CN113672923A

CN113672923A - Security detection method and device, electronic equipment and storage medium

Info

Publication number: CN113672923A
Application number: CN202110963623.9A
Authority: CN
Inventors: 宋成伟; 韩文奇
Original assignee: Beijing Antiy Network Technology Co Ltd
Current assignee: Beijing Antiy Network Technology Co Ltd
Priority date: 2021-08-20
Filing date: 2021-08-20
Publication date: 2021-11-19

Abstract

The embodiment of the invention discloses a security detection method, a security detection device, electronic equipment and a storage medium, relates to the technical field of computers, and can improve the adaptability of the security detection method. The method comprises the following steps: acquiring a safety index corresponding to the current operating platform based on a safety index library; inquiring relevant operation parameters of the safety detection items in the current operation platform according to the corresponding safety detection items in the safety indexes; and determining whether the current operating platform has potential safety hazards or not according to whether the operating parameters meet the safety indexes. The invention is suitable for the safety detection process.

Description

Security detection method and device, electronic equipment and storage medium

Technical Field

The present invention relates to the field of computer technologies, and in particular, to a security detection method and apparatus, an electronic device, and a storage medium.

Background

The development of information technology and the popularization of electronic equipment application bring great convenience to the work and life of people. Meanwhile, when the electronic device runs, many abnormal situations inconsistent with the requirements of the user often exist, for example, the electronic device may be logged in by an abnormal account, and some processes may generate abnormal network traffic, and under these circumstances, the user needs to log in the corresponding account for limitation or close the related processes, so as to improve the security of the electronic device.

In order to effectively manage various abnormal behaviors and indexes in the electronic equipment, a safety detection program can be adopted to detect various behaviors and indexes in the electronic equipment. However, in the prior art, detection items in a security detection program are often fixed, and when a detection scene changes or a detection scene is more complex and diversified, safety items to be detected under various scenes are different, so that a professional is required to modify the program for each detection scene, and the modification process is very tedious and time-consuming.

Disclosure of Invention

In view of this, embodiments of the present invention provide a security detection method, an apparatus, an electronic device, and a storage medium, which can improve the adaptability of the security detection method.

In a first aspect, an embodiment of the present invention provides a security detection method, including:

acquiring a safety index corresponding to the current operating platform based on a safety index library;

inquiring relevant operation parameters of the safety detection items in the current operation platform according to the corresponding safety detection items in the safety indexes;

and determining whether the current operating platform has potential safety hazards or not according to whether the operating parameters meet the safety indexes.

Before the obtaining of the safety index corresponding to the current operating platform based on the safety index library, the method further includes:

and loading the pre-configured safety index library, wherein safety indexes corresponding to at least 2 different types of servers are set in the safety index library.

Optionally, the obtaining of the safety index corresponding to the current operating platform includes:

determining the type of a server to which the current operating platform belongs;

and acquiring various safety indexes from a safety index library according to the server type.

Optionally, the determining the type of the server to which the current running platform belongs includes:

acquiring a service and/or an open port operated in the current operation platform;

and determining the type of the server to which the current operating platform belongs according to the operating service and/or the open port.

and determining the type of the server to which the operating platform belongs according to the server type identification in the security index library.

Optionally, the server type includes at least one of: file servers, database servers, mail servers, web servers, and file transfer protocol servers.

Optionally, the method further includes:

responding to the operating parameter not meeting the safety index, and defending the process triggering the operating parameter to generate.

Optionally, the querying, according to the corresponding security detection item in the security index, the relevant operation parameters of the security detection item in the current operation platform includes:

determining system resources related to corresponding safety detection items in the safety indexes;

inquiring occupation parameters of the system resources, wherein the occupation parameters comprise at least one of the following items: occupant, occupancy time, occupancy level.

Optionally, the system resource includes at least one of: the system comprises a magnetic disk read-write device, a memory read-write device, a network access device, a processor operation device, a power interface, a communication interface, an external device interface and a software port.

Optionally, the operating system operated by the current operating platform is a Linux system.

In a second aspect, an embodiment of the present invention further provides a security detection apparatus, including:

the acquisition unit is used for acquiring a safety index corresponding to the current operating platform based on the safety index library;

the query unit is used for querying related operation parameters of the safety detection items in the current operation platform according to the corresponding safety detection items in the safety indexes;

and the determining unit is used for determining whether the current operating platform has potential safety hazards or not according to whether the operating parameters meet the safety indexes.

Optionally, the apparatus further comprises:

and the loading unit is used for loading the pre-configured safety index library before the safety index corresponding to the current operating platform is acquired based on the safety index library, and the safety index library is provided with safety indexes corresponding to at least 2 different types of servers.

Optionally, the obtaining unit includes:

the determining subunit is used for determining the type of the server to which the current operating platform belongs;

and the obtaining subunit is used for obtaining each safety index from a safety index library according to the server type.

Optionally, the determining subunit is specifically configured to:

Optionally, the determining subunit is specifically configured to determine, according to the server type identifier in the security index library, a server type to which the operating platform belongs.

Optionally, the apparatus further comprises:

and the defense unit is used for responding to the condition that the operating parameters do not accord with the safety indexes and defending the process triggering the generation of the operating parameters.

Optionally, the query unit is specifically configured to:

In a third aspect, an embodiment of the present invention further provides an electronic device, including: the circuit board is arranged in a space enclosed by the shell, and the processor and the memory are arranged on the circuit board; a power supply circuit for supplying power to each circuit or device of the electronic apparatus; the memory is used for storing executable program codes; the processor executes a program corresponding to the executable program code by reading the executable program code stored in the memory, so as to execute any one of the security detection methods provided by the embodiments of the present invention.

In a fourth aspect, an embodiment of the present invention further provides a computer-readable storage medium storing one or more programs, where the one or more programs are executable by one or more processors to implement any one of the security detection methods provided by the embodiments of the present invention.

The safety detection method, the safety detection device, the electronic equipment and the storage medium provided by the embodiment of the invention can acquire the safety index corresponding to the current operating platform based on the safety index library; inquiring relevant operation parameters of the safety detection items in the current operation platform according to the corresponding safety detection items in the safety indexes; and determining whether the current operating platform has potential safety hazards or not according to whether the operating parameters meet the safety indexes. Therefore, when different operation platforms are faced, the embodiment of the invention can adopt the safety detection items suitable for the different operation platforms, and compared with the complex process that the detection items need to be modified in the program when different operation platforms are faced in the prior art, the embodiment of the invention does not need to modify the safety detection items, thereby improving the adaptability of the safety detection method.

Drawings

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.

Fig. 1 is a flowchart of a security detection method according to an embodiment of the present invention;

fig. 2 is a schematic structural diagram of a safety detection device according to an embodiment of the present invention;

fig. 3 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.

Detailed Description

Embodiments of the present invention will be described in detail below with reference to the accompanying drawings.

It should be understood that the described embodiments are only some embodiments of the invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

In a first aspect, an embodiment of the present invention provides a security detection method, which can improve the adaptability of the security detection method.

As shown in fig. 1, an embodiment of the present invention provides a security detection method, including:

s11, acquiring a safety index corresponding to the current operating platform based on the safety index library;

specifically, one or more safety indexes may be set in the safety index library, and each safety index specifies what detection result should be given to one or more detection items to be considered as safe. For example, for the network connection related security index, it may be specified that the detecting item includes detecting whether an internet protocol address (IP address) accessing the local computer is in a preset blacklist, and if the detecting result is not in the preset blacklist, it is safe, and the detecting item may further include detecting whether an account logged in the local computer is a legal user, and if the detecting result is a legal user, it is safe. Optionally, in the embodiment of the present invention, various security indexes in the security index library may be organized according to various forms, such as arrays, charts, and the like, and the specific format of the security index library is not limited, for example, a database file, a bin file, or a dat file may be used, so as to facilitate a user to flexibly change contents therein.

In an embodiment of the present invention, each security index in the security index library may be classified according to different system configurations, and different system configurations may correspond to different security indexes. Here, the difference in the security index may refer to a difference in the security detection items, or may refer to a difference in the corresponding security detection results under the same security detection item. For example, for a system configured as config1, the security metrics may include: and detecting the boot-up time, and determining safety if the boot-up time is 8 am later, and determining safety if the boot-up time is 8 am earlier. For a system configured as config2, the security metrics include: and detecting the shutdown time, determining safety if the shutdown time is 23 o 'clock at night, and determining safety if the shutdown time is 23 o' clock at night. For a system configured as config3, the security metrics may include: the boot time is detected, and if the boot time is 9 am later, it is determined to be safe, and if the boot time is 9 am earlier, it is determined to be unsafe.

Based on the above classification of the security index library, the current operating platform can find and acquire the security index corresponding to the own system configuration in the security index library.

S12, inquiring relevant operation parameters of the safety detection items in the current operation platform according to the corresponding safety detection items in the safety indexes;

after the safety index corresponding to the current operating platform is obtained, in this step, the relevant operating parameters of the safety detection items in the current operating platform can be queried according to the safety detection items specified in the safety index. Specifically, the security index may include a plurality of security detection items, for example, "whether an IP address currently accessing the local computer is abnormal", "whether an account currently registered is abnormal", "whether an open port currently registered is abnormal", "whether a disk input/output currently registered is abnormal", "whether a network traffic currently registered is abnormal", "whether a hidden process exists and whether an address resolution protocol table is abnormal", and the like.

Optionally, in an embodiment of the present invention, the security detection items may be divided into two types, namely a general security detection item and a special security detection item, where the general security detection item refers to a detection item applicable to all operating platforms, for example, a requirement on the number of physical power supply insertions; whether the port is open is very much seen; whether to start a ping forbidding function; whether the user and the user group to which the service belongs exist or not can be detected aiming at all the operation platforms. For the special security detection items, for example, some detection items are security detection items formulated based on the self characteristics of the operating platform, for example, for the file server, relevant detection is only required for the nfs-server service, or smb service, or the glusterd service, and for other types of servers, relevant detection is not required for the above types of services. For another example, sendmail service and postfix service are services related to a mail server, so that security detection related to sendmail service and postfix service is only required for the mail server, and such detection may not be performed for other types of servers.

Whether the general safety detection items and the special safety detection items are used, the related operation parameters of the safety detection items can be inquired, and the subsequent processing is carried out according to the inquiry result, for example, whether the current IP address for accessing the local machine meets the preset rule or not, the IP address in the related process can be inquired, and the subsequent processing is carried out based on the IP address.

And S13, determining whether the current operation platform has potential safety hazard according to whether the operation parameters meet the safety indexes.

The operation parameters are read from the current operation platform and can reflect the real operation condition of the system, so that whether the operation parameters meet the corresponding safety indexes or not can be relatively determined, and whether the current operation platform has potential safety hazards or not can be relatively determined. For example, if the operating parameters do not meet the corresponding safety indexes, it may be determined that the current operating platform has a potential safety hazard, and if the operating parameters meet the corresponding safety indexes, it may be determined that the current operating platform does not have a potential safety hazard.

For example, when it is detected that the IP address currently accessing the local computer is located in the preset blacklist, it may be determined that the operating parameter does not conform to the corresponding security index, and the current operating platform may be attacked by the IP address, thereby determining that the current operating platform has a potential safety hazard.

According to the safety detection method provided by the embodiment of the invention, the safety index corresponding to the current operating platform can be obtained based on the safety index library; inquiring relevant operation parameters of the safety detection items in the current operation platform according to the corresponding safety detection items in the safety indexes; and determining whether the current operating platform has potential safety hazards or not according to whether the operating parameters meet the safety indexes. Therefore, when different running platforms are faced, the embodiment of the invention can adopt the safety detection items suitable for the different running platforms, and compared with the complex process that the detection items need to be modified in the program when different running platforms are faced in the prior art, the embodiment of the invention does not need to modify the safety detection items, thereby effectively improving the adaptability of the safety detection method to different platforms.

The security detection method provided by the embodiment of the invention can be suitable for security detection of various operating systems, such as Windows, Linux, Android and the like. Optionally, in an embodiment of the present invention, the operating system run by the current running platform is a Linux system.

The Linux system is a Unix-like operating system which is free to use and spread freely, and is a multi-user, multi-task, multi-thread and multi-CPU supporting operating system based on POSIX and UNIX. Linux can run the main UNIX tool software, applications and network protocols. It supports 32-bit and 64-bit hardware. Linux inherits the design idea of Unix with network as core, and is a multi-user network operating system with stable performance. At present, domestic Linux is more applied to servers.

A server refers to a piece of computer software that manages resources and provides services to users, and a computer or a computer system running the software is also called a server. The server is similar to a general office machine in structure, but the server is required to be higher in stability, security, performance and the like because hardware such as a CPU, a chipset, a memory, a hard disk and a network is different from the general office machine.

In view of the important role of the server in the computer field, it is important to perform security detection in the Linux system on the server platform.

In performing security detection, in order to facilitate obtaining a security index corresponding to a current operating platform, optionally, in an embodiment of the present invention, before step S11, the security detection method provided in the embodiment of the present invention may further include: and loading the pre-configured safety index library, wherein safety indexes corresponding to at least 2 different types of servers are set in the safety index library.

Specifically, in an embodiment of the present invention, the security index library may include multiple security indexes for different types of servers, so that when performing security detection on different server operation platforms, a corresponding security index can be found in the security index library, and the server is correspondingly detected according to the security index. The adaptability of the security detection to different server operation platforms is greatly improved, so that the security detection can acquire the security index corresponding to the type of server operation platform from the security index library when facing different server operation platforms, and the change of the server type of the operation platform does not need to be modified in a program.

Because the security index library may include security indexes corresponding to a plurality of different types of servers, optionally, in an embodiment of the present invention, the step S11 of acquiring the security index corresponding to the current operating platform may specifically include: determining the type of a server to which the current operating platform belongs; and acquiring various safety indexes from a safety index library according to the server type.

For example, in one embodiment of the invention, the server types may include one or more of the following: file servers, database servers, mail servers, web servers, and file transfer protocol servers.

The types of the servers are different, the provided services are different, and the corresponding safety indexes are correspondingly different. For example, when it is detected that the type of the server to which the current operating platform belongs is a file server, security indicators corresponding to the file server, such as security indicators related to the nfs-server service, or smb service, or the glusterd service, may be obtained, and security indicators such as a service operating state, a service starting state, whether the server is started for backup, and the like may also be obtained. When the current operation platform type is detected to be the mail server, the corresponding safety index of the mail server, such as the safety index related to sendmail service and postfix service, can be obtained. Similarly, for a database server, focusing on the database service, the security indicators that can be obtained include: weak password verification and null password verification; whether the database is started for timed backup, the maximum connection number of the database, and the like. For a mail server, the mail service is focused on, and the security indexes that can be obtained include: whether to configure the domain name and the domain name format, whether to open anti-spam configuration, and whether to configure the user strong password requirement. For the web server, the security indicators that can be obtained include: the established http (hypertext Transfer Protocol) accesses the IP range setting of the link, whether to close the signature function, hide version information, prevent from being scanned by other hacker tools, whether to close the instruction, disable the directory list, whether to open the restriction request size, and the size setting of the request. For the file transfer protocol server, the file transfer protocol service is focused on, and the security indexes which can be obtained include: whether to open a prohibited anonymous access; whether the remotely accessed directory meets the specification requirements; verifying the readable and writable rights of the directory; checking the length complexity of the account and the password; a single large file size limitation; whether the timeout duration and the duration size are set.

The server is subjected to targeted detection by adopting different safety indexes of the safety index library aiming at different server types, so that the safety detection method provided by the embodiment of the invention can be used for carrying out safety detection on various types of server platforms when the safety index library is adopted, and the adaptability of the safety detection to different operation platforms is effectively improved.

Optionally, in the embodiment of the present invention, the type of the server to which the current running platform belongs may be determined in multiple ways. For example, in an embodiment of the present invention, the determining a type of a server to which the current running platform belongs may include: acquiring a service and/or an open port operated in the current operation platform; and determining the type of the server to which the current running platform belongs according to the running service and/or the open port.

In particular, there may be a significant difference between the different types of servers on which the services and/or open ports operate. Firstly, for the services run by different types of servers, for example, nfs-server service, smb service, or glusterd service only runs on the file server platform, so if the running nfs-server service, smb service, or glusterd service is found in the running platform, it can be determined that the server type is a file server; similarly, if the running mysql service, or postgresql service, or mongod service is found in the running platform, it may be determined that the server type to which the running platform belongs is a database server; if the sendmail service or postfix service in operation is found in the operation platform, determining that the type of the server to which the operation platform belongs is a mail server; if the running httpd service, or tomcat service, or nginx service is found in the running platform, determining that the type of the server is a webpage server; if the running vsftpd service, or the ftpd service, or the profitpd service is found in the running platform, it may be determined that the type of the server to which the current running platform belongs is the file transfer protocol server.

While for the ports opened by different types of servers, the server type may be determined by the number of opened ports, e.g., if an opened port is found to be 25 or 465, the server type may be determined to be a mail server.

In addition to determining the server type according to the running service and/or the open port, optionally, in an embodiment of the present invention, the server type to which the running platform belongs may also be determined according to the server type identifier in the security index library. For example, the specific type of the server to which the current operating platform belongs may be indicated in the security index library in advance, and the type of the server may be directly read through the security index library without judgment, thereby further improving the efficiency of security detection.

After obtaining the security index according to the type of the server to which the current operating platform belongs, in step S12, according to the corresponding security detection item in the security index, the relevant operating parameter of the security detection item may be queried in the current operating platform. Optionally, in an embodiment of the present invention, in a specific implementation, querying, according to a corresponding security detection item in the security index, a relevant operation parameter of the security detection item in the current operation platform may include: determining system resources related to corresponding safety detection items in the safety indexes; inquiring occupation parameters of the system resources, wherein the occupation parameters comprise at least one of the following items: occupant, occupancy time, occupancy level.

In particular, in the field of computer technology, a system resource may refer to any physical or virtual component in a computer system that limits its computing power. Any device connected to a computer system is a resource, such as a keyboard, a screen, etc. Any component within a computer system is a resource, such as a CPU, a RAM (Random Access Memory). Software virtualization components in computer systems, including files, network connections, and memory blocks, are a resource. Allocating system resources refers to allocating computer software resources and hardware resources, so that the system resources are fully utilized and the system is not deadlocked.

In one embodiment of the invention, the system resources include one or more of: the system comprises a magnetic disk read-write device, a memory read-write device, a network access device, a processor operation device, a power interface, a communication interface, an external device interface and a software port. By detecting relevant parameters of important system resources such as disk reading and writing, memory reading and writing, network access, processor operation, a power interface, a communication interface, an external device interface, a software port and the like, whether the occupation condition of each system resource of the operation platform is abnormal or not can be determined, so that the safety detection can be carried out on the safety platform from multiple dimensions, the occupation condition of each system resource is comprehensively measured, and the relevant potential safety hazard of the system resource can be timely and comprehensively discovered.

The occupation parameter of the system resource is a parameter describing the use condition of the system resource. An occupant of a system resource may refer to a user of the system resource, such as an application, a login ID, a login IP address, and so on. The occupation time of a system resource may refer to a duration in which a certain system resource is continuously occupied or non-continuously occupied. Occupancy may refer to the usage level of a system resource when occupied, such as CPU usage, network packet reception/transmission rate, etc. When any one of the occupancy parameters is found not to accord with the corresponding safety index, the potential safety hazard of the current operation platform can be determined.

In order to further ensure the security of the current operating platform, in an embodiment of the present invention, the security detection method in the embodiment of the present invention may further include: responding to the operating parameter not meeting the safety index, and defending the process triggering the operating parameter to generate.

Specifically, when the operating parameter does not meet the safety index, it indicates that there is a safety hazard in the current operating platform, and therefore, the process triggering the generation of the operating parameter may be defended, for example, the process triggering the generation of the operating parameter may be closed. For example, if it is detected that the IP address of the accessing local machine is located in the preset blacklist, the accessing process may be forcibly closed, so as to avoid the network attack from the IP address that the local machine may receive.

As in the previous embodiments, the operating parameter related to the security index may include a plurality of types, for example, a plurality of types of occupation parameters of the system resource, in which case, in response to any of the occupation parameters not meeting the security index, the process triggering the generation of the occupation parameter may be defended.

Specifically, the occupation of the CPU exceeds a preset threshold value, the operation platform may be blocked or even halted, and a virus program can be found through abnormal CPU occupation, for example, the mining Trojan horse virus occupies a large amount of CPU resources in the operation process, so the embodiment of the invention can detect according to the occupation, occupation time and occupation degree of system resources, can find potential safety hazards, and close the potential safety hazards to achieve the defense purpose.

The safety detection method provided by the embodiment of the invention can inquire the related operation parameters in the operation platform according to the safety detection items corresponding to the current operation platform, so that when different operation platforms are faced, the safety detection items suitable for the different operation platforms can be adopted by adopting the embodiment of the invention. In addition, the safety detection method provided by the embodiment of the invention also provides a typical application scenario of safety detection of the Linux system, and can detect potential safety hazards of the Linux system in time. Further, the security detection method provided in the embodiment of the present invention may further load the security index library configured in advance before the security index is obtained, and the security index library is provided with the security indexes corresponding to at least 2 different types of servers, so that when different server types are faced, the security index corresponding to the type of server in the security index library can be obtained without modification. Moreover, the server type of the current operation platform is determined firstly, and then the corresponding safety index is obtained according to the server type, so that safety detection can be performed on various types of server platforms, and the adaptability of the safety detection to different operation platforms is effectively improved. Further, the security detection method provided by the embodiment of the present invention further provides a specific method for determining the type of the server by detecting the service and/or the open port running in the server. The security detection method provided by the embodiment of the invention can also judge the type of the server by reading the server type identification in the security index library, and can further improve the efficiency of security detection. The safety detection method provided by the embodiment of the invention can also detect the occupation condition of each process in the operation platform on the system resource according to at least one item of the occupation person, the occupation time and the occupation degree of the system resource related to the safety detection project, thereby being capable of identifying the potential safety hazard which can cause the shortage of the system resource in the operation platform. The system resources in the security detection method provided by the embodiment of the invention comprise important system resources such as disk read-write, memory read-write, network access, processor operation, power interface, communication interface, external equipment interface, software port and the like, so that the occupation condition of each system resource is comprehensively measured, and the potential safety hazard related to the system resource is conveniently and comprehensively discovered in time.

In a second aspect, an embodiment of the present invention provides a security detection apparatus, which can improve the adaptability of a security detection method.

As shown in fig. 2, the security detection apparatus 2 according to the embodiment of the present invention includes:

the acquiring unit 21 is configured to acquire a safety index corresponding to the current operating platform based on a safety index library;

the query unit 22 is configured to query, according to a corresponding safety detection item in the safety index, a relevant operation parameter of the safety detection item in the current operation platform;

and the determining unit 23 is configured to determine whether the current operating platform has a potential safety hazard according to whether the operating parameter meets the safety index.

The safety detection device provided by the embodiment of the invention can acquire the safety index corresponding to the current operating platform based on the safety index library; inquiring relevant operation parameters of the safety detection items in the current operation platform according to the corresponding safety detection items in the safety indexes; and determining whether the current operating platform has potential safety hazards or not according to whether the operating parameters meet the safety indexes. Therefore, when different operation platforms are faced, the embodiment of the invention can adopt the safety detection items suitable for the different operation platforms, and compared with the complex process that the detection items need to be modified in the program when different operation platforms are faced in the prior art, the embodiment of the invention does not need to modify the safety detection items, thereby improving the adaptability of the safety detection method.

Optionally, the safety detection device 2 further includes: and the loading unit is used for loading the pre-configured safety index library, and the safety index library is internally provided with safety indexes corresponding to at least 2 different types of servers.

Optionally, the obtaining unit 21 includes:

Optionally, the determining subunit is specifically configured to:

Optionally, the determining subunit is specifically configured to determine the server type according to the server type identifier in the security index library.

Optionally, the safety detection device 2 further includes:

Optionally, the query unit 22 is specifically configured to determine a system resource related to a corresponding security detection item in the security index; inquiring occupation parameters of the system resources, wherein the occupation parameters comprise at least one of the following items: occupant, occupancy time, occupancy level.

Optionally, the defense unit is specifically configured to defend a process that triggers generation of the operation parameter, for an operation parameter of which any one of the occupancy parameters in the determination result does not meet the safety index.

In a third aspect, embodiments of the present invention provide an electronic device, which can improve adaptability of a security detection method.

As shown in fig. 3, an electronic device provided by an embodiment of the present invention may include: the device comprises a shell 41, a processor 42, a memory 43, a circuit board 44 and a power circuit 45, wherein the circuit board 44 is arranged inside a space enclosed by the shell 41, and the processor 42 and the memory 43 are arranged on the circuit board 44; a power supply circuit 45 for supplying power to each circuit or device of the electronic apparatus; the memory 43 is used for storing executable program code; the processor 42 executes a program corresponding to the executable program code by reading the executable program code stored in the memory 43, so as to execute the security detection method according to any one of the foregoing embodiments.

For specific execution processes of the above steps by the processor 42 and further steps executed by the processor 42 by running the executable program code, reference may be made to the description of the foregoing embodiments, which are not described herein again.

The electronic device exists in a variety of forms, including but not limited to:

(1) a mobile communication device: such devices are characterized by mobile communications capabilities and are primarily targeted at providing voice, data communications. Such terminals include: smart phones (e.g., iphones), multimedia phones, functional phones, and low-end phones, among others.

(2) Ultra mobile personal computer device: the equipment belongs to the category of personal computers, has calculation and processing functions and generally has the characteristic of mobile internet access. Such terminals include: PDA, MID, and UMPC devices, etc., such as ipads.

(3) A portable entertainment device: such devices can display and play multimedia content. This type of device comprises: audio, video players (e.g., ipods), handheld game consoles, electronic books, and smart toys and portable car navigation devices.

(4) A server: the device for providing the computing service comprises a processor, a hard disk, a memory, a system bus and the like, and the server is similar to a general computer architecture, but has higher requirements on processing capacity, stability, reliability, safety, expandability, manageability and the like because of the need of providing high-reliability service.

(5) And other electronic equipment with data interaction function.

In a fourth aspect, an embodiment of the present invention further provides a computer-readable storage medium, where one or more programs are stored, and the one or more programs can be executed by one or more processors to implement any one of the security detection methods provided in the foregoing embodiments, so that corresponding technical effects can also be achieved, which have been described in detail above and are not described herein again.

It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.

All the embodiments in the present specification are described in a related manner, and the same and similar parts among the embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments.

In particular, as for the apparatus embodiment, since it is substantially similar to the method embodiment, the description is relatively simple, and for the relevant points, reference may be made to the partial description of the method embodiment.

For convenience of description, the above devices are described separately in terms of functional division into various units/modules. Of course, the functionality of the units/modules may be implemented in one or more software and/or hardware implementations of the invention.

It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), or the like.

The above description is only for the specific embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are included in the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims

1. A security detection method, comprising:

2. The method according to claim 1, before the obtaining the security index corresponding to the current operating platform based on the security index library, further comprising:

3. The method according to claim 1, wherein the obtaining of the safety index corresponding to the current operating platform includes:

4. The method of claim 3, wherein the determining the type of server to which the current operating platform belongs comprises:

5. The method of claim 3, wherein the determining the type of server to which the current operating platform belongs comprises:

and determining the type of the server to which the current operating platform belongs according to the server type identification in the security index library.

6. The method according to any of claims 3 to 5, wherein the server type comprises at least one of: file servers, database servers, mail servers, web servers, and file transfer protocol servers.

7. The method of claim 1, further comprising:

8. The method according to claim 1, wherein the querying, in the current operating platform, relevant operating parameters of the safety inspection items according to corresponding safety inspection items in the safety indexes comprises:

9. The method of claim 8, wherein the system resources comprise at least one of: the system comprises a magnetic disk read-write device, a memory read-write device, a network access device, a processor operation device, a power interface, a communication interface, an external device interface and a software port.

10. The method according to claim 1, wherein the operating system run by the current running platform is a Linux system.

11. A security detection device, comprising:

12. The apparatus of claim 11, further comprising:

13. The apparatus of claim 11, wherein the obtaining unit comprises:

14. The apparatus according to claim 13, wherein the determining subunit is specifically configured to:

15. The apparatus according to claim 13, wherein the determining subunit is specifically configured to determine, according to a server type identifier in a security index library, a server type to which the operating platform belongs.

16. The apparatus according to any one of claims 13 to 15, wherein the server type comprises at least one of: file servers, database servers, mail servers, web servers, and file transfer protocol servers.

17. The apparatus of claim 11, further comprising:

18. The apparatus according to claim 11, wherein the query unit is specifically configured to:

19. The apparatus of claim 18, wherein the system resources comprise at least one of: the system comprises a magnetic disk read-write device, a memory read-write device, a network access device, a processor operation device, a power interface, a communication interface, an external device interface and a software port.

20. The apparatus according to claim 11, wherein the operating system currently running on the running platform is a Linux system.

21. An electronic device, characterized in that the electronic device comprises: the circuit board is arranged in a space enclosed by the shell, and the processor and the memory are arranged on the circuit board; a power supply circuit for supplying power to each circuit or device of the electronic apparatus; the memory is used for storing executable program codes; the processor executes a program corresponding to the executable program code by reading the executable program code stored in the memory, for executing the security detection method of any one of claims 1 to 10.

22. A computer-readable storage medium storing one or more programs, the one or more programs being executable by one or more processors to implement the security detection method of any one of claims 1 to 10.