CN108664794A - A kind of Linux server automation safety encryption - Google Patents
A kind of Linux server automation safety encryption Download PDFInfo
- Publication number
- CN108664794A CN108664794A CN201810410494.9A CN201810410494A CN108664794A CN 108664794 A CN108664794 A CN 108664794A CN 201810410494 A CN201810410494 A CN 201810410494A CN 108664794 A CN108664794 A CN 108664794A
- Authority
- CN
- China
- Prior art keywords
- configuration
- file
- script
- function
- linux
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/445—Program loading or initiating
- G06F9/44505—Configuring for program initiating, e.g. using registry, configuration files
- G06F9/4451—User profiles; Roaming
Abstract
The present invention relates to a kind of Linux servers to automate safety encryption, includes the following steps:Linux system operating system reinforces Manage Scripts, and former configuration file is backed up with current time;It reads first wife and sets file configuration value, choose the configuration script of corresponding function;It imports configuration script and sets value parameter, replace first wife and set file configuration value, generate new configuration file;By in new configuration file classification write-in journal file, server automated security hardening is completed.A kind of Linux server provided by the invention automates safety encryption, Linux server uses bash Script controllings, the operating system software of linux6.0, which is divided into multiple independences, can dispose expansible Script controlling code segment, it breaks through manual operation and bottleneck occurs in the process, when avoiding modification amount and exploding, risk that manager works are brought to system not in time.
Description
Technical field
The present invention relates to Linux server security technology areas, are automated more particularly, to a kind of Linux server
Safety encryption.
Background technology
Server system administrator needs to take a significant amount of time the configuration behaviour for carrying out Linux server OSs at present
Make, and it is a large amount of not to only take up server system administrator for a large amount of configuration file of modification, the usually uninteresting repetition of these manual operations
Time energy, due to heavy workload, it is difficult to the problems such as ensureing the correctness of human configuration, integrality and whether can restoring.It is perfect
Management need formulate a target protocol, and ensure efficient work and implement in place.Briefly, it is exactly one by shell
The program executed step by step.
Shell is another program that interface is provided between Linux kernels and end user.Under default situations,
The shell that linux user uses is bash(/bin/bash).In traditional linux management configurations operation, general use pair
The shell-command answered is inquired, and according to different output as a result, using editing machines such as vi change configuration file, and is preserved
The mode that exits operates.
As business event develops, disposes and modification amount is increasing, when modification amount explodes, the processing of administrator
Ability becomes bottleneck, the delay of work project usually occurs, causes server security hidden danger, leads to the system failure or even information
Loss, failure caused by these problems is interrupted, efficiency, safety, cost problem, not single to influence the development entirely to work, can
It can also cause customer complaint, work delay, and then influence the good brand image of enterprise, or even great damage can be brought to enterprise
It loses.
Invention content
The present invention is to carry out security hardening to system by changing linux configuration files by hand in the prior art more than solving
Method, there is modification not in time, influence security of system can technological deficiency, provide a kind of automation of Linux server
Safety encryption.
To realize the above goal of the invention, the technical solution adopted is that:
A kind of Linux server automation safety encryption, includes the following steps:
S1:Linux system operating system reinforces Manage Scripts, and former configuration file is backed up with current time;
S2:It reads first wife and sets file configuration value, choose the configuration script of corresponding function;
S3:It imports configuration script and sets value parameter, replace first wife and set file configuration value, generate new configuration file;
S4:By in new configuration file classification write-in journal file, server automated security hardening is completed.
Wherein, configuration file described in step S1 includes:Security audit configuration file, access rights configuration file and identity mirror
Other configuration file.
Wherein, the configuration script described in step S3 has multiple, and each script is configured with the configuration parameter for realizing different function.
Wherein, the journal file described in step S4 includes that identity differentiates journal file, access control journal file and safety
Audit log file.
Wherein, the security audit configuration file includes that audit configuration feature and audit log preserve function.
Wherein, the access rights configuration file includes modification critical file privilege feature, resource control function, forbids
Root Telnets function, disabling specified services function, access control function, TCPWrapper limitation login functions and disabling refer to
Fixed Xinetd functions.
Wherein, the identity differentiates that configuration file includes:Password complexity setting function, is stepped at password setting policing feature
Record failure handling function and remote service version limitation function.
Wherein, the configuration script is bash scripts.
In said program, Linux server uses bash Script controllings, the operating system software of linux6.0 is divided into more
A independence can dispose expansible Script controlling code segment, and discard tradition the mode changed by hand, be changed to carry out item using code
Part, judgement, cycle mode of operation, to each configuration file backup, modification, import so that artificial degree of dependence is substantially reduced.
In said program, using script can batch accurately deployment reinforce modification, entire deployment framework efficiently, stablize,
Reliably, easy to operate, fast and automatically change, break through during manual operation and bottleneck occur, when avoiding modification amount and exploding,
The risk that manager works are brought to system not in time.
In said program, which is controlled in Linux server with program, in the program automatic checkout system
Weak link, by checking account number safety;Stop the unrelated service of bearer service;Control data access;Network is controlled to access;Differentiate
User;Configuration audit strategy audit it is a series of be automatically brought into operation, complete the work carried out automatically to linux system security hardening
Make.All processes that need to be manually performed are become automated execution, save the time, realizes and quickly adds safely for linux system
Solid method, improve efficiency, enhance system security.
Compared with prior art, the beneficial effects of the invention are as follows:
A kind of Linux server provided by the invention automates safety encryption, and Linux server uses bash script controls
System, the operating system software of linux6.0, which is divided into multiple independences, can dispose expansible Script controlling code segment, break through artificial
Occur bottleneck in operating process, when avoiding modification amount and exploding, risk that manager works are brought to system not in time.
Description of the drawings
Fig. 1 is that a kind of Linux server automates safety encryption flow chart.
Fig. 2 is that a kind of Linux server automates safety encryption file change schematic diagram.
Specific implementation mode
The attached figures are only used for illustrative purposes and cannot be understood as limitating the patent;
Below in conjunction with drawings and examples, the present invention is further elaborated.
Embodiment 1
As shown in Figure 1, a kind of Linux server automates safety encryption, include the following steps:
S1:Linux system operating system reinforces Manage Scripts, and former configuration file is backed up with current time;
S2:It reads first wife and sets file configuration value, choose the configuration script of corresponding function;
S3:It imports configuration script and sets value parameter, replace first wife and set file configuration value, generate new configuration file;
S4:By in new configuration file classification write-in journal file, server automated security hardening is completed.
More specifically, configuration file described in step S1 includes:Security audit configuration file, access rights configuration file and body
Part differentiates configuration file.
More specifically, the configuration script described in step S3 has multiple, and each script is configured with the configuration for realizing different function
Parameter.
More specifically, the journal file described in step S4 include identity differentiate journal file, access control journal file and
Security audit journal file.
More specifically, the security audit configuration file includes that audit configuration feature and audit log preserve function.
More specifically, the access rights configuration file includes modification critical file privilege feature, resource control function, taboo
Only root Telnets function, disabling specified services function, access control function, TCPWrapper limitation login functions and disabling
Specified Xinetd functions.
More specifically, the identity differentiates that configuration file includes:Function, password setting strategy work(is arranged in password complexity
Energy, login failure processing function and remote service version limitation function.
More specifically, the configuration script is bash scripts.
In specific implementation process, Linux server uses bash Script controllings, by the operating system software of linux6.0
Expansible Script controlling code segment can be disposed by being divided into multiple independences, and discard tradition the mode changed by hand, be changed to use code
Carry out condition, judgement, cycle mode of operation, to each configuration file backup, modification, import so that artificial degree of dependence is dropped significantly
It is low.
In specific implementation process, using script can batch accurately deployment reinforce modification, entire deployment framework efficiently,
Stablize, is reliable, it is easy to operate, fast and automatically change, it breaks through during manual operation and bottleneck occurs, it is sudden and violent to avoid modification amount
When increasing, risk that manager works are brought to system not in time.
In specific implementation process, which is controlled in Linux server with program, the automatic detection system of the program
Weak link in system, by checking account number safety;Stop the unrelated service of bearer service;Control data access;Network is controlled to visit
It asks;Differentiate user;Configuration audit strategy audit it is a series of be automatically brought into operation, complete to linux system security hardening automatically into
Capable work.All processes that need to be manually performed are become automated execution, save the time, realize to be quickly linux system
The method of security hardening improves efficiency, enhances system security.
Obviously, the above embodiment of the present invention be only to clearly illustrate example of the present invention, and not be pair
The restriction of embodiments of the present invention.For those of ordinary skill in the art, may be used also on the basis of the above description
To make other variations or changes in different ways.There is no necessity and possibility to exhaust all the enbodiments.It is all this
All any modification, equivalent and improvement etc., should be included in the claims in the present invention made by within the spirit and principle of invention
Protection domain within.
Claims (8)
1. a kind of Linux server automates safety encryption, which is characterized in that include the following steps:
S1:Linux system operating system reinforces Manage Scripts, and former configuration file is backed up with current time;
S2:It reads first wife and sets file configuration value, choose the configuration script of corresponding function;
S3:It imports configuration script and sets value parameter, replace first wife and set file configuration value, generate new configuration file;
S4:By in new configuration file classification write-in journal file, server automated security hardening is completed.
2. a kind of Linux server according to claim 1 automates safety encryption, which is characterized in that step S1
The configuration file includes:Security audit configuration file, access rights configuration file and identity differentiate configuration file.
3. a kind of Linux server according to claim 1 automates safety encryption, which is characterized in that step S3
The configuration script has multiple, configuration parameter of each script configured with realization different function.
4. a kind of Linux server according to claim 1 automates safety encryption, which is characterized in that step S4
The journal file includes that identity differentiates journal file, access control journal file and security audit journal file.
5. a kind of Linux server according to claim 2 automates safety encryption, it is characterised in that:The peace
Full audit configuration file includes that audit configuration feature and audit log preserve function.
6. a kind of Linux server according to claim 2 automates safety encryption, it is characterised in that:The visit
Ask that competence profile includes modification critical file privilege feature, resource control function, forbids root Telnets function, disabling
The Xinetd functions that specified services function, access control function, TCPWrapper limitation login functions and disabling are specified.
7. a kind of Linux server according to claim 2 automates safety encryption, it is characterised in that:The body
Part differentiates that configuration file includes:Function, password setting policing feature, login failure processing function and long-range is arranged in password complexity
Service release limitation function.
8. a kind of Linux server according to claim 3 automates safety encryption, it is characterised in that:It is described to match
It is bash scripts to set script.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810410494.9A CN108664794A (en) | 2018-04-26 | 2018-04-26 | A kind of Linux server automation safety encryption |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810410494.9A CN108664794A (en) | 2018-04-26 | 2018-04-26 | A kind of Linux server automation safety encryption |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN108664794A true CN108664794A (en) | 2018-10-16 |
Family
ID=63781705
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810410494.9A Pending CN108664794A (en) | 2018-04-26 | 2018-04-26 | A kind of Linux server automation safety encryption |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108664794A (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110119599A (en) * | 2019-05-21 | 2019-08-13 | 国网福建省电力有限公司 | A kind of basic software platform automation safety encryption and system |
| CN111027100A (en) * | 2019-11-15 | 2020-04-17 | 内蒙古电力(集团)有限责任公司内蒙古电力科学研究院分公司 | Automatic reinforcing method for information system security configuration |
| CN111176677A (en) * | 2019-12-18 | 2020-05-19 | 腾讯科技(深圳)有限公司 | Server system reinforcement updating method and device |
| CN112287405A (en) * | 2020-09-16 | 2021-01-29 | 中国农业银行股份有限公司河北省分行 | Security reinforcement method for CentOS system |
| CN112784282A (en) * | 2021-01-22 | 2021-05-11 | 苏州浪潮智能科技有限公司 | Security configuration reinforcement method, system and medium |
| CN113946834A (en) * | 2021-10-26 | 2022-01-18 | 南京联创信息科技有限公司 | Security reinforcement strategy optimization method for Linux operating system |
| CN114500106A (en) * | 2022-04-02 | 2022-05-13 | 北京指掌易科技有限公司 | Security management method, device, equipment and storage medium for server |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103049702A (en) * | 2013-01-05 | 2013-04-17 | 浪潮电子信息产业股份有限公司 | Server layer based security reinforcing strategy |
| CN105703925A (en) * | 2014-11-25 | 2016-06-22 | 上海天脉聚源文化传媒有限公司 | Security reinforcement method and system for Linux system |
-
2018
- 2018-04-26 CN CN201810410494.9A patent/CN108664794A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103049702A (en) * | 2013-01-05 | 2013-04-17 | 浪潮电子信息产业股份有限公司 | Server layer based security reinforcing strategy |
| CN105703925A (en) * | 2014-11-25 | 2016-06-22 | 上海天脉聚源文化传媒有限公司 | Security reinforcement method and system for Linux system |
Non-Patent Citations (2)
| Title |
|---|
| 刘怀亮 主编: "《Linux系统安全管理员》", 30 June 2008 * |
| 本丛书编写委员会 编写: "《网络程序设计与管理》", 31 October 2000 * |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110119599A (en) * | 2019-05-21 | 2019-08-13 | 国网福建省电力有限公司 | A kind of basic software platform automation safety encryption and system |
| CN111027100A (en) * | 2019-11-15 | 2020-04-17 | 内蒙古电力(集团)有限责任公司内蒙古电力科学研究院分公司 | Automatic reinforcing method for information system security configuration |
| CN111176677A (en) * | 2019-12-18 | 2020-05-19 | 腾讯科技(深圳)有限公司 | Server system reinforcement updating method and device |
| CN111176677B (en) * | 2019-12-18 | 2022-06-17 | 腾讯科技(深圳)有限公司 | Server system reinforcement updating method and device |
| CN112287405A (en) * | 2020-09-16 | 2021-01-29 | 中国农业银行股份有限公司河北省分行 | Security reinforcement method for CentOS system |
| CN112784282A (en) * | 2021-01-22 | 2021-05-11 | 苏州浪潮智能科技有限公司 | Security configuration reinforcement method, system and medium |
| CN112784282B (en) * | 2021-01-22 | 2022-09-20 | 苏州浪潮智能科技有限公司 | Security configuration reinforcement method, system and medium |
| CN113946834A (en) * | 2021-10-26 | 2022-01-18 | 南京联创信息科技有限公司 | Security reinforcement strategy optimization method for Linux operating system |
| CN114500106A (en) * | 2022-04-02 | 2022-05-13 | 北京指掌易科技有限公司 | Security management method, device, equipment and storage medium for server |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108664794A (en) | A kind of Linux server automation safety encryption | |
| EP3814908B1 (en) | Testing engine for automated operations management | |
| CN104008330B (en) | Based on file is centrally stored and anti-data-leakage system of isolation technology and its method | |
| US11012449B2 (en) | Methods and cloud-based systems for detecting malwares by servers | |
| JP2019527877A (en) | Automatic distribution of PLC virtual patches and security context | |
| EP4104410B1 (en) | Security automation system with machine learning functions | |
| CN108228430A (en) | A kind of server monitoring method and device | |
| CN107797859A (en) | A kind of dispatching method of timed task and a kind of dispatch server | |
| CN105843675B (en) | Thread exit method and device | |
| CN108897646A (en) | A kind of switching method and baseboard management controller of BIOS chip | |
| KR102286512B1 (en) | Method to Provide Application Security Service Based on Cloud Computing | |
| CN111031000B (en) | Processing method, device and system of business wind control system and storage medium | |
| CN110557395A (en) | Secure element access interface protocol adaptation method and device | |
| CN116319242A (en) | Cloud management platform micro-service scheduling method and device based on RPA technology | |
| CN115941171A (en) | Network key exchange negotiation method, device and network equipment | |
| CN113608821A (en) | Data processing method and device of boundary safety equipment | |
| CN111614649B (en) | Method and device for closing TCP short connection | |
| CN108062471B (en) | Risk processing method and device in cloud computing network operation process | |
| CN107479992A (en) | A kind of method for processing business and device | |
| CN107168727A (en) | A kind of program process starts method and device | |
| CN114298700A (en) | Block chain transaction method and device, terminal equipment and computer readable storage medium | |
| CN115185701A (en) | Automatic encryption changing method and device | |
| CN116319370A (en) | Emergency drilling method, device and equipment for network target range and readable storage medium | |
| CN117435554A (en) | File block migration method, device, computer equipment and medium | |
| CN116302463A (en) | Resource management method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20181016 |
|
| RJ01 | Rejection of invention patent application after publication |