CN114756530B - Client information processing method based on bastion machine - Google Patents
Client information processing method based on bastion machine Download PDFInfo
- Publication number
- CN114756530B CN114756530B CN202210670804.7A CN202210670804A CN114756530B CN 114756530 B CN114756530 B CN 114756530B CN 202210670804 A CN202210670804 A CN 202210670804A CN 114756530 B CN114756530 B CN 114756530B
- Authority
- CN
- China
- Prior art keywords
- client
- information
- database
- bastion machine
- session
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/21—Design, administration or maintenance of databases
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/25—Integrating or interfacing systems involving database management systems
- G06F16/252—Integrating or interfacing systems involving database management systems between a Database Management System and a front-end application
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/28—Restricting access to network management systems or functions, e.g. using authorisation function to access network configuration
Landscapes
- Engineering & Computer Science (AREA)
- Databases & Information Systems (AREA)
- Theoretical Computer Science (AREA)
- Data Mining & Analysis (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Medicinal Preparation (AREA)
Abstract
The application discloses a client information processing method and a system based on a bastion machine, wherein the method comprises the following steps: the bastion machine acquires information of a first client logged on the bastion machine; the bastion machine calls a database client installed on the bastion machine under the control of the first client; the bastion machine accesses the database through the database client and sends the information of the first client in the access process; and the agent service and/or the auditing service acquire the information of the first client and associate the information of the first client with the session. The problem caused by the fact that the operation and maintenance personnel cannot acquire the information of the first client used by the operation and maintenance personnel when logging in the database through the bastion machine in the prior art is solved, so that the information of the first client can be acquired through the bastion machine and is notified to other services, and a basis is provided for subsequent processing of the other services.
Description
Technical Field
The application relates to the field of databases, in particular to a bastion machine-based client information processing method.
Background
In the prior art, in order to ensure the safety of the internal environment, when operation and maintenance personnel need to operate computer equipment in the internal environment, a bastion machine is used. The operation and maintenance personnel firstly log on the fort machine, the fort machine can store the operation executed by the operation and maintenance personnel in modes of recording a screen or recording the operation of a mouse and a keyboard, and the like, so that the operation and the maintenance of the operation and maintenance personnel can be monitored through the fort machine.
The bastion machine is also used in a database access scene, a database client is installed on the bastion machine, and after an operation and maintenance person logs in the bastion machine by using the client (the client used by the operation and maintenance person is called as a first client for distinguishing from the database client), the bastion machine logs in the database by using the database client of the bastion machine.
When accessing the database, it is necessary to control the access to the database (for example, audit the access), and when logging in the database using a database client on the bastion machine, only the operation performed from the bastion machine to the database can be acquired, and the information of the first client used by the operation and maintenance staff cannot be associated with the connection between the bastion machine and the database, so there is no way to control the access to the database based on the information of the first client.
Disclosure of Invention
The embodiment of the application provides a client information processing method based on a bastion machine, and at least solves the problem that in the prior art, when an operation and maintenance person logs in a database through the bastion machine, the information of a first client used by the operation and maintenance person cannot be acquired.
According to one aspect of the application, a bastion machine-based client information processing method is provided, and comprises the following steps: the method comprises the steps that the bastion machine acquires information of a first client logged on the bastion machine, wherein the first client is a client logged on the bastion machine, and the first client is used for controlling the bastion machine after logging on the bastion machine; the bastion machine calls a database client installed on the bastion machine under the control of the first client, wherein the database client is used for accessing a database; the bastion machine accesses the database through the database client and sends the information of the first client in the access process; and the agent service and/or the auditing service acquires the information of the first client and associates the information of the first client with a session, wherein the session is established by accessing the database by the database client.
Further, the step that the bastion machine sends the information of the first client through the database client comprises the following steps: the bastion machine acquires the information of the database, and attaches the information of the first client to the information of the database, wherein the information of the database is used for accessing the database; the bastion machine adds the information of the database and the information of the first client which is attached behind the information of the database to an access request; the bastion machine sends the access request to the database; the proxy service acquires the information of the first client, and the associating the information of the first client with the predetermined session comprises: the proxy service receives the access request, acquires and stores the information of the first client from the access request; the agent service deletes the information of the first client from the database after deleting the information of the first client, and sends an access request to the database after deleting the information of the first client so as to establish the session with the database; the proxy service associates information of the first client with the session.
Further, the adding, by the bastion machine, the information of the database and the information of the first client to the access request comprises: the bastion machine analyzes the access request according to the format of the access request to obtain a field used for storing the information of the database in the access request; and the bastion machine fills the information of the database and the information of the first client into the field.
Further, the step that the bastion machine sends the information of the first client comprises the following steps: the bastion machine sends the information of the first client and the connection information of the database client connected with the database to the auditing service; the auditing service associating the information of the first client with the session includes: the auditing service searches the session corresponding to the connection information in the established session, and associates the information of the first client with the session corresponding to the connection information after the session corresponding to the connection information is found, wherein the session corresponding to the connection information is the session established between the first client and the database through the database client after the first client logs in the bastion machine.
Further, the connection information includes a source IP address and a source port number of the database client, and a destination IP address and a destination port number of the database, where the database client establishes a connection with the destination IP address and the destination port number of the database using the source IP address and the source port number.
According to another aspect of the application, the bastion machine-based client information processing system comprises: the system comprises a bastion machine and at least one of audit service and proxy service, wherein the bastion machine is used for acquiring information of a first client logged on the bastion machine, the first client is a client logged on the bastion machine, and the first client is used for controlling the bastion machine after logging on the bastion machine; the bastion machine is used for calling a database client installed on the bastion machine under the control of the first client, wherein the database client is used for accessing a database; the bastion machine is used for accessing the database through the database client and sending the information of the first client in the accessing process; and the agent service and/or the audit service is used for acquiring the information of the first client and associating the information of the first client with a session, wherein the session is established by the database client accessing the database.
Further, the bastion machine is used for acquiring information of the database and attaching the information of the first client to the information of the database, wherein the information of the database is used for accessing the database; the bastion machine is used for adding the information of the database and the information of the first client which is attached behind the information of the database into an access request; the bastion machine is used for sending the access request to the database; the proxy service is configured to acquire the information of the first client, and associating the information of the first client with a predetermined session includes: the proxy service receives the access request, acquires and stores the information of the first client from the access request; the agent service is used for deleting the information of the first client from the database after the information of the first client is deleted, and sending an access request after the information of the first client is deleted to the database so as to establish the session with the database; the proxy service is configured to associate information of the first client with the session.
Further, the bastion machine is used for analyzing the access request according to the format of the access request to obtain a field used for storing the information of the database in the access request; the bastion machine is used for filling the information of the database and the information of the first client in the fields.
Further, the bastion machine is used for sending the information of the first client and the connection information of the database client connected with the database to the auditing service; the auditing service is used for searching the session corresponding to the connection information in the established session, and associating the information of the first client with the session corresponding to the connection information after the session corresponding to the connection information is found, wherein the session corresponding to the connection information is the session established between the first client and the database through the database client after the first client logs in the bastion machine.
Further, the connection information includes a source IP address and a source port number of the database client, and a destination IP address and a destination port number of the database, where the database client establishes a connection with the destination IP address and the destination port number of the database using the source IP address and the source port number.
In the embodiment of the application, the bastion host adopts a bastion host to acquire information of a first client logged on the bastion host, wherein the first client is a client logged on the bastion host, and the first client is used for controlling the bastion host after logging on the bastion host; the bastion machine calls a database client installed on the bastion machine under the control of the first client, wherein the database client is used for accessing a database; the bastion machine accesses the database through the database client and sends the information of the first client in the access process; and the agent service and/or the auditing service acquires the information of the first client and associates the information of the first client with a session, wherein the session is established by accessing the database by the database client. The problem caused by the fact that the operation and maintenance personnel cannot acquire the information of the first client used by the operation and maintenance personnel when logging in the database through the bastion machine in the prior art is solved, so that the information of the first client can be acquired through the bastion machine and is notified to other services, and a basis is provided for subsequent processing of the other services.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this application, are included to provide a further understanding of the application, and the description of the exemplary embodiments of the application are intended to be illustrative of the application and are not intended to limit the application. In the drawings:
fig. 1 is a flowchart of a bastion machine-based client information processing method according to an embodiment of the application.
Detailed Description
It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict. The present application will be described in detail below with reference to the embodiments with reference to the attached drawings.
It should be noted that the steps illustrated in the flowcharts of the figures may be performed in a computer system such as a set of computer-executable instructions and that, although a logical order is illustrated in the flowcharts, in some cases, the steps illustrated or described may be performed in an order different than here.
In the embodiment, a bastion machine-based client information processing method is provided, and fig. 1 is a flowchart of a bastion machine-based client information processing method according to an embodiment of the present application, as shown in fig. 1, the method includes the following steps:
and S102, the bastion machine acquires information of a first client logged on the bastion machine, wherein the first client is a client logged on the bastion machine, and the first client is used for controlling the bastion machine after logging on the bastion machine.
Step S104, the bastion machine calls a database client installed on the bastion machine under the control of the first client, wherein the database client is used for accessing a database;
step S106, the bastion machine accesses the database through the database client and sends the information of the first client in the access process;
step S108, the agent service and/or the audit service acquires the information of the first client and associates the information of the first client with a session, wherein the session is established when the database client accesses the database.
As an optional implementation manner, the broker service and/or the audit service may further perform an operation on the database in a session associated with the information of the first client, determine whether an illegal operation occurs, and if the illegal operation occurs, send the information of the first client to a bastion machine, where the bastion machine adds the information of the first client to a list, where the clients in the list are limited to log in to the bastion machine or limited to use the database client on the bastion machine.
As another optional embodiment, the bastion machine may further establish an association relationship between a first session and a second session, wherein the first session is established between a first client and the bastion machine, and the second session is established between a database client and a database on the bastion machine (i.e. the session), wherein the bastion machine acquires data packets in the first session and data packets in the second session at the same time, and the bastion machine determines whether a difference between times indicated by timestamps of the data packets in the first session and the data packets in the second session is within a predetermined range, and if the difference is within the predetermined range, establishes the association between the first session and the second session. After the association is established, after the agent service and/or the auditing service determines that the database operation carried out in the second session is illegal, the bastion machine is informed, the bastion machine searches a first session associated with the second session, acquires information of a first client in the first session (namely an IP address and a user name used for logging in the first client), and limits logging in the bastion machine by using the information of the first client.
By the steps, the problem that in the prior art, when the operation and maintenance personnel log in the database through the bastion machine, the information of the first client used by the operation and maintenance personnel cannot be acquired is solved, so that the information of the first client can be acquired through the bastion machine and is informed to other services, and a basis is provided for subsequent processing of other services.
The above steps relate to an agent service (or referred to as an agent program) and an audit service (or referred to as an audit program), and the following describes optional processes of the agent service and the audit service for obtaining the information of the first client, respectively.
The proxy service may intercept all messages sent by the database client to the database, in which case the bastion machine may send the first client's information to the proxy service whenever needed. For example, the information of the first client may be sent to the proxy service through an access request for establishing a database connection when the database connection is established.
The bastion machine acquires the information of the database, and attaches the information of the first client to the information of the database, wherein the information of the database is used for accessing the database; the bastion machine adds the information of the database and the information of the first client which is attached behind the information of the database to an access request; the bastion machine sends the access request to the database; the proxy service acquires the information of the first client, and the associating the information of the first client with the predetermined session comprises: the proxy service receives the access request, acquires and stores the information of the first client from the access request; the agent service deletes the information of the first client from the database after deleting the information of the first client, and sends an access request to the database after deleting the information of the first client so as to establish the session with the database; the proxy service associates information of the first client with the session.
For example, the bastion machine analyzes the access request according to the format of the access request to obtain a field used for storing the information of the database in the access request; and the bastion machine fills the information of the database and the information of the first client into the field. As an alternative embodiment, the information of the database and the information of the first client may be separated using a predefined special character.
The bastion machine can send information of the first client to the audit service in real time when the audit service is involved, for example, the bastion machine sends the information of the first client to the audit service after the first client logs in the bastion machine.
The auditing service may audit multiple sessions, and the association may be performed as follows: the auditing service searches the session corresponding to the connection information in the established session, and associates the information of the first client with the session corresponding to the connection information after the session corresponding to the connection information is found, wherein the session corresponding to the connection information is the session established between the first client and the database through the database client after the first client logs in the bastion machine.
The aforementioned connection information includes a source IP address and a source port number of the database client, and a destination IP address and a destination port number of the database, wherein the database client establishes a connection with the destination IP address and the destination port number of the database using the source IP address and the source port number.
This is described below in connection with an alternative embodiment. The present embodiment can be applied to a proxy mode and an audit mode, and the proxy mode will be described first.
In the proxy mode, the database client is installed on the bastion machine, the database client is connected with a proxy program (or called proxy service) on the firewall, and the database client accesses the database through the proxy program. And logging the operation and maintenance personnel into the bastion machine by using the client, and then logging in the database by using the database client on the bastion machine. In this mode, two clients are used, wherein the first client is a client used by an operation and maintenance person logging in the bastion machine and is called a first client in the embodiment; the second client is a client installed on the bastion machine for logging in the database, and is called a database client in the embodiment.
When an operation and maintenance person logs in the bastion machine by using the first client to use the database client, the operation and maintenance person does not need to input the user name and the password of the database, the operation and maintenance person only needs to select the logged-in database on the bastion machine, after the login is clicked, the bastion machine fills information of the database (such as the IP address, the user name, the password and the like of the database) in the database, and the logged-in information of the database (or called as database information) is used for logging in the database, wherein the function is called as a database information filling function.
In this embodiment, when the bastion machine fills the database information, the IP address and the user name of the first client are placed behind the user name of the database, and an access request is initiated to the database by using the IP address of the database. The agent program acquires and analyzes the access request sent by the bastion machine, and acquires and stores the IP address and the user name of the first client during analysis; then, the agent program replaces the IP address and the user name of the first client in the access request with the database user name (i.e., deletes the IP address and the user name of the first client after the user name of the database), and then sends the access request to the database.
In the embodiment, the bastion machine adds the information of the first client to the database access request, and the agent program replaces the added information of the first client with the information capable of accessing the database after receiving the database access request, and then accesses the database by using the information capable of accessing the database. Therefore, the database agent program can acquire the information of the first client using the bastion machine, and then the first client information is associated with the access of the database using the database client, so that the information of the first client used by the operation and maintenance personnel can be acquired.
In the embodiment, the bastion machine records what operation is performed on the database by the database client by the operation and maintenance personnel through the bastion machine at what time point according to the information of the first client, and the agent program records what operation is performed on the database by the first client through the bastion machine at what time point, so that the operation performed on the database client by the first client through the bastion machine can be related to the operation performed on the database by the bastion machine client through the agent program.
In the proxy mode, since the agent can acquire information of the first client, a predetermined rule may be configured in the agent in advance for the first client, so that the agent information can control access from the first client.
The present embodiment may also be applied to an audit mode, which is explained below.
Under the condition that the database audit needs to be carried out, after an operation and maintenance person logs in the bastion machine by using the first client, the database is accessed through the database client of the bastion machine, so that the audit program can only acquire the operation of which bastion machine is carried out, and no method is available for auditing the first client used by the operation and maintenance person. In order to solve the problem, the bastion machine needs to send the recorded information of the first client to an auditing system in real time, wherein the current active session (the session is the session of the bastion machine connected to the database) is recorded, and the information of the first client is updated to the session. The database can be accessed from the audit of the first client information to which operation and maintenance personnel use which bastion machine.
In the embodiment, the bastion machine sends information of logging in the bastion machine by an operation and maintenance person to an auditing program, the operation and maintenance person logs in the bastion machine through a first client, the bastion machine records an IP address and a logging account (namely a user name for logging in the first client) of the first client, and simultaneously after logging in a database, the bastion machine can also record the IP address and the port number of the database connected with the database client on the bastion machine. After receiving the information, the auditing equipment searches the active session, acquires the IP address and the port number of the database in the active session, matches the IP address and the port number of the database received from the bastion machine with the IP address and the port number of the database in the session, determines that the session is established with the database after the first client logs in the bastion machine after the successful matching, and further associates the information of the first client with the successfully matched session.
In this embodiment, after a session with a database is established by a bastion machine, an auditing program (or referred to as an auditing service) audits the session by using an auditing service in a mirror image mode, the auditing service establishes a TCP connection with the database according to information of the session, if the session is in an inactive state, the TCP connection established by the auditing service is deleted, and the auditing service searches whether a corresponding TCP connection exists according to a source IP address, a source port number, a destination IP address and a destination port number recorded in the session, and if the corresponding TCP connection exists, the session is in an active state.
In this embodiment, an electronic device is provided, comprising a memory in which a computer program is stored and a processor configured to run the computer program to perform the method in the above embodiments.
The programs described above may be run on a processor or stored in memory (or referred to as computer-readable media), which includes both non-transitory and non-transitory, removable and non-removable media, that enable storage of information by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
These computer programs may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks, and corresponding steps may be implemented by different modules.
In this embodiment, a system is provided, which is called a bastion machine-based client information processing system, and includes a bastion machine and a proxy service and/or an audit service, wherein the steps executed by the bastion machine, the proxy service and the audit service are already described above and will not be described in detail here.
The system or the apparatus is used for implementing the functions of the method in the foregoing embodiments, and each module in the system or the apparatus corresponds to each step in the method, which has been described in the method and is not described herein again.
The above are merely examples of the present application and are not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.
Claims (10)
1. A client information processing method based on a bastion machine is characterized by comprising the following steps:
the method comprises the steps that the bastion machine obtains information of a first client which logs on the bastion machine, wherein the first client is a client which logs on the bastion machine, and the first client is used for controlling the bastion machine after logging on the bastion machine;
the bastion machine calls a database client installed on the bastion machine under the control of the first client, wherein the database client is used for accessing a database;
the bastion machine accesses the database through the database client and sends the information of the first client in the accessing process;
and the agent service and/or the auditing service acquires the information of the first client and associates the information of the first client with a session, wherein the session is established by accessing the database by the database client.
2. The method of claim 1,
the step that the bastion machine sends the information of the first client through the database client comprises the following steps: the bastion machine acquires the information of the database and appends the information of the first client to the information of the database, wherein the information of the database is used for accessing the database; the bastion machine adds the information of the database and the information of the first client which is attached behind the information of the database to an access request; the bastion machine sends the access request to the database;
the proxy service acquires the information of the first client, and the associating the information of the first client with the predetermined session comprises: the proxy service receives the access request, acquires and stores the information of the first client from the access request; the agent service deletes the information of the first client from the database after deleting the information of the first client, and sends an access request to the database after deleting the information of the first client so as to establish the session with the database; the proxy service associates information of the first client with the session.
3. The method of claim 2, wherein the adding, by the bastion machine, the information of the database and the information of the first client to the access request comprises:
the bastion machine analyzes the access request according to the format of the access request to obtain a field for storing the information of the database in the access request;
and the bastion machine fills the information of the database and the information of the first client into the field.
4. The method of claim 1,
the step that the bastion machine sends the information of the first client comprises the following steps: the bastion machine sends the information of the first client and the connection information of the database client connected with the database to the auditing service;
the auditing service associating the information of the first client with the session includes: the auditing service searches the session corresponding to the connection information in the established session, and associates the information of the first client with the session corresponding to the connection information after the session corresponding to the connection information is found, wherein the session corresponding to the connection information is the session established between the first client and the database through the database client after the first client logs in the bastion machine.
5. The method of claim 4, wherein the connection information comprises a source IP address and a source port number of the database client, and a destination IP address and a destination port number of the database, wherein the database client establishes a connection with the destination IP address and the destination port number of the database using the source IP address and the source port number.
6. A client information processing system based on a bastion machine is characterized by comprising: a bastion machine and at least one of an audit service and an agent service, wherein,
the bastion machine is used for acquiring information of a first client logged on the bastion machine, wherein the first client is a client logged on the bastion machine, and the first client is used for controlling the bastion machine after logging on the bastion machine;
the bastion machine is used for calling a database client installed on the bastion machine under the control of the first client, wherein the database client is used for accessing a database;
the bastion machine is used for accessing the database through the database client and sending the information of the first client in the accessing process;
and the agent service and/or the audit service is used for acquiring the information of the first client and associating the information of the first client with a session, wherein the session is established by the database client accessing the database.
7. The system of claim 6,
the bastion machine is used for acquiring the information of the database and attaching the information of the first client to the information of the database, wherein the information of the database is used for accessing the database; the bastion machine is used for adding the information of the database and the information of the first client which is attached to the information of the database into an access request; the bastion machine is used for sending the access request to the database;
the proxy service is configured to acquire the information of the first client, and associating the information of the first client with a predetermined session includes: the proxy service receives the access request, acquires and stores the information of the first client from the access request; the agent service is used for deleting the information of the first client from the database after the information of the first client is deleted, and sending an access request after the information of the first client is deleted to the database so as to establish the session with the database; the proxy service is configured to associate information of the first client with the session.
8. The system of claim 7,
the bastion machine is used for analyzing the access request according to the format of the access request to obtain a field used for storing the information of the database in the access request; the bastion machine is used for filling the information of the database and the information of the first client in the field.
9. The system of claim 6,
the bastion machine is used for sending the information of the first client and the connection information of the database client connected with the database to the auditing service;
the auditing service is used for searching the session corresponding to the connection information in the established session, and associating the information of the first client with the session corresponding to the connection information after the session corresponding to the connection information is found, wherein the session corresponding to the connection information is the session established between the first client and the database through the database client after the first client logs in the bastion machine.
10. The system of claim 9, wherein the connection information comprises a source IP address and a source port number for the database client, and a destination IP address and a destination port number for the database, wherein the database client establishes a connection with the destination IP address and the destination port number for the database using the source IP address and the source port number.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210670804.7A CN114756530B (en) | 2022-06-15 | 2022-06-15 | Client information processing method based on bastion machine |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210670804.7A CN114756530B (en) | 2022-06-15 | 2022-06-15 | Client information processing method based on bastion machine |
Publications (2)
Publication Number | Publication Date |
---|---|
CN114756530A CN114756530A (en) | 2022-07-15 |
CN114756530B true CN114756530B (en) | 2022-08-19 |
Family
ID=82336607
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210670804.7A Active CN114756530B (en) | 2022-06-15 | 2022-06-15 | Client information processing method based on bastion machine |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114756530B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115150199B (en) * | 2022-09-02 | 2023-01-31 | 北京中安星云软件技术有限公司 | Database operation and maintenance client account management and control method, system, equipment and medium |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104618449A (en) * | 2014-12-31 | 2015-05-13 | 北京神州绿盟信息安全科技股份有限公司 | Web singe-point login implementing method and device |
CN108965388A (en) * | 2018-06-13 | 2018-12-07 | 新华三信息安全技术有限公司 | A kind of operation audit method and device |
CN109714345A (en) * | 2018-12-28 | 2019-05-03 | 中电福富信息科技有限公司 | A kind of character fort machine method and system of user's unaware |
CN112528337A (en) * | 2020-12-21 | 2021-03-19 | 中电福富信息科技有限公司 | WFP-based method for authorizing database high-risk commands in real time |
CN112887287A (en) * | 2021-01-18 | 2021-06-01 | 杭州安恒信息技术股份有限公司 | Fortress machine, operation and maintenance auditing method, electronic device and storage medium |
CN113886366A (en) * | 2021-10-25 | 2022-01-04 | 杭州安恒信息技术股份有限公司 | Database operation and maintenance method and device, electronic equipment and readable storage medium |
CN114238889A (en) * | 2021-12-13 | 2022-03-25 | 北京天融信网络安全技术有限公司 | Database login method and device |
CN114531304A (en) * | 2022-04-24 | 2022-05-24 | 北京安华金和科技有限公司 | Session processing method and system based on data packet |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8775498B2 (en) * | 2009-10-23 | 2014-07-08 | International Business Machines Corporation | Universal architecture for client management extensions on monitoring, control, and configuration |
-
2022
- 2022-06-15 CN CN202210670804.7A patent/CN114756530B/en active Active
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104618449A (en) * | 2014-12-31 | 2015-05-13 | 北京神州绿盟信息安全科技股份有限公司 | Web singe-point login implementing method and device |
CN108965388A (en) * | 2018-06-13 | 2018-12-07 | 新华三信息安全技术有限公司 | A kind of operation audit method and device |
CN109714345A (en) * | 2018-12-28 | 2019-05-03 | 中电福富信息科技有限公司 | A kind of character fort machine method and system of user's unaware |
CN112528337A (en) * | 2020-12-21 | 2021-03-19 | 中电福富信息科技有限公司 | WFP-based method for authorizing database high-risk commands in real time |
CN112887287A (en) * | 2021-01-18 | 2021-06-01 | 杭州安恒信息技术股份有限公司 | Fortress machine, operation and maintenance auditing method, electronic device and storage medium |
CN113886366A (en) * | 2021-10-25 | 2022-01-04 | 杭州安恒信息技术股份有限公司 | Database operation and maintenance method and device, electronic equipment and readable storage medium |
CN114238889A (en) * | 2021-12-13 | 2022-03-25 | 北京天融信网络安全技术有限公司 | Database login method and device |
CN114531304A (en) * | 2022-04-24 | 2022-05-24 | 北京安华金和科技有限公司 | Session processing method and system based on data packet |
Non-Patent Citations (1)
Title |
---|
基于堡垒机的屏幕录像系统的运维操作审计研究与实践;匡石磊;《网络安全技术与应用》;20211231(第6期);第8-10页 * |
Also Published As
Publication number | Publication date |
---|---|
CN114756530A (en) | 2022-07-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10447560B2 (en) | Data leakage protection in cloud applications | |
US11303647B1 (en) | Synthetic request injection to disambiguate bypassed login events for cloud policy enforcement | |
US11831683B2 (en) | Cloud object security posture management | |
US11757944B2 (en) | Network intermediary with network request-response mechanism | |
US11831685B2 (en) | Application-specific data flow for synthetic request injection | |
US11985168B2 (en) | Synthetic request injection for secure access service edge (SASE) cloud architecture | |
US11888902B2 (en) | Object metadata-based cloud policy enforcement using synthetic request injection | |
US11336698B1 (en) | Synthetic request injection for cloud policy enforcement | |
US11647052B2 (en) | Synthetic request injection to retrieve expired metadata for cloud policy enforcement | |
CN107786551B (en) | Method for accessing intranet server and device for controlling access to intranet server | |
CN114902612A (en) | Edge network based account protection service | |
CN112131205A (en) | Database blocking method and device | |
CN114756530B (en) | Client information processing method based on bastion machine | |
CN114531304B (en) | Session processing method and system based on data packet | |
CN113536304B (en) | Anti-detour method and equipment based on operation and maintenance audit system | |
US20230006898A1 (en) | A Method of Capturing Packets from a Container in a Cluster | |
CN113114794A (en) | Method and device for processing domain name based on secondary proxy | |
CN112069149A (en) | Database protocol analysis method and device | |
CN116841645A (en) | Database flow processing method and system for database audit | |
CN113660292B (en) | Method and device for acquiring information of calling client main body | |
CN113778709B (en) | Interface calling method, device, server and storage medium | |
CN108768987B (en) | Data interaction method, device and system | |
CN117093639B (en) | Socket connection processing method and system based on audit service | |
CN115118640B (en) | Database auditing processing method and system in presence of proxy equipment | |
CN116939131A (en) | Operation reproduction method and related system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |