CN108092936A - A kind of Host Supervision System based on plug-in architecture - Google Patents

A kind of Host Supervision System based on plug-in architecture Download PDF

Info

Publication number
CN108092936A
CN108092936A CN201611032382.1A CN201611032382A CN108092936A CN 108092936 A CN108092936 A CN 108092936A CN 201611032382 A CN201611032382 A CN 201611032382A CN 108092936 A CN108092936 A CN 108092936A
Authority
CN
China
Prior art keywords
client
module
plug
server
management module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201611032382.1A
Other languages
Chinese (zh)
Inventor
周炼赤
高景生
孙宇
赵朋川
张岩
黄晨
宋鹏飞
冉龙翔
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Institute of Computer Technology and Applications
Original Assignee
Beijing Institute of Computer Technology and Applications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Institute of Computer Technology and Applications filed Critical Beijing Institute of Computer Technology and Applications
Priority to CN201611032382.1A priority Critical patent/CN108092936A/en
Publication of CN108092936A publication Critical patent/CN108092936A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/3051Monitoring arrangements for monitoring the configuration of the computing system or of the computing system component, e.g. monitoring the presence of processing resources, peripherals, I/O links, software programs
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • H04L67/025Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1001Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Quality & Reliability (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses a kind of Host Supervision System based on plug-in architecture, wherein, including:Server-side and at least a client;Client includes:Insert receptacle and a variety of safety inserts, insert receptacle are used to configure a variety of safety inserts;Server-side includes monitoring system, and monitoring system includes system management module, audit management module, policy management module, assets management module, situation monitoring module, organization and administration module and document management module;System management module is used for the configuration management at management service end;Audit management module is used for client log management;Policy management module is used for managing security policies, and is sent to client, and safety insert is configured according to security strategy according to end;Assets management module is used to be managed client;Situation monitoring module is monitored for the state of each client;Organization and administration module is used to be managed user information;Document management module is used for the upgrading of the safety insert of management client.

Description

A kind of Host Supervision System based on plug-in architecture
Technical field
The invention belongs to technical field of network security, more particularly to a kind of Host Supervision System based on plug-in architecture.
Background technology
In recent years, it is continuously increased with the scale of the applications of computer network with complexity, network security problem has become Focus of concern.Most government, enterprise all deploy a system such as antivirus software, fire wall, intruding detection system at present Row protection capacity of safety protection software, this solves external safety problem to a certain extent.But according to statistics, the network security more than 50% Problem is derived from carried out by internal staff.Therefore, in order to meet the needs to internal information spy, Host Supervision System is met the tendency of And give birth to, it can effectively control use of the internal user to end host and network, prevent the generation of internal unlawful practice, simultaneously There is powerful log audit, so that in the future related personnel examines, collects evidence.
Good pipe in order to ensure Host Supervision System, handy for administrator and user, good software architecture is set Meter seems most important.
In computer safety monitoring correlative technology field, the patent of Application No. CN201210510366.4 discloses one kind The reinforcement means of Intrusion Detection based on host monitor operating system, it solves the safety controlled using the kernel level control based on Rootkit Property, reliability, the management complexity of a catenet group of planes/net group is solved using tree-like security domain system, using distributed strategy Description language solves monitoring demand and the flexible of methods, deep layer statement.Although the method is to the security function of end host It is described in detail with security model, but is the absence of the global design to client-server end-rack structure, one can not be built Complete user's operation flow, therefore with certain use limitation.The patent of Application No. CN201520188838.8 is public A kind of host monitor and auditing system based on server architecture are opened, it is by setting interchanger to be used as relay device, certification Server, network monitoring server, vulnerability scanning server are connected with interchanger, and the relevant information of monitored computer is passed through Interchanger is transmitted to administrative center, and topological structure is simple, can realize certification and monitoring to the computer that is monitored.Though this system The certification and monitoring to the computer that is monitored so are realized, but flexibility and ease for use are lacked to the management of its security function:It is first First, server-side administrative staff dynamically can not be increased, be changed or be deleted to the security function on terminal computer;Secondly, Terminal user lacks for the current safe condition of terminal intuitively, clearly to be grasped.
By the above, from the angle of software user, at present Host Supervision System also there are software ease for use and The problem of scalability:After software deployment success, terminal user is difficult to know the current SOT state of termination and specific safety Strategy causes inconvenient for use;Meanwhile if administrator wants to increase or repairs some security function, technical staff's modification must be allowed whole A client software, then update, causes management inconvenient;In addition, when network size gradually increases, administrator it is difficult to ensure that It being capable of reduction even collapse of the huge terminal of controlling quantity without causing performance simultaneously.
The content of the invention
It is an object of the invention to provide a kind of Host Supervision System based on plug-in architecture, for solving above-mentioned existing skill The problem of art.
A kind of Host Supervision System based on plug-in architecture of the present invention, wherein, including:Server-side and at least a client End;Client includes:Insert receptacle and a variety of safety inserts, insert receptacle are used to configure a variety of safety inserts;Server-side includes Monitoring system, monitoring system include system management module, audit management module, policy management module, assets management module, situation Monitoring module, organization and administration module and document management module;System management module is used for the configuration management at management service end;It examines Management module is counted to be used for client log management;Policy management module is used for managing security policies, and is sent to client, root Safety insert is configured according to security strategy according to end;Assets management module is used to be managed client;Situation monitoring module is used It is monitored in the state of each client;Organization and administration module is used to be managed user information;Document management module is used for The upgrading of the safety insert of management client.
One embodiment of the Host Supervision System according to the present invention based on plug-in architecture, wherein, client further includes visitor Family end interface, for providing a user operation interface.
One embodiment of the Host Supervision System according to the present invention based on plug-in architecture, wherein, server-side further includes:It is negative Balance module is carried, for carrying out load balancing to multiple monitoring systems in server-side.
One embodiment of the Host Supervision System according to the present invention based on plug-in architecture, wherein, the insert receptacle is to visitor All kinds of safety inserts on the end of family are managed and control work.
One embodiment of the Host Supervision System according to the present invention based on plug-in architecture, wherein, which also wraps It includes:Server-side heartbeat module, for sending heartbeat message to server-side, to maintain to be connected with the communication data of server-side.
One embodiment of the Host Supervision System according to the present invention based on plug-in architecture, wherein, which also wraps It includes:Plug-in unit end heartbeat module for receiving the heartbeat message of the respectively safety insert, maintains the communication data with the respectively safety insert Connection.
One embodiment of the Host Supervision System according to the present invention based on plug-in architecture, wherein, which receives visitor After the log-on message at family end, organize the user belonging to module polls active client and organization whether there is, if not In the presence of then returning to mistake;If in the presence of the current client for initiating registration request is converted into providing in net by assets management module Production, and uniformly safeguarded in follow-up management.
One embodiment of the Host Supervision System according to the present invention based on plug-in architecture, wherein, which is taking Business end completes to set, and after server-side sets security strategy, policy management module can be by the security strategy and corresponding safety Plug-in unit pushes to bound client in the form of data flow;After client receives data flow, safety insert is placed on In insert receptacle;And security strategy is stored.
One embodiment of the Host Supervision System according to the present invention based on plug-in architecture, wherein, insert receptacle includes:Match somebody with somebody Module is put, for reading and writing client and server-side configuration information;Registration module, for initiating registration request to server-side;Strategy Module for receiving the security strategy issued from server-side, and distributes to specified safety insert;Audit Module, for collecting visitor The User operation log that family end generates, and report to server-side;Control module, for providing the startup of safety insert, restarting, stop Only with status inquiry interface;Patch module issues for receiving and updating the patch from server-side.
One embodiment of the Host Supervision System according to the present invention based on plug-in architecture, wherein, safety insert includes:Outside If controlling plug-in unit, for carrying out the control of permission to USB port, serial ports, wireless network card, CD-ROM drive and printer;Software controls Plug-in unit, for carrying out the control of permission to the software process run in client;Network controls plug-in unit, for Configuration network address Blacklist or network address white list carry out the permission control of the access of network;Illegal external connection plug-in unit is for detecting customer terminal It is no to be connected to external network;Document control plug-in unit is for user under monitor client specified directory to the operation behavior of file.
The Host Supervision System based on plug-in architecture of the present invention takes into full account the ease for use of Host Supervision System and can expand The principle of malleability comprehensively utilizes server-side-client framework and plug-in architecture, selectively using light weight, cross-platform, high efficiency Python Flask and Qt technologies, compensate for deficiency of the legacy hosts monitoring system on using, effectively reduce administrator Maintenance difficulties and improve reliability.It is embodied in:(1) by server-side-client framework, both ends hardware is made full use of Task is reasonably allocated to client and server-side to realize by the advantage of environment, is reduced system communication expense, while is being serviced End introduces load balancing and vessel isolation mechanism, has ensured the high concurrent and high fault tolerance of Web application services;(2) plug-in unit is used Framework makes client software possess good function extensibility, while customizability is high, can adapt to different exploitation needs, And it supports gradual exploitation, function can be stepped up, the loading and unloading that in addition plug-in unit can be independent so that it compares appearance Easily deployment;(3) by introducing outstanding third party software Development Framework so that whole system possesses cross-platform, exploitation efficiently, clearly The characteristics of clear easy-to-use, reliable and stable.
Description of the drawings
Fig. 1 show the module map of the Host Supervision System the present invention is based on plug-in architecture;
Fig. 2 show the Organization Chart of Host Supervision System server-side;
Fig. 3 show the Organization Chart of insert receptacle;
The storing directory specification schematic diagram of the relevant information file of safety insert shown in Fig. 4;
Fig. 5 show the execution specification figure of safety insert;
Fig. 6 show the work flow diagram of the Host Supervision System the present invention is based on plug-in architecture.
Specific embodiment
To make the purpose of the present invention, content and advantage clearer, with reference to the accompanying drawings and examples, to the present invention's Specific embodiment is described in further detail.
Fig. 1 show the module map of the Host Supervision System the present invention is based on plug-in architecture, as shown in Figure 1, base of the present invention It is mainly made of in the Host Supervision System of plug-in architecture server-side and client two large divisions.The present embodiment include server-side 1, Client 2 and client 3.Client 2 includes:Insert receptacle 21, safety insert 1-k, client end interface 23.Client 3 is wrapped It includes:Insert receptacle 31, safety insert 1-t, client end interface 33.
As shown in Figure 1, to meet the requirement of high concurrent caused by ten hundreds of terminals, server-side is born using Nginx A kind of balanced 12 (high performance HTTP and Reverse Proxies) are carried to realize load balancing;Simultaneously as rear end Tomcat (a kind of lightweight Web Application Server software based on Java) handles the limited capacity of client access request, adopts With the Docker containers increased income, Tomcat is copied into multiple, be deployed in respectively in each Docker 1-n.Each Docker is One flexibly configurable and the independent operating environment managed, internal Tomcat runs a set of Web service, being capable of complete independently Related work.Which can increase the isolation between Tomcat while server access pressure is reduced, and avoid mutually It influences, therefore ensures that the reliable of entire server-side.Host monitor is provided from the Web service in the angle of function, Tomcat Management and control function needed for system.
Fig. 2 show the Organization Chart of Host Supervision System server-side, as shown in Fig. 2, the work(of Host Supervision System server-side Energy module is arranged in Tomcat, including seven modules, system management module 13, audit management module 14, policy management module 15th, assets management module 16, situation monitoring module 17, organization and administration module 18 and document management module 19.
As shown in Fig. 2, system management module 13 is responsible for the superior and the subordinate's platform cascade, the Admin Access's control of server-side 1 System, menu resource distribution, data backup restoration and system security configuration.Audit management module is mainly realized to terminal daily record and use The collection of family daily record, arrangement are presented, imported and exported.Policy management module 15 is the core of the host monitor function of server-side 1, It can generate, issue and managing security policies, including terminal authentication control strategy, software white list control strategy, peripheral hardware control Make strategy, Network Acccss Control Policy, illegal external connection control strategy, file operation control strategy.Assets management module 16 is responsible for Each Terminal Type in network is managed, is considered as an assets per station terminal, its registration, registration, information conversion and It destroys, is realized by the module.Situation monitoring module 17 can carry out unified prison to the sub-network in network and affiliated terminal Control supports the visualization of the physical location based on map and the logical place based on state to present, administrator can be facilitated quick Terminal or the inquiry of user are carried out, and learns current all kinds of violation warning information accurately and in time.It is main to organize module 18 It is responsible for the management to organization and user's personal information, including inquiring about, adding, changing, deleting and converting.Document management module 19 are responsible for the Miscellaneous Documents needed for terminal, including:Security strategy performs relied on safety insert, terminal operating system liter Patch file, client terminal software updating installation kit needed for grade.
Fig. 3 show the Organization Chart of insert receptacle, as shown in Figure 1 and Figure 3, by taking client 2 as an example, 21 He of insert receptacle Safety insert 1-k is together constituted " plug-in architecture ", and safety insert 1-k is independent mutually, can effectively avoid what is interdepended from asking Topic.In the present embodiment, the operation of insert receptacle 21 includes following eight modules:Plug-in unit end heartbeat module 218 is responsible for receiving all kinds of The heartbeat message of safety insert, maintenance are connected with the communication data of plug-in unit.Configuration module 217, be responsible for read, write-in client and Server-side configuration information, such as IP address, port, interface name.Registration module 215 is responsible for initiating registration request to server-side, It is the premise that client successfully networks.Policy module 213 is responsible for checking, be dispatched, the security strategy that update is issued from server-side, And distribute to specified safety insert.Audit Module 126 is responsible for collecting the User operation log that client generates, and reports to clothes Business end.Control module 214 is responsible for providing the startup of safety insert, restarts, stops and status inquiry interface, for interface program or Server-side is called.Patch module 212 is responsible for patch of the reception from server-side and issues request, and is performed locally patch Download and installation.Server-side heartbeat module 211 is responsible for sending heartbeat message to server-side, believes including end message, patch Breath, safety insert status information etc., maintenance are connected with the communication data of server-side.
As shown in figure 3, insert receptacle 21 has lightweight, advantage cross-platform, expansible, development efficiency is high, therefore can To be suitable for multiclass hardware and software platform, as the Windows/Linux operating systems under x86 frameworks, the production domesticization under ARM frameworks are grasped Make system etc..Meanwhile insert receptacle 21 employs Flask Web technologies, between terminal and server, play data processing and The effect of communication agent directly communicates with server-side, reception and reported data.In addition, insert receptacle 21 can AM automatic monitoring Socket connections in client 2 provide management and control ability for all kinds of safety inserts in terminal.
With reference to figure 3, the associated safety plug-in unit of the present embodiment is sketched:Safety insert includes peripheral hardware control plug-in unit, software control Plug-in unit, network control plug-in unit, illegal external connection plug-in unit, document control plug-in unit etc., they are the final executors of security strategy.Peripheral hardware Control plug-in unit:" permission " or the control of " forbidding " are carried out to USB port, serial ports, wireless network card, CD-ROM drive, printer etc..Software control Plug-in unit processed:The control of " RUN " or " forbidding " is carried out to the software process run in client.Network controls plug-in unit:It can configure Network address blacklist or network address white list, forbid or allow the access of network.Illegal external connection plug-in unit:Detecting customer terminal is It is no to be connected to external network, such as internet, and corresponding control measure are taken, such as suspension, shutdown.Document control plug-in unit:Monitoring User is to the operation behavior of file under client specified directory, including operations such as file reading and writing, renaming, deletions.
As shown in figure 3, such as peripheral hardware control plug-in unit, when server-side issues the peace of one " forbidding using USB storage device " It after full strategy, is forwarded via the information of insert receptacle, peripheral hardware control plug-in unit can read this strategy, then start in the plug-in unit USB storage device monitoring programme, once user is inserted into USB storage device, monitoring programme then blocks user's operation so that should USB storage device fails, and generates a daily record in real time, records the violation operation of the user.
The storing directory specification schematic diagram of the relevant information file of safety insert shown in Fig. 4, as shown in figure 4, in bin catalogues Store the executable program of safety insert;Safety insert is stored in libs catalogues and performs relied on dynamic library file;Md5 files The plug-in unit is uniquely determined, the update of plug-in unit can be conducive to;Log catalogues store the daily record of plug-in unit generation;Policy catalogues are deposited Put the Java.policy that server-side issues;Correlated variables during var catalogues storage plug-in component operation.
Fig. 5 show the execution specification figure of safety insert, as shown in figure 5, start, starts plug-in unit, and remain on shape State;Stop stops plug-in unit;Restart restarts running plug-in unit;Status, the current state of query plugin, that is, transport Row stops.
Client end interface is then located at the upper strata of insert receptacle, is responsible for directly interacting with terminal user.It is presented to use Family is the safe condition of insert receptacle and the state of safety insert, i.e. present terminal, and provides operate interface and carried out for user Mouse, keyboard operation, including checking system resource, startup/stopping safety insert, inquiry audit log, configuration system information, end End registration etc..Client end interface is suitable for multiclass hardware and software platform, while has abundant API, and 2D/3D figures is supported to render, Good usage experience can be provided to the user.
A kind of Host Supervision System based on plug-in architecture of the present invention, typically used as flow comprise the following steps:
Step 1:Client registers are to server-side.
The purpose of this step is the management in order to which client is made to receive server-side.
Step 2:Server-side issues security strategy to client.
The purpose of this step is to ensure that client possesses specific security monitoring ability.
Step 3:Client reports audit log to server-side.
The purpose of this step is audit, the retrospect for facilitating server-side to client and user.
Step 4:Server-side updates security strategy to client.
The purpose of this step is to ensure that the security function of client possesses flexible configurability.
Fig. 6 show the work flow diagram of the Host Supervision System the present invention is based on plug-in architecture, as shown in fig. 6, this hair The workflow of the bright Host Supervision System based on plug-in architecture comprises the following steps:
Step 1:Client registers are to server-side.
(1) user configures server-side IP address, port numbers and local IP address on client end interface, at this time insert receptacle In configuration module can store the data to local data base, and by server-side heartbeat module read data, start by client Heartbeat message is sent to server-side.
(2) user inputs the information such as user name, account, organization in client, performs registration operation.Plug-in unit holds at this time The user's information can be sent to the assets management module of server-side by the registration module in device.
(3) server-side receives the log-on message of client, and the organization and administration module of server-side can inquire about active client institute The user of category and organization whether there is, if being not present, prompt error message;If in the presence of assets management module will provide Conversion operation is produced, the current client for initiating registration request is converted into net assets, and is uniformly tieed up in follow-up management Shield.Client is connected with the heartbeat of server-side at this time will keep stablizing.
Step 2:Server-side issues security strategy to client.
(1) administrator writes the safety insert of completion in server-side by document management module upload in advance, this is inserted safely Part exists in the form of compressed file, and the catalogue format after decompression meets the plug-in unit catalogue specification defined in the present invention.
(2) administrator creates a certain security strategy in server-side, and the strategy then is tied to one or more assets (i.e. client), the policy management module of server-side can be by the security strategy and corresponding safety insert with data flow at this time Form push to bound client.
(3) after the server-side heartbeat module in client plug-in container receives data flow, safety insert can be put first It puts in insert receptacle;Policy data circulation is sent to policy module simultaneously, the latter can incite somebody to action according to certain form automatically The data flow is assembled, and generates the strategy file of xml forms, and is stored under the policy catalogues of corresponding safety insert.
Step 3:Client reports audit log to server-side.
(1) after security strategy issues, the safety insert of client reads the Java.policy under policy catalogues, and certainly Dynamic triggering start orders go to perform, and can open the process of the host monitor of such safety insert in client background at this time.With this It, can also be right on client end interface by the control module in insert receptacle meanwhile if client user possesses certain permission Safety insert is manually started, is stopped, being restarted, status inquiry operation.
(2) if a certain operation of user violates the security strategy, such as the corresponding current safety of peripheral hardware control plug-in unit Strategy is " USB device is forbidden to be inserted into ", and user inserts USB device, the background monitoring process meeting of the plug-in unit of peripheral hardware control at this time The operation is captured in time, and is blocked.Background monitoring process can automatically generate audit log simultaneously, record violation operation The information such as time of origin, user, main body, object, event description, event result, and audit log is stored in the form of a file In the log subdirectories of corresponding safety insert catalogue.
(3) the Audit Module Xun Huan of client plug-in container reads the journal file of log subdirectories in each plug-in unit catalogue, After reading successfully, Audit Module can be handled the log information in this document twice:The local of client is stored in first Database reads the log information in local data base by client end interface program timing, and by the presentation of information in client Interface is voluntarily checked for client user;Log information can then be sent to the audit management module of server-side, server-side into Filtering, matching, conversion and the preservation of row Audit data, and be shown in Web page, it is checked for administrator.Administrator Can unified log query be carried out to all clients in network by situation monitoring module and pass through system management module Daily record data is backed up or is recovered.
Step 4:Server-side updates safety insert and security strategy to client.
(1) may need to upgrade optimization due to function, some safety insert is changed.Administrator is in server-side at this time Pass amended safety insert.Since the plug-in unit end heartbeat module in client plug-in container periodically detection can work as anterior plug-in Whether md5 values and the plug-in unit md5 values that server-side is sent are consistent, therefore after administrator uploads new safety insert success, client End can detect that two md5 values are inconsistent, and client plug-in container is then thought to need to update when anterior plug-in, can be sent to server-side Update request, the new safety insert of active push to client, the latter covers new safety insert after server-side receives request Fall old safety insert, and retain current security strategy and current plug-in component operation state, client secure is completed with this and is inserted " silence " update of part.
(2) if certain security strategy needs to change, administrator changes the security strategy in server-side.Since client is inserted Server-side heartbeat module in part container can periodically send the cryptographic Hash of current all security strategies, while server-side to server-side The cryptographic Hash of client transmission can be matched and whether the cryptographic Hash of current safety strategy matches, therefore when administrator changes certain peace After full strategy, server-side can detect that the tactful cryptographic Hash that the cryptographic Hash of current strategies and client are sent is inconsistent, server-side It is thus regarded that the security strategy of client needs to update, then new security strategy can be issued to client, to replace client Strategy file old in plug-in unit catalogue policy subdirectories is held, while does not influence the normal operation of current safety plug-in unit, it is complete with this " silence " into client secure strategy updates.
To solve the above-mentioned problems, the present invention proposes a kind of Host Supervision System based on plug-in architecture.By to calculating The fine granularity centralized management of the key elements such as personnel, hardware, software and strategy in environment realizes that information entity is secure and trusted, believes Cease the controllable basic calculation environment of flow.On the one hand, with reference to C/S's (client-side/server-side) and B/S (browser/server-side) Use pattern is provided which good user experience in terminal and browser;It on the other hand, will using plug-in architecture Terminal security function is designed to the form of " kernel+plug-in unit ", reduces the coupling between module with this, realizes terminal security work( The dynamic adjustment of energy module, reduces the maintenance difficulties of administrator, increases software reliability to a certain extent.
Compared with prior art, the present invention has the following advantages:
The present invention takes into full account the ease for use of Host Supervision System and the principle of scalability, comprehensively utilizes server-side-visitor Family end-rack structure and plug-in architecture selectively using light weight, cross-platform, efficient Python Flask and Qt technologies, make up Deficiency of the legacy hosts monitoring system on using, effectively reduces the maintenance difficulties of administrator and improves reliability.Tool Body is shown as:(1) by server-side-client framework, the advantage of both ends hardware environment is made full use of, task is reasonably allocated to Client and server-side are realized, are reduced system communication expense, while are introduced load balancing and vessel isolation machine in server-side System, has ensured the high concurrent and high fault tolerance of Web application services;(2) using plug-in architecture, possess client software good Function extensibility, while customizability is high, can adapt to different exploitation needs, and support gradual exploitation, it can be progressively Increase function, the loading and unloading that in addition plug-in unit can be independent so that it is easier to dispose;(3) by introducing outstanding Software of the third party Development Framework so that whole system possesses the characteristics of cross-platform, exploitation is efficient, clear easy-to-use, reliable and stable.
The above is only the preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art For member, without departing from the technical principles of the invention, several improvement and deformation can also be made, these are improved and deformation Also it should be regarded as protection scope of the present invention.

Claims (10)

1. a kind of Host Supervision System based on plug-in architecture, which is characterized in that including:
Server-side and at least a client;Client includes:Insert receptacle and a variety of safety inserts, insert receptacle are used to configure A variety of safety inserts;Server-side includes monitoring system, and monitoring system includes system management module, audit management module, strategy pipe Manage module, assets management module, situation monitoring module, organization and administration module and document management module;
System management module is used for the configuration management at management service end;Audit management module is used for client log management;Plan Slightly management module is for managing security policies, and is sent to client, and safety insert is configured according to security strategy according to end;Assets Management module is used to be managed client;Situation monitoring module is monitored for the state of each client;Organization and administration Module is used to be managed user information;Document management module is used for the upgrading of the safety insert of management client.
2. the Host Supervision System based on plug-in architecture as described in claim 1, which is characterized in that client further includes client Interface is held, for providing a user operation interface.
3. the Host Supervision System based on plug-in architecture as described in claim 1, which is characterized in that server-side further includes:It is negative Balance module is carried, for carrying out load balancing to multiple monitoring systems in server-side.
4. the Host Supervision System based on plug-in architecture as described in claim 1, which is characterized in that the insert receptacle is to client All kinds of safety inserts on end are managed and control work.
5. the Host Supervision System based on plug-in architecture as described in claim 1, which is characterized in that the insert receptacle is also wrapped It includes:Server-side heartbeat module, for sending heartbeat message to server-side, to maintain to be connected with the communication data of server-side.
6. the Host Supervision System based on plug-in architecture as described in claim 1, which is characterized in that the insert receptacle is also wrapped It includes:Plug-in unit end heartbeat module for receiving the heartbeat message of the respectively safety insert, maintains the communication data with the respectively safety insert Connection.
7. the Host Supervision System based on plug-in architecture as described in claim 1, which is characterized in that the server-side receives client After the log-on message at end, organize the user belonging to module polls active client and organization whether there is, if not depositing Then returning to mistake;If in the presence of, the current client for initiating registration request is converted into net assets by assets management module, And it is uniformly safeguarded in follow-up management.
8. the Host Supervision System based on plug-in architecture as described in claim 1, which is characterized in that the safety insert is servicing End completes to set, and after server-side sets security strategy, policy management module can insert the security strategy and corresponding safety Part pushes to bound client in the form of data flow;After client receives data flow, safety insert is placed on slotting In part container;And security strategy is stored.
9. the Host Supervision System based on plug-in architecture as described in claim 1, which is characterized in that insert receptacle includes:Match somebody with somebody Module is put, for reading and writing client and server-side configuration information;Registration module, for initiating registration request to server-side;Strategy Module for receiving the security strategy issued from server-side, and distributes to specified safety insert;Audit Module, for collecting visitor The User operation log that family end generates, and report to server-side;Control module, for providing the startup of safety insert, restarting, stop Only with status inquiry interface;Patch module issues for receiving and updating the patch from server-side.
10. the Host Supervision System based on plug-in architecture as described in claim 1, which is characterized in that safety insert includes:Outside If controlling plug-in unit, for carrying out the control of permission to USB port, serial ports, wireless network card, CD-ROM drive and printer;Software controls Plug-in unit, for carrying out the control of permission to the software process run in client;Network controls plug-in unit, for Configuration network address Blacklist or network address white list carry out the permission control of the access of network;Illegal external connection plug-in unit is for detecting customer terminal It is no to be connected to external network;Document control plug-in unit is for user under monitor client specified directory to the operation behavior of file.
CN201611032382.1A 2016-11-22 2016-11-22 A kind of Host Supervision System based on plug-in architecture Pending CN108092936A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611032382.1A CN108092936A (en) 2016-11-22 2016-11-22 A kind of Host Supervision System based on plug-in architecture

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611032382.1A CN108092936A (en) 2016-11-22 2016-11-22 A kind of Host Supervision System based on plug-in architecture

Publications (1)

Publication Number Publication Date
CN108092936A true CN108092936A (en) 2018-05-29

Family

ID=62168707

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611032382.1A Pending CN108092936A (en) 2016-11-22 2016-11-22 A kind of Host Supervision System based on plug-in architecture

Country Status (1)

Country Link
CN (1) CN108092936A (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108881211A (en) * 2018-06-11 2018-11-23 杭州盈高科技有限公司 A kind of illegal external connection detection method and device
CN111385285A (en) * 2019-12-30 2020-07-07 杭州迪普科技股份有限公司 Method and device for preventing illegal external connection
CN111741078A (en) * 2020-05-29 2020-10-02 深圳市伟众信息技术有限公司 White list platform message system and method
CN111865971A (en) * 2020-07-17 2020-10-30 成都三零凯天通信实业有限公司 Kubernetes service container security detection method based on sidecar scheme
CN113157441A (en) * 2021-03-24 2021-07-23 北京云上曲率科技有限公司 Distributed decentralized load balancing method and system
CN113541308A (en) * 2021-06-18 2021-10-22 广西电网有限责任公司梧州供电局 Network security visualization system of smart power grid server
CN113596187A (en) * 2021-06-25 2021-11-02 新浪网技术(中国)有限公司 Domain name configuration management system
CN114780353A (en) * 2022-06-15 2022-07-22 统信软件技术有限公司 File log monitoring method and system and computing device

Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070039049A1 (en) * 2005-08-11 2007-02-15 Netmanage, Inc. Real-time activity monitoring and reporting
CN101567888A (en) * 2008-12-29 2009-10-28 郭世泽 Safety protection method of network feedback host computer
CN101605056A (en) * 2009-06-16 2009-12-16 中兴通讯股份有限公司 A kind of J2EE server monitoring device and adopt the method for supervising of this device
CN101808051A (en) * 2010-03-15 2010-08-18 天津威奕达科技有限责任公司 Application integration gateway and control method thereof
CN101847116A (en) * 2010-05-05 2010-09-29 中兴通讯股份有限公司 Monitoring system based on J2EE framework and method
CN101938376A (en) * 2010-09-08 2011-01-05 中兴通讯股份有限公司 Method and system for realizing function use of administrator client
CN102710441A (en) * 2012-05-31 2012-10-03 朱峻茂 Uniform-interface-based multi-platform information acquisition method and information acquisition system
CN103413088A (en) * 2012-07-09 2013-11-27 深圳市利谱信息技术有限公司 Computer document operational safety audit system
CN105072167A (en) * 2015-07-24 2015-11-18 江苏省公用信息有限公司 Monitoring method applied to portal host system
CN105323273A (en) * 2014-06-27 2016-02-10 中国电信股份有限公司 Method, apparatus and system for controlling energy consumption monitoring system
CN105808240A (en) * 2016-03-01 2016-07-27 北京量邦信息科技股份有限公司 Method for realizing user isolation under online programming environment
CN105979009A (en) * 2016-07-06 2016-09-28 乾云众创(北京)信息科技研究院有限公司 Method for automatically balancing increased load of cloud application container

Patent Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070039049A1 (en) * 2005-08-11 2007-02-15 Netmanage, Inc. Real-time activity monitoring and reporting
CN101567888A (en) * 2008-12-29 2009-10-28 郭世泽 Safety protection method of network feedback host computer
CN101605056A (en) * 2009-06-16 2009-12-16 中兴通讯股份有限公司 A kind of J2EE server monitoring device and adopt the method for supervising of this device
CN101808051A (en) * 2010-03-15 2010-08-18 天津威奕达科技有限责任公司 Application integration gateway and control method thereof
CN101847116A (en) * 2010-05-05 2010-09-29 中兴通讯股份有限公司 Monitoring system based on J2EE framework and method
CN101938376A (en) * 2010-09-08 2011-01-05 中兴通讯股份有限公司 Method and system for realizing function use of administrator client
CN102710441A (en) * 2012-05-31 2012-10-03 朱峻茂 Uniform-interface-based multi-platform information acquisition method and information acquisition system
CN103413088A (en) * 2012-07-09 2013-11-27 深圳市利谱信息技术有限公司 Computer document operational safety audit system
CN105323273A (en) * 2014-06-27 2016-02-10 中国电信股份有限公司 Method, apparatus and system for controlling energy consumption monitoring system
CN105072167A (en) * 2015-07-24 2015-11-18 江苏省公用信息有限公司 Monitoring method applied to portal host system
CN105808240A (en) * 2016-03-01 2016-07-27 北京量邦信息科技股份有限公司 Method for realizing user isolation under online programming environment
CN105979009A (en) * 2016-07-06 2016-09-28 乾云众创(北京)信息科技研究院有限公司 Method for automatically balancing increased load of cloud application container

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108881211A (en) * 2018-06-11 2018-11-23 杭州盈高科技有限公司 A kind of illegal external connection detection method and device
CN108881211B (en) * 2018-06-11 2021-10-08 杭州盈高科技有限公司 Illegal external connection detection method and device
CN111385285A (en) * 2019-12-30 2020-07-07 杭州迪普科技股份有限公司 Method and device for preventing illegal external connection
CN111741078A (en) * 2020-05-29 2020-10-02 深圳市伟众信息技术有限公司 White list platform message system and method
CN111865971A (en) * 2020-07-17 2020-10-30 成都三零凯天通信实业有限公司 Kubernetes service container security detection method based on sidecar scheme
CN113157441A (en) * 2021-03-24 2021-07-23 北京云上曲率科技有限公司 Distributed decentralized load balancing method and system
CN113157441B (en) * 2021-03-24 2023-03-14 北京云上曲率科技有限公司 Distributed decentralized load balancing method and system
CN113541308A (en) * 2021-06-18 2021-10-22 广西电网有限责任公司梧州供电局 Network security visualization system of smart power grid server
CN113596187A (en) * 2021-06-25 2021-11-02 新浪网技术(中国)有限公司 Domain name configuration management system
CN114780353A (en) * 2022-06-15 2022-07-22 统信软件技术有限公司 File log monitoring method and system and computing device
CN114780353B (en) * 2022-06-15 2022-09-27 统信软件技术有限公司 File log monitoring method and system and computing device

Similar Documents

Publication Publication Date Title
CN108092936A (en) A kind of Host Supervision System based on plug-in architecture
CN111209346B (en) Block chain data archiving method and device and computer readable storage medium
CN106991035B (en) Host monitoring system based on micro-service architecture
CN110543464B (en) Big data platform applied to intelligent park and operation method
CN103595730B (en) A kind of ciphertext cloud storage method and system
CN105247529B (en) The synchronous voucher hash between directory service
CN112765245A (en) Electronic government affair big data processing platform
CN107220142B (en) Method and device for executing data recovery operation
CN108429755B (en) Dynamic management platform and method for network security basic information
CN110334225A (en) A kind of design method for the distributed face basic information middle database service being compatible with more algorithms
CN103036956A (en) Filing system and implement method of distributed configured massive data
CN110688261A (en) Heterogeneous electronic file cloud disaster recovery system based on block chain
CN107688487A (en) For the method and system for the state for recovering database session
CN111460031B (en) Data synchronization method, device, equipment and medium
CN109729147A (en) The auditing system and implementation method of multi-tenant are supported under a kind of cloud environment
US20110296393A1 (en) Systems and methods for generating an encoded package profile based on executing host processes
CN104220987A (en) Application installation
CN105095103B (en) For the storage device management method and apparatus under cloud environment
CN106452798B (en) The network equipment command identifying method and command identifying of high-volume deployment
CN103618652A (en) Audit and depth analysis system and audit and depth analysis method of business data
CN109905492B (en) Safety operation management system and method based on distributed modular data center
CN103188105A (en) Safety enhancing system and method thereof of NAS equipment
CN106254466A (en) HDFS distributed file sharing method based on LAN
CN103209189A (en) Distributed file system-based mobile cloud storage safety access control method
CN103426040A (en) Research and development management system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20180529

WD01 Invention patent application deemed withdrawn after publication