | Safety protection method of network feedback host computer |
CN101605056A (en) * | 2009-06-16 | 2009-12-16 | 中兴通讯股份有限公司 | A kind of J2EE server monitoring device and adopt the method for supervising of this device |
CN101808051A (en) * | 2010-03-15 | 2010-08-18 | 天津威奕达科技有限责任公司 | Application integration gateway and control method thereof |
CN101847116A (en) * | 2010-05-05 | 2010-09-29 | 中兴通讯股份有限公司 | Monitoring system based on J2EE framework and method |
CN101938376A (en) * | 2010-09-08 | 2011-01-05 | 中兴通讯股份有限公司 | Method and system for realizing function use of administrator client |
CN102710441A (en) * | 2012-05-31 | 2012-10-03 | 朱峻茂 | Uniform-interface-based multi-platform information acquisition method and information acquisition system |
CN103413088A (en) * | 2012-07-09 | 2013-11-27 | 深圳市利谱信息技术有限公司 | Computer document operational safety audit system |
CN105072167A (en) * | 2015-07-24 | 2015-11-18 | 江苏省公用信息有限公司 | Monitoring method applied to portal host system |
CN105323273A (en) * | 2014-06-27 | 2016-02-10 | 中国电信股份有限公司 | Method, apparatus and system for controlling energy consumption monitoring system |
CN105808240A (en) * | 2016-03-01 | 2016-07-27 | 北京量邦信息科技股份有限公司 | Method for realizing user isolation under online programming environment |
CN105979009A (en) * | 2016-07-06 | 2016-09-28 | 乾云众创(北京)信息科技研究院有限公司 | Method for automatically balancing increased load of cloud application container |
-
2016
- 2016-11-22 CN CN201611032382.1A patent/CN108092936A/en active Pending
Patent Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070039049A1 (en) * | 2005-08-11 | 2007-02-15 | Netmanage, Inc. | Real-time activity monitoring and reporting |
CN101567888A (en) * | 2008-12-29 | 2009-10-28 | 郭世泽 | Safety protection method of network feedback host computer |
CN101605056A (en) * | 2009-06-16 | 2009-12-16 | 中兴通讯股份有限公司 | A kind of J2EE server monitoring device and adopt the method for supervising of this device |
CN101808051A (en) * | 2010-03-15 | 2010-08-18 | 天津威奕达科技有限责任公司 | Application integration gateway and control method thereof |
CN101847116A (en) * | 2010-05-05 | 2010-09-29 | 中兴通讯股份有限公司 | Monitoring system based on J2EE framework and method |
CN101938376A (en) * | 2010-09-08 | 2011-01-05 | 中兴通讯股份有限公司 | Method and system for realizing function use of administrator client |
CN102710441A (en) * | 2012-05-31 | 2012-10-03 | 朱峻茂 | Uniform-interface-based multi-platform information acquisition method and information acquisition system |
CN103413088A (en) * | 2012-07-09 | 2013-11-27 | 深圳市利谱信息技术有限公司 | Computer document operational safety audit system |
CN105323273A (en) * | 2014-06-27 | 2016-02-10 | 中国电信股份有限公司 | Method, apparatus and system for controlling energy consumption monitoring system |
CN105072167A (en) * | 2015-07-24 | 2015-11-18 | 江苏省公用信息有限公司 | Monitoring method applied to portal host system |
CN105808240A (en) * | 2016-03-01 | 2016-07-27 | 北京量邦信息科技股份有限公司 | Method for realizing user isolation under online programming environment |
CN105979009A (en) * | 2016-07-06 | 2016-09-28 | 乾云众创(北京)信息科技研究院有限公司 | Method for automatically balancing increased load of cloud application container |
Cited By (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108881211A (en) * | 2018-06-11 | 2018-11-23 | 杭州盈高科技有限公司 | A kind of illegal external connection detection method and device |
CN108881211B (en) * | 2018-06-11 | 2021-10-08 | 杭州盈高科技有限公司 | Illegal external connection detection method and device |
CN111385285A (en) * | 2019-12-30 | 2020-07-07 | 杭州迪普科技股份有限公司 | Method and device for preventing illegal external connection |
CN111741078A (en) * | 2020-05-29 | 2020-10-02 | 深圳市伟众信息技术有限公司 | White list platform message system and method |
CN111865971A (en) * | 2020-07-17 | 2020-10-30 | 成都三零凯天通信实业有限公司 | Kubernetes service container security detection method based on sidecar scheme |
CN113157441A (en) * | 2021-03-24 | 2021-07-23 | 北京云上曲率科技有限公司 | Distributed decentralized load balancing method and system |
CN113157441B (en) * | 2021-03-24 | 2023-03-14 | 北京云上曲率科技有限公司 | Distributed decentralized load balancing method and system |
CN113541308A (en) * | 2021-06-18 | 2021-10-22 | 广西电网有限责任公司梧州供电局 | Network security visualization system of smart power grid server |
CN113596187A (en) * | 2021-06-25 | 2021-11-02 | 新浪网技术(中国)有限公司 | Domain name configuration management system |
CN114780353A (en) * | 2022-06-15 | 2022-07-22 | 统信软件技术有限公司 | File log monitoring method and system and computing device |
CN114780353B (en) * | 2022-06-15 | 2022-09-27 | 统信软件技术有限公司 | File log monitoring method and system and computing device |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108092936A (en) | A kind of Host Supervision System based on plug-in architecture | |
CN111209346B (en) | Block chain data archiving method and device and computer readable storage medium | |
CN106991035B (en) | Host monitoring system based on micro-service architecture | |
CN110543464B (en) | Big data platform applied to intelligent park and operation method | |
CN103595730B (en) | A kind of ciphertext cloud storage method and system | |
CN105247529B (en) | The synchronous voucher hash between directory service | |
CN112765245A (en) | Electronic government affair big data processing platform | |
CN107220142B (en) | Method and device for executing data recovery operation | |
CN108429755B (en) | Dynamic management platform and method for network security basic information | |
CN110334225A (en) | A kind of design method for the distributed face basic information middle database service being compatible with more algorithms | |
CN103036956A (en) | Filing system and implement method of distributed configured massive data | |
CN110688261A (en) | Heterogeneous electronic file cloud disaster recovery system based on block chain | |
CN107688487A (en) | For the method and system for the state for recovering database session | |
CN111460031B (en) | Data synchronization method, device, equipment and medium | |
CN109729147A (en) | The auditing system and implementation method of multi-tenant are supported under a kind of cloud environment | |
US20110296393A1 (en) | Systems and methods for generating an encoded package profile based on executing host processes | |
CN104220987A (en) | Application installation | |
CN105095103B (en) | For the storage device management method and apparatus under cloud environment | |
CN106452798B (en) | The network equipment command identifying method and command identifying of high-volume deployment | |
CN103618652A (en) | Audit and depth analysis system and audit and depth analysis method of business data | |
CN109905492B (en) | Safety operation management system and method based on distributed modular data center | |
CN103188105A (en) | Safety enhancing system and method thereof of NAS equipment | |
CN106254466A (en) | HDFS distributed file sharing method based on LAN | |
CN103209189A (en) | Distributed file system-based mobile cloud storage safety access control method | |
CN103426040A (en) | Research and development management system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20180529 |
|
WD01 | Invention patent application deemed withdrawn after publication |