CN109117202B - Method and system for setting audit type configuration items - Google Patents
Method and system for setting audit type configuration items Download PDFInfo
- Publication number
- CN109117202B CN109117202B CN201810756808.0A CN201810756808A CN109117202B CN 109117202 B CN109117202 B CN 109117202B CN 201810756808 A CN201810756808 A CN 201810756808A CN 109117202 B CN109117202 B CN 109117202B
- Authority
- CN
- China
- Prior art keywords
- audit
- auditing
- level
- type configuration
- item
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000012550 audit Methods 0.000 title claims abstract description 237
- 238000000034 method Methods 0.000 title claims abstract description 51
- 238000013507 mapping Methods 0.000 claims abstract description 72
- 230000011218 segmentation Effects 0.000 claims description 11
- 238000012986 modification Methods 0.000 claims description 7
- 230000004048 modification Effects 0.000 claims description 7
- 238000010586 diagram Methods 0.000 description 3
- 229910002056 binary alloy Inorganic materials 0.000 description 2
- 239000008186 active pharmaceutical agent Substances 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 210000001072 colon Anatomy 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 230000002349 favourable effect Effects 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000002715 modification method Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/445—Program loading or initiating
- G06F9/44505—Configuring for program initiating, e.g. using registry, configuration files
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/4401—Bootstrapping
- G06F9/4406—Loading of operating system
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The application discloses a method and a system for setting an audit type configuration item, wherein the method comprises the following steps: acquiring a mapping relation between an audit type configuration item and a high-level audit strategy in a Windows system; obtaining a plurality of high-level auditing strategies matched with the target auditing type configuration items according to the mapping relation; setting the values of configuration items in a plurality of high-level auditing strategies matched with the target auditing type configuration items as first set values; and setting the value of the target audit type configuration item as a second set value according to the mapping relation and the first set value, wherein the second set value is the same as the first set value. The system comprises a mapping relation acquisition module, an advanced auditing strategy configuration item setting module and an auditing type configuration item setting module. By the method and the SYSTEM, the SYSTEM permission can be avoided, and the efficiency and the accuracy of setting the configuration items can be improved.
Description
Technical Field
The application relates to the technical field of computer security, in particular to a method and a system for setting an audit type configuration item.
Background
In the technical field of computer security, security baseline inspection and security baseline restoration are generally required. By security baseline, it is understood that the minimum security requirement, the security baseline in a computer is a detailed description of how the computer is configured and managed in microsoft security systems, windows server 2003 and ISA server 2004. A security baseline in a computer implements trusted computer components on one computer and also describes all relevant configuration settings that enable secure operation. Typical elements of a security baseline include: server and application settings, configuration of operating system components, rights and entitlement assignments, and administrative rules, among others. In security baseline restoration, an audit type configuration item in a Windows system is generally required to be set.
At present, the setting method of the audit type configuration items in the Windows system is usually a registry modification method. Specifically, the SYSTEM authority of the Windows SYSTEM is firstly obtained, and then the key values of registry keys HKEY _ LOCAL _ MACHINE \ SECURITY \ Policy \ polic \ policadtev are modified, so that the change of the audit type configuration items is realized.
However, in the current setting method for the audit type configuration item in the Windows SYSTEM, because the SYSTEM permission needs to be obtained, which is the highest level permission in the Windows SYSTEM, for most application programs, the permission is difficult to obtain, or the permission is very complicated to obtain, so that the current setting process for the audit type configuration item is very complicated, and the setting efficiency is too low. In addition, in the current setting method, the key values of the registry keys HKEY _ LOCAL _ MACHINE \ SECURITY \ Policy \ policaddev are stored in a binary system form, and in the setting process of the audit type configuration items, the key values in the binary system form are read and written in a complex manner, which causes the complexity of the whole setting process and further causes the setting efficiency to be low.
Disclosure of Invention
The application provides a method and a system for setting an audit type configuration item, which are used for solving the problems of complicated setting process and low setting efficiency of the audit type configuration item in the prior art.
In order to solve the technical problem, the embodiment of the application discloses the following technical scheme:
a method of setting an audit type configuration item, the method comprising:
acquiring a mapping relation between an audit type configuration item and a high-level audit strategy in a Windows system;
acquiring a plurality of high-level auditing strategies matched with the target auditing type configuration items according to the mapping relation;
setting the values of configuration items in a plurality of high-level auditing strategies matched with the target auditing type configuration items as first set values;
and setting the value of the target audit type configuration item as a second set value according to the mapping relation and the first set value, wherein the second set value is the same as the first set value.
Optionally, in the mapping relationship, a plurality of high-level audit policies correspond to one audit-type configuration item, and when all configuration items in the plurality of high-level audit policies are set to the same value, the one audit-type configuration item is automatically set to the same value.
Optionally, the obtaining of the mapping relationship between the audit type configuration item and the advanced audit policy in the Windows system specifically includes:
and acquiring the mapping relation between the audit type configuration item and the high-level audit strategy in the Windows system by using a name segmentation method.
Optionally, the obtaining of the mapping relationship between the audit-type configuration item and the advanced audit policy in the Windows system by using the name segmentation method includes the following steps:
s11: acquiring names of all high-level auditing strategies in a Windows system;
s12: dividing the names of all high-level audit strategies into three parts which are sequentially and continuously arranged: auditing strategies, project attribution and project names;
s13: dividing all high-level audit strategies into a plurality of groups of different high-level audit strategies according to different item attributions in the high-level audit strategy names;
s14: inquiring a list of audit type configuration items to be set, and determining the project attribution of any audit type configuration item in the list of audit type configuration items to be set;
s15: setting a group of high-level auditing strategies matched with the project attribution of any auditing type configuration item in a plurality of groups of different high-level auditing strategies as the high-level auditing strategies matched with any auditing type configuration item;
s16: and repeating the steps S14 and S15, and sequentially acquiring a group of high-level audit strategies matched with all audit type configuration items.
Optionally, the method for setting the values of configuration items in a plurality of high-level audit policies matched with the target audit type configuration item to be first set values includes:
s31: setting the value of a configuration item in a high-level auditing strategy matched with a target auditing type configuration item as a first set value by using an AuditSetSystemPolicy function;
s32: and repeating the steps until the values of the configuration items in the high-level auditing strategies matched with the target auditing type configuration items are all set to be the first set value.
Optionally, before obtaining the mapping relationship between the audit-type configuration item and the advanced audit policy in the Windows system, the method further includes:
loading a safety baseline knowledge base, wherein the safety baseline knowledge base stores: a name of a security baseline item, a suggested value of the security baseline item, and a modification path of the security baseline item, the security baseline item including: high level audit policy.
A system for setting audited configuration items, the system comprising:
the mapping relation acquisition module is used for acquiring the mapping relation between the audit type configuration item and the high-level audit strategy in the Windows system;
the advanced auditing strategy acquisition module is used for acquiring a plurality of advanced auditing strategies matched with the target auditing type configuration items according to the mapping relation;
the advanced audit strategy configuration item setting module is used for setting the values of the configuration items in the advanced audit strategies matched with the target audit type configuration item to be first set values by using an AuditSetSystempolicy function;
and the audit type configuration item setting module is used for setting the value of the target audit type configuration item as a second set value according to the mapping relation and the first set value, and the second set value is the same as the first set value.
Optionally, in the mapping relationship obtained by the mapping relationship obtaining module, a plurality of advanced auditing policies correspond to one auditing-type configuration item, and when all configuration items in the plurality of advanced auditing policies are set to the same value, the one auditing-type configuration item is automatically set to the same value.
Optionally, the mapping relationship obtaining module includes:
the name acquisition unit is used for acquiring the names of all high-level audit strategies in the Windows system;
a name dividing unit, configured to divide the names of all the high-level audit policies into three parts that are sequentially and continuously arranged: auditing strategies, project attribution and project names;
the extracting unit is used for dividing all the high-level auditing strategies into a plurality of groups of different high-level auditing strategies according to different item attributions in the high-level auditing strategy names;
the project attribution determining unit is used for inquiring the list of the audit type configuration items to be set and determining the project attribution of any audit type configuration item in the list of the audit type configuration items to be set;
and the matching unit is used for setting a group of high-level auditing strategies matched with the project attribution of any auditing type configuration item in a plurality of groups of different high-level auditing strategies as the high-level auditing strategies matched with any auditing type configuration item.
Optionally, the system further includes a loading module, configured to load a security baseline knowledge base, where: a name of a security baseline item, a suggested value of the security baseline item, and a modification path of the security baseline item, the security baseline item including: high level audit policy.
The technical scheme provided by the embodiment of the application can have the following beneficial effects:
the application provides a method for setting an audit type configuration item, which comprises the steps of firstly obtaining a mapping relation between the audit type configuration item and an advanced audit strategy in a Windows system; secondly, obtaining a plurality of high-level auditing strategies matched with the target auditing type configuration items according to the obtained mapping relation; then setting the values of configuration items in a plurality of high-level auditing strategies matched with the target auditing type configuration items in sequence; and finally, setting the value of the target audit type configuration item according to the mapping relation and the values of the configuration items in the high-level audit strategies matched with the target audit type configuration item, wherein the value of the target audit type configuration item is equal to the values of the high-level audit strategy configuration items. The method and the device indirectly complete the setting of the audit type configuration item by setting the configuration item in the high-level audit strategy matched with the audit type configuration item by utilizing the characteristic of the mapping relation between the audit type configuration item and the high-level audit strategy in the Windows system. By adopting the method in the application to obtain the mapping relation and set the configuration items in the advanced auditing strategy, the SYSTEM authority is not needed, so that the complicated setting process is avoided, and the setting efficiency of the configuration items is improved. Moreover, the mapping relation is obtained by adopting a name segmentation method, a plurality of high-level audit strategies matched with the target audit type configuration items can be quickly extracted according to the item attribution of the high-level audit strategies, and the efficiency and the accuracy of configuration item setting are favorably improved. In addition, the method and the device utilize the AuditSetSystemPolicy function to set the configuration items in the high-level auditing strategy, and can further improve the efficiency of setting the configuration items.
The application also provides a system for setting the audit type configuration item, which mainly comprises a mapping relation acquisition module, an advanced audit strategy configuration item setting module and an audit type configuration item setting module. The method comprises the steps of firstly obtaining the mapping relation between an audit type configuration item and high-level audit strategies in a Windows system through a mapping relation obtaining module, then obtaining a plurality of high-level audit strategies matched with a target audit type configuration item through the high-level audit strategy obtaining module, completing the setting of the configuration item in the high-level audit strategies through a high-level audit strategy configuration item setting module, and finally automatically setting the value of the target audit type configuration item to the value of the configuration item in the high-level audit strategy matched with the target audit type configuration item through the high-level audit strategy configuration item setting module according to the mapping relation, so that the setting of the audit type configuration item is completed. When the configuration item is set by the method, the startup of each module does not need the SYSTEM authority, so that the complicated setting process is avoided, and the efficiency of setting the configuration item is improved. Moreover, the mapping relation obtaining module obtains the mapping relation by adopting a name segmentation method, can quickly extract a plurality of high-level audit strategies matched with the target audit type configuration items according to the item attribution of the high-level audit strategies, and is favorable for improving the efficiency and the accuracy of configuration item setting. In addition, the configuration item setting module of the high-level audit strategy in the application utilizes the AuditSetSystempolicy function to set the configuration item in the high-level audit strategy, so that the setting efficiency of the configuration item can be effectively improved.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a schematic flow chart illustrating a method for setting audit-type configuration items according to an embodiment of the present disclosure;
FIG. 2 is a schematic illustration of a high level audit strategy in the present application;
FIG. 3 is a schematic illustration of an audit type configuration item in the present application;
fig. 4 is a schematic structural diagram of a system for setting an audit-type configuration item according to an embodiment of the present application.
Detailed Description
In order to make those skilled in the art better understand the technical solutions in the present application, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
For a better understanding of the present application, embodiments of the present application are explained in detail below with reference to the accompanying drawings.
Example one
Referring to fig. 1, fig. 1 is a schematic flowchart of a method for setting an audit type configuration item according to an embodiment of the present application. As can be seen from fig. 1, the setting method of the audit type configuration item in this embodiment mainly includes the following processes:
s1: and acquiring the mapping relation between the audit type configuration item and the high-level audit strategy in the Windows system.
Advanced auditing policy in Windows system as can be seen in fig. 2, the advanced auditing policy includes various types: account login, account management, detailed tracking, DS access, login/logout, etc.
Fig. 3 shows a schematic diagram of an audit type configuration item in the Windows system, that is, an audit policy in the group policy.
Through repeated black box tests, the following results are obtained: an audit type configuration item is matched with a plurality of high-level audit strategies. In this embodiment, before setting the audit type configuration item, the mapping relationship between the audit type configuration item and the high-level audit policy needs to be determined, and the setting of the audit type configuration item can be completed by configuring the plurality of high-level audit policies according to the mapping relationship.
The mapping relation between the audit type configuration items and the high-level audit strategies has the following characteristics: the high-level auditing strategies correspond to one auditing type configuration item, and one auditing type configuration item is automatically set to be the same value after the configuration items in the high-level auditing strategies are all set to be the same value. According to the characteristic, the mapping relation between the audit type configuration item and the high-level audit strategy in the Windows system is obtained by using a name segmentation method in the embodiment. Specifically, the method for obtaining the mapping relationship by using the name segmentation method further comprises the following steps:
s11: and acquiring the names of all high-level auditing strategies in the Windows system.
Further, the present embodiment further includes, before the step S1, a step S0: and loading a safety baseline knowledge base.
Wherein, the safety baseline knowledge base stores: the name of the safety baseline item, the suggested value of the safety baseline item and the modification path of the safety baseline item, wherein the safety baseline item comprises: high level audit policy. The security baseline item is a specific item of one piece in the security knowledge base, and includes items of advanced auditing strategies, auditing configuration items and the like. For example: in the security baseline knowledge base of Microsoft, only security baseline items of an advanced auditing strategy type are provided, and security baseline items of an auditing type configuration item are not provided.
After the security baseline knowledge base is loaded, the names of all high-level audit strategies can be acquired in the security baseline knowledge base of the Windows system.
S12: dividing the names of all high-level audit strategies into three parts which are sequentially and continuously arranged: auditing policies, project attribution and project names.
S13: and dividing all the high-level audit strategies into a plurality of groups of different high-level audit strategies according to different item attributions in the high-level audit strategy names.
That is, the high-level audit strategies are classified and extracted according to the item attribution in the high-level audit strategy name, so that the high-level audit strategies are divided into a plurality of groups of high-level audit strategies, and each group of high-level audit strategies comprises the high-level audit strategies with the same item attribution.
As can be seen from the above steps S12 and S13, taking the name of a certain high-level audit policy, "audit policy system IPsec driver", as an example, the name of the high-level audit policy can be divided into "audit policy: the system comprises the following steps: the IPsec driver comprises three parts, and all parts are separated by adopting colons. The first part of the audit policy is a fixed part in a security baseline project name, such as a high-level audit policy, and can be understood as a fixed universal format in the security baseline project name; the third section, IPsec driver, is the application name of the high-level audit policy, and different high-level audit policies have different application names and cannot be classified according to the third section.
In the embodiment, the second part of the high-level audit policy name, namely "item attribution", is taken as a classification basis, for the above example, that is, the high-level audit policies with the item attribution of "system" are extracted from all the high-level audit policies according to the "system" in the high-level audit policy name, and the high-level audit policies are divided into a group of high-level audit policies.
After dividing all the high-level audit policies into multiple high-level audit policies with different item attributions, executing step S14: and inquiring the list of the audit type configuration items to be set, and determining the project attribution of any audit type configuration item in the list of the audit type configuration items to be set.
The method is suitable for setting a certain audit type configuration item and a plurality of audit type configuration items. One or more audit type configuration items needing to be set form an audit type configuration item list to be set.
Certainly, the mapping relationship between the audit type configuration items in the Windows system and the high-level audit policy obtained in step S1 may be a mapping relationship between all audit type configuration items, including the to-be-set audit type configuration items and the non-to-be-set audit type configuration items, and the high-level audit policy; or the mapping relation between the audit type configuration item to be set and the high-level audit strategy. In this embodiment, it is preferable that a mapping relationship between the to-be-set audit type configuration item and the advanced audit policy is selected, and accordingly, in step S14, only the to-be-set audit type configuration item list is queried, and the item attribution of any audit type configuration item in the to-be-set audit type configuration item list is determined.
When the mapping relationship is the mapping relationship between all audit type configuration items and the advanced audit policy, in step S14, the audit type configuration item list in the Windows system needs to be queried, that is: all audit type configuration item lists in the Windows system need to be queried. Only with this query approach, the query scope is increased, and accordingly, the workload is increased.
S15: and setting a group of high-level auditing strategies matched with the project attribution of any auditing type configuration item in the plurality of groups of different high-level auditing strategies as the high-level auditing strategies matched with any auditing type configuration item.
According to steps S14 and S15, an audit type configuration item matched by a set of advanced audit policies is obtained, and then step S16 is executed: and repeating the steps S14 and S15, and sequentially acquiring a group of high-level audit strategies matched with all audit type configuration items. And after a group of high-level auditing strategies matched with all the auditing type configuration items are obtained, the matching relations form a mapping relation between the auditing type configuration items and the high-level auditing strategies in the Windows system.
With continued reference to fig. 1, after the mapping relationship between the audit-type configuration item and the advanced audit policy in the Windows system is obtained, step S2 is executed: and acquiring a plurality of high-level auditing strategies matched with the target auditing type configuration items according to the mapping relation.
The mapping relation includes the corresponding relation between the multiple sets of audit type configuration items and the high-level audit strategies, and during actual use, the high-level audit strategies matched with the target audit type configuration items need to be obtained according to the mapping relation and the current target audit type configuration items.
S3: and setting the values of the configuration items in the high-level auditing strategies matched with the target auditing type configuration items as first set values.
That is, the values of the configuration items in the high-level auditing strategies matched with the target auditing type configuration items are sequentially set, and the values of the configuration items in the high-level auditing strategies are all set to be the same value. Specifically, step S3 includes:
s31: and setting the value of the configuration item in a high-level auditing strategy matched with the target auditing configuration item as a first set value by using an AuditSetSystemPolicy function.
In this embodiment, the configuration item is set by using the audisetsystemopolicy function, and this method of setting the configuration item by using the Windows system advanced API (Application Programming Interface, call Interface of Application program) can effectively improve the efficiency and accuracy of setting the configuration item.
S32: and repeating the steps until the values of the configuration items in the high-level auditing strategies matched with the target auditing type configuration items are all set to be the first set value.
In this embodiment, the audiosetsystemopolicy function can only set the value of the configuration item in the single entry high-level audit policy, so that step S31 can be repeatedly executed for multiple times according to the number of high-level audit policies matched with the target audit type configuration item, thereby completing the setting of the configuration items in multiple high-level audit policies one by one. It should be noted that the values of the configuration items in the multiple advanced audit policies are set to the same value in this embodiment.
S4: and setting the value of the target audit type configuration item as a second set value according to the mapping relation and the first set value, wherein the second set value is the same as the first set value.
Namely, the value of the target audit type configuration item is set according to the mapping relation and the values of the configuration items in the high-level audit strategies matched with the target audit type configuration item, and the value of the target audit type configuration item is equal to the values of the configuration items in the high-level audit strategies.
After the values of the configuration items in the group of high-level auditing strategies with the same project attribution are all set, according to the step S4, the value of the target auditing type configuration item is automatically set as the value of the configuration item in the high-level auditing strategy matched with the target auditing type configuration item.
In summary, the implementation makes full use of the mapping relationship between the audit type configuration items and the high-level audit strategies, firstly obtains the multiple high-level audit strategies matched with the target audit type configuration items, and then sets the configuration items through the multiple high-level audit strategies, thereby indirectly completing the setting of the target audit type configuration items, so that the dependence on the SYSTEM authority can be avoided, the user experience can be greatly improved, and the setting efficiency of the audit type configuration items can be improved.
Example two
Referring to fig. 4 on the basis of the embodiments shown in fig. 1 to fig. 3, fig. 4 is a schematic structural diagram of a system for setting audit-type configuration items according to an embodiment of the present application. As can be seen from fig. 4, the system for setting audit type configuration items in the present application mainly includes: the system comprises a mapping relation acquisition module, an advanced auditing strategy configuration item setting module and an auditing type configuration item setting module.
The mapping relation acquisition module is used for acquiring the mapping relation between the audit type configuration item and the high-level audit strategy in the Windows system; the advanced auditing strategy acquisition module is used for acquiring a plurality of advanced auditing strategies matched with the target auditing type configuration items according to the mapping relation; the advanced audit strategy configuration item setting module is used for setting the values of configuration items in a plurality of advanced audit strategies matched with the target audit type configuration item to be first set values by using an AuditSetSystempolicy function; and the audit type configuration item setting module is used for setting the value of the target audit type configuration item as a second set value according to the mapping relation and the first set value, and the second set value is the same as the first set value.
In this implementation, in the mapping relationship obtained by the mapping relationship obtaining module, the multiple advanced auditing policies correspond to one auditing-type configuration item, and when all the configuration items in the multiple advanced auditing policies are set to the same value, one auditing-type configuration item is automatically set to the same value.
Further, the mapping relation obtaining module further includes: the device comprises a name acquisition unit, a name segmentation unit, an extraction unit, an item attribution determination unit and a matching unit. The name acquisition unit is used for acquiring the names of all high-level audit strategies in the Windows system; the name segmentation unit is used for segmenting the names of all high-level audit strategies into three parts which are sequentially and continuously arranged: auditing strategies, project attribution and project names; the extracting unit is used for dividing all the high-level auditing strategies into a plurality of groups of different high-level auditing strategies according to different item attributions in the high-level auditing strategy names; the project attribution determining unit is used for inquiring the list of the audit type configuration items to be set and determining the project attribution of any audit type configuration item in the list of the audit type configuration items to be set; and the matching unit is used for setting a group of high-level auditing strategies matched with the project attribution of any auditing type configuration item in a plurality of groups of different high-level auditing strategies as the high-level auditing strategies matched with any auditing type configuration item.
Further, the system for setting the audit type configuration items in this embodiment further includes a loading module, configured to load a security baseline knowledge base, where: the name of the safety baseline item, the suggested value of the safety baseline item and the modification path of the safety baseline item, wherein the safety baseline item comprises: high level audit policy.
In this embodiment, the working method and the working principle of the system for setting the audit type configuration item have been explained in detail in the embodiments shown in fig. 1 to fig. 3, and the two embodiments may be referred to each other, which is not described herein again.
The above description is merely exemplary of the present application and is presented to enable those skilled in the art to understand and practice the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (7)
1. A method of setting an audit type configuration item, the method comprising:
acquiring a mapping relation between an audit type configuration item and a high-level audit strategy in a Windows system by using a name segmentation method;
acquiring a plurality of high-level auditing strategies matched with the target auditing type configuration items according to the mapping relation;
setting the values of configuration items in a plurality of high-level auditing strategies matched with the target auditing type configuration items as first set values;
setting the value of the target audit type configuration item as a second set value according to the mapping relation and the first set value, wherein the second set value is the same as the first set value;
the method for obtaining the mapping relation between the audit type configuration items and the advanced audit strategies in the Windows system by using the name segmentation method comprises the following steps:
s11: acquiring names of all high-level auditing strategies in a Windows system;
s12: dividing the names of all high-level audit strategies into three parts which are sequentially and continuously arranged: auditing strategies, project attribution and project names;
s13: dividing all high-level audit strategies into a plurality of groups of different high-level audit strategies according to different item attributions in the high-level audit strategy names;
s14: inquiring a list of audit type configuration items to be set, and determining the project attribution of any audit type configuration item in the list of audit type configuration items to be set;
s15: setting a group of high-level auditing strategies matched with the project attribution of any auditing type configuration item in a plurality of groups of different high-level auditing strategies as the high-level auditing strategies matched with any auditing type configuration item;
s16: and repeating the steps S14 and S15, and sequentially acquiring a group of high-level audit strategies matched with all audit type configuration items.
2. A method as claimed in claim 1, wherein, in the mapping relationship, a plurality of high-level auditing policies correspond to one auditing configuration item, and when all configuration items in the plurality of high-level auditing policies are set to the same value, the one auditing configuration item is automatically set to the same value.
3. A method as claimed in claim 1, wherein the method of setting the values of the configuration items in the plurality of high-level audit policies matching the target audit type configuration item to the first set value comprises:
s31: setting the value of a configuration item in a high-level auditing strategy matched with a target auditing type configuration item as a first set value by using an AuditSetSystemPolicy function;
s32: and repeating the steps until the values of the configuration items in the high-level auditing strategies matched with the target auditing type configuration items are all set to be the first set value.
4. The method for setting audit type configuration items according to any of claims 1-3, wherein before obtaining the mapping relationship between the audit type configuration items and the advanced audit policy in the Windows system, the method further comprises:
loading a safety baseline knowledge base, wherein the safety baseline knowledge base stores: a name of a security baseline item, a suggested value of the security baseline item, and a modification path of the security baseline item, the security baseline item including: high level audit policy.
5. A system for setting auditable configuration items, the system comprising:
the mapping relation acquisition module is used for acquiring the mapping relation between the audit type configuration item and the high-level audit strategy in the Windows system by using a name segmentation method;
the advanced auditing strategy acquisition module is used for acquiring a plurality of advanced auditing strategies matched with the target auditing type configuration items according to the mapping relation;
the advanced audit strategy configuration item setting module is used for setting the values of the configuration items in the advanced audit strategies matched with the target audit type configuration item to be first set values by using an AuditSetSystempolicy function;
the audit type configuration item setting module is used for setting the value of the target audit type configuration item as a second set value according to the mapping relation and the first set value, and the second set value is the same as the first set value;
wherein, the mapping relation obtaining module comprises:
the name acquisition unit is used for acquiring the names of all high-level audit strategies in the Windows system;
a name dividing unit, configured to divide the names of all the high-level audit policies into three parts that are sequentially and continuously arranged: auditing strategies, project attribution and project names;
the extracting unit is used for dividing all the high-level auditing strategies into a plurality of groups of different high-level auditing strategies according to different item attributions in the high-level auditing strategy names;
the project attribution determining unit is used for inquiring the list of the audit type configuration items to be set and determining the project attribution of any audit type configuration item in the list of the audit type configuration items to be set;
and the matching unit is used for setting a group of high-level auditing strategies matched with the project attribution of any auditing type configuration item in a plurality of groups of different high-level auditing strategies as the high-level auditing strategies matched with any auditing type configuration item.
6. The system of claim 5, wherein in the mapping relationship obtained by the mapping relationship obtaining module, a plurality of advanced auditing policies correspond to one auditing configuration item, and when all configuration items in the plurality of advanced auditing policies are set to a same value, the one auditing configuration item is automatically set to the same value.
7. A system for setting auditable configuration items according to claim 5 or 6, further comprising a loading module for loading a secure baseline repository having stored therein: a name of a security baseline item, a suggested value of the security baseline item, and a modification path of the security baseline item, the security baseline item including: high level audit policy.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810756808.0A CN109117202B (en) | 2018-07-11 | 2018-07-11 | Method and system for setting audit type configuration items |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810756808.0A CN109117202B (en) | 2018-07-11 | 2018-07-11 | Method and system for setting audit type configuration items |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109117202A CN109117202A (en) | 2019-01-01 |
| CN109117202B true CN109117202B (en) | 2021-05-25 |
Family
ID=64862624
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810756808.0A Active CN109117202B (en) | 2018-07-11 | 2018-07-11 | Method and system for setting audit type configuration items |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109117202B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110008711A (en) * | 2019-04-15 | 2019-07-12 | 苏州浪潮智能科技有限公司 | A kind of security baseline detection method, device, equipment and readable storage medium storing program for executing |
| CN110796336B (en) * | 2019-09-18 | 2023-09-01 | 广东电网有限责任公司审计中心 | Audit project implementation quality monitoring method and equipment based on data analysis |
| CN114443101B (en) * | 2022-01-29 | 2024-06-21 | 苏州浪潮智能科技有限公司 | System advanced audit policy updating method, system, terminal and storage medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1652498A (en) * | 2004-02-07 | 2005-08-10 | 华为技术有限公司 | Window operating system safety customization method and its apparatus |
| CN103049708A (en) * | 2012-12-27 | 2013-04-17 | 华为技术有限公司 | Audit configuration method and audit configuration system for database |
| CN103634156A (en) * | 2013-12-17 | 2014-03-12 | 中国联合网络通信集团有限公司 | Device, equipment and system for managing and controlling network safety in centralized manner |
| CN103677813A (en) * | 2013-11-29 | 2014-03-26 | 广州视源电子科技股份有限公司 | Automatic auditing configuration method and automatic auditing system |
| CN105703925A (en) * | 2014-11-25 | 2016-06-22 | 上海天脉聚源文化传媒有限公司 | Security reinforcement method and system for Linux system |
| CN107403100A (en) * | 2017-08-08 | 2017-11-28 | 四川长虹电器股份有限公司 | Baseline configuration automated detection system and method |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7607164B2 (en) * | 2004-12-23 | 2009-10-20 | Microsoft Corporation | Systems and processes for managing policy change in a distributed enterprise |
| US8505066B2 (en) * | 2008-10-28 | 2013-08-06 | Ricoh Company, Ltd. | Security audit system and method |
-
2018
- 2018-07-11 CN CN201810756808.0A patent/CN109117202B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1652498A (en) * | 2004-02-07 | 2005-08-10 | 华为技术有限公司 | Window operating system safety customization method and its apparatus |
| CN103049708A (en) * | 2012-12-27 | 2013-04-17 | 华为技术有限公司 | Audit configuration method and audit configuration system for database |
| CN103677813A (en) * | 2013-11-29 | 2014-03-26 | 广州视源电子科技股份有限公司 | Automatic auditing configuration method and automatic auditing system |
| CN103634156A (en) * | 2013-12-17 | 2014-03-12 | 中国联合网络通信集团有限公司 | Device, equipment and system for managing and controlling network safety in centralized manner |
| CN105703925A (en) * | 2014-11-25 | 2016-06-22 | 上海天脉聚源文化传媒有限公司 | Security reinforcement method and system for Linux system |
| CN107403100A (en) * | 2017-08-08 | 2017-11-28 | 四川长虹电器股份有限公司 | Baseline configuration automated detection system and method |
Non-Patent Citations (1)
| Title |
|---|
| 计划和部署高级安全审核策略;佚名;《https://docs.microsoft.com/zh-cn/windows/security/threat-protection/auditing/planning-and-deploying-advanced-security-audit-policies》;20170419;第1-16页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109117202A (en) | 2019-01-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| DE112018002031B4 (en) | BACKING UP AN OPERATING SYSTEM CONFIGURATION USING HARDWARE | |
| CN109117202B (en) | Method and system for setting audit type configuration items | |
| Costin et al. | A {Large-scale} analysis of the security of embedded firmwares | |
| DE102009013384B4 (en) | System and method for providing a secure application fragmentation environment | |
| Zollner et al. | An automated live forensic and postmortem analysis tool for bitcoin on windows systems | |
| CN106997367B (en) | Program file classification method, classification device and classification system | |
| Martini et al. | Conceptual evidence collection and analysis methodology for Android devices | |
| DE112012000512T5 (en) | Updating software | |
| CN103473346A (en) | Android re-packed application detection method based on application programming interface | |
| DE112006001744T5 (en) | Tamper protection to limit installation of operating systems and other software | |
| DE112011105687T5 (en) | Using Option ROM Memory | |
| CN113486350B (en) | Method, device, equipment and storage medium for identifying malicious software | |
| DE102012015573A1 (en) | Method for activating an operating system in a security module | |
| DE102020121075A1 (en) | Establishment and procedure for the authentication of software | |
| CN111125721A (en) | Control method for process starting, computer equipment and readable storage medium | |
| CN111241526A (en) | Data permission matching method and device, electronic equipment and storage medium | |
| Do et al. | Windows event forensic process | |
| EP3937039A1 (en) | Method for the extended validation of a container image | |
| US20230376604A1 (en) | Determination of mitigation priority values of vulnerabilities in container images | |
| DE102022129538A1 (en) | EXTERNAL STORAGE DATA INTEGRITY VALIDATION | |
| CN114329116B (en) | Artificial intelligence-based intelligent park resource matching degree analysis method and system | |
| Lanet et al. | Memory forensics of a java card dump | |
| DE102018211139A1 (en) | Control device and method for its operation | |
| US11507367B2 (en) | Firmware update method and firmware update system thereof | |
| EP3667529B1 (en) | Method and device for authenticating an fpga configuration |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |