CN110278123A - Inspection method, device, electronic equipment and readable storage medium storing program for executing - Google Patents
Inspection method, device, electronic equipment and readable storage medium storing program for executing Download PDFInfo
- Publication number
- CN110278123A CN110278123A CN201910391693.4A CN201910391693A CN110278123A CN 110278123 A CN110278123 A CN 110278123A CN 201910391693 A CN201910391693 A CN 201910391693A CN 110278123 A CN110278123 A CN 110278123A
- Authority
- CN
- China
- Prior art keywords
- rule
- parameter
- equipment
- regularity
- under test
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Environmental & Geological Engineering (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Present disclose provides a kind of inspection method, device, electronic equipment and readable storage medium storing program for executing, wherein this method comprises: identifying at least one inspection task, the task that checks includes tested type and tested rule, and being tested rule includes parameter of regularity;The extraction instruction for carrying the extracting rule of parameter of regularity, and the extracting rule according to parameter of regularity are received, the parameter value for the parameter of regularity being arranged on the tested corresponding equipment under test of type is extracted;The parameter value that parameter of regularity in tested rule is replaced with to parameter of regularity, generates the corresponding tested rule of each equipment under test;For each equipment under test, the equipment Regulation being arranged on equipment under test tested rule match whether corresponding with equipment under test is judged.The above method, which is realized, adjusts the regular scope of examination according to the actual disposition dynamic of equipment under test, goes artificially to adjust Rule content without the difference according to equipment, realizes dynamic conjunction rule and checks, improves the flexibility for closing rule inspection.
Description
Technical field
This disclosure relates to network operation security technology area, and in particular to a kind of inspection method, device, electronic equipment and can
Read storage medium.
Background technique
It in terms of network operation safety, therefore needs to do equipment conjunction rule and checks, to guarantee that network is located for a long time
In a safe and stable running environment.It closes rule and checks to include to the inspection of equipment/interface loop, equipment access configuration inspection
Deng.Many webmastering softwares (such as IMC intelligent management platform), which provide, at present closes rule audit function, there are conjunction rule and checks flexibly
The low problem of property.
Summary of the invention
Based on this, the embodiment of the present disclosure provides a kind of inspection method, device, electronic equipment and readable storage medium storing program for executing, with
Solve the problems, such as that closing rule in the prior art checks that flexibility is low.
According in a first aspect, the embodiment of the present disclosure provides a kind of inspection method, comprising: identify that at least one is checked and appoint
Business, the inspection task include tested type and tested rule, and the tested rule includes parameter of regularity;It receives described in carrying
The extraction of the extracting rule of parameter of regularity instructs, and the extracting rule according to the parameter of regularity, extracts the tested type pair
The parameter value for the parameter of regularity being arranged on the equipment under test answered;The parameter of regularity in the tested rule is replaced with
The parameter value of the parameter of regularity generates the corresponding tested rule of each equipment under test;For each equipment under test, the quilt is judged
The equipment Regulation being arranged on measurement equipment tested rule match whether corresponding with the equipment under test.
Optionally, the tested type includes interface level inspect-type, facility level inspect-type and link rank
At least one of inspect-type;Then the corresponding equipment under test of the tested type includes interface level inspect-type connecing of including
The equipment that the equipment and link rank inspect-type that equipment, facility level inspect-type belonging to mouthful include include.
Optionally, judge whether the equipment Regulation being arranged on the equipment under test is corresponding with the equipment under test by gauge
It then matches, comprising: according to the parameter of regularity, searched in the configuration rule of the equipment under test corresponding with the parameter of regularity
Equipment Regulation;Judge the occurrence for the equipment Regulation being arranged on equipment under test quilt whether corresponding with the equipment under test
Gauge then in occurrence it is completely the same.
Optionally, described according to the parameter of regularity, it is searched and the rule in the configuration rule of the equipment under test
The corresponding equipment Regulation of parameter, comprising: according to the parameter of regularity, determine it is corresponding with the parameter of regularity start to identify and
End of identification;It is extracted in the configuration rule of the equipment under test and starts mark and end of identification is corresponding matches with described
It sets, by the configuration as equipment Regulation corresponding with the parameter of regularity in the configuration rule of the equipment under test.
Optionally, before the step of at least one checks task in the identification, further includes: obtain and close the conjunction rule that rule check
Regular repository and business demand;Inspection task is generated according to the regular repository of the conjunction and the business demand.
Optionally, the extracting rule according to the parameter of regularity is extracted and is set on the corresponding equipment under test of the tested type
The parameter value for the parameter of regularity set, comprising: obtain the first configuration information of the corresponding equipment under test of the tested type;According to
According to the extracting rule of the parameter of regularity, extracted in first configuration information on the corresponding equipment under test of the tested type
The parameter value for the parameter of regularity being arranged.
According to second aspect, the embodiment of the present disclosure provides a kind of check device, comprising: first processing module, for knowing
At least one does not check that task, the inspection task include tested type and tested rule, and the tested rule includes rule
Parameter;Second processing module, for receiving the extraction instruction for carrying the extracting rule of the parameter of regularity, and according to the rule
The extracting rule of parameter extracts the parameter value for the parameter of regularity being arranged on the corresponding equipment under test of the tested type;The
Three processing modules are generated for the parameter of regularity in the tested rule to be replaced with to the parameter value of the parameter of regularity
The corresponding tested rule of each equipment under test;Fourth processing module judges on the equipment under test for being directed to each equipment under test
The equipment Regulation of setting tested rule match whether corresponding with the equipment under test.
Optionally, the tested type includes interface level inspect-type, facility level inspect-type and link rank
At least one of inspect-type;Then the corresponding equipment under test of the tested type includes interface level inspect-type connecing of including
The equipment that the equipment and link rank inspect-type that equipment, facility level inspect-type belonging to mouthful include include.
Optionally, the fourth processing module includes: the first processing submodule, is used for according to the parameter of regularity, in institute
It states and searches equipment Regulation corresponding with the parameter of regularity in the configuration rule of equipment under test;First judging submodule, for sentencing
In the occurrence tested rule whether corresponding with the equipment under test for the equipment Regulation being arranged on the equipment under test of breaking
It is completely the same with item.
Optionally, the first processing submodule includes: first processing units, for determining according to the parameter of regularity
It is corresponding with the parameter of regularity to start mark and end of identification;The second processing unit, for matching in the equipment under test
It sets to extract in rule and starts mark and the corresponding configuration of end of identification with described, by the configuration conduct equipment under test
Configuration rule in equipment Regulation corresponding with the parameter of regularity.
Optionally, further includes: first obtains module, needs for obtaining the regular repository of conjunction for closing rule inspection and business
It asks;5th processing module, for generating inspection task according to the regular repository of the conjunction and the business demand.
Optionally, the Second processing module includes: the first acquisition submodule, corresponding for obtaining the tested type
First configuration information of equipment under test;Second processing submodule, for the extracting rule according to the parameter of regularity, described
The parameter value for the parameter of regularity being arranged on the corresponding equipment under test of the tested type is extracted in one configuration information.
According to the third aspect, the embodiment of the present disclosure provides a kind of electronic equipment, comprising: memory and processor, it is described
Connection is communicated with each other between memory and the processor, computer instruction is stored in the memory, and the processor is logical
It crosses and executes the computer instruction, thereby executing the inspection method any in disclosure first aspect.
According to fourth aspect, the embodiment of the present disclosure provides a kind of computer readable storage medium, described computer-readable
Storage medium is stored with computer instruction, and the computer instruction is for making the computer thereby executing disclosure first aspect
In any inspection method.
Disclosed technique scheme, has the advantages that
The inspection method that the disclosure provides, comprising: identify that at least one inspection task, the inspection task include tested class
Type and tested rule, the tested rule includes parameter of regularity;Receive the extraction for carrying the extracting rule of the parameter of regularity
Instruction, and the extracting rule according to the parameter of regularity, extract be arranged on the corresponding equipment under test of the tested type it is described
The parameter value of parameter of regularity;The parameter of regularity in the tested rule is replaced with to the parameter value of the parameter of regularity, it is raw
At the corresponding tested rule of each equipment under test;For each equipment under test, the equipment Regulation being arranged on the equipment under test is judged
Whether tested rule match corresponding with the equipment under test.Above-mentioned inspection method is obtained according to the extracting rule of parameter of regularity
Each actual parameter value of equipment under test, and above-mentioned parameter value is substituted into tested rule to generate each equipment under test corresponding tested
Rule realizes and adjusts the regular scope of examination according to the actual disposition dynamic of equipment under test, without going people according to the difference of equipment
To adjust Rule content, realizes dynamic and close rule inspection, improve and close the flexibility that rule check.
Detailed description of the invention
It, below will be to specific in order to illustrate more clearly of disclosure specific embodiment or technical solution in the prior art
Embodiment or attached drawing needed to be used in the description of the prior art be briefly described, it should be apparent that, it is described below
Attached drawing is some embodiments of the disclosure, for those of ordinary skill in the art, before not making the creative labor
It puts, is also possible to obtain other drawings based on these drawings.
Fig. 1 is the flow chart of a specific example of the inspection method of the embodiment of the present disclosure;
Fig. 2 is the flow chart of another specific example of the inspection method of the embodiment of the present disclosure;
Fig. 3 is the flow chart of another specific example of the inspection method of the embodiment of the present disclosure;
Fig. 4 is the flow chart of another specific example of the inspection method of the embodiment of the present disclosure;
Fig. 5 is the flow chart of another specific example of the inspection method of the embodiment of the present disclosure;
Fig. 6 is the schematic diagram of a specific example of the extraction instruction of the inspection method of the embodiment of the present disclosure;
Fig. 7 is the schematic diagram of another specific example of the extraction instruction of the inspection method of the embodiment of the present disclosure;
Fig. 8 is the block diagram of a specific example of the check device of the embodiment of the present disclosure;
Fig. 9 is the hardware structural diagram of the electronic equipment of the embodiment of the present disclosure.
Specific embodiment
To keep the purposes, technical schemes and advantages of the embodiment of the present disclosure clearer, below in conjunction with the embodiment of the present disclosure
In attached drawing, the technical solution in the embodiment of the present disclosure is clearly and completely described, it is clear that described embodiment is
Disclosure a part of the embodiment, instead of all the embodiments.Based on the embodiment in the disclosure, those skilled in the art are not having
Every other embodiment obtained under the premise of creative work is made, the range of disclosure protection is belonged to.
In the description of the disclosure, it should be noted that term " center ", "upper", "lower", "left", "right", "vertical",
The orientation or positional relationship of the instructions such as "horizontal", "inner", "outside" be based on the orientation or positional relationship shown in the drawings, merely to
Convenient for description the disclosure and simplify description, rather than the device or element of indication or suggestion meaning must have a particular orientation,
It is constructed and operated in a specific orientation, therefore should not be understood as the limitation to the disclosure.In addition, term " first ", " second ",
" third " is used for descriptive purposes only and cannot be understood as indicating or suggesting relative importance.
In the description of the disclosure, it should be noted that unless otherwise clearly defined and limited, term " installation ", " phase
Even ", " connection " shall be understood in a broad sense, for example, it may be being fixedly connected, may be a detachable connection, or be integrally connected;It can
To be mechanical connection, it is also possible to be electrically connected;It can be directly connected, can also can be indirectly connected through an intermediary
Connection inside two elements.For the ordinary skill in the art, above-mentioned term can be understood at this with concrete condition
Concrete meaning in open.
As long as in addition, the non-structure each other of technical characteristic involved in disclosure different embodiments disclosed below
It can be combined with each other at conflict.
Inventors have found that audit function is advised in the conjunction that many webmastering softwares (such as IMC intelligent management platform) provide at present,
It when batch detection device, can only go to check all equipment according to a kind of fixed Rule content, cannot match according to equipment is practical
It sets and Rule content is adjusted flexibly, cause the flexibility checked lower.Such as check the VLAN configuration of interface, since distinct device is matched
The VLAN set is different, therefore carries out needing artificial formulation multiple rule to match to adapt to distinct device when conjunction rule check to distinct device
It sets.
The embodiment of the present disclosure provides a kind of inspection method, can be applied to electronic equipment, which can be used for
It executes and closes rule inspection task.As shown in Figure 1, inspection method includes step S1-S3, it is particularly applicable to personal computer
On the electronic equipments such as (personal computer, be abbreviated as PC), virtual machine or server, conjunction rule are carried out to the network equipment
It checks.
Step S1: identifying at least one inspection task, and the task that checks includes tested type and tested rule, is tested rule
Including parameter of regularity.
In one embodiment, whether inspection task closes rule mainly for detection of equipment under test, that is, detects the rule of equipment under test
Lattice, configuration use etc. whether to meet regulation.For an inspection task, the equipment under test for needing to detect in the inspection task can
It including multiple equipment, that is, needs to check multiple equipment, with the specification of the multiple equipment of determination, configuration, uses etc. and to be
It is no to meet regulation.In practical applications, distinct device causes its actual disposition also can not phase according to the difference of actual use situation
Together, the configuring condition of equipment under test specifically can be rationally arranged as needed.For example, the VLAN ID value of equipment under test A be 1,20,
The VLAN ID value of 30, equipment under test B are 1,100,150.
It may each comprise at least one it should also be noted that, checking the conjunction rule of each of multiple equipment under tests equipment
Inspection task.
In one embodiment, rule are closed and checks specifically may include checking whether the device configuration of equipment under test meets company's rule
Fixed, corporate policy is depending on the information security of specific company difference.It closes rule and checks that included particular content can be one
Inspection task, is also possible to two even more inspection tasks, above-mentioned inspection task can be to the specification check of equipment or
The loop inspection of person's interface or equipment access configuration inspection etc., the present embodiment only schematically illustrates, and is not limited thereto,
It rationally determines according to the actual situation.
In one embodiment, it checks that task includes 2 parts, specifically can be tested type and tested rule.Certainly, exist
In other embodiments, inspection task can also include other contents in addition to above-mentioned included content, such as equipment under test list
Information, inspection level information, violation level information etc..
Specifically, tested type may include interface level inspect-type, facility level inspect-type and the inspection of link rank
Look at least one of type.
Different tested types correspond to different equipment under tests.For interface level inspect-type, corresponding be tested is set
Equipment belonging to the standby interface for including for interface level inspect-type in all equipment under tests.For facility level inspect-type,
Its corresponding equipment under test is the equipment that facility level inspect-type includes in all equipment under tests.Class is checked for link rank
Type, corresponding equipment under test are the equipment that link rank inspect-type includes in all equipment under tests.
Such as: the interface that interface level inspect-type includes is Fast Ethernet mouth, then includes fast in all equipment under tests
The equipment of fast Ethernet interface is then corresponding equipment under test.Its device type can be interchanger, router or
On wireless device.
Facility level inspect-type includes list of devices, includes device identification in the list of devices, then corresponding quilt
Measurement equipment is then the equipment in the list of devices.Its device type can be interchanger, router, safety equipment, nothing
Line equipment, firewall or load-balancing device.
Link rank inspect-type includes the equipment of certain link and composition link, then corresponding equipment under test
It is the equipment for forming the link.In one example, link rank inspect-type includes link 1,2, and the equipment of composition link 1 is to set
Standby A and equipment B, the equipment of composition link 2 are equipment B and equipment C, then equipment under test is equipment A, B, C.
Parameter of regularity in tested rule can rationally be determined according to the actual conditions that rule check are closed.Rule inspection task is closed to be based on
Tested rule goes to check conjunction rule/violation situation of the configuration rule of equipment.
For example, check task be check interface VLAN configuration comprising tested type be interface level inspect-type,
Tested rule is " port trunk permit vlan$ { VLAN-ID } ", and parameter of regularity is " VLAN-ID ".When implementing,
Can be based on tested rule " port trunk permit vlan$ { VLAN-ID } " go to check in equipment under test about
Whether the configuration rule of VLAN-ID closes rule.
In another example check task be check equipment ACL configuration comprising tested type be facility level inspection class
Type is tested rule are as follows:
" acl number$ { ACL-number } name financeAcl
rule 0 permit ip source 192.168.2.0 0.0.0.255 destination
192.168.0.100 0 time-range work
5 deny ip destination 192.168.0.100 0 " of rule, parameter of regularity are " ACL-number ".
It, can be based on tested rule when implementing are as follows:
" acl number$ { ACL-number } name financeAcl
rule 0 permit ip source 192.168.2.0 0.0.0.255 destination
192.168.0.100 0 time-range work
5 deny ip destination 192.168.0.100 0 " of rule goes to check in equipment under test about ACL-
Whether the configuration rule of number closes rule.
Above, the embodiment of the present application is mentioned, and inspection task can also include its in addition to above-mentioned included content
Its content, such as equipment under test list information, inspection level information, violation level information.It in specific application, can be in conjunction with inspection
The content that the task of looking into includes, it is determined which rule in which equipment checked.
In one embodiment, violation level information may include a variety of different violation ranks, such as alert, is important, notifying,
Secondary and urgent etc., the present embodiment only schematically illustrates, and is not limited thereto.Check level information, be used for it is determined that
The violation level information of inspection.
When implementing, violation level information can be in conjunction with the inspection level information in inspection task it is determined which is checked
The rule of rank.Such as the violation rank of rule a is warning, the violation rank of regular b is important;If the inspection of task is arranged
Rank be it is important, then rule a will not be checked;If checking that rank is set as all, rule a, rule b can be checked.
Equipment under test list information may include the mark of equipment under test for characterizing the specific equipment that equipment under test is included
Know, it is subsequent if any equipment variations, such as increase equipment or sweep equipment, with synchronous vacations and quilt can be updated in conjunction rule inspection task
The mark of measurement equipment.The mark of equipment under test can be the implementor name of technical staff's preset configuration, be also possible to device model, also
It can be device type, equipment Serial Number, the present embodiment is not particularly limited, as long as can be identified for that equipment.
For example, including equipment A and equipment B in device list information, inspection task is then correspondingly needed to equipment A and equipment
The two equipment of B carry out closing rule inspection.
In one example, equipment under test is identified as device model, then with the equipment of all models in inspection system.Example
Such as, include interchanger H in device list information, then check that task needs to carry out conjunction rule to the equipment that device model is interchanger H
It checks.In other examples, equipment under test is identified as device type, then with the equipment of all the type in inspection system.
For example, including interchanger in device list information, then check that task needs to carry out conjunction rule to the equipment that device type is interchanger
It checks.
In another embodiment, check that task can also include task identification and execution time.Task identification can be
Task names distinguishing different task types, such as check the VLAN configuration of interface or check the ACL configuration of equipment.
Executing the time may include that periodic task executes time and disposable task execution time, determine that closing rule checks according to the time is executed
It is periodical execution or Exactly-once.It certainly, in other embodiments, can also include other information, such as task is retouched
It states.
In the present embodiment, step S2 can recognize that the parameter of regularity in tested rule.Specifically, can identify tested
The first predetermined symbol in rule, when recognizing first predetermined symbol, then it is assumed that be located at the after the first predetermined symbol
Character in two predetermined symbols is parameter of regularity.Wherein, the first predetermined symbol can be, #, %, at least one of
Or any combination.Second predetermined symbol can be at least one of { }, [], " ", ' '.First predetermined symbol, the second default symbol
Number only make example, this programme is not particularly limited.
In one example, the first predetermined symbol is $, and the second predetermined symbol is { }.In other examples, the first default symbol
Number be #, the second predetermined symbol be [].In other examples, the first predetermined symbol is #, and the second predetermined symbol is " ".
Such as: the first predetermined symbol is $, and the second predetermined symbol is { }, it is assumed that
Tested rule are as follows: acl number$ { ACL-number } name financeAcl, then parameter of regularity is ACL-
number;
Tested rule are as follows: port trunk permit vlan$ { VLAN-ID }, then parameter of regularity is VLAN-ID.
Step S2: receiving the extraction instruction for carrying the extracting rule of parameter of regularity, and the extracting rule according to parameter of regularity,
Extract the parameter value for the parameter of regularity being arranged on the tested corresponding equipment under test of type.
In actual scene networking, for same parameter of regularity, the parameter value of the configuration of distinct device may be different, if adopting
The mode for going to check all equipment with the existing content according to a kind of fixed tested rule then needs tested according to every
The facilities of equipment Regulation modify the content for being tested rule one by one, then test the rule being arranged on the equipment under test,
Cost of labor is too high.To avoid such situation, inventors have found that it is directed to the rule of a certain type, on different devices, rule
Then format is actually the same or roughly the same, and only specific parameter of regularity value is different.It therefore, can be according to the similar of rule schemata
Place is arranged general tested rule schemata, and specific parameter of regularity value is replaced with a general dynamic parameter, with
The tested rule general to equipment under test.
Therefore, the embodiment of the present application finds the something in common for the rule being arranged in each equipment, is arranged according to the something in common
General tested rule, and general parameter of regularity is set in tested rule, which is dynamic parameter.When rule is joined
When number is identified to, it can be used to extract the specific parameter value being arranged on equipment under test.Then the rule of tested rule is joined
Number is substituted for the parameter value of extraction, it can obtains the tested rule for the equipment under test.By foregoing description, can pass through
One general tested rule gets the corresponding tested rule of each equipment under test in all equipment under tests, save the artificial, time and
Hardware cost.
In one embodiment, extracting the extracting rule that instruction carries can be regular expression.It is mentioned by regular expression
The parameter value of above-mentioned parameter of regularity is taken, the complex control of character string can be reached with open-and-shut mode, so that parameter of regularity
The extracting mode of parameter value is more flexible, logicality and functionality are stronger.For example, parameter of regularity is VLAN ID, VLAN is extracted
The regular expression of ID value can be vlan [1-9] [0-9] { 0,3 }.In another example parameter of regularity is acl number, extract
The regular expression of acl number value can be aclnumber [0-9] { 4 } name financeAcl and (obtain entitled
The ACL Number of financeAcl).
Step S3: the parameter of regularity in tested rule is replaced with to the parameter value of parameter of regularity, generates each equipment under test pair
The tested rule answered.By with inspection task be adapted tested rule carry out close rule check, improve inspection flexibility and
Convenience.
In one embodiment, each equipment under test parameter value is substituted into the tested rule in inspection task, is replaced by gauge
Parameter of regularity in then generates the corresponding tested rule of each equipment under test, to carry out in the next steps to every equipment under test
Rule are closed to check.
For example, check task be check interface VLAN configuration comprising tested type be interface level inspect-type,
Tested rule setting is " port trunk permit vlan$ { VLAN-ID } ", and the parameter of regularity in tested rule is
" VLAN-ID ";In the configuration file of equipment under test VLAN ID value include 1,20,30, therefore, extract with inspection task pair
The parameter value answered is 1,20 and 30.Above-mentioned parameter value is substituted into tested rule, the tested rule of generation is as follows:
If the above-mentioned VLAN ID value in the configuration file of device manufacturer is merged together, correspondingly Rule content
For port trunk permit vlan 1 20 30;
If the above-mentioned VLAN ID value in the device configuration file of device manufacturer is dismantled, correspondingly Rule content is
port trunk permit vlan 1
port trunk permit vlan 20
port trunk permit vlan 30。
Step S4: be directed to each equipment under test, judge the equipment Regulation being arranged on equipment under test whether with equipment under test pair
The tested rule match answered.
Above-mentioned inspection method obtains each actual parameter value of equipment under test according to the extracting rule of parameter of regularity, and will be upper
It states parameter value and is substituted into tested rule and generate the corresponding tested rule of each equipment under test, realize the reality according to equipment under test
Configuration dynamic adjusts the regular scope of examination, goes artificially to adjust Rule content without the difference according to equipment, realizes dynamic and closes rule
It checks, improves and close the flexibility that rule check.
In one embodiment, as shown in Fig. 2, step S2 specifically may include step S21-S22.
Step S21: the first configuration information of the tested corresponding equipment under test of type is obtained.
In one embodiment, the first configuration information may include whole configuration informations of equipment, can also only include and this
The relevant configuration information of inspection task is advised in secondary conjunction, can be rationally arranged as needed in practical applications.First configuration information is by setting
Standby manufacturer provides.
Step S22: according to the extracting rule of parameter of regularity, it is corresponding tested that tested type is extracted in the first configuration information
The parameter value for the parameter of regularity being arranged in equipment.The configuration for the equipment under test that different vendor provides is different, therefore matches from distinct device
The parameter value of the parameter of regularity extracted in setting is also different, so that the subsequent rule scope of examination of closing is according to the actual disposition of distinct device
Situation is adjusted.
Above-mentioned inspection method determines the parameter value of parameter of regularity by the first configuration information of equipment under test, so that closing rule
Check that the configuration with equipment under test is adapted, flexibility is higher.
In one embodiment, as shown in figure 3, step S4 specifically may include step S41-S42.
Step S41: according to parameter of regularity, equipment rule corresponding with parameter of regularity are searched in the configuration rule of equipment under test
Then.
Specifically, as shown in figure 4, step S41 includes step S411-S412.
Step S411: according to parameter of regularity, determination is corresponding with parameter of regularity to start mark and end of identification.
Specifically, different parameter of regularity correspond to it is different start mark and end of identification, start mark and end of identification
It also needs to match with the configuration content of the configuration file in equipment under test.
For example, the scope of examination is to check the VLAN configuration of interface in the inspection task of interface level type, it is tested rule
For " port trunk permit vlan$ { VLAN-ID } ", parameter of regularity is " VLAN-ID ".
If configuration content corresponding with parameter of regularity is using interface as starting in equipment under test, # as terminating,
Then corresponding with " VLAN-ID " to start to be identified as " interface* ", end of identification is " # ".
If configuration content corresponding with parameter of regularity is using interface ethernet as starting in equipment under test,!
As end, then corresponding with " VLAN-ID " to start to be identified as " interface ethernet* ", end of identification is
"!".
In another example the scope of examination is to check the ACL configuration of equipment, parameter of regularity in the inspection task of facility level type
For " ACL-number ", using acl number as starting, # makees configuration content corresponding with parameter of regularity in equipment under test
To terminate, then corresponding with " ACL-number " to start to be identified as " acl number* ", end of identification is " # ".
In another example the scope of examination is to check local user's configuration of equipment, then in the inspection task of facility level type
The mark that starts corresponding with this can be " local-user* ", and end of identification can be " # ".
Step S412: extracting in the configuration rule of equipment under test and starts mark and end of identification is corresponding matches
It sets, will configure as equipment Regulation corresponding with parameter of regularity in the configuration rule of equipment under test.
Specifically, the configuration rule of equipment under test can be is obtained by the second configuration information of equipment under test, and second matches
Confidence breath may include the Backup Data of the newest running configuration of equipment under test, that is, pass through the standby of the newest running configuration of equipment under test
Part data obtain the configuration rule of equipment under test, and the Backup Data of above-mentioned newest running configuration can be provided according to device manufacturer.When
So, in other embodiments, the equipment under test can also be directly acquired on equipment under test by being directly connected to equipment under test
Configuration rule, only schematically illustrate in the present embodiment, be not limited thereto.Above-mentioned second configuration information can match with first
Confidence manner of breathing is same, can also be different, rationally setting as needed in practical application.
Such as in the inspection task of interface level type, the scope of examination is to check the VLAN configuration of interface, is set tested
Extracted in standby configuration rule with start mark and end of identification it is corresponding configure may is that
#
interface NULL0
#
Interface Vlan-interface1
ip address 172.22.5.87 255.255.255.0
#
interface FortyGigE1/0/53
Port link-mode bridge
Port link-type trunk
port trunk permit vlan 1 1988
#
interface FortyGigE1/0/54
Port link-mode bridge
Port link-type trunk
port trunk permit vlan 1 1988
#
In another example the scope of examination is to check role's configuration of interface in the inspection task of interface level type, carrying out
When role's configuration inspection of interface, extracted in the configuration rule of equipment under test with start mark and end of identification it is corresponding
Configuration may is that
Step S42: judge that whether corresponding with equipment under test the occurrence for the equipment Regulation being arranged on equipment under test is tested
Occurrence in rule is completely the same.
In one embodiment, by the occurrence in the occurrence for the equipment Regulation being arranged on equipment under test and tested rule into
Row compares, if the two exactly matches, rule are closed in the configuration of equipment;If the two mismatches, the configuration of equipment is in violation of rules and regulations.
For example, such as checking whether be configured with vlan 10 in equipment.Assuming that extracts from equipment is configured to
“vlan 1
vlan 10
vlan 55
Vlan 60 ",
Vlan 10 has been checked, that is, has thought to close and advises and stop, not having needed to be further continued for checking whether vlan 55 closes rule.
It should be noted that in other embodiments, the equipment Regulation being arranged on judging the equipment under test whether with
In the step of equipment under test corresponding tested rule match, it is also possible to be configured to each in equipment under test one by one
Compare.
Above-mentioned inspection method by start mark and end of identification first find in the configuration rule of equipment under test with rule
The corresponding equipment Regulation of parameter, is matched again later, effectively reduces match time, is improved and is closed the inspection effect that rule check
Rate.
In one embodiment, as shown in figure 5, further including before step S1 identifies the step of at least one checks task
Step S5-S6.
Step S5: the regular repository of conjunction and business demand for closing that rule check are obtained.
In one embodiment, it closes and advises regular repository and can be pre-generated and store, specifically may include close rule to check
All inspection tasks, can be constantly updated and perfect according to the actual conditions that rule check are closed in actual application,
It is checked with guaranteeing that the regular repository of conjunction can satisfy all conjunction rule.Certainly, in other embodiments, close and advise regular repository
It is also possible to directly generate before closing rule and checking, rationally setting as needed.
In one embodiment, the device configuration of different vendor also can not be identical, and therefore, different vendor advises inspection to the conjunction of equipment
Looking into requirement also can be different, and business demand is determined according to the conjunction rule inspection requirements of manufacturer, can specifically be mentioned by device manufacturer
For.
Step S6: inspection task is generated according to the regular repository of conjunction and business demand.
In one embodiment, corresponding to closing and advise and find in regular repository with the business demand according to business demand
Rule inspection task is closed, is checked to carry out different conjunction rule to each equipment.
Closing regular repository includes a variety of different types of inspection tasks, and business demand specifically can be according to client's reality
It needs to be determined that.Inspection task include interface VLAN configuration, equipment ACL configuration, equipment local user configuration, equipment it is pre-
Set starting Syslog functional verification etc.;Business demand is that the VLAN of interface is configured, then checks that the VLAN that task is interface is configured.
It should be noted that above-mentioned steps S5 and S6 are only to generate a specific example for closing the inspection task that rule check,
It only schematically illustrates, is not limited thereto.In other embodiments, it is also possible to directly acquire the inspection times for closing that rule check
Business is not necessarily to step S5 and S6 at this time.
On the basis of above-mentioned inspection method, after step s4, further includes: after the completion of task to be checked, generate and close rule
The inspection result of inspection can easily show whether the configuration of equipment closes rule by inspection result, close rule to understand in time
It checks situation, provides foundation for the configuration adjustment of follow-up equipment.
In one embodiment, it is generated after checking out and closes the inspection result that rule check, which above-mentioned inspection result may include
Which irregularity a little close advises, and irregularity is particularly shown the interface name or device name, configuration that content may include irregularity
Situation and inspection rule.For example, the VLAN ID value that the port of equipment A should include is 1,20 and 30 3 ID value, it is therein
A Port detecting to VLANID there was only 1 and 20, then the configuration of the port a be unsatisfactory for close rule check rule, inspection result be do not conform to
Rule;The present embodiment only schematically illustrates, and is not limited thereto.
It can also include that control display device show above-mentioned inspection after the step of generating the inspection result for closing rule inspection
As a result, checking inspection result with more intuitive.
For example, executing order dis acl all, the inspection result of echo is as follows:
dis acl all
3000, named-none-, 0 rule of Advanced ACL,
ACL ' s step is 5
3001, named-none-, 0 rule of Advanced ACL,
ACL ' s step is 5
Above-mentioned execution order " dis acl all " is to look at all ACL configurations of equipment, according to echo message, in equipment
Be configured with ACL 3000 the two ACL of ACL 3001, and at present under the two ACL all without configuration rule.
It is described in detail below with a specific example, such as checks the VLAN configuration of interface.
Rule inspection task of closing is obtained first, and it includes tested rule which, which advises in inspection task, is tested rule comprising dynamic
Parameter of regularity, the tested Rule content of configuration are " port trunk permit vlan$ { VLAN-ID } ".Later, it identifies
Parameter of regularity " VLAN-ID ", and the parameter in equipment under test is extracted, it is real such as to extract equipment to be checked by regular expression
The VLAN ID of border configuration, extracting method in extracting method as shown in fig. 6, can embody extracting rule vlan [1-9] [0-
9] { 0,3 }.Then, when executing conjunction rule inspection task, according to the parameter extraction Rule Extraction of configuration from each equipment to be checked
Parameter value is substituted into the parameter of regularity for being tested rule, the corresponding Rule content of composition equipment under test using the parameter value of extraction.Often
For a equipment according to actual configuring condition, the parameter value of extraction is different, therefore the Rule content formed is different, to realize dynamic
Conjunction advise check.Order and extracting method composition are the extraction orders executed in equipment in Fig. 6, wherein are taken in extracting method
Extracting rule with parameter of regularity, order, which is played the role of executing, extracts order, to get order line echo, is then echoing
Extracting rule in content according to configuration extracts the parameter value of equipment under test.
For example, equipment under test includes two equipment A, equipment B equipment, extracted from equipment A when checking task execution
VLAN ID value is 1,20,30, and the VLAN ID value extracted on equipment B is 1,100,150.According to scheme Design, this two
The tested rule of a equipment as shown in Table 1 and Table 2, can support both schemes simultaneously.When executing conjunction rule inspection task, according to
The design scheme of system selects the tested rule in above table to carry out closing rule inspection to the interface under equipment A and equipment B respectively.
Specifically, can according in following table 1 it is tested rule in equipment A about port trunk permit vlan 1 20 30
Configuration rule matched, judge whether the configuration rule in equipment A closes rule.The present embodiment can also be according in following table 1
Tested regular equipment B in matched about the configuration rule of port trunk permit vlan 1 100 150, judge
Whether the configuration rule in equipment B closes rule.
Table 1
It should be noted that the parameter of regularity in the present embodiment can extract multiple numerical value according to equipment under test actual disposition,
Such as 1,20,30.
It is described in detail below with another specific example, such as checks the ACL configuration of equipment.
Some configuration names can be fixed in certain application scenarios, network to realize certain specific transactions.Such as creation one
The advanced ACL of a specific names, and formulate following rule: Finance Department at work between access financial database server, forbid
Other departments at any time, Finance Department access the server on one's own time.Assuming that the IP network section of Finance Department is
192.168.2.0/24, financial database server ip network segment is 192.168.0.100/24.
Inspection task, configuration rule content are obtained first are as follows:
Acl number$ { ACL-number } name financeAcl
rule 0 permit ip source 192.168.2.0 0.0.0.255 destination
192.168.0.100 0 time-range work
rule 5 deny ip destination 192.168.0.100 0;
Dynamic parameter of regularity " ACL-number " is identified later, and extracts the parameter of the parameter in equipment under test
Value, extracting method, which can be, extracts financial ACL Number, extracting method by fixed ACL name combination regular expression
As shown in fig. 7, extracting rule acl number [0-9] { 4 } name finaceAcl can be embodied in extracting method.Then,
The parameter value that parameter of regularity in tested rule is replaced with to parameter of regularity, generates the corresponding tested rule of each equipment under test, into
And it is executed according to tested rule and closes rule inspection.For example, equipment under test includes two equipment A, equipment B equipment, inspection task is executed
When the ACL Number that is extracted from equipment A be 3000, the ACL Number extracted on equipment B is 3010, is advised according to closing
The design of inspection system, the tested rule of the two equipment is as shown in table 2.When executing inspection task, mentioned according to equipment A and equipment B
The ACL Number taken is different, to construct different tested rules, realizes dynamic close and advises inspection.Specifically, can be according to
According in following table 2 it is tested rule in equipment A about the configuration rule of 3000 name financeAcl of acl number into
Row matching, judges whether the configuration rule in equipment A closes rule.The present embodiment can also be set according to the tested rule in following table 2
Configuration rule in standby B about 3010 name financeAcl of acl number is matched, and judges the configuration in equipment B
Whether rule closes rule.
Table 2
Tested rule in inspection task in above-mentioned inspection method includes parameter of regularity, tested by extracting instruction extraction
The parameter value for the parameter of regularity being arranged on the corresponding equipment under test of type, (herein according to regular expression extracting parameter value) will
The parameter value got is substituted into tested rule and generates the corresponding tested rule of each equipment under test, then to each equipment under test
It carries out conjunction rule to check, realizes and rule is tested according to equipment actual disposition dynamic adjustment, save artificial, time and hardware cost.
A kind of check device is additionally provided in the present embodiment, and the device is for realizing above-described embodiment and preferred implementation side
Formula, the descriptions that have already been made will not be repeated.As used below, the software of predetermined function may be implemented in term " module "
And/or the combination of hardware.Although device described in following embodiment is preferably realized with software, hardware or soft
The realization of the combination of part and hardware is also that may and be contemplated.
Correspondingly, referring to FIG. 8, the embodiment of the present disclosure provides a kind of check device, comprising: first processing module 1, second
Processing module 2, third processing module 3 and fourth processing module 4.
First processing module 1, at least one checks task for identification, the inspection task include tested type and by
Then, the tested rule includes parameter of regularity to gauge;Detailed content is with reference to described in step S1.
Second processing module 2, for receiving the extraction instruction for carrying the extracting rule of the parameter of regularity, and according to described
The extracting rule of parameter of regularity extracts the parameter for the parameter of regularity being arranged on the corresponding equipment under test of the tested type
Value;Detailed content is with reference to described in step S2.
Third processing module 3, for the parameter of regularity in the tested rule to be replaced with the parameter of regularity
Parameter value generates the corresponding tested rule of each equipment under test;Detailed content is with reference to described in step S3.
Fourth processing module 4 judges that the equipment Regulation being arranged on the equipment under test is for being directed to each equipment under test
No tested rule match corresponding with the equipment under test;Detailed content is with reference to described in step S4.
In one embodiment, the tested type includes interface level inspect-type, facility level inspect-type and chain
At least one of road rank inspect-type;Then the corresponding equipment under test of the tested type includes interface level inspect-type packet
The equipment that the equipment and link rank inspect-type that equipment belonging to the interface included, facility level inspect-type include include.
Optionally, the fourth processing module includes: the first processing submodule, is used for according to the parameter of regularity, in institute
It states and searches equipment Regulation corresponding with the parameter of regularity in the configuration rule of equipment under test, detailed content refers to step S41 institute
It states;Whether the occurrence of the first judging submodule, the equipment Regulation for judging to be arranged on the equipment under test is tested with described
Occurrence in the corresponding tested rule of equipment is completely the same, and detailed content is with reference to described in step S42.
Optionally, the first processing submodule includes: first processing units, for determining according to the parameter of regularity
Corresponding with the parameter of regularity to start mark and end of identification, detailed content is with reference to described in step S411;Second processing list
Member starts mark and the corresponding configuration of end of identification with described for extracting in the configuration rule of the equipment under test,
By the configuration as equipment Regulation corresponding with the parameter of regularity in the configuration rule of the equipment under test, detailed content ginseng
It examines described in step S412.
Optionally, further includes: first obtains module, needs for obtaining the regular repository of conjunction for closing rule inspection and business
It asks, detailed content is with reference to described in step S5;5th processing module, for according to the regular repository of the conjunction and the business need
Inspection task is sought survival into, detailed content is with reference to described in step S6.
Optionally, the Second processing module includes: the first acquisition submodule, corresponding for obtaining the tested type
First configuration information of equipment under test, detailed content is with reference to described in step S21;Second processing submodule, for according to the rule
The then extracting rule of parameter extracts the institute being arranged on the corresponding equipment under test of the tested type in first configuration information
The parameter value of parameter of regularity is stated, detailed content is with reference to described in step S22.
The further function description of above-mentioned modules is identical as above method embodiment, and details are not described herein.
The embodiment of the present disclosure additionally provides a kind of electronic equipment, as shown in Figure 9, comprising: processor 101 and memory 102;
Wherein, processor 101 can be connected with memory 102 by bus or other modes, to be connected as by bus in Fig. 9
Example.
Processor 101 can be central processing unit (Central Processing Unit, CPU).Processor 101 may be used also
Think other general processors, digital signal processor (Digital Signal Processor, DSP), specific integrated circuit
(Application Specific Integrated Circuit, ASIC), field programmable gate array (Field-
Programmable Gate Array, FPGA) either other programmable logic device, discrete gate or transistor logic,
The combination of the chips such as discrete hardware components or above-mentioned all kinds of chips.
Memory 102 is used as a kind of non-transient computer readable storage medium, can be used for storing non-transient software program, non-
Transient computer executable program and module, such as the corresponding program instruction of the inspection method in the embodiment of the present disclosure/module (example
Such as, first processing module 1 shown in Fig. 8, Second processing module 2, third processing module 3 and fourth processing module 4).Processor
101 non-transient software program, instruction and the module by operation storage in the memory 102, thereby executing each of processor
Kind functional application and data processing, i.e. inspection method in realization above method embodiment.
Memory 102 may include storing program area and storage data area, wherein storing program area can store operation system
Application program required for system, at least one function;It storage data area can the data etc. that are created of storage processor 101.In addition,
Memory 102 may include high-speed random access memory, can also include non-transient memory, and a for example, at least disk is deposited
Memory device, flush memory device or other non-transient solid-state memories.In some embodiments, it includes opposite that memory 102 is optional
In the remotely located memory of processor 101, these remote memories can pass through network connection to processor 101.Above-mentioned net
The example of network includes but is not limited to internet, intranet, local area network, mobile radio communication and combinations thereof.
One or more of modules are stored in the memory 102, when being executed by the processor 101, are held
Inspection method in row embodiment as shown in Figures 1 to 5.
Above-mentioned server detail can correspond in embodiment referring to FIG. 1 to 5 corresponding associated description and
Effect is understood that details are not described herein again.
The embodiment of the present disclosure additionally provides a kind of computer readable storage medium, the computer-readable recording medium storage
There is computer instruction, the computer instruction is used to that the computer to be made to execute any of the above-described inspection method.This field
Technical staff be appreciated that realize above-described embodiment method in all or part of the process, be can by computer program come
Relevant hardware is instructed to complete, the program can be stored in a computer-readable storage medium, which is executing
When, it may include such as the process of the embodiment of above-mentioned each method.Wherein, the storage medium can be magnetic disk, CD, read-only storage note
Recall body (Read-Only Memory, ROM), random access memory (Random Access Memory, RAM), flash
Device (Flash Memory), hard disk (Hard Disk Drive, abbreviation: HDD) or solid state hard disk (Solid-State Drive,
SSD) etc.;The storage medium can also include the combination of the memory of mentioned kind.
Although being described in conjunction with the accompanying embodiment of the disclosure, those skilled in the art can not depart from the disclosure
Spirit and scope in the case where various modifications and variations can be made, such modifications and variations are each fallen within by appended claims institute
Within the scope of restriction.
Claims (14)
1. a kind of inspection method characterized by comprising
Identify that at least one inspection task, the inspection task include tested type and tested rule, the tested rule packet
Include parameter of regularity;
The extraction instruction for carrying the extracting rule of the parameter of regularity, and the extracting rule according to the parameter of regularity are received, is mentioned
Take the parameter value for the parameter of regularity being arranged on the corresponding equipment under test of the tested type;
The parameter value that the parameter of regularity in the tested rule is replaced with to the parameter of regularity, generates each equipment under test pair
The tested rule answered;
For each equipment under test, judge whether the equipment Regulation being arranged on the equipment under test is corresponding with the equipment under test
Tested rule match.
2. inspection method according to claim 1, which is characterized in that the tested type includes that interface level checks class
At least one of type, facility level inspect-type and link rank inspect-type;Then
The corresponding equipment under test of the tested type includes equipment, device level belonging to interface that interface level inspect-type includes
The equipment that the equipment and link rank inspect-type that other inspect-type includes include.
3. inspection method according to claim 1, which is characterized in that judge the equipment Regulation being arranged on the equipment under test
Whether tested rule match corresponding with the equipment under test, comprising:
According to the parameter of regularity, equipment rule corresponding with the parameter of regularity are searched in the configuration rule of the equipment under test
Then;
Judge the occurrence for the equipment Regulation being arranged on the equipment under test tested rule whether corresponding with the equipment under test
In occurrence it is completely the same.
4. inspection method according to claim 3, which is characterized in that it is described according to the parameter of regularity, described tested
Equipment Regulation corresponding with the parameter of regularity is searched in the configuration rule of equipment, comprising:
According to the parameter of regularity, determination is corresponding with the parameter of regularity to start mark and end of identification;
It is extracted in the configuration rule of the equipment under test and starts mark and the corresponding configuration of end of identification with described, by institute
Configuration is stated as equipment Regulation corresponding with the parameter of regularity in the configuration rule of the equipment under test.
5. inspection method according to claim 1, which is characterized in that the step of at least one checks task in the identification
Before, further includes:
Obtain the regular repository of conjunction and business demand for closing that rule check;
Inspection task is generated according to the regular repository of the conjunction and the business demand.
6. inspection method according to claim 1, which is characterized in that according to the extracting rule of the parameter of regularity, extract
The parameter value for the parameter of regularity being arranged on the corresponding equipment under test of the tested type, comprising:
Obtain the first configuration information of the corresponding equipment under test of the tested type;
According to the extracting rule of the parameter of regularity, it is corresponding tested that the tested type is extracted in first configuration information
The parameter value for the parameter of regularity being arranged in equipment.
7. a kind of check device characterized by comprising
First processing module, at least one checks that task, the inspection task include being tested type and by gauge for identification
Then, the tested rule includes parameter of regularity;
Second processing module, for receiving the extraction instruction for carrying the extracting rule of the parameter of regularity, and according to the rule
The extracting rule of parameter extracts the parameter value for the parameter of regularity being arranged on the corresponding equipment under test of the tested type;
Third processing module, for the parameter of regularity in the tested rule to be replaced with to the parameter of the parameter of regularity
Value, generates the corresponding tested rule of each equipment under test;
Fourth processing module, for be directed to each equipment under test, judge the equipment Regulation being arranged on the equipment under test whether with
The corresponding tested rule match of the equipment under test.
8. check device according to claim 7, which is characterized in that the tested type includes that interface level checks class
At least one of type, facility level inspect-type and link rank inspect-type;Then
The corresponding equipment under test of the tested type includes equipment, device level belonging to interface that interface level inspect-type includes
The equipment that the equipment and link rank inspect-type that other inspect-type includes include.
9. check device according to claim 7, which is characterized in that the fourth processing module includes:
First processing submodule, for according to the parameter of regularity, searched in the configuration rule of the equipment under test with it is described
The corresponding equipment Regulation of parameter of regularity;
Whether the occurrence of the first judging submodule, the equipment Regulation for judging to be arranged on the equipment under test is tested with described
Occurrence in the corresponding tested rule of equipment is completely the same.
10. check device according to claim 9, which is characterized in that described first, which handles submodule, includes:
First processing units, for according to the parameter of regularity, determination is corresponding with the parameter of regularity to be started to identify and tie
Beam identification;
The second processing unit starts mark and end of identification with described for extracting in the configuration rule of the equipment under test
Corresponding configuration advises the configuration as equipment corresponding with the parameter of regularity in the configuration rule of the equipment under test
Then.
11. check device according to claim 7, which is characterized in that further include:
First obtains module, closes the regular repository of conjunction and business demand that rule check for obtaining;
5th processing module, for generating inspection task according to the regular repository of the conjunction and the business demand.
12. check device according to claim 7, which is characterized in that the Second processing module includes:
First acquisition submodule, for obtaining the first configuration information of the corresponding equipment under test of the tested type;
Second processing submodule extracts institute in first configuration information for the extracting rule according to the parameter of regularity
State the parameter value for the parameter of regularity being arranged on the corresponding equipment under test of tested type.
13. a kind of electronic equipment characterized by comprising
Memory and processor communicate with each other connection, are stored in the memory between the memory and the processor
Computer instruction, the processor is by executing the computer instruction, thereby executing as claimed in any one of claims 1 to 6
Inspection method.
14. a kind of computer readable storage medium, which is characterized in that the computer-readable recording medium storage has computer to refer to
It enables, the computer instruction is for making the computer thereby executing inspection method as claimed in any one of claims 1 to 6.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910391693.4A CN110278123B (en) | 2019-05-10 | 2019-05-10 | Checking method, checking device, electronic equipment and readable storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910391693.4A CN110278123B (en) | 2019-05-10 | 2019-05-10 | Checking method, checking device, electronic equipment and readable storage medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110278123A true CN110278123A (en) | 2019-09-24 |
CN110278123B CN110278123B (en) | 2021-04-06 |
Family
ID=67959281
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910391693.4A Active CN110278123B (en) | 2019-05-10 | 2019-05-10 | Checking method, checking device, electronic equipment and readable storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110278123B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113645525A (en) * | 2021-08-09 | 2021-11-12 | 中国工商银行股份有限公司 | Method, device, equipment and storage medium for checking running state of optical fiber switch |
CN114500312A (en) * | 2021-12-29 | 2022-05-13 | 中国电信股份有限公司 | Communication line checking method, device, electronic equipment and system |
Citations (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060036525A1 (en) * | 2004-08-13 | 2006-02-16 | The Bank Of New York | Regulation compliance monitoring, reporting and documentation support system |
US20080209991A1 (en) * | 2006-08-15 | 2008-09-04 | Tsang-Ming Chang | Fuel tank device capable of detecting consistency |
CN101415012A (en) * | 2008-11-06 | 2009-04-22 | 杭州华三通信技术有限公司 | Method and system for defending address analysis protocol message aggression |
US20090228722A1 (en) * | 2008-03-05 | 2009-09-10 | Inscape Data Corporation | Adjustable-voltage power-over-ethernet (PoE) switch |
CN101888311A (en) * | 2009-05-11 | 2010-11-17 | 中联绿盟信息技术(北京)有限公司 | Equipment, method and system for preventing network contents from being tampered |
CN104009869A (en) * | 2014-05-15 | 2014-08-27 | 华南理工大学 | Power secondary system information security level protection online compliance detection method |
CN104135737A (en) * | 2014-05-20 | 2014-11-05 | 浙江明讯网络技术有限公司 | Method of obtaining network element configuration data of LTE (Long Term Evolution) network base station |
CN204244262U (en) * | 2014-11-14 | 2015-04-01 | 国网重庆市电力公司江津供电分公司 | Based on the consistency test device of IEC 61850 configuration file of NI CRIO platform |
CN104506351A (en) * | 2014-12-18 | 2015-04-08 | 北京随方信息技术有限公司 | Method and system for performing online full-automatic configuration of compliance safety audit |
CN104618268A (en) * | 2014-12-30 | 2015-05-13 | 北京奇虎科技有限公司 | Network admission control method, authentication server and terminal |
CN105678188A (en) * | 2016-01-07 | 2016-06-15 | 杨龙频 | Anti-leakage protocol identification method and device for database |
CN105827872A (en) * | 2016-06-07 | 2016-08-03 | 维沃移动通信有限公司 | Control method of mobile terminal and mobile terminal |
CN107360271A (en) * | 2017-08-22 | 2017-11-17 | 顺丰科技有限公司 | Network equipment information obtains and IP address automatic division method, system and equipment |
CN107908485A (en) * | 2017-10-26 | 2018-04-13 | 中国平安人寿保险股份有限公司 | Interface parameters transmission method, device, equipment and computer-readable recording medium |
CN108200034A (en) * | 2017-12-27 | 2018-06-22 | 新华三信息安全技术有限公司 | A kind of method and device for identifying domain name |
CN108322452A (en) * | 2018-01-15 | 2018-07-24 | 深圳市联软科技股份有限公司 | Network closes rule detection method, device, equipment and medium |
CN109710508A (en) * | 2018-08-20 | 2019-05-03 | 平安普惠企业管理有限公司 | Test method, test device, test equipment and computer readable storage medium |
-
2019
- 2019-05-10 CN CN201910391693.4A patent/CN110278123B/en active Active
Patent Citations (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060036525A1 (en) * | 2004-08-13 | 2006-02-16 | The Bank Of New York | Regulation compliance monitoring, reporting and documentation support system |
US20080209991A1 (en) * | 2006-08-15 | 2008-09-04 | Tsang-Ming Chang | Fuel tank device capable of detecting consistency |
US20090228722A1 (en) * | 2008-03-05 | 2009-09-10 | Inscape Data Corporation | Adjustable-voltage power-over-ethernet (PoE) switch |
CN101415012A (en) * | 2008-11-06 | 2009-04-22 | 杭州华三通信技术有限公司 | Method and system for defending address analysis protocol message aggression |
CN101888311A (en) * | 2009-05-11 | 2010-11-17 | 中联绿盟信息技术(北京)有限公司 | Equipment, method and system for preventing network contents from being tampered |
CN104009869A (en) * | 2014-05-15 | 2014-08-27 | 华南理工大学 | Power secondary system information security level protection online compliance detection method |
CN104135737A (en) * | 2014-05-20 | 2014-11-05 | 浙江明讯网络技术有限公司 | Method of obtaining network element configuration data of LTE (Long Term Evolution) network base station |
CN204244262U (en) * | 2014-11-14 | 2015-04-01 | 国网重庆市电力公司江津供电分公司 | Based on the consistency test device of IEC 61850 configuration file of NI CRIO platform |
CN104506351A (en) * | 2014-12-18 | 2015-04-08 | 北京随方信息技术有限公司 | Method and system for performing online full-automatic configuration of compliance safety audit |
CN104618268A (en) * | 2014-12-30 | 2015-05-13 | 北京奇虎科技有限公司 | Network admission control method, authentication server and terminal |
CN105678188A (en) * | 2016-01-07 | 2016-06-15 | 杨龙频 | Anti-leakage protocol identification method and device for database |
CN105827872A (en) * | 2016-06-07 | 2016-08-03 | 维沃移动通信有限公司 | Control method of mobile terminal and mobile terminal |
CN107360271A (en) * | 2017-08-22 | 2017-11-17 | 顺丰科技有限公司 | Network equipment information obtains and IP address automatic division method, system and equipment |
CN107908485A (en) * | 2017-10-26 | 2018-04-13 | 中国平安人寿保险股份有限公司 | Interface parameters transmission method, device, equipment and computer-readable recording medium |
CN108200034A (en) * | 2017-12-27 | 2018-06-22 | 新华三信息安全技术有限公司 | A kind of method and device for identifying domain name |
CN108322452A (en) * | 2018-01-15 | 2018-07-24 | 深圳市联软科技股份有限公司 | Network closes rule detection method, device, equipment and medium |
CN109710508A (en) * | 2018-08-20 | 2019-05-03 | 平安普惠企业管理有限公司 | Test method, test device, test equipment and computer readable storage medium |
Non-Patent Citations (2)
Title |
---|
HIROAKI TANIZAKI: "Formalization and Consistency Checking of Changes of Software System Configurations Using Alloy", 《 2008 15TH ASIA-PACIFIC SOFTWARE ENGINEERING CONFERENCE》 * |
郑忠: "通过参数一致性检查处理CSFB失败问题", 《数字技术与应用》 * |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113645525A (en) * | 2021-08-09 | 2021-11-12 | 中国工商银行股份有限公司 | Method, device, equipment and storage medium for checking running state of optical fiber switch |
CN114500312A (en) * | 2021-12-29 | 2022-05-13 | 中国电信股份有限公司 | Communication line checking method, device, electronic equipment and system |
CN114500312B (en) * | 2021-12-29 | 2024-06-07 | 中国电信股份有限公司 | Communication line verification method, device, electronic equipment and system |
Also Published As
Publication number | Publication date |
---|---|
CN110278123B (en) | 2021-04-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20230403275A1 (en) | System and method of filtering internet traffic via client fingerprint | |
US20210352098A1 (en) | System for automatically discovering, enriching and remediating entities interacting in a computer network | |
US10116702B2 (en) | Security policy unification across different security products | |
US9088617B2 (en) | Method, a system, and a computer program product for managing access change assurance | |
CN109791633A (en) | Use the static state and dynamic device profile prestige of machine learning based on cloud | |
US20120102543A1 (en) | Audit Management System | |
US20150213268A1 (en) | Remote enterprise security compliance reporting tool | |
CN104506351B (en) | On-line Full configuration compliance method for auditing safely and system | |
US20230208869A1 (en) | Generative artificial intelligence method and system configured to provide outputs for company compliance | |
CN110754065B (en) | Network authentication between a logic level and a hardware level of a network | |
JP2009048611A (en) | Method and apparatus for generating configuration rules for computing entities within computing environment using association rule mining | |
CN111034123B (en) | System, method, and computer readable medium for performing network assurance checks | |
JP2021500658A (en) | Computer implementation methods, systems, and computer program products that perform interactive workflows, as well as computer programs. | |
JP2006518080A (en) | Network audit and policy assurance system | |
CN104640174B (en) | Wireless network access point reminding method and device | |
CN106484590A (en) | Data verification method and device | |
JP2023536832A (en) | Providing and surfacing metrics for visualization | |
US11095518B2 (en) | Determining violation of a network invariant | |
US20190342324A1 (en) | Computer vulnerability assessment and remediation | |
US10282461B2 (en) | Structure-based entity analysis | |
US20230267030A1 (en) | Automated Application Programming Interface (API) Route Testing System | |
CN110278123A (en) | Inspection method, device, electronic equipment and readable storage medium storing program for executing | |
US10192262B2 (en) | System for periodically updating backings for resource requests | |
Tabrizi et al. | Formal security analysis of smart embedded systems | |
CN106104546A (en) | Multistage password and phishing protection are provided |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |