CN114024865B - Network auditing method, device and system based on Linux process function - Google Patents
Network auditing method, device and system based on Linux process function Download PDFInfo
- Publication number
- CN114024865B CN114024865B CN202111279841.7A CN202111279841A CN114024865B CN 114024865 B CN114024865 B CN 114024865B CN 202111279841 A CN202111279841 A CN 202111279841A CN 114024865 B CN114024865 B CN 114024865B
- Authority
- CN
- China
- Prior art keywords
- function
- network
- network communication
- proxy
- communication data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/445—Program loading or initiating
- G06F9/44521—Dynamic linking or loading; Link editing at or after load time, e.g. Java class loading
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/54—Interprogram communication
- G06F9/544—Buffers; Shared memory; Pipes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Environmental & Geological Engineering (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a network auditing method, a device, a terminal and a storage medium thereof based on Linux process function, wherein the network auditing method comprises the steps of running an agent process; rewriting a corresponding process function in the dynamic library, so that the process function can read and write network communication information of an operating process; setting an environment variable LD_PRELOAD, and deriving a sub-process through the proxy process; mapping the subprocesses into audit processes by calling functions; invoking the process function to obtain network communication data of the subprocess; and sending the network communication data to the proxy process. The network auditing method based on the Linux process function disclosed by the invention can count the network behavior in real time, thereby realizing the accurate monitoring and auditing of the computing resources of the terminal equipment such as the converged light cat and the like.
Description
Technical Field
The invention relates to the technical field of network data processing, in particular to a network auditing method, device and system based on a Linux process function and a storage medium thereof.
Background
With the continuous development of the internet, the computing scale and computing cost of various applications are continuously increasing, such as machine learning, 3D rendering, scientific computing and the like are sensitive to data and computing performance, and resources such as VR, AR, 4K, 8K and the like are increasingly required to be increased in bandwidth and storage. This presents challenges to the hardware and software practical solution of security auditing, and therefore, how to implement accurate real-time network auditing for enterprise applications without sacrificing performance or paying less performance cost becomes a technical focus.
In the related art, network auditing technology generally adopts a network card counter, a network firewall (iptable) rule or a process write access log to realize monitoring and auditing of network communication.
The first network bandwidth auditing method is a method for reading a network card counter, which is common in various open source monitoring software, but the obtained bandwidth data is of a device level and can only reflect the network throughput condition of the whole device.
The second network bandwidth auditing method is to use iptables, and respectively count byte numbers matched by different rules, such as source IP, source port, target IP, target port and the like, by defining the different rules. But this method cannot set rules according to the process ID, although it can be assumed that a certain service corresponds to a certain IP and a certain port. However, most services of real applications are multi-process models, and specific processes cannot be distinguished by adopting an iptable method. And most of the processes run on the client, ports are randomly distributed, and the iptable rule cannot be predefined at all.
Both the above methods cannot effectively realize process-level bandwidth audit, and the statistical data of the process-level bandwidth audit do not take the process as a dimension.
The third network bandwidth auditing method is a method of adopting a process to write access logs, and firstly, the process is required to realize the function of the process to write access logs. In addition, if the process is an unreliable process and the charging is based on the network overhead of the process, the process is used for writing the access log to access the process, so that the network audit cannot be accurately and effectively realized.
In the related art, the network communication auditing method cannot realize accurate process-level audit on the network process. Therefore, in the process of computing network resources by intelligent terminals such as converged light cats, a technical scheme capable of accurately monitoring and auditing network communication of the intelligent terminals is needed.
Disclosure of Invention
In order to solve the problem that the network communication audit technology in the related art cannot accurately monitor and audit, the invention provides a network audit method, device and system based on a Linux process function and a storage medium thereof, which can realize process-level audit on an intelligent optical cat under the condition of not invading an audited process.
In order to solve the technical problems, the technical scheme provided by the invention is as follows:
in one aspect, the invention provides a network auditing method based on a Linux process function, which is characterized by comprising the following steps:
running a proxy process;
rewriting a corresponding process function in the dynamic library, so that the process function can read and write network communication information of an operating process;
setting an environment variable LD_PRELOAD, and deriving a sub-process through the proxy process;
mapping the subprocesses into audit processes by calling functions;
invoking the process function to obtain network communication data of the subprocess; and
and sending the network communication data to the proxy process.
In some embodiments, the network auditing method further includes:
after the network communication data is sent to the proxy process, merging the network communication data through the proxy process based on a preset audit policy.
In some embodiments, the network auditing method further includes:
and after merging the network communication data through the proxy process based on a preset audit strategy, sending the merged network communication data to a service background.
In some embodiments, the network auditing method further includes:
and merging the network communication data through the audit process based on a preset audit strategy before sending the network communication data to the proxy process.
In some embodiments, the network auditing method further includes:
and after the network communication data are combined through the proxy process, the combined network communication data are sent to a service background.
In some embodiments, the network auditing method further includes:
before the process function is called, judging whether an executed proxy process exists or not; if yes, exiting the current proxy process; otherwise, the current proxy process is continued.
In some embodiments, the process functions are all read-write related system functions; the step of rewriting the corresponding process function in the dynamic library comprises the following steps:
and judging the handle as a socket, and then rewriting the process function according to the reading and writing sequence of the timestamp, the source IP, the source port, the target IP, the target port and the protocol.
In some embodiments, the process function is configured to have the same function name, incoming parameters, and outgoing parameters as the covered function; wherein the covered function is a system primitive function covered by the process function when the sub-process is executed.
On the one hand, the invention also provides a network audit device based on the Linux process function, which is characterized by comprising the following steps:
the starting module is used for running the proxy process;
the function rewriting module is used for rewriting the corresponding process function in the dynamic library, so that the process function can read and write the network communication information of the running process;
the environment variable setting module is used for setting an environment variable LD_PRELOAD and deriving a sub-process through the proxy process;
the mapping module is used for mapping the subprocesses into audit processes through calling functions;
the reading module is used for calling the process function to acquire network communication data of the subprocess; and
and the sending module is used for sending the network communication data to the proxy process.
On the one hand, the invention also provides a network audit system based on Linux process function, which is characterized by running on a light cat equipment terminal and comprising the following steps:
a memory for storing a computer program;
and the processor is used for realizing the steps of the network auditing method based on the Linux process function when executing the computer program.
In one aspect, the present invention further provides a computer readable storage medium, where a computer program is stored on the computer readable storage medium, where the computer program when executed by a processor implements the steps of the network auditing method based on Linux process functions as described above.
The technical scheme provided by the embodiment of the invention can comprise the following beneficial effects:
in the network auditing method based on the Linux process function, the process level hook mechanism of Linux is used for rewriting the read-write function required by network communication, counting the network behavior of the process, carrying out strategy combination by the proxy process, and counting the network communication data by taking the process as the dimension, thereby realizing the accurate monitoring and auditing of the computing resources of the optical cat terminal equipment converged by the fog computing capability open platform and providing decision basis for further distributed capability dispatching.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the disclosure and together with the description, serve to explain the principles of the disclosure.
Fig. 1 is a flow chart of a network auditing method based on Linux process functions in an embodiment of the invention.
Fig. 2 is a schematic diagram of a system architecture of a network auditing method based on Linux process functions according to an embodiment of the present invention.
FIG. 3 is a flow chart illustrating a load of a execute pre load process in an embodiment of the invention.
FIG. 4 is a flow chart of a process for creating a sub-process for executing a target process in an embodiment of the invention.
Fig. 5 is a flow diagram of a flow monitoring implementation in an embodiment of the invention.
FIG. 6 is a schematic diagram showing amateur background during execution of a network auditing method based on Linux process function in the implementation of the present invention.
Fig. 7 is a schematic diagram of a network audit device based on a Linux process function in an embodiment of the invention.
Fig. 8 is a schematic diagram of a network audit system based on Linux process functions in an embodiment of the invention.
Detailed Description
In order that the above objects, features and advantages of the invention will be readily understood, a more particular description of the invention will be rendered by reference to the appended drawings. In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention. The present invention may be embodied in many other forms than described herein and similarly modified by those skilled in the art without departing from the spirit of the invention, whereby the invention is not limited to the specific embodiments disclosed below.
It should be noted that the terms "first," "second," and the like in the description and the claims of the present invention and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate in order to describe the embodiments of the invention herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Fig. 1 is a flow chart of a network auditing method based on Linux process functions in an embodiment of the invention. As shown in fig. 1, an embodiment of the present invention provides a network auditing method based on a Linux process function, which is used for performing network auditing on an application program, and specifically includes the following steps:
s101) running a proxy process; specifically, the proxy process is used as a main process of the auditing process and is used for controlling the whole process of the network auditing method, and comprises the following steps of rewriting a process function, embedding the process function into a subprocess to be audited, setting an environment variable LD_PRELOAD and pulling the auditing process.
S102) rewriting a corresponding process function in the dynamic library, so that the process function can read and write network communication information of an operation process; in particular, for processes, network communications may be abstracted into reading and writing to sockets. Based on the principle, the network communication behavior can be recorded by only re-writing the function related to reading and writing in the system function, and overlaying the original function with the rewritten new version reading and writing function, and calling the overlaid function internally. All the programs are transparent, and normal operation of the programs is not affected, so that the functions of management and audit in the new version function are realized. This technique of overlaying the original function is known as hook (hook) technique.
In a preferred embodiment, the process functions are all read-write related system functions; the step of rewriting the corresponding process function in the dynamic library comprises the following steps: and judging the handle as a socket, and then rewriting the process function according to the reading and writing sequence of the timestamp, the source IP, the source port, the target IP and the protocol. Therefore, the rewritten process function can record each network communication behavior without distortion, and send the recorded network communication information to the proxy process, thereby realizing process-level network bandwidth audit.
In order to ensure normal operation of the program, some technical requirements are required for a dynamic library for realizing hooks, and besides ensuring that the function name, the input parameters, the output parameters and the behavior of the rewritten function of the dynamic library are consistent with those of the rewritten function, the function execution of the dynamic library is realized efficiently enough, the running speed of the program cannot be dragged, and the situation that active abnormal throwing cannot occur is also required.
S103) setting an environment variable LD_PRELOAD, and deriving a sub-process through the proxy process; in particular, the purpose of the environment variable LD_PRELOAD is to allow programs to load a specified dynamic library preferentially. This enables the same function or variable to be selected in different dynamic libraries. Thus, using LD_PRELOAD can replace the original code function in the dynamic library with a custom code function. For Linux, a common hook technology sets a process environment variable ld_preload, so that a proxy process can derive a sub-process with a specific function in an overwrite function, and therefore, the process and the sub-process derived from the process can be executed according to the actual requirement of a user, and the process is more controllable.
S104) mapping the subprocesses into audit processes by calling functions; specifically, the proxy process calls the switching subprocess through the exec function family system and images as the audit process. The exec function family is used for finding an executable file according to a specified file name and replacing the content of the system call by the executable file, namely executing an executable file in the calling process. In this embodiment, the proxy process calls the rewritten dynamic library function through the exec family of functions and images it as an audit process.
S105) calling the process function to acquire network communication data of the subprocess; specifically, by executing the audit process, the rewritten process function can read network communication data in the running process of the subprocess, wherein the network communication data comprises information such as a time stamp, a source IP, a source PORT, a target IP, a protocol and the like, and the network behavior of the subprocess is accurately recorded in real time. In this embodiment, the network communication data acquired by the rewritten process function is traffic data, so that traffic information data of each sub-process can be monitored and audited.
S106) transmitting the network communication data to the proxy process. Specifically, communication between the proxy process and the audit process is realized through the shared memory, and network communication data acquired in real time is sent to the proxy process, so that the proxy process can conveniently carry out the next processing.
In some embodiments, if the user-preset audit policy is relatively simple and fixed and does not require a large memory, the audit policy may be implemented in a dynamic library, i.e., the network communication data is consolidated by the audit process based on the preset audit policy before being sent to the proxy process. The method can process the network communication data according to the preset audit strategy in the execution process of the audit process, so that the proxy process is not required to process.
In other embodiments, if the user-preset audit policy is complex and requires dynamic changes, the policy may be implemented in a proxy process, i.e., after the network communication data is sent to the proxy process, the network communication data is merged by the proxy process based on the preset audit policy. The method can process the network communication data according to the preset audit policy in the proxy process because the user audit policy is complex and needs to be dynamically changed, thereby avoiding occupying excessive shared memory to slow the execution efficiency of the audit process and changing the audit policy in real time in the execution process.
Further, when the network communication data is received by the proxy process and has been processed according to a preset audit policy, the network communication data is forwarded to a service background, thereby providing a data basis for further decisions.
In some embodiments, before step S105) invokes the process function, determining whether there is an agent process that has been executed; if yes, exiting the current proxy process; otherwise, the current proxy process is continued. Because of the existence of multiple scripts in the system, it may happen that the original proxy process has started a new proxy process in the execution process, thus causing the process to repeatedly execute and cause confusion. Therefore, the step of judging whether the executed proxy process exists is added in the auditing method step of the embodiment, so that the newly opened proxy process is closed, and the uniqueness of the executing proxy process is ensured.
In the network auditing method based on the Linux process function, by means of a Linux process-level hook mechanism, network behaviors of processes are counted through rewriting read-write functions required by network communication, proxy processes are subjected to strategy combination, and counted network communication data takes the processes as dimensions, so that accurate monitoring and auditing of computing resources of the optical cat terminal equipment converged by the fog computing capability open platform are achieved, and decision basis is provided for further distributed capability dispatching.
Fig. 2 is a schematic diagram of a system architecture of a network auditing method based on Linux process functions according to an embodiment of the present invention. As shown in fig. 2, the network auditing method based on Linux process functions disclosed in the embodiment of the invention includes a proxy process and at least one auditing process, wherein the proxy process is used for controlling the starting and execution of the at least one auditing process. The proxy process also comprises a shared memory for acquiring and storing network communication data acquired by the at least one audit process in the executing process.
As shown in fig. 2, the at least one audit process includes a process loader, a dynamic library loader.so that implements overwriting all network communication related functions, and other dynamic libraries that remove network communication related functions from the corresponding subroutines. Wherein the process loader is part of a c-runtime (GLIBC) library for loading programs and dynamic libraries. The process loading library is an indispensable component for execution and codes, is a module in a user mode, and after a user starts a process, the user firstly loads a process loader module which is responsible for mapping a process file from a file form to a memory, loading a corresponding dependent module, initializing an executable module and initializing an environment required by the process, and finally calling a main entry point (main) of a program to execute real work. The loader's location in the module table is always the foremost one. The process loader has the ability to load additional dynamic libraries in addition to the dynamic libraries defined in the ELF structure of the program file.
Fig. 3 to 5 schematically illustrate an interaction flow of a network auditing method based on Linux process functions according to an embodiment of the present invention. In this embodiment, the network auditing method based on Linux process function is used for auditing and monitoring network traffic. The proxy process acts as a master process for inserting the traffic monitoring module and pulling up the target process (i.e., the audit process). Aiming at the subprocesses of different program applications, the target process loads a flow monitoring module, other modules which are dependent on the target process and loads corresponding subprocesses, and sets corresponding environment variables LD_PRELOAD, so that different subprocesses are mapped to corresponding audit processes. In the flow monitoring implementation process, the target process calls the receiver and the send to receive and send data, and the data is received by the flow monitoring module and used for recording flow data information in real time. Then the data is sent to the sub-process system, and the receiving and sending instructions are called to realize the receiving and sending of the data. The flow monitoring module stores the flow data recorded in real time into the shared memory, so that the main process can acquire the flow data, and further process level audit of the flow data is realized.
FIG. 6 is a schematic diagram showing amateur background during execution of a network auditing method based on Linux process function in the implementation of the present invention. In the process of executing the network auditing method based on the Linux process function, the proxy process transmits the flow data acquired in real time to the service background, and the flow data is displayed in real time through the corresponding display function module. As shown in fig. 6, the first display area 601 displays the current cpu occupancy of the corresponding process; the second display area 602 displays the current memory occupancy of the corresponding process; the third display area 603 displays the used space/remaining space/total space of the corresponding process; and a fourth display area 604 displays the current upload bandwidth of the corresponding process. And transmitting and displaying the corresponding flow data to the service background, so as to provide decision basis for further distributed capacity scheduling.
Fig. 7 is a schematic diagram of a network audit device based on a Linux process function in an embodiment of the invention. As shown in fig. 7, the embodiment of the invention further provides a network audit device based on Linux process functions, which comprises the following modules:
a starting module 701, configured to run a proxy process;
the function rewriting module 702 is configured to rewrite a corresponding process function in the dynamic library, so that the process function can read and write network communication information of an running process;
an environment variable setting module 703, configured to set an environment variable ld_pre load, and derive a sub-process through the proxy process;
an image module 704, configured to image the sub-process into an audit process by calling a function;
a reading module 705, configured to call the process function to obtain network communication data of the sub-process; and
and the sending module 706 is configured to send the network communication data to the proxy process.
In the network auditing device based on the Linux process function disclosed in the embodiment, by means of a Linux process-level hook mechanism, through rewriting a read-write function required by network communication, counting the network behavior of a process, carrying out strategy combination by a proxy process, and counting network communication data by taking the process as a dimension, thereby realizing accurate monitoring and auditing of computing resources of the optical cat terminal equipment converged by the fog computing capability open platform and providing decision basis for further distributed capability scheduling.
Fig. 8 is a schematic diagram of a network audit system based on Linux process functions in an embodiment of the invention. As shown in fig. 8, the embodiment of the present invention further provides a network audit system 800 based on a Linux process function, which runs on a light cat device terminal, and includes:
a memory 801 for storing a computer program;
a processor 802, configured to implement the steps of the aforementioned network auditing method based on Linux process functions when executing the computer program.
The network audit system 800 may include one or more memories 801 and one or more processors (centra lprocessing units, CPU) 802, where the memories 801 store at least one instruction that is loaded and executed by the processors 802 to implement the steps of the Linux process function-based network audit method provided by the above method embodiments. Of course, the network audit system 800 may also have wired or wireless network interfaces, a keyboard, and input/output interfaces for input and output. The network audit system 800 may also include other components for implementing device functions, which are not described in detail herein.
In an exemplary embodiment, an embodiment of the invention also provides a computer readable storage medium, such as a memory, including instructions executable by a processor in a terminal to perform the steps of the Linux process function-based network auditing method of the above embodiment. For example, the computer readable storage medium may be ROM, random Access Memory (RAM), CD-ROM, magnetic tape, floppy disk, optical data storage device, etc.
It will be understood by those skilled in the art that all or part of the steps for implementing the above embodiments may be implemented by hardware, or may be implemented by a program for instructing relevant hardware, where the program may be stored in a computer readable storage medium, and the storage medium may be a read-only memory, a magnetic disk or an optical disk, etc.
It should be understood that the technical features of the above-described embodiments may be combined in any manner, and for brevity, all of the possible combinations of the technical features of the above-described embodiments are not described, however, these technical features are not contradictory and should be considered as being within the scope of the present disclosure.
The foregoing is only a preferred embodiment of the present disclosure, and is not intended to limit the scope of the present disclosure, but all equivalent structural changes made using the description and drawings of the present disclosure are included in the scope of the present disclosure.
Claims (9)
1. The network auditing method based on the Linux process function is characterized by comprising the following steps:
running a proxy process;
rewriting a corresponding process function in the dynamic library, so that the process function can read and write network communication information of an operating process;
setting an environment variable LD_PRELOAD, and deriving a sub-process through the proxy process;
the agent process calls a switching subprocess through an exec function family calling system and images the switching subprocess as an audit process;
invoking the process function to obtain network communication data of the subprocess; and sending the network communication data to the proxy process;
the network auditing method further comprises the following steps:
and merging the network communication data through the audit process based on a preset audit strategy before sending the network communication data to the proxy process.
2. The network auditing method of claim 1, further comprising:
after the network communication data is sent to the proxy process, merging the network communication data through the proxy process based on a preset audit policy.
3. The network auditing method of claim 2, further comprising:
and after merging the network communication data through the proxy process based on a preset audit strategy, sending the merged network communication data to a service background.
4. The network auditing method of claim 1, further comprising:
before the process function is called, judging whether an executed proxy process exists or not; if yes, exiting the current proxy process; otherwise, the current proxy process is continued.
5. The network auditing method of claim 1, in which the process functions are all read-write dependent system functions; the step of rewriting the corresponding process function in the dynamic library comprises the following steps:
and judging the handle as a socket, and then rewriting the process function according to the reading and writing sequence of the timestamp, the source IP, the source port, the target IP, the target port and the protocol.
6. The network auditing method of claim 5, in which the process function is configured to have the same function name, incoming parameters, and outgoing parameters as the covered function; wherein the covered function is a system primitive function covered by the process function when the sub-process is executed.
7. A network auditing apparatus based on Linux process functions, comprising:
the starting module is used for running the proxy process;
the function rewriting module is used for rewriting the corresponding process function in the dynamic library, so that the process function can read and write the network communication information of the running process;
the environment variable setting module is used for setting an environment variable LD_PRELOAD and deriving a sub-process through the proxy process;
the mapping module is used for calling the switching subprocess by the agent process through the exec function family calling system and mapping the switching subprocess into an audit process;
the reading module is used for calling the process function to acquire network communication data of the subprocess; and
the sending module is used for sending the network communication data to the proxy process;
network audit device based on Linux progress function still includes:
and merging the network communication data through the audit process based on a preset audit strategy before sending the network communication data to the proxy process.
8. The network auditing system based on the Linux process function is characterized by running on a light cat equipment terminal and comprising the following components:
a memory for storing a computer program;
a processor for implementing the steps of the Linux process function based network auditing method according to any of claims 1 to 6 when executing the computer program.
9. A computer readable storage medium, characterized in that it has stored thereon a computer program which, when executed by a processor, implements the steps of the Linux process function based network auditing method according to any of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111279841.7A CN114024865B (en) | 2021-10-29 | 2021-10-29 | Network auditing method, device and system based on Linux process function |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111279841.7A CN114024865B (en) | 2021-10-29 | 2021-10-29 | Network auditing method, device and system based on Linux process function |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114024865A CN114024865A (en) | 2022-02-08 |
| CN114024865B true CN114024865B (en) | 2023-08-08 |
Family
ID=80059222
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111279841.7A Active CN114024865B (en) | 2021-10-29 | 2021-10-29 | Network auditing method, device and system based on Linux process function |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114024865B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN118228247A (en) * | 2024-04-25 | 2024-06-21 | 深圳昂楷科技有限公司 | Method, device, terminal equipment and storage medium for auditing database communication |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109271414A (en) * | 2018-12-05 | 2019-01-25 | 北京安华金和科技有限公司 | A kind of auditing method of the database local communication based on IPC |
| CN111026609A (en) * | 2019-12-06 | 2020-04-17 | 深信服科技股份有限公司 | Information auditing method, system, equipment and computer readable storage medium |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11265347B2 (en) * | 2017-09-18 | 2022-03-01 | Fortinet, Inc. | Automated testing of network security policies against a desired set of security controls |
-
2021
- 2021-10-29 CN CN202111279841.7A patent/CN114024865B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109271414A (en) * | 2018-12-05 | 2019-01-25 | 北京安华金和科技有限公司 | A kind of auditing method of the database local communication based on IPC |
| CN111026609A (en) * | 2019-12-06 | 2020-04-17 | 深信服科技股份有限公司 | Information auditing method, system, equipment and computer readable storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114024865A (en) | 2022-02-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11709705B2 (en) | Event proxies for functions-as-a-service (FaaS) infrastructures | |
| US6230312B1 (en) | Automatic detection of per-unit location constraints | |
| US8261354B2 (en) | System, method and program product for dynamically performing an audit and security compliance validation in an operating environment | |
| US20210026746A1 (en) | Systems, methods, and computer-readable media for processing telemetry events related to operation of an application | |
| JP4617317B2 (en) | System and method for autonomous management of network system using action-centric approach | |
| US11036522B2 (en) | Remote component loader | |
| US10884764B1 (en) | Optimizing managed runtime applications for serverless environments | |
| CN107391219B (en) | Function Compilation Method and device | |
| CN114024865B (en) | Network auditing method, device and system based on Linux process function | |
| US20230214229A1 (en) | Multi-tenant java agent instrumentation system | |
| US20100325738A1 (en) | Dynamic dual permissions-based data capturing and logging | |
| CN110187986A (en) | A kind of command management method, system, device and computer readable storage medium | |
| CN111538602A (en) | Message forwarding method and device for message queue | |
| CN110830759B (en) | Intelligent application deployment method, device and system | |
| CN116805946A (en) | Message request processing method and device, electronic equipment and storage medium | |
| CN108595178B (en) | Hook-based data acquisition method, device and equipment | |
| CN110401925A (en) | A kind of generation method and device of communication message | |
| CN115688102A (en) | Window processing method and device, processor and electronic equipment | |
| US11574090B2 (en) | System and method for simulating field device in industrial plant | |
| CN116264550A (en) | Resource slice processing method and device, storage medium and electronic device | |
| CN112632534A (en) | Malicious behavior detection method and device | |
| CN113536294B (en) | Method, device and readable medium for tracking card end and terminal instruction interaction | |
| CN114785847B (en) | Network control software development configuration method, terminal and storage medium | |
| CN114448691B (en) | Data forwarding method, data plane and switch | |
| CN115495398B (en) | Interface resource operation method, device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |