CN111949951A - Account number management and control method, account number management and control system, storage medium and electronic equipment - Google Patents
Account number management and control method, account number management and control system, storage medium and electronic equipment Download PDFInfo
- Publication number
- CN111949951A CN111949951A CN202010791438.1A CN202010791438A CN111949951A CN 111949951 A CN111949951 A CN 111949951A CN 202010791438 A CN202010791438 A CN 202010791438A CN 111949951 A CN111949951 A CN 111949951A
- Authority
- CN
- China
- Prior art keywords
- account
- operation process
- path
- target
- target account
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 207
- 230000008569 process Effects 0.000 claims abstract description 169
- 238000004590 computer program Methods 0.000 claims description 8
- 230000006870 function Effects 0.000 claims description 8
- 230000009286 beneficial effect Effects 0.000 abstract description 2
- 230000009471 action Effects 0.000 description 3
- 239000003999 initiator Substances 0.000 description 3
- 230000006399 behavior Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
Abstract
The application provides an account management and control method, which comprises the following steps: acquiring an operation process corresponding to a target account; determining a process path of the operation process; judging whether the process path is a preset legal path or not; if yes, allowing the operation process to be executed; if not, stopping the operation process and recording an interception log corresponding to the operation process. According to the method and the device, the operation process is monitored, the operation process is allowed to be executed only when the process path of the operation process is a preset legal path, the process path of the operation process is limited, the account damage caused by the fact that an illegal path invades a target account can be avoided, the safety degree of the account is improved, and the data safety of a user is guaranteed. The application also provides an account management and control system, a computer readable storage medium and an electronic device, which have the beneficial effects.
Description
Technical Field
The present disclosure relates to the field of information security, and in particular, to an account management and control method, system, storage medium, and electronic device.
Background
The risk management of system accounts is a very important part in the field of computer security, high-risk accounts possibly cause serious consequences such as account theft, bank card theft, telecommunication fraud and the like, wherein account management of a Linux system is looser, for example, root accounts have super authority and the like, so that the management and control of the accounts of the Linux system are very important.
The existing Linux account management and control mode generally manages and controls accounts through a system command of usermod or password, and the essence of the mode is that system configuration files/etc/password or/etc/shadow are modified, but the two files are easily modified or destroyed by malicious users without permission, so that the account security problem is caused.
Disclosure of Invention
The application aims to provide an account management and control method, an account management and control system, a computer readable storage medium and electronic equipment, which can improve account security.
In order to solve the technical problem, the application provides an account management and control method, which has the following specific technical scheme:
acquiring an operation process corresponding to a target account;
determining a process path of the operation process;
judging whether the process path is a preset legal path or not;
if yes, allowing the operation process to be executed;
if not, stopping the operation process and recording an interception log corresponding to the operation process.
Optionally, before obtaining the operation process corresponding to the target account, the method further includes:
calling a risk account number feature library;
and determining the target account according to the risk characteristics in the risk account characteristic library.
Optionally, after determining the target account according to the risk characteristics in the risk account characteristic library, the method further includes:
acquiring a system configuration file corresponding to the target account;
judging whether the target account is a white list account or not according to a preset field in the system configuration file;
and if so, terminating the control process of the target account.
Optionally, the obtaining of the operation process corresponding to the target account includes:
and calling a control process and acquiring an operation process corresponding to the target account by using the custom function.
Optionally, after suspending the operation process and recording the interception log corresponding to the operation process, the method further includes:
and when the log number of the intercepting logs exceeds a preset value, rejecting all operation processes taking the target account as an operation target within a preset time.
Optionally, if the preset value includes a first threshold and a second threshold, rejecting all operation processes with the target account as an operation target within a preset time includes:
when the number of the intercepted logs exceeds the first threshold value, rejecting all operation processes taking the target account number as an operation target within first preset time;
when the number of the intercepted logs exceeds the second threshold value, recording the operation process into a process blacklist;
the second threshold is greater than the first threshold, and the second preset time length is greater than the first preset time length.
Optionally, the method includes:
judging whether the control process exists in a process list or not;
and if not, stopping the control of the target account.
The application further provides an account management and control system, including:
the acquisition module is used for acquiring an operation process corresponding to the target account;
the path determining module is used for determining a process path of the operation process;
the judging module is used for judging whether the process path is a preset legal path or not;
the process execution module is used for executing the operation process when the judgment result of the judgment module is yes;
and the management and control module is used for stopping the operation process and recording the interception log corresponding to the operation process when the judgment result of the judgment module is negative.
The present application also provides a computer-readable storage medium having stored thereon a computer program which, when being executed by a processor, carries out the steps of the method as set forth above.
The present application further provides an electronic device, comprising a memory and a processor, wherein the memory stores a computer program, and the processor implements the steps of the method described above when calling the computer program in the memory.
The application provides an account management and control method, which comprises the following steps: acquiring an operation process corresponding to a target account; determining a process path of the operation process; judging whether the process path is a preset legal path or not; if yes, allowing the operation process to be executed; if not, stopping the operation process and recording an interception log corresponding to the operation process.
According to the method and the device, the operation process is monitored, the operation process is allowed to be executed only when the process path of the operation process is a preset legal path, the process path of the operation process is limited, the account damage caused by the fact that an illegal path invades a target account can be avoided, the safety degree of the account is improved, and the data safety of a user is guaranteed.
The application further provides an account management and control system, a computer readable storage medium and electronic equipment, which have the beneficial effects and are not repeated here.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, it is obvious that the drawings in the following description are only embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a flowchart of an account management and control method according to an embodiment of the present application;
fig. 2 is a schematic structural diagram of an account management and control system according to an embodiment of the present disclosure.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Referring to fig. 1, fig. 1 is a flowchart of an account management and control method provided in an embodiment of the present application, where the method includes:
s101: acquiring an operation process corresponding to a target account;
in this step, an operation process corresponding to the target account is obtained, and the steps executed in this embodiment may be implemented by using a control process, a control program, or a control script. Specifically, taking a control process as an example, the control process may be called to obtain an operation process corresponding to the target account, and no matter what manner is used to obtain the operation process, a custom function is usually needed, that is, the custom function is used to replace an original file read-write function in the system. After the operation process of the target account appears in the current system, the file read-write function is used for identifying the operation process and executing the operation required to be executed by the process on the target account, so that the process can be temporarily suspended through the custom function in order to limit the illegal operation aiming at the target account. The so-called self-defined function is to allow the control process to intercept the operation process and process the operation process.
It should be noted that the target account may be one account or multiple accounts, and each account has a separate operation process during operation, and even though an attacker may issue attack instructions for multiple accounts at the same time, when the attack instructions are executed in the system, a corresponding separate operation process still exists for each account.
S102: determining a process path of the operation process;
the step is intended to confirm the process path of the operating process, and the specific content of the process path is not limited herein, and may include a process initiator, process content, a device or system hierarchy through which the process is executed, and the like.
S103: judging whether the process path is a preset legal path or not; if yes, entering S104; if not, entering S105;
this step is intended to make a validity judgment on the process path confirmed in S102. The present embodiment defaults to the preset legal path being configured or determined before executing this step. That is, the preset legal path may be configured, for example, the initiator of the operation process is limited to a certain terminal device, and the operation processes sent except the device code corresponding to the terminal device are all not legal. Or, when the control process or the control program or the control script is adopted, the preset legal path may be determined according to the process path corresponding to the control process itself, or the corresponding legal path may be read from the control program and the control script.
Specifically, if the managed process is executed, it may be determined whether the process path belongs to a path corresponding to the managed process, if so, it may be considered as legal, and S104 is executed, otherwise, S105 is executed.
S104: allowing the operating process to be executed;
s105: and stopping the operation process and recording an interception log corresponding to the operation process.
When the operation process is illegal, the operation process needs to be suspended, specifically, a system command may be called to directly close the operation process, or the operation process is prohibited from running, and the like. Meanwhile, an interception log corresponding to the operation process needs to be recorded. In this embodiment, the log content of the interception log is not specifically limited, and may include content such as an initiator of an operation process, a process path, and execution time, so that a person skilled in the art can trace a source according to the interception log to further improve account security.
Further, in order to further improve the account security, after the operation process is suspended and the interception logs corresponding to the operation process are recorded, all operation processes taking the target account as the operation target can be rejected within a preset time when the number of the interception logs exceeds a preset value.
For example, if the preset values include a first threshold value and a second threshold value, when the number of the intercepted logs exceeds the first threshold value, rejecting all operation processes taking the target account as an operation target within a first preset time; and when the number of the intercepted logs exceeds a second threshold value, directly recording the operation process into a process blacklist, wherein the second threshold value is greater than the first threshold value, and the second preset time length is greater than the first preset time length. In short, the more the interception log is generated, the fewer operation processes allowed to be executed on the target account are, and the higher the protection degree is. Once the number of the intercepted logs reaches the second threshold, behaviors such as malicious attacks on the target account and the like may occur at the moment, and the behaviors are directly logged into the process blacklist. And the operation process in the process blacklist is rejected or a kill instruction in the system is directly called to close the operation process.
According to the method and the device, the operation process is monitored, the operation process is allowed to be executed only when the process path of the operation process is a preset legal path, the process path of the operation process is limited, the account harm caused by the fact that an illegal path invades a target account can be avoided, the safety degree of the account is improved, and the data safety of a user is guaranteed.
Based on the above embodiment, as a more preferred embodiment, before the operation process of acquiring the target account in S101 is executed, the target account may be determined. Since not all accounts in the system need to be monitored in general, part of the risk accounts that need to be monitored can be monitored. The specific operation process can be as follows:
s201: calling a risk account number feature library;
s202: and determining the target account according to the risk characteristics in the risk account characteristic library.
How to obtain the risk account feature library is not specifically limited, and the risk account feature library may be formed according to account rules or risk features obtained by using a crawler technology and the like. The risk characteristics may include a weak password or a standardized account name or an account password, the weak password is an account password with a lower security level, which may be consecutive numbers or consecutive same numbers, and the like, and the standardized account name or the account password is, for example, "admin 001", "admin 002", and the like, such account names may be account names used by attackers, and the risk of the account names is higher, and the account names may be managed and controlled as target accounts.
Of course, on the basis of this embodiment, a person skilled in the art may also determine the target account based on other risk characteristics or other manners, for example, may determine the target account that needs to be specifically controlled according to the obtained control list, and the like, which all shall be within the protection scope of the present application.
In addition, after the target account is determined, the target account can be further screened, and the specific process can be as follows:
s301: acquiring a system configuration file corresponding to a target account;
s302: judging whether the target account is a white list account or not according to a preset field in the system configuration file; if yes, the process proceeds to S303:
s303: and terminating the control process of the target account.
After the target account is confirmed, because accounts with different security levels, such as a system account and a user account, may generally exist in the system, it is obvious that the system account is not established by a malicious attacker, and belongs to a white list account, or some specific user accounts may also be white list accounts, that is, accounts that do not need to be controlled may be white list accounts, and once the white list accounts are controlled, a process corresponding to the accounts is disabled, which may affect normal operation of the system or the device, or cause loss to the user, so this embodiment aims to exclude the white list accounts from the target accounts that need to be controlled.
On the basis of this embodiment, the account type may also be directly determined according to the preset field, where the type and the type of the account are not specifically limited, for example, the account may be divided into a system account, a program account, and a general account, and the system account and the program account are not generally used as a target account to perform management and control, so that management and control may be performed on the general account, that is, the account type of the target account is determined according to the preset field, and then whether the account is an account that needs to be managed and controlled is determined according to the account type. Obviously, at this time, both the system account and the program account are regarded as white list accounts.
On the basis of the above embodiment, as a preferred embodiment, when a management and control process is adopted, since the management and control process is a process of an application layer, and actual management and control of the account is located in a driver layer of the system, if the management and control process is killed or the application layer crashes, and a corresponding program in a kernel is still running, the management and control of the account of the system will be disturbed. Therefore, whether the management and control process exists in the process list or not can be judged regularly, and if not, the management and control of the target account are stopped.
In the following, an account management and control system provided by the embodiment of the present application is introduced, and the account management and control system described below and the account management and control method described above may be referred to correspondingly.
Fig. 2 is a schematic structural diagram of an account management and control system provided in an embodiment of the present application, where the system includes:
an obtaining module 100, configured to obtain an operation process corresponding to a target account;
a path determining module 200, configured to determine a process path of the operation process;
a judging module 300, configured to judge whether the process path is a preset legal path;
a process executing module 400, configured to execute the operation process when the determination result of the determining module 300 is yes
The management and control module 500 is configured to suspend the operation process and record an interception log corresponding to the operation process when the determination result of the determining module 300 is negative.
The present application also provides a computer readable storage medium having stored thereon a computer program which, when executed, may implement the steps provided by the above-described embodiments. The storage medium may include: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
The application further provides an electronic device, which may include a memory and a processor, where the memory stores a computer program, and the processor may implement the steps provided by the foregoing embodiments when calling the computer program in the memory. Of course, the electronic device may also include various network interfaces, power supplies, and the like.
The embodiments are described in a progressive manner in the specification, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. For the system provided by the embodiment, the description is relatively simple because the system corresponds to the method provided by the embodiment, and the relevant points can be referred to the method part for description.
The principles and embodiments of the present application are explained herein using specific examples, which are provided only to help understand the method and the core idea of the present application. It should be noted that, for those skilled in the art, it is possible to make several improvements and modifications to the present application without departing from the principle of the present application, and such improvements and modifications also fall within the scope of the claims of the present application.
It is further noted that, in the present specification, relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
Claims (10)
1. An account management and control method is characterized by comprising the following steps:
acquiring an operation process corresponding to a target account;
determining a process path of the operation process;
judging whether the process path is a preset legal path or not;
if yes, allowing the operation process to be executed;
if not, stopping the operation process and recording an interception log corresponding to the operation process.
2. The account management and control method according to claim 1, wherein before the obtaining of the operation process corresponding to the target account, the method further includes:
calling a risk account number feature library;
and determining the target account according to the risk characteristics in the risk account characteristic library.
3. The account management and control method according to claim 2, wherein after determining the target account according to the risk characteristics in the risk account characteristic library, the method further includes:
acquiring a system configuration file corresponding to the target account;
judging whether the target account is a white list account or not according to a preset field in the system configuration file;
and if so, terminating the control process of the target account.
4. The account management and control method according to claim 1, wherein the obtaining of the operation process corresponding to the target account comprises:
and calling a control process and acquiring an operation process corresponding to the target account by using the custom function.
5. The account management and control method according to claim 1, wherein after the operation process is suspended and the interception log corresponding to the operation process is recorded, the method further includes:
and when the log number of the intercepting logs exceeds a preset value, rejecting all operation processes taking the target account as an operation target within a preset time.
6. The account management and control method according to claim 5, wherein if the preset value includes a first threshold and a second threshold, rejecting all operation processes that use the target account as an operation target within a preset time includes:
when the number of the intercepted logs exceeds the first threshold value, rejecting all operation processes taking the target account number as an operation target within first preset time;
when the number of the intercepted logs exceeds the second threshold value, recording the operation process into a process blacklist;
the second threshold is greater than the first threshold, and the second preset time length is greater than the first preset time length.
7. The account management and control method according to claim 4, further comprising:
judging whether the control process exists in a process list or not;
and if not, stopping the control of the target account.
8. An account management and control system, comprising:
the acquisition module is used for acquiring an operation process corresponding to the target account;
the path determining module is used for determining a process path of the operation process;
the judging module is used for judging whether the process path is a preset legal path or not;
the process execution module is used for executing the operation process when the judgment result of the judgment module is yes;
and the management and control module is used for stopping the operation process and recording the interception log corresponding to the operation process when the judgment result of the judgment module is negative.
9. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 7.
10. An electronic device, comprising a memory in which a computer program is stored and a processor which, when called upon in the memory, implements the steps of the method according to any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010791438.1A CN111949951A (en) | 2020-08-07 | 2020-08-07 | Account number management and control method, account number management and control system, storage medium and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010791438.1A CN111949951A (en) | 2020-08-07 | 2020-08-07 | Account number management and control method, account number management and control system, storage medium and electronic equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111949951A true CN111949951A (en) | 2020-11-17 |
Family
ID=73332919
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010791438.1A Pending CN111949951A (en) | 2020-08-07 | 2020-08-07 | Account number management and control method, account number management and control system, storage medium and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111949951A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103685151A (en) * | 2012-09-03 | 2014-03-26 | 腾讯科技(深圳)有限公司 | Account number single sign on protecting method and device |
| CN104598806A (en) * | 2014-11-24 | 2015-05-06 | 北京奇虎科技有限公司 | Method and device for registering detecting |
| CN110532798A (en) * | 2019-07-26 | 2019-12-03 | 苏州浪潮智能科技有限公司 | A kind of file forced access control method and device |
| CN110727946A (en) * | 2019-09-30 | 2020-01-24 | 北京紫金支点技术有限公司 | Process protection method based on fingerprint verification, automatic teller machine and storage medium |
| CN111177761A (en) * | 2019-12-30 | 2020-05-19 | 北京浪潮数据技术有限公司 | File access control method, device and equipment based on sensitive marks |
-
2020
- 2020-08-07 CN CN202010791438.1A patent/CN111949951A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103685151A (en) * | 2012-09-03 | 2014-03-26 | 腾讯科技(深圳)有限公司 | Account number single sign on protecting method and device |
| US20140137227A1 (en) * | 2012-09-03 | 2014-05-15 | Tencent Technology (Shenzhen) Company Limited | Systems and Methods for Enhancement of Single Sign-On Protection |
| CN104598806A (en) * | 2014-11-24 | 2015-05-06 | 北京奇虎科技有限公司 | Method and device for registering detecting |
| CN110532798A (en) * | 2019-07-26 | 2019-12-03 | 苏州浪潮智能科技有限公司 | A kind of file forced access control method and device |
| CN110727946A (en) * | 2019-09-30 | 2020-01-24 | 北京紫金支点技术有限公司 | Process protection method based on fingerprint verification, automatic teller machine and storage medium |
| CN111177761A (en) * | 2019-12-30 | 2020-05-19 | 北京浪潮数据技术有限公司 | File access control method, device and equipment based on sensitive marks |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108268354B (en) | Data security monitoring method, background server, terminal and system | |
| KR102307534B1 (en) | Systems and methods for tracking malicious behavior across multiple software entities | |
| US6941473B2 (en) | Memory device, stack protection system, computer system, compiler, stack protection method, storage medium and program transmission apparatus | |
| CN104954350B (en) | Account information protection method and system | |
| US20050114673A1 (en) | Method and system for establishing a consistent password policy | |
| CN111931166B (en) | Application program anti-attack method and system based on code injection and behavior analysis | |
| CN101833621B (en) | Terminal safety audit method and system | |
| CN112615865B (en) | Data anti-intrusion method based on big data and artificial intelligence and big data server | |
| CN107679421A (en) | A kind of movable memory apparatus monitoring means of defence and system | |
| US10339307B2 (en) | Intrusion detection system in a device comprising a first operating system and a second operating system | |
| CN110688653A (en) | Client security protection method and device and terminal equipment | |
| CN107045605A (en) | A kind of real-time metrics method and device | |
| CN109583206B (en) | Method, device, equipment and storage medium for monitoring access process of application program | |
| CN111949951A (en) | Account number management and control method, account number management and control system, storage medium and electronic equipment | |
| KR101614809B1 (en) | Practice control system of endpoint application program and method for control the same | |
| CN111683087A (en) | Access control method, device, electronic equipment and computer readable storage medium | |
| KR102034678B1 (en) | Malware preventing system anf method based on access controlling for data file | |
| CN115189938A (en) | Service safety protection method and device | |
| CN110958236A (en) | Dynamic authorization method of operation and maintenance auditing system based on risk factor insight | |
| CN113672925B (en) | Method and device for preventing lux software attack, storage medium and electronic equipment | |
| CN115189937A (en) | Security protection method and device for client data | |
| CN113987435A (en) | Illegal copyright detection method and device, electronic equipment and storage medium | |
| KR20190095056A (en) | Systems and methods for detection and prevention of Ransomware | |
| CN111488601A (en) | Method and device for anti-disclosure processing | |
| CN111261200B (en) | Burning equipment control method and device based on kernel and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20201117 |
|
| RJ01 | Rejection of invention patent application after publication |