CN109347698A - User terminal operations order and echo message monitoring method under a kind of linux system - Google Patents
User terminal operations order and echo message monitoring method under a kind of linux system Download PDFInfo
- Publication number
- CN109347698A CN109347698A CN201811249220.2A CN201811249220A CN109347698A CN 109347698 A CN109347698 A CN 109347698A CN 201811249220 A CN201811249220 A CN 201811249220A CN 109347698 A CN109347698 A CN 109347698A
- Authority
- CN
- China
- Prior art keywords
- terminal
- message
- user
- pseudo
- operational order
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/12—Network monitoring probes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/10—Active monitoring, e.g. heartbeat, ping or trace-route
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
- H04L69/163—In-band adaptation of TCP data exchange; In-band control procedures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/168—Implementing security features at a particular protocol layer above the transport layer
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Cardiology (AREA)
- General Health & Medical Sciences (AREA)
- Power Engineering (AREA)
- Debugging And Monitoring (AREA)
Abstract
The invention discloses user terminal operations order under a kind of linux system and echo message monitoring methods.The method include the steps that 1) create a pseudo-terminal pair: master0 and slave0 when a terminal starts for the terminal, and the terminal logger for triggering the terminal is opened;Subprocess input, output, bash1 are set in each terminal logger;2) pseudo-terminal master0 is written into the operational order of input;Subprocess input will read operational order from slave0 and establish a pseudo-terminal pair: master1 and slave1;Operational order is written in master1 subprocess input, and subprocess bash1 will read operational order and be executed from slave1;Subprocess output obtains the terminal echo message after operational order executes;3) user operation commands that will acquire, terminal echo message are sent to monitoring device.
Description
Technical field
The present invention relates to user terminal operations order under a kind of linux system and echo message monitoring methods, belong to calculating
Machine software technology field.
Background technique
Network security plays an important role in Intelligent transformer station automated system.In order to avoid network attack is to power transformation
Substation automation system causes adverse effect, needs to carry out electric substation automation system security information monitoring, and be network security
Detection device uploads alarm event.
There is no pacify the user of Local or Remote login system in existing Intelligent transformer station automated system
Full monitoring can not effectively monitor the operational order in systems and the real-time echo message of terminal of user in real time.The present invention
It is extended based on linux itself monitoring mechanism and script tool, provides one kind for Intelligent transformer station automated system
For the solution of user operation commands and terminal echo real time monitoring.
The program will acquire the user command and terminal echo message of each terminal on monitored host, and be network security
Detection device uploads alarm event.
1. the acquisition of user command
Existing Intelligent transformer station automated system is generally used for user in the monitoring of terminal operation order
History order, all historical operations that user is checked in history order can be used in face under linux, while shell is ordered
Operation note default is enabled to be stored in the .bash_history file of User Catalog.Shell life can be inquired by this file
The execution history of order facilitates operation maintenance personnel and carries out system audit and problem investigation, while after server is by hacker attack,
The history command operation of hacker's login service device can also be inquired.
History has recorded the history command that user inputs under each terminal, but also has following deficiency:
1.history record user command does not have real-time, user operation commands cannot be reported to network in real time
Safety management platform.
The information of 2.history record does not have safety, and the record of user operation commands can be distorted arbitrarily, can be with
Bash history is deleted by history-c.
3.history cannot record terminal echo message.
4.history can only area record different terminals order input information, cannot identify the execution user of each order.
User's operation history is recorded using PROMPT_COMMAND environmental variance under linux, environment is set in bash and is become
PROMPT_COMMAND is measured, this order can be performed before user's prompt, can be used to record user's operation history.
Such as:
Export PROMPT_COMMAND='{ date "+%F%H:%M:%S.%N# $ (echo $ SRC_IP) # $
(echo$LOGINPID)#$(tty)#$(echo$PORT)#$(whoami)#$(echo$PWD)#$(echo$SSH_
CONNECTION)#$(history 1|{read x cmd;echo"$cmd";})";} > >/var/.mlog/`date'+%Y%
M%d%H%M%S'`_bash.txt'.
After one order of each execution, environmental variance PROMPT_COMMAND will be performed the user of login system
It is secondary, source IP that PROMPT_COMMAND can order this time being performed, the login ID of user, user to log in, user name,
The information such as terminal, execution route are executed to be written in a specific file.
2. terminal information acquisition
2.1script tool brief introduction:
Scirpt is an order, it can make the record that a record is output to terminal.When user is in terminal or control
Working hour on platform processed, script order can recorde lower user done it is a little what.This record, which can be regarded as, saves terminal trace
The document of mark, the record can be saved and be printed again afterwards.
Script order may be very useful when needing to record or archive terminal activity, and record file can be stored as text
File, it is possible to easily be opened with text editor.In the case where the conversation procedure of terminal is recorded using script order
After coming, the result that scriptreplay is recorded can be used and play.The benefit of script is that user in the terminal
All operations, the order struck and the result printed it can be recorded with chapter and verse, can be applied to teaching,
Demonstration, audit.
Start logger using script order in the terminal, any order and appoint that user taps on the terminal at this time
What end message will all be recorded by script.But all there are no quilts for all record information before script is stopped recording
It is written in typescript file, only presses Ctrl+D in the terminal, or input exit can just exit present terminal
Record activity.At this moment script can just be written to record information before in typescript file.Stop it in script
It is no any record information in preceding typescript file.
2.2script tool there are the problem of:
(1) record of script does not have real-time: script can just remember historical operation information when present terminal exits
It records in document.
(2) finding property of user: the starting of script needs user to key in script order in the terminal.
Summary of the invention
For the technical problems in the prior art, the purpose of the present invention is to provide users under a kind of linux system
Terminal operation order and echo message monitoring method.
The technical solution of the present invention is as follows:
User terminal operations order and echo message monitoring method, step include: under a kind of linux system
1) whether monitoring system detection terminal starts, and when terminal starting, operating system is that terminal creation one is pseudo- eventually
End pair: master0 and slave0, and the terminal logger script for triggering the terminal is automatically turned on;The terminal of each terminal is remembered
It records and three subprocess input, output, bash1 is set in device script;
2) pseudo-terminal master0 is written in the operational order that operating system inputs user;The subprocess input of the terminal will
The operational order is read from corresponding pseudo-terminal slave0 and establishes a pseudo-terminal pair: master1 and slave1;The terminal
Subprocess input the operational order is written in pseudo-terminal master1, the subprocess bash1 of the terminal will be from corresponding
The operational order is read in pseudo-terminal slave1 and is executed;The subprocess output of the terminal obtains the operational order and holds
Terminal echo message after row;
3) monitoring system according to the user operation commands that get generates operation input infomational message, according to the end got
Echo message is held to generate operation echo message message;Then by the operation input infomational message, operation echo message message hair
Give network security monitoring device.
Further, the monitoring system obtains user and is logged in by configuring the .bashrc file under user family's catalogue
The terminal number of terminal and the terminal logger script automatic opening for triggering the terminal;Terminal logger script obtains the terminal
Number and record the every operational order of user in the terminal;Monitoring system finds corresponding terminal according to every operational order and returns
Display information.
Further, the subprocess output obtains the terminal echo message after the operational order executes and is write
Enter under specified directory and with terminal number to record file designation.
Further, the pseudo-terminal is to for a pair of of character device.
Further, the terminal echo message is written in pseudo-terminal slave1 by the subprocess bash1, the son
Process output process will obtain the terminal echo message from pseudo-terminal master1.
Further, the format of the operational order are as follows: user logs in type # terminal number # user name # operation catalogue # behaviour
Make time & order # user operation commands.
Further, the operation input infomational message, operate echo message message message format include heading,
Message body and message trailer three parts;Wherein, heading includes that message identification, type of message, parameter/return value and message content are long
Information is spent, message body includes message content information, and message trailer includes message trailer mark and message content verification and information.
Further, host ip, login IP, login time, operating time, user name are included in the message content.
User terminal operations order and echo message monitoring system under a kind of linux system, which is characterized in that including monitoring
System, network security monitoring device and several terminals;Three subprocess are set in the terminal logger script of each terminal
input,output,bash1;Wherein,
The monitoring system, for detecting whether terminal starts, when terminal starting, operating system is terminal creation
One pseudo-terminal pair: master0 and slave0, and the terminal logger script for triggering the terminal is automatically turned on, and user is inputted
Operational order be written pseudo-terminal master0;And according to the user operation commands that get generate operation input infomational message,
Operation echo message message is generated according to the terminal echo message got;Then by the operation input infomational message, operation
Echo message message is sent to network security monitoring device;
Subprocess input, for reading the operational order from corresponding pseudo-terminal slave0 and establishing a pseudo-terminal
It is right: master1 and slave1;And the operational order is written in pseudo-terminal master1;
Subprocess bash1, for reading the operational order from corresponding pseudo-terminal slave1 and executing;
Subprocess output, for obtaining the terminal echo message after the operational order executes.
Compared with current existing the relevant technologies, the positive effect of the present invention are as follows:
1) real-time: compared to history and script order, which can be by the operational order and terminal of user
Upper corresponding echo message passes through Transmission Control Protocol in real time and is reported to network security monitoring device.
2) safety: the user's operation information and echo message of history and scprit command record are recorded in accordingly
Public documents in can arbitrarily be modified and delete by user, in this solution, the operation information and terminal of user echoes letter
Breath just acquires and is sent to network security monitoring device, original record file by agent at once after user command is performed
Also it can be purged immediately.
3) user's transparency: user opens the starting of terminal monitoring silence, has accomplished fully transparent to user.
Detailed description of the invention
Fig. 1 is angent monitoring system overall flow figure;
Fig. 2 is the work architecture diagram of script module;
Fig. 3 is pseudo-terminal structure chart.
Specific embodiment
Technical solution in embodiment in order to enable those skilled in the art to better understand the present invention, and make of the invention
Objects, features and advantages can be more obvious and easy to understand, makees with reference to the accompanying drawing to technological core in the present invention further details of
Explanation.It should be appreciated that described herein, specific examples are only used to explain the present invention, is not intended to limit the present invention.
User terminal operations order and echo message monitoring method are integrally introduced under 1.Linux system
The present invention is user operation commands to be acquired using bash environmental variance, by changing based on linux operating system platform
Write script tool acquisition terminal echo message.The operational order and echo message that monitoring system will acquire generate operation respectively
Infomational message and operation echo message message are inputted, and is communicated using Transmission Control Protocol and far-end network safety monitoring assembly, provides one
Kind has the user's operation monitoring scheme of real-time.
It opens a terminal after logging in system by user, the command information and echo message in terminal can be recorded in corresponding file
In the middle.Monitoring system can read the operation information of user from corresponding document, will be used after handling by analysis by Transmission Control Protocol
The operation information and echo message at family are sent to network security monitoring device in real time.
Workflow is as shown in Figure 1:
(1) the various information of the user will be recorded in environmental variance after logging in system by user;
By configure/etc/profile file judges that user is local log-on, ssh is logged in or X11 is logged in.
By configuring the .bashrc file acquisition user's operation terminal number under user family's catalogue
LINX_PTS=`/usr/sbin/lsof-p $ $ | grep/dev/pts/ | head-1 | awk'{ print $ 9 } ' `
If the bash is started by terminal, LINX_PTS is sky.
(2) after user opens any terminal, script (terminal logger) will be automatically turned on, and terminal echo message will
It can be recorded under specified directory;
By configuring the .bashrc file under user family's catalogue, script is triggered when user opens any terminal:
LINX_SMP_ECHO=`cat/usr/share/smp/linx_config 2 >/dev/null | grep^ECHO=
Yes` // judge terminal echo monitoring function whether is opened in configuration file
(3) the every operational order of user in the terminal will be recorded in file and be stored in/var/.mlog (this
Catalogue is to store all operational order files, and it is operating time+shell type that operational order, which records file designation) under;
It (4), can be according to the terminal number of this information in/var/linx_ after agent reads the operational order of user
Corresponding terminal echo message is found under agnet (file of catalogue deposit operation command execution results echo);
(5) collected finish message is sent to network security by Transmission Control Protocol at after unified message format by agent
Monitoring device.
Module design
(1) script terminal records module brief introduction
It is to introduce the process of script record user operation commands echo for ssh is logged in below
When user logs on to system by ssh, sshd service meeting fork goes out a subprocess to start bash.
Bash can execute the .bashrc script under user family's catalogue on startup, which judges that this bash starts
It whether is that a new user terminal is opened, if it is true, script if will will start script and monitor this terminal.
It is input, output, bash1 respectively that Script, which will open three subprocess,.
After .bashrc script startup script, user's order entered from the keyboard will eventually be got by bash1
And execute, returning the result for order will be got by output process and the text under specified directory is written in terminal return information
In part.
(2) rewriting to script module: following code is added in dooutput () function
Dooutput () function of output process passes through the above code after getting user operation commands implementing result
User's operation echo message is recorded under specified directory and with terminal number to record file designation in real time.
(2) acquisition process of terminal echo
Master and slave in Fig. 2 are terminal device file, and " terminal " desktop programs that user opens, are one in fact
Kind terminal emulator.When terminal emulator operation, it creates a pseudo-terminal by the/dev/ptmx opening end master
It is right, and shell is allowed to operate in the end slave.When user presses keyboard in terminal emulator, it generates byte stream and writes
Enter in master, shell can read input from slave;Slave is written in output content by the subprogram of shell and it
In, it is responsible for character print by terminal emulator into window.
Pseudo-terminal: pseudo-terminal is that pseudo-terminal master and pseudo-terminal slave (terminal device file) this pair of of character is set
It is standby./ dev/ptmx is the file for creating a pair of of master, slave.When a process opens it, one is obtained
The filec descriptor of master, while a slave device file is created at/dev/pts.
The end master is closer to one end of user display, keyboard, and the end slave is the CLI run on virtual terminal
(command line interface) program.The pseudo-terminal driver of Linux can be transmitted to " data of the end master (such as keyboard) write-in "
The end slave is inputted for program, and " data at the program write-in end slave " are transmitted to the end master and are read for (display driving etc.)
It takes.
Script creates a new pseudo-terminal to (master1, slave1) on startup, to create master,
Slave pairs, it is only necessary to call opening/dev/ptmx file with open system, the filec descriptor of master can be obtained.Together
When, a device file has been created in/dev/pts, indicates the end slave.
System automatically creates pseudo-terminal to (master0 and slave0) after user opens terminal, and user inputs from keyboard
Order write-in master0 pseudo-terminal will be serviced by sshd, input process will read use from corresponding slave0 pseudo-terminal
Family order.
Input re-writes the user command read in newly-built pseudo-terminal master1, and bash1 will be from slave1
In read operational order and the execution of user.
The implementing result of operational order is written in slave1 by bash1, and output process will be got from master1
The operational order implementing result of bash1.
Corresponding/var/linx_ is written after taking user operation commands implementing result, by the result in output process
In respective file and terminal number is indicated under agent/, then the command execution results are written in original pseudo-terminal slave0.
Sshd will read the implementing result of user operation commands from master0 and print to the operating terminal of user
On.
By above-mentioned process, the implementing result of user operation commands is successfully truncated in specified file by script, user
Operating terminal in equally understand the implementing result of print command, interception process will not generate any influence to the operation of user.
(3) agent monitoring module
Command information and terminal echo message are obtained from corresponding document:
Agent monitoring process obtains the operational order of user by the file under circulation reading/var/.mlog/.
The format of user operation commands are as follows: user logs in type # terminal number # user name # operation catalogue # operating time & life
Enable # user operation commands
Example: SSH_LOGIN#pts/6#root#/root/222/test#20180910-133853%N:ls #ls
After agent monitoring process gets the operational order of user, can according to the # terminal number # in above-mentioned character string/
Corresponding order echo destination file is found under var/linux_agent/, the content in this document is both that user command is held
Echo message after row in terminal.
The warning message of corresponding type is generated according to collected information:
Agent establishes an interface channel using customized Transmission Control Protocol and network security monitoring device.TCP connection is length
Connection, supports the connection heartbeat detection based on TCPkeepalive, and agent process is monitored by the TCP connection to network security
Device reports acquisition information.When there is TCP connection interruption, agent actively re-establishes TCP connection.When reporting acquisition information
TCP connection channel when switching, guarantee that the acquisition information reported is not lost.
Message format includes heading, message body and message trailer three parts, and specific message format is shown in Table 1.
The definition of 1 message format of table
Message content:
Include the basic of the operation users such as host ip, login IP, login time, operating time, user name in message content
Information.For user immediately, agent will record down the information such as the login IP, login time, registration terminal number of the user.Work as agent
When the operational order and terminal for collecting user echo, it will looked into the chained list that agent is safeguarded according to the user name in data
It askes, the log-on message of the user.
User's operation inputs infomational message content such as table 2.
2. operation input information of table
User's operation echo message message content such as table 3.
3. user's operation echo message of table
Embodiments of the present invention above described embodiment only expresses, description is more specific, but can not therefore manage
Solution is limitations on the scope of the patent of the present invention.It should be pointed out that for those of ordinary skill in the art, not departing from this hair
Under the premise of bright design, various modifications and improvements can be made, and these are all within the scope of protection of the present invention.Therefore, this hair
The protection scope of bright patent should be determined by the appended claims.
Claims (10)
1. user terminal operations order and echo message monitoring method, step include: under a kind of linux system
1) whether monitoring system detection terminal starts, and when terminal starting, operating system is that the terminal creates a pseudo-terminal pair:
Master0 and slave0, and the terminal logger script for triggering the terminal is automatically turned on;The terminal logger of each terminal
Three subprocess input, output, bash1 are set in script;
2) pseudo-terminal master0 is written in the operational order that operating system inputs user;The subprocess input of the terminal will be from phase
The pseudo-terminal slave0 answered reads the operational order and establishes a pseudo-terminal pair: master1 and slave1;The son of the terminal
The operational order is written in pseudo-terminal master1 process input, and the subprocess bash1 of the terminal will be from corresponding puppet eventually
The operational order is read in the slave1 of end and is executed;After the subprocess output of the terminal obtains the operational order execution
Terminal echo message;
3) monitoring system is returned according to the user operation commands generation operation input infomational message got, according to the terminal got
Display information generates operation echo message message;Then the operation input infomational message, operation echo message message are sent to
Network security monitoring device.
2. the method as described in claim 1, which is characterized in that the monitoring system is by configuring under user family's catalogue
.bashrc file, obtains the terminal number of user institute registration terminal and the terminal logger script for triggering the terminal is automatically turned on;
Terminal logger script obtains the terminal number and records the every operational order of user in the terminal;Monitoring system is according to every
Operational order finds corresponding terminal echo message.
3. method according to claim 2, which is characterized in that after the subprocess output obtains the operational order execution
Terminal echo message and be written under specified directory and with terminal number to record file designation.
4. the method as described in claim 1, which is characterized in that the pseudo-terminal is to for a pair of of character device.
5. the method as described in claim 1, which is characterized in that the terminal echo message is written the subprocess bash1
Into pseudo-terminal slave1, the subprocess output process will obtain the terminal echo message from pseudo-terminal master1.
6. the method as described in claim 1, which is characterized in that the format of the operational order are as follows: user logs in type # terminal
Number # user name # operates catalogue # operating time & order # user operation commands.
7. the method as described in claim 1, which is characterized in that the operation input infomational message, operation echo message message
Message format include heading, message body and message trailer three parts;Wherein, heading include message identification, type of message,
Parameter/return value and message content length information, message body include message content information, and message trailer includes message trailer mark and report
Literary content authentication and information.
8. the method for claim 7, which is characterized in that when in the message content comprising host ip, login IP, login
Between, operating time, user name.
9. user terminal operations order and echo message monitoring system under a kind of linux system, which is characterized in that be including monitoring
System, network security monitoring device and several terminals;Three subprocess are set in the terminal logger script of each terminal
input,output,bash1;Wherein,
The monitoring system, for detecting whether terminal starts, when terminal starting, operating system is that terminal creation one is pseudo-
Terminal pair: master0 and slave0, and the terminal logger script for triggering the terminal is automatically turned on, the behaviour that user is inputted
Make order write-in pseudo-terminal master0;And operation input infomational message, basis are generated according to the user operation commands got
The terminal echo message got generates operation echo message message;Then the operation input infomational message, operation are echoed
Infomational message is sent to network security monitoring device;
Subprocess input, for reading the operational order from corresponding pseudo-terminal slave0 and establishing a pseudo-terminal pair:
Master1 and slave1;And the operational order is written in pseudo-terminal master1;
Subprocess bash1, for reading the operational order from corresponding pseudo-terminal slave1 and executing;
Subprocess output, for obtaining the terminal echo message after the operational order executes.
10. system as claimed in claim 9, which is characterized in that the subprocess output obtains the operational order and executes
Rear terminal echo message is simultaneously written under specified directory and with terminal number to record file designation.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811249220.2A CN109347698A (en) | 2018-10-25 | 2018-10-25 | User terminal operations order and echo message monitoring method under a kind of linux system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811249220.2A CN109347698A (en) | 2018-10-25 | 2018-10-25 | User terminal operations order and echo message monitoring method under a kind of linux system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109347698A true CN109347698A (en) | 2019-02-15 |
Family
ID=65311811
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811249220.2A Pending CN109347698A (en) | 2018-10-25 | 2018-10-25 | User terminal operations order and echo message monitoring method under a kind of linux system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109347698A (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112165469A (en) * | 2020-09-18 | 2021-01-01 | 中国船舶重工集团公司第七一四研究所 | Method for detecting deformed shell |
CN112383520A (en) * | 2020-11-02 | 2021-02-19 | 杭州安恒信息安全技术有限公司 | Honeypot system attack playback method, honeypot system attack playback device, storage medium and equipment |
CN112636996A (en) * | 2020-11-16 | 2021-04-09 | 中标软件有限公司 | Network security monitoring system and method for distinguishing operation command and echoing in terminal information acquisition |
CN113395287A (en) * | 2021-06-22 | 2021-09-14 | 杭州默安科技有限公司 | Method and system for recording network attack IP and command execution echo |
CN113449298A (en) * | 2020-03-24 | 2021-09-28 | 百度在线网络技术(北京)有限公司 | Detection method, device, equipment and medium for rebounding shell process |
CN115469943A (en) * | 2022-09-22 | 2022-12-13 | 安芯网盾(北京)科技有限公司 | Detection method and device for JAVA virtual terminal command execution |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107483409A (en) * | 2017-07-21 | 2017-12-15 | 南京南瑞集团公司 | A kind of method that operational order towards industry control operating system monitors echo in real time |
-
2018
- 2018-10-25 CN CN201811249220.2A patent/CN109347698A/en active Pending
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107483409A (en) * | 2017-07-21 | 2017-12-15 | 南京南瑞集团公司 | A kind of method that operational order towards industry control operating system monitors echo in real time |
Non-Patent Citations (3)
Title |
---|
FREEBSD,: ""Pseudo Terminal"", 《HTTP://WWW.FREEBSD.ORG/CGI/MAN.CGI?PTY》 * |
彭淑芬等,: ""Linux伪终端设备及其在L2TP中的应用"", 《计算机工程与设计》 * |
王伟杰,: ""嵌入式可视化协同调试技术的研究与应用"", 《中国优秀硕士学位论文全文数据库-信息科技辑》 * |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113449298A (en) * | 2020-03-24 | 2021-09-28 | 百度在线网络技术(北京)有限公司 | Detection method, device, equipment and medium for rebounding shell process |
CN113449298B (en) * | 2020-03-24 | 2023-09-05 | 百度在线网络技术(北京)有限公司 | Detection method, device, equipment and medium for rebound shell process |
CN112165469A (en) * | 2020-09-18 | 2021-01-01 | 中国船舶重工集团公司第七一四研究所 | Method for detecting deformed shell |
CN112165469B (en) * | 2020-09-18 | 2023-04-18 | 中国船舶重工集团公司第七一四研究所 | Method for detecting deformed shell |
CN112383520A (en) * | 2020-11-02 | 2021-02-19 | 杭州安恒信息安全技术有限公司 | Honeypot system attack playback method, honeypot system attack playback device, storage medium and equipment |
CN112636996A (en) * | 2020-11-16 | 2021-04-09 | 中标软件有限公司 | Network security monitoring system and method for distinguishing operation command and echoing in terminal information acquisition |
CN113395287A (en) * | 2021-06-22 | 2021-09-14 | 杭州默安科技有限公司 | Method and system for recording network attack IP and command execution echo |
CN113395287B (en) * | 2021-06-22 | 2022-06-28 | 杭州默安科技有限公司 | Method and system for recording network attack IP and command execution echo |
CN115469943A (en) * | 2022-09-22 | 2022-12-13 | 安芯网盾(北京)科技有限公司 | Detection method and device for JAVA virtual terminal command execution |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109347698A (en) | User terminal operations order and echo message monitoring method under a kind of linux system | |
CN107241229A (en) | A kind of business monitoring method and device based on interface testing instrument | |
CN106778264A (en) | The application program analysis method and analysis system of a kind of mobile client | |
US11897527B2 (en) | Automated positive train control event data extraction and analysis engine and method therefor | |
CN109816349A (en) | A kind of test verification management platform | |
US20170185505A1 (en) | Systems and methods for implementing an automated parallel deployment solution | |
CN110650137A (en) | Coal mine network abnormal behavior early warning method, system, equipment and readable storage medium | |
US9183117B2 (en) | Method for developing and testing a connectivity driver for an instrument | |
US11449408B2 (en) | Method, device, and computer program product for obtaining diagnostic information | |
CN108897633A (en) | A kind of method for diagnosing faults and device based on machine data | |
CN111552245A (en) | Remote monitoring and processing method, device, equipment and medium for environmental protection water projects | |
US8150471B2 (en) | Network monitoring system | |
Barakat et al. | Windows forensic investigations using powerforensics tool | |
WO2023200597A1 (en) | Automated positive train control event data extraction and analysis engine for performing root cause analysis of unstructured data | |
CN114064510A (en) | Function testing method and device, electronic equipment and storage medium | |
CN114499984A (en) | Identity authentication method, device, equipment and medium based on AI and RPA | |
CN111861363A (en) | License management system and method | |
JP2002351702A (en) | Method and device for preparing terminal operation statistical data utilizing online | |
US11894981B1 (en) | Systems and methods for generating soar playbooks | |
US9342522B2 (en) | Computer implemented system for analyzing a screen-based user session of a process in a network environment | |
CN115037598B (en) | Equipment emergency processing method and device, computer equipment and storage medium | |
CN217113325U (en) | Cross-system automatic login, input and data integration unified data display system | |
US11861509B2 (en) | Automated positive train control event data extraction and analysis engine for performing root cause analysis of unstructured data | |
CN114844691B (en) | Data processing method and device, electronic equipment and storage medium | |
CN115033852A (en) | Credential processing method, device and equipment for realizing IA (IA) related to RPA (resilient packet Access) and AI (Artificial Intelligence architecture) processes |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190215 |