CN109560964A - A kind of equipment closes rule inspection method and device - Google Patents

A kind of equipment closes rule inspection method and device Download PDF

Info

Publication number
CN109560964A
CN109560964A CN201811425390.1A CN201811425390A CN109560964A CN 109560964 A CN109560964 A CN 109560964A CN 201811425390 A CN201811425390 A CN 201811425390A CN 109560964 A CN109560964 A CN 109560964A
Authority
CN
China
Prior art keywords
rule
relation
conjunction
equipment
checked
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811425390.1A
Other languages
Chinese (zh)
Other versions
CN109560964B (en
Inventor
张玉妹
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
New H3C Technologies Co Ltd
Original Assignee
New H3C Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by New H3C Technologies Co Ltd filed Critical New H3C Technologies Co Ltd
Priority to CN201811425390.1A priority Critical patent/CN109560964B/en
Publication of CN109560964A publication Critical patent/CN109560964A/en
Application granted granted Critical
Publication of CN109560964B publication Critical patent/CN109560964B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0866Checking the configuration
    • H04L41/0869Validating the configuration within one network element

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Stored Programmes (AREA)

Abstract

The embodiment of the invention provides a kind of equipment to close rule inspection method and device, it includes: to receive the conjunction rule that user inputs to check instruction that equipment, which closes rule inspection method, wherein, it closes rule and checks that the facility information in instruction including equipment to be checked and the corresponding conjunction of equipment to be checked advise rule relation, closing rule rule relation includes multiple logical relations closed between rule rule;According to the facility information of equipment to be checked, the inspection result closed and close rule rule in rule rule relation is determined;According to closing rule rule relation and closing the inspection result of conjunction rule rule in rule rule relation, the conjunction rule inspection result of equipment to be checked is calculated.By this programme, may be implemented to close the flexible configuration that rule check.

Description

A kind of equipment closes rule inspection method and device
Technical field
The present invention relates to technical field of network security, close rule inspection method and device more particularly to a kind of equipment.
Background technique
With universal, the especially extensive use of wireless network of network, working efficiency and life are greatly improved just Victory.Based on the considerations of network operation safety, it is desirable that carry out closing rule inspection to the configuration of the network equipment, such as to the ring of equipment Road checks, equipment accesses configuration inspection etc., meets national information security regulations or company's pipe in the configuration for determining the network equipment Under the conditions of as defined in reason, guarantee that network is chronically at a safe and stable running environment.
Current equipment is closed in rule inspection method, checks that each single item of equipment configures by webmastering software, each determining After item configuration all reaches the inspection result for closing rule, determine that equipment is to close to advise.However, this close all inspections of rule inspection requirements As a result closing rule can just determine that equipment is to close rule, and conjunction rule, which check, not can configure.
Summary of the invention
A kind of equipment of being designed to provide of the embodiment of the present invention closes rule inspection method and device, closes what rule checked to realize Flexible configuration.Specific technical solution is as follows:
In a first aspect, the embodiment of the invention provides a kind of equipment to close rule inspection method, which comprises
The conjunction rule of reception user's input, which check, to be instructed, and the conjunction rule check the facility information in instruction including equipment to be checked Rule relation is advised in conjunction corresponding with the equipment to be checked, and the rule rule relation that closes includes that multiple logics closed between rule rule are closed System;
According to the facility information of the equipment to be checked, the inspection knot for closing and closing rule rule in rule rule relation is determined Fruit;
The inspection result that conjunction rule are regular in rule relation and the conjunction rule rule relation is advised according to described close, described in calculating Inspection result is advised in the conjunction of equipment to be checked.
Second aspect, the embodiment of the invention provides a kind of equipment to close rule check device, and described device includes:
Receiving module, the conjunction rule for receiving user's input check instruction, and the conjunction rule check in instruction to include to be checked Rule relation is advised in the facility information of equipment and the corresponding conjunction of the equipment to be checked, and the conjunction rule rule relation includes multiple conjunction rule Logical relation between rule;
Determining module determines in the conjunction rule rule relation for the facility information according to the equipment to be checked and closes rule The inspection result of rule;
Computing module, for closing rule rule relation and the inspection for closing conjunction rule rule in rule rule relation according to described As a result, inspection result is advised in the conjunction for calculating the equipment to be checked.
The third aspect, the embodiment of the invention provides a kind of inspection system, including processor and machine readable storage medium, The machine readable storage medium is stored with the machine-executable instruction that can be executed by the processor, and the processor is by institute It states machine-executable instruction to promote: executing method and step described in first aspect of the embodiment of the present invention.
Fourth aspect, the embodiment of the invention provides a kind of machine readable storage mediums, and for storing, machine is executable to be referred to It enables, when being called and being executed by processor, the machine-executable instruction promotes the processor: executing the embodiment of the present invention the Method and step described in one side.
A kind of equipment provided in an embodiment of the present invention closes rule inspection method and device, and inspection is advised in the conjunction by receiving user's input Instruction is looked into, rule relation is advised according to the facility information of equipment to be checked in conjunction rule inspection instruction and the corresponding conjunction of equipment to be checked, It determines the inspection result closed and close rule rule in rule rule relation, closes rule rule in rule rule relation according to closing rule rule relation and closing Inspection result then calculates the conjunction rule inspection result of equipment to be checked.The facility information of equipment to be checked and equipment pair to be checked The conjunction rule rule relation answered is user's input, and user can be configured in conjunction rule rule relation according to demand between multiple conjunction rule rules Logical relation, realize pairing rule check flexible configuration.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with It obtains other drawings based on these drawings.
Fig. 1 is that the equipment of one embodiment of the invention closes the flow diagram of rule inspection method;
Fig. 2 is that the equipment of another embodiment of the present invention closes the flow diagram of rule inspection method;
Fig. 3 is that the equipment of further embodiment of this invention closes the flow diagram of rule inspection method;
Fig. 4 is the structural schematic diagram that the equipment of the embodiment of the present invention closes rule check device;
Fig. 5 is the structural schematic diagram of the inspection system of the embodiment of the present invention.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other Embodiment shall fall within the protection scope of the present invention.
In order to guarantee the normal operation of network, the embodiment of the invention provides a kind of equipment to close rule inspection method, device, inspection Look into system and machine readable storage medium.Equipment conjunction rule inspection method is provided for the embodiments of the invention first below to be situated between It continues.
The executing subject that equipment provided by the embodiment of the present invention closes rule inspection method can be such as intelligent management platform Deng for checking that the inspection system of device security, equipment provided by the realization embodiment of the present invention close the mode of rule inspection method It can be at least one of the software, hardware circuit and logic circuit being set in executing subject mode.
As shown in Figure 1, a kind of equipment conjunction rule inspection method provided by the embodiment of the present invention, may include steps of:
S101, the conjunction rule for receiving user's input check instruction, wherein close rule and check to include setting for equipment to be checked in instruction Rule relation is advised in standby information and the corresponding conjunction of equipment to be checked, and closing rule rule relation includes that multiple logics closed between rule rule are closed System.
User input can close rule inspection instruction on the display page of the system of inspection, and rule inspection task, user are closed in creation It is advised by input conjunction and checks that instruction can configure the conjunction which equipment to be checked to carry out what logical relation to and advise inspection Therefore demand closes rule and checks that the facility information in instruction including equipment to be checked and the corresponding conjunction rule rule of equipment to be checked close System.Equipment to be checked can be in the networks such as any kind of equipment, such as intranet, campus area network, home network The network equipment, the equipment etc. in the production line of factory.Facility information can for equipment type (such as interchanger, The equipment of the network exchanges types such as routing, the equipment of the network securitys type such as firewall), or the position of equipment in a network Confidence breath can also be the information such as role or function that equipment undertakes in a network, certainly, due to closing setting for rule rule relation Setting can also be separately provided for each equipment, therefore, facility information can also for the device name of equipment, device type, MAC (Media Access Control, media access control) address, UDID (Unique Device Identifier, equipment Unique identification) etc. information.
Closing rule rule relation can be according to the network security requirement and equipment of national information security regulations or company Type is configured.Same type of equipment conjunction rule rule relation having the same can be set, each equipment also can be set Rule relation is advised with independent conjunction.Closing multiple logical relations closed between rule rule in rule rule relation can be inspection system base The influence degree of the safety of equipment is carried out to analyze setting in each rule rule of closing.
It closes rule rule relation and characterizes the different logical relations closed between rule rule, that is, closing rule rule relation can be by table It is indicated up to formula, includes: rule name (such as the user login validation rule, enabled global secret for closing rule rule in the expression formula Management rule, user, which log in, to be retried rule, user's concatenate rule, connects overtime rule etc.) and respectively the logic between conjunction rule rule is closed System (such as with arithmetic logic " AND " or arithmetic logic " OR " etc.) can also include that prioritization logic (can be used in expression formula " (", ") " indicate, i.e., the expression formula in bracket preferentially calculates).
For example, some, which closes rule inspection, is configured with 5 conjunctions rule rules, title is respectively user login validation rule, enables entirely Office's Password Management rule, user, which log in, retries rule, user's concatenate rule and connection time-out rule, for equipment A, the conjunction of setting Advise rule relation are as follows: (user login validation rule OR enables global secret management rule AND user login and retries rule) AND (user's concatenate rule OR connection time-out rule).
S102 determines the inspection result closed and close rule rule in rule rule relation according to the facility information of equipment to be checked.
S103 is calculated to be checked according to closing rule rule relation and closing the inspection result of conjunction rule rule in rule rule relation Inspection result is advised in the conjunction of equipment.
The final conjunction of equipment to be checked is advised inspection result and is determined by closing the regular inspection result of rule in conjunction rule rule relation, root The inspection result closed and close rule in rule rule relation can be determined according to the facility information of equipment to be checked, advise rule pass in conjunction with closing Inspection result is updated in conjunction rule rule relation expression formula by system, and the final conjunction rule of equipment to be checked can be calculated and check As a result.The test mode for closing rule rule in rule rule relation is closed, the configuration item for getting equipment to be checked is can be, is matched using this The Rule content for setting a rule of correspondence checks the configuration item, if meeting Rule content, then it is assumed that inspection result passes through, If being unsatisfactory for Rule content, then it is assumed that inspection result does not pass through.
Optionally, logical relation may include or arithmetic logic, and/or, with arithmetic logic.
Correspondingly, S103 is specifically as follows:
According to closing rule rule relation and closing the inspection result of conjunction rule rule in rule rule relation, calculated and fortune according to preferential The computation rule for calculating logic calculates the conjunction rule inspection result of equipment to be checked.
Network normal operation is influenced not to be the regular inspection result of very big conjunction rule, it can be corresponding in logical relation Setting or arithmetic logic, in addition to or arithmetic logic other than, can also include in logical operation and arithmetic logic, due to carry out with The conjunction rule rule of operation is higher for the influence degree of device security, therefore, preferential calculating and arithmetic logic, in all and fortune It calculates and all calculates end and then progress or operation, tied until finally obtaining operation result and being checked as the conjunction rule of equipment to be checked Fruit.Certainly, logical relation can also only include or arithmetic logic, at this point, requiring for the regular inspection result of equipment the widest Pine thinks that equipment closes rule as long as there is a conjunction rule rule to check as long as;Logical relation can also only include and arithmetic logic, this When, the regular inspection result of equipment is required the most harsh, it is desirable that all conjunction rule rules check by just thinking that equipment is closed Rule.
Optionally, logical relation can also include prioritization logic.
Correspondingly, S103 is specifically as follows:
According to closing rule rule relation and closing the inspection result of conjunction rule rule in rule rule relation, calculated preferentially according to preferential The computation rule of operation expression between starting character and preferential full stop calculates the conjunction rule inspection result of equipment to be checked.
If in logical relation in addition to or arithmetic logic other than, further include prioritization logic, usually calculated between preferential Operation expression between preferential starting character and preferential full stop, such as the calculation expression in round bracket (), the part have most High calculating priority, should calculate first, when calculating prioritization logic, if wherein having with operation has or operation again, It can then first carry out and be executed again with operation or operation.
It using this implementation column, is advised by the conjunction of reception user's input and checks instruction, advised according to conjunction to be checked in inspection instruction Rule relation is advised in the facility information of equipment and the corresponding conjunction of equipment to be checked, determines the inspection closed and close rule rule in rule rule relation As a result, calculating the conjunction of equipment to be checked according to closing rule rule relation and closing the inspection result of conjunction rule rule in rule rule relation Advise inspection result.The facility information of equipment to be checked and the corresponding conjunction rule rule relation of equipment to be checked are user's inputs, are used Family can configure according to demand closes multiple logical relations closed between rule rule in rule rule relation, realizes the spirit that pairing rule check Configuration living.Also, logical relation may include or arithmetic logic, and operating normally on network influences not being that rule is advised in very big conjunction Inspection result, can use or operation, even if these close the lower equipment inspection irregularity of rule rule, network will not be influenced Normal operation.
Based on above method embodiment, as shown in Fig. 2, a kind of equipment conjunction rule inspection method provided by the embodiment of the present invention Specific implementation, may include steps of:
S201, for each equipment, according to the rule name and Rule content of each preset rules in preset rules list, to this The rule that equipment carries out each preset rules one by one checks, and by the facility information of equipment, the rule name of preset rules and right The inspection result answered is stored in database with mapping mode.
Inspection system can carry out regular inspection to each equipment in advance, and what is recorded in preset rules list is preset rules The corresponding relationship of rule name and Rule content, such as rule name are user login validation rule, and corresponding Rule content is It does not include authentication-mode none (non-authentication mode);Rule name is enabled global secret management rule, right The Rule content answered be include password-control enable (enabled Password Management) etc..Pass through matching equipment in this way It sets and compares inspection, available inspection result with the Rule content in preset rules list.For example, if in device configuration Do not include authentication-mode none, then can determine that the equipment needs to carry out user login validation, correspondingly, with The inspection result of family login authentication rule is to pass through;If in device configuration including authentication-mode none, It can determine that the equipment does not need to carry out user login validation, correspondingly, the inspection result of user login validation rule is obstructed It crosses.For another example, if including password-control enable in device configuration, it is close can to determine that the equipment needs to enable Code management, correspondingly, the inspection result of enabled global secret management rule is to pass through;If not including in device configuration Password-control enable can then determine that the equipment does not need enabled Password Management, correspondingly, enabled global close The inspection result of code management rule is not pass through.
Inspection system can by the facility information of equipment, the rule name of preset rules and corresponding inspection result, with Mapping mode is stored in database, in order to can accurately read in the calculating of conjunction rule inspection result for carrying out equipment to be checked The inspection result for closing rule rule is got, and checks the inspection result that system can be recorded into user's output data library, so as to User can understand whether the every configuration for grasping equipment closes rule.
S202, the conjunction rule for receiving user's input check instruction, wherein close rule and check to include setting for equipment to be checked in instruction Rule relation is advised in standby information and the corresponding conjunction of equipment to be checked, and closing rule rule relation includes that multiple logics closed between rule rule are closed System.
S202 is identical as the S101 of embodiment illustrated in fig. 1, and which is not described herein again.
S203 respectively closes the regular rule name of rule according in the facility information of equipment to be checked and conjunction rule rule relation, from The inspection result closed and respectively close rule rule in rule rule relation is extracted in database.
Due to stored in database be the device name of equipment, the rule name of preset rules and inspection result mapping Relationship in the facility information for getting equipment to be checked and after closing rule rule relation, according to facility information and can close rule rule Rule name find corresponding close from database and advise regular inspection result.Inspection result includes passing through and not passing through two kinds Situation can be passed through with " 1 " expression, " 0 " indicates not pass through.
S204 advises rule relation according to closing, establishes rule relation formula.
Rule relation is advised according to closing, can establish rule relation formula, rule relation formula, which can be to close, advises regular close Logical operation description in system replaces with logical operator, and can use AND operator " && " it replaces and arithmetic logic description " AND ", use or operator " | | " replacement or arithmetic logic description " OR " etc. is then illustratively advised rule relation according to closing: (being used Family login authentication rule OR enables global secret management rule AND user login and retries rule) (user's concatenate rule OR connects AND Connect overtime rule), it can establish rule relation formula: (user login validation rule | | enabled global secret Guan Liguize && is used Family log in retry rule) && (user's concatenate rule | | connection time-out rule).Rule relation is advised based on closing, can be automatically generated The corresponding software code of rule relation formula improves realization effect without being manually based on He Gui rule relation software for editing code Rate.
S205 is calculated to be checked according to the inspection result and rule relation formula for respectively closing rule rule in rule rule relation is closed Inspection result is advised in the conjunction of equipment.
Extracting from database and closing the inspection result of rule rule is " 1 " or " 0 ", by its rule of substitution relation formula, The conjunction rule inspection result of equipment to be checked can be calculated.Assuming that the inspection result of user login validation rule is to pass through, make Can global secret management rule inspection result be do not pass through, user log in retry rule inspection result for pass through, Yong Hulian The inspection result for connecing rule is not pass through, connect the inspection result of overtime rule to pass through, then will be by corresponding " 1 " and obstructed It crosses corresponding " 0 " and substitutes into above-mentioned rule relation formula, available (1 | | 0&&1) && (0 | | 1).
Specifically, the calculating process of the conjunction rule inspection result of equipment to be checked is as follows:
According to sequence from left to right, character is identified from rule relation formula;If current character be " (", will " (" Deposit list and the position for recording the character;If current character is " 1 ", " 0 ", " && " and " | | ", it is directly stored in list;Such as Fruit current character be ") ", then will ") " deposit list and according to nearest one " (" position take out in list and be located at " (" and it is current Character ") " between operation expression carry out operation, in operation result replacement list " (", ") " and between operation express Formula.
For rule relation formula " (1 | | 0&&1) && (0 | | 1) ", take out first " 1 | | 0&&1 " it is calculated, it is preferential to count Calculate " && " operator, i.e. calculating " 0&&1 ", it obtains with operation result being " 0 ";It is obtained after using " 0 " replacement expression formula " 0&&1 " replacement To " 1 | | 0 ", continue to calculate " | | " operator, it obtains or operation result is " 1 ";Use " 1 " replacement expression formula " (1 | | 0&&1) ", Then the variation of rule relation formula is " 1&& (0 | | 1) ".
Continuation carries out to the right character recognition, take out " 0 | | 1 " it is calculated, it obtains or operation result is " 1 ";" 1 " is used to replace Expression formula " (0 | | 1) " is changed, then the variation of rule relation formula is " 1&&1 ", and finally obtaining operation result is " 1 ", i.e., this is to be checked The conjunction rule inspection result of equipment is to pass through.
It using this implementation column, is advised by the conjunction of reception user's input and checks instruction, advised according to conjunction to be checked in inspection instruction Rule relation is advised in the facility information of equipment and the corresponding conjunction of equipment to be checked, determines the inspection closed and close rule rule in rule rule relation As a result, calculating the conjunction of equipment to be checked according to closing rule rule relation and closing the inspection result of conjunction rule rule in rule rule relation Advise inspection result.The facility information of equipment to be checked and the corresponding conjunction rule rule relation of equipment to be checked are user's inputs, are used Family can configure according to demand closes multiple logical relations closed between rule rule in rule rule relation, realizes the spirit that pairing rule check Configuration living.Also, logical relation may include or arithmetic logic, with arithmetic logic, prioritization logic, to network operate normally shadow Sound is not the inspection result of very big conjunction rule rule, can use or operation, the conjunction being affected to network normal operation are advised The inspection result of rule can close rule and check more flexible, Neng Goubao using with operation or the higher priority of setting, equipment Demonstrate,prove the normal operation of network.Each rule of each equipment will be checked that inspection result data is perfect, but due to every Each rule of one equipment requires to check, checks that efficiency is lower.
Based on embodiment illustrated in fig. 1, as shown in figure 3, a kind of equipment conjunction rule inspection method provided by the embodiment of the present invention Specific implementation, may include steps of:
S301, the conjunction rule for receiving user's input check instruction, wherein close rule and check to include setting for equipment to be checked in instruction Rule relation is advised in standby information and the corresponding conjunction of equipment to be checked, and closing rule rule relation includes that multiple logics closed between rule rule are closed System.
S301 is identical as the S101 of embodiment illustrated in fig. 1, and which is not described herein again.
S302 advises rule relation according to closing, establishes rule relation formula.
Rule relation is advised according to closing, can establish rule relation formula, rule relation formula, which can be to close, advises regular close Logical operation description in system replaces with logical operator, and can use AND operator " && " it replaces and arithmetic logic description " AND ", use or operator " | | " replacement or arithmetic logic description " OR " etc. is then illustratively advised rule relation according to closing: (being used Family login authentication rule OR enables global secret management rule AND user login and retries rule) (user's concatenate rule OR connects AND Connect overtime rule), it can establish rule relation formula: (user login validation rule | | enabled global secret Guan Liguize && is used Family log in retry rule) && (user's concatenate rule | | connection time-out rule).
S303 carries out character recognition to rule relation formula from left to right, according to the operator recognized, determines to be checked Conjunction rule rule rule name.
Character recognition is carried out from left to right to rule relation formula, if current character is not " (", ") ", " && ", " | | " These four situations then save character and continue to identify to the right, " (", ") ", " && until encounter ", the one of which in " | | ", from And complete rule name is got, rule name can be stored in list." user login validation rule " in example as above, " enabled global secret management rule ", " user logs in and retries rule ", " user's concatenate rule ", " connection time-out rule ".Knowing It is clipped to " && " or when " | | " operator, the rule name in left side can be determined as to the rule name of conjunction rule rule to be checked Claim.
S304 reads rule name from preset rules list according to rule name and the facility information of equipment to be checked Corresponding Rule content.
S305 carries out regular inspection to equipment to be checked according to Rule content, obtains the inspection of conjunction rule rule to be checked As a result.
Due to being stored with the corresponding relationship of preset rules and Rule content in preset rules list, conjunction to be checked is being determined After the rule name of rule, the corresponding Rule content of rule name can be read from preset rules list, on this basis, Regular inspection is carried out to equipment to be checked, to obtain the inspection result that conjunction rule rule to be checked is " 1 " still " 0 ".
S306 calculates the conjunction of equipment to be checked according to the inspection result and rule relation formula of conjunction rule rule to be checked Advise inspection result.
By the inspection result rule of substitution relation formula of conjunction rule rule to be checked, equipment to be checked can be calculated Close rule inspection result.
Specifically, the calculating process of the conjunction rule inspection result of equipment to be checked is as follows:
According to sequence from left to right, character is identified from rule relation formula;If current character be " (", will " (" Deposit list and the position for recording the character;If current character is not " (", ") ", " && ", " | | " these four situations, it saves Character simultaneously continues to identify to the right, " (", ") ", " && until encounter ", the one of which in " | | ", to get complete rule Rule name can be stored in list by title;If current character is " && ", " | | ", it is directly stored in list;If current word Symbol for ") ", then will ") " deposit list and according to nearest one " (" position take out and be located at " (" and current character ") " in list Between operation expression carry out operation, in operation result replacement list " (", ") " and between operation expression.
For rule relation formula " (user login validation rule | | enabled global secret Guan Liguize && user logs in weight Try regular) && (user's concatenate rule | | connection time-out rule) ", take out first " user login validation rule | | it is enabled global close Code Guan Liguize && user logs in and retries rule " it calculates, preferential to calculate " && " operator, that is, calculate " enabled global secret Guan Liguize && user logs in and retries rule ", the rule for carrying out " enabled global secret management rule " to equipment checks that result is " user logs in and retries rule " is not then no longer carried out to the equipment according to the short circuit rule of operator by (being denoted as " 0 ") Rule checks, uses " 0 " replacement expression formula " enabled global secret management rule user, which logs in, retries rule ", obtains after replacement " user login validation rule | | 0 ";The rule for continuing to carry out the equipment " user login validation rule " checks that result is to pass through (being denoted as " 1 "), according to | | operator short circuit rule can determine that the result of this partial expression is " 1 ", use " 1 " substitution table Up to formula " user login validation rule | | enabled global secret Guan Liguize && user logs in and retries rule ", then rule relation formula Variation for " 1&& (and user's concatenate rule | | connection time-out rule) ".
Continuation carries out to the right character recognition, take out " user's concatenate rule | | connection time-out rule " it calculates, this is set The standby rule for carrying out " user's concatenate rule " checks that " connection is super by (being denoted as " 0 "), not continue to carry out the equipment for result When rule " rule check that result is that the result of this partial expression is then obtained by (being denoted as " 1 ") is " 1 ", use " 1 " to replace Change expression formula " user's concatenate rule | | connection time-out rule ", then rule relation formula variation be " 1&&1 ", finally obtain operation It as a result is 1, i.e. the conjunction rule inspection result of the equipment to be checked is to pass through.
It using this implementation column, is advised by the conjunction of reception user's input and checks instruction, advised according to conjunction to be checked in inspection instruction Rule relation is advised in the facility information of equipment and the corresponding conjunction of equipment to be checked, determines the inspection closed and close rule rule in rule rule relation As a result, calculating the conjunction of equipment to be checked according to closing rule rule relation and closing the inspection result of conjunction rule rule in rule rule relation Advise inspection result.The facility information of equipment to be checked and the corresponding conjunction rule rule relation of equipment to be checked are user's inputs, are used Family can configure according to demand closes multiple logical relations closed between rule rule in rule rule relation, realizes the spirit that pairing rule check Configuration living.Also, logical relation may include or arithmetic logic, with arithmetic logic, prioritization logic, to network operate normally shadow Sound is not the inspection result of very big conjunction rule rule, can use or operation, the conjunction being affected to network normal operation are advised The inspection result of rule can close rule and check more flexible, Neng Goubao using with operation or the higher priority of setting, equipment Demonstrate,prove the normal operation of network.According to the actual situation, if recognizing the AND operator in rule relation formula, and the AND operator The inspection result in left side is 0, according to operation short circuit rule, do not need again to check the conjunction on right side rule rule, directly may be used To determine the result with operation for 0, if recognizing in rule relation formula or operator, and on the left of the AND operator Inspection result is 1, according to or operation short circuit rule, do not need to right side conjunction rule rule check, can directly determine The result of this or operation is 1, it is seen then that does not need to check every rule of each equipment, checks that efficiency is higher.
Corresponding to above method embodiment, the embodiment of the invention provides a kind of equipment to close rule check device, such as Fig. 4 institute Show, which closes rule check device and may include:
Receiving module 410, the conjunction rule for receiving user's input check instruction, and the conjunction rule check in instruction to include to be checked The facility information and the corresponding conjunction rule rule relation of the equipment to be checked of equipment are looked into, the conjunction rule rule relation includes multiple conjunctions Logical relation between rule rule;
Determining module 420 is determined and is closed in the conjunction rule rule relation for the facility information according to the equipment to be checked The inspection result of rule;
Computing module 430, for closing rule rule according to described close in rule rule relation and the conjunction rule rule relation Inspection result is advised in inspection result, the conjunction for calculating the equipment to be checked.
Optionally, described device can also include:
Module is checked, for being directed to each equipment, according to the rule name and rule of each preset rules in preset rules list Content, the rule for carrying out each preset rules one by one to the equipment check, and by the facility information of equipment, the rule name of preset rules Title and corresponding inspection result are stored in database with mapping mode;
Then, the determining module 420, specifically can be used for: according to the facility information of the equipment to be checked and the conjunction The rule name for respectively closing rule rule in rule relation is advised, is extracted in the conjunction rule rule relation from the database and respectively closes rule rule Inspection result then;
Then, the computing module 430, specifically can be used for: advising rule relation according to the conjunction, establishes rule relation public affairs Formula;The inspection result for respectively closing rule rule in rule rule relation and the rule relation formula are closed according to described, is calculated described to be checked Look into the conjunction rule inspection result of equipment.
Optionally, described device can also include:
Identification module establishes rule relation formula for advising rule relation according to the conjunction;To the rule relation formula Character recognition is carried out from left to right, according to the operator recognized, determines the rule name of conjunction rule rule to be checked;
Then, the determining module 420, specifically can be used for: according to setting for the rule name and the equipment to be checked Standby information, reads the corresponding Rule content of the rule name from preset rules list;According to the Rule content to described Equipment to be checked carries out regular inspection, obtains the inspection result of the conjunction rule rule to be checked;
Then, the computing module 430, specifically can be used for: according to the inspection result of the conjunction rule rule to be checked and Inspection result is advised in the rule relation formula, the conjunction for calculating the equipment to be checked.
Optionally, the logical relation may include or arithmetic logic, and/or, with arithmetic logic;
The computing module 430, specifically can be used for:
Rule rule relation and the inspection result for closing conjunction rule rule in rule rule relation are closed according to described, according to preferential The computation rule with arithmetic logic is calculated, inspection result is advised in the conjunction for calculating the equipment to be checked.
Optionally, the logical relation can also include prioritization logic;
The computing module 430, specifically can be used for:
Rule rule relation and the inspection result for closing conjunction rule rule in rule rule relation are closed according to described, according to preferential The computation rule of the operation expression between preferential starting character and preferential full stop is calculated, inspection is advised in the conjunction for calculating the equipment to be checked Come to an end fruit.
It using this implementation column, is advised by the conjunction of reception user's input and checks instruction, advised according to conjunction to be checked in inspection instruction Rule relation is advised in the facility information of equipment and the corresponding conjunction of equipment to be checked, determines the inspection closed and close rule rule in rule rule relation As a result, calculating the conjunction of equipment to be checked according to closing rule rule relation and closing the inspection result of conjunction rule rule in rule rule relation Advise inspection result.The facility information of equipment to be checked and the corresponding conjunction rule rule relation of equipment to be checked are user's inputs, are used Family can configure according to demand closes multiple logical relations closed between rule rule in rule rule relation, realizes the spirit that pairing rule check Configuration living.
The embodiment of the invention also provides a kind of inspection systems, as shown in figure 5, including processor 501 and machine readable depositing Storage media 502, the machine readable storage medium 502 are stored with the executable finger of the machine that can be executed by the processor 501 It enables, the processor 501 is promoted by the machine-executable instruction: executing equipment provided by the embodiment of the present invention and close rule inspection All steps of method.
Above-mentioned machine readable storage medium may include RAM (Random Access Memory, random access memory), It also may include NVM (Non-Volatile Memory, nonvolatile memory), for example, at least a magnetic disk storage.It is optional , machine readable storage medium can also be that at least one is located remotely from the storage device of aforementioned processor.
Above-mentioned processor can be general processor, including CPU (Central Processing Unit, central processing Device), NP (Network Processor, network processing unit) etc.;Can also be DSP (Digital Signal Processing, Digital signal processor), ASIC (Application Specific Integrated Circuit, specific integrated circuit), FPGA column (Field-Programmable Gate Array, field-programmable gate array) or other programmable logic device are divided Vertical door or transistor logic, discrete hardware components.
In the present embodiment, processor passes through the machine-executable instruction stored in read machine readable storage medium storing program for executing, and leads to Cross and run the machine-executable instruction, can be realized: the conjunction rule by receiving user's input check instruction, refer to according to closing rule and checking Rule relation is advised in the facility information of equipment to be checked and the corresponding conjunction of equipment to be checked in order, is determined to close in rule rule relation and is closed rule The inspection result of rule is advised the inspection result for closing rule rule in rule relation according to closing rule rule relation and closing, is calculated to be checked Look into the conjunction rule inspection result of equipment.The facility information of equipment to be checked and the corresponding conjunction rule rule relation of equipment to be checked are users Input, user can configure according to demand closes multiple logical relations closed between rule rule in rule rule relation, realizes pairing Advise the flexible configuration checked.
In addition, the embodiment of the invention also provides a kind of machine readable storage mediums, for storing machine-executable instruction, When being called and being executed by processor, the machine-executable instruction promotes the processor: executing the embodiment of the present invention and is mentioned The equipment of confession closes all steps of rule inspection method.
In the present embodiment, machine readable storage medium is stored with executes equipment provided by the embodiment of the present invention at runtime Close the machine-executable instruction of rule inspection method, therefore can be realized: the conjunction rule by receiving user's input check instruction, according to It closes rule and checks that rule relation is advised in the facility information of equipment to be checked and corresponding conjunctions of equipment to be checked in instruction, determine that close rule regular The inspection result that rule rule is closed in relationship closes the regular inspection knot of rule according to closing to advise rule relation and close in rule rule relation Fruit calculates the conjunction rule inspection result of equipment to be checked.The facility information of equipment to be checked and the corresponding conjunction rule rule of equipment to be checked Then relationship is user's input, and user can configure the logics closed in rule rule relation between multiple conjunction rule rules according to demand and close System realizes the flexible configuration that pairing rule check.
For checking system and machine readable storage medium embodiment, the basic phase of method content that is related to due to it It is similar to embodiment of the method above-mentioned, so being described relatively simple, the relevent part can refer to the partial explaination of embodiments of method.
It should be noted that, in this document, relational terms such as first and second and the like are used merely to a reality Body or operation are distinguished with another entity or operation, are deposited without necessarily requiring or implying between these entities or operation In any actual relationship or order or sequence.Moreover, the terms "include", "comprise" or its any other variant are intended to Non-exclusive inclusion, so that the process, method, article or equipment including a series of elements is not only wanted including those Element, but also including other elements that are not explicitly listed, or further include for this process, method, article or equipment Intrinsic element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that There is also other identical elements in process, method, article or equipment including the element.
Each embodiment in this specification is all made of relevant mode and describes, same and similar portion between each embodiment Dividing may refer to each other, and each embodiment focuses on the differences from other embodiments.Especially for device, For inspection system and machine readable storage medium embodiment, since it is substantially similar to the method embodiment, so description Fairly simple, the relevent part can refer to the partial explaination of embodiments of method.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the scope of the present invention.It is all Any modification, equivalent replacement, improvement and so within the spirit and principles in the present invention, are all contained in protection scope of the present invention It is interior.

Claims (10)

1. a kind of equipment closes rule inspection method, which is characterized in that the described method includes:
The conjunction rule of reception user's input, which check, to be instructed, and the conjunction rule check facility information and institute in instruction including equipment to be checked The corresponding conjunction rule rule relation of equipment to be checked is stated, the rule rule relation that closes includes multiple logical relations closed between rule rule;
According to the facility information of the equipment to be checked, the inspection result closed and close rule rule in rule rule relation is determined;
Rule rule relation and the inspection result for closing conjunction rule rule in rule rule relation are closed according to described, is calculated described to be checked Look into the conjunction rule inspection result of equipment.
2. the method according to claim 1, wherein the method also includes: be directed to each equipment, according to default rule Then in list each preset rules rule name and Rule content, which is carried out one by one each preset rules rule check, And by the facility information of equipment, the rule name of preset rules and corresponding inspection result, database is stored in mapping mode;
Then, the facility information according to the equipment to be checked determines the inspection closed and close rule rule in rule rule relation As a result, comprising: rule regular rule name is respectively closed according to the facility information of the equipment to be checked and described close in rule rule relation Claim, extracts the inspection result closed and respectively close rule rule in rule rule relation from the database;
Then, described to close rule rule relation and the inspection result for closing conjunction rule rule in rule rule relation according to described, it calculates Inspection result is advised in the conjunction of the equipment to be checked, comprising: is advised rule relation according to the conjunction, is established rule relation formula;According to It is described to close the inspection result that rule rule is respectively closed in rule rule relation and the rule relation formula, calculate the equipment to be checked Close rule inspection result.
3. the method according to claim 1, wherein closing rule rule in the determination conjunction rule rule relation Inspection result before, the method also includes: according to the conjunction advise rule relation, establish rule relation formula;To the rule Then relation formula carries out character recognition from left to right, according to the operator recognized, determines the rule of conjunction rule rule to be checked Title;
Then, the facility information according to the equipment to be checked determines the inspection closed and close rule rule in rule rule relation As a result, comprising: according to the rule name and the facility information of the equipment to be checked, from preset rules list described in reading The corresponding Rule content of rule name;Regular inspection is carried out to the equipment to be checked according to the Rule content, is obtained described The inspection result of conjunction rule rule to be checked;
Then, described to close rule rule relation and the inspection result for closing conjunction rule rule in rule rule relation according to described, it calculates Inspection result is advised in the conjunction of the equipment to be checked, comprising: according to by the inspection result of the conjunction rule rule to be checked and described Inspection result is advised in rule relation formula, the conjunction for calculating the equipment to be checked.
4. method according to claim 1-3, which is characterized in that the logical relation includes or arithmetic logic, And/or with arithmetic logic;
It is described that the inspection result that conjunction rule are regular in rule relation and the conjunction rule rule relation is advised according to described close, described in calculating Inspection result is advised in the conjunction of equipment to be checked, comprising:
Rule rule relation and the inspection result for closing conjunction rule rule in rule rule relation are closed according to described, is calculated according to preferential With the computation rule of arithmetic logic, inspection result is advised in the conjunction for calculating the equipment to be checked.
5. according to the method described in claim 4, it is characterized in that, the logical relation further includes prioritization logic;
It is described that the inspection result that conjunction rule are regular in rule relation and the conjunction rule rule relation is advised according to described close, described in calculating Inspection result is advised in the conjunction of equipment to be checked, comprising:
Rule rule relation and the inspection result for closing conjunction rule rule in rule rule relation are closed according to described, is calculated according to preferential The computation rule of operation expression between preferential starting character and preferential full stop, the conjunction rule for calculating the equipment to be checked check knot Fruit.
6. a kind of equipment closes rule check device, which is characterized in that described device includes:
Receiving module, the conjunction rule for receiving user's input check instruction, and the conjunction rule check to include equipment to be checked in instruction Facility information and the corresponding conjunction of the equipment to be checked advise rule relation, the conjunctions rule rule relation include multiple conjunction advise it is regular Between logical relation;
Determining module determines in the conjunction rule rule relation for the facility information according to the equipment to be checked and closes rule rule Inspection result;
Computing module, for closing rule rule relation and the inspection knot for closing conjunction rule rule in rule rule relation according to described Inspection result is advised in fruit, the conjunction for calculating the equipment to be checked.
7. device according to claim 6, which is characterized in that described device further include:
Check module, for being directed to each equipment, according to the rule name and Rule content of each preset rules in preset rules list, The equipment is carried out one by one each preset rules rule check, and by the rule name of the facility information of equipment, preset rules with And corresponding inspection result, database is stored in mapping mode;
Then, the determining module, is specifically used for: according in the facility information of the equipment to be checked and conjunction rule rule relation Each rule name for closing rule rule extracts the inspection knot for closing and respectively closing rule rule in rule rule relation from the database Fruit;
Then, the computing module, is specifically used for: advising rule relation according to the conjunction, establishes rule relation formula;According to the conjunction The inspection result that rule rule is respectively closed in rule relation and the rule relation formula are advised, inspection is advised in the conjunction for calculating the equipment to be checked Come to an end fruit.
8. device according to claim 6, which is characterized in that described device further include:
Identification module establishes rule relation formula for advising rule relation according to the conjunction;To the rule relation formula from a left side The rule name of conjunction rule rule to be checked is determined according to the operator recognized to right carry out character recognition;
Then, the determining module, is specifically used for: according to the rule name and the facility information of the equipment to be checked, from pre- If reading the corresponding Rule content of the rule name in list of rules;According to the Rule content to the equipment to be checked into Line discipline inspection obtains the inspection result of the conjunction rule rule to be checked;
Then, the computing module, is specifically used for: according to the inspection result of the conjunction rule rule to be checked and the rule relation Inspection result is advised in formula, the conjunction for calculating the equipment to be checked.
9. according to the described in any item devices of claim 6-8, which is characterized in that the logical relation includes or arithmetic logic, And/or with arithmetic logic;
The computing module, is specifically used for:
Rule rule relation and the inspection result for closing conjunction rule rule in rule rule relation are closed according to described, is calculated according to preferential With the computation rule of arithmetic logic, inspection result is advised in the conjunction for calculating the equipment to be checked.
10. device according to claim 9, which is characterized in that the logical relation further includes prioritization logic;
The computing module, is specifically used for:
Rule rule relation and the inspection result for closing conjunction rule rule in rule rule relation are closed according to described, is calculated according to preferential The computation rule of operation expression between preferential starting character and preferential full stop, the conjunction rule for calculating the equipment to be checked check knot Fruit.
CN201811425390.1A 2018-11-27 2018-11-27 Equipment compliance checking method and device Active CN109560964B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811425390.1A CN109560964B (en) 2018-11-27 2018-11-27 Equipment compliance checking method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811425390.1A CN109560964B (en) 2018-11-27 2018-11-27 Equipment compliance checking method and device

Publications (2)

Publication Number Publication Date
CN109560964A true CN109560964A (en) 2019-04-02
CN109560964B CN109560964B (en) 2022-02-25

Family

ID=65867737

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811425390.1A Active CN109560964B (en) 2018-11-27 2018-11-27 Equipment compliance checking method and device

Country Status (1)

Country Link
CN (1) CN109560964B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112395193A (en) * 2020-11-17 2021-02-23 中国外运股份有限公司 Method and device for verifying nesting rule

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101063954A (en) * 2006-04-26 2007-10-31 明基电通股份有限公司 Method for examining configuration of radio communication device and relevant device thereof
CN104506351A (en) * 2014-12-18 2015-04-08 北京随方信息技术有限公司 Method and system for performing online full-automatic configuration of compliance safety audit
CN104601524A (en) * 2013-10-30 2015-05-06 北京神州泰岳软件股份有限公司 Security check method and system
CN105228138A (en) * 2015-08-28 2016-01-06 广东电网有限责任公司信息中心 A kind of safety detecting method of Wireless Communication Equipment and system
US20180278477A1 (en) * 2017-03-23 2018-09-27 International Business Machines Corporation Ranking health and compliance check findings in a data storage environment

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101063954A (en) * 2006-04-26 2007-10-31 明基电通股份有限公司 Method for examining configuration of radio communication device and relevant device thereof
CN104601524A (en) * 2013-10-30 2015-05-06 北京神州泰岳软件股份有限公司 Security check method and system
CN104506351A (en) * 2014-12-18 2015-04-08 北京随方信息技术有限公司 Method and system for performing online full-automatic configuration of compliance safety audit
CN105228138A (en) * 2015-08-28 2016-01-06 广东电网有限责任公司信息中心 A kind of safety detecting method of Wireless Communication Equipment and system
US20180278477A1 (en) * 2017-03-23 2018-09-27 International Business Machines Corporation Ranking health and compliance check findings in a data storage environment

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112395193A (en) * 2020-11-17 2021-02-23 中国外运股份有限公司 Method and device for verifying nesting rule

Also Published As

Publication number Publication date
CN109560964B (en) 2022-02-25

Similar Documents

Publication Publication Date Title
US20220050765A1 (en) Method for processing logs in a computer system for events identified as abnormal and revealing solutions, electronic device, and cloud server
RU2601148C1 (en) System and method for detecting anomalies when connecting devices
CN106778260A (en) Attack detection method and device
CN105721188A (en) Firewall strategy check method and system
CN104123496B (en) The hold-up interception method and device of a kind of rogue software, terminal
CN112183782A (en) Fault work order processing method and equipment
CN105446705A (en) Method and device used for determining configuration file feature
CN109144852A (en) Scan method, device, computer equipment and the storage medium of static code
CN111694752B (en) Application testing method, electronic device and storage medium
CN113792008A (en) Method and device for acquiring network topology structure, electronic equipment and storage medium
CN109560964A (en) A kind of equipment closes rule inspection method and device
KR102213460B1 (en) System and method for generating software whistlist using machine run
CN107948149A (en) Tactful self study and optimization method and device based on random forest
CN113282606A (en) Data processing method, data processing device, storage medium and computing equipment
CN110569987A (en) Automatic operation and maintenance method, operation and maintenance equipment, storage medium and device
CN110278123B (en) Checking method, checking device, electronic equipment and readable storage medium
CN109376064B (en) Method and equipment for generating interface test report
WO2018232958A1 (en) Forwarding node-based automatic upgrade method for terminal device, and forwarding node
CN105988998A (en) Relationship network establishment method and device
CN109981573A (en) Security incident response method and device
CN109446052B (en) Verification method and device for application program
CN106933888A (en) Database configuration management system
CN109284268A (en) A kind of method, system and the electronic equipment of fast resolving log
US20210117550A1 (en) Vulnerability analyzer
CN114064510A (en) Function testing method and device, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant