CN112580835B - Management method and device of server - Google Patents
Management method and device of server Download PDFInfo
- Publication number
- CN112580835B CN112580835B CN202011497132.1A CN202011497132A CN112580835B CN 112580835 B CN112580835 B CN 112580835B CN 202011497132 A CN202011497132 A CN 202011497132A CN 112580835 B CN112580835 B CN 112580835B
- Authority
- CN
- China
- Prior art keywords
- server
- maintenance
- flow
- target
- determining
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000007726 management method Methods 0.000 title abstract description 13
- 238000012423 maintenance Methods 0.000 claims abstract description 294
- 238000000034 method Methods 0.000 claims abstract description 61
- 238000005206 flow analysis Methods 0.000 claims abstract description 35
- 230000006399 behavior Effects 0.000 claims description 117
- 230000009471 action Effects 0.000 claims description 15
- 230000008569 process Effects 0.000 claims description 8
- 238000012545 processing Methods 0.000 claims description 8
- 238000010586 diagram Methods 0.000 description 6
- 238000011418 maintenance treatment Methods 0.000 description 4
- 230000008439 repair process Effects 0.000 description 4
- 238000004458 analytical method Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 238000012550 audit Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/20—Administration of product repair or maintenance
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- Human Resources & Organizations (AREA)
- Marketing (AREA)
- General Business, Economics & Management (AREA)
- Operations Research (AREA)
- Quality & Reliability (AREA)
- Entrepreneurship & Innovation (AREA)
- Economics (AREA)
- Computing Systems (AREA)
- Tourism & Hospitality (AREA)
- Strategic Management (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention provides a management method and a device of a server, wherein the method comprises the following steps: when a scanning instruction is received, judging whether a server which does not determine operation and maintenance personnel exists in each server corresponding to the scanning instruction; if the server is present, determining the server without determining the operation and maintenance personnel as a target server; determining the system type of an operating system of the target server; determining an operation and maintenance behavior model corresponding to the system type as a target model; inputting the flow data of the target server in the time step into a flow analysis system, enabling the flow analysis system to determine the flow type of each operation flow in the flow data based on a target model, and determining the operation flow with the flow type being the operation and maintenance type as the target flow; and determining operation staff of the target server based on the operation machine corresponding to the target flow. By the method and the system, the operation and maintenance personnel of the server can be determined, the situation that the operation and maintenance personnel cannot be notified in time when the server has a bug is avoided, and the risk of the system is effectively reduced.
Description
Technical Field
The present invention relates to the field of server technologies, and in particular, to a method and an apparatus for managing a server.
Background
With the development of the internet and the digitization of information, the server is widely applied in various industries and fields. With the increase of the traffic and the data volume, the number of servers applied in enterprises is gradually increased, and in order to ensure the normal operation of the servers, maintenance of the servers is one of the necessary tasks, and by maintaining the servers, when a vulnerability or a security threat of the servers is found, operation and maintenance personnel corresponding to the servers can be located in time, and the corresponding operation and maintenance personnel are notified to repair the servers, so that the security of the servers is ensured.
Servers in enterprises are usually recorded in asset lists of the enterprises, operation and maintenance personnel corresponding to the servers can be rapidly positioned through the asset lists, sometimes the recorded servers in the asset lists are not comprehensive, the operation and maintenance personnel corresponding to the servers can not be determined in the face of the servers which are not recorded in the asset lists, when the server has a vulnerability, the operation and maintenance personnel corresponding to the server can not be timely notified, the vulnerability of the server can not be timely repaired, and the whole system has huge safety risks.
Disclosure of Invention
In view of this, the invention provides a method and a device for managing a server, and by applying the method and the device, operation and maintenance personnel of the server can be definitely identified, so that the server timely informs the operation and maintenance personnel to repair when a vulnerability occurs, thereby reducing the safety risk of the whole system and improving the safety performance of the whole system.
In order to achieve the above purpose, the present invention provides the following technical solutions:
a method of managing a server, comprising:
when a scanning instruction sent by a user is received, determining each server corresponding to the scanning instruction, and judging whether a server which does not determine operation and maintenance personnel exists in each server;
when the existence of a server of an undetermined operation and maintenance person is determined, determining the server of the undetermined operation and maintenance person as a target server, and acquiring server information of the target server;
determining a system type of an operating system of the target server based on the server information;
determining an operation model corresponding to the system type in each operation model which is built in advance, and determining the operation model corresponding to the system type as a target model, wherein the operation model comprises the behavior characteristics of various operation behaviors, and the operation behaviors are the behaviors of operation staff for carrying out operation processing on a server;
acquiring flow data of the target server in a preset time step, wherein the flow data comprises at least one operation flow;
Inputting the flow data into a preset flow analysis system, triggering the flow analysis system to determine the flow type of each operation flow based on the target model, and determining the operation flow with the flow type of the operation type as the target flow;
and determining an operation and maintenance machine corresponding to the target flow, and determining operation and maintenance personnel of the target server based on operation and maintenance records of the operation and maintenance machine.
In the above method, optionally, the determining whether a server with undetermined operation and maintenance personnel exists in each server includes:
acquiring service address information of each server;
determining whether service address information which is not stored in a preset asset list exists in each service address information;
when there is no service address information not stored in the asset list, determining that there is no server for which operation and maintenance personnel are not determined
When there is service address information that is not saved in the asset list, it is determined that there is a server for which an operation and maintenance person is not determined.
The method, optionally, the triggering the flow analysis system to determine a flow type of each operation flow based on the target model includes:
The flow analysis system analyzes each operation flow in the flow data to obtain the data characteristics of each operation flow;
judging whether behavior features matched with the data features of each operation flow exist in the target model for each operation flow;
if the behavior characteristics matched with the data characteristics exist in the target model, determining that the flow type of the operation flow is an operation and maintenance type;
and if the behavior characteristics matched with the data characteristics do not exist in the target model, determining that the flow type of the operation flow is a non-operation-maintenance type.
The method, optionally, further comprises:
binding the service address information of the target server and the personnel information of the operation and maintenance personnel, and storing the service address information and the personnel information after binding into the asset list.
The method, optionally, the process of constructing each operation and maintenance behavior model includes:
determining the system type of an operating system of each sample server in a preset sample library;
determining a sample set of each system type, wherein the sample set comprises at least one target sample server, and the target sample server is a sample server of which the operating system is the system type;
For each sample set, determining the operation and maintenance flow of each operation and maintenance action based on the sample flow of each target sample server in the sample set, determining the operation and maintenance characteristics of each operation and maintenance action based on the operation and maintenance flow of each operation and maintenance action, filling each operation and maintenance characteristic into a preset blank model to obtain an operation and maintenance characteristic model, and determining the operation and maintenance characteristic model as an operation and maintenance action model of the system type of the sample set.
A management apparatus of a server, comprising:
the first determining unit is used for determining each server corresponding to the scanning instruction when receiving the scanning instruction sent by the user, and judging whether the server of which the operation and maintenance personnel are not determined exists in each server;
a first acquisition unit configured to, when it is determined that a server of an undetermined operation and maintenance person exists, determine the server of the undetermined operation and maintenance person as a target server, and acquire server information of the target server;
a second determining unit configured to determine a system type of an operating system of the target server based on the server information;
a third determining unit, configured to determine, in each of the pre-built operation models, an operation model corresponding to the system type, and determine, as a target model, an operation model corresponding to the system type, where the operation model includes behavior features of various operation behaviors, where the operation behaviors are behaviors of operation staff performing operation processing on a server;
The second acquisition unit is used for acquiring flow data of the target server in a preset time step, wherein the flow data comprises at least one operation flow;
the triggering unit is used for inputting the flow data into a preset flow analysis system, triggering the flow analysis system to determine the flow type of each operation flow based on the target model, and determining the operation flow with the flow type being the operation and maintenance type as the target flow;
and the fourth determining unit is used for determining the operation and maintenance machine corresponding to the target flow and determining operation and maintenance personnel of the target server based on the operation and maintenance record of the operation and maintenance machine.
The above apparatus, optionally, the first determining unit includes:
an acquisition subunit, configured to acquire service address information of each server;
a first determining subunit configured to determine whether service address information that is not stored in a preset asset list exists in each of the service address information;
a second determination subunit for determining that there is no server for which the operation and maintenance personnel is not determined when there is no service address information not stored in the asset list
And a third determining subunit for determining that a server of undetermined operation and maintenance personnel exists when the service address information which is not saved in the asset list exists.
The above device, optionally, the trigger unit includes:
the flow analysis system is used for analyzing each operation flow in the flow data to obtain the data characteristics of each operation flow;
the judging subunit is used for judging whether the behavior characteristics matched with the data characteristics of each operation flow exist in the target model for each operation flow;
a fourth determining subunit, configured to determine, if a behavior feature matched with the data feature exists in the target model, that a traffic type of the operation traffic is an operation and maintenance type;
and a fifth determining subunit, configured to determine that the traffic type of the operation traffic is a non-operation-dimension type if no behavior feature matched with the data feature exists in the target model.
The above device, optionally, further comprises:
and the binding unit is used for binding the service address information of the target server and the personnel information of the operation and maintenance personnel, and storing the service address information and the personnel information after binding into the asset list.
The above device, optionally, further comprises:
A fifth determining unit, configured to determine a system type of an operating system of each sample server in a preset sample library;
a sixth determining unit, configured to determine a sample set of each system type, where the sample set includes at least one target sample server, and the target sample server is a sample server of an operating system that is the system type;
a seventh determining unit, configured to determine, for each sample set, an operation and maintenance flow rate of each operation and maintenance behavior based on a sample flow rate of each target sample server in the sample set, determine an operation feature of each operation and maintenance behavior based on the operation and maintenance flow rate of each operation and maintenance behavior, fill each operation feature into a preset blank model to obtain an operation and maintenance feature model, and determine the operation and maintenance feature model as an operation and maintenance behavior model of a system type of the sample set.
Compared with the prior art, the invention has the following advantages:
the invention provides a management method and a device of a server, wherein the method comprises the following steps: when a scanning instruction is received, determining each server, and judging whether a server which does not determine operation and maintenance personnel exists in each server; when the operation personnel exist, determining a server which does not determine the operation personnel as a target server, and acquiring server information of the target server; determining a system type of an operating system of the target server based on the server information; determining an operation and maintenance behavior model corresponding to the system type in each operation and maintenance behavior model which is built in advance, and determining the operation and maintenance behavior model corresponding to the system type as a target model, wherein the operation and maintenance behavior model comprises behavior characteristics of various operation and maintenance behaviors, and the operation and maintenance behaviors are behaviors of operation and maintenance personnel for carrying out operation and maintenance treatment on a server; acquiring flow data of a target server in a preset time step; inputting the flow data into a preset flow analysis system, triggering the flow analysis system to determine the flow type of each operation flow based on a target model, and determining the operation flow with the flow type being the operation and maintenance type as the target flow; and determining an operation and maintenance machine corresponding to the target flow, and determining operation and maintenance personnel of the target server based on operation and maintenance records of the operation and maintenance machine. When the server of which the operation staff is not determined exists, the scheme provided by the invention can be applied to the operation staff of the server of which the operation staff is not determined, so that the corresponding operation staff can be timely informed to maintain the server when the server has a vulnerability, the safety of the system is ensured, and the server asset of the system can be managed and the server asset is transparent by defining the operation staff of each server.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are required to be used in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only embodiments of the present invention, and that other drawings can be obtained according to the provided drawings without inventive effort for a person skilled in the art.
Fig. 1 is a method flowchart of a server management method according to an embodiment of the present invention;
FIG. 2 is a flowchart of another method of managing a server according to an embodiment of the present invention;
FIG. 3 is a flowchart illustrating a method for managing a server according to an embodiment of the present invention;
FIG. 4 is a flowchart of another method of managing a server according to an embodiment of the present invention;
fig. 5 is a diagram illustrating a scenario of a management method of a server according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of a management device of a server according to an embodiment of the present invention;
fig. 7 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
In this application, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The method provided by the invention can be applied to various systems or platforms constructed by servers or processors, and can be used in a distributed computing environment constructed by computers. By the method and the system, the servers of all systems in the enterprise can be managed, and operation and maintenance personnel of each server can be determined, so that when the server has a vulnerability, the operation and maintenance personnel can be timely informed to maintain.
The execution subject of the method provided by the invention can be a platform or a server in a system, and referring to fig. 1, a method flowchart of a method for managing a server provided by the invention is specifically as follows:
S101, when a scanning instruction sent by a user is received, determining each server corresponding to the scanning instruction, and judging whether a server which does not determine operation and maintenance personnel exists in each server.
In the method provided by the embodiment of the invention, the user can be a manager or a supervisor of each server in the management system; when a plurality of systems are included in the platform and each system includes a plurality of servers, the scanning instruction can include system information, a system corresponding to the system information is determined, and each server in the system is determined to be each server corresponding to the scanning instruction; optionally, the scanning instruction may further include a respective server identifier, and a server corresponding to the server identifier is determined based on each server identifier, so that a respective server corresponding to the scanning instruction may be determined; optionally, when dividing the server into service areas, the scanning instruction may further include area information, determine a service area corresponding to the area information, and determine each server located in the service area as each server corresponding to the scanning instruction.
Further, after determining each server corresponding to the scanning instruction, in each server, it is determined whether each server has determined an operation and maintenance person, in other words, whether a server having no determined operation and maintenance person exists in each server; when each server determines the operation and maintenance personnel, the flow of the invention can be ended; in other words, when there is no server for which the operation and maintenance person is not determined in the respective servers, the flow is ended; and when there is a server for which the operation and maintenance person is not determined among the respective servers, S102 is performed.
S102, when the fact that the server of the undetermined operation and maintenance personnel exists is determined, determining the server of the undetermined operation and maintenance personnel as a target server, and acquiring server information of the target server.
In the method provided by the embodiment of the invention, the server of the undetermined operation and maintenance personnel is determined as the target server, and preferably, the server of the undetermined operation and maintenance personnel can be multiple or one server.
Preferably, the target server may also be a server where vulnerabilities exist and have not yet been repaired and for which the operation and maintenance personnel have not been determined.
Further, in the present invention, server information of the target server is obtained, where the server information includes, but is not limited to, operating system information, vulnerability information, open service, and open port information of the target server.
S103, determining the system type of the operating system of the target server based on the server information.
In the method provided by the embodiment of the invention, the system type of the operating system of the target server can be determined based on the operating system information, the vulnerability information and the open port in the server information; it should be noted that the system types include, but are not limited to, the following: desktop operating system, embedded operating system, web server operating system, application server operating system and database server system; further, each system type has a different type identifier, and the system type of the operating system can be determined according to the type identifier.
S104, determining an operation and maintenance behavior model corresponding to the system type in each operation and maintenance behavior model which is built in advance, and determining the operation and maintenance behavior model corresponding to the system type as a target model, wherein the operation and maintenance behavior model comprises behavior characteristics of various operation and maintenance behaviors, and the operation and maintenance behaviors are behaviors of operation and maintenance personnel for conducting operation and maintenance processing on a server.
In the method provided by the embodiment of the invention, the operation and maintenance behavior model corresponding to the system type is determined based on the type identifier of the system type; it should be noted that, each system type of the operating system has an operation and maintenance behavior model corresponding to the system type; each operation and maintenance model comprises the behavior characteristics of various operation and maintenance behaviors, wherein the operation and maintenance behaviors are the behaviors of operation and maintenance personnel for carrying out operation and maintenance treatment on a server of a system type corresponding to the operation and maintenance model; the various operation and maintenance actions can be specifically: administrator account login, administrator account password modification, newly added system (application) administrator, use of system (application) upgrade patch, modify system time, newly added delete mobile system (application) file, modify system (application) filename, etc., various operations including but not limited to the examples illustrated herein.
Further, each operation and maintenance behavior has a corresponding behavior feature.
S105, acquiring flow data of the target server in a preset time step, wherein the flow data comprises at least one operation flow.
In the method provided by the embodiment of the invention, the preset time step can be set according to actual requirements, for example, any 7 consecutive days or any 30 consecutive days, or 3 consecutive and nearest days; the specific process of obtaining the flow data of the target server in the preset time step can be as follows:
determining a switch connected with the target server; the number of switches connected to the target server is plural or one; one or more servers are connected with each switch;
determining switching data of the switch in the time step in a preset switching database;
extracting flow data of the target server from the exchange data; when the traffic data of the target server is extracted from the exchange data, specifically, the traffic data of the target server may be extracted from the exchange data based on the server identifier of the target server.
Optionally, the operation flow is data interacted when the server is applied or operated.
S106, inputting the flow data into a preset flow analysis system, triggering the flow analysis system to determine the flow type of each operation flow based on the target model, and determining the operation flow with the flow type being the operation and maintenance type as the target flow.
In the method provided by the embodiment of the invention, the flow analysis system analyzes each operation flow in the flow data, and the flow analysis system determines the flow type of each operation flow based on the target model, wherein the specific flow for determining the flow type of each operation flow can be described with reference to fig. 2, and the specific flow is as follows:
s201, the flow analysis system analyzes each operation flow in the flow data to obtain the data characteristics of each operation flow.
In the method provided by the embodiment of the invention, the flow analysis system extracts the data characteristics in each operation flow, wherein the data characteristics comprise, but are not limited to, operation characteristics, transaction characteristics, link characteristics and the like; the data features are used for judging the flow type of the operation flow by the flow analysis system.
S202, judging whether behavior features matched with the data features of each operation flow exist in the target model or not for each operation flow, and executing S203 if the behavior features matched with the data features exist in the target model; if no behavior feature matching the data feature exists in the target model, S204 is executed.
In the method provided by the embodiment of the invention, the target model comprises behavior features of various operation and maintenance behaviors, wherein the operation and maintenance behaviors are behaviors of operation and maintenance personnel for performing operation and maintenance processing on the server, and the data features of each operation flow are compared with each behavior feature in the target model to judge whether each behavior feature in the target model has the behavior feature matched with the data feature.
S203, determining that the flow type of the operation flow is an operation and maintenance type.
S204, determining that the flow type of the operation flow is a non-operation-maintenance type.
When the flow type of the operation flow is the operation and maintenance type, the operation flow can be described as the operation and maintenance flow, namely the flow generated when operation and maintenance personnel perform operation and maintenance operation; when the traffic type of the operation traffic is a non-operation type, it can be stated that the operation traffic is not an operation traffic, and may be a service traffic, that is, a traffic when the user handles the service.
In the method provided by the embodiment of the invention, the data characteristics in each operation flow are acquired, and the flow type of the operation flow can be accurately determined according to the target model, so that whether the flow type of the operation flow is an operation and maintenance type can be further distinguished, the operation and maintenance flow can be determined from a plurality of operation flows, and the operation and maintenance personnel can be conveniently determined.
And S107, determining an operation and maintenance machine corresponding to the target flow, and determining operation and maintenance personnel of the target server based on the operation and maintenance record of the operation and maintenance machine.
In the method provided by the embodiment of the invention, the operation flow with the flow type being the operation and maintenance type is determined as the target flow, the link path of the target flow is determined by analyzing the target flow, so that the operation and maintenance machine generating the target flow can be determined, the registration information of the operation and maintenance machine is read, the operation and maintenance personnel of the operation and maintenance machine is determined based on the registration information, and the operation and maintenance personnel are determined as the operation and maintenance personnel of the target server; optionally, after determining the operation and maintenance machine generating the target flow, determining the generation time of the target flow, determining an operation record corresponding to the generation time in the operation and maintenance records of the operation and maintenance machine, determining an operation and maintenance person based on the operation record, and determining the operation and maintenance person as the operation and maintenance person of the target server.
In the method provided by the embodiment of the invention, when a scanning instruction is received, each server is determined, and whether a server which does not determine operation and maintenance personnel exists in each server is judged; when the operation personnel exist, determining a server which does not determine the operation personnel as a target server, and acquiring server information of the target server; determining a system type of an operating system of the target server based on the server information; determining an operation and maintenance behavior model corresponding to the system type in each operation and maintenance behavior model which is built in advance, and determining the operation and maintenance behavior model corresponding to the system type as a target model, wherein the operation and maintenance behavior model comprises behavior characteristics of various operation and maintenance behaviors, and the operation and maintenance behaviors are behaviors of operation and maintenance personnel for carrying out operation and maintenance treatment on a server; acquiring flow data of a target server in a preset time step; inputting the flow data into a preset flow analysis system, triggering the flow analysis system to determine the flow type of each operation flow based on a target model, and determining the operation flow with the flow type being the operation and maintenance type as the target flow; and determining an operation and maintenance machine corresponding to the target flow, and determining operation and maintenance personnel of the target server based on operation and maintenance records of the operation and maintenance machine. When the server of which the operation staff is not determined exists, the scheme provided by the invention can be applied to the operation staff of the server of which the operation staff is not determined, so that the corresponding operation staff can be timely informed to maintain the server when the server has a vulnerability, the safety of the system is ensured, and the server asset of the system can be managed and the server asset is transparent by defining the operation staff of each server.
In the method provided by the embodiment of the invention, after each server corresponding to the scanning instruction is determined, whether a server which does not determine operation and maintenance personnel exists in each server is required to be judged, and the specific flow is described below with reference to fig. 3:
s301, obtaining service address information of each server.
In the method provided by the embodiment of the invention, the service address information comprises, but is not limited to, information such as an IP address and a MAC address of a server.
S302, determining whether service address information which is not stored in a preset asset list exists in the service address information; when there is no service address information not saved in the asset list, S303 is performed; when there is service address information that is not saved in the asset list, S304 is performed.
S303, determining that a server without determining operation staff exists.
S304, determining that a server with undetermined operation and maintenance personnel exists.
In the method provided by the embodiment of the invention, the service address information of the server is recorded in the asset list, the asset list is used for realizing asset management of the server by enterprises, and the asset list can also be used for managing the server. Further, if the service address information of the server does not exist in the asset list, it is indicated that the server is an unknown server or an unobserved server, and the operation and maintenance personnel of the server cannot be known at this time.
In the method provided by the embodiment of the invention, after the operation and maintenance personnel of the target server are determined, the service address information of the target server and the personnel information of the operation and maintenance personnel are bound, and the bound service address information and personnel information are stored in an asset list.
In the method provided by the embodiment of the invention, after the operation and maintenance personnel of the target server are determined, the personnel information of the operation and maintenance personnel and the service address information of the target server are bound, and the bound service address information and personnel information are stored in the asset list, so that when the vulnerability or the fault occurs in the target server, the operation and maintenance personnel of the target server can be rapidly determined, and the operation and maintenance personnel can be timely notified to maintain the target server, thereby ensuring the safety of the system, reducing the safety risk of the system and preventing great loss.
In the method provided by the embodiment of the invention, when the operation and maintenance personnel of the target server are determined, the operation flow with the flow type being the operation and maintenance type is required to be determined by means of the operation and maintenance behavior model, the operation and maintenance behavior model is required to be constructed in advance, the process of constructing the operation and maintenance behavior model is shown in fig. 4, and the specific description is as follows:
S401, determining the system type of an operating system of each sample server in a preset sample library.
In the method provided by the embodiment of the invention, the system type of each sample server can be determined based on the sample system information of each sample server. Each sample server is a server for which an operation and maintenance person has been determined.
S402, determining a sample set of each system type.
In the method provided by the embodiment of the invention, each sample server belonging to the same system type is classified into the same set, so that a sample set of each system type can be obtained, the sample set comprises at least one target sample server, the target sample server is a sample server with an operating system of the system type, namely, the system type of the operating system of the target server is the same as the system type of the sample set to which the target server belongs.
S403, for each sample set, determining the operation and maintenance flow of each operation and maintenance action based on the sample flow of each target sample server in the sample set, determining the operation and maintenance characteristics of each operation and maintenance action based on the operation and maintenance flow of each operation and maintenance action, filling each operation and maintenance characteristic into a preset blank model to obtain an operation and maintenance characteristic model, and determining the operation and maintenance characteristic model as the operation and maintenance action model of the system type of the sample set.
In the method provided by the embodiment of the invention, when the operation and maintenance flow of each operation and maintenance action is determined, the operation and maintenance flow of each operation and maintenance action is determined according to the operation and maintenance audit record of each target sample server; it should be noted that there are a plurality of parameters of the operation characteristics of each operation and maintenance behavior.
By applying the method provided by the invention, the operation and maintenance behavior model corresponding to each system type is constructed, the operation and maintenance behavior model comprises various operation characteristics of each operation and maintenance behavior corresponding to the system type, and the operation and maintenance personnel of the target server can be accurately determined by quickly determining that the flow type of the target server is the operation flow of the operation and maintenance type through the constructed operation and maintenance behavior model.
Referring to fig. 5, a scenario example diagram is provided for an embodiment of the present invention, and a scheme provided by the present invention is described based on fig. 5, and the specific description is as follows:
fig. 5 includes a server 401, an operation and maintenance machine 402, a switch 403, and a traffic analysis system 404; each server 401 is connected with the operation and maintenance machine corresponding to the server through a switch 403; the traffic analysis system 404 is connected to each switch, wherein the switches 403 are in one-to-one correspondence with the operation and maintenance machines 402.
Further, at least one switch 403 in fig. 5, the switch in fig. 5 may be other devices or distributed systems with gateway functions, such as a router, a firewall, a computer with routing functions, or a system built using a router or a switch, etc.
It should be noted that, fig. 5 is only an exemplary view of an exemplary scenario, and in practical application, devices such as a vulnerability scanning system may be further involved; the vulnerability scanning system can scan each server and determine services which are not recorded in a preset asset list in each server, namely the vulnerability scanning system can determine servers which are not used for determining operation and maintenance personnel in each server.
Describing a practical example, wherein an intranet of an enterprise consists of a plurality of servers, after each server is remotely scanned, finding that a server X does not determine operation and maintenance service personnel and a vulnerability exists, and further describing that the server X is not in a server asset list when the server X does not determine the operation and maintenance service personnel; the loopholes existing in the server X are remote execution code loopholes (CVE-2019-0708) of a Microsoft Windows remote desktop service; the method comprises the steps that a port and a service opened by a server X are found through scanning, the system type of an operating system of the server X is a windows server, an operation and maintenance behavior model corresponding to the windows server is determined, a flow analysis system determines the flow type of the operation flow of the server X in a week based on the operation and maintenance behavior model, the operation flow with the flow type being the operation and maintenance type is determined to be a target flow, the opposite end of the target flow is found to be an operation and maintenance machine A through analysis, staff using the operation and maintenance machine A is determined to be a, staff a is determined to be the operation and maintenance staff of the server X, and the loophole condition of the server X is informed to staff a, so that the staff a can repair patches of the server X, and the safety risk of the whole system is reduced.
By the method and the system, the server which does not determine the operation and maintenance personnel can be actively searched for the operation and maintenance personnel, the operation and maintenance personnel can be timely informed of performing vulnerability repair when the server has vulnerabilities, the server is input into an asset list, and therefore the management capability of server assets in enterprises can be improved.
Corresponding to fig. 1, the present invention provides a management device of a server, which can be applied to various computers or processors to support the practical application of the method shown in fig. 1, and the device structure diagram of the device is shown in fig. 6, and is specifically as follows:
a first determining unit 601, configured to determine, when a scanning instruction sent by a user is received, each server corresponding to the scanning instruction, and determine whether a server in which an operation and maintenance person is not determined exists in each server;
a first obtaining unit 602, configured to, when determining that a server of an undetermined operation and maintenance person exists, determine the server of the undetermined operation and maintenance person as a target server, and obtain server information of the target server;
a second determining unit 603 configured to determine a system type of an operating system of the target server based on the server information;
A third determining unit 604, configured to determine, from among the pre-built operation models, an operation model corresponding to the system type, and determine, as a target model, an operation model corresponding to the system type, where the operation model includes operation features of various operation behaviors, where the operation behaviors are behaviors of an operation staff performing operation processing on a server;
a second obtaining unit 605, configured to obtain flow data of the target server within a preset time step, where the flow data includes at least one operation flow;
the triggering unit 606 is configured to input the flow data into a preset flow analysis system, trigger the flow analysis system to determine a flow type of each operation flow based on the target model, and determine an operation flow with a flow type being an operation and maintenance type as a target flow;
a fourth determining unit 607, configured to determine an operation and maintenance machine corresponding to the target traffic, and determine an operation and maintenance person of the target server based on an operation and maintenance record of the operation and maintenance machine.
In the device provided by the embodiment of the invention, when a scanning instruction is received, each server is determined, and whether a server which does not determine operation and maintenance personnel exists in each server is judged; when the operation personnel exist, determining a server which does not determine the operation personnel as a target server, and acquiring server information of the target server; determining a system type of an operating system of the target server based on the server information; determining an operation and maintenance behavior model corresponding to the system type in each operation and maintenance behavior model which is built in advance, and determining the operation and maintenance behavior model corresponding to the system type as a target model, wherein the operation and maintenance behavior model comprises behavior characteristics of various operation and maintenance behaviors, and the operation and maintenance behaviors are behaviors of operation and maintenance personnel for carrying out operation and maintenance treatment on a server; acquiring flow data of a target server in a preset time step; inputting the flow data into a preset flow analysis system, triggering the flow analysis system to determine the flow type of each operation flow based on a target model, and determining the operation flow with the flow type being the operation and maintenance type as the target flow; and determining an operation and maintenance machine corresponding to the target flow, and determining operation and maintenance personnel of the target server based on operation and maintenance records of the operation and maintenance machine. When the server of which the operation staff is not determined exists, the scheme provided by the invention can be applied to the operation staff of the server of which the operation staff is not determined, so that the corresponding operation staff can be timely informed to maintain the server when the server has a vulnerability, the safety of the system is ensured, and the server asset of the system can be managed and the server asset is transparent by defining the operation staff of each server.
Based on the above example, in the apparatus provided by the embodiment of the present invention, the first determining unit 601 may be configured to:
an acquisition subunit, configured to acquire service address information of each server;
a first determining subunit configured to determine whether service address information that is not stored in a preset asset list exists in each of the service address information;
a second determining subunit configured to determine that there is no server for which the operation and maintenance person is not determined, when there is no service address information that is not saved in the asset list;
and a third determining subunit for determining that a server of undetermined operation and maintenance personnel exists when the service address information which is not saved in the asset list exists.
Based on the above examples, in the apparatus provided by the embodiments of the present invention, the triggering unit 606 may be configured to:
the flow analysis system is used for analyzing each operation flow in the flow data to obtain the data characteristics of each operation flow;
the judging subunit is used for judging whether the behavior characteristics matched with the data characteristics of each operation flow exist in the target model for each operation flow;
A fourth determining subunit, configured to determine, if a behavior feature matched with the data feature exists in the target model, that a traffic type of the operation traffic is an operation and maintenance type;
and a fifth determining subunit, configured to determine that the traffic type of the operation traffic is a non-operation-dimension type if no behavior feature matched with the data feature exists in the target model.
Based on the above examples, the apparatus provided in the embodiments of the present invention may be further configured to:
and the binding unit is used for binding the service address information of the target server and the personnel information of the operation and maintenance personnel, and storing the service address information and the personnel information after binding into the asset list.
Based on the above examples, the apparatus provided in the embodiments of the present invention may be further configured to:
a fifth determining unit, configured to determine a system type of an operating system of each sample server in a preset sample library;
a sixth determining unit, configured to determine a sample set of each system type, where the sample set includes at least one target sample server, and the target sample server is a sample server of an operating system that is the system type;
A seventh determining unit, configured to determine, for each sample set, an operation and maintenance flow rate of each operation and maintenance behavior based on a sample flow rate of each target sample server in the sample set, determine an operation feature of each operation and maintenance behavior based on the operation and maintenance flow rate of each operation and maintenance behavior, fill each operation feature into a preset blank model to obtain an operation and maintenance feature model, and determine the operation and maintenance feature model as an operation and maintenance behavior model of a system type of the sample set.
The embodiment of the invention also provides a storage medium, which comprises stored instructions, wherein the equipment where the storage medium is controlled to execute the management method of the server when the instructions run.
The embodiment of the present invention further provides an electronic device, whose structural schematic diagram is shown in fig. 7, specifically including a memory 701, and one or more instructions 702, where the one or more instructions 702 are stored in the memory 701, and configured to be executed by the one or more processors 703, where the one or more instructions 702 perform the following operations:
when a scanning instruction sent by a user is received, determining each server corresponding to the scanning instruction, and judging whether a server which does not determine operation and maintenance personnel exists in each server;
When the existence of a server of an undetermined operation and maintenance person is determined, determining the server of the undetermined operation and maintenance person as a target server, and acquiring server information of the target server;
determining a system type of an operating system of the target server based on the server information;
determining an operation model corresponding to the system type in each operation model which is built in advance, and determining the operation model corresponding to the system type as a target model, wherein the operation model comprises the behavior characteristics of various operation behaviors, and the operation behaviors are the behaviors of operation staff for carrying out operation processing on a server;
acquiring flow data of the target server in a preset time step, wherein the flow data comprises at least one operation flow;
inputting the flow data into a preset flow analysis system, triggering the flow analysis system to determine the flow type of each operation flow based on the target model, and determining the operation flow with the flow type of the operation type as the target flow;
and determining an operation and maintenance machine corresponding to the target flow, and determining operation and maintenance personnel of the target server based on operation and maintenance records of the operation and maintenance machine.
The specific implementation process and derivative manner of the above embodiments are all within the protection scope of the present invention.
In this specification, each embodiment is described in a progressive manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments. In particular, for a system or system embodiment, since it is substantially similar to a method embodiment, the description is relatively simple, with reference to the description of the method embodiment being made in part. The systems and system embodiments described above are merely illustrative, wherein the elements illustrated as separate elements may or may not be physically separate, and the elements shown as elements may or may not be physical elements, may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. Those of ordinary skill in the art will understand and implement the present invention without undue burden.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative elements and steps are described above generally in terms of functionality in order to clearly illustrate the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (8)
1. A method for managing a server, comprising:
when a scanning instruction sent by a user is received, determining each server corresponding to the scanning instruction, and judging whether a server which does not determine operation and maintenance personnel exists in each server;
when the existence of a server of an undetermined operation and maintenance person is determined, determining the server of the undetermined operation and maintenance person as a target server, and acquiring server information of the target server;
determining a system type of an operating system of the target server based on the server information;
determining an operation and maintenance behavior model corresponding to the system type in each operation and maintenance behavior model which is built in advance, and determining the operation and maintenance behavior model corresponding to the system type as a target model, wherein the operation and maintenance behavior model comprises behavior characteristics of various operation and maintenance behaviors, the operation and maintenance behaviors are behaviors of operation and maintenance personnel for carrying out operation and maintenance processing on a server, and the operation and maintenance behavior model is used for judging whether the flow type of the operation flow is the operation flow of the operation and maintenance type;
Acquiring flow data of the target server in a preset time step, wherein the flow data comprises at least one operation flow;
inputting the flow data into a preset flow analysis system, triggering the flow analysis system to determine the flow type of each operation flow based on the target model, and determining the operation flow with the flow type of the operation type as the target flow;
determining an operation and maintenance machine corresponding to the target flow, and determining operation and maintenance personnel of the target server based on operation and maintenance records of the operation and maintenance machine;
the triggering the flow analysis system to determine a flow type for each of the operational flows based on the target model includes:
the flow analysis system analyzes each operation flow in the flow data to obtain the data characteristics of each operation flow;
judging whether behavior features matched with the data features of each operation flow exist in the target model for each operation flow;
if the behavior characteristics matched with the data characteristics exist in the target model, determining that the flow type of the operation flow is an operation and maintenance type;
And if the behavior characteristics matched with the data characteristics do not exist in the target model, determining that the flow type of the operation flow is a non-operation-maintenance type.
2. The method of claim 1, wherein said determining whether there is a server of the undetermined operation and maintenance personnel in each of the servers comprises:
acquiring service address information of each server;
determining whether service address information which is not stored in a preset asset list exists in each service address information;
when there is no service address information which is not stored in the asset list, determining that there is no server which does not determine operation and maintenance personnel;
when there is service address information that is not saved in the asset list, it is determined that there is a server for which an operation and maintenance person is not determined.
3. The method as recited in claim 2, further comprising:
binding the service address information of the target server and the personnel information of the operation and maintenance personnel, and storing the service address information and the personnel information after binding into the asset list.
4. The method of claim 1, wherein the process of constructing each of the operational behavior models comprises:
Determining the system type of an operating system of each sample server in a preset sample library;
determining a sample set of each system type, wherein the sample set comprises at least one target sample server, and the target sample server is a sample server of which the operating system is the system type;
for each sample set, determining the operation and maintenance flow of each operation and maintenance action based on the sample flow of each target sample server in the sample set, determining the operation and maintenance characteristics of each operation and maintenance action based on the operation and maintenance flow of each operation and maintenance action, filling each operation and maintenance characteristic into a preset blank model to obtain an operation and maintenance characteristic model, and determining the operation and maintenance characteristic model as an operation and maintenance action model of the system type of the sample set, wherein the preset blank model is an untrained operation and maintenance characteristic model.
5. A management device of a server, comprising:
the first determining unit is used for determining each server corresponding to the scanning instruction when receiving the scanning instruction sent by the user, and judging whether the server of which the operation and maintenance personnel are not determined exists in each server;
a first acquisition unit configured to, when it is determined that a server of an undetermined operation and maintenance person exists, determine the server of the undetermined operation and maintenance person as a target server, and acquire server information of the target server;
A second determining unit configured to determine a system type of an operating system of the target server based on the server information;
a third determining unit, configured to determine, in each of the pre-built operation models, an operation model corresponding to the system type, and determine, as a target model, an operation model corresponding to the system type, where the operation model includes behavior features of various operation behaviors, where the operation behaviors are behaviors of operation staff performing operation processing on a server;
the second acquisition unit is used for acquiring flow data of the target server in a preset time step, wherein the flow data comprises at least one operation flow;
the triggering unit is used for inputting the flow data into a preset flow analysis system, triggering the flow analysis system to determine the flow type of each operation flow based on the target model, and determining the operation flow with the flow type being the operation and maintenance type as the target flow;
a fourth determining unit, configured to determine an operation and maintenance machine corresponding to the target flow, and determine an operation and maintenance person of the target server based on an operation and maintenance record of the operation and maintenance machine;
The trigger unit includes:
the flow analysis system is used for analyzing each operation flow in the flow data to obtain the data characteristics of each operation flow;
the judging subunit is used for judging whether the behavior characteristics matched with the data characteristics of each operation flow exist in the target model for each operation flow;
a fourth determining subunit, configured to determine, if a behavior feature matched with the data feature exists in the target model, that a traffic type of the operation traffic is an operation and maintenance type;
and a fifth determining subunit, configured to determine that the traffic type of the operation traffic is a non-operation-dimension type if no behavior feature matched with the data feature exists in the target model.
6. The apparatus according to claim 5, wherein the first determining unit includes:
an acquisition subunit, configured to acquire service address information of each server;
a first determining subunit configured to determine whether service address information that is not stored in a preset asset list exists in each of the service address information;
a second determination subunit for determining that there is no server for which the operation and maintenance personnel is not determined when there is no service address information not stored in the asset list
And a third determining subunit for determining that a server of undetermined operation and maintenance personnel exists when the service address information which is not saved in the asset list exists.
7. The apparatus as recited in claim 6, further comprising:
and the binding unit is used for binding the service address information of the target server and the personnel information of the operation and maintenance personnel, and storing the service address information and the personnel information after binding into the asset list.
8. The apparatus as recited in claim 5, further comprising:
a fifth determining unit, configured to determine a system type of an operating system of each sample server in a preset sample library;
a sixth determining unit, configured to determine a sample set of each system type, where the sample set includes at least one target sample server, and the target sample server is a sample server of an operating system that is the system type;
a seventh determining unit, configured to determine, for each sample set, an operation and maintenance flow of each operation and maintenance behavior based on a sample flow of each target sample server in the sample set, determine an operation and maintenance feature of each operation and maintenance behavior based on the operation and maintenance flow of each operation and maintenance behavior, fill each operation and maintenance feature into a preset blank model to obtain an operation and maintenance feature model, and determine the operation and maintenance feature model as an operation and maintenance behavior model of a system type of the sample set, where the preset blank model is an untrained operation and maintenance feature model.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011497132.1A CN112580835B (en) | 2020-12-17 | 2020-12-17 | Management method and device of server |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011497132.1A CN112580835B (en) | 2020-12-17 | 2020-12-17 | Management method and device of server |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112580835A CN112580835A (en) | 2021-03-30 |
| CN112580835B true CN112580835B (en) | 2024-03-01 |
Family
ID=75135921
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011497132.1A Active CN112580835B (en) | 2020-12-17 | 2020-12-17 | Management method and device of server |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112580835B (en) |
-
2020
- 2020-12-17 CN CN202011497132.1A patent/CN112580835B/en active Active
Non-Patent Citations (1)
| Title |
|---|
| 数据中心智能化运维探索与实践;王鲲;;中国金融电脑(第07期);第63-67页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112580835A (en) | 2021-03-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7472421B2 (en) | Computer model of security risks | |
| CN102484640B (en) | For solving the method and apparatus of the threat detected | |
| KR101883400B1 (en) | detecting methods and systems of security vulnerability using agentless | |
| JP2019153336A (en) | Automatic reduction in security threat of electronic message basis | |
| US20210281599A1 (en) | Cyber Security System and Method Using Intelligent Agents | |
| US11637861B2 (en) | Reachability graph-based safe remediations for security of on-premise and cloud computing environments | |
| CN106888106A (en) | The extensive detecting system of IT assets in intelligent grid | |
| US9866577B2 (en) | Method for detecting intrusions on a set of virtual resources | |
| CN114679292B (en) | Honeypot identification method, device, equipment and medium based on network space mapping | |
| JP2002251374A (en) | System and method for managing information, program for permitting computer to execute method, and computer readable recording medium recording the program | |
| KR20140035146A (en) | Apparatus and method for information security | |
| CN113614718A (en) | Abnormal user session detector | |
| CN108418697B (en) | Implementation architecture of intelligent safe operation and maintenance service cloud platform | |
| CN115361203A (en) | Vulnerability analysis method based on distributed scanning engine | |
| CN113163012B (en) | Internet of things equipment management method and device based on block chain | |
| CN116915516B (en) | Software cross-cloud delivery method, transfer server, target cloud and storage medium | |
| Putra et al. | Infrastructure as code for security automation and network infrastructure monitoring | |
| CN112580835B (en) | Management method and device of server | |
| Yermalovich et al. | Formalization of attack prediction problem | |
| JP6933320B2 (en) | Cybersecurity framework box | |
| Vásquez-Bermúdez et al. | Analysis of a network fault detection system to support decision making | |
| CN113301040A (en) | Firewall strategy optimization method, device, equipment and storage medium | |
| Welberg | Vulnerability management tools for COTS software-A comparison | |
| KR101016444B1 (en) | A network management system using telnet protocol | |
| US11704403B2 (en) | Detecting and preventing unauthorized command injection |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |