CN110245004A - Command executing method, device, equipment and computer readable storage medium - Google Patents
Command executing method, device, equipment and computer readable storage medium Download PDFInfo
- Publication number
- CN110245004A CN110245004A CN201910513302.1A CN201910513302A CN110245004A CN 110245004 A CN110245004 A CN 110245004A CN 201910513302 A CN201910513302 A CN 201910513302A CN 110245004 A CN110245004 A CN 110245004A
- Authority
- CN
- China
- Prior art keywords
- order
- target
- executes
- configuration file
- default
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45587—Isolation or security of virtual machine instances
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45595—Network integration; Enabling network access in virtual machine instances
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The present invention relates to the big data technical field of financial technology, a kind of command executing method, device, equipment and computer readable storage medium are disclosed.The command executing method includes: to obtain when receiving order and executing instruction and described order the target container for executing instruction middle carrying and pending order;Judge the pending order whether in default dangerous list;If the pending order in default dangerous list, does not obtain target cluster corresponding with the target container, and obtain original configuration file corresponding with the target cluster;Corresponding target is generated according to the original configuration file, the target container and the pending order and executes order, and target container described in the subcommand Telnet for passing through predetermined order row tool, is executed the target and is executed order.The present invention is able to solve the technical problem that safety is poor in order implementation procedure in the prior art.
Description
Technical field
The present invention relates to the big data technical field of financial technology (Fintech) more particularly to a kind of command executing method,
Device, equipment and computer readable storage medium.
Background technique
With the development of computer technology, more and more technology (big data, distribution, block chain Blockchain, people
Work intelligence etc.) it applies in financial field, traditional financial industry gradually changes to financial technology (Fintech), but due to finance
The safety of industry, requirement of real-time, also to technology, more stringent requirements are proposed.
Kubernetes is an Open Source Platform, for managing the application of the containerization in cloud platform in multiple main frames.
Kubernetes can be well matched with hardware resource management and hardware resource scheduling for container application, and user can be according to
Demand is by specific container allocation to specific Node (calculate node), thus using the hardware resource needed for it, thus
To being widely applied, many Internet enterprises or financial institution are constructed in production environment based on Kubernetes at present
Container cloud platform.Kubernetes provides command-line tool kubectl and its subcommand exec, for logging in container and interaction
Formula executes order, however, existing and being utilized during exectorial since user can arbitrarily execute various orders
The possibility that kubernetes loophole is attacked, it is poor so as to cause safety.
Summary of the invention
The main purpose of the present invention is to provide a kind of command executing method, device, equipment and computer-readable storage mediums
Matter, it is intended to solve the technical problem that safety is poor in order implementation procedure in the prior art.
To achieve the above object, the present invention provides a kind of command executing method, and the command executing method includes:
When receiving order and executing instruction, obtains and described order the target container for executing instruction middle carrying and pending life
It enables;
Judge the pending order whether in default dangerous list;
If the pending order in default dangerous list, does not obtain object set corresponding with the target container
Group, and obtain original configuration file corresponding with the target cluster;
Corresponding target, which is generated, according to the original configuration file, the target container and the pending order executes life
Target container described in the subcommand Telnet for enabling, and passing through predetermined order row tool, executes the target and executes order.
Optionally, the default dangerous list includes default blacklist and default gray list, and the judgement is described pending
Whether order is after the step in default dangerous list, further includes:
If the pending order returns to the prompt that refusal executes to corresponding user terminal in the default blacklist
Information;
If the pending order returns to indicating risk information in the default gray list, to the user terminal, and
When receiving the determination that user is returned based on the indicating risk information and executing instruction, step is executed: obtaining and the target
The corresponding target cluster of container, and obtain original configuration file corresponding with the target cluster.
Optionally, the step of acquisition original configuration file corresponding with the target cluster includes:
Encryption configuration file corresponding with the target cluster is obtained under predetermined directory;
Key is obtained from pre-set code, and is decrypted by encryption configuration file described in the key pair, and original is obtained
Beginning configuration file.
Optionally, the pre-set code is that the key is written obtained in original code by way of hard coded, institute
Stating encryption configuration file is to be encrypted to obtain to the original configuration file based on the key and default symmetric encipherment algorithm
's.
Optionally, the step of acquisition target cluster corresponding with the target container includes:
The query interface of preset configuration management database is called, is prestored in preset configuration management database with inquiring
Mapping relations between container and cluster;
Object set corresponding with the target container is obtained according to the mapping relations between the container and cluster prestored
Group.
Optionally, the command executing method further include:
Corresponding record of the audit is generated, and the record of the audit is stored to default audit database;Wherein, the audit
The content of record includes at least the letter of the user for ordering the order of the receiving time executed instruction, triggering to execute instruction
Breath, the target container, it is described it is pending order and the pending order judging result.
Optionally, the command executing method further include:
Order execute after the completion of, generate corresponding command execution results, and the command execution results are sent to pair
The user terminal answered.
In addition, to achieve the above object, the present invention also provides a kind of order executive device, the order executive device packet
It includes:
First obtains module, executes instruction middle carrying for when receiving order and executing instruction, obtaining the order
Target container and pending order;
Command judging module, for judging the pending order whether in default dangerous list;
Second obtains module, if obtaining and the target not in default dangerous list for the pending order
The corresponding target cluster of container, and obtain original configuration file corresponding with the target cluster;
Command execution module, for being given birth to according to the original configuration file, the target container and the pending order
Order, and target container described in the subcommand Telnet for passing through predetermined order row tool are executed at corresponding target, executes institute
It states target and executes order.
In addition, to achieve the above object, the present invention also provides a kind of orders to execute equipment, the order executes equipment packet
Include: the order that memory, processor and being stored in can be run on the memory and on the processor executes program, described
Order executes the step of realizing command executing method as described above when program is executed by the processor.
In addition, to achieve the above object, it is described computer-readable the present invention also provides a kind of computer readable storage medium
It is stored with order on storage medium and executes program, the order, which executes, realizes order as described above when program is executed by processor
The step of execution method.
The present invention provides a kind of command executing method, device, equipment and computer readable storage medium, is receiving order
When executing instruction, obtain the order execute instruction middle carrying target container and pending order;Judging the pending order is
It is no in default dangerous list, if the pending order obtains target corresponding with the target container not in dangerous list
Cluster, and obtain original configuration file corresponding with the target cluster;According to the original configuration file, target container and pending
Order generates corresponding target and executes order, and then passes through the subcommand Telnet target container of predetermined order row tool, and
Performance objective executes order.It is filtered by the above-mentioned means, the present invention can do detection in advance to pending order, can avoid user
Arbitrarily execute it is various there are the orders of risk, and then avoid being utilized the case where kubernetes loophole is attacked, therefore, this
The safety in order implementation procedure can be improved in invention.
Detailed description of the invention
Fig. 1 is the device structure schematic diagram for the hardware running environment that the embodiment of the present invention is related to;
Fig. 2 is the flow diagram of command executing method first embodiment of the present invention;
Fig. 3 is the functional block diagram of order executive device first embodiment of the present invention.
The embodiments will be further described with reference to the accompanying drawings for the realization, the function and the advantages of the object of the present invention.
Specific embodiment
It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not intended to limit the present invention.
Referring to Fig.1, Fig. 1 is the device structure schematic diagram for the hardware running environment that the embodiment of the present invention is related to.
Order of the embodiment of the present invention execute equipment can be smart phone, be also possible to PC (Personal Computer,
Personal computer), tablet computer, the terminal devices such as portable computer.
As shown in Figure 1, it may include: processor 1001, such as CPU, communication bus 1002, user that the order, which executes equipment,
Interface 1003, network interface 1004, memory 1005.Wherein, communication bus 1002 is for realizing the connection between these components
Communication.User interface 1003 may include display screen (Display), input unit such as keyboard (Keyboard), optional user
Interface 1003 can also include standard wireline interface and wireless interface.Network interface 1004 optionally may include having for standard
Line interface, wireless interface (such as Wi-Fi interface).Memory 1005 can be high speed RAM memory, be also possible to stable storage
Device (non-volatile memory), such as magnetic disk storage.Memory 1005 optionally can also be independently of aforementioned processing
The storage device of device 1001.
It does not constitute it will be understood by those skilled in the art that order shown in Fig. 1 executes device structure to order execution
The restriction of equipment may include perhaps combining certain components or different component cloth than illustrating more or fewer components
It sets.
As shown in Figure 1, as may include that operating system, network are logical in a kind of memory 1005 of computer storage medium
Believe that module, Subscriber Interface Module SIM and order execute program.
In terminal shown in Fig. 1, network interface 1004 is mainly used for connecting background server, carries out with background server
Data communication;User interface 1003 is mainly used for connecting client, carries out data communication with client;And processor 1001 can be with
For calling the order stored in memory 1005 to execute program, and execute following operation:
When receiving order and executing instruction, obtains and described order the target container for executing instruction middle carrying and pending life
It enables;
Judge the pending order whether in default dangerous list;
If the pending order in default dangerous list, does not obtain object set corresponding with the target container
Group, and obtain original configuration file corresponding with the target cluster;
Corresponding target, which is generated, according to the original configuration file, the target container and the pending order executes life
Target container described in the subcommand Telnet for enabling, and passing through predetermined order row tool, executes the target and executes order.
Further, the default dangerous list includes that default blacklist and default gray list, processor 1001 can be adjusted
Program is executed with the order stored in memory 1005, also executes following operation:
If the pending order returns to the prompt that refusal executes to corresponding user terminal in the default blacklist
Information;
If the pending order returns to indicating risk information in the default gray list, to the user terminal, and
When receiving the determination that user is returned based on the indicating risk information and executing instruction, step is executed: obtaining and the target
The corresponding target cluster of container, and obtain original configuration file corresponding with the target cluster.
Further, processor 1001 can call the order stored in memory 1005 to execute program, also execute following
Operation:
Encryption configuration file corresponding with the target cluster is obtained under predetermined directory;
Key is obtained from pre-set code, and is decrypted by encryption configuration file described in the key pair, and original is obtained
Beginning configuration file.
Further, the pre-set code is that the key is written obtained in original code by way of hard coded,
The encryption configuration file is encrypt to the original configuration file based on the key and default symmetric encipherment algorithm
It arrives.
Further, processor 1001 can call the order stored in memory 1005 to execute program, also execute following
Operation:
The query interface of preset configuration management database is called, is prestored in preset configuration management database with inquiring
Mapping relations between container and cluster;
Object set corresponding with the target container is obtained according to the mapping relations between the container and cluster prestored
Group.
Further, the default dangerous list includes that default blacklist and default gray list, processor 1001 can be adjusted
Program is executed with the order stored in memory 1005, also executes following operation:
Corresponding record of the audit is generated, and the record of the audit is stored to default audit database;Wherein, the audit
The content of record includes at least the letter of the user for ordering the order of the receiving time executed instruction, triggering to execute instruction
Breath, the target container, it is described it is pending order and the pending order judging result.
Further, the default dangerous list includes that default blacklist and default gray list, processor 1001 can be adjusted
Program is executed with the order stored in memory 1005, also executes following operation:
Order execute after the completion of, generate corresponding command execution results, and the command execution results are sent to pair
The user terminal answered.
Based on above-mentioned hardware configuration, each embodiment of command executing method of the present invention is proposed.
The present invention provides a kind of command executing method.
It is the flow diagram of command executing method first embodiment of the present invention referring to Fig. 2, Fig. 2.
In the present embodiment, which includes:
Step S10, when receiving order and executing instruction, obtain it is described order the target container for executing instruction middle carrying and
Pending order;
The command executing method of the present embodiment is to execute equipment by order to realize that the deployed with devices has through secondary encryption
The command-line tool kubectl that packs of mode, which is illustrated by taking server as an example.Wherein, secondary encryption should be passed through
The kubectl tool packed of mode, it may include user interface SSHDOCKER, order filtering module, Audit Module, collection mass selection
Select module, deciphering module, execution module and encryption configuration file, wherein SSHDOCKER is used to receive the input of user and incites somebody to action
Implementing result shows user, includes key in the source code of SSHDOCKER, order filtering module be used for receive to
It executes order and carries out detection filtering, the content that Audit Module is used to call is stored in default audit database, cluster selecting module
Corresponding target cluster is got for inquiring according to target container into preset configuration management database, deciphering module is used for root
Corresponding encryption configuration file is selected according to object set mass selection and encryption configuration file is decrypted, and execution module is executed for target
Command execution results are simultaneously returned to SSHDOCKER by the execution of order, which is based on generating at random in advance
What key and default symmetric encipherment algorithm encrypted original configuration file, include collection in original configuration file
Group's certificate.By by above-mentioned module and encryption configuration file together packing and issuing in the same installation kit, and then can with
It is directly disposed on the server at family.Certainly, in a particular embodiment, SSHDOCKER and other modules can separately be disposed,
Middle SSHDOCKER as client be responsible for receive user input and display execute as a result, and other modules and encryption are matched
Server end can be deployed in by setting file, and user passes through http (HyperText Transfer Protocol, Hyper text transfer
Agreement) it calls to call service interface;Can accomplish in this way core of the invention processing logic, key storage and user's physics every
From safer.
In the present embodiment, server obtains the order and executes instruction middle carrying when receiving order and executing instruction
Target container and pending order.
Whether step S20 judges the pending order in default dangerous list;
Then, judge the pending order whether in default dangerous list, wherein to include pre- in the default dangerous list
It include the order for forbidding executing in the default blacklist, presetting includes high risk in gray list if blacklist and default gray list
Order.
Step S30, if the pending order obtains corresponding with the target container not in default dangerous list
Target cluster, and obtain original configuration file corresponding with the target cluster;
If the pending order not in dangerous list, i.e., pending order is not in default blacklist and in default grey name
When in list, then target cluster corresponding with the target container is obtained, and obtain original configuration file corresponding with the target cluster.
By carrying out judgement filtering to pending order, can avoid user arbitrarily execute it is various there are the orders of risk, to influence to hold
The safety of device access.
Wherein, step " obtaining target cluster corresponding with the target container " includes:
Step a1 calls the query interface of preset configuration management database, to inquire the preset configuration management database
In mapping relations between the container and cluster that prestore;
The query interface of preset configuration management database is called, first to inquire the appearance prestored in preset configuration management database
Mapping relations between device and cluster, wherein configuration management database (Configuration Management Database,
CMDB), its various configuration information for equipment in storage management enterprise IT architecture, it and all service supports and service offering
Process is all closely linked, supports the operating of these processes, plays the value of configuration information, while guaranteeing number dependent on related procedure
According to accuracy;Mapping relations between container and cluster are many-to-one relationships.
Step a2 is obtained corresponding with the target container according to the mapping relations between the container and cluster prestored
Target cluster.
After inquiry gets the mapping relations between container and cluster, according to reflecting between the container prestored and cluster
Penetrate Relation acquisition target cluster corresponding with the target container.
In addition, step " obtaining original configuration file corresponding with the target cluster " includes:
Step b1 obtains encryption configuration file corresponding with the target cluster under predetermined directory;
In the present embodiment, to further increase safety, configuration file can be added by way of secondary encryption
It is close, so as to prevent user from filtering this process around command determination, it is directly obtained original configuration file, and then log in and hold
Device executes order.Specifically, add corresponding with the target cluster can be obtained under predetermined directory after getting target cluster
Close configuration file, wherein predetermined directory is the application peace of the command-line tool kubectl packed by way of secondary encryption
The corresponding installation directory of dress packet, which is based on the key and default symmetric encipherment algorithm generated at random in advance
Original configuration file is encrypted, default symmetric encipherment algorithm can be AES (Advanced Encryption
Standard, Advanced Encryption Standard) Encryption Algorithm, DES (Data Encryption Standard, data encryption standards) algorithm
Deng including cluster certificate in original configuration file.
Step b2 obtains key from pre-set code, and is decrypted by encryption configuration file described in the key pair,
Obtain original configuration file.
After getting encryption configuration file, key is obtained from pre-set code, and pass through key pair encryption configuration text
Part is decrypted, and obtains original configuration file.Wherein, which is by way of hard coded (hardcode) by key
Be written obtained in original code, hard coded be data are directly embedded into it is soft in the source code of program or other executable objects
Part Development Practice obtains data from from outside or generation data is different at runtime, and hard-coded data is typically only by editor
Source code is modified with executable file is recompilated, and key is written in code by this kind of mode, so that user can not obtain
The key is got, while this process can not be filtered around command determination and go to execute any order, so as to further ensure life
Enable the safety in implementation procedure.
Step S40 generates corresponding mesh according to the original configuration file, the target container and the pending order
Mark executes order, and target container described in the subcommand Telnet for passing through predetermined order row tool, executes the target and executes
Order.
After getting original configuration file, according to the original configuration file, target container and pending order generation pair
The target answered executes order, and then passes through the subcommand Telnet target container of predetermined order row tool, and performance objective is held
Line command.Wherein, which is chosen as kubectl tool, and subcommand is exec subcommand.Target is executed
The generation of order can fill original configuration file, target container and pending order into the corresponding position of preset characters string,
Order is executed to obtain target, which can be kubectl--kubeconfig=original configuration file exec mesh
Mark container --/bin/sh-c " pending order ".
Further, presetting dangerous list includes default blacklist and default gray list, after step S20, the order
Execution method further include:
Step A, if the pending order returns to refusal to corresponding user terminal and execute in the default blacklist
Prompt information;
After judging pending order whether in default dangerous list, if pending order is said in default blacklist
The bright pending order is forbidden executing, and then returns to the prompt information that refusal executes to corresponding user terminal at this time, and refuse
Execute the pending order.
Step B, if the pending order returns to indicating risk letter in the default gray list, to the user terminal
Breath, and when receiving the determination that user is returned based on the indicating risk information and executing instruction, executes step: acquisition with it is described
The corresponding target cluster of target container, and obtain original configuration file corresponding with the target cluster.
If the pending order in default gray list, illustrates that the pending order belongs to high risk order, at this point, need to
User prompts risk and user is required to carry out secondary-confirmation, specifically, indicating risk information can be returned to user terminal, wherein should
Indicating risk information includes the risk explanation of the pending order, further includes whether determining the option of execution, for user's progress
Selection.When receiving the determination that user is returned based on the indicating risk information and executing instruction, hold at this point, then obtaining with the target
The corresponding target cluster of device, and original configuration file corresponding with the target cluster is obtained, and then continue to execute subsequent step, have
Body implementation procedure can refer to the above process, not repeat herein.
It is also possible to apply the invention to be executed in the order implementation procedure of bank and other financial mechanism server receiving order
When instruction, obtain the order execute instruction middle carrying target container and pending order, then judge this it is pending order be
It is no in default dangerous list, if not existing, obtain target cluster corresponding with the target container and its original configuration file, most
Corresponding target is generated according to the original configuration file, target container and pending order afterwards and executes order, and then by preset
The subcommand Telnet target container of command-line tool, and performance objective executes order.The present invention passes through to pending order
Detection filtering is carried out, when confirming pending order devoid of risk, subsequent step can be executed, avoidable user arbitrarily executes any
Order, to can avoid being utilized the case where kubernetes loophole is attacked, therefore, the finance such as bank are can be improved in the present invention
Safety of the mechanism in order implementation procedure.
The embodiment of the present invention provides a kind of command executing method, when receiving order and executing instruction, obtains the order and holds
The target container carried in row instruction and pending order;The pending order is judged whether in default dangerous list, if should
Pending order then obtains target cluster corresponding with the target container not in dangerous list, and obtains and the target cluster
Corresponding original configuration file;Corresponding target is generated according to the original configuration file, target container and pending order to execute
Order, and then pass through the subcommand Telnet target container of predetermined order row tool, and performance objective executes order.By upper
Mode is stated, the embodiment of the present invention can do detection in advance to pending order and filter, can avoid user and arbitrarily execute various presence
The order of risk, and then avoid being utilized the case where kubernetes loophole is attacked, therefore, the embodiment of the present invention can be improved
Safety in order implementation procedure.
Further, it is based on first embodiment shown in Fig. 2, proposes the second embodiment of command executing method of the present invention.
In the present embodiment, the command executing method further include:
Step C generates corresponding record of the audit, and the record of the audit is stored to default audit database;Wherein, institute
The content for stating record of the audit includes at least the user for ordering the order of the receiving time executed instruction, triggering to execute instruction
Information, the target container, it is described it is pending order and the pending order judging result.
In the present embodiment, judge to pending order, and after obtaining judging result, produce corresponding audit
Record, then stores record of the audit into default audit database, in order to subsequent progress audit query analysis.Wherein, it examines
The content of meter record, which includes at least, orders the receiving time executed instruction, the information for triggering the user that the order executes instruction, mesh
The judging result of container, pending order and pending order is marked, it is, of course, also possible to include other information, for example, for pre-
If the pending order in gray list, whether recordable user carries out confirmation execution.
In the present embodiment, by generating and saving corresponding record of the audit, audit note can be called convenient for follow-up management personnel
Record, and carry out audit analysis.
Further, it is based on first embodiment shown in Fig. 2, proposes the second embodiment of command executing method of the present invention.
In the present embodiment, after above-mentioned steps S40, the command executing method further include:
Step D generates corresponding command execution results, and the command execution results are sent out after the completion of ordering execution
It send to corresponding user terminal.
In the present embodiment, after the completion of ordering execution, corresponding command execution results are produced, the command execution results
Including running succeeded or fail as a result, further including the output content after the completion of order executes, then, by the command execution results
It is sent to corresponding user terminal, that is, sends the terminal that the order executes request.By feedback command implementing result, user can be convenient for
Understand whether order runs succeeded, when running succeeded, the output content after the completion of order executes can be got.
The present invention also provides a kind of order executive devices.
It is the functional block diagram of order executive device first embodiment of the present invention referring to Fig. 3, Fig. 3.
As shown in figure 3, the order executive device includes:
First obtains module 10, executes instruction middle carrying for when receiving order and executing instruction, obtaining the order
Target container and pending order;
Command judging module 20, for judging the pending order whether in default dangerous list;
Second obtains module 30, if obtaining and the mesh not in default dangerous list for the pending order
The corresponding target cluster of container is marked, and obtains original configuration file corresponding with the target cluster;
Command execution module 40, for according to the original configuration file, the target container and the pending order
It generates corresponding target and executes order, and target container described in the subcommand Telnet for passing through predetermined order row tool, execute
The target executes order.
Further, the default dangerous list includes default blacklist and default gray list, the order executive device
Further include:
First cue module, if for the pending order in the default blacklist, to corresponding user terminal
Return to the prompt information that refusal executes;
Second cue module, if being returned in the default gray list to the user terminal for the pending order
Return air danger prompt information;
Described second obtains module 30, specifically in the determination for receiving user and being returned based on the indicating risk information
When executing instruction, step is executed: obtaining target cluster corresponding with the target container, and obtain corresponding with the target cluster
Original configuration file.
Further, the second acquisition module 30 includes:
First acquisition unit, for obtaining encryption configuration file corresponding with the target cluster under predetermined directory;
File decryption unit for obtaining key from pre-set code, and passes through the text of encryption configuration described in the key pair
Part is decrypted, and obtains original configuration file;
Wherein, the pre-set code is that the key is written obtained in original code by way of hard coded, described
Encryption configuration file is to be encrypted based on the key and default symmetric encipherment algorithm to the original configuration file.
Further, described second module 20 is obtained further include:
Relational query unit, for calling the query interface of preset configuration management database, to inquire the preset configuration
The mapping relations between container and cluster prestored in management database;
Second acquisition unit, the mapping relations between the container and cluster for prestoring according to obtain and the target
The corresponding target cluster of container.
Further, the order executive device further include:
Generation module is recorded, is stored for generating corresponding record of the audit, and by the record of the audit to default audit number
According to library;Wherein, the content of the record of the audit orders the order of the receiving time executed instruction, triggering to be held including at least described
The information of user of row instruction, the target container, the pending order and the pending order judging result.
Further, the order executive device further include:
Result-generation module, for order execute after the completion of, generate corresponding command execution results, and by the order
Implementing result is sent to corresponding user terminal.
Wherein, the function of modules is realized in mentioned order executive device and mentioned order executes in embodiment of the method respectively
Step is corresponding, and function and realization process no longer repeat one by one here.
The present invention also provides a kind of computer readable storage medium, order is stored on the computer readable storage medium and is held
Line program, the order execute the command executing method realized as described in any of the above item embodiment when program is executed by processor
The step of.
The specific embodiment of computer readable storage medium of the present invention executes the basic phase of each embodiment of method with mentioned order
Together, therefore not to repeat here.
It should be noted that, in this document, the terms "include", "comprise" or its any other variant are intended to non-row
His property includes, so that the process, method, article or the system that include a series of elements not only include those elements, and
And further include other elements that are not explicitly listed, or further include for this process, method, article or system institute it is intrinsic
Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including being somebody's turn to do
There is also other identical elements in the process, method of element, article or system.
The serial number of the above embodiments of the invention is only for description, does not represent the advantages or disadvantages of the embodiments.
Through the above description of the embodiments, those skilled in the art can be understood that above-described embodiment side
Method can be realized by means of software and necessary general hardware platform, naturally it is also possible to by hardware, but in many cases
The former is more preferably embodiment.Based on this understanding, technical solution of the present invention substantially in other words does the prior art
The part contributed out can be embodied in the form of software products, which is stored in one as described above
In storage medium (such as ROM/RAM, magnetic disk, CD), including some instructions are used so that terminal device (it can be mobile phone,
Computer, server, air conditioner or network equipment etc.) execute method described in each embodiment of the present invention.
The above is only a preferred embodiment of the present invention, is not intended to limit the scope of the invention, all to utilize this hair
Equivalent structure or equivalent flow shift made by bright specification and accompanying drawing content is applied directly or indirectly in other relevant skills
Art field, is included within the scope of the present invention.
Claims (10)
1. a kind of command executing method, which is characterized in that the command executing method includes:
When receiving order and executing instruction, obtains and described order the target container for executing instruction middle carrying and pending order;
Judge the pending order whether in default dangerous list;
If the pending order in default dangerous list, does not obtain target cluster corresponding with the target container, and
Obtain original configuration file corresponding with the target cluster;
Corresponding target, which is generated, according to the original configuration file, the target container and the pending order executes order,
And target container described in the subcommand Telnet for passing through predetermined order row tool, it executes the target and executes order.
2. command executing method as described in claim 1, which is characterized in that the default dangerous list includes default blacklist
It is described to judge the pending order whether after the step in default dangerous list with default gray list, further includes:
If the pending order returns to the prompt letter that refusal executes in the default blacklist, to corresponding user terminal
Breath;
If the pending order returns to indicating risk information to the user terminal in the default gray list, and is connecing
When receiving the determination that user is returned based on the indicating risk information and executing instruction, step is executed: obtaining and the target container
Corresponding target cluster, and obtain original configuration file corresponding with the target cluster.
3. command executing method as described in claim 1, which is characterized in that described to obtain original corresponding with the target cluster
The step of beginning configuration file includes:
Encryption configuration file corresponding with the target cluster is obtained under predetermined directory;
Key is obtained from pre-set code, and is decrypted by encryption configuration file described in the key pair, and original match is obtained
Set file.
4. command executing method as claimed in claim 3, which is characterized in that the pre-set code is by way of hard coded
The key is written obtained in original code, the encryption configuration file is based on the key and default symmetric encipherment algorithm
The original configuration file is encrypted.
5. command executing method as described in claim 1, which is characterized in that described to obtain mesh corresponding with the target container
Mark cluster the step of include:
The query interface of preset configuration management database is called, to inquire the container prestored in the preset configuration management database
Mapping relations between cluster;
Target cluster corresponding with the target container is obtained according to the mapping relations between the container and cluster prestored.
6. the command executing method as described in any one of claims 1 to 5, which is characterized in that the command executing method is also
Include:
Corresponding record of the audit is generated, and the record of the audit is stored to default audit database;Wherein, the record of the audit
Content include at least and described order the receiving time executed instruction, triggering are described to order the information of user executed instruction, institute
State the judging result of target container, the pending order and the pending order.
7. the command executing method as described in any one of claims 1 to 5, which is characterized in that the command executing method is also
Include:
Order execute after the completion of, generate corresponding command execution results, and the command execution results are sent to corresponding
User terminal.
8. a kind of order executive device, which is characterized in that the order executive device includes:
First obtains module, for when receiving order and executing instruction, obtaining the target ordered and execute instruction middle carrying
Container and pending order;
Command judging module, for judging the pending order whether in default dangerous list;
Second obtains module, if obtaining and the target container not in default dangerous list for the pending order
Corresponding target cluster, and obtain original configuration file corresponding with the target cluster;
Command execution module, for according to the original configuration file, the target container and the pending order generation pair
The target answered executes order, and target container described in the subcommand Telnet for passing through predetermined order row tool, executes the mesh
Mark executes order.
9. a kind of order executes equipment, which is characterized in that the order executes equipment and includes: memory, processor and be stored in
On the memory and the order that can run on the processor executes program, and the order execution program is by the processor
The step of command executing method as described in any one of claims 1 to 7 is realized when execution.
10. a kind of computer readable storage medium, which is characterized in that be stored with order on the computer readable storage medium and hold
Line program, the order, which executes, realizes that the order as described in any one of claims 1 to 7 executes when program is executed by processor
The step of method.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910513302.1A CN110245004A (en) | 2019-06-13 | 2019-06-13 | Command executing method, device, equipment and computer readable storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910513302.1A CN110245004A (en) | 2019-06-13 | 2019-06-13 | Command executing method, device, equipment and computer readable storage medium |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110245004A true CN110245004A (en) | 2019-09-17 |
Family
ID=67887010
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910513302.1A Pending CN110245004A (en) | 2019-06-13 | 2019-06-13 | Command executing method, device, equipment and computer readable storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110245004A (en) |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110795043A (en) * | 2019-10-29 | 2020-02-14 | 北京浪潮数据技术有限公司 | Distributed storage block zero setting method and device, electronic equipment and storage medium |
CN111641610A (en) * | 2020-05-19 | 2020-09-08 | 深信服科技股份有限公司 | Remote response and remote control method, device, equipment and storage medium |
CN111680288A (en) * | 2020-06-10 | 2020-09-18 | 深圳前海微众银行股份有限公司 | Command execution method, device and equipment for container and storage medium |
CN111984968A (en) * | 2020-09-07 | 2020-11-24 | 中国银行股份有限公司 | Command execution method and device |
CN111984237A (en) * | 2020-09-09 | 2020-11-24 | 苏州浪潮智能科技有限公司 | Method and device for reinforcing command line of white box switch operating system |
CN112346791A (en) * | 2020-11-25 | 2021-02-09 | 中盈优创资讯科技有限公司 | AAA-based dangerous command identification and shielding method and device |
CN112799722A (en) * | 2021-02-08 | 2021-05-14 | 联想(北京)有限公司 | Command recognition method, device, equipment and storage medium |
CN113849819A (en) * | 2021-09-24 | 2021-12-28 | 苏州浪潮智能科技有限公司 | Command line instruction processing method and device, computer equipment and storage medium |
CN113986390A (en) * | 2021-10-29 | 2022-01-28 | 烽火通信科技股份有限公司 | Configuration file generation method, device, equipment and readable storage medium |
CN114103988A (en) * | 2020-08-31 | 2022-03-01 | 奥迪股份公司 | Safety monitoring device, vehicle comprising same, and corresponding method, equipment and medium |
CN115208686A (en) * | 2022-07-29 | 2022-10-18 | 济南浪潮数据技术有限公司 | Web console and cluster access method, system, equipment and medium |
CN115563910A (en) * | 2022-11-24 | 2023-01-03 | 英诺达(成都)电子科技有限公司 | UPF command execution method, device, equipment and storage medium |
-
2019
- 2019-06-13 CN CN201910513302.1A patent/CN110245004A/en active Pending
Cited By (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110795043A (en) * | 2019-10-29 | 2020-02-14 | 北京浪潮数据技术有限公司 | Distributed storage block zero setting method and device, electronic equipment and storage medium |
CN110795043B (en) * | 2019-10-29 | 2023-06-06 | 北京浪潮数据技术有限公司 | Distributed storage block zeroing method and device, electronic equipment and storage medium |
CN111641610A (en) * | 2020-05-19 | 2020-09-08 | 深信服科技股份有限公司 | Remote response and remote control method, device, equipment and storage medium |
CN111641610B (en) * | 2020-05-19 | 2023-04-07 | 深信服科技股份有限公司 | Remote response and remote control method, device, equipment and storage medium |
CN111680288A (en) * | 2020-06-10 | 2020-09-18 | 深圳前海微众银行股份有限公司 | Command execution method, device and equipment for container and storage medium |
CN114103988B (en) * | 2020-08-31 | 2024-04-19 | 奥迪股份公司 | Safety monitoring device, vehicle comprising same, and corresponding method, device and medium |
CN114103988A (en) * | 2020-08-31 | 2022-03-01 | 奥迪股份公司 | Safety monitoring device, vehicle comprising same, and corresponding method, equipment and medium |
CN111984968A (en) * | 2020-09-07 | 2020-11-24 | 中国银行股份有限公司 | Command execution method and device |
CN111984237A (en) * | 2020-09-09 | 2020-11-24 | 苏州浪潮智能科技有限公司 | Method and device for reinforcing command line of white box switch operating system |
CN112346791A (en) * | 2020-11-25 | 2021-02-09 | 中盈优创资讯科技有限公司 | AAA-based dangerous command identification and shielding method and device |
CN112799722A (en) * | 2021-02-08 | 2021-05-14 | 联想(北京)有限公司 | Command recognition method, device, equipment and storage medium |
CN113849819A (en) * | 2021-09-24 | 2021-12-28 | 苏州浪潮智能科技有限公司 | Command line instruction processing method and device, computer equipment and storage medium |
CN113849819B (en) * | 2021-09-24 | 2023-07-14 | 苏州浪潮智能科技有限公司 | Method, device, computer equipment and storage medium for processing command line instruction |
CN113986390A (en) * | 2021-10-29 | 2022-01-28 | 烽火通信科技股份有限公司 | Configuration file generation method, device, equipment and readable storage medium |
CN113986390B (en) * | 2021-10-29 | 2024-01-26 | 烽火通信科技股份有限公司 | Method, device and equipment for generating configuration file and readable storage medium |
CN115208686A (en) * | 2022-07-29 | 2022-10-18 | 济南浪潮数据技术有限公司 | Web console and cluster access method, system, equipment and medium |
CN115563910B (en) * | 2022-11-24 | 2023-02-03 | 英诺达(成都)电子科技有限公司 | UPF command execution method, device, equipment and storage medium |
CN115563910A (en) * | 2022-11-24 | 2023-01-03 | 英诺达(成都)电子科技有限公司 | UPF command execution method, device, equipment and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110245004A (en) | Command executing method, device, equipment and computer readable storage medium | |
CN108595989B (en) | Mobile APP safety protection system and method under iOS | |
US9135434B2 (en) | System and method for third party creation of applications for mobile appliances | |
CN110365670A (en) | Blacklist sharing method, device, computer equipment and storage medium | |
CN111783124B (en) | Data processing method, device and server based on privacy protection | |
CN106055936B (en) | Executable program data packet encrypting/decrypting method and device | |
CN108537314A (en) | Product marketing system and method based on Quick Response Code | |
CN110932859B (en) | User information processing method, device and equipment and readable storage medium | |
CN106302606B (en) | Across the application access method and device of one kind | |
CN107294955B (en) | Electronic file encryption middleware control system and method | |
CN108965037A (en) | The acquisition and audit analysis method and device of safety test data | |
CN108449315A (en) | Ask calibration equipment, method and the computer readable storage medium of legitimacy | |
CN111488372A (en) | Data processing method, device and storage medium | |
CN110390184A (en) | For executing the method, apparatus and computer program product of application in cloud | |
CN110232286B (en) | E-commerce data chaining method and equipment applying intelligent contracts | |
CN110247918A (en) | Number cochain method and its equipment are shaken applied to block chain | |
CN112783847B (en) | Data sharing method and device | |
CN105577657A (en) | SSL/TLS algorithm suite expansion method | |
CN110602051B (en) | Information processing method based on consensus protocol and related device | |
CN116112172B (en) | Android client gRPC interface security verification method and device | |
CN110266699A (en) | Prize drawing data cochain method and its equipment applied to block chain | |
CN110266696A (en) | A kind of evaluation data cochain method and its equipment applied to block chain | |
CN115941279A (en) | Encryption and decryption method, system and equipment for user identification in data | |
KR101979320B1 (en) | System and Method for automatic generation and execution of encryption SQL statements using meta-information and enterprise framework | |
CN106648770B (en) | Generation method, loading method and device of application program installation package |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |