CN114818005B - Linux system integrity checking method and system - Google Patents
Linux system integrity checking method and system Download PDFInfo
- Publication number
- CN114818005B CN114818005B CN202210417359.3A CN202210417359A CN114818005B CN 114818005 B CN114818005 B CN 114818005B CN 202210417359 A CN202210417359 A CN 202210417359A CN 114818005 B CN114818005 B CN 114818005B
- Authority
- CN
- China
- Prior art keywords
- file metadata
- file
- reference value
- metadata
- linux system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
- G06F21/46—Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
The application relates to a method and a system for checking the integrity of a Linux system, wherein the method comprises the following steps: verifying the file metadata modification behavior in the Linux system; carrying out integrity verification on the file metadata; updating the credible reference value of the file metadata; and auditing the operation behaviors, and monitoring and recording the operation behaviors of the file metadata in the Linux system. The method and the device have the advantages that integrity check is timely carried out on the file metadata in the Linux system, and the influence of modification or damage on the file metadata on the Linux system is reduced.
Description
Technical Field
The present application relates to the field of computer systems, and in particular, to a method and a system for checking integrity of a Linux system.
Background
Linux, known as GNU/Linux, is a UNIX-like operating system which is free to use and spread freely, and is a POSIX-based multi-user, multi-task, multi-thread-supporting and multi-CPU operating system. With the development of the internet, the Linux system is supported by software fans, organizations and companies all over the world.
The Linux system can be classified into files, and the operating system kernel is regarded as a file with respective characteristics or types including commands, hardware and software devices, processes and the like, and an operating object of the Linux system can be classified as an operation on the file, so that the integrity check of the Linux operating system mainly depends on the integrity check of the file system.
The integrity of the file comprises the integrity of the content of the file and the integrity of the metadata of the file, and the related art mainly focuses on the integrity check of the content of the file, and the integrity check of the metadata of the file involves less, especially the file path integrity check in the metadata of the file is insufficient, and if the file metadata information of the file is modified or damaged, the influence on the file system and the whole operating system is large.
Disclosure of Invention
In order to solve the above problems, the present application provides a method and a system for checking the integrity of a Linux system.
The Linux system integrity checking method and the Linux system provided by the application adopt the following technical scheme:
a Linux system integrity checking method comprises the following steps:
verifying the file metadata modification behavior in the Linux system;
performing integrity verification on the file metadata;
updating the credible reference value of the file metadata;
and auditing the operation behaviors, and monitoring and recording the operation behaviors of the file metadata in the Linux system.
By adopting the technical scheme, the file metadata modification behavior in the Linux is verified, so that whether the file metadata is modified or not is known, the integrity of the file metadata is verified, whether the file metadata is complete or not is known, the credible reference value of the file metadata is updated, whether the file metadata is complete or not can be further judged according to the credible reference value, and auditing corresponding to the operations is timely made for monitoring and recording the operation behavior of the file metadata in the Linux system.
Optionally, before verifying the file metadata modification behavior in the Linux system, the method further includes:
configuring a protection strategy for protecting the file metadata according to requirements;
generating an original credible reference value of the file metadata through a cryptographic algorithm based on the protection strategy;
and storing the credible reference value.
By adopting the technical scheme, the file metadata is protected before the modification behavior of the file metadata is verified, so that a protection strategy corresponding to the file metadata can be configured, the influence on the file metadata in the verification process is reduced, and the file metadata is protected from unauthorized modification.
Optionally, the verifying the file metadata modification behavior in the Linux system includes:
configuring a modification strategy for modifying the file metadata;
before modifying the file metadata, judging whether the file metadata is authorized to be modified or not based on the modification strategy;
if the file metadata is authorized, the modification of the file metadata is allowed;
if not, the modification of the file metadata is not authorized and allowed.
By adopting the technical scheme, the modification strategy for configuring and modifying the metadata of the file is formulated, and different file metadata are respectively configured based on the modification strategy so as to judge whether the file metadata is authorized to be modified, so that whether the behavior of modifying the file metadata is authorized or not can be known, and the file metadata is further protected from unauthorized modification.
Optionally, the integrity verification of the file metadata includes:
acquiring a configuration strategy and a verification password algorithm for verifying the file metadata;
processing the file metadata according to the corresponding cryptographic algorithm based on the configuration strategy to generate a processed trusted reference value;
comparing and judging whether the processed credible reference value is consistent with the original credible reference value;
if the file metadata are not consistent, the integrity of the file metadata is not trusted and cannot be modified.
By adopting the technical scheme, the integrity of the metadata can be verified according to the corresponding configuration strategy and the cryptographic algorithm.
Optionally, before the auditing of the above operations, the method further includes:
and regenerating the credible reference value of the file metadata after respectively carrying out modification behavior verification, integrity verification and credible reference value updating.
By adopting the technical scheme, the modification behavior verification and the integrity verification are carried out to regenerate the credible reference value of the file metadata so as to update the file metadata and prove that the modification behavior verification and the integrity verification are carried out.
Optionally, the auditing the behavior of the above operations includes:
obtaining an audit interface of a Linux system;
and auditing the operation behaviors based on the auditing interface.
By adopting the technical scheme, the operation behaviors such as whether the verification file is modified or not, the integrity of the verification file and the like are positioned and backtracked through the audit interface of the Linux system, and the file abnormality can be detected when the integrity of the file does not pass.
A Linux system integrity checking system comprising:
the modification behavior verification module is used for verifying the file metadata modification behavior in the Linux system;
the integrity verification module is used for verifying the integrity of the file metadata;
the credible reference value updating module is used for updating the credible reference value of the file metadata;
and the auditing module is used for auditing the behaviors and monitoring and recording the operation behaviors of the file metadata in the Linux system.
By adopting the technical scheme, the modification behavior verification module verifies the modification behavior of the file metadata in the Linux system, the integrity verification module verifies the integrity of the file metadata, the credible reference value updating module updates the credible reference value of the file metadata, and the auditing module audits the behaviors so as to detect the integrity of the file metadata in the Linux system and detect whether the file metadata is modified or not, thereby detecting the file abnormality.
In summary, the present application includes at least one of the following beneficial technical effects:
1. integrity check is carried out on file metadata in the Linux system in time, and the influence of modification or damage on a computer of the Linux system on the file metadata of the file is reduced;
2. the file metadata can be protected before the checking, and the influence of the checking process on the file metadata is reduced.
Drawings
FIG. 1 is a flow chart of a method for checking the integrity of a Linux system according to an embodiment of the present application;
FIG. 2 is a block flow diagram illustrating steps before step S110 in a method for checking the integrity of a Linux system according to an embodiment of the present application;
FIG. 2-1 is a description diagram of attribute types in an integrity check method for a Linux system according to an embodiment of the present application;
FIG. 3 is a block diagram of a flow chart of step S110 in the integrity checking method for the Linux system according to the embodiment of the present application;
FIG. 4 is a block diagram of a flow chart of step S120 in the integrity checking method for the Linux system according to the embodiment of the present application;
FIG. 4-1 is a design diagram of extended attributes in a method for checking integrity of a Linux system according to an embodiment of the present application;
FIG. 5 is a block diagram of a flow chart of step S140 in the integrity checking method for Linux system according to the embodiment of the present application;
FIG. 5-1 is an audit illustration diagram in a Linux system integrity check method according to an embodiment of the present application;
fig. 6 is a block diagram of a Linux system integrity checking system according to an embodiment of the present application.
Reference numerals: 1. a modification behavior verification module; 11. a policy configuration unit; 12. a judgment unit; 2. a protection module; 3. an integrity verification module; 4. a credible reference value updating module; 5. and an auditing module.
Detailed Description
The present application is described in further detail below with reference to the attached drawings.
For the integrity check of the operating system, mainly relying on the integrity check of the file system, the integrity of the file integrity includes the integrity of the file content and the integrity of the file metadata, the prior art mainly focuses on the integrity check of the file content, while the integrity check of the file metadata involves relatively few, especially the integrity check of the file path element in the metadata has deficiencies, and meanwhile, the cryptographic algorithm lacks the support of the cryptographic algorithm, and if the metadata information of the file is modified or damaged, the integrity check of the file path element is undoubtedly huge for the file system and the whole operating system.
The embodiment of the application discloses a method and a system for checking the integrity of a Linux system.
Referring to fig. 1, a method for checking the integrity of a Linux system includes the following steps:
and S110, verifying the file metadata modification behavior in the Linux system.
The file metadata respectively includes file attribute-related data such as a file path, a file name, security domain-related extensibility, authority, an owner (group) and the like, when the file metadata is modified, the attribute of the file is changed, such as a file path (filepath), the absolute path of a conventional file can be/etc/ssh/_ sshd _ config, the file path is changed, the original path of the file is invalid, the corresponding file is not easy to find, and therefore the modification behavior of the file metadata needs to be verified.
And S120, carrying out integrity verification on the file metadata.
When integrity verification is carried out on file metadata, file path, file name, security extension attribute, authority, owner (group) and other check points in the file metadata are mainly included, and default security extension attributes comprise IMA extension attribute values, linux mandatory access control and Linux capability control security extension attribute values. In other embodiments, the integrity verification of the file content mainly depends on a hash algorithm to hash the file to generate a hash value, and whether the hash value of the file is changed is compared to determine whether the file is modified, and in this embodiment, the integrity verification of the file metadata verifies different file metadata through a plurality of cryptographic algorithms including a digest algorithm, a Hash Message Authentication Code (HMAC), and a signature algorithm, and generates a trusted reference value of a corresponding stage for different stages of each file metadata, and verifies the file by comparing the trusted reference values, and the verification result is whether the file is complete, where the digest algorithm types include SM3, MD5, SHA1, and SHA256, and the signature algorithm includes: and national cryptographic algorithms such as RSA and SM 2.
The digest algorithms are mainly classified into three types, namely message digest MD (message digital), secure hash SHA (secure hash algorithm) and message authentication code MAC (message authentication code), and the three types of algorithms mainly serve to verify the integrity of data, and are used in the embodiment of the present application to verify the integrity of file metadata, and different digest algorithms are used according to different file metadata.
The message digests generated by the MD algorithm are 128 bits, and include MD2, MD4, and MD5, the MD5 algorithm with the highest security is used in the implementation of the present application, and in other embodiments, corresponding changes are made in combination with specific use scenarios.
The method comprises the steps that fixed-length abstract information is generated by an SHA algorithm and comprises SHA1 and SHA256, wherein the length of an input message of the SHA1 algorithm is smaller than 264bit, a final output result value is 160bit, the information abstract in file metadata is converted into a bit string by the SHA1 algorithm, the converted bit string is subjected to bit complementing operation, a length value is added, initialization caching is carried out, and then the information abstract is calculated; the SHA256 algorithm adds padding bits and length values, and initializes the cache to process 512-bit packet sequences, and finally outputs the result.
The MAC algorithm is a hash function algorithm containing a secret key, and comprises an MD (message digest) algorithm and an SHA (short Range Algorithm) series of message digest algorithms, and the secret key is added to an HMAC (high-speed alternating-current) algorithm in the MAC algorithm on the basis of the original MD algorithm and the SHA algorithm.
And S130, updating the credible reference value of the file metadata.
After integrity verification is carried out, the credible reference value of the file metadata changes, and at the moment, the credible reference value needs to be updated in time, so that the new credible reference value is verified when next detection is carried out conveniently.
And S140, auditing the operation behaviors, and monitoring and recording the operation behaviors of the file metadata in the Linux system.
When the behavior of the operation is examined, the behavior and the result of the operation can be recorded, for example, when integrity verification is performed, after the file name of a certain folder is detected to be changed, the event that the file is changed is recorded through auditing, and the changed situation can be traced back, and the time and the position of modification can be traced back.
The implementation principle of the Linux system integrity checking method in the embodiment of the application is as follows: the file metadata modification behavior in the Linux is verified, so that whether the file metadata is modified or not is known, the integrity of the file metadata is verified, whether the file metadata is complete or not is known, the credible reference value of the file metadata is updated, whether the file metadata is complete or not can be further judged according to the credible reference value, audit is timely made, the modified position of the file metadata and the incomplete position of the file are positioned and backtracked, and the influence on the file in the Linux system is reduced.
Referring to fig. 2, before verifying the file metadata modification behavior in the Linux system, the method further includes:
s210, configuring a protection strategy for protecting the metadata of the file according to requirements.
Since all files in the Linux system are not checked, only the more sensitive files are checked, for example, the files related to the parameter setting in the Linux system, the files related to the authority, the system kernel and other sensitive files, so that the protection policy includes the range of the protected file metadata, the integrity verification of the file metadata is performed only on the files to be evaluated, the protection modes of different file metadata are different, the corresponding algorithms are also different, and the protection policy further includes corresponding calculation for the corresponding file metadata.
And S220, generating an original credible reference value of the file metadata through a cryptographic algorithm based on the protection strategy.
In order to generate an original credible reference value corresponding to different attributes of file metadata, a cryptographic algorithm corresponding to each file metadata is set in a protection policy, and in the embodiment of the present application, a plurality of cryptographic algorithms can be supported, for example, a plurality of cryptographic algorithms including cryptographic algorithms such as cryptographic algorithms SM3, MD5, SHA1, SHA256, RSA, SM2, and the like, so as to implement calculation of an original credible reference value through an algorithm on sensitive data in Linux systems such as permissions of system files/directories, owner (group), MD5 value file sizes, and the like, so as to perform highly reliable attribute protection on the file metadata. After the Linux operating system is normally started, a configuration strategy for protecting the file metadata is set according to requirements, and for the metadata needing to be protected, an original credible reference value is generated by a practical cryptographic algorithm and is stored as original data.
And S230, storing the credible reference value.
Referring to fig. 2-1, since the system applied in the present application is a Linux system, the trusted reference value is also stored in the extended attribute of the corresponding file metadata, the trusted reference value includes the verification object metadata encrypted value and the type flag, and the trusted reference value is used as the trusted verification basis. In this embodiment, the extended attribute for storing the trusted reference value may be security.
security.lapm=<hash-type><algo-type><value>,
Since several algorithms are used, the type field of the extended attribute includes two bytes, the first byte is a digest algorithm type (hash-type), the second byte is a specific algorithm type (algo-type), and thus the last algorithm type is a composition of the two bytes, e.g., 0x0000 represents the SM3 digest algorithm, 0x0002 represents the RSA signature algorithm (where the SM3 digest is used), and 0x0000 represents the HMAC algorithm (where the SM3 digest is used).
The implementation principle of the embodiment of the application is as follows: the method comprises the steps that file metadata is also required to be protected when being modified in a Linux system, corresponding protection strategies are set, original credible reference values corresponding to different metadata are generated through a cryptographic algorithm based on the protection strategies, the original credible reference values can be regarded as original identification features of files, when the file metadata is changed, the credible reference values of the changed file metadata are different from the original credible reference values, and therefore the file metadata is identified to be changed, and therefore the file metadata can be protected through the original credible reference values.
Referring to fig. 3, the verification of the file metadata modification behavior in the Linux system includes the following steps:
s310, configuring a modification strategy for modifying the metadata of the file.
In order to protect the metadata of the conventional file from unauthorized modification, a modification policy for modifying the metadata of the file needs to be configured before modifying the metadata of the file, and in this embodiment, the modification policy specifies a protection range of the file, that is, which files cannot be modified without authorization and which files can be modified without authorization.
And S320, before modifying the file metadata, judging whether the file metadata is authorized to be modified or not based on a modification strategy.
When a user who does not belong to the Linux system administrator uses the computer of the Linux system, since it is unknown which files in the Linux system need to be modified only by authorization, before the user uses the computer of the Linux system, it is necessary to determine which file metadata are authorized to be modified and which file metadata are unauthorized to be modified through a modification strategy.
S330, if the file is authorized, the modification of the file metadata is described.
S340, if the file is not authorized, the modification of the file metadata is described.
Referring to fig. 4, the integrity verification of the file metadata includes the following steps:
s410, obtaining a configuration strategy of the metadata of the verification file and a verification password algorithm.
And S420, processing the file metadata according to the corresponding cryptographic algorithm based on the configuration strategy to generate a processed trusted reference value.
Referring to fig. 4-1, in the embodiment of the present application, the corresponding cryptographic algorithm includes a digest algorithm, an HMAC algorithm, and a signature algorithm. For example, a digest value is generated by obtaining a digest algorithm type and a parameter of the file metadata to be digested, and the digest value is a processed trusted reference value. The digest value is generated by the environment parameter at the time of setting, and the digest value is generated by the parameter flag held by the authentication object EA at the time of authentication. On the basis of the digest algorithm, the HMAC algorithm is used for protecting the digest value, and on the basis of the digest algorithm, the signature algorithm is used for protecting the digest value. After the user starts the operating system, the configuration of file metadata protection is set according to requirements, and for metadata needing protection, a trusted reference value is generated by using a cryptographic algorithm and is stored as original data, namely the original trusted reference value in the application.
And S430, comparing and judging whether the processed credible reference value is consistent with the original credible reference value.
The processed credible reference value is a credible reference value generated after the file in the Linux system is operated and the attribute in the file metadata is calculated and processed through a cryptographic algorithm.
And S440, if the file metadata are inconsistent, the integrity of the file metadata is not credible, and the file metadata cannot be modified.
When the modified trusted reference value is inconsistent with the original reference value, the integrity of the file metadata is changed, the file metadata is not trusted, and the file is not allowed to be modified. And when the judgment result is consistent, the file is not modified, the integrity of the file is credible, and the file can be modified.
The implementation principle of integrity verification of the file metadata in the embodiment of the application is as follows: processing the file metadata according to a corresponding cryptographic algorithm based on policy configuration to generate a processed trusted reference value, comparing the processed reference value with an original trusted reference value for protecting the file, and judging whether the processed reference value is consistent with the original trusted reference value, wherein when the trusted reference values are inconsistent, the file metadata is changed, and the file is not allowed to be modified.
After the integrity and the modification of the file are checked, the metadata of the file is changed in the checking process, so that the method further comprises the following steps before auditing the operations: and regenerating the credible reference value of the file metadata after respectively performing modification behavior verification, integrity verification and credible reference value updating.
The regenerated credible reference value is distinguished from the original credible reference value and the processed credible reference value, and the regenerated credible reference value can be used as the original reference value conveniently when the check is carried out again next time.
Referring to fig. 5, the above operations are all operations from step S110 to step S130, respectively, and the auditing of the behavior of the above operations includes the following steps:
and S510, obtaining an audit interface of the Linux system.
Referring to the audit graph of fig. 5-1, the audit interface audits the integrity of the file metadata, the control of the modification behavior, and the update type of the reference value based on the principle of the audit graph, and in this embodiment, the interface may be:
enumlapm_integrity_status{
INTEGRITY_PASS=0x0,
INTEGRITY_FAIL,
INTEGRITY_NOXATTRS,
INTEGRITY_UNKNOWN,
};
enumlapm_integrity_statusverify_lapmxattr(structdentry*dentry);
the audit interface is used for verifying the attribute INTEGRITY of the file metadata, returning INTEGRITY _ PASS when the INTEGRITY check is passed, and respectively outputting INTEGRITY _ FAIL, INTEGRITY _ NOXATTRS or INTEGRITY _ UNKNOWN according to the actual INTEGRITY condition when the INTEGRITY check is not passed.
And S520, auditing the operation behaviors based on an auditing interface.
Referring to fig. 6, in other embodiments, the present application further discloses a Linux system integrity checking system, including:
the modification behavior verification module 1 is used for verifying the file metadata modification behavior in the Linux system;
the integrity verification module 3 is used for verifying the integrity of the file metadata;
the credible reference value updating module 4 is used for updating the credible reference value of the file metadata;
and the auditing module 5 is used for auditing the operation behaviors, and monitoring and recording the operation behaviors of the file metadata in the Linux system.
Further comprising: and the protection module 2 is used for configuring a protection strategy for protecting the metadata of the file according to requirements. Generating an original credible reference value of the file metadata through a cryptographic algorithm based on the protection strategy; and storing the credible reference value. The protection module 2 in this embodiment can protect the conventional file metadata from unauthorized modification, and the file metadata includes: the file path, the file name, the security domain related extended attribute, the authority and the owner (group) are shown in the table, the verification file depends on the strategy configuration, the modification verification is not performed on all files by default, and the behavior control after the verification depends on the strategy checking result and the current system working mode.
The modification behavior verification module 1 includes:
a policy configuration unit 11, configured to configure a modification policy for modifying the metadata of the file;
a judging unit 12, configured to judge whether the file metadata is authorized to be modified based on a modification policy before modifying the file metadata;
if the file is authorized, the modification of the file metadata is indicated;
if not, the modification of the file metadata is not authorized and allowed.
The implementation principle of the Linux system integrity checking system in the embodiment of the application is as follows: the modification behavior verification module 1 verifies the modification behavior of the file metadata in the Linux system, the integrity verification module 3 verifies the integrity of the file metadata, the credible reference value updating module 4 updates the credible reference value of the file metadata, the auditing module 5 audits the behaviors of the operations, monitors and records the operation behavior of the file metadata in the Linux system, enables the integrity detection of the file metadata in the Linux system, and detects whether the file metadata is modified.
The above are preferred embodiments of the present application, and the scope of protection of the present application is not limited thereto, so: equivalent changes in structure, shape and principle of the present application shall be covered by the protection scope of the present application.
Claims (8)
1. A Linux system integrity checking method is characterized by comprising the following steps:
configuring a protection strategy for protecting the metadata of the file according to requirements, and setting a national cryptographic algorithm corresponding to each file metadata in the protection strategy, wherein the national cryptographic algorithm comprises various cryptographic algorithms including SM3, MD5, SHA1, SHA256, RSA and SM2, so as to calculate sensitive data in a Linux system of the authority, owner and MD5 value file size of a system file/directory through an algorithm to generate an original credible reference value and perform attribute protection on the file metadata;
generating an original credible reference value of the file metadata through a cryptographic algorithm based on the protection strategy;
storing the credible reference value;
verifying file metadata modification behaviors in a Linux system based on a modification strategy, comprising the following steps:
configuring a modification strategy for modifying the file metadata;
before modifying the file metadata, judging whether the file metadata is authorized to be modified based on the modification strategy;
if the file metadata is authorized, the modification of the file metadata is allowed;
if the file metadata is not authorized, the modification of the file metadata is not authorized to be allowed;
verifying different file metadata through a cryptographic algorithm, generating a credible reference value of a corresponding stage for different stages of each file metadata, and comparing according to the credible reference value to verify the integrity of the file metadata;
updating the credible reference value of the file metadata;
and auditing the operation behaviors, and monitoring and recording the operation behaviors of the file metadata in the Linux system.
2. The Linux system integrity checking method of claim 1, wherein the file metadata includes a plurality of file attributes including file path, file name, security domain related extensibility, authority, and owner.
3. The Linux system integrity checking method of claim 1, wherein the comparing against a trusted reference value to verify the integrity of the file metadata comprises:
acquiring a configuration strategy and a verification password algorithm for verifying the file metadata;
processing the file metadata according to the corresponding cryptographic algorithm based on the configuration strategy to generate a processed trusted reference value;
comparing and judging whether the processed credible reference value is consistent with the original credible reference value;
and if the file metadata are not consistent, the integrity of the file metadata is not credible, and the file metadata cannot be modified.
4. The Linux system integrity checking method of claim 1, further comprising, before the auditing the above operations:
and regenerating the credible reference value of the file metadata after respectively carrying out modification behavior verification, integrity verification and credible reference value updating.
5. The Linux system integrity checking method of claim 1, wherein the auditing of the behavior of the above operations comprises:
obtaining an audit interface of a Linux system;
and auditing the operation behaviors based on the auditing interface.
6. A Linux system integrity checking system, wherein the method of any one of claims 1-5 is applied, comprising:
the modification behavior verification module (1) is used for verifying the file metadata modification behavior in the Linux system;
the integrity verification module (3) is used for verifying the integrity of the file metadata;
the credible reference value updating module (4) is used for updating the credible reference value of the file metadata;
and the auditing module (5) is used for auditing the operation behaviors and monitoring and recording the operation behaviors of the file metadata in the Linux system.
7. The Linux system integrity checking system of claim 6, further comprising:
the protection module (2) is used for configuring a protection strategy for protecting the file metadata according to requirements;
generating an original credible reference value of the file metadata through a cryptographic algorithm based on the protection strategy;
and storing the credible reference value.
8. A Linux system integrity checking system according to claim 7, wherein the modification behavior verification module (1) comprises:
a policy configuration unit (11) for configuring a modification policy for modifying the file metadata;
a judging unit (12) for judging whether the file metadata is authorized to be modified based on the modification policy before modifying the file metadata;
if the file metadata is authorized, the modification of the file metadata is described;
if not, the modification of the file metadata is not authorized and allowed.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210417359.3A CN114818005B (en) | 2022-04-20 | 2022-04-20 | Linux system integrity checking method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210417359.3A CN114818005B (en) | 2022-04-20 | 2022-04-20 | Linux system integrity checking method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114818005A CN114818005A (en) | 2022-07-29 |
| CN114818005B true CN114818005B (en) | 2023-03-31 |
Family
ID=82504973
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210417359.3A Active CN114818005B (en) | 2022-04-20 | 2022-04-20 | Linux system integrity checking method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114818005B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116561811A (en) * | 2023-07-11 | 2023-08-08 | 北京智芯微电子科技有限公司 | File credibility tamper-proof method and device and electronic equipment |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104751048B (en) * | 2015-01-29 | 2017-12-15 | 中国科学院信息工程研究所 | A kind of dynamic link library integrity measurement method under pre-linking mechanism |
| US10642796B2 (en) * | 2017-07-18 | 2020-05-05 | International Business Machines Corporation | File metadata verification in a distributed file system |
| CN113139213A (en) * | 2021-05-13 | 2021-07-20 | 中国工商银行股份有限公司 | Multi-version data integrity cloud auditing method and system |
| CN113190831A (en) * | 2021-05-27 | 2021-07-30 | 中国人民解放军国防科技大学 | TEE-based operating system application integrity measurement method and system |
-
2022
- 2022-04-20 CN CN202210417359.3A patent/CN114818005B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN114818005A (en) | 2022-07-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8533492B2 (en) | Electronic device, key generation program, recording medium, and key generation method | |
| US8132257B2 (en) | Anti-virus method based on security chip | |
| US8713686B2 (en) | System and method for reducing antivirus false positives | |
| US8055912B2 (en) | Method and system for bootstrapping a trusted server having redundant trusted platform modules | |
| JP4769608B2 (en) | Information processing apparatus having start verification function | |
| KR100974161B1 (en) | System and method for authenticating software using hidden intermediate keys | |
| JP3363379B2 (en) | Method and apparatus for protecting application data in a secure storage area | |
| US7607122B2 (en) | Post build process to record stack and call tree information | |
| JP2006511877A (en) | System and method for detecting software tampering by proactively | |
| TW201516733A (en) | System and method for verifying changes to UEFI authenticated variables | |
| CN113190831A (en) | TEE-based operating system application integrity measurement method and system | |
| JP6846457B2 (en) | Automatic verification method and system | |
| CN114818005B (en) | Linux system integrity checking method and system | |
| JP2023534502A (en) | Advanced ransomware detection | |
| US20040260968A1 (en) | Server with file verification | |
| CN117610083A (en) | File verification method and device, electronic equipment and computer storage medium | |
| CN116707885A (en) | Secure and trusted starting method and system for generating random key based on TPCM | |
| CN115795432A (en) | Program integrity verification system and method suitable for read-only file system | |
| CN115357908A (en) | Network equipment kernel credibility measurement and automatic restoration method | |
| CN109977665B (en) | Cloud server starting process anti-theft and anti-tampering method based on TPCM | |
| TWI829608B (en) | System and method for securing data files | |
| WO2023112170A1 (en) | Log output device, log output method, and log output program | |
| CN117235747B (en) | Method for modifying BIOS startup password under LINUX | |
| JP7031070B1 (en) | Program processing device, program processing method, and program | |
| CN117574333A (en) | Verification method for License validity period of backup software |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |