CN115221136A - Log tamper-proof verification system, method and device and computer equipment - Google Patents
Log tamper-proof verification system, method and device and computer equipment Download PDFInfo
- Publication number
- CN115221136A CN115221136A CN202110405581.7A CN202110405581A CN115221136A CN 115221136 A CN115221136 A CN 115221136A CN 202110405581 A CN202110405581 A CN 202110405581A CN 115221136 A CN115221136 A CN 115221136A
- Authority
- CN
- China
- Prior art keywords
- log
- server
- log file
- verification
- object storage
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/18—File system types
- G06F16/1805—Append-only file systems, e.g. using logs or journals to store data
- G06F16/1815—Journaling file systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/30—Information retrieval; Database structures therefor; File system structures therefor of unstructured textual data
- G06F16/34—Browsing; Visualisation therefor
- G06F16/345—Summarisation for human users
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Databases & Information Systems (AREA)
- Data Mining & Analysis (AREA)
- Bioethics (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
The application provides a log tamper-proof verification system, a method, a device, a computer device and a storage medium, wherein the system comprises: the system comprises a first server, a second server, an object storage server and a block chain, wherein the first server is used for acquiring a log file uploaded by a client, sending the log file to the object storage server for storage, generating a block containing an information abstract of the log file, and sending the block to the block chain; and the second server is used for responding to the verification request, acquiring the information summary corresponding to the log to be verified from the block chain and verifying the log file acquired from the object storage server. According to the scheme, when verification is carried out, the information abstract stored on the block chain is obtained by using the non-tamper-proof property of the block chain storage, and verification is carried out on the log file in the object storage server, so that the accuracy of tamper-proof verification is improved, and the storage safety of the log file is further improved.
Description
Technical Field
The present application relates to the field of information security technologies, and in particular, to a system, a method, an apparatus, a computer device, and a storage medium for log tamper-proof verification.
Background
With the continuous development of information technology and the internet, administrative systems and business systems of enterprises and government departments are digitized and electronized. Electronic systems inevitably store confidential information, and in order to regulate operations on confidential data, electronic systems need to keep operation logs on critical confidential data to ensure that data is not lost.
In the prior art, an electronic system usually identifies and records abnormal conditions of an operation log through log audit, and the safety of the electronic system is influenced due to the lack of response to the abnormity of the operation log.
Disclosure of Invention
In view of the foregoing, it is necessary to provide a log tamper-proof verification system, method, apparatus, computer device and storage medium for the technical problem of security of an operation log of an electronic system in the prior art.
A log tamper-resistant verification system comprising: first server, second server, object storage server and block chain, wherein:
the first server is used for acquiring the log file uploaded by the client; sending the log file to an object storage server for storage; acquiring an information abstract corresponding to the log file, generating a block containing the information abstract, and sending the block to a block chain;
the second server is used for responding to a verification request, acquiring a log to be verified corresponding to the verification request, and acquiring a log file corresponding to the log to be verified from the object storage server; acquiring an information abstract corresponding to the log to be checked from the block chain; and verifying the log file according to the information abstract, and obtaining an anti-tampering verification result of the log file stored in the object storage server according to a verification result.
In one embodiment, the object storage server is further configured to obtain a read-write request of a client for the log file, perform permission verification on the client according to a preconfigured operation permission, and if the permission verification passes, execute read-write operation for the log file.
In one embodiment, the system further comprises a log audit server, wherein the log audit server is used for carrying out format verification on the log file uploaded by the client according to a preset audit format;
and the first server is further used for sending the log file with qualified format verification to the object storage server for storage.
In one embodiment, the system further comprises a relational database for receiving and storing metadata information of the log file sent by the first server; the relational database is used for being accessed by the second server to acquire the storage state of the log file.
A log anti-tampering processing method is applied to a first server and comprises the following steps:
acquiring a log file uploaded by a client;
sending the log file to an object storage server for storage;
and acquiring an information abstract corresponding to the log file, generating a block containing the information abstract, and sending the block to a block chain.
A log anti-tampering verification method is applied to a second server and comprises the following steps:
responding to a verification request, and acquiring a log to be verified corresponding to the verification request;
acquiring a log file corresponding to the log to be verified from an object storage server; the log file is stored to the object storage server through a first server;
acquiring an information abstract corresponding to the log to be checked from the block chain; the information abstract is generated according to the log file and is stored to the block chain through a first server;
performing tamper-proof verification on the log file stored in the object storage server according to the information abstract to obtain a tamper-proof verification result;
and if the anti-tampering check result indicates that the log file is tampered, issuing an alarm notice.
In one embodiment, if there are multiple logs to be verified carried in the verification request, after the obtaining of the logs to be verified carried in the verification request, the method further includes:
adding a plurality of logs to be checked into a check queue;
and accessing the check queue, sequentially acquiring the logs to be checked in the check queue according to the adding sequence, and performing tamper-proof check on the current logs to be checked.
A log tamper-resistant processing device is applied to a first server and comprises:
the log file acquisition module is used for acquiring the log file uploaded by the client;
the object storage module is used for sending the log file to an object storage server for storage;
and the uplink module is used for acquiring the information abstract corresponding to the log file, generating a block containing the information abstract and sending the block to a block chain.
A log tamper-proof verification device is applied to a second server and comprises:
the log to be verified acquisition module is used for responding to a verification request and acquiring a log to be verified corresponding to the verification request;
the verification log file acquisition module is used for acquiring a log file corresponding to the log to be verified from the object storage server; the log file is stored to the object storage server through a first server;
the information abstract acquisition module is used for acquiring an information abstract corresponding to the log to be checked from the block chain; the information abstract is generated according to the log file and is stored to the block chain through a first server;
the verification result acquisition module is used for carrying out anti-tampering verification on the log file stored in the object storage server according to the information abstract to obtain an anti-tampering verification result;
and the alarm notification module is used for issuing an alarm notification if the anti-tampering verification result indicates that the log file is tampered.
A computer device comprising a memory storing a computer program and a processor implementing the steps of any of the above method embodiments when executing the computer program.
A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of any of the above-mentioned method embodiments.
The system comprises a first server, a second server, an object storage server and a block chain, wherein the first server is used for acquiring a log file uploaded by a client, sending the log file to the object storage server for storage, acquiring an information abstract of the log file, generating a block and sending the block to the block chain; the second server is used for responding to the checking request, obtaining the log to be checked corresponding to the checking request, obtaining the corresponding information abstract from the block chain, checking the corresponding log file obtained from the object storage server, and obtaining the anti-tampering checking result of the log file. According to the scheme, when verification is carried out, the information abstract stored on the block chain is obtained by using the non-tamper-proof property of the block chain storage, and verification is carried out on the log file in the object storage server, so that the accuracy of tamper-proof verification is improved, and the storage safety of the log file is further improved.
Drawings
FIG. 1 is a block diagram of a log tamper-resistant verification system in one embodiment;
FIG. 2 is a block diagram of a log tamper-proof verification system in another embodiment;
FIG. 3 is a flowchart illustrating a method for tamper-resistant processing of a log according to an embodiment;
FIG. 4 is a flowchart illustrating a log tamper-proof verification method according to an embodiment;
FIG. 5 is a block diagram showing the structure of a tamper-resistant log processing device according to an embodiment;
FIG. 6 is a block diagram showing the structure of a tamper-proof log checker in one embodiment;
FIG. 7 is a diagram illustrating an internal structure of a computer device according to an embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
It should be noted that the term "first \ second" referred to in the embodiments of the present invention only distinguishes similar objects, and does not represent a specific ordering for the objects, and it should be understood that "first \ second" may exchange a specific order or sequence when allowed. It should be understood that "first \ second" distinct objects may be interchanged under appropriate circumstances such that embodiments of the invention described herein may be practiced in sequences other than those illustrated or described herein.
In the present disclosure, a log file refers to a record file or a file set for recording system operation events, which can be divided into an event log and a message log, and has important functions of processing historical data, tracing diagnosis problems, understanding system activities, and the like.
In the disclosure, the blockchain refers to a distributed shared account book and a database, and data or information stored in the blockchain has the characteristics of decentralization, non-falsification, whole-course trace retention, traceability, collective maintenance, public transparency and the like, and relates to computer technologies such as distributed data storage, point-to-point transmission, a consensus mechanism, an encryption algorithm and the like.
In the present disclosure, an object store server may be used to perform an object store service. The object storage service can be an object-based mass storage service, and provides mass, safe, highly reliable and low-cost data storage capability. The Object Storage Service may be developed autonomously or may adopt an existing commercial architecture, such as an Object Storage Service (OSS), an Object Storage Service (OBS), or the like.
In the present disclosure, the log audit server may be used to perform log audit service, and the log audit service may collect logs, including operations, alarms, operations, messages, states, and the like, generated by devices such as security devices, network devices, databases, servers, application systems, hosts, and the like, which are common in electronic systems, and perform storage, monitoring, auditing, analysis, alarming, responding, and reporting.
In the present disclosure, a relational database refers to a database that uses a relational model to organize data, and stores data in the form of rows and columns, a series of rows and columns of the relational database are called tables, a group of tables form the database, and a user searches data in the database through a query. The relational database can adopt Oracle database, mySQL, microsoft SQL Server and the like.
In one embodiment, a log tamper-proof verification system is provided, as shown in fig. 1, which may include a first server, a second server, an object storage server, and a blockchain, where the first server, the second server, and the object storage server may be implemented by using an independent server or a server cluster composed of a plurality of servers.
In this disclosure, the first server may be configured to obtain a log file uploaded by the client.
The client can generate log files, and the client can be various personal computers, notebook computers, smart phones, tablet computers and the like. The client may send the generated log file to the first server according to the management configuration of the corresponding log file, and the first server performs tamper-resistant processing on the log file.
The log files uploaded by the client can be uploaded through an encryption transmission protocol, so that the safety and the confidentiality of the data transmission process are improved.
In the present disclosure, the first server may send the log file to the object storage server for storage.
The first server can directly send the obtained log file to the object storage server. Or configuring a format check rule, screening the log files which do not accord with the check rule, and only sending the log files which pass the check to the object storage server for storage.
The object storage server may be a distributed storage, and may back up multiple copies of the acquired log file to prevent the log file from being lost or damaged.
In this disclosure, the first server may obtain the information digest corresponding to the log file, generate a block including the information digest, and send the block to the block chain.
The message digest refers to encrypted information extracted from the log file according to an encryption algorithm, and the encrypted information can be used for verifying the log file. The encryption algorithm may be the MD5 algorithm, the SHA-256 algorithm, etc.
Where a block refers to a carrier for storing data information, each block contains the ID of the previous block, so that the last block in the block chain can be found from this ID. The block may store a message digest of the log file and then send the message digest to the block chain through the first server.
In this disclosure, the second server may be configured to respond to the verification request and obtain the log to be verified corresponding to the verification request.
The verification request refers to a request sent by the first server or the associated third-party server, and is used to indicate that a certain log is verified, where the verification request may carry information corresponding to the log, such as log identification information. The second server may determine the log to be verified corresponding to the verification request according to the information carried in the verification request.
In the present disclosure, the second server may acquire a log file corresponding to a log to be verified from the object storage server; acquiring an information abstract corresponding to the log to be checked from the block chain; and verifying the log file according to the information abstract, and obtaining an anti-tampering verification result of the log to be verified stored in the object storage server according to the verification result.
The log file corresponding to the log to be verified is a target of tamper-proof verification, and the information digest corresponding to the log to be verified is verification information for performing tamper-proof verification.
The log file may be verified according to the information digest, and the second server may process the log file according to an encryption algorithm used when the information digest is extracted to obtain a current information digest, and compare the current information digest with the information digest acquired on the block chain to obtain a verification result.
And the anti-tampering check result means that the log file corresponding to the log to be checked is tampered or not tampered. The second server may provide corresponding processing measures for various types of tamper-proof verification results, such as issuing a tamper alarm or prompting that the verification is passed.
The tamper-proof verification system acquires the log file uploaded by the client through the first server, sends the log file to the object storage server for storage, acquires the information abstract of the log file, generates a block and sends the block to the block chain; and responding to the verification request through the second server, acquiring the log to be verified corresponding to the verification request, acquiring the corresponding information abstract from the block chain, and verifying the log file acquired from the object storage server to obtain an anti-tampering verification result aiming at the log file. According to the scheme, when the anti-tampering verification is carried out, the information abstract stored on the block chain is obtained by utilizing the non-tampering property of the block chain storage, and the log file in the object storage server is verified, so that the accuracy of the anti-tampering verification is improved, and the safety of the log file is further improved.
In an embodiment, the object storage server may be further configured to obtain a read-write request of the client for the log file, perform permission verification on the client according to a preconfigured operation permission, and execute a read-write operation for the log file if the permission verification passes.
In the present disclosure, the preconfigured operation authority may be implemented by an Access Control List (ACL), and the ACL may use a source address, a destination address, and a port number as basic elements for packet inspection, and may specify whether a packet meeting a condition is allowed to pass through. In the object storage server, the access right to the corresponding storage space can be configured through an ACL to prevent unauthorized operation on the log file, for example, it can be configured that only an authorized object can perform read-write operation on the file of the storage space.
According to the scheme of the embodiment, the permission of the client side for reading and writing the file in the object storage server is limited by configuring the operation permission, so that unauthorized operation of the log file is prevented, and the safety of the log file in the object storage service is improved.
In an embodiment, the log tamper-proof verification system further includes a log audit server, and the log audit server may be configured to perform format verification on a log file uploaded by the client according to a preset audit format.
In the present disclosure, the audit format refers to the requirements of the system on log format, field, etc. to improve the normalization of the log. Or the third party organization can audit the log. The log audit server can discard log files which do not meet the requirement of the audit format, and upload the log files which pass format verification to the object storage server through the first server, so that the normalization of the log files in distributed storage is improved, and the storage efficiency of the log files is improved.
In one embodiment, the log audit server may further obtain a verification request of the first audit server, obtain a corresponding log to be verified, and obtain a log file corresponding to the log to be verified from the object storage server; acquiring an information abstract corresponding to the log to be checked from the block chain; and verifying the log file according to the information abstract, and obtaining an anti-tampering verification result of the log to be verified stored in the object storage server according to the verification result.
According to the scheme, when the log audit server carries out audit, the log file is subjected to tamper-proof verification according to requirements, and therefore the expandability of the log tamper-proof verification system and the flexibility of tamper-proof verification are improved.
In one embodiment, the log tamper-resistant verification system further comprises a relational database. The relational database may be used to receive and store metadata information of the log file sent by the first server.
The metadata information may be meta information of the log file, data about describing data (data about data), and mainly information about describing data property (property), and is used to support functions such as indicating storage location, history data, resource lookup, file recording, and the like. The first server can extract the metadata information corresponding to the log file, store the metadata information in the relational database, realize the ordered management of the log file, and can quickly identify the storage state in the object storage server of the log file, thereby facilitating the resource search and matching.
In one embodiment, as shown in fig. 2, a log tamper-proof verification system is provided, wherein the system includes a log audit server FastAudit, a blockchain Fabric, a first server may be a log tamper-proof server (ethernallog), an object storage server may be an OSS, a relational database may be MySQL, and a second server may be a tamper-proof verification server, and the system includes a tamper-proof verification service (LogChecker), a log configuration service (configport), and a notification service (Informer).
The client side can encrypt and upload the log file to the log anti-tampering server through an encryption transmission protocol, the log anti-tampering server can verify the log file through a configured format verification module or a log audit server, the log file is uploaded to the object storage server after the log file is verified, and multi-copy backup is carried out on the object storage server to prevent loss. The object storage server is configured with an ACL policy, and both a person and a read-write operation of a log file in the object storage server need to be verified by the ACL policy, so that the log file is prevented from being operated by unauthorized persons.
The log tamper-resistant server can extract the log file and the meta information of the corresponding client, store the meta information in the to-be-related database, realize the ordered management of the log file, and facilitate the timely acquisition of the storage state of the log file.
The log tamper-proof server can calculate the message digests of the single log file by using an SHA256 algorithm, combine the message digests into a proposal block, send the proposal block to a block chain network, and realize the safe storage of the message digests by using the tamper-proof function of the block chain.
The log auditing server can obtain a verification request of the log tamper-resistant server, obtain a log to be verified corresponding to the verification request, and verify whether the log file is tampered.
The log configuration service of the tamper-proof verification server can configure matching conditions for log files needing to be verified, and send the acquired logs to be verified to the verification queue in real time. The second server can obtain the log to be checked from the queue at regular time to check for tampering prevention, and if the tampered log is found, the service Informer is notified to send out an alarm.
The tamper-resistant server checks the log to be checked, and can acquire a log file corresponding to the log to be checked from the object storage server; acquiring an information abstract corresponding to the log to be checked from the block chain; and verifying the log file according to the information abstract, and obtaining an anti-tampering verification result of the log to be verified stored in the object storage server according to the verification result.
In one embodiment, as shown in fig. 3, there is provided a method for tamper-proofing log, which is described by applying the method to the first server in fig. 1, and includes:
step S301, acquiring a log file uploaded by a client.
The first server may pre-configure the type of the log file that needs to be received, for example, the log file corresponding to a specific type of data operation. The client can upload the corresponding log file through the encrypted transmission protocol.
The first server can perform format verification on the obtained log file, and normalization of the obtained log file is improved.
In a specific implementation, the first server may obtain the log file uploaded by the client according to a pre-configured log file obtaining type. And all log files uploaded by the client can be acquired.
Step S202, the log file is sent to the object storage server for storage.
In a specific implementation, the first server may send the log file to the object storage server, and perform distributed storage without saving multiple copies of the log file.
Step S203, acquiring the information summary corresponding to the log file, generating a block containing the information summary, and sending the block to a block chain.
In a specific implementation, the first server may process the log file through an encryption algorithm, obtain information corresponding to the log file, shine, generate a block including the information digest, and send the block to the block chain for uplink processing.
According to the log anti-tampering processing method, the log file uploaded by the client is obtained, the log file is sent to the object storage server for storage, the block containing the information abstract of the log file is sent to the block chain storage, the log file is prevented from being damaged through multiple backup storages, the safety of the log file can be improved, the information abstract of the log file is sent to the block chain storage, the tamper resistance of the information abstract of the log file is achieved, the log file can be verified through the information abstract, and the log file anti-tampering efficiency is further improved.
In one embodiment, as shown in fig. 4, there is provided a method for tamper-proofing log processing, which is described by applying the method to the second server in fig. 1, and includes:
step S401, responding to the verification request, and acquiring a log to be verified corresponding to the verification request;
in a specific implementation, the second server may obtain a verification request of the first server or the third-party server, and obtain a log to be verified corresponding to the verification request.
Step S402, obtaining a log file corresponding to a log to be verified from an object storage server;
the log file may be stored to the object storage server through the first server.
In a specific implementation, the second service server may traverse the log file in the object storage server according to the identification information of the log to be verified, and obtain the corresponding log file therefrom.
For example, the second server may access the relational database according to the identification information of the log to be verified, obtain corresponding metadata information, and determine the log file from the object storage server according to the metadata information.
Step S403, obtain the information summary corresponding to the log to be checked from the blockchain.
The information summary may be generated by the first server according to the log file and stored in the block chain through the first server.
In a specific implementation, the second server may access the block chain according to the identification information of the log to be verified, and obtain the information summary corresponding to the log to be verified.
Step S404, the log file stored in the object storage server is subjected to tamper-proof verification according to the information abstract, and a tamper-proof verification result is obtained
In a specific implementation, the second server may process the log file according to an encryption algorithm used when the information digest is extracted to obtain a current information digest, and compare the current information digest with the information digest obtained on the block chain to obtain a tamper-proof verification result.
Step S405, if the anti-tampering check result is that the log file is tampered, an alarm notice is issued.
In a specific implementation, the second server may take different processing measures according to the tamper-proof verification result. And if the log file is found to be tampered, sending an alarm notice.
According to the scheme of the embodiment, the file to be verified corresponding to the verification request is obtained by responding to the verification request, the information abstract corresponding to the log to be verified is obtained from the block chain, the corresponding log file obtained from the object storage server is verified, and the accuracy of the anti-tampering verification of the log file is improved by using the tamper-proof property of the information abstract stored in the block chain.
In an embodiment, the step S401 of verifying the multiple logs to be verified that may be carried in the request includes the following steps:
adding a plurality of logs to be checked into a check queue; and accessing the check queue, sequentially obtaining each log to be checked in the check queue according to the adding sequence, and performing tamper-proof check on the current log to be checked.
In this embodiment, the check queue may be a real-time message queue, and the consumption is performed by using a first-in first-out principle. The second server may add a plurality of verification logs into the verification queue, and obtain each log to be verified according to the addition sequence for verification.
In the present disclosure, the second server may be configured to be in a subscription and release mode, and in the log configuration service of the second server, the matching condition for the log file to be verified may be configured, and the obtained log to be verified is sent to the verification queue in real time. The second server can obtain the log to be verified from the queue at regular time to perform tamper-proof verification, and if a tampered log file is found, an alarm is given out.
According to the technical scheme of the embodiment, the log to be verified is obtained in real time through the verification queue and is verified, real-time verification of the log file is achieved, and rapid identification and response to file tampering are improved.
It should be understood that although the various steps in the flow charts of fig. 3-4 are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least some of the steps in fig. 3-4 may include multiple steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, and the order of performing the steps or stages is not necessarily sequential, but may be performed alternately or alternatingly with other steps or at least some of the other steps or stages.
In one embodiment, as shown in fig. 5, there is provided a log tamper-proof processing apparatus, applied to a first server, the apparatus 500 including:
a log file obtaining module 501, configured to obtain a log file uploaded by a client;
an object storage module 502, configured to send the log file to an object storage server for storage;
the uplink module 503 is configured to obtain the information summary corresponding to the log file, generate a block including the information summary, and send the block to a block chain.
In one embodiment, as shown in fig. 6, there is provided a log tamper-proof verification apparatus, applied to a second server, the apparatus 600 including:
a log to be verified obtaining module 601, configured to respond to a verification request, and obtain a log to be verified corresponding to the verification request;
a verification log file obtaining module 602, configured to obtain a log file corresponding to the log to be verified from an object storage server; the log file is stored to the object storage server through a first server;
an information summary obtaining module 603, configured to obtain an information summary corresponding to the log to be checked from the blockchain; the information abstract is generated according to the log file and is stored to the block chain through a first server;
a verification result obtaining module 604, configured to perform tamper-resistant verification on the log file stored in the object storage server according to the information digest, to obtain a tamper-resistant verification result;
and an alarm notification module 605, configured to issue an alarm notification if the tamper-proof verification result indicates that the log file is tampered.
In one embodiment, if a plurality of logs to be verified are carried in the verification request; the log to be verified acquisition module comprises: the checking queue unit is used for adding a plurality of logs to be checked into a checking queue; and accessing the check queue, sequentially acquiring each log to be checked in the check queue according to the adding sequence, and performing anti-tampering check on the current log to be checked.
For specific limitations of the log tamper-resistant processing apparatus or the log tamper-resistant verification apparatus, reference may be made to the above limitations of the log tamper-resistant processing method or the log tamper-resistant verification method, which is not described herein again. Each module in the log tamper-proof processing device or the log tamper-proof verification device may be wholly or partially implemented by software, hardware, or a combination thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
The log tamper-proof processing method or the log tamper-proof verification method provided by the application can be applied to computer equipment, the computer equipment can be a server, and the internal structure diagram can be as shown in fig. 7. The computer device includes a processor, a memory, and a network interface connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, a computer program, and a database. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The database of the computer device is used for storing log file data. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a log tamper-resistant processing method and/or a log tamper-resistant verification method.
Those skilled in the art will appreciate that the architecture shown in fig. 7 is merely a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the computing devices to which the disclosed aspects apply, as particular computing devices may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
In one embodiment, a computer device is provided, comprising a memory and a processor, the memory having stored therein a computer program, the processor implementing the steps of the above-described method embodiments when executing the computer program.
In an embodiment, a computer-readable storage medium is provided, on which a computer program is stored which, when being executed by a processor, carries out the steps of the above-mentioned method embodiments.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database or other medium used in the embodiments provided herein can include at least one of non-volatile and volatile memory. Non-volatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical storage, or the like. Volatile Memory can include Random Access Memory (RAM) or external cache Memory. By way of illustration and not limitation, RAM can take many forms, such as Static Random Access Memory (SRAM) or Dynamic Random Access Memory (DRAM), among others.
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is specific and detailed, but not to be understood as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent application shall be subject to the appended claims.
Claims (11)
1. A log tamper-proof verification system, comprising: first server, second server, object storage server and block chain, wherein:
the first server is used for acquiring the log file uploaded by the client; sending the log file to an object storage server for storage; acquiring an information abstract corresponding to the log file, generating a block containing the information abstract, and sending the block to a block chain;
the second server is used for responding to a verification request, acquiring a log to be verified corresponding to the verification request, and acquiring a log file corresponding to the log to be verified from the object storage server; acquiring an information abstract corresponding to the log to be checked from the block chain; and verifying the log file according to the information abstract, and obtaining an anti-tampering verification result of the log file stored in the object storage server according to a verification result.
2. The system of claim 1, wherein the object storage server is further configured to obtain a read-write request of a client for the log file, perform permission check on the client according to a preconfigured operation permission, and execute a read-write operation for the log file if the permission check passes.
3. The system of claim 1, further comprising a log audit server, wherein the log audit server is configured to perform format check on the log file uploaded by the client according to a preset audit format;
and the first server is further used for sending the log file with qualified format verification to the object storage server for storage.
4. The system of claim 1, further comprising a relational database for receiving and storing metadata information of the log file sent by the first server; the relational database is used for being accessed by the second server to acquire the storage state of the log file.
5. A log tamper-resistant processing method is applied to a first server, and comprises the following steps:
acquiring a log file uploaded by a client;
sending the log file to an object storage server for storage;
and acquiring an information abstract corresponding to the log file, generating a block containing the information abstract, and sending the block to a block chain.
6. A log anti-tampering verification method is applied to a second server, and comprises the following steps:
responding to a verification request, and acquiring a log to be verified corresponding to the verification request;
acquiring a log file corresponding to the log to be verified from an object storage server; the log file is stored to the object storage server through a first server;
acquiring an information abstract corresponding to the log to be checked from the block chain; the information abstract is generated according to the log file and is stored to the block chain through a first server;
performing tamper-proof verification on the log file stored in the object storage server according to the information abstract to obtain a tamper-proof verification result;
and if the anti-tampering verification result is that the log file is tampered, issuing an alarm notice.
7. The method according to claim 6, wherein if there are a plurality of logs to be verified carried in the verification request, after the obtaining of the logs to be verified carried in the verification request, the method further comprises:
adding a plurality of logs to be checked into a check queue;
and accessing the check queue, sequentially acquiring each log to be checked in the check queue according to the adding sequence, and performing anti-tampering check on the current log to be checked.
8. A log tamper-resistant processing apparatus applied to a first server, the apparatus comprising:
the log file acquisition module is used for acquiring the log file uploaded by the client;
the object storage module is used for sending the log file to an object storage server for storage;
and the uplink module is used for acquiring the information abstract corresponding to the log file, generating a block containing the information abstract and sending the block to a block chain.
9. A log tamper-proof verification device is applied to a second server, and comprises the following components:
the log to be verified acquisition module is used for responding to a verification request and acquiring a log to be verified corresponding to the verification request;
the verification log file acquisition module is used for acquiring a log file corresponding to the log to be verified from the object storage server; the log file is stored to the object storage server through a first server;
the information abstract acquisition module is used for acquiring an information abstract corresponding to the log to be checked from the block chain; the information abstract is generated according to the log file and is stored to the block chain through a first server;
the verification result acquisition module is used for carrying out anti-tampering verification on the log file stored in the object storage server according to the information abstract to obtain an anti-tampering verification result;
and the alarm notification module is used for issuing an alarm notification if the anti-tampering check result indicates that the log file is tampered.
10. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor realizes the steps of the method of any of claims 5 to 7 when executing the computer program.
11. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method of any one of claims 5 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110405581.7A CN115221136A (en) | 2021-04-15 | 2021-04-15 | Log tamper-proof verification system, method and device and computer equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110405581.7A CN115221136A (en) | 2021-04-15 | 2021-04-15 | Log tamper-proof verification system, method and device and computer equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115221136A true CN115221136A (en) | 2022-10-21 |
Family
ID=83604666
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110405581.7A Pending CN115221136A (en) | 2021-04-15 | 2021-04-15 | Log tamper-proof verification system, method and device and computer equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115221136A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117176713A (en) * | 2023-06-12 | 2023-12-05 | 广州番禺职业技术学院 | Data transmission method and system based on object storage system |
-
2021
- 2021-04-15 CN CN202110405581.7A patent/CN115221136A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117176713A (en) * | 2023-06-12 | 2023-12-05 | 广州番禺职业技术学院 | Data transmission method and system based on object storage system |
| CN117176713B (en) * | 2023-06-12 | 2024-03-19 | 广州番禺职业技术学院 | Data transmission method and system based on object storage system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110263585B (en) | Test supervision method, device, equipment and storage medium | |
| CN108304704B (en) | Authority control method and device, computer equipment and storage medium | |
| EP1927060B1 (en) | Data archiving method and system | |
| US11803461B2 (en) | Validation of log files using blockchain system | |
| US11907199B2 (en) | Blockchain based distributed file systems | |
| CN111355705A (en) | Data auditing and safety duplicate removal cloud storage system and method based on block chain | |
| CN115114305B (en) | Lock management method, device, equipment and storage medium for distributed database | |
| US10956204B1 (en) | Free-riding node identification for blockchain | |
| US11017110B1 (en) | Enhanced securing of data at rest | |
| US11853445B2 (en) | Enhanced securing and secured processing of data at rest | |
| CN112487042B (en) | Electric energy metering data processing method, device, computer equipment and storage medium | |
| US11868339B2 (en) | Blockchain based distributed file systems | |
| CA3139747A1 (en) | System and method for certifying integrity of data assets | |
| CN115221136A (en) | Log tamper-proof verification system, method and device and computer equipment | |
| CN111935068A (en) | Big data platform, server side thereof, security authentication system and method | |
| CN116756774A (en) | Secure storage control method and device for user data | |
| CN106326769B (en) | A kind of field monitoring information processing unit | |
| US20210067554A1 (en) | Real-time notifications on data breach detected in a computerized environment | |
| CN114240349A (en) | Ecological environment supervision method and system based on block chain | |
| CN112185535A (en) | Medical information safety management system based on block chain | |
| Reddy | Access control mechanisms in Big Data processing | |
| US12124595B2 (en) | Detecting unauthorized encryptions in data storage systems | |
| US20220269807A1 (en) | Detecting unauthorized encryptions in data storage systems | |
| CN118228286A (en) | File security management method and device, electronic equipment and computer storage medium | |
| Kemmerich et al. | Generation and handling of hard drive duplicates as piece of evidence |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |