CN109347698A - User terminal operations order and echo message monitoring method under a kind of linux system - Google Patents

User terminal operations order and echo message monitoring method under a kind of linux system Download PDF

Info

Publication number
CN109347698A
CN109347698A CN201811249220.2A CN201811249220A CN109347698A CN 109347698 A CN109347698 A CN 109347698A CN 201811249220 A CN201811249220 A CN 201811249220A CN 109347698 A CN109347698 A CN 109347698A
Authority
CN
China
Prior art keywords
terminal
message
user
pseudo
operational order
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201811249220.2A
Other languages
Chinese (zh)
Inventor
魏文灏
彭志航
曾宏安
钟茂恒
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
BEIJING LINX TECHNOLOGY Co Ltd
Original Assignee
BEIJING LINX TECHNOLOGY Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by BEIJING LINX TECHNOLOGY Co Ltd filed Critical BEIJING LINX TECHNOLOGY Co Ltd
Priority to CN201811249220.2A priority Critical patent/CN109347698A/en
Publication of CN109347698A publication Critical patent/CN109347698A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/12Network monitoring probes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/10Active monitoring, e.g. heartbeat, ping or trace-route
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • H04L69/163In-band adaptation of TCP data exchange; In-band control procedures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/168Implementing security features at a particular protocol layer above the transport layer

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Cardiology (AREA)
  • General Health & Medical Sciences (AREA)
  • Power Engineering (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The invention discloses user terminal operations order under a kind of linux system and echo message monitoring methods.The method include the steps that 1) create a pseudo-terminal pair: master0 and slave0 when a terminal starts for the terminal, and the terminal logger for triggering the terminal is opened;Subprocess input, output, bash1 are set in each terminal logger;2) pseudo-terminal master0 is written into the operational order of input;Subprocess input will read operational order from slave0 and establish a pseudo-terminal pair: master1 and slave1;Operational order is written in master1 subprocess input, and subprocess bash1 will read operational order and be executed from slave1;Subprocess output obtains the terminal echo message after operational order executes;3) user operation commands that will acquire, terminal echo message are sent to monitoring device.

Description

User terminal operations order and echo message monitoring method under a kind of linux system
Technical field
The present invention relates to user terminal operations order under a kind of linux system and echo message monitoring methods, belong to calculating Machine software technology field.
Background technique
Network security plays an important role in Intelligent transformer station automated system.In order to avoid network attack is to power transformation Substation automation system causes adverse effect, needs to carry out electric substation automation system security information monitoring, and be network security Detection device uploads alarm event.
There is no pacify the user of Local or Remote login system in existing Intelligent transformer station automated system Full monitoring can not effectively monitor the operational order in systems and the real-time echo message of terminal of user in real time.The present invention It is extended based on linux itself monitoring mechanism and script tool, provides one kind for Intelligent transformer station automated system For the solution of user operation commands and terminal echo real time monitoring.
The program will acquire the user command and terminal echo message of each terminal on monitored host, and be network security Detection device uploads alarm event.
1. the acquisition of user command
Existing Intelligent transformer station automated system is generally used for user in the monitoring of terminal operation order History order, all historical operations that user is checked in history order can be used in face under linux, while shell is ordered Operation note default is enabled to be stored in the .bash_history file of User Catalog.Shell life can be inquired by this file The execution history of order facilitates operation maintenance personnel and carries out system audit and problem investigation, while after server is by hacker attack, The history command operation of hacker's login service device can also be inquired.
History has recorded the history command that user inputs under each terminal, but also has following deficiency:
1.history record user command does not have real-time, user operation commands cannot be reported to network in real time Safety management platform.
The information of 2.history record does not have safety, and the record of user operation commands can be distorted arbitrarily, can be with Bash history is deleted by history-c.
3.history cannot record terminal echo message.
4.history can only area record different terminals order input information, cannot identify the execution user of each order.
User's operation history is recorded using PROMPT_COMMAND environmental variance under linux, environment is set in bash and is become PROMPT_COMMAND is measured, this order can be performed before user's prompt, can be used to record user's operation history.
Such as:
Export PROMPT_COMMAND='{ date "+%F%H:%M:%S.%N# $ (echo $ SRC_IP) # $ (echo$LOGINPID)#$(tty)#$(echo$PORT)#$(whoami)#$(echo$PWD)#$(echo$SSH_ CONNECTION)#$(history 1|{read x cmd;echo"$cmd";})";} > >/var/.mlog/`date'+%Y% M%d%H%M%S'`_bash.txt'.
After one order of each execution, environmental variance PROMPT_COMMAND will be performed the user of login system It is secondary, source IP that PROMPT_COMMAND can order this time being performed, the login ID of user, user to log in, user name, The information such as terminal, execution route are executed to be written in a specific file.
2. terminal information acquisition
2.1script tool brief introduction:
Scirpt is an order, it can make the record that a record is output to terminal.When user is in terminal or control Working hour on platform processed, script order can recorde lower user done it is a little what.This record, which can be regarded as, saves terminal trace The document of mark, the record can be saved and be printed again afterwards.
Script order may be very useful when needing to record or archive terminal activity, and record file can be stored as text File, it is possible to easily be opened with text editor.In the case where the conversation procedure of terminal is recorded using script order After coming, the result that scriptreplay is recorded can be used and play.The benefit of script is that user in the terminal All operations, the order struck and the result printed it can be recorded with chapter and verse, can be applied to teaching, Demonstration, audit.
Start logger using script order in the terminal, any order and appoint that user taps on the terminal at this time What end message will all be recorded by script.But all there are no quilts for all record information before script is stopped recording It is written in typescript file, only presses Ctrl+D in the terminal, or input exit can just exit present terminal Record activity.At this moment script can just be written to record information before in typescript file.Stop it in script It is no any record information in preceding typescript file.
2.2script tool there are the problem of:
(1) record of script does not have real-time: script can just remember historical operation information when present terminal exits It records in document.
(2) finding property of user: the starting of script needs user to key in script order in the terminal.
Summary of the invention
For the technical problems in the prior art, the purpose of the present invention is to provide users under a kind of linux system Terminal operation order and echo message monitoring method.
The technical solution of the present invention is as follows:
User terminal operations order and echo message monitoring method, step include: under a kind of linux system
1) whether monitoring system detection terminal starts, and when terminal starting, operating system is that terminal creation one is pseudo- eventually End pair: master0 and slave0, and the terminal logger script for triggering the terminal is automatically turned on;The terminal of each terminal is remembered It records and three subprocess input, output, bash1 is set in device script;
2) pseudo-terminal master0 is written in the operational order that operating system inputs user;The subprocess input of the terminal will The operational order is read from corresponding pseudo-terminal slave0 and establishes a pseudo-terminal pair: master1 and slave1;The terminal Subprocess input the operational order is written in pseudo-terminal master1, the subprocess bash1 of the terminal will be from corresponding The operational order is read in pseudo-terminal slave1 and is executed;The subprocess output of the terminal obtains the operational order and holds Terminal echo message after row;
3) monitoring system according to the user operation commands that get generates operation input infomational message, according to the end got Echo message is held to generate operation echo message message;Then by the operation input infomational message, operation echo message message hair Give network security monitoring device.
Further, the monitoring system obtains user and is logged in by configuring the .bashrc file under user family's catalogue The terminal number of terminal and the terminal logger script automatic opening for triggering the terminal;Terminal logger script obtains the terminal Number and record the every operational order of user in the terminal;Monitoring system finds corresponding terminal according to every operational order and returns Display information.
Further, the subprocess output obtains the terminal echo message after the operational order executes and is write Enter under specified directory and with terminal number to record file designation.
Further, the pseudo-terminal is to for a pair of of character device.
Further, the terminal echo message is written in pseudo-terminal slave1 by the subprocess bash1, the son Process output process will obtain the terminal echo message from pseudo-terminal master1.
Further, the format of the operational order are as follows: user logs in type # terminal number # user name # operation catalogue # behaviour Make time & order # user operation commands.
Further, the operation input infomational message, operate echo message message message format include heading, Message body and message trailer three parts;Wherein, heading includes that message identification, type of message, parameter/return value and message content are long Information is spent, message body includes message content information, and message trailer includes message trailer mark and message content verification and information.
Further, host ip, login IP, login time, operating time, user name are included in the message content.
User terminal operations order and echo message monitoring system under a kind of linux system, which is characterized in that including monitoring System, network security monitoring device and several terminals;Three subprocess are set in the terminal logger script of each terminal input,output,bash1;Wherein,
The monitoring system, for detecting whether terminal starts, when terminal starting, operating system is terminal creation One pseudo-terminal pair: master0 and slave0, and the terminal logger script for triggering the terminal is automatically turned on, and user is inputted Operational order be written pseudo-terminal master0;And according to the user operation commands that get generate operation input infomational message, Operation echo message message is generated according to the terminal echo message got;Then by the operation input infomational message, operation Echo message message is sent to network security monitoring device;
Subprocess input, for reading the operational order from corresponding pseudo-terminal slave0 and establishing a pseudo-terminal It is right: master1 and slave1;And the operational order is written in pseudo-terminal master1;
Subprocess bash1, for reading the operational order from corresponding pseudo-terminal slave1 and executing;
Subprocess output, for obtaining the terminal echo message after the operational order executes.
Compared with current existing the relevant technologies, the positive effect of the present invention are as follows:
1) real-time: compared to history and script order, which can be by the operational order and terminal of user Upper corresponding echo message passes through Transmission Control Protocol in real time and is reported to network security monitoring device.
2) safety: the user's operation information and echo message of history and scprit command record are recorded in accordingly Public documents in can arbitrarily be modified and delete by user, in this solution, the operation information and terminal of user echoes letter Breath just acquires and is sent to network security monitoring device, original record file by agent at once after user command is performed Also it can be purged immediately.
3) user's transparency: user opens the starting of terminal monitoring silence, has accomplished fully transparent to user.
Detailed description of the invention
Fig. 1 is angent monitoring system overall flow figure;
Fig. 2 is the work architecture diagram of script module;
Fig. 3 is pseudo-terminal structure chart.
Specific embodiment
Technical solution in embodiment in order to enable those skilled in the art to better understand the present invention, and make of the invention Objects, features and advantages can be more obvious and easy to understand, makees with reference to the accompanying drawing to technological core in the present invention further details of Explanation.It should be appreciated that described herein, specific examples are only used to explain the present invention, is not intended to limit the present invention.
User terminal operations order and echo message monitoring method are integrally introduced under 1.Linux system
The present invention is user operation commands to be acquired using bash environmental variance, by changing based on linux operating system platform Write script tool acquisition terminal echo message.The operational order and echo message that monitoring system will acquire generate operation respectively Infomational message and operation echo message message are inputted, and is communicated using Transmission Control Protocol and far-end network safety monitoring assembly, provides one Kind has the user's operation monitoring scheme of real-time.
It opens a terminal after logging in system by user, the command information and echo message in terminal can be recorded in corresponding file In the middle.Monitoring system can read the operation information of user from corresponding document, will be used after handling by analysis by Transmission Control Protocol The operation information and echo message at family are sent to network security monitoring device in real time.
Workflow is as shown in Figure 1:
(1) the various information of the user will be recorded in environmental variance after logging in system by user;
By configure/etc/profile file judges that user is local log-on, ssh is logged in or X11 is logged in.
By configuring the .bashrc file acquisition user's operation terminal number under user family's catalogue
LINX_PTS=`/usr/sbin/lsof-p $ $ | grep/dev/pts/ | head-1 | awk'{ print $ 9 } ' `
If the bash is started by terminal, LINX_PTS is sky.
(2) after user opens any terminal, script (terminal logger) will be automatically turned on, and terminal echo message will It can be recorded under specified directory;
By configuring the .bashrc file under user family's catalogue, script is triggered when user opens any terminal:
LINX_SMP_ECHO=`cat/usr/share/smp/linx_config 2 >/dev/null | grep^ECHO= Yes` // judge terminal echo monitoring function whether is opened in configuration file
(3) the every operational order of user in the terminal will be recorded in file and be stored in/var/.mlog (this Catalogue is to store all operational order files, and it is operating time+shell type that operational order, which records file designation) under;
It (4), can be according to the terminal number of this information in/var/linx_ after agent reads the operational order of user Corresponding terminal echo message is found under agnet (file of catalogue deposit operation command execution results echo);
(5) collected finish message is sent to network security by Transmission Control Protocol at after unified message format by agent Monitoring device.
Module design
(1) script terminal records module brief introduction
It is to introduce the process of script record user operation commands echo for ssh is logged in below
When user logs on to system by ssh, sshd service meeting fork goes out a subprocess to start bash.
Bash can execute the .bashrc script under user family's catalogue on startup, which judges that this bash starts It whether is that a new user terminal is opened, if it is true, script if will will start script and monitor this terminal.
It is input, output, bash1 respectively that Script, which will open three subprocess,.
After .bashrc script startup script, user's order entered from the keyboard will eventually be got by bash1 And execute, returning the result for order will be got by output process and the text under specified directory is written in terminal return information In part.
(2) rewriting to script module: following code is added in dooutput () function
Dooutput () function of output process passes through the above code after getting user operation commands implementing result User's operation echo message is recorded under specified directory and with terminal number to record file designation in real time.
(2) acquisition process of terminal echo
Master and slave in Fig. 2 are terminal device file, and " terminal " desktop programs that user opens, are one in fact Kind terminal emulator.When terminal emulator operation, it creates a pseudo-terminal by the/dev/ptmx opening end master It is right, and shell is allowed to operate in the end slave.When user presses keyboard in terminal emulator, it generates byte stream and writes Enter in master, shell can read input from slave;Slave is written in output content by the subprogram of shell and it In, it is responsible for character print by terminal emulator into window.
Pseudo-terminal: pseudo-terminal is that pseudo-terminal master and pseudo-terminal slave (terminal device file) this pair of of character is set It is standby./ dev/ptmx is the file for creating a pair of of master, slave.When a process opens it, one is obtained The filec descriptor of master, while a slave device file is created at/dev/pts.
The end master is closer to one end of user display, keyboard, and the end slave is the CLI run on virtual terminal (command line interface) program.The pseudo-terminal driver of Linux can be transmitted to " data of the end master (such as keyboard) write-in " The end slave is inputted for program, and " data at the program write-in end slave " are transmitted to the end master and are read for (display driving etc.) It takes.
Script creates a new pseudo-terminal to (master1, slave1) on startup, to create master, Slave pairs, it is only necessary to call opening/dev/ptmx file with open system, the filec descriptor of master can be obtained.Together When, a device file has been created in/dev/pts, indicates the end slave.
System automatically creates pseudo-terminal to (master0 and slave0) after user opens terminal, and user inputs from keyboard Order write-in master0 pseudo-terminal will be serviced by sshd, input process will read use from corresponding slave0 pseudo-terminal Family order.
Input re-writes the user command read in newly-built pseudo-terminal master1, and bash1 will be from slave1 In read operational order and the execution of user.
The implementing result of operational order is written in slave1 by bash1, and output process will be got from master1 The operational order implementing result of bash1.
Corresponding/var/linx_ is written after taking user operation commands implementing result, by the result in output process In respective file and terminal number is indicated under agent/, then the command execution results are written in original pseudo-terminal slave0.
Sshd will read the implementing result of user operation commands from master0 and print to the operating terminal of user On.
By above-mentioned process, the implementing result of user operation commands is successfully truncated in specified file by script, user Operating terminal in equally understand the implementing result of print command, interception process will not generate any influence to the operation of user.
(3) agent monitoring module
Command information and terminal echo message are obtained from corresponding document:
Agent monitoring process obtains the operational order of user by the file under circulation reading/var/.mlog/.
The format of user operation commands are as follows: user logs in type # terminal number # user name # operation catalogue # operating time & life Enable # user operation commands
Example: SSH_LOGIN#pts/6#root#/root/222/test#20180910-133853%N:ls #ls
After agent monitoring process gets the operational order of user, can according to the # terminal number # in above-mentioned character string/ Corresponding order echo destination file is found under var/linux_agent/, the content in this document is both that user command is held Echo message after row in terminal.
The warning message of corresponding type is generated according to collected information:
Agent establishes an interface channel using customized Transmission Control Protocol and network security monitoring device.TCP connection is length Connection, supports the connection heartbeat detection based on TCPkeepalive, and agent process is monitored by the TCP connection to network security Device reports acquisition information.When there is TCP connection interruption, agent actively re-establishes TCP connection.When reporting acquisition information TCP connection channel when switching, guarantee that the acquisition information reported is not lost.
Message format includes heading, message body and message trailer three parts, and specific message format is shown in Table 1.
The definition of 1 message format of table
Message content:
Include the basic of the operation users such as host ip, login IP, login time, operating time, user name in message content Information.For user immediately, agent will record down the information such as the login IP, login time, registration terminal number of the user.Work as agent When the operational order and terminal for collecting user echo, it will looked into the chained list that agent is safeguarded according to the user name in data It askes, the log-on message of the user.
User's operation inputs infomational message content such as table 2.
2. operation input information of table
User's operation echo message message content such as table 3.
3. user's operation echo message of table
Embodiments of the present invention above described embodiment only expresses, description is more specific, but can not therefore manage Solution is limitations on the scope of the patent of the present invention.It should be pointed out that for those of ordinary skill in the art, not departing from this hair Under the premise of bright design, various modifications and improvements can be made, and these are all within the scope of protection of the present invention.Therefore, this hair The protection scope of bright patent should be determined by the appended claims.

Claims (10)

1. user terminal operations order and echo message monitoring method, step include: under a kind of linux system
1) whether monitoring system detection terminal starts, and when terminal starting, operating system is that the terminal creates a pseudo-terminal pair: Master0 and slave0, and the terminal logger script for triggering the terminal is automatically turned on;The terminal logger of each terminal Three subprocess input, output, bash1 are set in script;
2) pseudo-terminal master0 is written in the operational order that operating system inputs user;The subprocess input of the terminal will be from phase The pseudo-terminal slave0 answered reads the operational order and establishes a pseudo-terminal pair: master1 and slave1;The son of the terminal The operational order is written in pseudo-terminal master1 process input, and the subprocess bash1 of the terminal will be from corresponding puppet eventually The operational order is read in the slave1 of end and is executed;After the subprocess output of the terminal obtains the operational order execution Terminal echo message;
3) monitoring system is returned according to the user operation commands generation operation input infomational message got, according to the terminal got Display information generates operation echo message message;Then the operation input infomational message, operation echo message message are sent to Network security monitoring device.
2. the method as described in claim 1, which is characterized in that the monitoring system is by configuring under user family's catalogue .bashrc file, obtains the terminal number of user institute registration terminal and the terminal logger script for triggering the terminal is automatically turned on; Terminal logger script obtains the terminal number and records the every operational order of user in the terminal;Monitoring system is according to every Operational order finds corresponding terminal echo message.
3. method according to claim 2, which is characterized in that after the subprocess output obtains the operational order execution Terminal echo message and be written under specified directory and with terminal number to record file designation.
4. the method as described in claim 1, which is characterized in that the pseudo-terminal is to for a pair of of character device.
5. the method as described in claim 1, which is characterized in that the terminal echo message is written the subprocess bash1 Into pseudo-terminal slave1, the subprocess output process will obtain the terminal echo message from pseudo-terminal master1.
6. the method as described in claim 1, which is characterized in that the format of the operational order are as follows: user logs in type # terminal Number # user name # operates catalogue # operating time & order # user operation commands.
7. the method as described in claim 1, which is characterized in that the operation input infomational message, operation echo message message Message format include heading, message body and message trailer three parts;Wherein, heading include message identification, type of message, Parameter/return value and message content length information, message body include message content information, and message trailer includes message trailer mark and report Literary content authentication and information.
8. the method for claim 7, which is characterized in that when in the message content comprising host ip, login IP, login Between, operating time, user name.
9. user terminal operations order and echo message monitoring system under a kind of linux system, which is characterized in that be including monitoring System, network security monitoring device and several terminals;Three subprocess are set in the terminal logger script of each terminal input,output,bash1;Wherein,
The monitoring system, for detecting whether terminal starts, when terminal starting, operating system is that terminal creation one is pseudo- Terminal pair: master0 and slave0, and the terminal logger script for triggering the terminal is automatically turned on, the behaviour that user is inputted Make order write-in pseudo-terminal master0;And operation input infomational message, basis are generated according to the user operation commands got The terminal echo message got generates operation echo message message;Then the operation input infomational message, operation are echoed Infomational message is sent to network security monitoring device;
Subprocess input, for reading the operational order from corresponding pseudo-terminal slave0 and establishing a pseudo-terminal pair: Master1 and slave1;And the operational order is written in pseudo-terminal master1;
Subprocess bash1, for reading the operational order from corresponding pseudo-terminal slave1 and executing;
Subprocess output, for obtaining the terminal echo message after the operational order executes.
10. system as claimed in claim 9, which is characterized in that the subprocess output obtains the operational order and executes Rear terminal echo message is simultaneously written under specified directory and with terminal number to record file designation.
CN201811249220.2A 2018-10-25 2018-10-25 User terminal operations order and echo message monitoring method under a kind of linux system Pending CN109347698A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811249220.2A CN109347698A (en) 2018-10-25 2018-10-25 User terminal operations order and echo message monitoring method under a kind of linux system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811249220.2A CN109347698A (en) 2018-10-25 2018-10-25 User terminal operations order and echo message monitoring method under a kind of linux system

Publications (1)

Publication Number Publication Date
CN109347698A true CN109347698A (en) 2019-02-15

Family

ID=65311811

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811249220.2A Pending CN109347698A (en) 2018-10-25 2018-10-25 User terminal operations order and echo message monitoring method under a kind of linux system

Country Status (1)

Country Link
CN (1) CN109347698A (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112165469A (en) * 2020-09-18 2021-01-01 中国船舶重工集团公司第七一四研究所 Method for detecting deformed shell
CN112383520A (en) * 2020-11-02 2021-02-19 杭州安恒信息安全技术有限公司 Honeypot system attack playback method, honeypot system attack playback device, storage medium and equipment
CN112636996A (en) * 2020-11-16 2021-04-09 中标软件有限公司 Network security monitoring system and method for distinguishing operation command and echoing in terminal information acquisition
CN113395287A (en) * 2021-06-22 2021-09-14 杭州默安科技有限公司 Method and system for recording network attack IP and command execution echo
CN113449298A (en) * 2020-03-24 2021-09-28 百度在线网络技术(北京)有限公司 Detection method, device, equipment and medium for rebounding shell process
CN115469943A (en) * 2022-09-22 2022-12-13 安芯网盾(北京)科技有限公司 Detection method and device for JAVA virtual terminal command execution

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107483409A (en) * 2017-07-21 2017-12-15 南京南瑞集团公司 A kind of method that operational order towards industry control operating system monitors echo in real time

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107483409A (en) * 2017-07-21 2017-12-15 南京南瑞集团公司 A kind of method that operational order towards industry control operating system monitors echo in real time

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
FREEBSD,: ""Pseudo Terminal"", 《HTTP://WWW.FREEBSD.ORG/CGI/MAN.CGI?PTY》 *
彭淑芬等,: ""Linux伪终端设备及其在L2TP中的应用"", 《计算机工程与设计》 *
王伟杰,: ""嵌入式可视化协同调试技术的研究与应用"", 《中国优秀硕士学位论文全文数据库-信息科技辑》 *

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113449298A (en) * 2020-03-24 2021-09-28 百度在线网络技术(北京)有限公司 Detection method, device, equipment and medium for rebounding shell process
CN113449298B (en) * 2020-03-24 2023-09-05 百度在线网络技术(北京)有限公司 Detection method, device, equipment and medium for rebound shell process
CN112165469A (en) * 2020-09-18 2021-01-01 中国船舶重工集团公司第七一四研究所 Method for detecting deformed shell
CN112165469B (en) * 2020-09-18 2023-04-18 中国船舶重工集团公司第七一四研究所 Method for detecting deformed shell
CN112383520A (en) * 2020-11-02 2021-02-19 杭州安恒信息安全技术有限公司 Honeypot system attack playback method, honeypot system attack playback device, storage medium and equipment
CN112636996A (en) * 2020-11-16 2021-04-09 中标软件有限公司 Network security monitoring system and method for distinguishing operation command and echoing in terminal information acquisition
CN113395287A (en) * 2021-06-22 2021-09-14 杭州默安科技有限公司 Method and system for recording network attack IP and command execution echo
CN113395287B (en) * 2021-06-22 2022-06-28 杭州默安科技有限公司 Method and system for recording network attack IP and command execution echo
CN115469943A (en) * 2022-09-22 2022-12-13 安芯网盾(北京)科技有限公司 Detection method and device for JAVA virtual terminal command execution

Similar Documents

Publication Publication Date Title
CN109347698A (en) User terminal operations order and echo message monitoring method under a kind of linux system
CN107241229A (en) A kind of business monitoring method and device based on interface testing instrument
CN106778264A (en) The application program analysis method and analysis system of a kind of mobile client
US11897527B2 (en) Automated positive train control event data extraction and analysis engine and method therefor
CN109816349A (en) A kind of test verification management platform
US20170185505A1 (en) Systems and methods for implementing an automated parallel deployment solution
CN110650137A (en) Coal mine network abnormal behavior early warning method, system, equipment and readable storage medium
US9183117B2 (en) Method for developing and testing a connectivity driver for an instrument
US11449408B2 (en) Method, device, and computer program product for obtaining diagnostic information
CN108897633A (en) A kind of method for diagnosing faults and device based on machine data
CN111552245A (en) Remote monitoring and processing method, device, equipment and medium for environmental protection water projects
US8150471B2 (en) Network monitoring system
Barakat et al. Windows forensic investigations using powerforensics tool
WO2023200597A1 (en) Automated positive train control event data extraction and analysis engine for performing root cause analysis of unstructured data
CN114064510A (en) Function testing method and device, electronic equipment and storage medium
CN114499984A (en) Identity authentication method, device, equipment and medium based on AI and RPA
CN111861363A (en) License management system and method
JP2002351702A (en) Method and device for preparing terminal operation statistical data utilizing online
US11894981B1 (en) Systems and methods for generating soar playbooks
US9342522B2 (en) Computer implemented system for analyzing a screen-based user session of a process in a network environment
CN115037598B (en) Equipment emergency processing method and device, computer equipment and storage medium
CN217113325U (en) Cross-system automatic login, input and data integration unified data display system
US11861509B2 (en) Automated positive train control event data extraction and analysis engine for performing root cause analysis of unstructured data
CN114844691B (en) Data processing method and device, electronic equipment and storage medium
CN115033852A (en) Credential processing method, device and equipment for realizing IA (IA) related to RPA (resilient packet Access) and AI (Artificial Intelligence architecture) processes

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20190215