CN112887287A - Fortress machine, operation and maintenance auditing method, electronic device and storage medium - Google Patents
Fortress machine, operation and maintenance auditing method, electronic device and storage medium Download PDFInfo
- Publication number
- CN112887287A CN112887287A CN202110062972.3A CN202110062972A CN112887287A CN 112887287 A CN112887287 A CN 112887287A CN 202110062972 A CN202110062972 A CN 202110062972A CN 112887287 A CN112887287 A CN 112887287A
- Authority
- CN
- China
- Prior art keywords
- maintenance
- graphical interface
- service module
- equipment
- protocol
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012423 maintenance Methods 0.000 title claims abstract description 206
- 238000000034 method Methods 0.000 title claims abstract description 46
- 238000012550 audit Methods 0.000 claims abstract description 44
- 238000004590 computer program Methods 0.000 claims description 16
- 230000008569 process Effects 0.000 claims description 16
- 238000012795 verification Methods 0.000 claims description 8
- 230000002457 bidirectional effect Effects 0.000 claims description 4
- 230000000977 initiatory effect Effects 0.000 claims 1
- 238000005516 engineering process Methods 0.000 abstract description 9
- 230000005540 biological transmission Effects 0.000 description 7
- 238000011161 development Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 238000004891 communication Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 238000013461 design Methods 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000012827 research and development Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/04—Network management architectures or arrangements
- H04L41/046—Network management architectures or arrangements comprising network management agents or mobile agents therefor
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/22—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks comprising specially adapted graphical user interfaces [GUI]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0281—Proxies
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Human Computer Interaction (AREA)
- Debugging And Monitoring (AREA)
Abstract
The application relates to a fortress machine, an operation and maintenance auditing method, an electronic device and a storage medium. Wherein, this fort machine includes: the protocol proxy service module is coupled with the graphical interface service module; the protocol agent service module is used for receiving operation and maintenance task starting parameters of target equipment sent by an operation and maintenance client, wherein the target equipment comprises first equipment to be subjected to operation and maintenance audit; and the graphical interface service module is used for starting the first equipment according to the operation and maintenance task starting parameters, generating a graphical interface corresponding to the started first equipment, and sending the graphical interface to the operation and maintenance client through the protocol proxy service module, wherein the graphical interface is associated with operation and maintenance data for auditing the first equipment. Through the application, the problem of low safety of operation and maintenance audit in the related technology is solved, and the safety of the operation and maintenance audit is improved.
Description
Technical Field
The application relates to the technical field of network security, in particular to a fortress machine, an operation and maintenance auditing method, an electronic device and a storage medium.
Background
With the requirement of network security becoming higher and higher, an operation and maintenance security audit system (bastion machine system) becomes an essential item for construction of equal insurance. At present, the bastion machine product mainly realizes the record and audit of operation and maintenance operation through a protocol proxy server and an application virtualization server. The protocol agent mainly solves several types of common operation and maintenance protocols, such as rdp protocol, SSH protocol, TELNET protocol, FTP protocol, SFTP protocol and the like; the application of the virtualization technology solves the recording and auditing work of specific unconventional protocol operation and maintenance (such as SAP operation and maintenance work, system operation and maintenance work of proprietary protocols and the like) on the basis of protocol agents.
In the related art, the application virtualization server mainly adopts a Windows operating system. In the research process, with the development of the internet, the difficulty of network attack and the attack cost are reduced, and because the Windows operating system is widely used, a plurality of security holes and attack means are exploded, so that the problem of low security exists in the operation and maintenance auditing process of the application virtualization server adopting the Windows operating system.
At present, no effective solution is provided for the problem of low safety of operation and maintenance audit in the related technology.
Disclosure of Invention
The embodiment of the application provides a fort machine, an operation and maintenance auditing method, an electronic device and a storage medium, and aims to at least solve the problem of low safety of operation and maintenance auditing in the related technology.
In a first aspect, an embodiment of the present application provides a fort machine, the fort machine includes: the system comprises a protocol proxy service module and a graphical interface service module, wherein the protocol proxy service module is coupled with the graphical interface service module; wherein,
the protocol agent service module is used for receiving operation and maintenance task starting parameters of target equipment sent by an operation and maintenance client, wherein the target equipment comprises first equipment to be subjected to operation and maintenance audit;
the graphical interface service module is used for starting the first equipment according to the operation and maintenance task starting parameters, generating a graphical interface corresponding to the started first equipment, and sending the graphical interface to the operation and maintenance client through the protocol proxy service module, wherein the graphical interface is associated with operation and maintenance data for auditing the first equipment.
In some embodiments, the protocol proxy service module comprises: and the rdpproxy service unit is used for establishing and maintaining a bidirectional connecting channel between the operation and maintenance client and the graphical interface service module.
In some of these embodiments, the fort machine further comprises: and the verification module is coupled between the protocol agent service module and the graphical interface service module and used for verifying the identification information of the operation and maintenance client and sending the operation and maintenance task starting parameters to the graphical interface service module under the condition of successful verification.
In some of these embodiments, the graphical interface service module comprises at least one of: VNC protocol graphical interface service module and X protocol graphical interface service module.
In some embodiments, the operation and maintenance task starting parameters include: the IP address of the target equipment, the port of the target equipment, the target equipment for operation and maintenance, the account number for starting the target equipment and the password for starting the target equipment.
In some of these embodiments, the fort machine further comprises: the system comprises an acquisition module and a storage module, wherein the acquisition module is used for acquiring an operation log generated in the process of starting the target equipment; the storage module is used for storing the operation log.
In some of these embodiments, the fort machine further comprises: and the display module is used for displaying the operation log.
In a second aspect, the embodiment of the present application further provides an operation and maintenance auditing method based on the bastion machine in the first aspect, where the method includes:
receiving an operation and maintenance task starting parameter of target equipment sent by an operation and maintenance client, wherein the target equipment comprises first equipment to be subjected to operation and maintenance audit;
starting the first equipment according to the operation and maintenance task starting parameters, generating a graphical interface corresponding to the started first equipment, and sending the graphical interface to the operation and maintenance client, wherein the graphical interface is associated with operation and maintenance data for auditing the first equipment.
In a third aspect, an embodiment of the present application provides an electronic apparatus, which includes a memory, a processor, and a computer program stored on the memory and executable on the processor, and when the processor executes the computer program, the operation and maintenance auditing method according to the second aspect is implemented.
In a fourth aspect, embodiments of the present application provide a storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the operation and maintenance auditing method according to the second aspect.
Compared with the related art, the bastion machine, the operation and maintenance auditing method, the electronic device and the storage medium provided by the embodiment of the application have the advantages that the protocol proxy service module and the graphical interface service module are arranged in the bastion machine, and the protocol proxy service module is coupled with the graphical interface service module; the protocol agent service module is used for receiving operation and maintenance task starting parameters of target equipment sent by an operation and maintenance client, wherein the target equipment comprises first equipment to be subjected to operation and maintenance audit; the graphical interface service module is used for starting the first equipment according to the operation and maintenance task starting parameters, generating a graphical interface corresponding to the started first equipment, and sending the graphical interface to the operation and maintenance client through the protocol proxy service module, wherein the graphical interface is associated with operation and maintenance data for auditing the first equipment, the problem of low safety of operation and maintenance auditing in the related technology is solved, and the safety of operation and maintenance auditing is improved.
The details of one or more embodiments of the application are set forth in the accompanying drawings and the description below to provide a more thorough understanding of the application.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
FIG. 1 is a block diagram of a bastion machine according to an embodiment of the present application;
FIG. 2 is a block diagram of a hardware structure of a terminal of an operation and maintenance auditing method according to an embodiment of the application;
FIG. 3 is a flow chart of an operation and maintenance auditing method according to an embodiment of the application;
FIG. 4 is a flow chart of an operation and maintenance auditing method according to a preferred embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application will be described and illustrated below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments provided in the present application without any inventive step are within the scope of protection of the present application. Moreover, it should be appreciated that in the development of any such actual implementation, as in any engineering or design project, numerous implementation-specific decisions must be made to achieve the developers' specific goals, such as compliance with system-related and business-related constraints, which may vary from one implementation to another.
Reference in the specification to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the specification. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. Those of ordinary skill in the art will explicitly and implicitly appreciate that the embodiments described herein may be combined with other embodiments without conflict.
Unless defined otherwise, technical or scientific terms referred to herein shall have the ordinary meaning as understood by those of ordinary skill in the art to which this application belongs. Reference to "a," "an," "the," and similar words throughout this application are not to be construed as limiting in number, and may refer to the singular or the plural. The present application is directed to the use of the terms "including," "comprising," "having," and any variations thereof, which are intended to cover non-exclusive inclusions; for example, a process, method, system, article, or apparatus that comprises a list of steps or modules (elements) is not limited to the listed steps or elements, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus. Reference to "connected," "coupled," and the like in this application is not intended to be limited to physical or mechanical connections, but may include electrical connections, whether direct or indirect. Reference herein to "a plurality" means greater than or equal to two. "and/or" describes an association relationship of associated objects, meaning that three relationships may exist, for example, "A and/or B" may mean: a exists alone, A and B exist simultaneously, and B exists alone. Reference herein to the terms "first," "second," "third," and the like, are merely to distinguish similar objects and do not denote a particular ordering for the objects.
The embodiment provides a fort machine, and figure 1 is a structural block diagram of the fort machine according to the embodiment of the application, and as shown in figure 1, the fort machine comprises: the protocol proxy service module is coupled with the graphical interface service module; the protocol agent service module is used for receiving operation and maintenance task starting parameters of target equipment sent by an operation and maintenance client, wherein the target equipment comprises first equipment to be subjected to operation and maintenance audit; and the graphical interface service module is used for starting the first equipment according to the operation and maintenance task starting parameters, generating a graphical interface corresponding to the started first equipment, and sending the graphical interface to the operation and maintenance client through the protocol proxy service module, wherein the graphical interface is associated with operation and maintenance data for auditing the first equipment.
In the embodiment, the protocol agent service module and the graphical interface service module are arranged in the bastion machine to communicate the connection of the operation and maintenance audit link between the operation and maintenance client and the target equipment, so that the operation, maintenance and audit of the operation and maintenance client on the target equipment are realized, the operation and maintenance audit is realized without adopting an application virtualization server of a Windows operating system, the problem of low safety of the operation and maintenance audit in the related technology is solved, and the safety of the operation and maintenance audit is improved.
It should be noted that, in this embodiment, the graphical interface may associate the operation and maintenance audit data according to the following ways: after the target device is connected with the graphical interface service module, the target device is started by transmitting operation and maintenance task starting parameters, after the target device is started, the graphical interface service module generates a corresponding graphical interface according to received data associated with the target device, and the graphical interface loads operation data so as to be equivalent to the operation of virtual target device, wherein the data received by the graphical interface service module comprises: system parameters, load parameters, data traffic, log data; meanwhile, the data received by the graphical interface service module also includes operation and maintenance audit data required by the operation and maintenance client, and when the graphical interface service module generates a graphical interface corresponding to the first device, the graphical interface service module associates the corresponding operation and maintenance audit data with the graphical interface, for example: and associating the operation and maintenance data in a form of an associated data table, so that when the operation and maintenance client receives the graphical interface, the operation and maintenance client equivalently establishes connection with the first equipment, acquires the corresponding operation state of the first equipment and reads the operation and maintenance data.
The operation and maintenance audit refers to a technical means for collecting and monitoring the system state, security events and network activities of each component in the network environment in real time by using various technical means so as to intensively alarm, record, analyze and process in order to ensure that the network and the data are not damaged by the system and the data leakage caused by the non-compliant operation of an internal legal user under a specific network environment.
Application virtualization decouples an application program from an operating system and provides a virtual operating environment for the application program. In this environment, not only the executable file of the application but also the runtime environment it needs is included. In essence, application virtualization abstracts the dependence of applications on lower-level systems and hardware, and can solve the problem of version incompatibility.
It should be noted that. The bastion machine in the embodiment of the application can be operated based on a Linux operating system.
Linux, which is called GNU/Linux in its entirety, is a Unix-like operating system which is free to use and spread freely, and is a multi-user, multi-task, multi-thread and multi-CPU supporting operating system based on POSIX and Unix. With the development of the internet, Linux is supported by software enthusiasts, organizations and companies all over the world. The operating system keeps a strong development trend in the aspect of servers, and has great progress on personal computers and embedded systems. The user can not only intuitively obtain the implementation mechanism of the operating system, but also modify and perfect Linux according to the self requirement, so that the Linux is maximally adapted to the requirement of the user.
In the embodiment, the operation and maintenance auditing process of the bastion machine can comprise the following steps:
step 1, the mstsc.exe (windows self-contained application program) of the operation and maintenance client is connected with the original protocol proxy service module of the bastion machine through the rdp protocol, and operation and maintenance task starting parameters are sent to the protocol proxy service module.
And 2, after receiving the operation and maintenance task starting parameter, the protocol agent service module is connected with the graphical interface service module and sends the operation and maintenance task starting parameter to the graphical interface service module.
And 3, receiving the operation and maintenance task starting parameters by a graphical interface service module of the fortress machine, and operating the target equipment with the parameters.
Step 4, after receiving the operation and maintenance task starting parameter, the target equipment is connected;
step 5, the protocol agent service module on the bastion machine sends the drawing content (such as drawing instruction, mouse and keyboard operation instruction) of the graphic interface of the target equipment started by the graphic interface service module to mstsc.exe of the operation and maintenance client; and after receiving the drawing content of the graphical interface, the mstsc.
Through the steps 1 to 5, the operation and maintenance link between the operation and maintenance client and the target equipment is opened, the operation and maintenance of the operation and maintenance client and the target equipment are audited, the operation and maintenance audit is realized without adopting an application virtualization server of a Windows operating system, the problem of low safety of the operation and maintenance audit in the related technology is solved, and the safety of the operation and maintenance audit is improved.
In some of these embodiments, the protocol proxy service module includes: and the rdpproxy service unit is used for establishing a bidirectional connection channel for maintaining the operation and maintenance client and the graphical interface service module.
In this embodiment, a bidirectional connection channel between the operation and maintenance client and the gui service module is established and maintained by the rdpproxy service unit, so as to implement connection between the operation and maintenance client and the gui service module.
It should be noted that the process of interacting with rdppproxy service unit may include:
(1) the operation and maintenance client is connected with the rdpproxy service unit.
(2) The ISO data layer of the rdpproxy service unit establishes a connection.
(3) The rdpproxy service unit sends initial protocol related information and receives encryption and decryption keys.
(4) And the rdpproxy service unit applies for the virtual channel.
(5) And the rdpproxy service unit sends the operation and maintenance task starting parameters of the operation and maintenance client side in an encryption mode and verifies the encryption protocol.
(6) The rdpproxy service unit is verified by the platform software certificate.
(7) And under the condition of successful verification, establishing connection between the operation and maintenance client and the graphical interface service module to realize the functional data transmission between the operation and maintenance client and the graphical interface service module.
In this embodiment, the protocol proxy service module may also be another module capable of implementing a protocol proxy, and is not limited to the rdpproxy service unit in this embodiment.
In some of these embodiments, the fort machine further comprises: and the verification module is coupled between the protocol agent service module and the graphical interface service module and used for verifying the identification information of the operation and maintenance client and sending the operation and maintenance task starting parameters to the graphical interface service module under the condition of successful verification.
In the embodiment, the authentication module is arranged in the bastion machine and used for authenticating the identification information of the operation and maintenance client, and the operation and maintenance task starting parameters are sent to the graphical interface service under the condition of successful authentication, so that the identity authentication of the operation and maintenance client is increased, and the starting safety of the target equipment is improved.
It should be noted that the identification information may be an identity of the operation and maintenance client, for example, an IP address of the operation and maintenance client. The verification method can be, but is not limited to: and judging whether the IP address is in a preset white list, if so, sending the operation and maintenance task starting parameter to a graphical interface service, and if not, displaying a target device starting failure message.
In some of these embodiments, the graphical interface service module comprises at least one of: VNC protocol graphical interface service module and X protocol graphical interface service module.
In this embodiment, the VNC protocol graphical interface service module and/or the X protocol graphical interface service module are/is arranged in the graphical interface service module, so that the operation and maintenance task starting parameters are graphically processed.
It should be noted that, the VNC protocol graphical interface service module and the X protocol graphical interface service module may include the following functions:
function 1, self-developed Linux graphical display service, or open-source commercially available software.
In the embodiment, a scheme which is open source and can be used commercially is recommended, the method is relatively stable and good in compatibility, and meanwhile, the design cost of the bastion machine is reduced and a mode without copyright risk is improved by adopting commercially available open source software.
And 2, finishing the user authority control work on the basis of the graphical display service, and only projecting an application picture preset by the user to the user operation and maintenance client PC.
And 3, finishing the starting of the operation and maintenance application of the target equipment on the basis of graphical display.
And 4, on the basis of starting the operation and maintenance application of the target equipment, if the user has preset information, the user name and the password can be replaced and filled, so that the password of the server is conveniently managed, and the safety of the operation and maintenance work is ensured.
And 5, on the basis of opening the operation and maintenance application of the target equipment, matching the original protocol proxy service module to complete the identification of keyboard input and the identification of specific operation (such as clicking, copying, typing and the like).
VNC: virtual Network Computing, which is based on rfb (remote Frame buffer) protocol for communication, is a super thin client system based on platform-independent simple display protocol.
The X protocol may be composed of an X server and an X client, wherein the X server manages hardware settings (such as a video card, a hard disk, a mouse, etc.) related to display on the host, and is responsible for drawing and displaying screen pictures and informing the X client of actions of inputting settings (such as a keyboard and a mouse). The X client (i.e., the X application) is primarily responsible for the handling of events (i.e., the logic of the program).
In some embodiments, by combining the rdpproxy service unit, the VNC protocol graphical interface service module, and the X protocol graphical interface service module, due to the existence of the original rdpproxy service unit, the operation and maintenance recording and auditing do not need to do much research and development work, and can be completed by combining the rdpproxy service unit, the VNC protocol graphical interface service module, and the X protocol graphical interface service module.
In this embodiment, by combining the rdpproxy service unit, the VNC protocol graphical interface service module, and the X protocol graphical interface service module, a graphical interface corresponding to the first device to be started is directly generated, and the graphical interface is sent to the operation and maintenance client through the protocol proxy service module, and it is not necessary to perform protocol analysis on operation and maintenance audit data sent by the target device corresponding to the operation and maintenance task start parameter, and meanwhile, the corresponding target device can be started according to the actual needs of the user, so as to achieve the beneficial effects of smooth expansion and configuration of the target device.
It should be noted that, the whole process of the operation and maintenance link connection needs to pay attention to the control of the user authority, so as to avoid the problem that the security of the operation and maintenance audit is reduced due to the attack of an attacker on the target device.
In some embodiments, the operation and maintenance task starting parameters include: the IP address of the target equipment, the port of the target equipment, the target equipment for operation and maintenance, the account number for starting the target equipment and the password for starting the target equipment.
In this embodiment, by setting parameters such as an IP address of the target device, a port of the target device, a target device for operation and maintenance, an account number for starting the target device, and a password for starting the target device in the operation and maintenance task starting parameter, the target device can be started and connected, so that the operation and maintenance client can perform operation and maintenance audit on the target device.
In some of these embodiments, the fort machine further comprises: the device comprises an acquisition module and a storage module, wherein the acquisition module is used for acquiring an operation log generated in the process of starting the target equipment; and the storage module is used for storing the operation log.
In this embodiment, the acquisition module and the storage module are arranged in the bastion machine, the operation log generated in the process of starting the target device is acquired through the acquisition module, and the operation log generated in the process of starting the target device is stored through the storage module, so that the acquisition and storage of the operation log generated in the process of starting the target device are realized, and a subsequent user can conveniently perform related monitoring according to the operation log generated in the process of starting the target device.
In some of these embodiments, the fort machine further comprises: and the display module is used for displaying the operation log.
In this embodiment, the display module is arranged in the bastion machine, and the display module displays the operation log, so that the user can monitor the operation log, and the safety of the operation and maintenance client in performing operation and maintenance audit on the target device is enhanced.
Based on the fortress machine in the embodiment, the operation and maintenance audit link between the operation and maintenance client and the target equipment is opened by arranging the protocol proxy service module and the graphical interface service module, and the operation and maintenance operation is recorded and audited in a relevant mode of passing through the protocol proxy server and the application virtualization server, so that the equipment requirement of the fortress machine is reduced, the workload of the fortress machine during implementation and deployment is reduced, and the cost of the fortress machine is reduced.
The method provided by the embodiment can be executed in a terminal, a computer or a similar operation device. Taking the operation on the terminal as an example, fig. 2 is a hardware structure block diagram of the terminal according to the operation and maintenance auditing method of the embodiment of the present application. As shown in fig. 2, the terminal may include one or more processors 202 (only one is shown in fig. 2) (the processor 202 may include but is not limited to a processing device such as a microprocessor MCU or a programmable logic device FPGA) and a memory 204 for storing data, and optionally may also include a transmission device 206 for communication functions and an input-output device 208. It will be understood by those skilled in the art that the structure shown in fig. 2 is only an illustration and is not intended to limit the structure of the terminal. For example, the terminal may also include more or fewer components than shown in FIG. 2, or have a different configuration than shown in FIG. 2.
The memory 204 may be used to store a computer program, for example, a software program and a module of application software, such as a computer program corresponding to the operation and maintenance auditing method in the embodiment of the present invention, and the processor 202 executes various functional applications and data processing by running the computer program stored in the memory 204, so as to implement the method described above. Memory 204 may include high speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, the memory 204 may further include memory located remotely from the processor 202, which may be connected to the terminal over a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The transmission device 206 is used to receive or transmit data via a network. Specific examples of the network described above may include a wireless network provided by a communication provider of the terminal. In one example, the transmission device 206 includes a Network adapter (NIC) that can be connected to other Network devices through a base station to communicate with the internet. In one example, the transmission device 206 can be a Radio Frequency (RF) module, which is used to communicate with the internet in a wireless manner.
The embodiment provides an operation and maintenance auditing method which can be applied to the bastion machine in fig. 1, fig. 3 is a flow chart of the operation and maintenance auditing method according to the embodiment of the application, and as shown in fig. 3, the flow chart comprises the following steps:
step S301, receiving an operation and maintenance task starting parameter of a target device sent by an operation and maintenance client, wherein the target device comprises a first device to be subjected to operation and maintenance audit.
In this step, the protocol proxy service module in the above embodiment may be used to implement receiving the operation and maintenance task starting parameter of the target device sent by the operation and maintenance client.
Step S302, starting the first equipment according to the operation and maintenance task starting parameters, generating a graphical interface corresponding to the started first equipment, and sending the graphical interface to the operation and maintenance client, wherein the graphical interface is associated with operation and maintenance data for auditing the first equipment.
Through the steps S301 and S302, the connection of the operation and maintenance link between the operation and maintenance client and the target equipment is opened, the operation and maintenance audit of the operation and maintenance client on the target equipment is realized, the operation and maintenance audit is realized without adopting an application virtualization server of a Windows operating system, the problem of low safety of the operation and maintenance audit in the related technology is solved, and the safety of the operation and maintenance audit is improved.
It should be noted that, in this embodiment, the graphical interface may associate the operation and maintenance audit data according to the following ways: after the target device is connected with the graphical interface service module, the target device is started by transmitting operation and maintenance task starting parameters, after the target device is started, the graphical interface service module generates a corresponding graphical interface according to received data associated with the target device, and the graphical interface loads operation data so as to be equivalent to the operation of virtual target device, wherein the data received by the graphical interface service module comprises: system parameters, load parameters, data traffic, log data; meanwhile, the data received by the graphical interface service module also includes operation and maintenance audit data required by the operation and maintenance client, and when the graphical interface service module generates a graphical interface corresponding to the first device, the graphical interface service module associates the corresponding operation and maintenance audit data with the graphical interface, for example: and associating the operation and maintenance data in a form of an associated data table, so that when the operation and maintenance client receives the graphical interface, the operation and maintenance client equivalently establishes connection with the first equipment, acquires the corresponding operation state of the first equipment and reads the operation and maintenance data.
In this embodiment, by starting the first device according to the operation and maintenance task starting parameter, generating a graphical interface corresponding to the started first device, and sending the graphical interface to the operation and maintenance client, protocol analysis does not need to be performed on the operation and maintenance audit data sent by the target device corresponding to the operation and maintenance task starting parameter, and the operation flow of the operation and maintenance audit is simplified.
The embodiments of the present application are described and illustrated below by means of preferred embodiments.
FIG. 4 is a flow chart of an operation and maintenance auditing method according to a preferred embodiment of the present application. Applied to the bastion machine in fig. 1, as shown in fig. 4, the process comprises the following steps:
step 401, the mstsc.exe (windows own application program) of the operation and maintenance client connects the original protocol proxy service module of the bastion machine through the rdp protocol, and sends the operation and maintenance task starting parameter to the protocol proxy service module.
Step 402, after receiving the operation and maintenance task starting parameter, the protocol agent service module connects with the graphical interface service module and sends the operation and maintenance task starting parameter to the graphical interface service module.
And 403, receiving the operation and maintenance task starting parameter by the graphical interface service module of the fortress machine, and operating the target equipment with the parameter.
Step 404, connecting the target equipment after the target equipment receives the operation and maintenance task starting parameter;
step 405, the protocol agent service module on the bastion machine sends the drawing content (such as drawing instructions, mouse and keyboard operation instructions) of the started graphical interface of the target device to the mstsc.exe of the operation and maintenance client; and after receiving the drawing content of the graphical interface, the mstsc.
Through the steps 401 to 405, a link of operation and maintenance audit is opened, operation and maintenance of the operation and maintenance client to the target device and audit are achieved, meanwhile, the operation and maintenance audit is achieved without adopting an application virtualization server of a Windows operating system, the problem of low security of the operation and maintenance audit in the related technology is solved, and the security of the operation and maintenance audit is improved.
The present embodiment also provides an electronic device comprising a memory having a computer program stored therein and a processor configured to execute the computer program to perform the steps of any of the above method embodiments.
Optionally, the electronic apparatus may further include a transmission device and an input/output device, wherein the transmission device is connected to the processor, and the input/output device is connected to the processor.
Optionally, in this embodiment, the processor may be configured to execute the following steps by a computer program:
and S1, receiving the operation and maintenance task starting parameters of the target equipment sent by the operation and maintenance client, wherein the target equipment comprises first equipment to be audited by operation and maintenance.
And S2, starting the first equipment according to the operation and maintenance task starting parameters, generating a graphical interface corresponding to the started first equipment, and sending the graphical interface to the operation and maintenance client, wherein the graphical interface is associated with operation and maintenance data for auditing the first equipment.
It should be noted that, for specific examples in this embodiment, reference may be made to examples described in the foregoing embodiments and optional implementations, and details of this embodiment are not described herein again.
In addition, in combination with the operation and maintenance auditing method in the above embodiments, the embodiments of the present application may provide a storage medium to implement. The storage medium having stored thereon a computer program; the computer program, when executed by a processor, implements any one of the operation and maintenance auditing methods in the above embodiments.
It should be understood by those skilled in the art that various features of the above-described embodiments can be combined in any combination, and for the sake of brevity, all possible combinations of features in the above-described embodiments are not described in detail, but rather, all combinations of features which are not inconsistent with each other should be construed as being within the scope of the present disclosure.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.
Claims (10)
1. A fort machine, characterized in that, fort machine includes: the system comprises a protocol proxy service module and a graphical interface service module, wherein the protocol proxy service module is coupled with the graphical interface service module; wherein,
the protocol agent service module is used for receiving operation and maintenance task starting parameters of target equipment sent by an operation and maintenance client, wherein the target equipment comprises first equipment to be subjected to operation and maintenance audit;
the graphical interface service module is used for starting the first equipment according to the operation and maintenance task starting parameters, generating a graphical interface corresponding to the started first equipment, and sending the graphical interface to the operation and maintenance client through the protocol proxy service module, wherein the graphical interface is associated with operation and maintenance data for auditing the first equipment.
2. The bastion machine of claim 1, wherein the protocol agent service module comprises: and the rdpproxy service unit is used for establishing and maintaining a bidirectional connecting channel between the operation and maintenance client and the graphical interface service module.
3. The fort machine of claim 1, further comprising: and the verification module is coupled between the protocol agent service module and the graphical interface service module and used for verifying the identification information of the operation and maintenance client and sending the operation and maintenance task starting parameters to the graphical interface service module under the condition of successful verification.
4. The bastion machine of claim 1, wherein the graphical interface service module comprises at least one of: VNC protocol graphical interface service module and X protocol graphical interface service module.
5. The fort machine of claim 1, wherein the operation and maintenance task initiation parameters comprise: the IP address of the target equipment, the port of the target equipment, the target equipment for operation and maintenance, the account number for starting the target equipment and the password for starting the target equipment.
6. The fort machine of claim 1, further comprising: the system comprises an acquisition module and a storage module, wherein the acquisition module is used for acquiring an operation log generated in the process of starting the target equipment; the storage module is used for storing the operation log.
7. The fort machine of claim 6, further comprising: and the display module is used for displaying the operation log.
8. An operation and maintenance auditing method based on the fort machine of any one of claims 1 to 7, characterized by comprising the following steps:
receiving an operation and maintenance task starting parameter of target equipment sent by an operation and maintenance client, wherein the target equipment comprises first equipment to be subjected to operation and maintenance audit;
starting the first equipment according to the operation and maintenance task starting parameters, generating a graphical interface corresponding to the started first equipment, and sending the graphical interface to the operation and maintenance client, wherein the graphical interface is associated with operation and maintenance data for auditing the first equipment.
9. An electronic device comprising a memory and a processor, wherein the memory stores a computer program, and the processor is configured to execute the computer program to perform the operation and maintenance auditing method of claim 8.
10. A storage medium having a computer program stored thereon, wherein the computer program is configured to perform the operation and maintenance auditing method of claim 8 when running.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110062972.3A CN112887287A (en) | 2021-01-18 | 2021-01-18 | Fortress machine, operation and maintenance auditing method, electronic device and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110062972.3A CN112887287A (en) | 2021-01-18 | 2021-01-18 | Fortress machine, operation and maintenance auditing method, electronic device and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112887287A true CN112887287A (en) | 2021-06-01 |
Family
ID=76049077
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110062972.3A Pending CN112887287A (en) | 2021-01-18 | 2021-01-18 | Fortress machine, operation and maintenance auditing method, electronic device and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112887287A (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113515493A (en) * | 2021-07-20 | 2021-10-19 | 中国联合网络通信集团有限公司 | Log association method and device |
| CN114338087A (en) * | 2021-12-03 | 2022-04-12 | 成都安恒信息技术有限公司 | Directional operation and maintenance auditing method and system based on firewall |
| CN114584478A (en) * | 2022-02-18 | 2022-06-03 | 北京圣博润高新技术股份有限公司 | Method, device, equipment and storage medium for auditing application operation process |
| CN114756530A (en) * | 2022-06-15 | 2022-07-15 | 北京安华金和科技有限公司 | Client information processing method based on bastion machine |
| CN114860357A (en) * | 2022-03-17 | 2022-08-05 | 成都安恒信息技术有限公司 | Method for full screen operation and maintenance based on operation and maintenance auditing system RDP protocol H5 |
| CN115001936A (en) * | 2022-07-18 | 2022-09-02 | 确信信息股份有限公司 | Operation and maintenance management system and method based on management agent and computer equipment |
| CN115150168A (en) * | 2022-06-30 | 2022-10-04 | 北京天融信网络安全技术有限公司 | Filling replacing method and device and electronic equipment |
| CN116743728A (en) * | 2023-08-11 | 2023-09-12 | 深圳竹云科技股份有限公司 | Application operation and maintenance method, system, equipment and storage medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104219330A (en) * | 2014-09-29 | 2014-12-17 | 北京神州绿盟信息安全科技股份有限公司 | Method and system for auditing screen record based on WEB proxy |
| CN108366090A (en) * | 2018-01-09 | 2018-08-03 | 国网安徽省电力公司阜阳供电公司 | A kind of system that dispatch data net remotely accesses reinforcing and Centralized Monitoring |
-
2021
- 2021-01-18 CN CN202110062972.3A patent/CN112887287A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104219330A (en) * | 2014-09-29 | 2014-12-17 | 北京神州绿盟信息安全科技股份有限公司 | Method and system for auditing screen record based on WEB proxy |
| CN108366090A (en) * | 2018-01-09 | 2018-08-03 | 国网安徽省电力公司阜阳供电公司 | A kind of system that dispatch data net remotely accesses reinforcing and Centralized Monitoring |
Non-Patent Citations (3)
| Title |
|---|
| 吴耀芳等: "基于应用代理的运维堡垒机研究", 《微型电脑应用》 * |
| 宗波: "浅析堡垒机概念及工作原理", 《计算机光盘软件与应用》 * |
| 郑伟文等: "电力监控系统在线式运维审计平台的需求与应用场景设计", 《网络安全技术与应用》 * |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113515493B (en) * | 2021-07-20 | 2023-06-02 | 中国联合网络通信集团有限公司 | Log association method and device |
| CN113515493A (en) * | 2021-07-20 | 2021-10-19 | 中国联合网络通信集团有限公司 | Log association method and device |
| CN114338087A (en) * | 2021-12-03 | 2022-04-12 | 成都安恒信息技术有限公司 | Directional operation and maintenance auditing method and system based on firewall |
| CN114338087B (en) * | 2021-12-03 | 2024-03-15 | 成都安恒信息技术有限公司 | Directional operation and maintenance auditing method and system based on firewall |
| CN114584478A (en) * | 2022-02-18 | 2022-06-03 | 北京圣博润高新技术股份有限公司 | Method, device, equipment and storage medium for auditing application operation process |
| CN114584478B (en) * | 2022-02-18 | 2024-02-27 | 北京圣博润高新技术股份有限公司 | Method, device, equipment and storage medium for auditing application operation process |
| CN114860357A (en) * | 2022-03-17 | 2022-08-05 | 成都安恒信息技术有限公司 | Method for full screen operation and maintenance based on operation and maintenance auditing system RDP protocol H5 |
| CN114860357B (en) * | 2022-03-17 | 2023-08-22 | 成都安恒信息技术有限公司 | Method for achieving full screen operation and maintenance based on RDP protocol H5 of operation and maintenance audit system |
| CN114756530A (en) * | 2022-06-15 | 2022-07-15 | 北京安华金和科技有限公司 | Client information processing method based on bastion machine |
| CN114756530B (en) * | 2022-06-15 | 2022-08-19 | 北京安华金和科技有限公司 | Client information processing method based on bastion machine |
| CN115150168A (en) * | 2022-06-30 | 2022-10-04 | 北京天融信网络安全技术有限公司 | Filling replacing method and device and electronic equipment |
| CN115150168B (en) * | 2022-06-30 | 2023-12-01 | 北京天融信网络安全技术有限公司 | Substitution filling method and electronic equipment |
| CN115001936A (en) * | 2022-07-18 | 2022-09-02 | 确信信息股份有限公司 | Operation and maintenance management system and method based on management agent and computer equipment |
| CN116743728A (en) * | 2023-08-11 | 2023-09-12 | 深圳竹云科技股份有限公司 | Application operation and maintenance method, system, equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112887287A (en) | Fortress machine, operation and maintenance auditing method, electronic device and storage medium | |
| US10382465B2 (en) | Pattern matching based dataset extraction | |
| WO2019120091A1 (en) | Identity authentication method and system, and computing device | |
| US20170180421A1 (en) | Deception using Distributed Threat Detection | |
| Cohen et al. | Distributed forensics and incident response in the enterprise | |
| CN104904178B (en) | The method and apparatus and computer-readable medium of virtual private network tunnel are provided | |
| US20070282951A1 (en) | Cross-domain solution (CDS) collaborate-access-browse (CAB) and assured file transfer (AFT) | |
| US11489933B2 (en) | Systems and methods for gamification of SaaS applications | |
| CN111193698A (en) | Data processing method, device, terminal and storage medium | |
| US20130290694A1 (en) | System and method for secure provisioning of virtualized images in a network environment | |
| EP1780643A1 (en) | Quarantine system | |
| CN110351228A (en) | Remote entry method, device and system | |
| WO2016160595A1 (en) | System and method for threat-driven security policy controls | |
| TW201642618A (en) | System and method for threat-driven security policy controls | |
| WO2014179535A9 (en) | Secured access to resources using a proxy | |
| JPWO2009087702A1 (en) | Virtual machine execution program, user authentication program, and information processing apparatus | |
| US9245118B2 (en) | Methods for identifying key logging activities with a portable device and devices thereof | |
| US7822857B2 (en) | Methods and systems for sharing remote access | |
| CN103179104A (en) | Method, system and equipment thereof for accessing remote service | |
| CN111193724B (en) | Authentication method, device, server and storage medium | |
| CN109841273A (en) | A kind of one-stop integration method and device of medical diagnosis software | |
| Muzammal et al. | ScreenStealer: Addressing screenshot attacks on android devices | |
| CN111181831B (en) | Communication data processing method and device, storage medium and electronic device | |
| KR101173911B1 (en) | Network Separation System with a Switching Type of Selection Between Virtual Machines | |
| CN109214182A (en) | To the processing method for extorting software in virtual machine operation under cloud platform |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210601 |