CN111125690B - Method and device for reinforcing host and storage medium - Google Patents
Method and device for reinforcing host and storage medium Download PDFInfo
- Publication number
- CN111125690B CN111125690B CN201911200920.7A CN201911200920A CN111125690B CN 111125690 B CN111125690 B CN 111125690B CN 201911200920 A CN201911200920 A CN 201911200920A CN 111125690 B CN111125690 B CN 111125690B
- Authority
- CN
- China
- Prior art keywords
- plug
- host
- file
- access
- access point
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 76
- 230000003014 reinforcing effect Effects 0.000 title abstract description 41
- 230000002787 reinforcement Effects 0.000 claims abstract description 55
- 230000006978 adaptation Effects 0.000 claims abstract description 25
- 230000002159 abnormal effect Effects 0.000 claims abstract description 24
- 230000004044 response Effects 0.000 claims abstract description 11
- 238000012544 monitoring process Methods 0.000 claims abstract description 10
- 230000003044 adaptive effect Effects 0.000 claims abstract description 8
- 238000007596 consolidation process Methods 0.000 claims description 28
- 230000008569 process Effects 0.000 claims description 14
- 230000002085 persistent effect Effects 0.000 claims description 8
- 238000004590 computer program Methods 0.000 claims description 4
- 230000006870 function Effects 0.000 description 14
- 238000010586 diagram Methods 0.000 description 9
- 238000013515 script Methods 0.000 description 6
- 238000005728 strengthening Methods 0.000 description 4
- 238000012795 verification Methods 0.000 description 4
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000004422 calculation algorithm Methods 0.000 description 2
- 230000003247 decreasing effect Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000011156 evaluation Methods 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 230000002688 persistence Effects 0.000 description 2
- 230000001360 synchronised effect Effects 0.000 description 2
- 230000004888 barrier function Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000012552 review Methods 0.000 description 1
- 238000005096 rolling process Methods 0.000 description 1
- 239000010979 ruby Substances 0.000 description 1
- 229910001750 ruby Inorganic materials 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/54—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by adding security routines or objects to programs
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
- Stored Programmes (AREA)
Abstract
The invention relates to a method, a device and a storage medium for host reinforcement, wherein the method comprises the following steps: establishing a plug-in list configuration file, and distributing an access point for each plug-in the plug-in list configuration file; establishing a plug-in access file, and configuring corresponding adaptive parameters and backspacing instructions for each plug-in the plug-in access file; loading a plug-in list configuration file and a plug-in access file to establish a plug-in library containing the corresponding relation between the access point and the adaptation parameters and the backspacing instructions of the plug-ins; scanning host bugs, and calling corresponding access points in a plug-in library according to the scanning result to operate corresponding plug-ins to reinforce the host; and executing a rollback instruction on the called access point in response to monitoring that the reinforcement fails and/or the operation of the host is abnormal after reinforcement. The embodiment of the invention has great compatibility, can protect the safety of the host more pertinently and comprehensively, realizes one-key rollback aiming at reinforcing abnormal plug-ins, and continuously maintains the operation and the safety of the host.
Description
Technical Field
The invention relates to the technical field of information security. The invention further relates to a method, a device and a storage medium for host reinforcement.
Background
With the deep evolution of internet application, dynamic protection and security management of each layer in a network system are not slow. The user needs to fully know the security threat and risk in the user and complete the construction of the security system according to the security baseline requirement. And aiming security scanning and reinforcing are carried out on the security problems of the host and the system.
However, for most current implementations of host consolidation, it is implemented in the form of a macro core + plug-in that is used. That is, most functions are determined by the system operating framework, and the functions supported by the plug-in are few, have poor expansibility, or even have no expansibility. In addition, the host reinforcing plug-in rarely has a reinforcing item rollback function. After some plug-ins reinforce the host, if an abnormal condition occurs, because the reinforcing backspacing function is not provided, only one configuration item can be manually backed, and the operation is extremely complex. Today, where the current security situation is changing, the above-mentioned existing host consolidation model has become increasingly unable to meet practical requirements.
Based on the above situation, a host strengthening mode that can flexibly and extendably load plug-ins and the loaded plug-ins have a rollback function is needed to be provided, so that the host can be more effectively and conveniently strengthened safely.
Disclosure of Invention
In one aspect, the present invention provides a method for reinforcing a host, wherein the method includes the following steps:
establishing a plug-in list configuration file, and distributing an access point for each plug-in the plug-in list configuration file;
establishing a plug-in access file, and configuring corresponding adaptive parameters and backspacing instructions for each plug-in the plug-in access file;
loading a plug-in list configuration file and a plug-in access file to establish a plug-in library containing the corresponding relation between the access point and the adaptation parameters and the backspacing instructions of the plug-ins;
scanning host bugs, and calling corresponding access points in a plug-in library according to the scanning result to operate corresponding plug-ins to reinforce the host;
and executing a rollback instruction on the called access point in response to the monitoring that the reinforcement fails and/or the abnormal operation of the host occurs after the reinforcement.
An embodiment of the method of host consolidation according to the invention is described, wherein the method further comprises:
and generating logs of processes for scanning host bugs, calling corresponding access points to run corresponding processes of plugins, information of abnormal operation of the hosts after reinforcement failure and/or reinforcement, and executing rollback instructions on the called plugins, and recording the logs in a persistent memory.
According to the embodiment of the method for reinforcing the host computer, the step of establishing the plug-in access file, and configuring the corresponding adaptation parameters and the rollback instruction for each plug-in the plug-in access file further comprises the following steps:
adding an encryption configuration item into the adaptation parameters of the plug-ins of the plug-in access file and configuring the validity of the encryption configuration item;
an encryption configuration file and/or an encryption plug-in file is generated for the plug-in for which the encryption configuration item is valid.
According to an embodiment of the method for host consolidation of the present invention, the loading the plug-in list configuration file and the plug-in access file to establish the plug-in library including the corresponding relationship between the access point and the adaptation parameter and the rollback instruction of the plug-in further comprises:
matching the access point distributed for each plug-in the plug-in list configuration file with the adaptation parameter and the backspacing instruction of the corresponding plug-in the plug-in access file;
and generating the corresponding relation between the access point and the adaptive parameters and the backspacing instructions of the matched plug-ins, and storing the corresponding relation into a plug-in library.
According to an embodiment of the method for host consolidation of the present invention, the step of matching the access point allocated to each plugin in the plugin list configuration file with the adaptation parameter and the rollback instruction of the corresponding plugin in the plugin access file further includes:
the plug-in includes at least one version, matches one of the at least one version with the access point, and uses the ID of the access point and the version number of the matched version as a unique index for generating the correspondence.
In an embodiment of the method for reinforcing a host according to the present invention, in response to monitoring that reinforcement fails and/or an abnormal operation occurs in the host after reinforcement, executing a fallback instruction for the called access point further includes:
a unified rollback instruction is executed for all invoked access points to force rollback of all running plug-ins.
In an embodiment of the method for reinforcing a host according to the present invention, in response to monitoring that reinforcement fails and/or an abnormal operation occurs in the host after reinforcement, executing a fallback instruction for the called access point further includes:
and executing a rollback instruction on the specified access point to force the corresponding plug-in to roll back.
According to the embodiment of the method for reinforcing the host, the scanning of the host bugs and the calling of the corresponding access points in the plug-in library according to the scanning result to run the corresponding plug-ins to reinforce the host further comprise:
and responding to the calling of the corresponding access point in the plug-in library, recording the running condition of the corresponding plug-in and outputting the recorded information.
In another aspect, the present invention further provides a device for host computer reinforcement, wherein the device includes:
at least one processor; and
a memory storing processor executable program instructions that, when executed by the processor, perform the steps of any of the embodiments of the host hardened method described above.
Furthermore, the present invention further proposes a computer-readable storage medium, in which a computer program is stored, which computer program, when being executed by a processor, performs the steps of an embodiment of the method of host consolidation as described in any one of the preceding paragraphs.
By adopting the technical scheme, the invention at least has the following beneficial effects: through the unified combination and management of various plug-ins, the plug-ins with different formats are compatible by matching with the access point, so that the aim of dynamically loading the plug-ins is fulfilled under the condition of not modifying source codes, the expansibility of host reinforcement is improved to a great extent, and further the targeted safe scanning and reinforcement of the host are realized; meanwhile, all plug-ins matched with the access point have a one-key backspacing function, and the backspacing can be conveniently and rapidly performed under the condition of abnormal reinforcement; the embodiment of the invention has great compatibility, can protect the safety of the host more pertinently and comprehensively, can realize convenient and quick one-key rollback aiming at the plug-in with abnormal reinforcement, and realizes continuous maintenance of the operation and the safety of the host.
The present invention provides aspects of embodiments, which should not be used to limit the scope of the present invention. Other embodiments are contemplated in accordance with the techniques described herein, as will become apparent to one of ordinary skill in the art upon examination of the following figures and detailed description, and are intended to be included within the scope of the present application.
Embodiments of the invention are explained and described in more detail below with reference to the drawings, but they should not be construed as limiting the invention.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are required in the prior art and the description of the embodiments will be briefly introduced below, components in the drawings are not necessarily drawn to scale, and related elements may be omitted, or in some cases the scale may have been exaggerated in order to emphasize and clearly show the novel features described herein. In addition, the structural order may be arranged differently, as is known in the art.
FIG. 1 shows a schematic block diagram of an embodiment of a method of host consolidation in accordance with the present invention;
FIG. 2 illustrates a general architectural diagram of yet another embodiment of a method of host consolidation in accordance with the present invention;
FIG. 3 illustrates a technical architecture diagram of yet another embodiment of a method of host consolidation in accordance with the present invention;
FIG. 4 is a schematic diagram illustrating an encryption/decryption flow of a further embodiment of a method of host consolidation in accordance with the present invention;
FIG. 5 illustrates a technical architecture diagram of yet another embodiment of a method of host consolidation in accordance with the present invention;
FIG. 6 is a schematic flow chart diagram illustrating plugin operation according to yet another embodiment of a host consolidation method in accordance with the present invention.
Detailed Description
While the present invention may be embodied in various forms, there is shown in the drawings and will hereinafter be described some exemplary and non-limiting embodiments with the understanding that the present disclosure is to be considered an exemplification of the invention and is not intended to limit the invention to the specific embodiments illustrated.
In the following description of the embodiments of the present invention, it should be noted that the steps mentioned in the description are only numbered for easily and clearly indicating the steps without specific description, and the order of the steps is not limited.
Fig. 1 shows a schematic block diagram of an embodiment of a method of host consolidation according to the present invention. In the embodiment shown in the figure, the method comprises at least the following steps:
s1: establishing a plug-in list configuration file, and distributing an access point for each plug-in the plug-in list configuration file;
s2: establishing a plug-in access file, and configuring corresponding adaptive parameters and backspacing instructions for each plug-in the plug-in access file;
s3: loading a plug-in list configuration file and a plug-in access file to establish a plug-in library containing the corresponding relation between the access point and the adaptation parameters and the backspacing instructions of the plug-ins;
s4: scanning host bugs, and calling corresponding access points in a plug-in library according to the scanning result to operate corresponding plug-ins to reinforce the host;
s5: and executing a rollback instruction on the called access point in response to monitoring that the reinforcement fails and/or the operation of the host is abnormal after reinforcement.
In order to improve the expandability and compatibility of the host reinforcement without modifying the source code, the host is reinforced safely by using richer plug-ins, in other words, when the program of the host reinforcement client is executed, more parameters need to be acquired, so that the configuration information is acquired in the form of a configuration file, and preferably provided in the format of a json string. And the host reinforcing client reads the configuration file information of the plug-in list at the beginning of program starting and loads the information content into a memory or a database. In the method of the invention, step S1 creates a plug-in list configuration file, in which an access point is allocated to each plug-in. Plug-in list profile examples are as follows:
wherein: information such as version, logevel, logpath and the like configures item information for each business item, and the items can be increased or decreased according to actual conditions; the plugins array is a list of plugins to be managed by the hardened client. The plugin field is an entrypoint file under the plugin directory, and an entrypoint file sample is shown in the following text; the plugin _ version field is a plugin version, and the reinforcing client only executes plugins of the plugin _ version.
In order to make the plug-in adapt to the access point and to make the plug-in implement the rollback function, step S2 creates a plug-in access file, and configures corresponding adaptation parameters and rollback instructions for each plug-in the plug-in access file. An example of plug-in access file configuration information (unwritten rollback instruction) is as follows:
wherein: entrypoint profile information is stored in json form. author, etc. is the author information for the plug-in. The plugin array is the actual information of each plug-in. The plugin _ id, plugin _ name and plugin _ desc are the id, name and description of the plug-in content; the plugin _ exe is an executable program of the plugin, and the executable program can be contents such as python, shell, ruby, groovy, third-party executable plugins and the like; the plugin _ config is command line parameter information of each plugin, and can specify a configuration file or command line parameters, and the specific content is subject to the execution requirement of the plugin. If the executable program is Python, the plugin _ config can be a Python script; if the executable file is a shell, the plugin _ config can be a shell script, and the rest is similar.
After the plug-in list configuration file and the plug-in access file are established, when the host reinforced client starts to operate, the plug-in list configuration file and the plug-in access file are loaded in step S3 to establish a plug-in library including the corresponding relation between the access point and the adaptation parameter and the rollback instruction of the plug-in. The built plug-in library is stored in a database of the persistence layer. And S4, scanning the host computer bugs, and calling corresponding access points in the plug-in library according to the scanning result to operate corresponding plug-ins to reinforce the host computer. That is to say, the corresponding plug-in is operated by calling the access point according to the scanned bugs, so that the security of the host is reinforced. FIG. 6 shows a schematic flow diagram of plug-in operation according to an embodiment of the invention. And if the reinforcement failure and/or the abnormal operation of the host after reinforcement are monitored, step S5 executes a rollback instruction on the called access point to forcibly rollback the plug-in operation.
In order to implement the method for host reinforcement according to the present invention, an embodiment of the present invention proposes to implement the method based on an overall framework, such as that shown in fig. 2, which is mainly divided into three parts: the system comprises a reinforcement client, a reinforcement plug-in and a log system.
A hardened client is an executable file program (executable file) deployed on a host. The main functions of the reinforced client are as follows: 1. completing the work of program starting, such as a plurality of processes of input/output management, plug-in management, log management, encryption and decryption management and the like; 2. and sequentially pulling up the plug-in units and executing scanning reinforcement work.
The reinforced client is a main module of the method provided by the invention, and the physical form of the reinforced client is an executable file. The reinforced client is mainly divided into a checking layer, a service layer, a persistent layer, an operation layer and the like, generates an operation result after the operation is finished, and records operation information. The hardened client technology architecture is shown in fig. 3, in which:
1) The check layer is used for checking the input check sum configuration file. The input verification mainly comprises the steps of obtaining command line parameters of the executable file and verifying the reasonability of the command line parameters; the configuration file verification mainly comprises the steps of obtaining configuration item parameters in the configuration file and verifying the reasonability of the configuration item parameters. If the verification fails, discarding errors or outputting result information, and entering an exception handling mode; if the verification is successful. Execution continues and the service layer is entered.
2) The service layer is a basic service layer of the evaluation tool suite. The service layer comprises functional modules of plug-in management, process management, encryption and decryption management and the like.
3) The persistent layer is a database, and the database uses a file database SQLite for persistent storage of corresponding information. Such as plug-in information, configuration item information, etc.
4) The operation layer is to run the plug-ins in a certain sequence according to the above. And the plug-in carries out safe configuration scanning, reinforcing and rollback operations on the server to be reinforced and records corresponding log information.
And finally, the reinforcement client generates corresponding result information according to the operation result of the operation layer, and the result information is used for displaying the safety problem of the host, whether reinforcement is needed or not, the reinforcement mode and other contents. For the user to view. The result information is displayed in two modes, one mode is that the result information is printed on the terminal; another way is to record in a file, the content of which is presented in json.
The reinforcing plug-in is a part which really completes the reinforcement of the host in the host reinforcing method. The ruggedization plug-in is used to complete the scanning, ruggedization, and rollback operations for various host items. One or more reinforcing inserts may be present and may be added dynamically. However, in order to improve the scalability and compatibility of host reinforcement without modifying the source code, the host is reinforced with more abundant plug-ins, and the barriers between plug-ins of different formats and different types need to be broken. In this regard, the idea of integrating and uniformly managing the respective plug-ins by using an access point (entrypoint) is proposed in the embodiment of the present invention. That is, each plug-in must adapt the entrypoint configuration information (adaptation parameter) that meets the requirements of the hardened client as an identification of the hardened client identifying plug-in. In this way, the enriched client can run the newly added enriched plug-in without modifying the source code.
The main working mode of the host reinforcing method of the invention is to use various plug-ins to scan, reinforce and rollback various host services. Because the plug-ins may directly operate the operating system or hosts of each hardened host, the contents of the plug-ins are subject to rigorous review. All plug-in operations need to be used after security analysis. For plug-ins that present a security risk, use is not recommended. Once a problem is discovered, it is necessary to rollback some or all of the consolidation operations.
The ruggedized plug-ins may be implemented using a variety of languages or scripts. The reinforced plug-in comprises a plug-in framework, a check layer, an exception layer, a service layer, a persistent layer and the like. The general technical architecture of the ruggedized insert is shown in fig. 5, wherein:
1) And the plug-in board is an actual operator for safety reinforcement. The plug-in of the invention can be executed independently or integrated on a host reinforced client. Therefore, the plug-in is to be adapted to meet the requirements of the host plug-in client entrypoint.
2) The checking layer is used for checking the legality and the integrity of the parameters transmitted to the plug-in by the host reinforcing client;
3) The abnormal layer is a message processing module for which the check layer fails to check, and generally throws errors for abnormal information;
4) And the service layer is responsible for assembling the plug-in information, executing the plug-in, waiting for the response information of the plug-in and other contents.
And the service layer directly operates the assembled plug-in information to obtain the relevant execution information of the host to be reinforced. The target host is not limited to a virtual machine and a physical host.
The host reinforcing method does not limit the types of the plug-ins, no matter the plug-ins are python scripts or shell scripts, or executable files, as long as the method can meet the requirements of entrypoint in a matching mode, and can output corresponding log information for a host reinforcing client to receive and display to a user. The host hardened client can integrate the plug-in into the method.
Regardless of the type of the reinforcing plug-in, the workflow is not limited to several steps of scanning, reinforcing, backing and the like. The host reinforcing plug-in unit of the invention also has the scanning function, the reinforcing function and the backspacing function. And performing the common work flow in sequence. Such as after consolidation, causing the occurrence of a host anomaly. Because all the plug-ins have a uniform format, the host reinforced client can forcibly execute rollback operation to achieve the purpose of rollback by one key; and the corresponding plug-in can be returned in a specific entrypoint file, so that the problem of abnormal host is solved. The reinforcing insert workflow diagram is shown in fig. 6.
In some embodiments of the method of host consolidation of the present invention, the method further comprises:
s6: the method comprises the steps of scanning a process of host vulnerability, calling a corresponding access point to run a process of a corresponding plug-in, generating logs of the information of abnormal operation of the host after reinforcement failure and/or reinforcement, and executing a rollback instruction on the called plug-in, and recording the logs in a persistent memory.
As one of the main components of the framework of the invention, a logging system records the results of the execution of key operational steps; meanwhile, the execution detailed information of each plug-in of the host strengthening method is recorded, so that a user can conveniently check the strengthening result of the host.
The log system is mainly used for log management and mainly comprises functions of log storage, log query and the like. And after the program is started, the evaluation tool management platform establishes a uniform log recording module. Each process prints the log information into a log file under a designated directory. The user can check the log file and check the service log.
A log storage interface: the unified interface for log storage can realize the persistence of log data through the unified storage interface regardless of operation logs and execution logs, and is convenient for a user to check and count reports at any time.
When the log storage interface receives a log storage request, a log format checking module is needed to check whether the record structure of each log is complete and whether the important field is complete, and after the check is passed, the log record structure is respectively stored into corresponding data sets (tables) according to different types of logs.
Therefore, in some embodiments, the method for reinforcing the host further includes step S6 of generating a log of a process of scanning a vulnerability of the host during the host reinforcing process, a process of calling a corresponding access point to run a corresponding plug-in, information of the reinforcing failure and/or abnormal operation of the host after the reinforcing, and a process of executing a rollback instruction on the called plug-in, and recording the log in the persistent memory.
In some embodiments of the method for reinforcing a host according to the present invention, the step S2 of establishing a plug-in access file, and configuring corresponding adaptation parameters and rollback instructions for each plug-in the plug-in access file further includes:
s21: adding an encryption configuration item into the adaptation parameters of the plug-ins of the plug-in access file and configuring the validity of the encryption configuration item;
s22: an encryption configuration file and/or an encryption plug-in file is generated for the encryption configuration item for the valid plug-in.
Each plug-in of the host consolidation may involve logging into a third party server using SSH, and therefore, the username and password of each third party server is configured in a configuration file. For security, the username and password require configuration secrets.
In addition, because the main operating mode of host computer reinforcement is to use the reinforced plug-in to scan and reinforce the host computer for security configuration, the plug-ins need to be executed serially in order due to the mutual interference of the contents of the plug-ins. At this time, if the host hardened client directly reads the plug-in content under the corresponding directory each time, there is a risk that the plug-in content is tampered without being known by the client. Therefore, it is necessary to store the plug-in encrypted form in the built-in database of the host consolidation method. This ensures that the plug-in executed this time will not be tampered.
Based on the two use scenes, the host strengthening method provided by the invention provides an encryption and decryption module which uses relatively safe symmetric encryption algorithms such as 3DES and AES. The key seed value is entered by the command line parameter. From the seed value, a key of sufficient security length is generated. The respective data are encrypted and decrypted. Meanwhile, the encryption and decryption module of the host reinforcing framework provides commands for uniformly encrypting and decrypting externally. The user name and the password of the host to be reinforced are conveniently encrypted and then written into the configuration file.
Therefore, when the plug-in access file is established in step S2, adaptation in encryption needs to be performed, where S21 adds an encryption configuration item to an adaptation parameter of the plug-in access file and configures validity of the encryption configuration item, for example, an encryption field is the encryption configuration item, and if the configuration is 1, scripts and configuration item information related to the plug-in need to be encrypted and stored; if configured as 0, no encryption is performed. In some embodiments, the default is 0, i.e., no encryption is required by default. For the plug-in that needs to be encrypted, i.e. the encryption configuration item is valid (e.g. the encryption field is 1), S22 generates an encryption configuration file and/or an encryption plug-in file. The encryption configuration file is used for encrypting configuration parameters such as a user name and a password, and the encryption plug-in file is used for encrypting the plug-in.
The encryption and decryption methods are as follows:
encrypting the user name: A/HostReinformance encrypt 123456aroot
And (4) decrypting the user name: [ HostReinformance decrypt 123456adGvzdA =
Wherein: the HostReinforcement is an executable file of the host reinforcement client; encrypting/decrypting is an encryption/decryption identifier; 123456a? A key that is an encryption algorithm; root/dGVzdA = = character string that needs encryption/decryption; each parameter is separated by a blank space. And after the execution is successful, outputting the character string of the encryption and the decryption, and exiting. The encryption and decryption flow chart of the host hardened client is shown in fig. 4.
In some embodiments of the method for host consolidation of the present invention, the step S3 of loading the plug-in list configuration file and the plug-in access file to establish the plug-in library including the corresponding relationship between the access point and the adaptation parameter and the rollback instruction of the plug-in further includes:
s31: matching the access point distributed for each plug-in the plug-in list configuration file with the adaptation parameter and the backspacing instruction of the corresponding plug-in the plug-in access file;
s32: and generating the corresponding relation between the access point and the adaptive parameters and the backspacing instructions of the matched plug-ins, and storing the corresponding relation into a plug-in library.
Specifically, first, S31 matches the access point allocated to each plugin in the plugin list configuration file with the adaptation parameter and the rollback instruction of the corresponding plugin in the plugin access file, that is, the host reinforcement client obtains the matched plugin and entrypoint according to the plugin field in the plugin array (as described above) in the plugin list configuration file. And S32, generating a corresponding relation between the access point and the adaptive parameter and the backspacing instruction of the matched plug-in and storing the corresponding relation into a plug-in library. Therefore, the host reinforcing client can find the reinforcing plug-in under the appointed directory, the corresponding version of the reinforcing plug-in and other configuration information of the reinforcing plug-in according to the entry point information of the plug-in entrypoint.
In some embodiments of the method for host consolidation according to the present invention, the step S31 of matching the access point allocated to each plugin in the plugin list configuration file with the adaptation parameter and the rollback instruction of the corresponding plugin in the plugin access file further includes: the plug-in includes at least one version, matches one of the at least one version with the access point, and uses the ID of the access point and the version number of the matched version as a unique index for generating the correspondence. In some cases, a plug-in may include more than one version. In order to prevent the plug-in from repeatedly loading to cause conflicts between different versions, in the embodiments, one of at least one version is matched with the access point, and the ID of the access point and the version number of the matched version are used as a unique index for generating the corresponding relationship. And the version is the version information of the current plug-in the plug-in access file. Each plug-in is associated to the access point with id + version as the unique index. When the host reinforcing client calls the access point, only one plug-in version is operated, and the other versions are ignored, so that the problem of conflict caused by repeated operation of the same plug-in of different versions is solved.
In some embodiments of the method for reinforcing a host according to the present invention, in response to the monitoring that the reinforcement fails and/or the host has an abnormal operation after the reinforcement, the step S5 executing a rollback instruction on the called access point further includes: a unified rollback instruction is executed for all invoked access points to force rollback of all running plug-ins. Because all the plug-ins have the uniform entrypoint format and the internal function, if the host is abnormal after the host is reinforced, the reinforced client of the host can roll back the reinforced contents of all the plug-ins by one key.
In some embodiments of the method for reinforcing a host according to the present invention, in response to the monitoring that the reinforcement fails and/or the operation of the host is abnormal after the reinforcement, the step S5 of executing a rollback instruction on the invoked access point further includes: and executing a rollback instruction on the specified access point to force the corresponding plug-in to roll back. If it is not necessary or in the event that it is determined that it is not necessary to rollback the consolidated content for all of the plugins, it may also be possible in some embodiments to modify for the corresponding entrypoint, executing a rollback instruction for the specified access point, thereby rolling back only the corresponding plugin consolidated content that is in question.
In some embodiments of the method for reinforcing a host according to the present invention, the step S4 of scanning the host vulnerability, and calling the corresponding access point in the plug-in library according to the scanning result to run the corresponding plug-in to reinforce the host further includes: and responding to the corresponding access point in the calling plug-in library, recording the running condition of the corresponding plug-in and outputting the recorded information. When the bug is monitored and then the corresponding access point in the plug-in library is called to carry out host reinforcement, the host reinforcement client side records the output result in a file. Json, the file content is shown in json format, and information such as items and reasons for successful and failed execution of the plug-in is recorded in detail, so that the user can conveniently check and integrate with other systems. In addition, in some embodiments, the result is printed out on the terminal information. A sample of the result json file is as follows:
wherein: totalpuginnum is the total number of plug-ins managed by the host reinforcement client; the success number of the plug-ins is; the failnum is the number of plug-in execution failures; failist and success are lists and detailed information of successful and failed plugins, respectively. The detailed information can be increased or decreased according to the actual situation.
In another aspect, the present invention further provides a device for host computer reinforcement, wherein the device includes: at least one processor; and a memory storing program instructions executable by the processor to perform the steps of any of the host-hardened method embodiments described above when executed by the processor.
Furthermore, the present invention further proposes a computer-readable storage medium storing a computer program which, when executed by a processor, performs the steps of an embodiment of the method of host consolidation of any one of the preceding claims.
The devices and apparatuses disclosed in the embodiments of the present invention may be various electronic terminal apparatuses, such as a mobile phone, a Personal Digital Assistant (PDA), a tablet computer (PAD), a smart television, and the like, or may be a large terminal apparatus, such as a server, and therefore the scope of protection disclosed in the embodiments of the present invention should not be limited to a specific type of device and apparatus. The client disclosed in the embodiment of the present invention may be applied to any one of the above electronic terminal devices in the form of electronic hardware, computer software, or a combination of both.
The computer-readable storage media (e.g., memory) described herein may be either volatile memory or nonvolatile memory, or may include both volatile and nonvolatile memory. By way of example, and not limitation, nonvolatile memory can include Read Only Memory (ROM), programmable ROM (PROM), electrically Programmable ROM (EPROM), electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM), which can act as external cache memory. By way of example and not limitation, RAM may be available in a variety of forms such as synchronous RAM (DRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double data rate SDRAM (DDR SDRAM), enhanced SDRAM (ESDRAM), synchlink DRAM (SLDRAM), and Direct Rambus RAM (DRRAM). The storage devices of the disclosed aspects are intended to comprise, without being limited to, these and other suitable types of memory.
By adopting the technical scheme, the invention at least has the following beneficial effects: through the unified combination and management of various plug-ins, the plug-ins with different formats are compatible by matching with the access point, so that the aim of dynamically loading the plug-ins is fulfilled under the condition of not modifying source codes, the expansibility of host reinforcement is improved to a great extent, and further the targeted safe scanning and reinforcement of the host are realized; meanwhile, all the plug-ins matched with the access points have a one-key rollback function, and reinforcement rollback can be conveniently and quickly performed under the condition of reinforcement abnormity; the embodiment of the invention has great compatibility, can protect the safety of the host more pertinently and comprehensively, can realize convenient and quick one-key rollback aiming at the plug-in with abnormal reinforcement, and realizes continuous maintenance of the operation and the safety of the host.
It is to be understood that the features listed above for different embodiments may be combined with each other, where technically feasible, to form further embodiments within the scope of the present invention. Furthermore, the specific examples and embodiments described herein are non-limiting, and various modifications of the structure, steps and sequence set forth above may be made without departing from the scope of the invention.
In this application, the use of the term "meaning" is intended to include the term "meaning". The use of the definite or indefinite article is not intended to indicate cardinality. In particular, references to "the" object or "an" and "an" object are intended to mean one of many such objects possible. However, although elements of the embodiments of the invention disclosed may be described or claimed in the singular, the plural is contemplated unless limitation to the singular is explicitly stated. Furthermore, the conjunction "or" may be used to convey simultaneous features, rather than mutually exclusive schemes. In other words, the conjunction "or" should be understood to include "and/or". The term "comprising" is inclusive and has the same scope as "comprising".
The above-described embodiments, particularly any "preferred" embodiments, are possible examples of implementations, and are set forth merely for a clear understanding of the principles of the invention. Many variations and modifications may be made to the above-described embodiments without departing substantially from the spirit and principles of the technology described herein. All such modifications are intended to be included within the scope of this disclosure.
Claims (10)
1. A method of host consolidation, the method comprising the steps of:
establishing a plug-in list configuration file, and distributing an access point for each plug-in the plug-in list configuration file;
establishing a plug-in access file, and configuring corresponding adaptive parameters and backspacing instructions for each plug-in the plug-in access file;
loading the plug-in list configuration file and the plug-in access file to establish a plug-in library containing the corresponding relation between the access point and the adaptation parameters and the backspacing instructions of the plug-ins;
scanning host bugs, and calling corresponding access points in the plug-in library according to the scanning result to operate corresponding plug-ins to reinforce the host;
and executing the rollback instruction on the called access point in response to monitoring that the reinforcement fails and/or the host has abnormal operation after the reinforcement.
2. The method of claim 1, further comprising:
and generating logs of the process for scanning the host bugs, the process for calling the corresponding access points in the plug-in library to run the corresponding plug-ins, the information of abnormal operation of the host after the reinforcement failure and/or the reinforcement, and the process for executing the rollback instruction on the called access points, and recording the logs in a persistent memory.
3. The method of claim 1, wherein the creating a plug-in access file, and configuring corresponding adaptation parameters and rollback instructions for each plug-in the plug-in access file further comprises:
adding an encryption configuration item into the adaptation parameters of the plug-in access file and configuring the validity of the encryption configuration item;
and generating an encryption configuration file and/or an encryption plug-in file for the plug-in with the encryption configuration item being valid.
4. The method of claim 1, wherein the loading the plug-in list configuration file and the plug-in access file to establish a plug-in library including a correspondence between the access point and the adaptation parameters and the rollback instructions of the plug-in further comprises:
matching the access point distributed for each plug-in the plug-in list configuration file with the adaptation parameter and the backspacing instruction of the corresponding plug-in the plug-in access file;
and generating the corresponding relation between the access point and the adaptive parameters and the backspacing instructions of the matched plug-ins, and storing the corresponding relation into the plug-in library.
5. The method of claim 4, wherein matching the access points assigned to each plug-in the plug-in list configuration file with the adaptation parameters and fallback instructions for the corresponding plug-in the plug-in access file further comprises:
the plug-in comprises at least one version, one of the at least one version is matched with the access point, and the ID of the access point and the version number of the matched version are used as unique indexes for generating the corresponding relation.
6. The method of claim 1, wherein the executing the fallback instructions to the invoked access point in response to monitoring that the consolidation has failed and/or the host has an abnormal operation after consolidation further comprises:
a unified rollback instruction is executed for all invoked access points to force rollback of all running plug-ins.
7. The method of claim 1, wherein the executing the fallback instructions to the invoked access point in response to monitoring that the consolidation has failed and/or the host has an abnormal operation after consolidation further comprises:
and executing a rollback instruction on the specified access point to force the corresponding plug-in to roll back.
8. The method of claim 1, wherein the scanning for host vulnerabilities and invoking corresponding access points in the plug-in library to run corresponding plug-ins to consolidate the host according to the scan results further comprises:
and responding to the calling of the corresponding access point in the plug-in library, recording the running condition of the corresponding plug-in and outputting the recorded information.
9. An apparatus for host consolidation, the apparatus comprising:
at least one processor; and
memory storing processor-executable program instructions which, when executed by the processor, perform the steps of the host-hardened method of any one of the preceding claims 1 to 8.
10. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the steps of the method of host consolidation of any one of the preceding claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911200920.7A CN111125690B (en) | 2019-11-29 | 2019-11-29 | Method and device for reinforcing host and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911200920.7A CN111125690B (en) | 2019-11-29 | 2019-11-29 | Method and device for reinforcing host and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111125690A CN111125690A (en) | 2020-05-08 |
| CN111125690B true CN111125690B (en) | 2023-01-06 |
Family
ID=70497143
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911200920.7A Active CN111125690B (en) | 2019-11-29 | 2019-11-29 | Method and device for reinforcing host and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111125690B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111737699B (en) * | 2020-05-28 | 2022-05-31 | 苏州浪潮智能科技有限公司 | Kubernetes safety reinforcing system and method based on CIS reference |
| CN111786780A (en) * | 2020-06-23 | 2020-10-16 | 北京思特奇信息技术股份有限公司 | Method, system, medium and equipment for secure password use of shell script |
| CN111814140A (en) * | 2020-07-02 | 2020-10-23 | 杭州万为科技有限责任公司 | Plug-in issuing and offline security authentication method |
| CN112702187A (en) * | 2020-12-04 | 2021-04-23 | 苏州浪潮智能科技有限公司 | Method and device for cluster security reinforcement |
| CN113794735B (en) * | 2021-09-29 | 2023-05-30 | 北京雅丁信息技术有限公司 | Sensitive data security protection method in SAAS system scene |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105446774B (en) * | 2015-11-19 | 2018-11-13 | 广东欧珀移动通信有限公司 | A kind of plug-in unit processing method and user terminal |
| CN105740023B (en) * | 2016-02-02 | 2019-05-03 | Oppo广东移动通信有限公司 | The method, apparatus and intelligent mobile terminal that program version retracts |
| CN107145784B (en) * | 2017-05-04 | 2023-04-04 | 腾讯科技(深圳)有限公司 | Vulnerability scanning method and device and computer readable medium |
-
2019
- 2019-11-29 CN CN201911200920.7A patent/CN111125690B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN111125690A (en) | 2020-05-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111125690B (en) | Method and device for reinforcing host and storage medium | |
| US11784823B2 (en) | Object signing within a cloud-based architecture | |
| EP3889766B1 (en) | Secure firmware upgrade method, device, on-board system, and vehicle | |
| CN109446068B (en) | Interface test method, device, computer equipment and storage medium | |
| US8844043B2 (en) | Detection of vulnerabilities in computer systems | |
| US8707384B2 (en) | Change recommendations for compliance policy enforcement | |
| US10805154B2 (en) | Secure configuration management system | |
| US10341303B2 (en) | Automating the creation and maintenance of policy compliant environments | |
| US8990559B2 (en) | Automating the creation and maintenance of policy compliant environments | |
| CN112860778B (en) | Database management method, device, equipment and medium for desktop application program | |
| CN112328558A (en) | Access log storage method and system of medical system based on block chain | |
| CN111782526A (en) | Interface testing method and device, electronic equipment and storage medium | |
| CN112256532A (en) | Test interface generation method and device, computer equipment and readable storage medium | |
| CN112231674A (en) | Skip verification method and system for URL (Uniform resource locator) address and electronic equipment | |
| CN115499487B (en) | Updating method and device of server configuration file, storage medium and equipment | |
| CN108763934B (en) | Data processing method and device, storage medium and server | |
| CN113515726B (en) | Method and device for preventing enterprise product authorization file from leaking | |
| CN111143399B (en) | Data processing method, device, storage medium and computer equipment | |
| CN115423273A (en) | Enterprise heterogeneous system integration method, device, equipment and storage medium | |
| CN108848165A (en) | Service request processing method, device, computer equipment and storage medium | |
| CN113468217A (en) | Data query management method and device, computer equipment and readable storage medium | |
| CN113642046A (en) | Method and equipment for issuing operation and maintenance lists in batches | |
| CN116149647A (en) | Data interaction method, device, equipment and storage medium | |
| DE102021212994B3 (en) | Method for detecting anomalies indicating tampering during a secure boot process of a software-controlled device | |
| CN112100249B (en) | Data mining method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |