CN110245004A - Command executing method, device, equipment and computer readable storage medium - Google Patents

Command executing method, device, equipment and computer readable storage medium Download PDF

Info

Publication number
CN110245004A
CN110245004A CN201910513302.1A CN201910513302A CN110245004A CN 110245004 A CN110245004 A CN 110245004A CN 201910513302 A CN201910513302 A CN 201910513302A CN 110245004 A CN110245004 A CN 110245004A
Authority
CN
China
Prior art keywords
order
target
executes
configuration file
default
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910513302.1A
Other languages
Chinese (zh)
Inventor
卢道和
杨军
胡仲臣
周佳振
黎君
陈广镇
吴翼水
李焕
程志峰
李兴龙
汪晓雪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
WeBank Co Ltd
Original Assignee
WeBank Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by WeBank Co Ltd filed Critical WeBank Co Ltd
Priority to CN201910513302.1A priority Critical patent/CN110245004A/en
Publication of CN110245004A publication Critical patent/CN110245004A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45587Isolation or security of virtual machine instances
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45595Network integration; Enabling network access in virtual machine instances
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The present invention relates to the big data technical field of financial technology, a kind of command executing method, device, equipment and computer readable storage medium are disclosed.The command executing method includes: to obtain when receiving order and executing instruction and described order the target container for executing instruction middle carrying and pending order;Judge the pending order whether in default dangerous list;If the pending order in default dangerous list, does not obtain target cluster corresponding with the target container, and obtain original configuration file corresponding with the target cluster;Corresponding target is generated according to the original configuration file, the target container and the pending order and executes order, and target container described in the subcommand Telnet for passing through predetermined order row tool, is executed the target and is executed order.The present invention is able to solve the technical problem that safety is poor in order implementation procedure in the prior art.

Description

Command executing method, device, equipment and computer readable storage medium
Technical field
The present invention relates to the big data technical field of financial technology (Fintech) more particularly to a kind of command executing method, Device, equipment and computer readable storage medium.
Background technique
With the development of computer technology, more and more technology (big data, distribution, block chain Blockchain, people Work intelligence etc.) it applies in financial field, traditional financial industry gradually changes to financial technology (Fintech), but due to finance The safety of industry, requirement of real-time, also to technology, more stringent requirements are proposed.
Kubernetes is an Open Source Platform, for managing the application of the containerization in cloud platform in multiple main frames. Kubernetes can be well matched with hardware resource management and hardware resource scheduling for container application, and user can be according to Demand is by specific container allocation to specific Node (calculate node), thus using the hardware resource needed for it, thus To being widely applied, many Internet enterprises or financial institution are constructed in production environment based on Kubernetes at present Container cloud platform.Kubernetes provides command-line tool kubectl and its subcommand exec, for logging in container and interaction Formula executes order, however, existing and being utilized during exectorial since user can arbitrarily execute various orders The possibility that kubernetes loophole is attacked, it is poor so as to cause safety.
Summary of the invention
The main purpose of the present invention is to provide a kind of command executing method, device, equipment and computer-readable storage mediums Matter, it is intended to solve the technical problem that safety is poor in order implementation procedure in the prior art.
To achieve the above object, the present invention provides a kind of command executing method, and the command executing method includes:
When receiving order and executing instruction, obtains and described order the target container for executing instruction middle carrying and pending life It enables;
Judge the pending order whether in default dangerous list;
If the pending order in default dangerous list, does not obtain object set corresponding with the target container Group, and obtain original configuration file corresponding with the target cluster;
Corresponding target, which is generated, according to the original configuration file, the target container and the pending order executes life Target container described in the subcommand Telnet for enabling, and passing through predetermined order row tool, executes the target and executes order.
Optionally, the default dangerous list includes default blacklist and default gray list, and the judgement is described pending Whether order is after the step in default dangerous list, further includes:
If the pending order returns to the prompt that refusal executes to corresponding user terminal in the default blacklist Information;
If the pending order returns to indicating risk information in the default gray list, to the user terminal, and When receiving the determination that user is returned based on the indicating risk information and executing instruction, step is executed: obtaining and the target The corresponding target cluster of container, and obtain original configuration file corresponding with the target cluster.
Optionally, the step of acquisition original configuration file corresponding with the target cluster includes:
Encryption configuration file corresponding with the target cluster is obtained under predetermined directory;
Key is obtained from pre-set code, and is decrypted by encryption configuration file described in the key pair, and original is obtained Beginning configuration file.
Optionally, the pre-set code is that the key is written obtained in original code by way of hard coded, institute Stating encryption configuration file is to be encrypted to obtain to the original configuration file based on the key and default symmetric encipherment algorithm 's.
Optionally, the step of acquisition target cluster corresponding with the target container includes:
The query interface of preset configuration management database is called, is prestored in preset configuration management database with inquiring Mapping relations between container and cluster;
Object set corresponding with the target container is obtained according to the mapping relations between the container and cluster prestored Group.
Optionally, the command executing method further include:
Corresponding record of the audit is generated, and the record of the audit is stored to default audit database;Wherein, the audit The content of record includes at least the letter of the user for ordering the order of the receiving time executed instruction, triggering to execute instruction Breath, the target container, it is described it is pending order and the pending order judging result.
Optionally, the command executing method further include:
Order execute after the completion of, generate corresponding command execution results, and the command execution results are sent to pair The user terminal answered.
In addition, to achieve the above object, the present invention also provides a kind of order executive device, the order executive device packet It includes:
First obtains module, executes instruction middle carrying for when receiving order and executing instruction, obtaining the order Target container and pending order;
Command judging module, for judging the pending order whether in default dangerous list;
Second obtains module, if obtaining and the target not in default dangerous list for the pending order The corresponding target cluster of container, and obtain original configuration file corresponding with the target cluster;
Command execution module, for being given birth to according to the original configuration file, the target container and the pending order Order, and target container described in the subcommand Telnet for passing through predetermined order row tool are executed at corresponding target, executes institute It states target and executes order.
In addition, to achieve the above object, the present invention also provides a kind of orders to execute equipment, the order executes equipment packet Include: the order that memory, processor and being stored in can be run on the memory and on the processor executes program, described Order executes the step of realizing command executing method as described above when program is executed by the processor.
In addition, to achieve the above object, it is described computer-readable the present invention also provides a kind of computer readable storage medium It is stored with order on storage medium and executes program, the order, which executes, realizes order as described above when program is executed by processor The step of execution method.
The present invention provides a kind of command executing method, device, equipment and computer readable storage medium, is receiving order When executing instruction, obtain the order execute instruction middle carrying target container and pending order;Judging the pending order is It is no in default dangerous list, if the pending order obtains target corresponding with the target container not in dangerous list Cluster, and obtain original configuration file corresponding with the target cluster;According to the original configuration file, target container and pending Order generates corresponding target and executes order, and then passes through the subcommand Telnet target container of predetermined order row tool, and Performance objective executes order.It is filtered by the above-mentioned means, the present invention can do detection in advance to pending order, can avoid user Arbitrarily execute it is various there are the orders of risk, and then avoid being utilized the case where kubernetes loophole is attacked, therefore, this The safety in order implementation procedure can be improved in invention.
Detailed description of the invention
Fig. 1 is the device structure schematic diagram for the hardware running environment that the embodiment of the present invention is related to;
Fig. 2 is the flow diagram of command executing method first embodiment of the present invention;
Fig. 3 is the functional block diagram of order executive device first embodiment of the present invention.
The embodiments will be further described with reference to the accompanying drawings for the realization, the function and the advantages of the object of the present invention.
Specific embodiment
It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not intended to limit the present invention.
Referring to Fig.1, Fig. 1 is the device structure schematic diagram for the hardware running environment that the embodiment of the present invention is related to.
Order of the embodiment of the present invention execute equipment can be smart phone, be also possible to PC (Personal Computer, Personal computer), tablet computer, the terminal devices such as portable computer.
As shown in Figure 1, it may include: processor 1001, such as CPU, communication bus 1002, user that the order, which executes equipment, Interface 1003, network interface 1004, memory 1005.Wherein, communication bus 1002 is for realizing the connection between these components Communication.User interface 1003 may include display screen (Display), input unit such as keyboard (Keyboard), optional user Interface 1003 can also include standard wireline interface and wireless interface.Network interface 1004 optionally may include having for standard Line interface, wireless interface (such as Wi-Fi interface).Memory 1005 can be high speed RAM memory, be also possible to stable storage Device (non-volatile memory), such as magnetic disk storage.Memory 1005 optionally can also be independently of aforementioned processing The storage device of device 1001.
It does not constitute it will be understood by those skilled in the art that order shown in Fig. 1 executes device structure to order execution The restriction of equipment may include perhaps combining certain components or different component cloth than illustrating more or fewer components It sets.
As shown in Figure 1, as may include that operating system, network are logical in a kind of memory 1005 of computer storage medium Believe that module, Subscriber Interface Module SIM and order execute program.
In terminal shown in Fig. 1, network interface 1004 is mainly used for connecting background server, carries out with background server Data communication;User interface 1003 is mainly used for connecting client, carries out data communication with client;And processor 1001 can be with For calling the order stored in memory 1005 to execute program, and execute following operation:
When receiving order and executing instruction, obtains and described order the target container for executing instruction middle carrying and pending life It enables;
Judge the pending order whether in default dangerous list;
If the pending order in default dangerous list, does not obtain object set corresponding with the target container Group, and obtain original configuration file corresponding with the target cluster;
Corresponding target, which is generated, according to the original configuration file, the target container and the pending order executes life Target container described in the subcommand Telnet for enabling, and passing through predetermined order row tool, executes the target and executes order.
Further, the default dangerous list includes that default blacklist and default gray list, processor 1001 can be adjusted Program is executed with the order stored in memory 1005, also executes following operation:
If the pending order returns to the prompt that refusal executes to corresponding user terminal in the default blacklist Information;
If the pending order returns to indicating risk information in the default gray list, to the user terminal, and When receiving the determination that user is returned based on the indicating risk information and executing instruction, step is executed: obtaining and the target The corresponding target cluster of container, and obtain original configuration file corresponding with the target cluster.
Further, processor 1001 can call the order stored in memory 1005 to execute program, also execute following Operation:
Encryption configuration file corresponding with the target cluster is obtained under predetermined directory;
Key is obtained from pre-set code, and is decrypted by encryption configuration file described in the key pair, and original is obtained Beginning configuration file.
Further, the pre-set code is that the key is written obtained in original code by way of hard coded, The encryption configuration file is encrypt to the original configuration file based on the key and default symmetric encipherment algorithm It arrives.
Further, processor 1001 can call the order stored in memory 1005 to execute program, also execute following Operation:
The query interface of preset configuration management database is called, is prestored in preset configuration management database with inquiring Mapping relations between container and cluster;
Object set corresponding with the target container is obtained according to the mapping relations between the container and cluster prestored Group.
Further, the default dangerous list includes that default blacklist and default gray list, processor 1001 can be adjusted Program is executed with the order stored in memory 1005, also executes following operation:
Corresponding record of the audit is generated, and the record of the audit is stored to default audit database;Wherein, the audit The content of record includes at least the letter of the user for ordering the order of the receiving time executed instruction, triggering to execute instruction Breath, the target container, it is described it is pending order and the pending order judging result.
Further, the default dangerous list includes that default blacklist and default gray list, processor 1001 can be adjusted Program is executed with the order stored in memory 1005, also executes following operation:
Order execute after the completion of, generate corresponding command execution results, and the command execution results are sent to pair The user terminal answered.
Based on above-mentioned hardware configuration, each embodiment of command executing method of the present invention is proposed.
The present invention provides a kind of command executing method.
It is the flow diagram of command executing method first embodiment of the present invention referring to Fig. 2, Fig. 2.
In the present embodiment, which includes:
Step S10, when receiving order and executing instruction, obtain it is described order the target container for executing instruction middle carrying and Pending order;
The command executing method of the present embodiment is to execute equipment by order to realize that the deployed with devices has through secondary encryption The command-line tool kubectl that packs of mode, which is illustrated by taking server as an example.Wherein, secondary encryption should be passed through The kubectl tool packed of mode, it may include user interface SSHDOCKER, order filtering module, Audit Module, collection mass selection Select module, deciphering module, execution module and encryption configuration file, wherein SSHDOCKER is used to receive the input of user and incites somebody to action Implementing result shows user, includes key in the source code of SSHDOCKER, order filtering module be used for receive to It executes order and carries out detection filtering, the content that Audit Module is used to call is stored in default audit database, cluster selecting module Corresponding target cluster is got for inquiring according to target container into preset configuration management database, deciphering module is used for root Corresponding encryption configuration file is selected according to object set mass selection and encryption configuration file is decrypted, and execution module is executed for target Command execution results are simultaneously returned to SSHDOCKER by the execution of order, which is based on generating at random in advance What key and default symmetric encipherment algorithm encrypted original configuration file, include collection in original configuration file Group's certificate.By by above-mentioned module and encryption configuration file together packing and issuing in the same installation kit, and then can with It is directly disposed on the server at family.Certainly, in a particular embodiment, SSHDOCKER and other modules can separately be disposed, Middle SSHDOCKER as client be responsible for receive user input and display execute as a result, and other modules and encryption are matched Server end can be deployed in by setting file, and user passes through http (HyperText Transfer Protocol, Hyper text transfer Agreement) it calls to call service interface;Can accomplish in this way core of the invention processing logic, key storage and user's physics every From safer.
In the present embodiment, server obtains the order and executes instruction middle carrying when receiving order and executing instruction Target container and pending order.
Whether step S20 judges the pending order in default dangerous list;
Then, judge the pending order whether in default dangerous list, wherein to include pre- in the default dangerous list It include the order for forbidding executing in the default blacklist, presetting includes high risk in gray list if blacklist and default gray list Order.
Step S30, if the pending order obtains corresponding with the target container not in default dangerous list Target cluster, and obtain original configuration file corresponding with the target cluster;
If the pending order not in dangerous list, i.e., pending order is not in default blacklist and in default grey name When in list, then target cluster corresponding with the target container is obtained, and obtain original configuration file corresponding with the target cluster. By carrying out judgement filtering to pending order, can avoid user arbitrarily execute it is various there are the orders of risk, to influence to hold The safety of device access.
Wherein, step " obtaining target cluster corresponding with the target container " includes:
Step a1 calls the query interface of preset configuration management database, to inquire the preset configuration management database In mapping relations between the container and cluster that prestore;
The query interface of preset configuration management database is called, first to inquire the appearance prestored in preset configuration management database Mapping relations between device and cluster, wherein configuration management database (Configuration Management Database, CMDB), its various configuration information for equipment in storage management enterprise IT architecture, it and all service supports and service offering Process is all closely linked, supports the operating of these processes, plays the value of configuration information, while guaranteeing number dependent on related procedure According to accuracy;Mapping relations between container and cluster are many-to-one relationships.
Step a2 is obtained corresponding with the target container according to the mapping relations between the container and cluster prestored Target cluster.
After inquiry gets the mapping relations between container and cluster, according to reflecting between the container prestored and cluster Penetrate Relation acquisition target cluster corresponding with the target container.
In addition, step " obtaining original configuration file corresponding with the target cluster " includes:
Step b1 obtains encryption configuration file corresponding with the target cluster under predetermined directory;
In the present embodiment, to further increase safety, configuration file can be added by way of secondary encryption It is close, so as to prevent user from filtering this process around command determination, it is directly obtained original configuration file, and then log in and hold Device executes order.Specifically, add corresponding with the target cluster can be obtained under predetermined directory after getting target cluster Close configuration file, wherein predetermined directory is the application peace of the command-line tool kubectl packed by way of secondary encryption The corresponding installation directory of dress packet, which is based on the key and default symmetric encipherment algorithm generated at random in advance Original configuration file is encrypted, default symmetric encipherment algorithm can be AES (Advanced Encryption Standard, Advanced Encryption Standard) Encryption Algorithm, DES (Data Encryption Standard, data encryption standards) algorithm Deng including cluster certificate in original configuration file.
Step b2 obtains key from pre-set code, and is decrypted by encryption configuration file described in the key pair, Obtain original configuration file.
After getting encryption configuration file, key is obtained from pre-set code, and pass through key pair encryption configuration text Part is decrypted, and obtains original configuration file.Wherein, which is by way of hard coded (hardcode) by key Be written obtained in original code, hard coded be data are directly embedded into it is soft in the source code of program or other executable objects Part Development Practice obtains data from from outside or generation data is different at runtime, and hard-coded data is typically only by editor Source code is modified with executable file is recompilated, and key is written in code by this kind of mode, so that user can not obtain The key is got, while this process can not be filtered around command determination and go to execute any order, so as to further ensure life Enable the safety in implementation procedure.
Step S40 generates corresponding mesh according to the original configuration file, the target container and the pending order Mark executes order, and target container described in the subcommand Telnet for passing through predetermined order row tool, executes the target and executes Order.
After getting original configuration file, according to the original configuration file, target container and pending order generation pair The target answered executes order, and then passes through the subcommand Telnet target container of predetermined order row tool, and performance objective is held Line command.Wherein, which is chosen as kubectl tool, and subcommand is exec subcommand.Target is executed The generation of order can fill original configuration file, target container and pending order into the corresponding position of preset characters string, Order is executed to obtain target, which can be kubectl--kubeconfig=original configuration file exec mesh Mark container --/bin/sh-c " pending order ".
Further, presetting dangerous list includes default blacklist and default gray list, after step S20, the order Execution method further include:
Step A, if the pending order returns to refusal to corresponding user terminal and execute in the default blacklist Prompt information;
After judging pending order whether in default dangerous list, if pending order is said in default blacklist The bright pending order is forbidden executing, and then returns to the prompt information that refusal executes to corresponding user terminal at this time, and refuse Execute the pending order.
Step B, if the pending order returns to indicating risk letter in the default gray list, to the user terminal Breath, and when receiving the determination that user is returned based on the indicating risk information and executing instruction, executes step: acquisition with it is described The corresponding target cluster of target container, and obtain original configuration file corresponding with the target cluster.
If the pending order in default gray list, illustrates that the pending order belongs to high risk order, at this point, need to User prompts risk and user is required to carry out secondary-confirmation, specifically, indicating risk information can be returned to user terminal, wherein should Indicating risk information includes the risk explanation of the pending order, further includes whether determining the option of execution, for user's progress Selection.When receiving the determination that user is returned based on the indicating risk information and executing instruction, hold at this point, then obtaining with the target The corresponding target cluster of device, and original configuration file corresponding with the target cluster is obtained, and then continue to execute subsequent step, have Body implementation procedure can refer to the above process, not repeat herein.
It is also possible to apply the invention to be executed in the order implementation procedure of bank and other financial mechanism server receiving order When instruction, obtain the order execute instruction middle carrying target container and pending order, then judge this it is pending order be It is no in default dangerous list, if not existing, obtain target cluster corresponding with the target container and its original configuration file, most Corresponding target is generated according to the original configuration file, target container and pending order afterwards and executes order, and then by preset The subcommand Telnet target container of command-line tool, and performance objective executes order.The present invention passes through to pending order Detection filtering is carried out, when confirming pending order devoid of risk, subsequent step can be executed, avoidable user arbitrarily executes any Order, to can avoid being utilized the case where kubernetes loophole is attacked, therefore, the finance such as bank are can be improved in the present invention Safety of the mechanism in order implementation procedure.
The embodiment of the present invention provides a kind of command executing method, when receiving order and executing instruction, obtains the order and holds The target container carried in row instruction and pending order;The pending order is judged whether in default dangerous list, if should Pending order then obtains target cluster corresponding with the target container not in dangerous list, and obtains and the target cluster Corresponding original configuration file;Corresponding target is generated according to the original configuration file, target container and pending order to execute Order, and then pass through the subcommand Telnet target container of predetermined order row tool, and performance objective executes order.By upper Mode is stated, the embodiment of the present invention can do detection in advance to pending order and filter, can avoid user and arbitrarily execute various presence The order of risk, and then avoid being utilized the case where kubernetes loophole is attacked, therefore, the embodiment of the present invention can be improved Safety in order implementation procedure.
Further, it is based on first embodiment shown in Fig. 2, proposes the second embodiment of command executing method of the present invention.
In the present embodiment, the command executing method further include:
Step C generates corresponding record of the audit, and the record of the audit is stored to default audit database;Wherein, institute The content for stating record of the audit includes at least the user for ordering the order of the receiving time executed instruction, triggering to execute instruction Information, the target container, it is described it is pending order and the pending order judging result.
In the present embodiment, judge to pending order, and after obtaining judging result, produce corresponding audit Record, then stores record of the audit into default audit database, in order to subsequent progress audit query analysis.Wherein, it examines The content of meter record, which includes at least, orders the receiving time executed instruction, the information for triggering the user that the order executes instruction, mesh The judging result of container, pending order and pending order is marked, it is, of course, also possible to include other information, for example, for pre- If the pending order in gray list, whether recordable user carries out confirmation execution.
In the present embodiment, by generating and saving corresponding record of the audit, audit note can be called convenient for follow-up management personnel Record, and carry out audit analysis.
Further, it is based on first embodiment shown in Fig. 2, proposes the second embodiment of command executing method of the present invention.
In the present embodiment, after above-mentioned steps S40, the command executing method further include:
Step D generates corresponding command execution results, and the command execution results are sent out after the completion of ordering execution It send to corresponding user terminal.
In the present embodiment, after the completion of ordering execution, corresponding command execution results are produced, the command execution results Including running succeeded or fail as a result, further including the output content after the completion of order executes, then, by the command execution results It is sent to corresponding user terminal, that is, sends the terminal that the order executes request.By feedback command implementing result, user can be convenient for Understand whether order runs succeeded, when running succeeded, the output content after the completion of order executes can be got.
The present invention also provides a kind of order executive devices.
It is the functional block diagram of order executive device first embodiment of the present invention referring to Fig. 3, Fig. 3.
As shown in figure 3, the order executive device includes:
First obtains module 10, executes instruction middle carrying for when receiving order and executing instruction, obtaining the order Target container and pending order;
Command judging module 20, for judging the pending order whether in default dangerous list;
Second obtains module 30, if obtaining and the mesh not in default dangerous list for the pending order The corresponding target cluster of container is marked, and obtains original configuration file corresponding with the target cluster;
Command execution module 40, for according to the original configuration file, the target container and the pending order It generates corresponding target and executes order, and target container described in the subcommand Telnet for passing through predetermined order row tool, execute The target executes order.
Further, the default dangerous list includes default blacklist and default gray list, the order executive device Further include:
First cue module, if for the pending order in the default blacklist, to corresponding user terminal Return to the prompt information that refusal executes;
Second cue module, if being returned in the default gray list to the user terminal for the pending order Return air danger prompt information;
Described second obtains module 30, specifically in the determination for receiving user and being returned based on the indicating risk information When executing instruction, step is executed: obtaining target cluster corresponding with the target container, and obtain corresponding with the target cluster Original configuration file.
Further, the second acquisition module 30 includes:
First acquisition unit, for obtaining encryption configuration file corresponding with the target cluster under predetermined directory;
File decryption unit for obtaining key from pre-set code, and passes through the text of encryption configuration described in the key pair Part is decrypted, and obtains original configuration file;
Wherein, the pre-set code is that the key is written obtained in original code by way of hard coded, described Encryption configuration file is to be encrypted based on the key and default symmetric encipherment algorithm to the original configuration file.
Further, described second module 20 is obtained further include:
Relational query unit, for calling the query interface of preset configuration management database, to inquire the preset configuration The mapping relations between container and cluster prestored in management database;
Second acquisition unit, the mapping relations between the container and cluster for prestoring according to obtain and the target The corresponding target cluster of container.
Further, the order executive device further include:
Generation module is recorded, is stored for generating corresponding record of the audit, and by the record of the audit to default audit number According to library;Wherein, the content of the record of the audit orders the order of the receiving time executed instruction, triggering to be held including at least described The information of user of row instruction, the target container, the pending order and the pending order judging result.
Further, the order executive device further include:
Result-generation module, for order execute after the completion of, generate corresponding command execution results, and by the order Implementing result is sent to corresponding user terminal.
Wherein, the function of modules is realized in mentioned order executive device and mentioned order executes in embodiment of the method respectively Step is corresponding, and function and realization process no longer repeat one by one here.
The present invention also provides a kind of computer readable storage medium, order is stored on the computer readable storage medium and is held Line program, the order execute the command executing method realized as described in any of the above item embodiment when program is executed by processor The step of.
The specific embodiment of computer readable storage medium of the present invention executes the basic phase of each embodiment of method with mentioned order Together, therefore not to repeat here.
It should be noted that, in this document, the terms "include", "comprise" or its any other variant are intended to non-row His property includes, so that the process, method, article or the system that include a series of elements not only include those elements, and And further include other elements that are not explicitly listed, or further include for this process, method, article or system institute it is intrinsic Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including being somebody's turn to do There is also other identical elements in the process, method of element, article or system.
The serial number of the above embodiments of the invention is only for description, does not represent the advantages or disadvantages of the embodiments.
Through the above description of the embodiments, those skilled in the art can be understood that above-described embodiment side Method can be realized by means of software and necessary general hardware platform, naturally it is also possible to by hardware, but in many cases The former is more preferably embodiment.Based on this understanding, technical solution of the present invention substantially in other words does the prior art The part contributed out can be embodied in the form of software products, which is stored in one as described above In storage medium (such as ROM/RAM, magnetic disk, CD), including some instructions are used so that terminal device (it can be mobile phone, Computer, server, air conditioner or network equipment etc.) execute method described in each embodiment of the present invention.
The above is only a preferred embodiment of the present invention, is not intended to limit the scope of the invention, all to utilize this hair Equivalent structure or equivalent flow shift made by bright specification and accompanying drawing content is applied directly or indirectly in other relevant skills Art field, is included within the scope of the present invention.

Claims (10)

1. a kind of command executing method, which is characterized in that the command executing method includes:
When receiving order and executing instruction, obtains and described order the target container for executing instruction middle carrying and pending order;
Judge the pending order whether in default dangerous list;
If the pending order in default dangerous list, does not obtain target cluster corresponding with the target container, and Obtain original configuration file corresponding with the target cluster;
Corresponding target, which is generated, according to the original configuration file, the target container and the pending order executes order, And target container described in the subcommand Telnet for passing through predetermined order row tool, it executes the target and executes order.
2. command executing method as described in claim 1, which is characterized in that the default dangerous list includes default blacklist It is described to judge the pending order whether after the step in default dangerous list with default gray list, further includes:
If the pending order returns to the prompt letter that refusal executes in the default blacklist, to corresponding user terminal Breath;
If the pending order returns to indicating risk information to the user terminal in the default gray list, and is connecing When receiving the determination that user is returned based on the indicating risk information and executing instruction, step is executed: obtaining and the target container Corresponding target cluster, and obtain original configuration file corresponding with the target cluster.
3. command executing method as described in claim 1, which is characterized in that described to obtain original corresponding with the target cluster The step of beginning configuration file includes:
Encryption configuration file corresponding with the target cluster is obtained under predetermined directory;
Key is obtained from pre-set code, and is decrypted by encryption configuration file described in the key pair, and original match is obtained Set file.
4. command executing method as claimed in claim 3, which is characterized in that the pre-set code is by way of hard coded The key is written obtained in original code, the encryption configuration file is based on the key and default symmetric encipherment algorithm The original configuration file is encrypted.
5. command executing method as described in claim 1, which is characterized in that described to obtain mesh corresponding with the target container Mark cluster the step of include:
The query interface of preset configuration management database is called, to inquire the container prestored in the preset configuration management database Mapping relations between cluster;
Target cluster corresponding with the target container is obtained according to the mapping relations between the container and cluster prestored.
6. the command executing method as described in any one of claims 1 to 5, which is characterized in that the command executing method is also Include:
Corresponding record of the audit is generated, and the record of the audit is stored to default audit database;Wherein, the record of the audit Content include at least and described order the receiving time executed instruction, triggering are described to order the information of user executed instruction, institute State the judging result of target container, the pending order and the pending order.
7. the command executing method as described in any one of claims 1 to 5, which is characterized in that the command executing method is also Include:
Order execute after the completion of, generate corresponding command execution results, and the command execution results are sent to corresponding User terminal.
8. a kind of order executive device, which is characterized in that the order executive device includes:
First obtains module, for when receiving order and executing instruction, obtaining the target ordered and execute instruction middle carrying Container and pending order;
Command judging module, for judging the pending order whether in default dangerous list;
Second obtains module, if obtaining and the target container not in default dangerous list for the pending order Corresponding target cluster, and obtain original configuration file corresponding with the target cluster;
Command execution module, for according to the original configuration file, the target container and the pending order generation pair The target answered executes order, and target container described in the subcommand Telnet for passing through predetermined order row tool, executes the mesh Mark executes order.
9. a kind of order executes equipment, which is characterized in that the order executes equipment and includes: memory, processor and be stored in On the memory and the order that can run on the processor executes program, and the order execution program is by the processor The step of command executing method as described in any one of claims 1 to 7 is realized when execution.
10. a kind of computer readable storage medium, which is characterized in that be stored with order on the computer readable storage medium and hold Line program, the order, which executes, realizes that the order as described in any one of claims 1 to 7 executes when program is executed by processor The step of method.
CN201910513302.1A 2019-06-13 2019-06-13 Command executing method, device, equipment and computer readable storage medium Pending CN110245004A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910513302.1A CN110245004A (en) 2019-06-13 2019-06-13 Command executing method, device, equipment and computer readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910513302.1A CN110245004A (en) 2019-06-13 2019-06-13 Command executing method, device, equipment and computer readable storage medium

Publications (1)

Publication Number Publication Date
CN110245004A true CN110245004A (en) 2019-09-17

Family

ID=67887010

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910513302.1A Pending CN110245004A (en) 2019-06-13 2019-06-13 Command executing method, device, equipment and computer readable storage medium

Country Status (1)

Country Link
CN (1) CN110245004A (en)

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110795043A (en) * 2019-10-29 2020-02-14 北京浪潮数据技术有限公司 Distributed storage block zero setting method and device, electronic equipment and storage medium
CN111641610A (en) * 2020-05-19 2020-09-08 深信服科技股份有限公司 Remote response and remote control method, device, equipment and storage medium
CN111680288A (en) * 2020-06-10 2020-09-18 深圳前海微众银行股份有限公司 Command execution method, device and equipment for container and storage medium
CN111984968A (en) * 2020-09-07 2020-11-24 中国银行股份有限公司 Command execution method and device
CN111984237A (en) * 2020-09-09 2020-11-24 苏州浪潮智能科技有限公司 Method and device for reinforcing command line of white box switch operating system
CN112346791A (en) * 2020-11-25 2021-02-09 中盈优创资讯科技有限公司 AAA-based dangerous command identification and shielding method and device
CN112799722A (en) * 2021-02-08 2021-05-14 联想(北京)有限公司 Command recognition method, device, equipment and storage medium
CN113849819A (en) * 2021-09-24 2021-12-28 苏州浪潮智能科技有限公司 Command line instruction processing method and device, computer equipment and storage medium
CN113986390A (en) * 2021-10-29 2022-01-28 烽火通信科技股份有限公司 Configuration file generation method, device, equipment and readable storage medium
CN114103988A (en) * 2020-08-31 2022-03-01 奥迪股份公司 Safety monitoring device, vehicle comprising same, and corresponding method, equipment and medium
CN115208686A (en) * 2022-07-29 2022-10-18 济南浪潮数据技术有限公司 Web console and cluster access method, system, equipment and medium
CN115563910A (en) * 2022-11-24 2023-01-03 英诺达(成都)电子科技有限公司 UPF command execution method, device, equipment and storage medium

Cited By (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110795043A (en) * 2019-10-29 2020-02-14 北京浪潮数据技术有限公司 Distributed storage block zero setting method and device, electronic equipment and storage medium
CN110795043B (en) * 2019-10-29 2023-06-06 北京浪潮数据技术有限公司 Distributed storage block zeroing method and device, electronic equipment and storage medium
CN111641610A (en) * 2020-05-19 2020-09-08 深信服科技股份有限公司 Remote response and remote control method, device, equipment and storage medium
CN111641610B (en) * 2020-05-19 2023-04-07 深信服科技股份有限公司 Remote response and remote control method, device, equipment and storage medium
CN111680288A (en) * 2020-06-10 2020-09-18 深圳前海微众银行股份有限公司 Command execution method, device and equipment for container and storage medium
CN114103988B (en) * 2020-08-31 2024-04-19 奥迪股份公司 Safety monitoring device, vehicle comprising same, and corresponding method, device and medium
CN114103988A (en) * 2020-08-31 2022-03-01 奥迪股份公司 Safety monitoring device, vehicle comprising same, and corresponding method, equipment and medium
CN111984968A (en) * 2020-09-07 2020-11-24 中国银行股份有限公司 Command execution method and device
CN111984237A (en) * 2020-09-09 2020-11-24 苏州浪潮智能科技有限公司 Method and device for reinforcing command line of white box switch operating system
CN112346791A (en) * 2020-11-25 2021-02-09 中盈优创资讯科技有限公司 AAA-based dangerous command identification and shielding method and device
CN112799722A (en) * 2021-02-08 2021-05-14 联想(北京)有限公司 Command recognition method, device, equipment and storage medium
CN113849819A (en) * 2021-09-24 2021-12-28 苏州浪潮智能科技有限公司 Command line instruction processing method and device, computer equipment and storage medium
CN113849819B (en) * 2021-09-24 2023-07-14 苏州浪潮智能科技有限公司 Method, device, computer equipment and storage medium for processing command line instruction
CN113986390A (en) * 2021-10-29 2022-01-28 烽火通信科技股份有限公司 Configuration file generation method, device, equipment and readable storage medium
CN113986390B (en) * 2021-10-29 2024-01-26 烽火通信科技股份有限公司 Method, device and equipment for generating configuration file and readable storage medium
CN115208686A (en) * 2022-07-29 2022-10-18 济南浪潮数据技术有限公司 Web console and cluster access method, system, equipment and medium
CN115563910B (en) * 2022-11-24 2023-02-03 英诺达(成都)电子科技有限公司 UPF command execution method, device, equipment and storage medium
CN115563910A (en) * 2022-11-24 2023-01-03 英诺达(成都)电子科技有限公司 UPF command execution method, device, equipment and storage medium

Similar Documents

Publication Publication Date Title
CN110245004A (en) Command executing method, device, equipment and computer readable storage medium
CN108595989B (en) Mobile APP safety protection system and method under iOS
US9135434B2 (en) System and method for third party creation of applications for mobile appliances
CN110365670A (en) Blacklist sharing method, device, computer equipment and storage medium
CN111783124B (en) Data processing method, device and server based on privacy protection
CN106055936B (en) Executable program data packet encrypting/decrypting method and device
CN108537314A (en) Product marketing system and method based on Quick Response Code
CN110932859B (en) User information processing method, device and equipment and readable storage medium
CN106302606B (en) Across the application access method and device of one kind
CN107294955B (en) Electronic file encryption middleware control system and method
CN108965037A (en) The acquisition and audit analysis method and device of safety test data
CN108449315A (en) Ask calibration equipment, method and the computer readable storage medium of legitimacy
CN111488372A (en) Data processing method, device and storage medium
CN110390184A (en) For executing the method, apparatus and computer program product of application in cloud
CN110232286B (en) E-commerce data chaining method and equipment applying intelligent contracts
CN110247918A (en) Number cochain method and its equipment are shaken applied to block chain
CN112783847B (en) Data sharing method and device
CN105577657A (en) SSL/TLS algorithm suite expansion method
CN110602051B (en) Information processing method based on consensus protocol and related device
CN116112172B (en) Android client gRPC interface security verification method and device
CN110266699A (en) Prize drawing data cochain method and its equipment applied to block chain
CN110266696A (en) A kind of evaluation data cochain method and its equipment applied to block chain
CN115941279A (en) Encryption and decryption method, system and equipment for user identification in data
KR101979320B1 (en) System and Method for automatic generation and execution of encryption SQL statements using meta-information and enterprise framework
CN106648770B (en) Generation method, loading method and device of application program installation package

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination