CN111800295A - Server audit management method, device and system - Google Patents
Server audit management method, device and system Download PDFInfo
- Publication number
- CN111800295A CN111800295A CN202010581493.8A CN202010581493A CN111800295A CN 111800295 A CN111800295 A CN 111800295A CN 202010581493 A CN202010581493 A CN 202010581493A CN 111800295 A CN111800295 A CN 111800295A
- Authority
- CN
- China
- Prior art keywords
- information
- server
- log
- operation instruction
- audit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012550 audit Methods 0.000 title claims abstract description 204
- 238000007726 management method Methods 0.000 title claims abstract description 161
- 238000000034 method Methods 0.000 claims abstract description 31
- 230000006870 function Effects 0.000 description 24
- 238000010586 diagram Methods 0.000 description 9
- 239000000463 material Substances 0.000 description 5
- 239000002699 waste material Substances 0.000 description 4
- 238000012217 deletion Methods 0.000 description 3
- 230000037430 deletion Effects 0.000 description 3
- 238000004590 computer program Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/069—Management of faults, events, alarms or notifications using logs of notifications; Post-processing of notifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/104—Grouping of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/168—Implementing security features at a particular protocol layer above the transport layer
Abstract
The invention provides a server audit management method, a device and a system, wherein the method comprises the following steps: receiving an operation instruction from a user terminal; acquiring user account information and function role information from an operation instruction; acquiring operation information for describing an operation type and an operation object corresponding to an operation instruction; recording user account information, function role information and operation information as a log into a pre-established audit log file; forwarding the operation instruction to a target server; receiving operation execution information from the target server, wherein the operation execution information is used for describing a result of the target server executing the operation instruction; recording the operation execution information, the user account information and the function role information as a log into an audit log file; and forwarding the operation execution information to the user terminal. The scheme can improve the efficiency of audit management of the server.
Description
Technical Field
The invention relates to the technical field of computers, in particular to a method, a device and a system for server audit management.
Background
In recent years, the continuous growth of the scale of companies, especially the rapid development and the widespread use of advanced computer technology, has brought about a great challenge to the fields of very dense computers and networks of companies. Therefore, it is important to collect and monitor the system status, security events, and network activities of each component in the network environment in real time so as to process and audit in time.
However, auditing management of the server is a very complicated process, and the traditional method for realizing the auditing of the board skipping machine based on the operation identifiers such as the functional roles wastes human and material resources and is easy to make mistakes. The Chinese invention patent application with application number 201310084510.7 discloses a method and a system for managing services in an internet data center, which is mainly characterized in that audit management is performed based on operation identifiers such as real-name accounts and functional roles, and the terminals acquire the identifiers such as the real-name accounts, the functional roles and the operations to be executed and send the identifiers to a trigger so as to realize the services included in a management server.
Aiming at the existing method for server audit management, the execution of the auditing process of the springboard machine based on the operation identifiers such as functional roles is complicated, manpower and material resources are wasted, and the increase of the number of business personnel and the access times affects the efficiency of server audit management.
Disclosure of Invention
The invention provides a server audit management method, device and system, which can improve the efficiency of server audit management.
In a first aspect, an embodiment of the present invention provides a server audit management method, including:
receiving an operation instruction from a user terminal, wherein the operation instruction is used for operating a target server;
acquiring user account information and functional role information from the operation instruction, wherein the user account information is used for identifying a user of the user terminal, and the functional role information is used for identifying the authority of the user;
acquiring operation information for describing an operation type and an operation object corresponding to the operation instruction;
recording the user account information, the role information and the operation information as a log in a pre-established audit log file;
forwarding the operation instruction to the target server;
receiving operation execution information from the target server, wherein the operation execution information is used for describing a result of the target server executing the operation instruction;
recording the operation execution information, the user account information and the role information as a log in the audit log file;
and forwarding the operation execution information to the user terminal.
Optionally, the server audit management method further includes:
receiving a log query request from a management terminal;
acquiring the user account information included in the log query request;
searching at least one log comprising the user account information from the audit log file;
and sending the at least one found log to the management terminal so that the management terminal can display the at least one log to an administrator.
Alternatively,
the forwarding the operation instruction to the target server includes:
sending the operation instruction to the target server through an encrypted network SSH protocol;
the receiving operation execution information from the target server includes:
receiving the operation execution information from the target server through the SSH protocol.
Optionally, before the storing the operation execution information, the user account information, and the role information as a log in the audit log file, the method further includes: acquiring an instruction identifier included in the operation execution information, wherein the instruction identifier is used for identifying the operation instruction;
and acquiring the user account information and the function role information corresponding to the operation instruction from the audit log file according to the instruction identifier.
In a second aspect, an embodiment of the present invention further provides a server audit management apparatus, including: the device comprises a receiving unit, a first obtaining unit, a first recording unit, a first forwarding unit, a second recording unit and a second forwarding unit;
the receiving unit is used for receiving an operation instruction from a user terminal, wherein the operation instruction is used for operating a target server;
the first obtaining unit is configured to obtain user account information and role information from the operation instruction received by the receiving unit, and obtain operation information for describing an operation type and an operation object corresponding to the operation instruction, where the user account information is used to identify a user of the user terminal, and the role information is used to identify a right of the user;
the first recording unit is configured to record the user account information, the role information, and the operation information, which are acquired by the first acquiring unit, as a log into a pre-created audit log file;
the first forwarding unit is configured to forward the operation instruction received from the receiving unit to the target server;
the receiving unit is further configured to receive operation execution information from the target server, where the operation execution information is used to describe a result of the target server executing the operation instruction;
the second recording unit is configured to record the user account information, the role information, and the operation execution information received by the receiving unit as a log in the audit log file;
the second forwarding unit is configured to forward the operation execution information received by the receiving unit to the user terminal.
Optionally, the server audit management device further includes: the device comprises a second acquisition unit, a search unit and a sending unit;
the receiving unit is further used for receiving a log query request from the management terminal;
the second obtaining unit is configured to obtain the user account information included in the log query request received by the receiving unit;
the searching unit is configured to search the audit log file for at least one log including the user account information acquired by the second acquiring unit;
the sending unit is configured to send the at least one log found by the finding unit to the management terminal, so that the management terminal displays the at least one log to an administrator.
Alternatively,
the first forwarding unit is configured to send the operation instruction to the target server through an encrypted SSH protocol;
the receiving unit is configured to receive the operation execution information from the target server through the SSH protocol.
Optionally, the server audit management apparatus further includes: a third acquisition unit and a fourth acquisition unit;
the third obtaining unit is configured to obtain an instruction identifier included in the operation execution information received by the receiving unit before the second recording unit records the operation execution information, the user account information, and the role information as a log and stores the log in the audit log file, where the instruction identifier is used to identify the operation instruction;
and the fourth obtaining unit is used for obtaining the user account information and the function role information corresponding to the operation instruction from the audit log file according to the instruction identifier obtained by the third obtaining unit.
In a third aspect, an embodiment of the present invention further provides a server audit management system, including: the system comprises any one server audit management device, at least one user terminal and at least one server, wherein the user terminal is used for sending an operation instruction to the server audit management device and receiving operation execution information from the server audit management device, the operation instruction is used for operating a target server in the at least one server, and the operation execution information is used for describing a result of the target server executing the operation instruction;
and the server is used for receiving the operation instruction from the server audit management device, executing corresponding operation according to the operation instruction, and sending the operation execution information for describing an execution result to the server audit management device.
Optionally, the server audit management system further comprises: at least one management terminal;
the management terminal is used for sending a log query request to the server audit management device, receiving at least one log returned by the server audit management device according to the log query request, and displaying the received at least one log.
According to the technical scheme, when the user terminal sends the operation instruction to the target server for operation, the operation instruction of the user terminal is received, the user account information, the function role information, the operation information of the operation type and the operation object corresponding to the operation instruction are obtained from the operation instruction, the operation information is recorded in a pre-established audit log file as a log, and the operation instruction is forwarded to the target server. And when the target server receives the operation instruction and executes corresponding operation according to the operation instruction, receiving operation execution information from the target server, wherein the operation execution information is used for describing the result of the target server executing the operation instruction, recording the operation execution information, the user account information and the function role information as a log in an audit log file, and forwarding the operation execution information to the user terminal. In the whole process, user account information and functional role information included in the operation instruction of all the user terminals and operation information used for describing the operation type and the operation object corresponding to the operation instruction are recorded into a pre-created audit log file as logs, and similarly, the result of executing the operation instruction sent by all the target servers aiming at the user terminal, the user account information and the functional role information are recorded into the audit log file as a log. On one hand, all operation instructions of each user terminal and each server and operation execution information executed aiming at the operation instructions are recorded in an audit file in real time, so that the integrity of server audit management is ensured; on the other hand, the audit management process is simple, waste of manpower and material resources is avoided, the situation of disordered server audit management caused by increase of company personnel or the number of servers is avoided, and the efficiency of server audit management is improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
FIG. 1 is a flow chart of a method for server audit management according to an embodiment of the present invention;
FIG. 2 is a flow diagram of another method for server audit management according to an embodiment of the present invention;
fig. 3 is a flowchart of a method for acquiring user account information and role information according to an embodiment of the present invention;
fig. 4 is a schematic diagram of an apparatus where a server audit management device is located according to an embodiment of the present invention;
FIG. 5 is a schematic diagram of a server audit management device according to an embodiment of the present invention;
FIG. 6 is a schematic diagram of another server audit management arrangement provided by an embodiment of the present invention;
FIG. 7 is a schematic diagram of another server audit management apparatus according to an embodiment of the present invention;
FIG. 8 is a schematic diagram of a server audit management system according to an embodiment of the present invention;
FIG. 9 is a schematic diagram of another server audit management system provided by an embodiment of the present invention;
FIG. 10 is a flow chart of another method for server audit management according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer and more complete, the technical solutions in the embodiments of the present invention will be described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention, and based on the embodiments of the present invention, all other embodiments obtained by a person of ordinary skill in the art without creative efforts belong to the scope of the present invention.
As shown in fig. 1, an embodiment of the present invention provides a server audit management method, which may include the following steps:
step 101: receiving an operation instruction from a user terminal, wherein the operation instruction is used for operating a target server;
step 102: acquiring user account information and functional role information from an operation instruction, wherein the user account information is used for identifying a user of a user terminal, and the functional role information is used for identifying the authority of the user;
step 103: acquiring operation information for describing an operation type and an operation object corresponding to an operation instruction;
step 104: recording user account information, function role information and operation information as a log into a pre-established audit log file;
step 105: forwarding the operation instruction to a target server;
step 106: receiving operation execution information from a target server, wherein the operation execution information is used for describing a result of the target server executing an operation instruction;
step 107: recording operation execution information, user account information and function role information as a log into the audit log file;
step 108: and forwarding the operation execution information to the user terminal.
According to the server audit management method provided by the embodiment of the invention, when the user terminal sends the operation instruction to the target server for operation, the operation instruction of the user terminal is received, the user account information and the function role information as well as the operation information of the operation type and the operation object corresponding to the operation instruction are obtained from the operation instruction, and are recorded in the pre-established audit log file as a log, and the operation instruction is forwarded to the target server. And when the target server receives the operation instruction and executes corresponding operation according to the operation instruction, receiving operation execution information from the target server, wherein the operation execution information is used for describing the result of the target server executing the operation instruction, recording the operation execution information, the user account information and the function role information as a log in an audit log file, and forwarding the operation execution information to the user terminal. In the whole process, user account information and functional role information included in the operation instruction of all the user terminals and operation information used for describing the operation type and the operation object corresponding to the operation instruction are recorded into a pre-created audit log file as logs, and similarly, the result of executing the operation instruction sent by all the target servers aiming at the user terminal, the user account information and the functional role information are recorded into the audit log file as a log. On one hand, all operation instructions of each user terminal and each server and operation execution information executed aiming at the operation instructions are recorded in an audit file in real time, so that the integrity of server audit management is ensured; on the other hand, the audit management process is simple, waste of manpower and material resources is avoided, the situation of disordered server audit management caused by increase of company personnel or the number of servers is avoided, and the efficiency of server audit management is improved.
Optionally, on the basis of the server audit management method shown in fig. 1, the log stored in the log file may be queried, and as shown in fig. 2, querying the log stored in the log file may include the following steps:
step 201: receiving a log query request from a management terminal;
step 202: acquiring user account information included in the log query request;
step 203: searching at least one log comprising user account information from the audit log file;
step 204: and sending the at least one searched log to the management terminal so that the management terminal can display the at least one log to an administrator.
In the embodiment of the invention, when an accident (the problem brought to the server by unknown identity, unauthorized operation, password leakage, data theft, illegal operation and the like) occurs to the server, the logs stored in the log file can be inquired, after a log inquiry request from the management terminal is received, the user account information included in the log inquiry request is obtained, each log including the user account information is searched from the audit log, and the log is sent to the management terminal. The administrator can quickly trace the reasons of accidents through the logs including the user account information displayed by the management terminal, so that the administrator can timely solve the problems one by one aiming at the reasons of accidents, and the safety of the server is guaranteed. Meanwhile, the server can audit and determine responsibility in time aiming at the accidents of the server, so that the occurrence of similar accidents is avoided, and the efficiency of server audit management is improved.
Alternatively, in the server audit management method shown in fig. 1,
when receiving the operation execution information from the target server, step 106 may receive the operation execution information from the target server through the SSH protocol, where the operation execution information is used to describe a result of the target server executing the operation instruction.
In the embodiment of the invention, the server audit management is realized based on an SSH (secure Shell) protocol, the SSH protocol is an encrypted network protocol, and a client does not need to install an agent. The SSH protocol can effectively prevent the information leakage problem in the server audit management process. Because the transmitted data can be encrypted through the SSH protocol, the situation that a man-in-the-middle pretends to be the real server to receive the data transmitted to the server by the user terminal and then pretends to be the real user terminal to transmit the data to the real server can not occur, and therefore the safety of the server is guaranteed.
Optionally, in the server audit management method shown in fig. 1, before the operation execution information, the user account information, and the role information are recorded as a log in the audit log file in step 107, the user account information and the role information corresponding to the operation instruction need to be obtained from the audit log file, as shown in fig. 3, obtaining the user account information and the role information corresponding to the operation instruction from the audit log file may include the following steps:
step 301: acquiring an instruction identifier included in operation execution information, wherein the instruction identifier is used for identifying an operation instruction;
step 302: and acquiring user account information and function role information corresponding to the operation instruction from the audit log file according to the instruction identifier.
In the embodiment of the invention, the instruction identifier for identifying the operation instruction is obtained from the operation execution information, and the user account information and the function role information corresponding to the operation instruction are obtained from the audit log file according to the instruction identifier, so that the operation instruction and the operation execution information can be recorded in the audit log file in a one-to-one correspondence manner. Once the server has accidents (problems brought to the server by unknown identity, unauthorized operation, password leakage, data theft, illegal operation and the like), the accident reason can be quickly positioned according to clear and organized logs in the audit log file so as to timely process, audit and determine responsibility, thereby improving the efficiency of server audit management.
As shown in fig. 4 and 5, the embodiment of the invention provides a device for server audit management. The device embodiments may be implemented by software, or by hardware, or by a combination of hardware and software. From a hardware level, as shown in fig. 4, a hardware structure diagram of a device where a server audit management apparatus according to an embodiment of the present invention is located is shown, where in addition to the processor, the memory, the network interface, and the nonvolatile memory shown in fig. 4, the device where the apparatus is located in the embodiment may also include other hardware, such as a forwarding chip responsible for processing a packet, in general. Taking a software implementation as an example, as shown in fig. 5, as a logical apparatus, the apparatus is formed by reading a corresponding computer program instruction in a non-volatile memory into a memory by a CPU of a device in which the apparatus is located and running the computer program instruction. The device for server audit management provided by the embodiment comprises: a receiving unit 501, a first obtaining unit 502, a first recording unit 503, a first forwarding unit 504, a second recording unit 505 and a second forwarding unit 506;
a receiving unit 501, configured to receive an operation instruction from a user terminal, where the operation instruction is used to operate a target server;
a first obtaining unit 502, configured to obtain user account information and role information from the operation instruction received by the receiving unit 501, and obtain operation information for describing an operation type and an operation object corresponding to the operation instruction, where the user account information is used to identify a user of a user terminal, and the role information is used to identify an authority of the user;
a first recording unit 503, configured to record the user account information, the role information, and the operation information acquired by the first acquiring unit 502 as a log in a pre-created audit log file;
a first forwarding unit 504, configured to forward the operation instruction obtained by the receiving unit 501 to the target server;
a receiving unit 501, configured to receive operation execution information from a target server, where the operation execution information is used to describe a result of executing an operation instruction by the target server;
a second recording unit 505, configured to record the user account information, the role information, and the operation execution information received by the receiving unit 501 as a log in an audit log file;
a second forwarding unit 506, configured to forward the operation execution information received by the receiving unit 501 to the user terminal.
Optionally, on the basis of the server audit management apparatus shown in fig. 5, as shown in fig. 6, the server audit management apparatus may further include: a second obtaining unit 601, a searching unit 602 and a sending unit 603;
a receiving unit 501, configured to receive a log query request from a management terminal;
a second obtaining unit 601, configured to obtain user account information included in the log query request received by the receiving unit 501;
a searching unit 602, configured to search for at least one log that includes the user account information acquired by the second acquiring unit 601 from the audit log file;
a sending unit 603, configured to send the at least one log found by the searching unit 602 to the management terminal, so that the management terminal displays the at least one log to an administrator.
Alternatively, in the server audit management apparatus shown in fig. 5,
a first forwarding unit 504, configured to send the operation instruction to the target server through an encrypted SSH protocol;
a receiving unit 501, configured to receive operation execution information from the target server through the SSH protocol.
Optionally, on the basis of the server audit management apparatus shown in any one of fig. 5 and 6, as shown in fig. 7, the server audit management apparatus may further include: a third acquisition unit 701 and a fourth acquisition unit 702;
a third obtaining unit 701, configured to obtain an instruction identifier included in the operation execution information received by the receiving unit 501 before the second recording unit 505 records the operation execution information, the user account information, and the role information as a log and stores the log in an audit log file, where the instruction identifier is used to identify an operation instruction;
a fourth obtaining unit 702, configured to obtain, according to the instruction identifier obtained by the third obtaining unit 701, user account information and role information corresponding to the operation instruction from the audit log file.
It should be noted that, because the contents of information interaction, execution process, and the like between the units in the apparatus are based on the same concept as the method embodiment of the present invention, specific contents may refer to the description in the method embodiment of the present invention, and are not described herein again.
As shown in fig. 8, an embodiment of the present invention provides a server audit management system, including: a server audit management apparatus 801, at least one user terminal 802 and at least one server 803 as shown in any of figures 5 to 7, wherein,
the user terminal 802 is configured to send an operation instruction to the server audit management apparatus 801, and receive operation execution information from the server audit management apparatus 801, where the operation instruction is used to operate a target server in at least one server, and the operation execution information is used to describe a result of the target server executing the operation instruction;
the server 803 is configured to receive the operation instruction from the server audit management apparatus 801, execute a corresponding operation according to the operation instruction, and send operation execution information describing an execution result to the server audit management apparatus 801.
Optionally, on the basis of the server audit management system shown in fig. 8, as shown in fig. 9, the server audit management system may further include: at least one management terminal 901;
the management terminal 901 is configured to send a log query request to the server audit management apparatus 801, receive at least one log returned by the server audit management apparatus 801 according to the log query request, and display the received at least one log.
The following describes in further detail the server audit management method provided in the embodiment of the present invention with reference to the server audit management system shown in fig. 9, and as shown in fig. 10, the method may include the following steps:
step 1001: the server audit management device receives the operation instruction.
In the embodiment of the invention, when at least one user terminal needs to execute operation on at least one server, each user terminal sends an operation instruction to each target server, and the server audit management device receives the operation instruction and is used for indicating the target server to execute related operation according to the operation instruction.
For example, when the user terminal a needs the server 1 to execute the task of the deletion a1, the user terminal a issues an operation instruction a, and the server audit management apparatus receives the operation instruction a issued from the user terminal a, for instructing the server 1 to execute the task of the deletion a1 in accordance with the operation instruction a. When the user terminal B needs the server 1 to execute the task of the addition B1, the user terminal B sends an operation instruction B, and the server audit management device receives the operation instruction B sent by the user terminal B and is used for instructing the server 1 to execute the task of the addition B1 according to the operation instruction B.
Step 1002: the server audit management device acquires user account information and function role information.
In the embodiment of the invention, the server audit management device acquires the user account information and the functional role information from the received operation instruction, wherein the user account information and the functional role information are respectively used for identifying the user of the user terminal and the authority of the user.
For example, the server audit management device obtains the user account information a and the role information a from the received operation instruction a. And the server audit management device acquires the user account information B and the function role information B from the received operation instruction B.
Step 1003: and the server audit management device acquires operation information describing the operation type and the operation object corresponding to the operation instruction.
In the embodiment of the present invention, the server audit management apparatus may further obtain operation information from the received operation instruction, where the operation information includes information for describing an operation type and an operation object corresponding to the operation instruction.
For example, the server audit management apparatus may further acquire, from the operation instruction a, that the operation type corresponding to the operation instruction a is deletion and the operation object is a 1. The server audit management device may further obtain, from the operation instruction B, that the operation type corresponding to the operation instruction B is an increase, and the operation object is B1.
Step 1004: the server audit management device takes the user account information, the function role information and the operation information as a log to be recorded in an audit log file which is created in advance.
In the embodiment of the invention, the server audit management device records a log comprising user account information, function role information and operation information in a pre-established audit log file.
For example, the server audit management apparatus records, as one log, the user account information a, the role information a, and the operation information a of the operation type and the operation object corresponding to the operation instruction a, which are acquired from the operation instruction a, in an audit log file created in advance:
user account information a-role information a-delete-a 1.
The server audit management device takes the user account information B, the functional role information B and the operation information B of the operation type and the operation object corresponding to the operation instruction B, which are obtained from the operation instruction B, as a log in an audit log file created in advance, and records the log as follows:
user account information B-role information B-add-B1.
Step 1005: and the server audit management device forwards the operation instruction to the target server.
In the embodiment of the invention, the server audit management device forwards the operation instruction to the target server through the encrypted network SSH protocol.
For example, the server audit management means forwards the operation instruction a to the server 1 through the encrypted SSH protocol for instructing the server 1 to execute the task of deleting a1 indicated by the operation instruction a. The server audit management device forwards the operation instruction B to the server 1 through the encrypted network SSH protocol, and is used for instructing the server 1 to execute the task of adding B1 indicated by the operation instruction B.
Step 1006: the server audit management device receives operation execution information sent by the target server.
In the embodiment of the invention, the server audit management device can receive the operation execution information sent by the target server through the SSH protocol, wherein the operation execution information is used for describing the result of the operation execution of the target server for the operation instruction.
For example, after the server 1 operates according to the operation instruction a indicated by the operation instruction a, the server audit management device receives operation execution information a sent by the server 1 through the SSH protocol, where the operation execution information a is used to describe a result of performing operation on the operation instruction a.
After the target server 1 operates according to the operation instruction B indicated by the operation instruction B, the server audit management device receives operation execution information B sent by the server 1 through the SSH protocol, where the operation execution information B is used to describe a result of performing operation on the operation instruction B.
Step 1007: the server audit management device acquires the instruction identification included in the operation execution information.
In the embodiment of the invention, the server audit management device acquires the instruction identifier from the received operation execution information, wherein the instruction identifier is used for identifying the operation instruction.
For example, the server audit management apparatus acquires an instruction identifier a 'from the received operation execution information a, where the instruction identifier a' is used to identify the operation instruction a. The server audit management device acquires an instruction identifier B 'from the received operation execution information B, wherein the instruction identifier B' is used for identifying the operation instruction B.
Step 1108: and the server audit management device acquires user account information and functional role information corresponding to the operation instruction.
In the embodiment of the invention, the server audit management device acquires the user account information and the functional role information corresponding to the operation instruction from the audit log file according to the instruction identification, wherein the user account information and the functional role information are respectively used for identifying the user of the user terminal and the authority of the user.
For example, the audit management device of the audit server obtains the user account information a and the role information a corresponding to the operation instruction a from the audit log file according to the instruction identifier a'. And the audit management device of the audit server acquires user account information B and function role information B corresponding to the operation instruction B from the audit log file according to the instruction identifier B'.
Step 1109: and the server audit management device records a log of the user account information, the function role information and the operation execution information into the audit log file.
In the embodiment of the invention, the server audit management device records a log comprising user account information, function role information and operation execution information in an audit log file.
For example, the server audit management apparatus records, as a log, user account information a, role information a, and operation execution information a in an audit log file:
user account information a-role information a-delete a1 success/failure.
The server audit management device takes the user account information B, the functional role information B and the operation execution information B as a log record in an audit log file as follows:
user account information B-role information B-add B1 success/failure.
Step 1010: and the server audit management device forwards the operation execution information to the user terminal.
In the embodiment of the invention, the server audit management device forwards the acquired operation execution information to the user terminal so that the user terminal can display the operation execution result corresponding to the operation instruction to the user.
For example, the server audit management device forwards the acquired operation execution information a to the user terminal, so that the user terminal displays an operation execution result corresponding to the operation instruction a to the user. And the server audit management device forwards the acquired operation execution information B to the user terminal so that the user terminal displays an operation execution result corresponding to the operation instruction B to the user.
The present invention also provides a computer readable medium storing instructions for causing a machine to perform a server audit management method as described herein. Specifically, a system or an apparatus equipped with a storage medium on which software program codes that realize the functions of any of the above-described embodiments are stored may be provided, and a computer (or a CPU or MPU) of the system or the apparatus is caused to read out and execute the program codes stored in the storage medium.
In this case, the program code itself read from the storage medium can realize the functions of any of the above-described embodiments, and thus the program code and the storage medium storing the program code constitute a part of the present invention.
Examples of the storage medium for supplying the program code include a floppy disk, a hard disk, a magneto-optical disk, an optical disk (e.g., CD-ROM, CD-R, CD-RW, DVD-ROM, DVD-RAM, DVD-RW, DVD + RW), a magnetic tape, a nonvolatile memory card, and a ROM. Alternatively, the program code may be downloaded from a server computer via a communications network.
Further, it should be clear that the functions of any one of the above-described embodiments may be implemented not only by executing the program code read out by the computer, but also by causing an operating system or the like operating on the computer to perform a part or all of the actual operations based on instructions of the program code.
Further, it is to be understood that the program code read out from the storage medium is written to a memory provided in an expansion board inserted into the computer or to a memory provided in an expansion module connected to the computer, and then causes a CPU or the like mounted on the expansion board or the expansion module to perform part or all of the actual operations based on instructions of the program code, thereby realizing the functions of any of the above-described embodiments.
In summary, the logging method, device and system of the intangible asset management platform provided by the invention at least have the following beneficial effects:
1. in the embodiment of the invention, when the user terminal sends an operation instruction to the target server for operation, the operation instruction of the user terminal is received, the user account information and the function role information as well as the operation information of the operation type and the operation object corresponding to the operation instruction are obtained from the operation instruction, the operation information is recorded in a pre-established audit log file as a log, and the operation instruction is forwarded to the target server. And when the target server receives the operation instruction and executes corresponding operation according to the operation instruction, receiving operation execution information from the target server, wherein the operation execution information is used for describing the result of the target server executing the operation instruction, recording the operation execution information, the user account information and the function role information as a log in an audit log file, and forwarding the operation execution information to the user terminal. In the whole process, user account information and functional role information included in the operation instruction of all the user terminals and operation information used for describing the operation type and the operation object corresponding to the operation instruction are recorded into a pre-created audit log file as logs, and similarly, the result of executing the operation instruction sent by all the target servers aiming at the user terminal, the user account information and the functional role information are recorded into the audit log file as a log. On one hand, all operation instructions of each user terminal and each server and operation execution information executed aiming at the operation instructions are recorded in an audit file in real time, so that the integrity of server audit management is ensured; on the other hand, the audit management process is simple, waste of manpower and material resources is avoided, the situation of disordered server audit management caused by increase of company personnel or the number of servers is avoided, and the efficiency of server audit management is improved.
2. In the embodiment of the invention, when an accident (the problem brought to the server by unknown identity, unauthorized operation, password leakage, data theft, illegal operation and the like) occurs to the server, the logs stored in the log file can be inquired, after a log inquiry request from the management terminal is received, the user account information included in the log inquiry request is obtained, each log including the user account information is searched from the audit log, and the log is sent to the management terminal. The administrator can quickly trace the reasons of accidents through the logs including the user account information displayed by the management terminal, so that the administrator can timely solve the problems one by one aiming at the reasons of accidents, and the safety of the server is guaranteed. Meanwhile, the server can audit and determine responsibility in time aiming at the accidents of the server, so that the occurrence of similar accidents is avoided, and the efficiency of server audit management is improved.
3. In the embodiment of the invention, the server audit management is realized based on an SSH (secure Shell) protocol, the SSH protocol is an encrypted network protocol, and a client does not need to install an agent. The SSH protocol can effectively prevent the information leakage problem in the server audit management process. Because the transmitted data can be encrypted through the SSH protocol, the situation that a man-in-the-middle pretends to be the real server to receive the data transmitted to the server by the user terminal and then pretends to be the real user terminal to transmit the data to the real server can not occur, and therefore the safety of the server is guaranteed.
4. In the embodiment of the invention, the instruction identifier for identifying the operation instruction is obtained from the operation execution information, and the user account information and the function role information corresponding to the operation instruction are obtained from the audit log file according to the instruction identifier, so that the operation instruction and the operation execution information can be recorded in the audit log file in a one-to-one correspondence manner. Once the server has accidents (problems brought to the server by unknown identity, unauthorized operation, password leakage, data theft, illegal operation and the like), the accident reason can be quickly positioned according to clear and organized logs in the audit log file so as to timely process, audit and determine responsibility, thereby improving the efficiency of server audit management.
It should be noted that not all steps and modules in the above flows and system structure diagrams are necessary, and some steps or modules may be omitted according to actual needs. The execution order of the steps is not fixed and can be adjusted as required. The system structure described in the above embodiments may be a physical structure or a logical structure, that is, some modules may be implemented by the same physical entity, or some modules may be implemented by a plurality of physical entities, or some components in a plurality of independent devices may be implemented together.
In the above embodiments, the hardware module may be implemented mechanically or electrically. For example, a hardware module may comprise permanently dedicated circuitry or logic (such as a dedicated processor, FPGA or ASIC) to perform the corresponding operations. A hardware module may also include programmable logic or circuitry (e.g., a general-purpose processor or other programmable processor) that may be temporarily configured by software to perform the corresponding operations. The specific implementation (mechanical, or dedicated permanent, or temporarily set) may be determined based on cost and time considerations.
While the invention has been shown and described in detail in the drawings and in the preferred embodiments, it is not intended to limit the invention to the embodiments disclosed, and it will be apparent to those skilled in the art that various combinations of the code auditing means in the various embodiments described above may be used to obtain further embodiments of the invention, which are also within the scope of the invention.
Claims (10)
1. The server audit management method is characterized by comprising the following steps:
receiving an operation instruction from a user terminal, wherein the operation instruction is used for operating a target server;
acquiring user account information and functional role information from the operation instruction, wherein the user account information is used for identifying a user of the user terminal, and the functional role information is used for identifying the authority of the user;
acquiring operation information for describing an operation type and an operation object corresponding to the operation instruction;
recording the user account information, the role information and the operation information as a log in a pre-established audit log file;
forwarding the operation instruction to the target server;
receiving operation execution information from the target server, wherein the operation execution information is used for describing a result of the target server executing the operation instruction;
recording the operation execution information, the user account information and the role information as a log in the audit log file;
and forwarding the operation execution information to the user terminal.
2. The method of claim 1, further comprising:
receiving a log query request from a management terminal;
acquiring the user account information included in the log query request;
searching at least one log comprising the user account information from the audit log file;
and sending the at least one found log to the management terminal so that the management terminal can display the at least one log to an administrator.
3. The method of claim 1,
the forwarding the operation instruction to the target server includes:
sending the operation instruction to the target server through an encrypted network SSH protocol;
the receiving operation execution information from the target server includes:
receiving the operation execution information from the target server through the SSH protocol.
4. The method of any of claims 1 to 3, wherein prior to said storing said operation execution information, said user account information, and said role information as a log in said audit log file, further comprising:
acquiring an instruction identifier included in the operation execution information, wherein the instruction identifier is used for identifying the operation instruction;
and acquiring the user account information and the function role information corresponding to the operation instruction from the audit log file according to the instruction identifier.
5. The server audit management device is characterized by comprising: the device comprises a receiving unit, a first obtaining unit, a first recording unit, a first forwarding unit, a second recording unit and a second forwarding unit;
the receiving unit is used for receiving an operation instruction from a user terminal, wherein the operation instruction is used for operating a target server;
the first obtaining unit is configured to obtain user account information and role information from the operation instruction received by the receiving unit, and obtain operation information for describing an operation type and an operation object corresponding to the operation instruction, where the user account information is used to identify a user of the user terminal, and the role information is used to identify a right of the user;
the first recording unit is configured to record the user account information, the role information, and the operation information, which are acquired by the first acquiring unit, as a log into a pre-created audit log file;
the first forwarding unit is configured to forward the operation instruction received from the receiving unit to the target server;
the receiving unit is further configured to receive operation execution information from the target server, where the operation execution information is used to describe a result of the target server executing the operation instruction;
the second recording unit is configured to record the user account information, the role information, and the operation execution information received by the receiving unit as a log in the audit log file;
the second forwarding unit is configured to forward the operation execution information received by the receiving unit to the user terminal.
6. The apparatus of claim 5, further comprising: the device comprises a second acquisition unit, a search unit and a sending unit;
the receiving unit is further used for receiving a log query request from the management terminal;
the second obtaining unit is configured to obtain the user account information included in the log query request received by the receiving unit;
the searching unit is configured to search the audit log file for at least one log including the user account information acquired by the second acquiring unit;
the sending unit is configured to send the at least one log found by the finding unit to the management terminal, so that the management terminal displays the at least one log to an administrator.
7. The apparatus of claim 5,
the first forwarding unit is configured to send the operation instruction to the target server through an encrypted SSH protocol;
the receiving unit is configured to receive the operation execution information from the target server through the SSH protocol.
8. The apparatus of any of claims 5 to 7, further comprising: a third acquisition unit and a fourth acquisition unit;
the third obtaining unit is configured to obtain an instruction identifier included in the operation execution information received by the receiving unit before the second recording unit records the operation execution information, the user account information, and the role information as a log and stores the log in the audit log file, where the instruction identifier is used to identify the operation instruction;
and the fourth obtaining unit is used for obtaining the user account information and the function role information corresponding to the operation instruction from the audit log file according to the instruction identifier obtained by the third obtaining unit.
9. The server audit management system is characterized by comprising: a server audit administration apparatus, at least one user terminal and at least one server according to any one of claims 5 to 8 wherein,
the user terminal is configured to send an operation instruction to the server audit management apparatus, and receive operation execution information from the server audit management apparatus, where the operation instruction is used to operate a target server in the at least one server, and the operation execution information is used to describe a result of the target server executing the operation instruction;
and the server is used for receiving the operation instruction from the server audit management device, executing corresponding operation according to the operation instruction, and sending the operation execution information for describing an execution result to the server audit management device.
10. The system of claim 9, further comprising: at least one management terminal;
the management terminal is used for sending a log query request to the server audit management device, receiving at least one log returned by the server audit management device according to the log query request, and displaying the received at least one log.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010581493.8A CN111800295A (en) | 2020-06-23 | 2020-06-23 | Server audit management method, device and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010581493.8A CN111800295A (en) | 2020-06-23 | 2020-06-23 | Server audit management method, device and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111800295A true CN111800295A (en) | 2020-10-20 |
Family
ID=72803042
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010581493.8A Pending CN111800295A (en) | 2020-06-23 | 2020-06-23 | Server audit management method, device and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111800295A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112583815A (en) * | 2020-12-07 | 2021-03-30 | 腾讯科技(深圳)有限公司 | Operation instruction management method and device |
| CN112988482A (en) * | 2021-02-08 | 2021-06-18 | 网易(杭州)网络有限公司 | Server operation management method, device, terminal, server and storage medium |
| CN113139181A (en) * | 2021-04-30 | 2021-07-20 | 成都卫士通信息产业股份有限公司 | Security audit method, device, equipment and readable storage medium |
| CN113204747A (en) * | 2021-05-20 | 2021-08-03 | 远景智能国际私人投资有限公司 | Account management method, account management device, server and storage medium |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101763593A (en) * | 2009-12-17 | 2010-06-30 | 中国电力科学研究院 | Method and device for realizing audit log of system |
| CN103856530A (en) * | 2012-12-05 | 2014-06-11 | 腾讯科技(深圳)有限公司 | Operation log managing method, server, terminal and system |
| CN104052616A (en) * | 2013-03-15 | 2014-09-17 | 深圳市腾讯计算机系统有限公司 | Method and system for managing services in Internet data center |
| CN106528391A (en) * | 2016-12-16 | 2017-03-22 | 郑州云海信息技术有限公司 | Recording method of operating log by management platform on SSR |
| CN106844495A (en) * | 2016-12-26 | 2017-06-13 | 北京五八信息技术有限公司 | A kind of acquisition methods and device of website operation daily record |
| CN108304704A (en) * | 2018-02-07 | 2018-07-20 | 平安普惠企业管理有限公司 | Authority control method, device, computer equipment and storage medium |
| CN109120620A (en) * | 2018-08-17 | 2019-01-01 | 成都品果科技有限公司 | A kind of server management method and system |
| CN109325044A (en) * | 2018-09-20 | 2019-02-12 | 快云信息科技有限公司 | A kind of the audit log processing method and relevant apparatus of database |
| CN110198227A (en) * | 2018-04-04 | 2019-09-03 | 腾讯科技(深圳)有限公司 | Processing method, device, storage medium and the electronic device of journal file |
-
2020
- 2020-06-23 CN CN202010581493.8A patent/CN111800295A/en active Pending
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101763593A (en) * | 2009-12-17 | 2010-06-30 | 中国电力科学研究院 | Method and device for realizing audit log of system |
| CN103856530A (en) * | 2012-12-05 | 2014-06-11 | 腾讯科技(深圳)有限公司 | Operation log managing method, server, terminal and system |
| CN104052616A (en) * | 2013-03-15 | 2014-09-17 | 深圳市腾讯计算机系统有限公司 | Method and system for managing services in Internet data center |
| CN106528391A (en) * | 2016-12-16 | 2017-03-22 | 郑州云海信息技术有限公司 | Recording method of operating log by management platform on SSR |
| CN106844495A (en) * | 2016-12-26 | 2017-06-13 | 北京五八信息技术有限公司 | A kind of acquisition methods and device of website operation daily record |
| CN108304704A (en) * | 2018-02-07 | 2018-07-20 | 平安普惠企业管理有限公司 | Authority control method, device, computer equipment and storage medium |
| CN110198227A (en) * | 2018-04-04 | 2019-09-03 | 腾讯科技(深圳)有限公司 | Processing method, device, storage medium and the electronic device of journal file |
| CN109120620A (en) * | 2018-08-17 | 2019-01-01 | 成都品果科技有限公司 | A kind of server management method and system |
| CN109325044A (en) * | 2018-09-20 | 2019-02-12 | 快云信息科技有限公司 | A kind of the audit log processing method and relevant apparatus of database |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112583815A (en) * | 2020-12-07 | 2021-03-30 | 腾讯科技(深圳)有限公司 | Operation instruction management method and device |
| CN112583815B (en) * | 2020-12-07 | 2024-02-02 | 腾讯科技(深圳)有限公司 | Operation instruction management method and device |
| CN112988482A (en) * | 2021-02-08 | 2021-06-18 | 网易(杭州)网络有限公司 | Server operation management method, device, terminal, server and storage medium |
| CN112988482B (en) * | 2021-02-08 | 2023-12-12 | 网易(杭州)网络有限公司 | Server operation management method, device, terminal, server and storage medium |
| CN113139181A (en) * | 2021-04-30 | 2021-07-20 | 成都卫士通信息产业股份有限公司 | Security audit method, device, equipment and readable storage medium |
| CN113204747A (en) * | 2021-05-20 | 2021-08-03 | 远景智能国际私人投资有限公司 | Account management method, account management device, server and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111800295A (en) | Server audit management method, device and system | |
| CN101873259B (en) | SCTP (Stream Control Transmission Protocol) message identification method and device | |
| CN111901327B (en) | Cloud network vulnerability mining method and device, electronic equipment and medium | |
| CN102394885B (en) | Information classification protection automatic verification method based on data stream | |
| CN114584401B (en) | Tracing system and method for large-scale network attack | |
| EP4161012A1 (en) | Authentication method and apparatus, electronic device, server, program, and storage medium | |
| US7793335B2 (en) | Computer-implemented method, system, and program product for managing log-in strikes | |
| CN109714239B (en) | Management message issuing method, VNFM (virtual network management frequency) equipment and server | |
| US10659486B2 (en) | Universal link to extract and classify log data | |
| CN110324416B (en) | Download path tracking method, device, server, terminal and medium | |
| CN112131577A (en) | Vulnerability detection method, device and equipment and computer readable storage medium | |
| CN112688806A (en) | Method and system for presenting network assets | |
| CN107786551B (en) | Method for accessing intranet server and device for controlling access to intranet server | |
| CN107895039B (en) | Method for constructing log database of campus network authentication system | |
| CN111506661B (en) | Content access management method, device and storage medium | |
| CN210294523U (en) | Data recording device for radar detection system | |
| CN113010904A (en) | Data processing method and device and electronic equipment | |
| CN112714118A (en) | Network flow detection method and device | |
| CN110858211B (en) | Data storage method, device and system and storage medium | |
| CN114969450B (en) | User behavior analysis method, device, equipment and storage medium | |
| CN114070856B (en) | Data processing method, device, system, operation and maintenance auditing equipment and storage medium | |
| CN112926050B (en) | Method for obtaining SSH encrypted content based on HOOK technology and application thereof | |
| CN112711518B (en) | Log uploading method and device | |
| CN113536304A (en) | Operation and maintenance audit system-based bypassing prevention method and equipment | |
| CN112685500A (en) | Link tracking and evidence storing method and device based on block chain and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20201020 |
|
| RJ01 | Rejection of invention patent application after publication |