CN108171052A - A kind of guard method of Linux server safety and system - Google Patents
A kind of guard method of Linux server safety and system Download PDFInfo
- Publication number
- CN108171052A CN108171052A CN201711459696.4A CN201711459696A CN108171052A CN 108171052 A CN108171052 A CN 108171052A CN 201711459696 A CN201711459696 A CN 201711459696A CN 108171052 A CN108171052 A CN 108171052A
- Authority
- CN
- China
- Prior art keywords
- file
- program
- linux server
- preservation tactics
- feature
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
Abstract
Guard method and system the invention discloses a kind of Linux server safety, belong to information system security technical field.The present invention scans Linux server host file system first, extracts the feature of all executable programs and accessible file in host;The program for allowing operation and execution permission are being determined according to the feature of the executable program and accessible file and allowing the file and operating right that access, is being configured to Preservation tactics;According to the execution of the Preservation tactics monitoring programme or the access of file.The present invention is by only allowing Linux server to perform those application programs and the service of required by task; and to mode that software action is controlled; it is effectively protected the safety of Linux server; the generation that unknown loophole carries out Linux server with means destruction is avoided, enhances the information security of Linux server system.
Description
Technical field
The invention belongs to information system security technical fields, and in particular to a kind of guard method of Linux server safety
And system.
Background technology
Linux server has occupied very big server market share, and due to the demand of cloud computing, this is a
Volume also is continuing to increase.The corporate IT departments of concern safety need to consider the loophole that these servers form network and
How these servers are protected.
In order to ensure the operational safety of server software, a variety of preventive means and technology are employed at present.Typically have anti-
Wall with flues technology, characteristic value detection technique, trigger-initiated scanning technology, vulnerability scanning and system reinforcement technology etc..
Firewall technology is based on pre-defined rule and network disengaging data is filtered, and effectively can keep out to enter known to a part
Behavior is invaded, but unknown attack can not be resisted, many Malwares use the network communication feature similar to normal software at present,
So as to bypass each class firewall.
Characteristic value detection technique works well, but can not detect unknown virus, and known disease on detection known viruse
Poison easily bypasses characteristic value detection technique after by processing free to kill.
Trigger-initiated scanning technology judges virus according to the code and behavioural characteristic experience of Malware, can detect unknown
Virus, but rate of false alarm is higher, and is also easily bypassed by malicious attacker by ingehious design software action.
The ripe scheme of above-mentioned security protection is issued entirely to the safety accident that has occurred and that or by professional security protection industry
Technical risk and loophole etc., analyzed and customized corresponding method and thinking, destruction methods are to application system known to prevention
It damages.I.e. if accident has produced loss when occurring, if reaction is not in time or not perfect with implementing countermeasure,
Even there are irremediable massive losses.These guard technologies and means can't be realized prevents in advance completely, it is difficult to ensure system
The requirement for height reliability of uniting.
Invention content
For defect in the prior art, the technical problems to be solved by the invention be to provide it is a kind of it is safe,
The guard method of the good Linux server safety of protection effect and system.
In order to solve the above technical problems, the technical solution adopted by the present invention is as follows:
A kind of guard method of Linux server safety, includes the following steps:
Linux server host file system is scanned, extracts the spy of all executable programs and accessible file in host
Sign;
Determine to allow the program of operation according to the feature of the executable program and accessible file and perform permission and
Allow the file and operating right that access, be configured to Preservation tactics;
According to the execution of the Preservation tactics monitoring programme and the access of file.
The guard method of Linux server safety as described above, wherein, the feature includes executable program and can visit
Ask size, time, producer and the multiple fingerprints of file.
The guard method of Linux server safety as described above, wherein, the method is configuring the Preservation tactics
Afterwards, the step of Preservation tactics are encrypted is further included.
The guard method of Linux server safety as described above, wherein, the method is using the Preservation tactics
When, first the Preservation tactics are decrypted.
The guard method of Linux server safety as described above, wherein, it is described to perform program according to the Preservation tactics
Or the process of access file is:
Judge whether pending program or file to be visited are that Preservation tactics allow the program performed or allow to visit
The file asked, if it is allowed, then otherwise not allowing to perform journey according to performing permission or operating right execution program or accessing file
Sequence accesses file.
The guard method of Linux server safety as described above, wherein, for the program for not allowing to perform, the side
Method further includes the step of extraction does not allow to perform performance of program.
A kind of protection system of Linux server safety, including being used for as the host of Linux server and for basis
The feature of executable program and accessible file determines the program for allowing operation and performs permission and allow what is accessed in host
File and operating right are configured to the strategic server of Preservation tactics;The host includes scanning the Hosts file system
System extracts all executable programs and the feature collection module of accessible file feature in host;For by the executable journey
Sequence and accessible file feature are sent to the strategic server and are sent to host for receiving the strategic server
The communication module of the Preservation tactics;For the strategy analyzing module that parses the Preservation tactics and for after according to the parsing
Preservation tactics monitoring programme execution and file access kernel module.
The protection system of Linux server safety as described above, wherein, the strategic server is additionally operable to the guarantor
Shield strategy is encrypted.
The protection system of Linux server safety as described above, wherein, the strategy analyzing module is additionally operable to described
Preservation tactics are decrypted.
The protection system of Linux server safety as described above, wherein, the feature collection module is additionally operable to extraction not
Allow the feature of execution program, the communication module is additionally operable to the feature for not allowing to perform program being sent to policy service
Device.
The method of the invention and system, by the way that Linux server is only allowed to perform those application programs of required by task
And service, and to the mode that software action is controlled, be effectively protected the safety of Linux server, avoid unknown leakage
Hole carries out Linux server with means the generation of destruction, enhances the information security of Linux server system.
Description of the drawings
Fig. 1 is the structure diagram of the protection system of Linux server safety in specific embodiment;
Fig. 2 is the flow chart of the guard method of Linux server safety in specific embodiment.
Specific embodiment
During the applicable precondition of the present invention is Linux server stable operation, file relevant with business and system
Process it is known that and operation system main program do not change to a certain degree, can predict in advance.Below in conjunction with the accompanying drawings to this hair
Bright specific embodiment is described in detail.
As shown in Figure 1, in present embodiment Linux server safety protection system, including as Linux server
Host 1 and strategic server 2.Wherein, host 1 includes feature collection module 11, communication module 12, strategy analyzing module 13 and interior
Core module 14.
Feature collection module 11 is used to scan 1 file system of host, extracts all executable programs in host 1 and may have access to
The feature of file.Feature collection module 11, which is additionally operable to extraction, not to be allowed to perform the feature of program.
Communication module 12 be used for by executable program and accessible file feature be sent to the strategic server 2 and
For receiving the Preservation tactics that strategic server 2 is sent to host 1.Communication module 12 does not also allow execution program with what will be extracted
Feature be sent to strategic server 2.
It is special that strategic server 2 is used for all executable programs and accessible file in the host for receiving the transmission of communication module 12
It levies and preserves, the program for allowing operation is determined according to the feature of executable program and accessible file in host 1 and perform permission,
And allow the file and operating right that access, Preservation tactics are configured to, and be sent to after being encrypted with the Preservation tactics postponed
Host 1.
Strategy analyzing module 13 notifies the update protection plan of kernel module 14 for Preservation tactics to be decrypted and parsed
Slightly.
Kernel module 14 is used for according to the execution of Preservation tactics monitoring programme after parsing and the access of file.
As shown in Fig. 2, the guard method of Linux server safety includes the following steps in present embodiment:
(1) feature collection module 11 scans Linux server host file system, extracts all executable programs in host
With the feature of accessible file.Then, the feature of all executable programs and accessible file is sent to plan by communication module 12
Slightly server 2.
Feature can enter oneself for the examination the information such as size, time, producer, the multiple fingerprints of service routine and core document.
(2) strategic server 2 is determined to allow the program of operation and be held according to the feature of executable program and accessible file
Row permission and the file and operating right for allowing access, are configured to Preservation tactics, are sent out after the Preservation tactics are encrypted
Give host 1.
For example, the trust program that selection can perform, and it is configured and performs permission (file access, network access etc.), hold
Row time, running position etc.;Select the operating right of core document.Control granularity is customized.
(3) in and module 14 is according to the execution of the Preservation tactics monitoring programme and the access of file.
Communication module 12 receive strategic server 2 send Preservation tactics, strategy analyzing module 13 first to Preservation tactics into
Row decryption, parses Preservation tactics afterwards, reinforms kernel module 14 and updates Preservation tactics.Kernel module 14 updates Preservation tactics, presses
It requires to be operated according to Preservation tactics.Kernel module 14 is compiled in linux kernel or exists as UV-Vis spectra
It is run in kernel.
Kernel module 14 judges whether pending program or file to be visited are that Preservation tactics allow the journey performed
Sequence allows the file accessed, if it is allowed, then according to performing permission or operating right execution program or accessing file, otherwise not
Allow to perform program or access file.Plan is sent to by its feature by feature collection module 11 for the program for not allowing to perform
Slightly server 2 is used for the monitoring of strategic server 2 and configuration testing.In this way, the monitoring by kernel module 14, it is ensured that only
The program of permission could be run, and ensure to only carry out the permission of permission, and be monitored core document operation in the process of running,
So as to protect the safety of core document.
Above-mentioned technical proposal ensures safety of the Linux server during stable operation.It is taken for operation system
It is engaged in during device stable operation, All Files, program etc. has been predicted, and business file during normal operation and program are received
Collection, and Security Techniques are customized based on this, the unknown program operation or core document that system kernel prevention occurs suddenly
Extremely it is changed, so as to improve the safety of Linux server.
Obviously, various changes and modifications can be made to the invention without departing from essence of the invention by those skilled in the art
God and range.In this way, if these modifications and changes of the present invention belongs to the range of the claims in the present invention and its equivalent technology
Within, then the present invention is also intended to include these modifications and variations.
Claims (10)
1. a kind of guard method of Linux server safety, includes the following steps:
Linux server host file system is scanned, extracts the feature of all executable programs and accessible file in host;
The program for allowing operation is determined according to the feature of the executable program and accessible file and performs permission and allows
The file and operating right of access, are configured to Preservation tactics;
According to the execution of the Preservation tactics monitoring programme and the access of file.
2. the guard method of Linux server safety as described in claim 1, it is characterised in that:The feature includes to hold
The size of line program and accessible file, time, producer and multiple fingerprints.
3. the guard method of Linux server safety as described in claim 1, it is characterised in that:The method is configuring
After the Preservation tactics, the step of Preservation tactics are encrypted is further included.
4. the guard method of Linux server safety as claimed in claim 3, it is characterised in that:The method is with institute
When stating Preservation tactics, first the Preservation tactics are decrypted.
5. the guard method of Linux server safety according to any one of claims 1 to 4, which is characterized in that described to press
It is according to the process that the Preservation tactics perform program or access file:
Judge whether pending program or file to be visited are that Preservation tactics allow the program performed or allow to access
File, if it is allowed, then perform program or access file according to performing permission or operating right, otherwise do not allow to perform program or
Access file.
6. the guard method of Linux server safety as claimed in claim 5, it is characterised in that:For not allowing what is performed
Program, the method further include the step of extraction does not allow to perform performance of program.
7. a kind of protection system of Linux server safety, including being used for as the host (1) of Linux server and for root
The program for allowing operation is determined according to the feature of executable program and accessible file in host (1) and is performed permission and is allowed
The file and operating right of access are configured to the strategic server (2) of Preservation tactics;The host (1) scans institute including being used for
Host (1) file system is stated, extracts all executable programs and the feature collection module of accessible file feature in host (1)
(11);For the executable program and accessible file feature to be sent to the strategic server (2) and for receiving
The strategic server (2) is sent to the communication module (12) of the Preservation tactics of host (1);For parsing the protection plan
Slightly strategy analyzing module (13) and for according to the execution of Preservation tactics monitoring programme after the parsing and the access of file
Kernel module (14).
8. the protection system of Linux server safety as claimed in claim 7, it is characterised in that:The strategic server (2)
It is additionally operable to that the Preservation tactics are encrypted.
9. the protection system of Linux server safety as claimed in claim 8, it is characterised in that:The strategy analyzing module
(13) it is additionally operable to that the Preservation tactics are decrypted.
10. the protection system of the Linux server safety as described in any one of claim 7 to 9, it is characterised in that:It is described
Feature collection module (11) be additionally operable to extraction do not allow perform program feature, the communication module (12) be additionally operable to by it is described not
The feature for performing program is allowed to be sent to strategic server (2).
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711459696.4A CN108171052A (en) | 2017-12-28 | 2017-12-28 | A kind of guard method of Linux server safety and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711459696.4A CN108171052A (en) | 2017-12-28 | 2017-12-28 | A kind of guard method of Linux server safety and system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108171052A true CN108171052A (en) | 2018-06-15 |
Family
ID=62519046
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711459696.4A Pending CN108171052A (en) | 2017-12-28 | 2017-12-28 | A kind of guard method of Linux server safety and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108171052A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108959969A (en) * | 2018-07-26 | 2018-12-07 | 北京北信源信息安全技术有限公司 | Document protection method and device |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101901313A (en) * | 2010-06-10 | 2010-12-01 | 中科方德软件有限公司 | Linux file protection system and method |
CN104462950A (en) * | 2014-12-17 | 2015-03-25 | 中国人民解放军国防科学技术大学 | Application program executing permission control method used for operating system |
CN104735091A (en) * | 2015-04-17 | 2015-06-24 | 三星电子(中国)研发中心 | Linux system-based user access control method and device |
CN105204906A (en) * | 2015-09-29 | 2015-12-30 | 北京元心科技有限公司 | Operating system starting method and intelligent terminal |
-
2017
- 2017-12-28 CN CN201711459696.4A patent/CN108171052A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101901313A (en) * | 2010-06-10 | 2010-12-01 | 中科方德软件有限公司 | Linux file protection system and method |
CN104462950A (en) * | 2014-12-17 | 2015-03-25 | 中国人民解放军国防科学技术大学 | Application program executing permission control method used for operating system |
CN104735091A (en) * | 2015-04-17 | 2015-06-24 | 三星电子(中国)研发中心 | Linux system-based user access control method and device |
CN105204906A (en) * | 2015-09-29 | 2015-12-30 | 北京元心科技有限公司 | Operating system starting method and intelligent terminal |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108959969A (en) * | 2018-07-26 | 2018-12-07 | 北京北信源信息安全技术有限公司 | Document protection method and device |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10311235B2 (en) | Systems and methods for malware evasion management | |
Kara et al. | The rise of ransomware: Forensic analysis for windows based ransomware attacks | |
Bhatt et al. | Towards a framework to detect multi-stage advanced persistent threats attacks | |
EP2774039B1 (en) | Systems and methods for virtualized malware detection | |
US11010472B1 (en) | Systems and methods for signature-less endpoint protection against zero-day malware attacks | |
US10009370B1 (en) | Detection and remediation of potentially malicious files | |
CN110602042B (en) | APT attack behavior analysis and detection method and device based on cascade attack chain model | |
EP3337106B1 (en) | Identification system, identification device and identification method | |
CN108369541B (en) | System and method for threat risk scoring of security threats | |
KR20080047261A (en) | Anomaly malicious code detection method using process behavior prediction technique | |
WO2017056121A1 (en) | Method for the identification and prevention of client-side web attacks | |
US20220217164A1 (en) | Inline malware detection | |
US11636208B2 (en) | Generating models for performing inline malware detection | |
KR101768079B1 (en) | System and method for improvement invasion detection | |
Perera et al. | The next gen security operation center | |
Yermalovich | Ontology-based model for security assessment: Predicting cyberattacks through threat activity analysis | |
Supriya et al. | Malware detection techniques: a survey | |
KR101767591B1 (en) | System and method for improvement invasion detection | |
Chowdhury et al. | Malware detection for healthcare data security | |
Maasberg et al. | Exploring a systematic approach to malware threat assessment | |
CN108171052A (en) | A kind of guard method of Linux server safety and system | |
Bertia et al. | A study about detecting ransomware by using different algorithms | |
Wang et al. | Using malware for software-defined networking–based smart home security management through a taint checking approach | |
Kono et al. | An unknown malware detection using execution registry access | |
James et al. | Malware attacks: A survey on mitigation measures |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180615 |
|
RJ01 | Rejection of invention patent application after publication |