CN110278123B - Checking method, checking device, electronic equipment and readable storage medium - Google Patents
Checking method, checking device, electronic equipment and readable storage medium Download PDFInfo
- Publication number
- CN110278123B CN110278123B CN201910391693.4A CN201910391693A CN110278123B CN 110278123 B CN110278123 B CN 110278123B CN 201910391693 A CN201910391693 A CN 201910391693A CN 110278123 B CN110278123 B CN 110278123B
- Authority
- CN
- China
- Prior art keywords
- rule
- tested
- equipment
- type
- configuration
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Environmental & Geological Engineering (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present disclosure provides an inspection method, an apparatus, an electronic device and a readable storage medium, wherein the method comprises: identifying at least one checking task, wherein the checking task comprises a tested type and a tested rule, and the tested rule comprises a rule parameter; receiving an extraction instruction of an extraction rule carrying rule parameters, and extracting parameter values of the rule parameters set on the tested equipment corresponding to the tested type according to the extraction rule of the rule parameters; replacing the rule parameters in the tested rules with the parameter values of the rule parameters to generate tested rules corresponding to the tested equipment; and judging whether the equipment rule set on the tested equipment is matched with the tested rule corresponding to the tested equipment or not aiming at each tested equipment. The method realizes dynamic regulation of rule checking contents according to actual configuration of the equipment to be tested, does not need to artificially regulate the rule contents according to different equipment, realizes dynamic compliance checking, and improves the flexibility of compliance checking.
Description
Technical Field
The disclosure relates to the technical field of network operation safety, and in particular relates to a checking method, a checking device, electronic equipment and a readable storage medium.
Background
Based on the consideration of the network operation safety, the equipment needs to be subjected to compliance check so as to ensure that the network is in a safe and stable operation environment for a long time. Compliance checks include loop checks on devices/interfaces, device access configuration checks, etc. At present, many network management software (such as an IMC intelligent management platform) already provide a compliance checking function, and the problem of low compliance checking flexibility exists.
Disclosure of Invention
Based on this, the embodiments of the present disclosure provide an inspection method, an inspection apparatus, an electronic device, and a readable storage medium, so as to solve the problem in the prior art that compliance inspection flexibility is low.
According to a first aspect, an embodiment of the present disclosure provides an inspection method, including: identifying at least one inspection task, the inspection task comprising a type under test and a rule under test, the rule under test comprising a rule parameter; receiving an extraction instruction of an extraction rule carrying the rule parameters, and extracting the parameter values of the rule parameters set on the tested equipment corresponding to the tested type according to the extraction rule of the rule parameters; replacing the rule parameters in the tested rules with the parameter values of the rule parameters to generate tested rules corresponding to the tested devices; and judging whether the equipment rule set on each tested equipment is matched with the tested rule corresponding to the tested equipment or not.
Optionally, the type to be tested includes at least one of an interface level check type, a device level check type, and a link level check type; the tested devices corresponding to the tested type include the device to which the interface included in the interface level check type belongs, the device included in the device level check type, and the device included in the link level check type.
Optionally, the determining whether the device rule set on the device under test matches the device under test rule corresponding to the device under test includes: according to the rule parameters, searching equipment rules corresponding to the rule parameters in the configuration rules of the equipment to be tested; and judging whether the matching item of the equipment rule set on the tested equipment is completely consistent with the matching item in the tested rule corresponding to the tested equipment.
Optionally, the searching, according to the rule parameter, an equipment rule corresponding to the rule parameter in the configuration rule of the device under test includes: determining a starting identifier and an ending identifier corresponding to the rule parameters according to the rule parameters; and extracting the configuration corresponding to the starting identifier and the ending identifier from the configuration rules of the tested equipment, and taking the configuration as the equipment rule corresponding to the rule parameter in the configuration rules of the tested equipment.
Optionally, before the step of identifying at least one inspection task, the method further includes: acquiring a compliance rule configuration library and service requirements of compliance inspection; and generating a checking task according to the compliance rule configuration library and the service requirement.
Optionally, extracting the parameter value of the rule parameter set on the device under test corresponding to the type under test according to the rule for extracting the rule parameter includes: acquiring first configuration information of the tested equipment corresponding to the tested type; and extracting the parameter value of the rule parameter set on the tested equipment corresponding to the tested type from the first configuration information according to the extraction rule of the rule parameter.
According to a second aspect, embodiments of the present disclosure provide an inspection apparatus, including: the system comprises a first processing module, a second processing module and a control module, wherein the first processing module is used for identifying at least one checking task, the checking task comprises a tested type and a tested rule, and the tested rule comprises a rule parameter; the second processing module is used for receiving an extraction instruction of an extraction rule carrying the rule parameters and extracting the parameter values of the rule parameters set on the tested equipment corresponding to the tested type according to the extraction rule of the rule parameters; the third processing module is used for replacing the rule parameters in the tested rules with the parameter values of the rule parameters to generate tested rules corresponding to the tested devices; and the fourth processing module is used for judging whether the equipment rule set on each tested equipment is matched with the tested rule corresponding to the tested equipment or not.
Optionally, the type to be tested includes at least one of an interface level check type, a device level check type, and a link level check type; the tested devices corresponding to the tested type include the device to which the interface included in the interface level check type belongs, the device included in the device level check type, and the device included in the link level check type.
Optionally, the fourth processing module includes: the first processing submodule is used for searching an equipment rule corresponding to the rule parameter in the configuration rule of the equipment to be tested according to the rule parameter; and the first judgment submodule is used for judging whether the matching item of the equipment rule set on the tested equipment is completely consistent with the matching item in the tested rule corresponding to the tested equipment.
Optionally, the first processing sub-module includes: the first processing unit is used for determining a starting identifier and an ending identifier corresponding to the rule parameter according to the rule parameter; and the second processing unit is used for extracting the configuration corresponding to the starting identifier and the ending identifier from the configuration rules of the tested equipment, and taking the configuration as the equipment rule corresponding to the rule parameter in the configuration rules of the tested equipment.
Optionally, the method further comprises: the first acquisition module is used for acquiring a compliance rule configuration library and service requirements of compliance inspection; and the fifth processing module is used for generating a checking task according to the compliance rule configuration library and the service requirement.
Optionally, the second processing module includes: the first obtaining submodule is used for obtaining first configuration information of the tested equipment corresponding to the tested type; and the second processing submodule is used for extracting the parameter value of the rule parameter, which is set on the tested equipment corresponding to the tested type, from the first configuration information according to the extraction rule of the rule parameter.
According to a third aspect, an embodiment of the present disclosure provides an electronic device, including: a memory and a processor, the memory and the processor being communicatively connected to each other, the memory having stored therein computer instructions, and the processor executing the computer instructions to perform the inspection method according to any one of the first aspect of the present disclosure.
According to a fourth aspect, the embodiments of the present disclosure provide a computer-readable storage medium storing computer instructions for causing the computer to thereby perform the inspection method according to any one of the first aspects of the present disclosure.
The technical scheme disclosed has the following advantages:
the inspection method provided by the present disclosure includes: identifying at least one inspection task, the inspection task comprising a type under test and a rule under test, the rule under test comprising a rule parameter; receiving an extraction instruction of an extraction rule carrying the rule parameters, and extracting the parameter values of the rule parameters set on the tested equipment corresponding to the tested type according to the extraction rule of the rule parameters; replacing the rule parameters in the tested rules with the parameter values of the rule parameters to generate tested rules corresponding to the tested devices; and judging whether the equipment rule set on each tested equipment is matched with the tested rule corresponding to the tested equipment or not. According to the checking method, the actual parameter values of the tested devices are obtained according to the extraction rules of the rule parameters, and the parameter values are replaced into the tested rules to generate the tested rules corresponding to the tested devices, so that the checking content of the rules is dynamically adjusted according to the actual configuration of the tested devices, the contents of the rules do not need to be manually adjusted according to different devices, dynamic compliance checking is realized, and the flexibility of compliance checking is improved.
Drawings
In order to more clearly illustrate the embodiments of the present disclosure or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present disclosure, and other drawings can be obtained by those skilled in the art without creative efforts.
FIG. 1 is a flow chart of one particular example of an inspection method of an embodiment of the present disclosure;
FIG. 2 is a flow chart of another specific example of an inspection method of an embodiment of the present disclosure;
FIG. 3 is a flow chart of another specific example of an inspection method of an embodiment of the present disclosure;
FIG. 4 is a flow chart of another specific example of an inspection method of an embodiment of the present disclosure;
FIG. 5 is a flow chart of another specific example of an inspection method of an embodiment of the present disclosure;
FIG. 6 is a diagram illustrating one specific example of a fetch instruction of an inspection method according to an embodiment of the present disclosure;
FIG. 7 is a schematic diagram of another specific example of a fetch instruction of the inspection method of an embodiment of the present disclosure;
FIG. 8 is a block diagram of one specific example of an inspection apparatus of an embodiment of the present disclosure;
fig. 9 is a schematic diagram of a hardware structure of an electronic device according to an embodiment of the present disclosure.
Detailed Description
To make the objects, technical solutions and advantages of the embodiments of the present disclosure more clear, the technical solutions of the embodiments of the present disclosure will be described clearly and completely with reference to the drawings in the embodiments of the present disclosure, and it is obvious that the described embodiments are some, but not all embodiments of the present disclosure. All other embodiments, which can be derived by a person skilled in the art from the embodiments disclosed herein without making any creative effort, shall fall within the protection scope of the present disclosure.
In the description of the present disclosure, it should be noted that the terms "center", "upper", "lower", "left", "right", "vertical", "horizontal", "inner", "outer", and the like indicate orientations or positional relationships based on the orientations or positional relationships shown in the drawings, and are only for convenience of describing and simplifying the present disclosure, but do not indicate or imply that the referred device or element must have a specific orientation, be constructed and operated in a specific orientation, and thus, should not be construed as limiting the present disclosure. Furthermore, the terms "first," "second," and "third" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance.
In the description of the present disclosure, it is to be noted that, unless otherwise explicitly specified or limited, the terms "mounted," "connected," and "connected" are to be construed broadly, e.g., as meaning either a fixed connection, a removable connection, or an integral connection; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meaning of the above terms in the present disclosure can be understood in specific instances by those of ordinary skill in the art.
In addition, technical features involved in different embodiments of the present disclosure described below may be combined with each other as long as they do not conflict with each other.
The inventor finds that, in the compliance checking function provided by many current network management software (for example, IMC intelligent management platform), when detecting devices in batch, all devices can only be checked according to a fixed rule content, and the rule content cannot be flexibly adjusted according to the actual configuration of the devices, which results in lower flexibility of checking. For example, VLAN configurations of interfaces are checked, and since VLANs configured by different devices are different, a plurality of rules need to be manually formulated to adapt to different device configurations when performing compliance check on different devices.
The embodiment of the disclosure provides an inspection method, which can be applied to an electronic device, and the electronic device can be used for executing a compliance inspection task. As shown in fig. 1, the checking method includes steps S1-S3, and is particularly applicable to electronic devices such as a Personal Computer (PC), a virtual machine, or a server to perform compliance checking on network devices.
Step S1: at least one inspection task is identified, the inspection task including a type under test and a rule under test, the rule under test including a rule parameter.
In an embodiment, the checking task is mainly used for detecting whether the device under test is compliant, i.e. detecting whether the specification, configuration, use, etc. of the device under test are compliant. For one inspection task, the device under test to be detected in the inspection task may include a plurality of devices, that is, the plurality of devices need to be inspected to determine whether specifications, configurations, uses, and the like of the plurality of devices meet the regulations. In practical application, the actual configuration of different devices can be different according to different actual use conditions, and the configuration condition of the tested device can be reasonably set according to needs. For example, the VLAN ID values of the device under test a are 1, 20, and 30, and the VLAN ID values of the device under test B are 1, 100, and 150.
It is further noted that the compliance check of each of the plurality of devices under test may comprise at least one check task.
In an embodiment, the compliance check may specifically include checking whether the device configuration of the device under test meets company regulations, which are different depending on the information security of a specific company. The specific content included in the compliance check may be one check task, or may be two or more check tasks, where the check task may be a specification check on the device, a loop check on the interface, a device access configuration check, or the like.
In one embodiment, the inspection task includes 2 parts, which may be a type to be tested and a rule to be tested. Of course, in other embodiments, the inspection task may include other content besides that included above, such as device under test list information, inspection level information, violation level information, and the like.
In particular, the type under test may include at least one of an interface level check type, a device level check type, and a link level check type.
Different tested types correspond to different tested devices. And for the interface level check type, the corresponding tested device is the device to which the interface included in the interface level check type belongs in all the tested devices. For the device level check type, the corresponding device under test is the device included in the device level check types in all the devices under test. For the link level check type, the corresponding device under test is the device included in the link level check type in all the devices under test.
For example: if the interface included in the interface level check type is a fast ethernet port, the device including the fast ethernet port in all the devices under test is the corresponding device under test. The device type may be a switch, a router, or a wireless device.
The device level check type includes a device list, where the device list includes a device identifier, and then the corresponding device to be tested is the device in the device list. The device type may be a switch, router, security device, wireless device, firewall, or load balancing device.
The link level check type includes a certain link and the devices constituting the link, and then the corresponding device under test is the device constituting the link. In one example, the link level check type includes links 1 and 2, the devices constituting link 1 are device a and device B, the devices constituting link 2 are device B and device C, and the devices to be tested are device A, B, C.
The rule parameters in the rule under test can be reasonably determined according to the actual conditions of the compliance check. The compliance checking task is based on the measured rules to check the compliance/violation of the configuration rules of the device.
For example, the check task is to check the VLAN configuration of the interface, the detected type included in the check task is an interface level check type, the detected rule is "port trunk permit VLAN { VLAN-ID }", and the rule parameter is "VLAN-ID". In implementation, it can check whether the configuration rule about VLAN-ID in the device under test is compliant based on the measured rule being "port trunk permit VLAN { VLAN-ID }".
For another example, the checking task is to check ACL configuration of the device, and the tested type included in the ACL configuration is a device-level checking type, and the tested rule is as follows:
“acl number¥{ACL-number}name financeAcl
rule 0 permit ip source 192.168.2.0 0.0.0.255 destination 192.168.0.100 0 time-range work
rule 5 dent ip destination 192.168.0.1000 ", rule parameter" ACL-number ".
In practice, based on the measured rules, the following can be used:
“acl number¥{ACL-number}name financeAcl
rule 0 permit ip source 192.168.2.0 0.0.0.255 destination 192.168.0.100 0 time-range work
rule 5 deny ip destination 192.168.0.1000' checks whether the configuration rule for ACL-number in the device under test is compliant.
In the foregoing, the embodiments of the present application mention that the inspection task may further include other contents besides the above-mentioned contents, such as list information of the devices under test, inspection level information, violation level information, and the like. In a specific application, it may be determined which rules on which devices should be checked in connection with checking the content included in the task.
In an embodiment, the violation level information may include a plurality of different violation levels, such as warning, important, notification, secondary, and urgent, which is merely illustrative and not limited thereto. The level information is checked to determine violation level information that should be checked.
In practice, the violation level information may be combined with the inspection level information in the inspection task to determine which levels of rules should be inspected. For example, rule a may be warning, rule b may be important; if the checking level of the task is set to be important, the rule a is not checked; if the check level is set to all, both rule a and rule b will check.
The list information of the devices to be tested is used for characterizing specific devices included in the devices to be tested, and may include the identifiers of the devices to be tested, and the identifiers of the devices to be tested may be modified and updated synchronously in the compliance checking task if the devices are changed later, such as adding or deleting the devices. The identifier of the device to be tested may be a device name preset and configured by a technician, may also be a device model, and may also be a device type and a device serial number.
For example, the device list information includes device a and device B, and the inspection task accordingly needs to perform compliance inspection on both the device a and the device B.
In one example, the device under test is identified as a device model, and all devices of that model in the system are checked. For example, if the device list information includes the switch H, the inspection task needs to perform compliance inspection on the device with the device model of the switch H. In a further example, the identity of the device under test is the device type, so that all devices of that type in the system are checked. For example, if the device list information includes a switch, the inspection task needs to perform compliance inspection on the device whose device type is the switch.
In another embodiment, the inspection task may further include a task identification and an execution time. The task identity may be a task name to distinguish between different task types, such as checking VLAN configuration of an interface, or checking ACL configuration of a device. The execution time may include a periodic task execution time and a one-time task execution time, from which it is determined whether the compliance check is performed periodically or only once. Of course, in other embodiments, other information, such as task descriptions, etc., may also be included.
In this embodiment, step S2 can identify the rule parameters in the rule under test. Specifically, a first preset symbol in the measured rule may be recognized, and when the first preset symbol is recognized, a character located in a second preset symbol after the first preset symbol is considered as a rule parameter. Wherein, the first preset symbol can be at least one or any combination of @, #,%, ". The second preset symbol may be at least one of { }, [ ], ",'. The first preset symbol and the second preset symbol are only examples, and the present solution is not particularly limited.
In one example, the first predetermined symbol is { } and the second predetermined symbol is { }. In other examples, the first preset symbol is #, and the second preset symbol is [ ]. In further examples, the first predetermined symbol is #, and the second predetermined symbol is "".
For example: the first predetermined symbol is { } and the second predetermined symbol is { }, assuming that
The measured rule is as follows: the ACL number is name finite named Acl, and the rule parameter is ACL-number;
the measured rule is as follows: and if the port trunk permit VLAN is { VLAN-ID }, the rule parameter is VLAN-ID.
Step S2: and receiving an extraction instruction of an extraction rule carrying the rule parameters, and extracting the parameter values of the rule parameters set on the tested equipment corresponding to the tested type according to the extraction rule of the rule parameters.
When networking is performed in an actual scene, the configured parameter values of different devices may be different for the same rule parameter, and if the existing method of checking all devices according to the content of a fixed rule to be tested is adopted, the content of the rule to be tested needs to be modified one by one according to the setting condition of the rule of each device to be tested, and then the rule set on the device to be tested is tested, so that the labor cost is too high. To avoid this, the inventors have found that for a certain type of rule, the rule format is actually the same or approximately the same on different devices, except that the specific rule parameter values are different. Therefore, the universal measured rule format can be set according to the similarity of the rule format, and the specific rule parameter value is replaced by a universal dynamic parameter so as to obtain the universal measured rule of the tested device.
Therefore, the embodiment of the application finds the common place of the rules set on each device, sets the universal rule to be tested according to the common place, and sets the universal rule parameter in the rule to be tested, wherein the rule parameter is a dynamic parameter. When the rule parameters are identified, they can be used to extract the specific parameter values set on the device under test. And then replacing the rule parameters of the measured rules with the extracted parameter values, so as to obtain the measured rules for the tested equipment. Through the description, the measured rule corresponding to each measured device in all the measured devices can be obtained through one universal measured rule, and labor, time and hardware cost are saved.
In an embodiment, the extraction rule carried by the extraction instruction may be a regular expression. The parameter values of the rule parameters are extracted through the regular expression, so that the complicated control of the character strings can be achieved in a very simple mode, and the extraction mode of the parameter values of the rule parameters is more flexible and has stronger logicality and functionality. For example, the rule parameter is VLAN ID, and the regular expression for extracting the VLAN ID value can be VLAN [ 1-9 ] [ 0-9 ] {0, 3 }. For another example, the rule parameter is aclnumber, and the regular expression for extracting the value of aclnumber may be aclnumber [ 0-9 ] {4} name financeAcl (obtaining ACL Number named financeAcl).
Step S3: and replacing the rule parameters in the tested rules with the parameter values of the rule parameters to generate the tested rules corresponding to the tested equipment. Compliance inspection is performed through the measured rules adapted to the inspection task, so that the flexibility and convenience of inspection are improved.
In an embodiment, the parameter values of the tested devices are substituted into the tested rules in the checking task to replace the rule parameters in the tested rules, and the tested rules corresponding to the tested devices are generated, so that the compliance check is performed on each tested device in the subsequent steps.
For example, the check task is VLAN configuration of a check interface, the detected type included in the check task is an interface level check type, the detected rule is set to "port trunk permit VLAN { VLAN-ID }", and the rule parameter in the detected rule is "VLAN-ID"; the VLAN ID values in the configuration file of the device under test include 1, 20, 30, and thus the extracted parameter values corresponding to the inspection task are 1, 20, and 30. Substituting the parameter values into the measured rule to generate the measured rule as follows:
if the VLAN ID values in the configuration file of the device manufacturer are merged together, the corresponding rule content is port trunk permit VLAN 12030;
if the VLAN ID value in the device configuration file of the device manufacturer is disassembled, the corresponding rule content is
port trunk permit vlan 1
port trunk permit vlan 20
port trunk permit vlan 30。
Step S4: and judging whether the equipment rule set on the tested equipment is matched with the tested rule corresponding to the tested equipment or not aiming at each tested equipment.
According to the checking method, the actual parameter values of the tested devices are obtained according to the extraction rules of the rule parameters, and the parameter values are replaced into the tested rules to generate the tested rules corresponding to the tested devices, so that the checking content of the rules is dynamically adjusted according to the actual configuration of the tested devices, the contents of the rules do not need to be manually adjusted according to different devices, dynamic compliance checking is realized, and the flexibility of compliance checking is improved.
In one embodiment, as shown in FIG. 2, the step S2 may specifically include steps S21-S22.
Step S21: and acquiring first configuration information of the tested equipment corresponding to the tested type.
In an embodiment, the first configuration information may include all configuration information of the device, or may include only configuration information related to the compliance check task, and may be reasonably set as needed in practical applications. The first configuration information is provided by a device vendor.
Step S22: and extracting the parameter values of the rule parameters set on the tested equipment corresponding to the tested type from the first configuration information according to the extraction rules of the rule parameters. The configurations of the tested devices provided by different manufacturers are different, so that the parameter values of the rule parameters extracted from different device configurations are also different, so that the subsequent compliance inspection content is adjusted according to the actual configuration conditions of different devices.
According to the checking method, the parameter value of the rule parameter is determined through the first configuration information of the tested equipment, so that the compliance check is adaptive to the configuration of the tested equipment, and the flexibility is higher.
In one embodiment, as shown in FIG. 3, the step S4 may specifically include steps S41-S42.
Step S41: and searching the equipment rule corresponding to the rule parameter in the configuration rule of the equipment to be tested according to the rule parameter.
Specifically, as shown in FIG. 4, step S41 includes steps S411-S412.
Step S411: and determining a start identifier and an end identifier corresponding to the rule parameters according to the rule parameters.
Specifically, different rule parameters correspond to different start identifiers and end identifiers, and the start identifiers and the end identifiers also need to be matched with configuration contents of configuration files in the device to be tested.
For example, in the interface level type check task, the check content is VLAN configuration of the check interface, the measured rule is "port trunk permit VLAN { VLAN-ID }", and the rule parameter is "VLAN-ID".
If the configuration content corresponding to the rule parameter in the tested device starts with interface and ends with # as the start, the start identifier corresponding to the "VLAN-ID" is "interface", and the end identifier is "#".
If the configuration content corresponding to the rule parameter in the tested device starts with the interface Ethernet! As the end, the start label corresponding to the "VLAN-ID" is "interface ethernet", and the end label is "! ".
For example, in the device-level type check task, the check content is the ACL configuration of the check device, the rule parameter is "ACL-number", the configuration content corresponding to the rule parameter in the device under test starts with the ACL number and ends with the #, the start identifier corresponding to the "ACL-number" is "ACL number", and the end identifier is "#".
For another example, in the device-level type of inspection task, the inspection content is configured for the local user of the inspection device, and the start identifier corresponding to the inspection content may be "local-user", and the end identifier may be "#".
Step S412: and extracting the configuration corresponding to the starting identifier and the ending identifier from the configuration rule of the tested equipment, and taking the configuration as the equipment rule corresponding to the rule parameter in the configuration rule of the tested equipment.
Specifically, the configuration rule of the device under test may be obtained through second configuration information of the device under test, where the second configuration information may include backup data of the latest operation configuration of the device under test, that is, the configuration rule of the device under test is obtained through the backup data of the latest operation configuration of the device under test, and the backup data of the latest operation configuration may be given according to a device manufacturer. Of course, in other embodiments, the configuration rule of the device under test may also be directly obtained on the device under test by directly connecting with the device under test, which is only schematically illustrated in this embodiment and is not limited thereto. The second configuration information may be the same as or different from the first configuration information, and may be set reasonably as required in practical application.
For example, in the interface level type checking task, the checking content is VLAN configuration of the checking interface, and extracting the configuration corresponding to the start identifier and the end identifier in the configuration rule of the device under test may be:
#
interface NULL0
#
interface Vlan-interface1
ip address 172.22.5.87 255.255.255.0
#
interface FortyGigE1/0/53
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 1988
#
interface FortyGigE1/0/54
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 1988
#
for another example, in the interface level type inspection task, the inspection content is role configuration of the inspection interface, and when the role configuration inspection of the interface is performed, extracting configurations corresponding to the start identifier and the end identifier from the configuration rule of the device under test may be:
step S42: and judging whether the matching item of the equipment rule set on the tested equipment is completely consistent with the matching item in the tested rule corresponding to the tested equipment.
In one embodiment, a matching item of an equipment rule set on the tested equipment is compared with a matching item in the tested rule, and if the two are completely matched, the configuration of the equipment is in compliance; if the two do not match, the configuration of the device is violated.
For example, such as checking whether the vlan 10 is configured on the device. Assuming configurations extracted from the device
“vlan 1
vlan 10
vlan 60”,
The presence of the vlan 10 is checked, i.e. considered as compliant and stopped, and there is no need to continue checking the vlan 55 for compliance.
It should be noted that, in other embodiments, in the step of determining whether the device rule set on the device under test matches the corresponding device rule of the device under test, the device rule set may also be configured to be compared with each piece of device under test one by one.
According to the checking method, the equipment rule corresponding to the rule parameter in the configuration rule of the equipment to be checked is firstly found through the starting identifier and the ending identifier, and then matching is carried out, so that the matching time is effectively shortened, and the checking efficiency of compliance checking is improved.
In one embodiment, as shown in FIG. 5, steps S5-S6 are included before the step of identifying at least one inspection task at step S1.
Step S5: and acquiring a compliance rule configuration library and business requirements of compliance inspection.
In an embodiment, the compliance rule configuration library may be generated and stored in advance, and may specifically include all inspection tasks of compliance inspection, and may be continuously updated and refined according to the actual situation of the compliance inspection in the actual application process, so as to ensure that the compliance rule configuration library can satisfy all compliance inspection. Of course, in other embodiments, the compliance rule configuration library may also be generated directly before compliance checking, and may be set reasonably as needed.
In an embodiment, the device configurations of different manufacturers may be different, so that the compliance check requirements of different manufacturers for the devices may be different, and the business requirements are determined according to the compliance check requirements of the manufacturers and may be specifically provided by the device manufacturers.
Step S6: and generating a checking task according to the compliance rule configuration library and the service requirement.
In an embodiment, a compliance checking task corresponding to a business requirement is found in a compliance rule configuration library according to the business requirement, so that different compliance checks are performed on each device.
The compliance rule configuration library comprises a plurality of different types of inspection tasks, and the business requirements can be specifically determined according to the actual needs of customers. The checking task comprises VLAN configuration of an interface, ACL configuration of equipment, local user configuration of the equipment, preset starting Syslog function verification of the equipment and the like; and if the service requirement is VLAN configuration of the interface, the task is the VLAN configuration of the interface.
It should be noted that the above steps S5 and S6 are only a specific example of the checking task for generating the compliance check, and are only exemplary, and not limited thereto. In other embodiments, it is also possible to directly obtain the inspection task of the compliance inspection, and steps S5 and S6 are not required in this case.
On the basis of the above-mentioned checking method, after step S4, the method further includes: after the task to be checked is completed, a checking result of compliance checking is generated, whether the configuration of the equipment is in compliance or not can be conveniently obtained through the checking result, so that the compliance checking condition can be timely known, and a basis is provided for the configuration adjustment of subsequent equipment.
In one embodiment, the inspection result of the compliance inspection is generated after the inspection is finished, the inspection result may include which compliance and which non-compliance, and the specific display content of the non-compliance may include the interface name or device name of the non-compliance, the configuration condition, and the inspection rule. For example, the port of device a should include three VLAN ID values of 1, 20, and 30, where the VLAN ID detected by port a is only 1 and 20, the configuration of port a does not satisfy the rule of compliance check, and the check result is non-compliance; the present embodiment is only illustrative and not limited thereto.
After the step of generating the inspection result of the compliance inspection, the method may further comprise controlling a display device to display the inspection result so as to more intuitively view the inspection result.
For example, executing the command dis acl all, the check result of the echo is as follows:
dis acl all
Advanced ACL 3000,named-none-,0 rule,
ACL's step is 5
Advanced ACL 3001,named-none-,0 rule,
ACL's step is 5
the execution command "dis ACL all" refers to checking all ACL configurations of the device, two ACLs, namely ACL 3000\ ACL 3001, are configured on the device according to the echoing information, and no configuration rule exists under the two ACLs at present.
This is explained in detail below with a specific example, such as checking VLAN configuration of an interface.
Firstly, a compliance checking task is obtained, wherein the compliance checking task comprises a measured rule, the measured rule comprises dynamic rule parameters, and the configured measured rule content is 'port trunk permit VLAN-ID'. Then, a rule parameter "VLAN-ID" is identified, and the parameter in the device to be tested is extracted, for example, the VLAN ID actually configured by the device to be tested is extracted through a regular expression, and the extraction method is shown in fig. 6, and the extraction rule VLAN [ 1-9 ] [ 0-9 ] {0, 3} can be embodied in the extraction method. And then, when a compliance checking task is executed, extracting parameter values from each device to be checked according to the configured parameter extraction rule, and replacing the rule parameters of the tested rule with the extracted parameter values to form rule contents corresponding to the tested device. Each device extracts different parameter values according to the actual configuration condition, so that the contents of the formed rules are different, and dynamic compliance check is realized. The command and the extraction method in fig. 6 constitute an extraction command executed on the device, where the extraction method carries an extraction rule of a rule parameter, the command plays a role of executing the extraction command to obtain a command line playback, and then a parameter value of the device to be tested is extracted from the playback content according to the configured extraction rule.
For example, the device under test includes two devices, i.e., a device a and a device B, and the VLAN ID values extracted from the device a are 1, 20, and 30, and the VLAN ID values extracted from the device B are 1, 100, and 150, respectively, when the inspection task is performed. According to the system scheme design, the tested rules of the two devices are shown in table 1 and table 2, and the two schemes can be simultaneously supported. And when the compliance checking task is executed, respectively selecting the tested rules in the table according to the design scheme of the system to carry out compliance checking on the interfaces under the equipment A and the equipment B. Specifically, the configuration rule of the port report permit vlan 12030 in the device a may be matched according to the measured rule in table 1 below, and whether the configuration rule in the device a is compliant may be determined. In this embodiment, matching may be performed according to the configuration rule about the port report permit vlan 1100150 in the device B under test in table 1 below, so as to determine whether the configuration rule in the device B is compliant.
TABLE 1
It should be noted that the rule parameters in this embodiment may extract a plurality of values, such as 1, 20, and 30, according to the actual configuration of the device under test.
This is explained in detail below with another specific example, such as checking the ACL configuration of a device.
In some application scenarios, some configuration names are fixed in the network to implement some specific services. Such as creating a high level ACL for a particular name, and formulating the following rules: the finance department accesses the finance database server during working hours, and other departments are prohibited from accessing the server at any time and the finance department does not work. Assume the financial department IP segment is 192.168.2.0/24 and the financial database server IP segment is 192.168.0.100/24.
Firstly, acquiring a checking task, wherein the configuration rule content is as follows:
acl number¥{ACL-number}name financeAcl
rule 0 permit ip source 192.168.2.0 0.0.0.255 destination 192.168.0.100 0 time-range work
rule 5 deny ip destination 192.168.0.100 0;
and then identifying a dynamic rule parameter ACL-Number, and extracting the parameter value of the parameter in the tested equipment, wherein the extraction method can be to extract the financial ACL Number by combining a fixed ACL name with a regular expression, the extraction method is shown in FIG. 7, and the extraction rule ACL Number [ 0-9 ] {4} name finacetac can be embodied in the extraction method. And then replacing the rule parameters in the measured rules with the parameter values of the rule parameters, generating the measured rules corresponding to the tested devices, and further executing compliance check according to the measured rules. For example, the device to be tested includes two devices, i.e., a device a and a device B, the ACL Number extracted from the device a is 3000 and the ACL Number extracted from the device B is 3010 when the inspection task is executed, and the measured rules of the two devices are shown in table 2 according to the design of the compliance inspection system. When the checking task is executed, different tested rules are constructed according to different ACL numbers extracted by the equipment A and the equipment B, and dynamic compliance checking is realized. Specifically, the configuration rule of the acl number 3000 name financeAcl in the device a may be matched according to the measured rule in the following table 2, and whether the configuration rule in the device a is compliant may be determined. The embodiment may also perform matching according to the configuration rule about the acl number 3010 name financeAcl in the device B under test rule in table 2 below, and determine whether the configuration rule in the device B is compliant.
TABLE 2
The measured rules in the checking tasks in the checking method comprise rule parameters, the parameter values of the rule parameters set on the tested equipment corresponding to the tested type are extracted through extracting instructions, (the parameter values are extracted according to the regular expression), the obtained parameter values are replaced into the tested rules to generate the measured rules corresponding to the tested equipment, then the compliance check is carried out on each tested equipment, the measured rules are dynamically adjusted according to the actual configuration of the equipment, and the labor, time and hardware cost are saved.
In this embodiment, an inspection apparatus is further provided, and the apparatus is used to implement the above embodiments and preferred embodiments, which have already been described and are not described again. As used below, the term "module" may be a combination of software and/or hardware that implements a predetermined function. Although the means described in the embodiments below are preferably implemented in software, an implementation in hardware, or a combination of software and hardware is also possible and contemplated.
Accordingly, referring to fig. 8, an embodiment of the present disclosure provides an inspection apparatus, including: a first processing module 1, a second processing module 2, a third processing module 3 and a fourth processing module 4.
The system comprises a first processing module 1, a second processing module and a control module, wherein the first processing module is used for identifying at least one checking task, the checking task comprises a tested type and a tested rule, and the tested rule comprises a rule parameter; the details are described with reference to step S1.
The second processing module 2 is configured to receive an extraction instruction of an extraction rule carrying the rule parameter, and extract a parameter value of the rule parameter set on the device under test corresponding to the type under test according to the extraction rule of the rule parameter; the details are described with reference to step S2.
The third processing module 3 is configured to replace the rule parameter in the tested rule with a parameter value of the rule parameter, and generate a tested rule corresponding to each tested device; the details are described with reference to step S3.
The fourth processing module 4 is configured to, for each device under test, determine whether a device rule set on the device under test matches a device rule corresponding to the device under test; the details are described with reference to step S4.
In an embodiment, the type under test includes at least one of an interface level check type, a device level check type, and a link level check type; the tested devices corresponding to the tested type include the device to which the interface included in the interface level check type belongs, the device included in the device level check type, and the device included in the link level check type.
Optionally, the fourth processing module includes: a first processing sub-module, configured to search, according to the rule parameter, an equipment rule corresponding to the rule parameter in the configuration rule of the equipment to be tested, where the detailed content refers to step S41; a first determining submodule, configured to determine whether a matching item of an apparatus rule set on the device under test is completely consistent with a matching item in a measured rule corresponding to the device under test, where the detailed content refers to step S42.
Optionally, the first processing sub-module includes: a first processing unit, configured to determine, according to the rule parameter, a start identifier and an end identifier corresponding to the rule parameter, where details refer to step S411; a second processing unit, configured to extract a configuration corresponding to the start identifier and the end identifier from the configuration rules of the device under test, and use the configuration as a device rule corresponding to the rule parameter in the configuration rules of the device under test, where the detailed content refers to step S412.
Optionally, the method further comprises: a first obtaining module, configured to obtain a compliance rule configuration library and a service requirement of compliance checking, where details refer to step S5; and a fifth processing module, configured to generate an inspection task according to the compliance rule configuration library and the service requirement, where the detailed content refers to step S6.
Optionally, the second processing module includes: a first obtaining sub-module, configured to obtain first configuration information of a device under test corresponding to the type under test, where the detailed content refers to step S21; and a second processing sub-module, configured to extract, according to an extraction rule of the rule parameter, a parameter value of the rule parameter set on the device under test corresponding to the type under test from the first configuration information, where the detailed content refers to step S22.
Further functional descriptions of the modules are the same as those of the method embodiments, and are not repeated herein.
An embodiment of the present disclosure further provides an electronic device, as shown in fig. 9, including: a processor 101 and a memory 102; the processor 101 and the memory 102 may be connected by a bus or other means, and fig. 9 illustrates the connection by the bus as an example.
The processor 101 may be a Central Processing Unit (CPU). The Processor 101 may also be other general purpose processors, Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components, or combinations thereof.
The memory 102, as a non-transitory computer-readable storage medium, may be used for storing non-transitory software programs, non-transitory computer-executable programs, and modules, such as program instructions/modules corresponding to the inspection method in the embodiments of the present disclosure (for example, the first processing module 1, the second processing module 2, the third processing module 3, and the fourth processing module 4 shown in fig. 8). The processor 101 executes various functional applications and data processing of the processor by executing non-transitory software programs, instructions and modules stored in the memory 102, that is, implements the inspection method in the above-described method embodiment.
The memory 102 may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created by the processor 101, and the like. Further, the memory 102 may include high speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, memory 102 may optionally include memory located remotely from processor 101, which may be connected to processor 101 via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The one or more modules are stored in the memory 102 and, when executed by the processor 101, perform the checking method in the embodiment shown in fig. 1 to 5.
The specific details of the server may be understood by referring to the corresponding descriptions and effects in the embodiments shown in fig. 1 to fig. 5, which are not described herein again.
The embodiment of the present disclosure further provides a computer-readable storage medium, where computer instructions are stored, and the computer instructions are used to enable the computer to execute any one of the above-mentioned inspection methods. It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. The storage medium may be a magnetic Disk, an optical Disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a Flash Memory (Flash Memory), a Hard Disk (Hard Disk Drive, abbreviated as HDD), a Solid State Drive (SSD), or the like; the storage medium may also comprise a combination of memories of the kind described above.
Although the embodiments of the present disclosure have been described in conjunction with the accompanying drawings, those skilled in the art may make various modifications and variations without departing from the spirit and scope of the present disclosure, and such modifications and variations fall within the scope defined by the appended claims.
Claims (14)
1. An inspection method, comprising:
identifying at least one inspection task, the inspection task comprising a type under test and a rule under test, the rule under test comprising a rule parameter;
receiving an extraction instruction of an extraction rule carrying the rule parameters, and extracting the parameter values of the rule parameters set on the tested equipment corresponding to the tested type according to the extraction rule of the rule parameters;
replacing the rule parameters in the tested rules with the extracted parameter values to generate tested rules corresponding to the tested equipment;
and judging whether the equipment rule set on each tested equipment is matched with the tested rule corresponding to the tested equipment or not.
2. The inspection method of claim 1, wherein the type under test comprises at least one of an interface level inspection type, a device level inspection type, and a link level inspection type; then
The tested equipment corresponding to the tested type comprises equipment to which the interface included in the interface level check type belongs, equipment included in the equipment level check type and equipment included in the link level check type.
3. The inspection method of claim 1, wherein determining whether the device rule set on the device under test matches the corresponding device under test rule of the device under test comprises:
according to the rule parameters, searching equipment rules corresponding to the rule parameters in the configuration rules of the equipment to be tested;
and judging whether the matching item of the equipment rule set on the tested equipment is completely consistent with the matching item in the tested rule corresponding to the tested equipment.
4. The inspection method according to claim 3, wherein said finding, according to the rule parameter, the device rule corresponding to the rule parameter in the configuration rule of the device under test includes:
determining a starting identifier and an ending identifier corresponding to the rule parameters according to the rule parameters;
and extracting the configuration corresponding to the starting identifier and the ending identifier from the configuration rules of the tested equipment, and taking the configuration as the equipment rule corresponding to the rule parameter in the configuration rules of the tested equipment.
5. The inspection method of claim 1, further comprising, prior to said step of identifying at least one inspection task:
acquiring a compliance rule configuration library and service requirements of compliance inspection;
and generating a checking task according to the compliance rule configuration library and the service requirement.
6. The inspection method according to claim 1, wherein extracting the parameter value of the rule parameter set on the device under test corresponding to the type under test according to the rule for extracting the rule parameter comprises:
acquiring first configuration information of the tested equipment corresponding to the tested type;
and extracting the parameter value of the rule parameter set on the tested equipment corresponding to the tested type from the first configuration information according to the extraction rule of the rule parameter.
7. An inspection apparatus, comprising:
the system comprises a first processing module, a second processing module and a control module, wherein the first processing module is used for identifying at least one checking task, the checking task comprises a tested type and a tested rule, and the tested rule comprises a rule parameter;
the second processing module is used for receiving an extraction instruction of an extraction rule carrying the rule parameters and extracting the parameter values of the rule parameters set on the tested equipment corresponding to the tested type according to the extraction rule of the rule parameters;
the third processing module is used for replacing the rule parameters in the tested rules with the extracted parameter values to generate tested rules corresponding to the tested devices;
and the fourth processing module is used for judging whether the equipment rule set on each tested equipment is matched with the tested rule corresponding to the tested equipment or not.
8. The inspection apparatus of claim 7, wherein the type under test comprises at least one of an interface level inspection type, a device level inspection type, and a link level inspection type; then
The tested equipment corresponding to the tested type comprises equipment to which the interface included in the interface level check type belongs, equipment included in the equipment level check type and equipment included in the link level check type.
9. The inspection apparatus of claim 7, wherein the fourth processing module comprises:
the first processing submodule is used for searching an equipment rule corresponding to the rule parameter in the configuration rule of the equipment to be tested according to the rule parameter;
and the first judgment submodule is used for judging whether the matching item of the equipment rule set on the tested equipment is completely consistent with the matching item in the tested rule corresponding to the tested equipment.
10. The inspection apparatus of claim 9, wherein the first processing sub-module comprises:
the first processing unit is used for determining a starting identifier and an ending identifier corresponding to the rule parameter according to the rule parameter;
and the second processing unit is used for extracting the configuration corresponding to the starting identifier and the ending identifier from the configuration rules of the tested equipment, and taking the configuration as the equipment rule corresponding to the rule parameter in the configuration rules of the tested equipment.
11. The inspection apparatus of claim 7, further comprising:
the first acquisition module is used for acquiring a compliance rule configuration library and service requirements of compliance inspection;
and the fifth processing module is used for generating a checking task according to the compliance rule configuration library and the service requirement.
12. The inspection apparatus of claim 7, wherein the second processing module comprises:
the first obtaining submodule is used for obtaining first configuration information of the tested equipment corresponding to the tested type;
and the second processing submodule is used for extracting the parameter value of the rule parameter, which is set on the tested equipment corresponding to the tested type, from the first configuration information according to the extraction rule of the rule parameter.
13. An electronic device, comprising:
a memory and a processor, the memory and the processor being communicatively connected to each other, the memory having stored therein computer instructions, the processor executing the computer instructions to perform the inspection method of any one of claims 1 to 6.
14. A computer-readable storage medium storing computer instructions for causing a computer to thereby perform the inspection method of any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910391693.4A CN110278123B (en) | 2019-05-10 | 2019-05-10 | Checking method, checking device, electronic equipment and readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910391693.4A CN110278123B (en) | 2019-05-10 | 2019-05-10 | Checking method, checking device, electronic equipment and readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110278123A CN110278123A (en) | 2019-09-24 |
| CN110278123B true CN110278123B (en) | 2021-04-06 |
Family
ID=67959281
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910391693.4A Active CN110278123B (en) | 2019-05-10 | 2019-05-10 | Checking method, checking device, electronic equipment and readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110278123B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113645525B (en) * | 2021-08-09 | 2023-06-02 | 中国工商银行股份有限公司 | Method, device, equipment and storage medium for checking operation state of optical fiber switch |
| CN114500312B (en) * | 2021-12-29 | 2024-06-07 | 中国电信股份有限公司 | Communication line verification method, device, electronic equipment and system |
Family Cites Families (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060036525A1 (en) * | 2004-08-13 | 2006-02-16 | The Bank Of New York | Regulation compliance monitoring, reporting and documentation support system |
| CN200986948Y (en) * | 2006-08-15 | 2007-12-05 | 奇鋐科技股份有限公司 | Fuel slot capable of detecting concentration |
| US8020013B2 (en) * | 2008-03-05 | 2011-09-13 | Inscape Data Corporation | Adjustable-voltage power-over-ethernet (PoE) switch |
| CN101415012B (en) * | 2008-11-06 | 2011-09-28 | 杭州华三通信技术有限公司 | Method and system for defending address analysis protocol message aggression |
| CN101888311B (en) * | 2009-05-11 | 2013-02-06 | 北京神州绿盟信息安全科技股份有限公司 | Equipment, method and system for preventing network contents from being tampered |
| CN104009869A (en) * | 2014-05-15 | 2014-08-27 | 华南理工大学 | Power secondary system information security level protection online compliance detection method |
| CN104135737B (en) * | 2014-05-20 | 2017-09-19 | 浙江明讯网络技术有限公司 | A kind of LTE network base station element configuration data acquisition methods |
| CN204244262U (en) * | 2014-11-14 | 2015-04-01 | 国网重庆市电力公司江津供电分公司 | Based on the consistency test device of IEC 61850 configuration file of NI CRIO platform |
| CN104506351B (en) * | 2014-12-18 | 2018-08-14 | 北京随方信息技术有限公司 | On-line Full configuration compliance method for auditing safely and system |
| CN104618268A (en) * | 2014-12-30 | 2015-05-13 | 北京奇虎科技有限公司 | Network admission control method, authentication server and terminal |
| CN105678188B (en) * | 2016-01-07 | 2019-01-29 | 杨龙频 | The leakage-preventing protocol recognition method of database and device |
| CN105827872A (en) * | 2016-06-07 | 2016-08-03 | 维沃移动通信有限公司 | Control method of mobile terminal and mobile terminal |
| CN107360271B (en) * | 2017-08-22 | 2019-12-27 | 顺丰科技有限公司 | Method, system and equipment for acquiring network equipment information and automatically segmenting IP address |
| CN107908485B (en) * | 2017-10-26 | 2020-08-04 | 中国平安人寿保险股份有限公司 | Interface parameter transmission method, device, equipment and computer readable storage medium |
| CN108200034B (en) * | 2017-12-27 | 2021-01-29 | 新华三信息安全技术有限公司 | Method and device for identifying domain name |
| CN108322452A (en) * | 2018-01-15 | 2018-07-24 | 深圳市联软科技股份有限公司 | Network closes rule detection method, device, equipment and medium |
| CN109710508B (en) * | 2018-08-20 | 2024-03-15 | 天航长鹰(江苏)科技有限公司 | Test method, test device, test apparatus, and computer-readable storage medium |
-
2019
- 2019-05-10 CN CN201910391693.4A patent/CN110278123B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN110278123A (en) | 2019-09-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9979638B2 (en) | Systems and methods to construct engineering environment supporting API enablement for software defined networking | |
| US10834105B2 (en) | Method and apparatus for identifying malicious website, and computer storage medium | |
| US11095518B2 (en) | Determining violation of a network invariant | |
| CN109284140B (en) | Configuration method and related equipment | |
| WO2019144549A1 (en) | Vulnerability testing method and device, computer equipment, and storage medium | |
| WO2020244307A1 (en) | Vulnerability detection method and apparatus | |
| CN109951354B (en) | Terminal equipment identification method, system and storage medium | |
| CN110943984B (en) | Asset safety protection method and device | |
| WO2021203848A1 (en) | Device state identification method and apparatus, and smart terminal | |
| US10084777B2 (en) | Secure data processing method and system | |
| CN110278123B (en) | Checking method, checking device, electronic equipment and readable storage medium | |
| CN109815697B (en) | Method and device for processing false alarm behavior | |
| CN109905292B (en) | Terminal equipment identification method, system and storage medium | |
| CN109165513B (en) | System configuration information inspection method and device and server | |
| CN105430010B (en) | The method and apparatus that the inquiry service of server info is provided | |
| CN113098852B (en) | Log processing method and device | |
| CN107612755A (en) | The management method and its device of a kind of cloud resource | |
| CN113037766A (en) | Comprehensive evaluation method for asset safety and health degree under multiple scenes | |
| CN115208671B (en) | Firewall configuration method, device, electronic equipment and storage medium | |
| CN113824717B (en) | Configuration checking method and device | |
| CN112688947B (en) | Internet-based network communication information intelligent monitoring method and system | |
| CN109560964B (en) | Equipment compliance checking method and device | |
| CN115225307A (en) | Firewall management method, system, electronic equipment and storage medium | |
| CN111355614A (en) | Abnormal information positioning method and device suitable for payment equipment log | |
| CN110572285A (en) | Device code writing method, device code writing device and readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |