CN111224932B - User management method and device of server out-of-band management system - Google Patents

User management method and device of server out-of-band management system Download PDF

Info

Publication number
CN111224932B
CN111224932B CN201910980276.3A CN201910980276A CN111224932B CN 111224932 B CN111224932 B CN 111224932B CN 201910980276 A CN201910980276 A CN 201910980276A CN 111224932 B CN111224932 B CN 111224932B
Authority
CN
China
Prior art keywords
user
management system
server
abnormal
illegal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910980276.3A
Other languages
Chinese (zh)
Other versions
CN111224932A (en
Inventor
曹城豪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Technology Shenzhen Co Ltd
Original Assignee
Ping An Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Technology Shenzhen Co Ltd filed Critical Ping An Technology Shenzhen Co Ltd
Priority to CN201910980276.3A priority Critical patent/CN111224932B/en
Publication of CN111224932A publication Critical patent/CN111224932A/en
Priority to PCT/CN2020/118362 priority patent/WO2021073415A1/en
Application granted granted Critical
Publication of CN111224932B publication Critical patent/CN111224932B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Abstract

The application discloses a user management method and device of a server out-of-band management system, and relates to the technical field of information security. The method comprises the following steps: according to a user name list maintained by the server out-of-band management system, acquiring illegal users existing in the server out-of-band management system, acquiring abnormal users for creating the illegal users, and storing the user names of the illegal users and unique material identification codes of the abnormal users into an abnormal user list; acquiring the number of times that the unique material identification code is stored in an abnormal user list, and pulling the abnormal user corresponding to the unique material identification code into a blacklist when the number of times reaches a threshold value; and calling a user information management interface of a managed server in the server out-of-band management system through a secure shell protocol, and deleting the illegal user from the managed server. The method and the device can effectively manage the illegal users in the server out-of-band management system and the abnormal users for creating the illegal users.

Description

User management method and device of server out-of-band management system
Technical Field
The present application relates to the field of information security technologies, and in particular, to a user management method and apparatus for a server out-of-band management system, an electronic device, and a computer-readable storage medium.
Background
The out-of-band management refers to that management control information and data information of a network are transmitted through different physical transmission channels, so that the management control information and the data information are independent and do not influence each other, and the out-of-band management system is widely applied to the fields of centralized management of data centers and the like.
At present, a server out-of-band management system can create three users, namely an administerer user, an operator user and a user, wherein each user has different operation permissions on the server out-of-band management system. In the server out-of-band management system, a phenomenon that a large number of illegal users are created by applying for users with higher operation authority easily occurs, and the use and maintenance of the server out-of-band management system are seriously influenced.
Therefore, the problem that a large number of illegal users are easy to appear in the server out-of-band management system is urgently solved.
It is to be noted that the information disclosed in the above background section is only for enhancement of understanding of the background of the present application and therefore may include information that does not constitute prior art known to a person of ordinary skill in the art.
Disclosure of Invention
In order to solve the technical problem, the application provides a user management method and device of a server out-of-band management system, an electronic device and a computer-readable storage medium.
The technical scheme disclosed by the application comprises the following steps:
a user management method of a server out-of-band management system comprises the following steps: according to a user name list maintained by a server out-of-band management system, obtaining an illegal user existing in the server out-of-band management system, obtaining an abnormal user for creating the illegal user, and storing a user name of the illegal user and a unique material identification code of the abnormal user into an abnormal user list; obtaining the times of storing the unique material identification code into the abnormal user list, and pulling the abnormal user corresponding to the unique material identification code into a blacklist when the times reach a threshold value, wherein the blacklist is used for limiting the creation of the abnormal user to a new user; and calling a user information management interface of a managed server in the server out-of-band management system through a secure shell protocol, and deleting the illegal user from the managed server.
In an exemplary embodiment, the obtaining of the illegal user existing in the server out-of-band management system according to the user name list maintained by the server out-of-band management system includes: calling a user information management interface through a secure shell protocol for each managed server in the server out-of-band management system to acquire user names of all users in the managed server; and inquiring the acquired user name in the user name list, and acquiring the user corresponding to the user name of which the result is not inquired as an illegal user.
In an exemplary embodiment, the obtaining of the abnormal user who creates the illegal user includes: acquiring the creation time of an illegal user according to a baseboard management controller configured by the managed server; and inquiring the unique material identification code of the equipment for logging in the bastion machine, and determining that the user corresponding to the unique material identification code closest to the creation time is an abnormal user, wherein the time for logging in the bastion machine by the equipment is within a period of time around the creation time.
In one exemplary embodiment, the method further comprises: acquiring an user name which is not inquired in the user name list, wherein a user corresponding to the user name which is not inquired is a legal user which is deleted abnormally; acquiring the deletion time of the abnormally deleted legal user according to a baseboard management controller configured by the managed server; inquiring a unique material identification code of equipment logging in the bastion machine, and determining that a user corresponding to the unique material identification code closest to the deleting time is an abnormal user, wherein the time for the equipment to log in the bastion machine is within a period of time around the deleting time; pulling the determined abnormal user into the blacklist.
In one exemplary embodiment, the method further comprises: and if the illegal user in the abnormal user list can not be deleted, visually displaying the abnormal user list on a centralized management interface of the server out-of-band management system, and informing a system administrator to manually delete the illegal user.
In one exemplary embodiment, the method further comprises: the method comprises the steps of obtaining a user name which is deleted firstly and then added newly in an audit table through traversing the audit table maintained by the server out-of-band management system in real time; judging whether the user name can log in the server out-of-band management system or not according to a user password which is correspondingly stored for the user name in the audit table, and if so, determining that the user name corresponds to a legal user; otherwise, acquiring the user name corresponding to the illegal user, deleting the illegal user from the server out-of-band management system, and pulling the abnormal user creating the illegal user into a blacklist.
In one exemplary embodiment, the method further comprises: and updating the user passwords managed in the audit table regularly, wherein the user passwords corresponding to each user name in the audit table are different.
A user management apparatus of a server out-of-band management system, comprising: the system comprises a user identification module, a server out-of-band management system and a user management module, wherein the user identification module is used for acquiring an illegal user existing in the server out-of-band management system according to a user name list maintained by the server out-of-band management system, acquiring an abnormal user for creating the illegal user, and storing the user name of the illegal user and a unique material identification code of the abnormal user into an abnormal user list; the abnormal user processing module is used for acquiring the times of storing the unique material identification code into the abnormal user list, and when the times reach a threshold value, pulling the abnormal user corresponding to the unique material identification code into a blacklist which is used for limiting the creation of the abnormal user to a new user; and the illegal user processing module is used for calling a user information management interface of a managed server in the server out-of-band management system through a secure shell protocol and deleting the illegal user from the managed server.
An electronic device comprising a processor and a memory, the memory having stored thereon computer-readable instructions that, when executed by the processor, implement a user management method of a server out-of-band management system as in any preceding item.
A computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements a user management method of a server out-of-band management system as claimed in any preceding item.
The technical scheme provided by the embodiment of the application can have the following beneficial effects:
in the technical scheme, according to the user name list maintained in the server out-of-band management system, the illegal user existing in the server out-of-band management system is obtained, the abnormal user for creating the illegal user is obtained, and the user name of the illegal user and the unique material identification code of the abnormal user are stored in the abnormal user list. And calling a user information management interface of the managed server through a secure shell protocol aiming at the illegal user in the system, and deleting the illegal user from the managed server. And aiming at the abnormal user who creates the illegal user, when the number of times that the unique material identification code of the abnormal user is stored in the abnormal user list reaches a threshold value, the abnormal user is pulled into a blacklist so as to limit the creation of the abnormal user to a new user. Therefore, the method and the device can effectively manage the illegal users in the server out-of-band management system and the abnormal users for creating the illegal users, so that a large number of illegal users cannot appear in the server out-of-band management system.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present application and together with the description, serve to explain the principles of the application.
FIG. 1 is a schematic illustration of an implementation environment to which the present application relates;
FIG. 2 is a diagram illustrating a hardware architecture of a server in accordance with an illustrative embodiment;
FIG. 3 is a flow diagram illustrating a method for user management of a server out-of-band management system in accordance with an exemplary embodiment;
FIG. 4 is a flow chart of one embodiment of step 310 in the embodiment shown in FIG. 3;
FIG. 5 is a flow chart of step 310 in another embodiment of the embodiment shown in FIG. 3;
FIG. 6 is a flowchart illustrating a user management method of a server out-of-band management system in accordance with another exemplary embodiment;
FIG. 7 is a flowchart illustrating a user management method of a server out-of-band management system in accordance with another exemplary embodiment;
FIG. 8 is a block diagram illustrating a user management device of a server out-of-band management system in accordance with an exemplary embodiment.
While certain embodiments of the present application have been illustrated by the accompanying drawings and described in detail below, such drawings and description are not intended to limit the scope of the inventive concepts in any manner, but are rather intended to explain the concepts of the present application to those skilled in the art by reference to the particular embodiments.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present application, as detailed in the appended claims.
Referring to fig. 1, fig. 1 is a schematic diagram illustrating an implementation environment according to an exemplary embodiment, where the implementation environment is a server out-of-band management system. As shown in fig. 1, the server out-of-band management system includes a client 101, a console server 102, a database 103, a BMC (baseboard management controller) 104, and a managed server 105.
The client 101 is configured to provide a centralized management page of a visual server out-of-band management system, and a system administrator can manage the server out-of-band management system by operating the client 101, for example, creating a new user in the server out-of-band management system, deleting an illegal user in the server out-of-band management system, and limiting an operation right of an abnormal user creating the illegal user in the server out-of-band management system.
The console server 102 is a core device for managing the server out-of-band management system, and can not only respond to the user operation in the client 101, but also automatically manage the user in the server out-of-band management system according to the computer program loaded by the console server. Illustratively, a computer program loaded on the console server 102 itself may implement the user management method of the server out-of-band management system described in the following embodiments when executed.
BMC104 is a baseboard management controller, also referred to as a server processor, and is a small operating system independent of the server's own system, and may be, for example, an independent board mounted on the motherboard of managed server 105. While the server out-of-band management system is in operation, the management of managed servers 105 by console server 102 is accomplished by sending commands to BMC 104.
The database 103 is used for providing data support for the console server 102, for example, the database 103 stores data such as a user name list, an abnormal user list, hosted user information (e.g., user name and user password) maintained by the server out-of-band management system.
FIG. 2 is a hardware schematic diagram of a server shown in accordance with an exemplary embodiment. The server may be embodied as console server 102 in the implementation environment shown in FIG. 1.
It should be noted that the server is only an example adapted to the application and should not be considered as providing any limitation to the scope of use of the application. Nor should the server be interpreted as having a need to rely on or have to have one or more components of the exemplary server shown in fig. 2.
The hardware structure of the server may be greatly different due to different configurations or performances, as shown in fig. 2, the server includes: a power supply 210, an interface 230, at least one memory 250, and at least one Central Processing Unit (CPU) 270.
The power supply 210 is used to provide operating voltage for each hardware device on the server.
The interface 230 includes at least one wired or wireless network interface 231, at least one serial-to-parallel conversion interface 233, at least one input/output interface 235, and at least one USB interface 237, etc. for communicating with external devices.
The storage 250 is used as a carrier for resource storage, and may be a read-only memory, a random access memory, a magnetic disk or an optical disk, etc., and the resources stored thereon include an operating system 251, an application 253 or data 255, etc., and the storage manner may be a transient storage or a permanent storage.
The operating system 251 is used for managing and controlling various hardware devices and application programs 253 on the server, so as to implement the computation and processing of the mass data 255 by the central processing unit 270, which may be Windows server, Mac OS XTM, UnixTM, linux, or the like. The application 253 is a computer program that performs at least one specific task on the operating system 251, and may include at least one module (not shown in fig. 2), each of which may contain a series of computer-readable instructions for a server. Data 255 may be interface metadata or the like stored in disk.
The central processor 270 may include one or more processors and is arranged to communicate with the memory 250 via a bus for computing and processing the mass data 255 in the memory 250.
As described in detail above, the server to which the present application is applied will perform the user management method of the server out-of-band management system according to the following embodiments by the central processor 270 reading a series of computer readable instructions stored in the memory 250.
Furthermore, the present application can also be implemented by hardware circuits or hardware circuits in combination with software instructions, and thus, the implementation of the present application is not limited to any specific hardware circuits, software, or a combination of the two.
Referring to fig. 3, fig. 3 is a flowchart illustrating a user management method of a server out-of-band management system according to an exemplary embodiment. The method may be performed by the console server 102 in the implementation environment shown in fig. 1, and the hardware structure of the console server 102 may be as shown in fig. 2.
As shown in fig. 3, in an exemplary embodiment, a user management method of a server out-of-band management system may include the steps of:
step 310, obtaining the illegal user existing in the server out-of-band management system according to the user name list maintained by the server out-of-band management system, obtaining the abnormal user creating the illegal user, and storing the user name of the illegal user and the unique material identification code of the abnormal user into the abnormal user list.
The user name list is a maintainable list configured by the server out-of-band management system, wherein a plurality of legal user names, such as root, ioroot, iopr, ioback, iouser, and the like, are stored in the maintainable list, and a system administrator of the server out-of-band management system or a user having a new user creation authority in the server out-of-band management system needs to create a new user according to the legal user names in the user name list.
That is, the user name of the legal user created by the server out-of-band management system must be included in the user name list, otherwise, the user is an illegal user. Therefore, according to the user name list maintained by the server out-of-band management system, the illegal users in the service out-of-band management system can be obtained and then managed.
According to the creation time of the illegal user, the abnormal user for creating the illegal user in the out-of-band management system can be correspondingly determined, and the abnormal user also needs to be managed.
The abnormal user list is a list maintained by the server out-of-band management system in real time, and the name of the illegal user and the unique material identification code of the abnormal user are stored in the abnormal user list, so that the information summary of the illegal user and the abnormal user in the server out-of-band management system can be realized, and the user management of the server out-of-band management system is facilitated.
It should be noted that the unique Material identifier of the abnormal user refers to the UMID (unique Material identifier) of the device where the abnormal user is located, and the UMIDs of different devices are different.
And 320, acquiring the times of storing the unique material identification code into the abnormal user list, and pulling the abnormal user corresponding to the unique material identification code into a blacklist when the times reach a threshold value, wherein the blacklist is used for limiting the creation of the abnormal user to a new user.
The number of times that the unique material identification code is stored in the abnormal user list represents the number of times that the abnormal user corresponding to the unique material identification code illegally creates a new user. And setting a threshold value for the number of times of storing the unique material identification code into the abnormal user list, wherein the threshold value is used as a condition for forcibly managing the corresponding abnormal user.
When the number of times that the unique identification code is stored in the abnormal user list reaches a preset threshold value, the abnormal user is indicated to create an illegal user for many times, and the abnormal user is most likely to be a user who maliciously applies for a higher operation authority to create the illegal user, so that the abnormal user is pulled into a blacklist.
It should be noted that the blacklist is used to limit the creation of the abnormal user for the new user, for example, limit the abnormal user from creating the new user within a period of time, that is, close the operation authority of the abnormal user for the new user within a period of time, or limit the abnormal user from sending the new user creation application mail to the management center of the server out-of-band management system only, and open the operation authority for creating the new user to the abnormal user only after the system administrator approves the creation of the new user by the abnormal user.
In an exemplary embodiment, different thresholds may be set to limit the creation of new users by anomalous users differently. For example, when the number of times of storing the unique material identification code of the abnormal user into the abnormal user list reaches a first threshold value, the abnormal user is limited not to create a new user within a period of time, and when the number of times reaches a second threshold value, the abnormal user is limited to only send a new user creation application mail to a management center of the server out-of-band management system, and after a system manager approves creation of the new user by the abnormal user, the operation authority for creating the new user is opened to the abnormal user.
Step 330, the user information management interface of the managed server in the server out-of-band management system is called through the secure shell protocol, and the illegal user is deleted from the managed server.
The secure shell protocol is an ssh (secure shell) protocol, is a secure protocol established on the basis of an application layer, is suitable for providing security for a remote login session and other services, and can effectively prevent the problem of information leakage in the remote management process. The server out-of-band management system adopts the safety protocol, so that the console server and other managed servers establish safety communication, and the safety management of the managed servers is realized.
The user information management interface of the managed server refers to a phylon interface of the managed server, which is an interface for the managed server to manage the user information of the user existing in the managed server, for example, the user information interface may be called to obtain the user names of all users in the managed server, or the user in the managed server may be deleted.
In the embodiment, the user information management interface of the managed server in the server out-of-band system is called through the secure shell protocol, and the illegal user stored with the user name in the abnormal user list is deleted from the corresponding managed server, so that the illegal user is deleted from the server out-of-band management system.
If the illegal user in the managed server can not be deleted through the operation, system management personnel need to be informed to manually delete the illegal user in a centralized management interface provided by the server out-of-band management system, or the operation authority for currently executing the deletion of the illegal user is improved, so that the illegal user is ensured to be completely deleted from the server out-of-band management system. Illustratively, the abnormal user list may be visually displayed on a centralized management interface of the server out-of-band management system, and a system administrator may be notified to manually delete the illegal user.
In addition, after the deletion of the illegal user is executed and the abnormal user is pulled into the blacklist, a corresponding mark can be added in the abnormal user list so as to record corresponding operations executed by the server out-of-band management system for the illegal user and the abnormal user in the abnormal user list.
The abnormal user list can also be visually displayed on the centralized management interface, so that system management personnel can conveniently know the number, the states and the like of illegal users and abnormal users currently existing in the server out-of-band management system from the centralized management page.
Therefore, in this embodiment, for an illegal user existing in the server out-of-band management system, the user information management interface of the managed server is called through the secure shell protocol to delete the illegal user, and for an abnormal user creating the illegal user, when the number of times of storing the unique material identification code of the abnormal user into the abnormal user list reaches the threshold value, the abnormal user is pulled into the blacklist, so as to limit the creation of the abnormal user to a new user, effectively manage the illegal user in the server out-of-band management system and the abnormal user creating the illegal user, and prevent a large number of illegal users from appearing in the server out-of-band management system.
In further exemplary embodiments, the above steps 210 and 250 may be performed at a set frequency, thereby causing the server out-of-band management system to automatically and periodically perform the corresponding user management operation.
Illustratively, the server out-of-band management system acquires illegal users existing in the server out-of-band management system according to the maintained user name list according to the set first frequency, acquires abnormal users for creating the illegal users, and stores the user names of the illegal users and the unique material identification codes of the abnormal users into the abnormal user list. That is, the present embodiment will periodically acquire the illegal user and the abnormal user existing in the server out-of-band management system according to the set first frequency.
And the server out-of-band management system calls a user information management interface of the managed server through a secure shell protocol according to the set second frequency, and deletes the illegal user from the managed server. That is, the present embodiment will periodically delete the illegal user according to the set second frequency.
It should be noted that the first frequency and the second frequency set in this embodiment may be the same or different, and this is not limited herein.
As shown in fig. 4, in an exemplary embodiment, the process of obtaining an illegal user existing in the server out-of-band management system according to the user name list maintained by the server out-of-band management system may specifically include the following steps:
step 311, for each managed server in the server out-of-band management system, a user information management interface is called through a secure shell protocol, and user names of all users in the managed server are obtained.
As described above, the user information management interface is an interface for the managed server to perform user information management on the user that is present in the managed server, and the user names of all users in each managed server can be obtained by calling the user information management interface of each managed server through the secure shell protocol.
In an exemplary embodiment, the user management interface of each managed server is determined by acquiring hardware information of all managed servers in the server out-of-band management system according to a hardware information list of the managed servers configured in the server out-of-band management system and then according to the acquired hardware information.
The managed server hardware information list configured in the server out-of-band management system may include a managed server host hardware list, a managed server brand model list, and the like, where the managed server host hardware list stores host serial numbers of all managed servers, and the managed server brand model list stores hardware information of all managed servers, such as brands, models, and the like. Therefore, the hardware information of all managed servers in the server out-of-band management system can be acquired according to the hardware information list of the managed servers configured in the server out-of-band management system.
The server out-of-band management system is also provided with a user information management interface configuration list which maps the user information management interface of each managed server with the hardware information thereof, so that the user information management interface of the managed server can be correspondingly acquired according to the acquired hardware information of the managed server.
And step 312, querying the obtained user name in the user name list, and obtaining that the user corresponding to the user name of which the result is not queried is an illegal user.
As described above, the user names stored in the user name list are user names corresponding to all valid users, and therefore, after the user names of all users in each managed server are obtained, by querying the obtained user names in the user name list, it can be queried that if the user name exists in the user name list, the corresponding user is a valid user. Similarly, if the user name cannot be queried in the user name list, the user corresponding to the user name is an illegal user.
Therefore, according to the user name list configured in the server out-of-band management system, the embodiment realizes the acquisition of the illegal user in the server out-of-band management system, and can accurately acquire the managed server specifically existing in the illegal user.
As shown in fig. 5, in an exemplary embodiment, the process of obtaining an abnormal user creating an illegal user may include the steps of:
step 315, obtaining the creation time of the illegal user according to the baseboard management controller configured by the managed server.
The BMC is a small operating system independent of the system of the managed server itself. Because the server out-of-band management system completes the management of the managed server by sending a command to the baseboard management controller, the acquisition of the creation time of the illegal user in the managed server needs to be realized according to the basic management controller configured correspondingly.
And step 316, inquiring the unique material identification code of the equipment logging in the bastion machine, and determining that the user corresponding to the unique material identification code closest to the creation time of the illegal user is an abnormal user, wherein the time for the equipment to log in the bastion machine is within a period of time around the creation time of the illegal user.
When the computer device accesses the managed server, the bastion machine needs to log in the bastion machine correspondingly arranged by the managed server, and then the bastion machine can access the managed server under the condition that the bastion machine can normally log in the bastion machine.
Therefore, the user corresponding to the unique material identification code closest to the creation time of the illegal user can be determined as the abnormal user by inquiring the unique material identification code of the equipment logging in the bastion machine within a period of time around the creation time of the illegal user.
In addition, after the abnormal user is determined, a warning mail can be sent to the device where the abnormal user is located to warn the abnormal user to stop the creation operation of the illegal user, otherwise, when the number of created illegal users reaches a threshold value, the user authority of the abnormal user is correspondingly limited.
In an exemplary embodiment, the unique material identification codes of the devices logged into the bastion machine within a period of time around the creation time of the illegal user can be obtained by inquiring through a manufacturer interface configured by the management server, and the configured manufacturer interfaces are correspondingly different for the managed servers produced by different manufacturers.
Therefore, the method provided by the embodiment can correspondingly acquire the abnormal user which creates the illegal user in the managed server.
As shown in fig. 6, in an exemplary embodiment, the user management method of the server out-of-band management system further includes the following steps:
step 410, obtaining the user name which is not queried in the user name list, wherein the user corresponding to the user name which is not queried is a legal user which is abnormally deleted;
step 420, obtaining the deleting time of the abnormal deleted legal user according to the baseboard management controller configured by the managed server;
step 430, inquiring the unique material identification code of the equipment for logging in the bastion machine, and determining that the user corresponding to the unique material identification code closest to the deletion time of the legal user is an abnormal user, wherein the time for logging in the bastion machine by the equipment is within a period of time around the deletion time of the legal user;
step 440, pull the determined abnormal user into the blacklist.
The number of users of legal users maintained by the user name list is limited, and the server out-of-band management system should contain the user name of each legal user in the user name list. Therefore, when querying in the user name list according to the user name obtained from the managed server in step 330, the name of each legitimate user in the user name list should be queried at least once.
If a certain user name in the user name list is not inquired, the user name is a legal user which is abnormally deleted.
Therefore, according to the baseboard management controller configured by the management server, the deleting time of the abnormal deleted legal user can be obtained, then the user corresponding to the unique material identification code which is closest to the deletion of the legal user is determined to be the abnormal user by inquiring the unique material identification code of the equipment which logs in the bastion machine in a period of time around the deleting time of the legal user.
The creation authority of the determined abnormal user to the new user can be limited by pulling the determined abnormal user into the blacklist, so that the further management of the user in the server out-of-band management system is realized.
As shown in fig. 7, in an exemplary embodiment, the user management method of the server out-of-band management system further includes the following steps:
and step 510, obtaining the user name which is deleted firstly and then added newly in the audit table by traversing the audit table maintained by the server out-of-band management system in real time.
The audit table is used for centrally recording all management and maintenance data in the server out-of-band management system, and the server out-of-band management system maintains the audit table in real time, so that the name of a user which is deleted firstly and then added newly in the server out-of-band management system can be obtained by traversing the audit table.
And step 520, judging whether the user name can log in the server out-of-band management system or not according to the user password which is correspondingly stored for the user name in the audit table.
The audit table also stores user passwords corresponding to the user names of the legal users in the server out-of-band management system correspondingly so as to manage the user passwords corresponding to the legal users in the server out-of-band management system.
Therefore, for the user name that is obtained in step 510 and is deleted before being added, the corresponding user password may also be obtained from the audit table, and then it is determined whether the user name and the user password can log in the out-of-band management system of the server. If so, the jump performs step 530, otherwise the jump performs step 540.
Step 530, determining that the user corresponding to the user name is a legal user.
If the user name and the user password obtained in step 520 can log in the server out-of-band management system, it indicates that the user corresponding to the user name is created again after being deleted by mistake, and the user is allowed to exist in the server out-of-band management system, so that the user corresponding to the user name is determined to be a legal user.
And 540, acquiring that the user corresponding to the user name is an illegal user, deleting the illegal user from the server out-of-band management system, and pulling the abnormal user creating the illegal user into a blacklist.
If the user cannot log in the server out-of-band management system according to the obtained user name and user password in step 520, it indicates that the user is illegally created by an abnormal user, and the user is determined to be an illegal user, so that the illegal user needs to be deleted from the server out-of-band management system, and the abnormal user creating the illegal user needs to be pulled into a blacklist.
Therefore, the embodiment is suitable for the abnormal situation of the new user who recreates the same user name after deleting the legal user in the server out-of-band management system, and further realizes the user management of the server out-of-band management system.
In another exemplary embodiment, in order to ensure the security of the user password of each legal user in the server out-of-band management system, the user passwords hosted in the audit table are also updated regularly, and the corresponding user passwords of each legal user are different from each other, thereby avoiding the situation that the user passwords stored in the audit table are stolen maliciously.
Illustratively, the user password may be stored in the form of a base64 code in the audit table.
FIG. 8 is a block diagram illustrating a user management device of a server out-of-band management system in accordance with an exemplary embodiment. As shown in fig. 8, the apparatus includes a subscriber identification module 610, an abnormal subscriber handling module 620, and an illegal subscriber handling module 630.
The user identification module 610 is configured to obtain an illegal user existing in the server out-of-band management system according to a user name list maintained by the server out-of-band management system, obtain an abnormal user creating the illegal user, and store a user name of the illegal user and a unique material identification code of the abnormal user in an abnormal user list.
The abnormal user processing module 620 is configured to obtain the number of times that the unique material identification code is stored in the abnormal user list, and when the number of times reaches a threshold value, pull the abnormal user corresponding to the unique material identification code into a blacklist, where the blacklist is used to limit the creation of the abnormal user on a new user.
The illegal user processing module 630 is configured to invoke a user information management interface of a managed server in the server out-of-band management system through a secure shell protocol, and delete the illegal user from the managed server.
In another exemplary embodiment, the user identification module 610 includes a user name acquisition unit and a user name query unit.
The user name acquisition unit is used for calling a user information management interface through a secure shell protocol for each managed server in the server out-of-band management system to acquire the user names of all users in the managed server.
And the user name query unit is used for querying the acquired user name in the user name list and acquiring the user corresponding to the user name of which the result is not queried as an illegal user.
In another exemplary embodiment, the subscriber identification module 610 further includes a creation time acquisition unit and an abnormal subscriber determination unit.
The creation time acquisition unit is used for acquiring the creation time of an illegal user according to the baseboard management controller configured by the managed server.
The abnormal user determining unit is used for inquiring the unique material identification code of the equipment for logging in the bastion machine, determining that the user corresponding to the unique material identification code closest to the creation time is an abnormal user, and the time for logging in the bastion machine by the equipment is within a period of time around the creation time.
In another exemplary embodiment, the user management apparatus of the server out-of-band management system further includes a valid user acquiring module, a deletion time acquiring module, an abnormal user querying module, and a blacklisting module.
The legal user obtaining module is used for obtaining the user name which is not inquired in the user name list, and the user corresponding to the user name which is not inquired is the legal user which is deleted abnormally.
And the deletion time acquisition module is used for acquiring the deletion time of the abnormal deleted legal user according to the baseboard management controller configured by the managed server.
And the abnormal user query module is used for querying the unique material identification code of the equipment for logging in the bastion machine, and determining that the user corresponding to the unique material identification code closest to the deletion time is an abnormal user, wherein the time for logging in the bastion machine by the equipment is within a period of time around the deletion time.
And the blacklist adding module is used for pulling the determined abnormal user into the blacklist.
In another exemplary embodiment, the user management apparatus of the server out-of-band management system further includes a visual display module, where the visual display module is configured to visually display the abnormal user list on a centralized management interface of the server out-of-band management system and notify a system administrator of manually deleting an illegal user when the illegal user in the abnormal user list cannot be deleted.
In another exemplary embodiment, the user management apparatus of the server out-of-band management system further includes an audit table traversal module, a login judgment module, a valid user determination module, and an invalid user determination module.
And the audit table traversal module is used for acquiring the user name which is deleted firstly and then added newly in the audit table by traversing the audit table maintained by the server out-of-band management system in real time.
And the login judging module is used for judging whether the user name can log in the server out-of-band management system according to the user password which is correspondingly stored for the user name in the audit table.
And the legal user determining module is used for determining that the user name corresponds to a legal user under the condition that the login judging module judges that the user name corresponds to the legal user.
And the illegal user determining module is used for acquiring that the user name corresponds to the illegal user under the condition that the login judging module judges that the user name does not correspond to the illegal user, deleting the illegal user from the server out-of-band management system, and pulling the abnormal user for creating the illegal user into a blacklist.
In another exemplary embodiment, the user management apparatus of the server out-of-band management system further includes a password updating module, where the password updating module is configured to periodically update the user passwords hosted in the audit table, and the user password corresponding to each user name in the audit table is different.
It should be noted that the apparatus provided in the foregoing embodiment and the method provided in the foregoing embodiment belong to the same concept, and the specific manner in which each module performs operations has been described in detail in the method embodiment, and is not described again here.
In an exemplary embodiment, the present application further provides an electronic device comprising a processor and a memory, the memory having stored thereon computer readable instructions which, when executed by the processor, implement the user management method of the server out-of-band management system as described above.
In an exemplary embodiment, the present application further provides a computer readable storage medium having a computer program stored thereon, which when executed by a processor, implements the user management method of the server out-of-band management system as described above.
It will be understood that the present application is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the application is limited only by the appended claims.

Claims (10)

1. A user management method of a server out-of-band management system is characterized by comprising the following steps:
according to a user name list maintained by a server out-of-band management system, obtaining an illegal user existing in the server out-of-band management system, obtaining an abnormal user for creating the illegal user, and storing a user name of the illegal user and a unique material identification code of the abnormal user into an abnormal user list, wherein the user name list comprises a legal user name;
obtaining the times of storing the unique material identification code into the abnormal user list, and pulling the abnormal user corresponding to the unique material identification code into a blacklist when the times reach a threshold value, wherein the blacklist is used for limiting the creation of the abnormal user to a new user;
and calling a user information management interface of a managed server in the server out-of-band management system through a secure shell protocol, and deleting the illegal user from the managed server.
2. The method according to claim 1, wherein the obtaining of the illegal user existing in the server out-of-band management system according to the user name list maintained by the server out-of-band management system comprises:
calling a user information management interface through a secure shell protocol for each managed server in the server out-of-band management system to acquire user names of all users in the managed server;
and inquiring the acquired user name in the user name list, and acquiring the user corresponding to the user name of which the result is not inquired as an illegal user.
3. The method of claim 2, wherein the obtaining of the abnormal user that created the illegal user comprises:
acquiring the creation time of an illegal user according to a baseboard management controller configured by the managed server;
and inquiring the unique material identification code of the equipment for logging in the bastion machine, and determining that the user corresponding to the unique material identification code closest to the creation time is an abnormal user, wherein the time for logging in the bastion machine by the equipment is within a period of time around the creation time.
4. The method of claim 2, further comprising:
acquiring an user name which is not inquired in the user name list, wherein a user corresponding to the user name which is not inquired is a legal user which is deleted abnormally;
acquiring the deletion time of the abnormally deleted legal user according to a baseboard management controller configured by the managed server;
inquiring a unique material identification code of equipment for logging in the bastion machine, and determining that a user corresponding to the unique material identification code closest to the deleting time is an abnormal user, wherein the time for logging in the bastion machine by the equipment is within a period of time around the deleting time;
pulling the determined abnormal user into the blacklist.
5. The method of claim 1, further comprising:
and if the illegal user in the abnormal user list can not be deleted, visually displaying the abnormal user list on a centralized management interface of the server out-of-band management system, and informing a system administrator to manually delete the illegal user.
6. The method of claim 1, further comprising:
the method comprises the steps of obtaining a user name which is deleted firstly and then added newly in an audit table through traversing the audit table maintained by the server out-of-band management system in real time;
judging whether the user name can log in the server out-of-band management system or not according to a user password which is stored correspondingly for the user name in the audit table, and if so, determining that the user corresponding to the user name is a legal user;
otherwise, acquiring the user corresponding to the user name as an illegal user, deleting the illegal user from the server out-of-band management system, and pulling the abnormal user for creating the illegal user into a blacklist.
7. The method of claim 6, further comprising:
and updating the user passwords managed in the audit table regularly, wherein the user passwords corresponding to each user name in the audit table are different.
8. A user management apparatus of a server out-of-band management system, comprising:
the system comprises a user identification module, a server out-of-band management system and a user identification module, wherein the user identification module is used for acquiring an illegal user existing in the server out-of-band management system according to a user name list maintained by the server out-of-band management system, acquiring an abnormal user for creating the illegal user, and storing a user name of the illegal user and a unique material identification code of the abnormal user into an abnormal user list, wherein the user name list comprises a legal user name;
the abnormal user processing module is used for acquiring the times of storing the unique material identification code into the abnormal user list, and when the times reach a threshold value, pulling the abnormal user corresponding to the unique material identification code into a blacklist which is used for limiting the creation of the abnormal user to a new user;
and the illegal user processing module is used for calling a user information management interface of a managed server in the server out-of-band management system through a secure shell protocol and deleting the illegal user from the managed server.
9. An electronic device, comprising:
a memory storing computer readable instructions;
a processor to read computer readable instructions stored by the memory to perform the method of any of claims 1-7.
10. A computer-readable storage medium having computer-readable instructions stored thereon, which, when executed by a processor of a computer, cause the computer to perform the method of any one of claims 1-7.
CN201910980276.3A 2019-10-15 2019-10-15 User management method and device of server out-of-band management system Active CN111224932B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201910980276.3A CN111224932B (en) 2019-10-15 2019-10-15 User management method and device of server out-of-band management system
PCT/CN2020/118362 WO2021073415A1 (en) 2019-10-15 2020-09-28 User management method and device for server out-of-band management system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910980276.3A CN111224932B (en) 2019-10-15 2019-10-15 User management method and device of server out-of-band management system

Publications (2)

Publication Number Publication Date
CN111224932A CN111224932A (en) 2020-06-02
CN111224932B true CN111224932B (en) 2022-01-04

Family

ID=70827505

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910980276.3A Active CN111224932B (en) 2019-10-15 2019-10-15 User management method and device of server out-of-band management system

Country Status (2)

Country Link
CN (1) CN111224932B (en)
WO (1) WO2021073415A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111224932B (en) * 2019-10-15 2022-01-04 平安科技(深圳)有限公司 User management method and device of server out-of-band management system
CN117118799B (en) * 2023-10-20 2024-02-27 杭州优云科技有限公司 Out-of-band management method and device for server cluster and electronic equipment

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102571380A (en) * 2010-12-16 2012-07-11 北京博阳世通信息技术有限公司 Multi-instance GIS platform unified user management method and system
CN102970284A (en) * 2012-11-05 2013-03-13 北京奇虎科技有限公司 User information processing method and server
CN105743997A (en) * 2016-04-06 2016-07-06 杭州沃趣网络科技有限公司 Method for achieving Web Console out-of-band management system
WO2016179348A1 (en) * 2015-05-07 2016-11-10 Alibaba Group Holding Limited Mehtod, device and server for managing user login sessions
CN106161082A (en) * 2016-06-13 2016-11-23 浪潮(北京)电子信息产业有限公司 The method to set up of server UUID, system and baseboard management controller
CN107135195A (en) * 2017-02-20 2017-09-05 平安科技(深圳)有限公司 The detection method and device of abnormal user account
CN108769026A (en) * 2018-05-31 2018-11-06 康键信息技术(深圳)有限公司 User account detecting system and method
CN110098952A (en) * 2019-03-25 2019-08-06 同盾控股有限公司 A kind of management method and device of server

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7171467B2 (en) * 2002-06-13 2007-01-30 Engedi Technologies, Inc. Out-of-band remote management station
CN105897471A (en) * 2016-04-05 2016-08-24 浪潮电子信息产业股份有限公司 Out-of-band management system and out-of-band management method
CN107450976A (en) * 2017-09-20 2017-12-08 北京仿真中心 A kind of user Explore of Unified Management Ideas of high performance computing system
CN109698809B (en) * 2017-10-20 2021-04-02 中移(苏州)软件技术有限公司 Method and device for identifying abnormal login of account
CN108092975B (en) * 2017-12-07 2020-09-22 上海携程商务有限公司 Abnormal login identification method, system, storage medium and electronic equipment
CN108282490B (en) * 2018-02-09 2021-07-09 深圳壹账通智能科技有限公司 Processing method and device for abnormal registered user, computer equipment and storage medium
CN109547427B (en) * 2018-11-14 2023-03-28 平安普惠企业管理有限公司 Blacklist user identification method and device, computer equipment and storage medium
CN110443013A (en) * 2019-07-08 2019-11-12 苏州浪潮智能科技有限公司 A kind of server outband management method, equipment and the medium of permission control
CN111224932B (en) * 2019-10-15 2022-01-04 平安科技(深圳)有限公司 User management method and device of server out-of-band management system

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102571380A (en) * 2010-12-16 2012-07-11 北京博阳世通信息技术有限公司 Multi-instance GIS platform unified user management method and system
CN102970284A (en) * 2012-11-05 2013-03-13 北京奇虎科技有限公司 User information processing method and server
WO2016179348A1 (en) * 2015-05-07 2016-11-10 Alibaba Group Holding Limited Mehtod, device and server for managing user login sessions
CN105743997A (en) * 2016-04-06 2016-07-06 杭州沃趣网络科技有限公司 Method for achieving Web Console out-of-band management system
CN106161082A (en) * 2016-06-13 2016-11-23 浪潮(北京)电子信息产业有限公司 The method to set up of server UUID, system and baseboard management controller
CN107135195A (en) * 2017-02-20 2017-09-05 平安科技(深圳)有限公司 The detection method and device of abnormal user account
CN108769026A (en) * 2018-05-31 2018-11-06 康键信息技术(深圳)有限公司 User account detecting system and method
CN110098952A (en) * 2019-03-25 2019-08-06 同盾控股有限公司 A kind of management method and device of server

Also Published As

Publication number Publication date
WO2021073415A1 (en) 2021-04-22
CN111224932A (en) 2020-06-02

Similar Documents

Publication Publication Date Title
CN108521347B (en) Industrial control operation and maintenance behavior auditing method, device and system
US8254579B1 (en) Cryptographic key distribution using a trusted computing platform
EP3511822A1 (en) Method and system for managing access to artifacts in a cloud computing environment
US7971232B2 (en) Setting group policy by device ownership
CN102622311B (en) USB (universal serial bus) mobile memory device access control method, USB mobile memory device access control device and USB mobile memory device access control system
US20150082016A1 (en) Methods, systems, and computer readable mediums for updating components in a converged infrastructure system
CN111224932B (en) User management method and device of server out-of-band management system
CN115203653A (en) Associating user accounts with enterprise workspaces
CN110069911B (en) Access control method, device, system, electronic equipment and readable storage medium
CN107786551B (en) Method for accessing intranet server and device for controlling access to intranet server
CN116011005A (en) Method and system for preventing phishing or luxury software attacks
US20160285998A1 (en) Multiuser device staging
CN108289074B (en) User account login method and device
WO2015039562A1 (en) Method and device for account information processing
CN113839966B (en) Security management system based on micro-service
CN108494749B (en) Method, device and equipment for disabling IP address and computer readable storage medium
US11283794B2 (en) Method for monitoring activity of database server administrator in enterprise resource planning system and the tamper-proof enterprise resource planning system
US11411813B2 (en) Single user device staging
CN114861160A (en) Method, device, equipment and storage medium for improving non-administrator account authority
CN114564706A (en) User authority management method and device, electronic equipment and storage medium
KR101757202B1 (en) Method for managing a password of image information processing apparatus, and computer readable recording medium applying the same
CN114070856A (en) Data processing method, device and system, operation and maintenance auditing equipment and storage medium
CN111723401A (en) Data access authority control method, device, system, storage medium and equipment
CN111723363A (en) Data export method and device
KR100514139B1 (en) Querying method of applying security function to ODBC and apparatus thereof

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
REG Reference to a national code

Ref country code: HK

Ref legal event code: DE

Ref document number: 40030933

Country of ref document: HK

SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant