CN110851806A - Linux-based account management method, system, device and storage medium - Google Patents
Linux-based account management method, system, device and storage medium Download PDFInfo
- Publication number
- CN110851806A CN110851806A CN201911017560.7A CN201911017560A CN110851806A CN 110851806 A CN110851806 A CN 110851806A CN 201911017560 A CN201911017560 A CN 201911017560A CN 110851806 A CN110851806 A CN 110851806A
- Authority
- CN
- China
- Prior art keywords
- account
- receiving
- lock
- linux
- receiving lock
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
Abstract
The invention discloses an account management method, a system, a device and a storage medium based on Linux, wherein the method comprises the following steps: receiving an application for account acceptance, and auditing the application based on a preset rule to obtain an auditing result; adding a receiving lock to the account according to the verification result, and issuing the account if the receiving lock is successfully added; and creating a session log for the issued account, and removing the receiving lock according to the session log. The system comprises: the system comprises an auditing module, a locking module and an unlocking module. The device comprises a memory and a processor for executing the Linux-based account management method. By using the invention, the exclusive use of the account can be realized and the safety of the system is improved. The account management method, the account management system, the account management device and the account management storage medium based on Linux can be widely applied to the field of account management.
Description
Technical Field
The invention belongs to the field of account management, and particularly relates to an account management method, system, device and storage medium based on Linux.
Background
And in multi-scene operation and maintenance of the Linux operating system, the user can log in the Linux operating system for operation as long as the user takes the account password. At this time, the operating system only records the operation record of the account, and even if some destructive operation is performed, the operator cannot be located. Many fortunes machines in the existing market can realize account escrow and user authority control, and the user needs certain authority or applies for a series of operations such as approval and obtains the account, but the same account can be used by multiple users at the same time, and when the illegal operation appears in the account, it can be difficult to trace back to the user individual, and the security is not enough.
Disclosure of Invention
In order to solve the above technical problems, an object of the present invention is to provide a method, a system, a device and a storage medium for account management based on Linux, which can avoid multiple users from logging in an operating system with the same account at the same time.
The first technical scheme adopted by the invention is as follows: a Linux-based account management method comprises the following steps:
receiving an application for account acceptance, and auditing the application based on a preset rule to obtain an auditing result;
adding a receiving lock to the account according to the verification result, and issuing the account if the receiving lock is successfully added;
and creating a session log for the issued account, and removing the receiving lock according to the session log.
Further, the receive lock includes information of an account receive process and user information of receiving the account.
Further, the step of adding a receiving lock to the account according to the auditing result, and issuing the account if the receiving lock is successfully added further comprises:
detecting the state of the account according to the auditing result to obtain a detection result;
and adding a receiving lock for the account according to the detection result, and issuing the account if the receiving lock is successfully added.
Further, the step of creating a session log for the issued account and releasing the lock to be picked according to the session log further includes:
receiving an issued account, decrypting the account, authenticating and logging in, and creating a session log if the logging in is successful;
obtaining the session data of the account and recording the session log, obtaining the session ending time according to the session data, and removing the receiving lock after the session is ended
Further, the detection result comprises that the account is added with a receiving lock, the time length of the account added with the receiving lock and the account not added with the receiving lock;
when the detection result is that the account is added with the adoption lock and the time length of the account added with the adoption lock exceeds a preset value, inquiring whether the adoption lock can be removed or not from a popup window of a user of the account;
when the detection result is that the account is added with the receiving lock and the time length of the account added with the receiving lock does not exceed the preset value, returning to the account receiving interface;
and when the detection result is that the receiving lock is not added, adding the receiving lock for the account.
Further, the login mode of the authentication login after the account is decrypted is that the Linux system logs in according to a standard protocol and a password instead of a password.
Further, the preset rules comprise the number of accounts which can be applied by the same user, the use time of the accounts and the reason for the account to be received.
The second technical scheme adopted by the invention is as follows: a Linux-based account management system:
the auditing module is used for receiving the application of account acceptance, auditing the application based on a preset rule and obtaining an auditing result;
the locking module is used for adding a receiving lock to the account according to the auditing result, and issuing the account if the receiving lock is successfully added;
and the unlocking module is used for creating a session identifier according to the issued account, recording a session log and removing the receiving lock after the session is ended.
The third technical scheme adopted by the invention is as follows: a Linux-based account management device:
at least one processor;
at least one memory for storing at least one program;
when the at least one program is executed by the at least one processor, causing the at least one processor to implement a Linux-based account management method as described above.
The fourth technical scheme adopted by the invention is as follows: a storage medium having stored therein instructions executable by a processor, the storage medium comprising: the processor-executable instructions, when executed by the processor, are for implementing the Linux-based account management method as described above.
The method, the system, the device and the storage medium have the advantages that: according to the invention, the accepting lock mark is added to the account, so that the same account can be used by only one user at the same time, and when illegal operation occurs to the account, the user of the account can trace back to the specific user according to the time period.
Furthermore, the account password is replaced, so that the user is prevented from directly contacting the password, and the purpose of improving the account security is achieved.
Drawings
FIG. 1 is a flow chart of the steps of a Linux-based account management method of the present invention;
fig. 2 is a block diagram of the Linux-based account management system according to the present invention.
Detailed Description
The invention is described in further detail below with reference to the figures and the specific embodiments. The step numbers in the following embodiments are provided only for convenience of illustration, the order between the steps is not limited at all, and the execution order of each step in the embodiments can be adapted according to the understanding of those skilled in the art.
The invention is particularly applied to account management of a plurality of Linux operating systems, a user receives account login instead of filling in the operating systems on an account management platform or a service system in a form of work order application, and when the user logs in the account in a substitute filling mode, whether other users are using the account to log in the same target server is checked. If other users receive the same account, the login substitution filling operation of the current user is forbidden; and if no other user receives the account, adding the user receiving identification to prevent other users from receiving the account.
As shown in fig. 1, the present invention provides a Linux-based account management method, which includes the steps of:
s101, receiving an application for account acceptance, and auditing the application based on a preset rule to obtain an auditing result.
Specifically, a user initiates an application for account acceptance on an account management platform, the application is explained, the application is checked based on preset, a checking result is obtained, and the checking result is sent to the user, wherein the preset rule can be set as required.
And S102, adding a receiving lock to the account according to the verification result, and issuing the account if the receiving lock is successfully added.
Specifically, the auditing result includes that the auditing is passed and not passed, manual auditing or auditing by a machine according to the limitation of a preset rule can be adopted, if the auditing is passed, adding a receiving lock is started, and if the auditing is not passed, returning to an initial interface for account receiving.
S103, creating a session log for the issued account, and removing the receiving lock according to the session log.
Further as a preferred embodiment of the method, the receive lock includes information of an account receive process and information of a user receiving the account.
Specifically, the information of the receiving process may include a process number, an account receiving time, and the like, so that the receiving lock is convenient to maintain and clear. The user information can comprise a user number, the department of the user and the like, and the user can be conveniently located.
As a further preferred embodiment of the method, the step of adding a receiving lock to the account according to the audit result, and issuing the account if the receiving lock is successfully added further includes:
detecting to obtain the account state according to the auditing result;
and adding a receiving lock for the account according to the account state, and issuing the account if the receiving lock is successfully added.
Specifically, the step of detecting whether the account is added with the picking lock further comprises the steps of judging whether the user finishes using the account according to picking time when the account is added with the picking lock, inquiring the user of the account through a popup window, and automatically clearing the account picking lock when no response is made within a certain time so that the account can be picked again.
As a preferred embodiment of the method, the step of creating a session log for the issued account, and releasing the pickup lock according to the session log further includes:
receiving an issued account, decrypting the account, authenticating and logging in, and creating a session log if the logging in is successful;
and acquiring and recording the session data of the account based on the SSH protocol, and removing the receiving lock according to the end time of the session.
Further as a preferred embodiment of the method, the recording session log includes a start time of the recording session, an end time of the recording session, and data information of the session.
Specifically, the SSH protocol is currently a reliable protocol dedicated to providing security for telnet sessions and other web services, and obtains session end time from a session log, and removes the lock for claiming from the session end time, so that the account is relegated to a claimable state. The operation behavior of the account can be monitored by recording the session log, the illegal operation of the account is reduced, the receiving lock identification of the account is cleared according to the ending time of the session, the account can be received again, whether the account is used or not is judged according to the session starting time and the session data information, and the receiving lock identification is used as a basis for judging whether the account is abnormally quitted or not by a system.
Further as a preferred embodiment of the method, the account status includes added and not added a receive lock, and adding a receive lock body for the account according to the account status includes:
when the account is in the state of being added with the receiving lock, and the time length of the receiving lock is detected to exceed a preset value, the receiving lock of the account is cleared;
when the account status is that the receiving lock is added, if the time length of the added receiving lock is not longer than a preset value, returning to an account receiving interface;
and when the account status is not added with the adoption lock, adding the adoption lock for the account.
Further, as a preferred embodiment of the method, the login mode of the decrypted account and authenticated login is login by the Linux system according to a standard protocol code instead of a password.
Specifically, the system limits the user to obtain account plaintext, and prevents the user from contacting an account password and directly logging in for operation by directly substituting the password of the password, so that the system is favorable for account hosting and authority control of the user, and the number of unauthorized operations performed by the user is reduced.
Further as a preferred embodiment of the method, the preset rules include the number of accounts that can be applied by the same user, the usage time of the accounts, and the reason for the account usage.
Specifically, the preset rule is used as a limiting condition in the auditing process, and can be set by an administrator as required, and specifically, the preset rule further includes an account login time period, an account login system authority, and the like.
The specific embodiment of the invention is as follows:
the method comprises the steps that a user initiates an account reception application on a platform, account reception duration needs to be described, an account administrator or a system audits a reception request initiated by the user according to a preset rule, the account reception request of the user is approved or refused according to preset conditions, if the audit is passed, account reception is started, whether the account is received by other users is detected, reception locks are added to the account under the condition that reception locks are not added, the user reception identification is increased, the other users cannot receive the account, the system directly replaces account passwords after the reception locks are successfully added, session identification is created after login is successful, session data is recorded based on an SSH protocol, the reception locks are removed after the session is ended, and the account is cleared of the reception identification, and the method has the advantages that the same account can only be used by the same user at the same time and the operation behavior of the user can be audited, the illegal operation of the user is reduced, the account password login system is filled in instead, the user is prevented from directly contacting the account port, the account pickup time can be set, and the problem that the account is continuously occupied when the account is abnormally withdrawn without unlocking after the account pickup locking is solved
As shown in fig. 2, a Linux-based account management system includes:
the auditing module is used for receiving the application of account acceptance, auditing the application based on a preset rule and obtaining an auditing result;
the locking module is used for adding a receiving lock to the account according to the auditing result, and issuing the account if the receiving lock is successfully added;
and the unlocking module is used for creating a session log for the issued account and releasing the receiving lock according to the session log.
The locking module specifically further comprises:
the detection submodule is used for detecting and obtaining the account state according to the auditing result;
and the account issuing sub-module is used for adding a receiving lock for the account according to the account, and issuing the account if the receiving lock is successfully added.
The unlocking module specifically further comprises:
the login submodule is used for receiving the issued account, decrypting the account, authenticating login and successfully creating a session log;
and the recording submodule is used for acquiring the session data of the account, recording the session log, acquiring the session ending time according to the session data, and removing the receiving lock after the session is ended.
The contents in the above method embodiments are all applicable to the present system embodiment, the functions specifically implemented by the present system embodiment are the same as those in the above method embodiment, and the beneficial effects achieved by the present system embodiment are also the same as those achieved by the above method embodiment.
A Linux-based account management apparatus comprising:
at least one processor;
at least one memory for storing at least one program;
when the at least one program is executed by the at least one processor, causing the at least one processor to implement a Linux-based account management method as described above.
The contents in the above method embodiments are all applicable to the embodiment of the apparatus system, the functions specifically implemented by the embodiment of the apparatus are the same as those in the above method embodiments, and the advantageous effects achieved by the embodiment of the apparatus are also the same as those achieved by the above method embodiments.
A storage medium having stored therein instructions executable by a processor, the storage medium comprising: the processor-executable instructions, when executed by the processor, are for implementing the Linux-based account management method as described above.
The contents in the above method embodiments are all applicable to the present storage medium embodiment, the functions specifically implemented by the present storage medium embodiment are the same as those in the above method embodiments, and the advantageous effects achieved by the present storage medium embodiment are also the same as those achieved by the above method embodiments.
While the preferred embodiments of the present invention have been illustrated and described, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.
Claims (10)
1. An account management method based on Linux is characterized in that: the method comprises the following steps:
receiving an application for account acceptance, and auditing the application based on a preset rule to obtain an auditing result;
adding a receiving lock to the account according to the verification result, and issuing the account if the receiving lock is successfully added;
and creating a session log for the issued account, and removing the receiving lock according to the session log.
2. A Linux-based account management method as recited in claim 1, wherein: the receiving lock comprises information of an account receiving process and user information of receiving the account.
3. A Linux-based account management method as recited in claim 1, wherein: the step of adding a receiving lock to the account according to the auditing result, and issuing the account if the receiving lock is successfully added, further comprises:
detecting to obtain the account state according to the auditing result;
and adding a receiving lock for the account according to the account state, and issuing the account if the receiving lock is successfully added.
4. A Linux-based account management method as recited in claim 1, wherein: the step of creating a session log for the issued account and releasing the lock for pickup according to the session log further comprises:
receiving an issued account, decrypting the account, authenticating and logging in, and creating a session log if the logging in is successful;
and acquiring session data of the account, recording the session data into a session log, acquiring the session ending time according to the session data, and removing the receiving lock after the session is ended.
5. A Linux-based account management method as in claim 3, wherein: the account state comprises added and not added picking locks, and the adding of the picking lock body for the account according to the account state comprises the following steps:
when the account is in the state of being added with the receiving lock, and the time length of the receiving lock is detected to exceed a preset value, the receiving lock of the account is cleared;
when the account status is that the receiving lock is added, if the time length of the added receiving lock is not longer than a preset value, returning to an account receiving interface;
and when the account status is not added with the adoption lock, adding the adoption lock for the account.
6. The Linux-based account management method of claim 4, wherein: the login mode of the decrypted account and authenticated login is that the Linux system logs in according to a standard protocol and a password instead of a password.
7. A Linux-based account management method as recited in claim 1, wherein: the preset rules comprise the number of accounts which can be used by the same user, the using time of the accounts and the reason for the account use.
8. An account management system based on Linux is characterized in that:
the auditing module is used for receiving the application of account acceptance, auditing the application based on a preset rule and obtaining an auditing result;
the locking module is used for adding a receiving lock to the account according to the auditing result, and issuing the account if the receiving lock is successfully added;
and the unlocking module is used for creating a session log for the issued account and releasing the receiving lock according to the session log.
9. An account management device based on Linux is characterized in that: the method comprises the following steps:
at least one processor;
at least one memory for storing at least one program;
when executed by the at least one processor, cause the at least one processor to implement a Linux-based account management method as any one of claims 1-7.
10. A storage medium having stored therein instructions executable by a processor, the storage medium comprising: the processor-executable instructions, when executed by a processor, are for implementing the Linux-based account management method of any of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911017560.7A CN110851806A (en) | 2019-10-24 | 2019-10-24 | Linux-based account management method, system, device and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911017560.7A CN110851806A (en) | 2019-10-24 | 2019-10-24 | Linux-based account management method, system, device and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110851806A true CN110851806A (en) | 2020-02-28 |
Family
ID=69596900
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911017560.7A Pending CN110851806A (en) | 2019-10-24 | 2019-10-24 | Linux-based account management method, system, device and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110851806A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111984974A (en) * | 2020-08-31 | 2020-11-24 | 成都安恒信息技术有限公司 | Windows remote operation and maintenance isolation method based on operation and maintenance audit |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1237112A1 (en) * | 1999-08-23 | 2002-09-04 | Dongsheng Li | A method for the accomplishment secure transaction for electronicbankbook (purse) |
| CN102999852A (en) * | 2011-09-14 | 2013-03-27 | 阿里巴巴集团控股有限公司 | Electronic coupon data generation method and electronic coupon data generation device |
| CN105099683A (en) * | 2014-05-08 | 2015-11-25 | 中兴通讯股份有限公司 | Account distribution method and device |
| CN106971094A (en) * | 2017-03-21 | 2017-07-21 | 北京深思数盾科技股份有限公司 | Software digital permits transfer method and system |
-
2019
- 2019-10-24 CN CN201911017560.7A patent/CN110851806A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1237112A1 (en) * | 1999-08-23 | 2002-09-04 | Dongsheng Li | A method for the accomplishment secure transaction for electronicbankbook (purse) |
| CN102999852A (en) * | 2011-09-14 | 2013-03-27 | 阿里巴巴集团控股有限公司 | Electronic coupon data generation method and electronic coupon data generation device |
| CN105099683A (en) * | 2014-05-08 | 2015-11-25 | 中兴通讯股份有限公司 | Account distribution method and device |
| CN106971094A (en) * | 2017-03-21 | 2017-07-21 | 北京深思数盾科技股份有限公司 | Software digital permits transfer method and system |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111984974A (en) * | 2020-08-31 | 2020-11-24 | 成都安恒信息技术有限公司 | Windows remote operation and maintenance isolation method based on operation and maintenance audit |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109005155B (en) | Identity authentication method and device | |
| US20170012978A1 (en) | Secure communication method and apparatus | |
| CN107483495B (en) | Big data cluster host management method, management system and server | |
| EP2239887A1 (en) | User managing method and apparatus | |
| CN110690972B (en) | Token authentication method and device, electronic equipment and storage medium | |
| CN112887340B (en) | Password resetting method and device, service management terminal and storage medium | |
| CN102307099A (en) | Authentication method and system as well as authentication server | |
| CN104506321A (en) | Method for updating seed data in dynamic token | |
| CN106209905B (en) | Network security management method and device | |
| CN111935095A (en) | Source code leakage monitoring method and device and computer storage medium | |
| CN113672897A (en) | Data communication method, device, electronic equipment and storage medium | |
| CN111966459A (en) | Virtual cloud desktop system | |
| CN110851806A (en) | Linux-based account management method, system, device and storage medium | |
| US20130055359A1 (en) | Secret information leakage prevention system, secret information leakage prevention method and secret information leakage prevention program | |
| CN106295384B (en) | Big data platform access control method and device and authentication server | |
| CN108092937B (en) | Method and system for preventing unauthorized access of Web system | |
| CN110890960B (en) | Data replay attack identification and protection method based on multiple verification mechanisms | |
| CN111417122A (en) | Attack prevention method and device | |
| CN112398787A (en) | Mailbox login verification method and device and computer equipment | |
| CN111949952A (en) | Method for processing verification code request and computer-readable storage medium | |
| CN107231365B (en) | Evidence obtaining method, server and firewall | |
| CN113794729A (en) | Communication processing method and device for AVP (Audio video tape Audio video protocol) equipment, electronic equipment and medium | |
| CN113886802A (en) | Security authentication method, device, electronic equipment and storage medium | |
| CN116996236B (en) | Database operation authentication processing method and device | |
| CN111614620A (en) | Database access control method, system and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200228 |