CN114390091A

CN114390091A - Batch host safety scanning and reinforcing method

Info

Publication number: CN114390091A
Application number: CN202210032072.9A
Authority: CN
Inventors: 常兴治; 张运泽; 刘帅帅; 龙霄汉; 高亮
Original assignee: Pengfei Software Technology Wuxi Co ltd
Current assignee: Pengfei Software Technology Wuxi Co ltd
Priority date: 2022-01-12
Filing date: 2022-01-12
Publication date: 2022-04-22

Abstract

The invention discloses a method for safely scanning and reinforcing a batch of hosts, belonging to the technical field of computer information, and comprising the following steps: in response to receiving the online host scanning instruction, scanning all online hosts in the local area network, and updating host information; in response to receiving a vulnerability scanning instruction, scanning a system vulnerability existing in the online host; and in response to receiving the host strengthening instruction, installing a vulnerability patch or setting a security policy for the host needing strengthening. By using the batch host safety scanning and reinforcing method disclosed by the invention, all hosts in the local area network can be subjected to operation, maintenance, management, scanning and safety reinforcement in batches, and the repetitive work of an administrator is avoided. The invention also discloses a batch host safety scanning and reinforcing system which can be rapidly deployed on the server and provides an easy-to-use and convenient operation interface for an administrator.

Description

Batch host safety scanning and reinforcing method

Technical Field

The invention relates to a batch host security scanning and reinforcing method, and belongs to the technical field of computer information.

Background

The world is under a new technological revolution and industrial change, digital technologies represented by internet, big data, artificial intelligence and the like are comprehensively permeated into all fields of economic society, and the world enters a digital economic era mainly characterized by interconnection of everything, data driving, software definition, platform support and intelligent domination.

According to the W3C statistics, the number of Web servers rises exponentially in 28 years: from the units of the 90 s to over 950 million in the 2000 s, while in the 2019 the total number of Web servers has exceeded 17 hundred million 1700 million. In addition, according to IDC (Internet data center) China server market tracking report in the second quarter of 2020, the market delivery of the China servers is 149.89 thousands of servers in the first half of 2020, which is increased by 8.6% on year-by-year basis; the market size is 92.77 billion dollars (about 657.00 billion yuan RMB), and the same ratio is increased by 19.4%. Wherein the market delivery of the X86 server is 148.09 thousands of servers, and the increase of the market delivery is 7.5 percent on year-on-year basis; the market size is 89.44 billion dollars (about 633.41 billion yuan RMB), and the same time increases 19.3%.

The direct consequence of the dramatic increase in the number of servers is the increase in the complexity of operation and maintenance. Generally, one operation and maintenance worker can easily maintain dozens of or even dozens of servers, and operation and maintenance can be effectively performed on a small number of servers by compiling common tool scripts, configuring timing tasks and the like. However, as the number of servers increases, the quantity of the servers becomes larger, so that the quality of the servers becomes higher, and the operation and maintenance management of the servers becomes more complicated; in addition, as the number of services increases, the operation and maintenance and shutdown of multiple services become more complicated.

Another very important and cumbersome task in operation and maintenance is security scanning, vulnerability discovery and system hardening of the server. When finding that a server has a security vulnerability or a potential safety hazard, an administrator needs to install a vulnerability patch, repair a system vulnerability in time, and protect the security of the system and the service, or perform security setting on the system, and intercept and protect possible attacks. When the number of the servers is small, an administrator can manually execute an installation script or a system configuration script to perform security reinforcement on the servers one by one.

When the number of the servers is large, the manual script execution mode wastes time and labor, the efficiency is extremely low, and mistakes and omissions are easy to occur. One possible solution for multiple servers is to configure a timing task on a server, and periodically obtain an installation patch from a software source server provided by the system officer through a software package manager and automatically install the patch.

However, there are many problems with the way in which installation patches are obtained from the package manager to the software source server and automatically installed. For example, some software bug patches may not be timely recorded in an official software source server, and an administrator needs to acquire information such as a patch package from a software provider and install the information by himself; in addition, part of servers are not connected with the Internet and cannot be connected with an official software source server to acquire the patch package; meanwhile, some services are incompatible or abnormal in operation after being upgraded, and even cause the server to be abnormally terminated; finally, some services need to keep the current version from updating, requiring an administrator to manually lock the version.

In summary, the following problems exist in the operation and maintenance of the existing server:

1) when the number of servers is large, the installation and configuration of a server system are troublesome, and a large amount of repeated work is filled;

2) safety scanning, vulnerability discovery, patch installation and system reinforcement of the server need to be completed manually by an administrator, and the automatic script has many limitations and cannot adapt to all conditions;

3) part of service patches or upgrade packages are required to be acquired by an administrator from a service or software provider and then distributed to a server for installation;

4) the upgrading strategy, the patch installation strategy and the security reinforcement strategy of different servers are possibly different and need to be distinguished by an administrator;

5) after partial software upgrade, the system may be incompatible or faulty in operation, and may even be aborted.

Disclosure of Invention

The invention aims to provide a batch host security scanning and reinforcing method, which realizes the functions of automatic system deployment, security scanning, patch installation, system reinforcement and the like of all servers in a computer room local area network, can automatically discover the servers in the local area network, and sets an updating strategy and a patch installation strategy for each server, thereby realizing batch management and operation and maintenance of a large batch of servers, reducing the workload of operation and maintenance personnel and improving the operation and maintenance efficiency.

In order to realize the purpose, the invention is realized by adopting the following technical scheme:

in a first aspect, the present invention provides a method for security scanning and reinforcing of hosts in batches, including:

the batch host security scanning and reinforcing method comprises an online host scanning method, a system vulnerability scanning method and a host reinforcing method.

In response to receiving the online host scanning instruction, scanning all online hosts in the local area network by using a host scanning method, and updating host information;

furthermore, when scanning, a network segment address (for example: 192.168.24.0/24) to be scanned needs to be specified, then a network segment host IP address list (for example: 192.168.24.2-192.168.24.254) is generated, then the network segment host IP address list is traversed, ICMP ECHO is sent out to each address, if the host is online, the ICMP ECHO is responded, all host IPs responding are recorded, and an online host IP list is generated;

after an online host IP list is generated, traversing the online host list, connecting the online host through a user name and a password, acquiring information such as the type, the version and the host name of an operating system of the host, and updating the information into a database;

in response to receiving a vulnerability scanning instruction, scanning a system vulnerability existing in the online host by using a system vulnerability scanning method;

further, the process of scanning the system vulnerability is that firstly, a vulnerability database is generated, the vulnerability database is composed of software, service and a system provider, vulnerability information is obtained from the provider by using a vulnerability database generation method, and the vulnerability database is generated. And then matching information from the vulnerability database according to the version of the host system and the installed software version, and generating system vulnerability information after matching.

In response to receiving a host reinforcing instruction, installing a vulnerability patch or setting a security policy for a host needing to be reinforced; the method comprises the steps of distributing vulnerability patches to corresponding hosts according to system vulnerability information, then automatically installing the corresponding hosts, and after the installation is finished, scanning the vulnerabilities of the hosts by using a system vulnerability scanning method again to confirm that the vulnerabilities are repaired.

Preferably, in order to implement batch operation, maintenance, management, scanning and security reinforcement of all hosts in the local area network, the method provides an automatic installation method of a server system, an automatic distribution method of an intranet patch, a management method of a server update strategy, and an automatic backup and rollback method of the system.

Furthermore, the automatic installation method of the server is that the system mirror image server is deployed in the network inside the machine room, after the server without the operating system is started, the system mirror image server is automatically searched from the network, the system mirror image is downloaded from the system mirror image server after the system mirror image server is found, then the system mirror image is installed, the whole process does not need the intervention of an administrator, and the system is automatically restarted and enters the system after the installation is finished.

Furthermore, in order to deal with the situation that part of servers cannot be connected with a software image server of the internet or part of patch packages do not exist in the software image server, an intranet patch automatic distribution method is used, firstly, a software source server is deployed in an internal network of a machine room (the server can be connected with the internet), and all software packages are obtained from an official software source server and stored in a local software source server. Meanwhile, the local software source server automatically acquires vulnerability and patch information from the software and service provider and stores the patch in the local software source server. When the server needs to download and install the patch package, the patch package is not acquired from an official software source server, but acquired from a local software source server through an intranet.

Furthermore, part of software does not provide a patch package, but repairs bugs in a new version, but because of application scenes and software compatibility problems, part of software needs to keep an old version and cannot be updated to an updated version, so the invention provides a server update strategy management method, and the version of the specified software of a specified server is locked without updating. In addition, in such a case, since the vulnerability still exists, it is necessary to reinforce the system security in terms of a firewall, a system security mechanism, network isolation, and the like.

Furthermore, because of compatibility between software and a system, after software update or patch installation, the software operation may be abnormal, even the system operation may be abnormally terminated and cannot be operated, the invention also discloses a system automatic backup and rollback method, before software upgrade or patch installation, the system is snapshot backed up, if after update, the system has compatibility problem, the system is rolled back to before update or installation. In this case, because the vulnerability cannot be fixed for a while due to the compatibility problem, it is also necessary to secure the system in terms of a firewall, a system security mechanism, network isolation, and the like.

By using the batch host safety scanning and reinforcing method disclosed by the invention, all hosts in the local area network can be subjected to operation, maintenance, management, scanning and safety reinforcement in batches, and the repetitive work of an administrator is avoided. In addition, the invention also discloses a batch host security scanning and reinforcing system which can be rapidly deployed on the server and provides an easy-to-use and convenient operation interface for an administrator.

Compared with the prior art, the invention has the following beneficial effects:

the invention provides a batch host security scanning and reinforcing method, which can realize the functions of rapid batch server system installation, server security scanning and vulnerability discovery, automatic patch distribution and installation, automatic system reinforcement and the like. By using the method and the system disclosed by the invention, frequent repetitive work of an administrator is avoided, and quick, batch, automatic and robust server batch management is realized.

Drawings

FIG. 1 is a flowchart illustrating the implementation of a surviving host scan according to an embodiment of the present invention;

FIG. 2 is a flowchart illustrating the implementation of server operating system type acquisition according to an embodiment of the present invention;

fig. 3 is a flowchart illustrating detailed system information acquisition according to an embodiment of the present invention;

FIG. 4 is a flow chart illustrating the implementation of system security enforcement provided by embodiments of the present invention;

FIG. 5 is a system architecture diagram of an embodiment of the present invention;

fig. 6 is a system flow diagram of an embodiment of the invention.

Detailed Description

The present invention is further described with reference to the accompanying drawings, and the following examples are only for clearly illustrating the technical solutions of the present invention, and should not be taken as limiting the scope of the present invention.

In a first aspect, the present invention provides a method for security scanning and reinforcing of hosts in batches, including: an online host scanning method, a system vulnerability scanning method and a host reinforcing method.

Referring to fig. 1, in response to receiving an online host scanning command, all online hosts in the local area network are scanned by using a host scanning method, which includes the following steps:

inputting: network segment addresses to be scanned (format: network/network prefix length, e.g.: 192.168.24.0/24)

And (3) outputting: online host IP Listing

101) Generating a host IP address list in a network segment, initializing a pointer position as a first element of the list, and turning to 102);

102) initializing an empty result list, go to 103);

103) send an ICMP ECHO packet to the IP address pointed to by the pointer, go to 104);

104) if a reply is received, go to 105), otherwise, go to 106);

105) add the IP address pointed to by the pointer to the result list, go to 106);

106) if the pointer points to the last element of the list, end, otherwise, go to 107);

107) the pointer is shifted back by one bit, going to 103).

Referring to fig. 2, after an online host list is obtained, an operating system fingerprint information base is established first, and since some implementations of TCP/IP are not mandatory in RFC standards, implementation schemes of TCP/IP in different systems may all have specific ways, these slight differences will be embodied in data packets of network communication, an operating system fingerprint may be generated after analyzing the data packets, a common operating system fingerprint information base is generated in advance, and a target operating system type may be roughly determined by comparing the data packet fingerprint with information in the fingerprint information base, where an example of a fingerprint is as follows:

Fingerprint Linux 2.6.18-2.6.24

Class Linux|Linux|2.6.X|general purpose

CPE cpe:/o:linux:linux_kernel:2.6auto

SEQ(SP＝BF-D1％GCD＝1-6％ISR＝C3-D1％TI＝Z％II＝I％TS＝8)

OPS(O1＝M538ST11NW7％O2＝M538ST11NW7％O3＝M538NNT11NW7％O4＝M538ST11NW7％O5＝M538ST11NW7％O6＝M538ST11)

WIN(W1＝16A0％W2＝16A0％W3＝16A0％W4＝16A0％W5＝16A0％W6＝16A0)

ECN(R＝Y％DF＝Y％T＝3B-45％TG＝40％W＝16D0％O＝M538NNSNW7％CC＝N％Q＝)

T1(R＝Y％DF＝Y％T＝3B-45％TG＝40％S＝O％A＝S+％F＝AS％RD＝0％Q＝)

T2(R＝N)

T3(R＝Y％DF＝Y％T＝3B-45％TG＝40％W＝16A0％S＝O％A＝S+％F＝AS％O＝M538ST11NW7％RD＝0％Q＝)

T4(R＝Y％DF＝Y％T＝3B-45％TG＝40％W＝0％S＝A％A＝Z％F＝R％O＝％RD＝0％Q＝)

T5(R＝Y％DF＝Y％T＝3B-45％TG＝40％W＝0％S＝Z％A＝S+％F＝AR％O＝％RD＝0％Q＝)

T6(R＝Y％DF＝Y％T＝3B-45％TG＝40％W＝0％S＝A％A＝Z％F＝R％O＝％RD＝0％Q＝)

T7(R＝Y％DF＝Y％T＝3B-45％TG＝40％W＝0％S＝Z％A＝S+％F＝AR％O＝％RD＝0％Q＝)

U1(DF＝N％T＝3B-45％TG＝40％IPL＝164％UN＝0％RIPL＝G％RID＝G％RIPCK＝G％RUCK＝G％RUD＝G)

IE(DFI＝N％T＝3B-45％TG＝40％CD＝S)

referring to fig. 2, after the operating system fingerprint information base is established, the type of the operating system is obtained by using a system information scanning method (first stage), which includes the following steps:

inputting: online host list

And (3) outputting: host information dictionary

201) Initializing the pointer location, the initial state pointing to the first element of the online host list, go to 202);

202) initializing a result dictionary, wherein the result dictionary is empty in an initial state, a key of the dictionary is an IP address, a value of the dictionary is a dictionary, and turning to 203);

203) sending a TCP/UDP packet to the IP address pointed to by the pointer, going to 204);

204) analyzing the returned data packet, comparing the data in the data packet with a predefined fingerprint database to obtain the type of the system, and turning to 205);

205) adding an element to the result dictionary, the key being an IP address, the value being a dictionary, and the format being similar: '192.168.24.101' { ' SystemType ': Linux 2.6.18-2.6.24' }, go to 206);

206) if the pointer points to the last element of the list, end, otherwise, go to 207);

207) the pointer is shifted back by one bit, go to 203).

The above method only roughly determines the type of the os (such as Linux-based os or Windows) to obtain the os type, and with reference to fig. 3, the system information scanning method (the second stage) is used to obtain accurate information of os type, version, hostname, and the like, and the process is as follows:

inputting: host information dictionary

And (3) outputting: host information dictionary

301) Initializing the pointer location, the initial state pointing to the first element of the online host list, go to 302);

302) obtaining a key value pair of a pointer pointing position, remotely controlling an IP address corresponding to a key in the key, and executing a specific instruction (one way of obtaining the instruction of the type and version of an operating system is to read a release configuration file of the operating system based on Linux; for the Windows operating system, the systeminfo command is executed; one way to get the hostname instruction is to execute the hostname instruction for Linux based operating systems and the systeminfo command for Windows operating systems) and get the command execution result, go to 303);

303) adding the obtained type and version of the operating system into a key value pair of the pointer position, wherein the modified result dictionary key value pair has similar format: '192.168.24.101' { ' SystemType ': Ubuntu ', ' Systemversion ': 20.04', ' hostname ': SweepingMonk ' }, go to 304);

304) if the pointer points to the last element of the list, end, otherwise, go to 305);

305) the pointer is shifted back by one bit, go to 302).

further, the process of scanning the system vulnerability is that firstly, a vulnerability database is generated, the vulnerability database is maintained by software, service and a system provider, vulnerability information is obtained from the provider through a crawler and is stored in a name vulnerability database in a database. And then matching information from the vulnerability database according to the version of the host system and the installed software version, and generating system vulnerability information after matching.

Specifically, two examples of vulnerability information in the database are:

example sources:

https://www.oracle.com/security-alerts/cpujan2018.html#AppendixMSQL

https://access.redhat.com/security/cve/CVE-2017-12652

the procedure of matching vulnerability information is that in response to receiving a vulnerability scanning instruction, a host to be scanned is remotely connected through a user name, a password and an IP address, a command is remotely executed in the host to be scanned, all software and software versions installed in the host to be scanned are obtained, then the host to be scanned is searched in a database, if a matched record exists in a vulnerability database, the vulnerability exists in the host to be scanned, for example, if the system version of the host to be scanned is detected to be Red Hat Enterprise Linux 7.3 and a patch file of libpng-1.5.13-8.el7.x86_64.rpm is not installed, the host has a CVE-2017 plus 12652 vulnerability. After vulnerability scanning is completed, a dictionary with the host IP address as a key and the vulnerability list as a value is obtained, and an example of the result dictionary is as follows:

{′192.168.24.101′:[′CVE-2018-2562′,′CVE-2017-12652′]}

executing a system vulnerability scanning method on a plurality of hosts to obtain a list, wherein list elements are result dictionaries obtained by matching vulnerability information, and a result example after the system vulnerability scanning method is as follows:

referring to fig. 4, in response to receiving a host consolidation instruction, installing a bug patch or setting a security policy for a host to be consolidated, the process is:

inputting: result list obtained after matching vulnerability information

And (3) outputting: result list after re-matching vulnerability information

401) Initializing the pointer location, the initial state pointing to the first element of the result list, go to 402);

402) retrieving a corresponding CVE number from a database, acquiring information such as a software name, an influence version, a patch number, a patch file and the like, and turning to 403);

403) if the patch file column exists information (i.e., the patch file exists), go to 404), if the patch file column does not exist information (i.e., the patch file does not exist), go to 406);

404) obtaining a patch file from a software source server of an intranet, and turning to 405);

405) install patch file, go to 408);

406) checking an upgrading strategy, checking whether the software which generates the current bug can be upgraded, if so, turning to 407), and if not, turning to 408);

407) acquiring updated software from a software source server of the intranet, installing the updated software, and turning to 408);

408) go to 410) if the pointer points to the last element of the list, otherwise go to 409);

409) moving the pointer backward by one, go to 402);

410) and rescanning the host vulnerability to obtain a result list.

One example of the process of host reinforcement is that if MySQL 5.7.18 is installed in the server to be scanned, if a record with a sequence number of 1 in the example is matched, a vulnerability corresponding to CVE-2018-2562 exists in the system to be scanned, and since a patch column is empty, the method for repairing the vulnerability is to upgrade the software version (for example, upgrade to 5.7.20); and if the scanned system version is Red Hat Enterprise Linux 7.3, matching the record with the serial number of 2 in the example, downloading the corresponding patch from the software source server and automatically installing the patch if the corresponding patch is RHSA-2020:3901 and the corresponding patch file is libpng-1.5.13-8.el7.x86_64. rpm. If the software source server has no updated version, the system can be reinforced only by configuring the system security policy, and waits for the software or the service provider to release the patch, wherein the security policy of the system is configured by multiple modes such as a firewall, a Selinux, a Windows Defender and the like, and the method simultaneously discloses a security policy configuration method, which comprises the following steps: firstly, configuring a security policy template, such as a firewall release port, a Selinux security policy and a Windows Defender security policy; then, transmitting configuration data to the template according to the actual situation; and distributing the security configuration to the host computer needing reinforcement, and automatically executing the security configuration. One example of a security policy template is:

iptables-A INPUT-p{PROTOCOL}--dport{PORT}-j{ACTION}

the security configuration can be generated by transferring data (PROTOCOL, PORT, ACTION in the example) into the template, and one example of the generated security configuration is:

iptables-A INPUT-p tcp--dport 80-j REJECT

referring to fig. 5, an implementation architecture of the method includes a management and control server, a system mirror server, a software source server, a database server, and a general server.

Specifically, the common server is a server which needs to be safely scanned and reinforced; the management and control server is provided with a system corresponding to one implementation mode of the method, the management and control server can remotely log in a common server through a network and execute operations such as system instructions, file copying and the like on the common server, an operation page is provided in the management and control server, an administrator can realize batch security scanning and reinforcement of the common server through simple configuration, and can configure an update strategy of each server (for example, keeping some old software versions from being upgraded); the database server stores system information (such as IP address, user name, password, scanned vulnerability and the like) of a common server; the system mirror image server stores the installation mirror image of the system and is used for automatically installing the server operating system; the software source server stores files and file information such as software packages, software package dependencies, patch packages and the like.

Further, in order to realize batch operation, maintenance, management, scanning and security reinforcement of all hosts in the local area network, the method provides an automatic installation method of a server system, an automatic distribution method of an intranet patch, a management method of a server updating strategy and an automatic backup and rollback method of the system.

Furthermore, the automatic installation method of the server is that the system mirror image server is deployed in the network inside the machine room, after the server without the operating system is started, the system mirror image server is automatically searched from the network, the system mirror image is downloaded from the system mirror image server after the system mirror image server is found, then the system mirror image is installed, the whole process does not need the intervention of an administrator, and the system is automatically restarted and enters the system after the installation is finished. Through the automatic installation method of the server, the initial states (such as user names and passwords) of all systems can be ensured to be consistent, an administrator can perform user operation (such as user adding, password modification, permission grant and the like) on a common server through the management and control server, and the modified information is stored in the database server.

Furthermore, in order to deal with the situation that part of servers cannot be connected with a software image server of the internet or part of patch packages do not exist in the software image server, an intranet patch automatic distribution method is used, firstly, a software source server is deployed in an internal network of a machine room (the server can be connected with the internet), and all software packages are obtained from an official software source server and stored in a local software source server. Meanwhile, the local software source server automatically acquires vulnerability and patch information from the software and service provider and stores the patch file in the local software source server. When the server needs to download and install the patch package, the patch package is not acquired from an official software source server, but acquired from a local software source server through an intranet.

By using the batch host safety scanning and reinforcing method disclosed by the invention, all hosts in the local area network can be subjected to operation, maintenance, management, scanning and safety reinforcement in batches, and the repetitive work of an administrator is avoided.

As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.

The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

The above description is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, several modifications and variations can be made without departing from the technical principle of the present invention, and these modifications and variations should also be regarded as the protection scope of the present invention.

Claims

1. A method for safely scanning and reinforcing a batch of hosts is characterized by comprising the following steps:

responding to the received online host scanning instruction, scanning all online hosts in a local area network by using a host scanning method, updating host information, firstly designating network segment addresses to be scanned, then generating a network segment host IP address list, traversing the network segment host IP address list, sending an ICMP ECHO to each address, responding to the ICMP ECHO if the hosts are online, recording all host IPs making responses, and generating an online host IP list;

in response to receiving a vulnerability scanning instruction, scanning a system vulnerability existing in an online host by using a system vulnerability scanning method, firstly generating a vulnerability database, and acquiring vulnerability information from a provider by using a vulnerability database generation method to generate the vulnerability database; matching information from the vulnerability database according to the version of the host system and the version of the installed software, and generating system vulnerability information after matching;

in response to receiving a host reinforcing instruction, installing a vulnerability patch for a host to be reinforced, or setting a security policy, distributing the vulnerability patch to a corresponding host according to system vulnerability information, then automatically installing, and after the installation is finished, scanning the host vulnerability by using a system vulnerability scanning method again to confirm that the vulnerability is repaired;

in order to realize batch operation, maintenance, management, scanning and security reinforcement of all hosts in a local area network, the method provides an automatic installation method of a server system, an automatic distribution method of an intranet patch, a management method of a server update strategy, and an automatic backup and rollback method of the system.

2. The method as claimed in claim 1, wherein after the online host IP list is generated, traversing the online host IP list, connecting the online hosts through a username and password, obtaining information of the hosts such as os type, os version, and host name, and updating the information into the database.

3. The method for scanning and reinforcing the safety of the hosts in batches according to claim 1, wherein the method for automatically installing the servers refers to deploying a system mirror image server in a network inside a computer room, automatically searching the system mirror image server from the network after the server without the operating system is started, downloading the system mirror image from the system mirror image server after the system mirror image server is found, and then installing the system mirror image.

4. The method as claimed in claim 1, wherein the intranet patch automatic distribution method comprises deploying a software source server in an intranet of the computer room, the server being connectable to the internet, acquiring all software packages from an official software source server, storing the software packages in the local software source server, automatically acquiring vulnerability and patch information from a software and service provider by the local software source server, storing the patch in the local software source server, and acquiring the patch package from the official software source server through the intranet when the server needs to download the patch package.

5. The method as claimed in claim 1, wherein the process of updating the policy management method for the server is to lock the version of the specific software of the specific server without upgrading, and in this case, the vulnerability still exists, so that the system security needs to be reinforced in the aspects of firewall, system security mechanism, network isolation, etc.

6. The method as claimed in claim 1, wherein the automatic backup and rollback method is performed before software upgrade or patch installation, and if compatibility problem occurs after update, the system is rolled back to before update or installation, and at this time, because the compatibility problem may not be repaired temporarily, security reinforcement is also required for the system in the aspects of firewall, system security mechanism, network isolation, and the like.