CN115270110B

CN115270110B - Account inspection method and device, electronic equipment and storage medium

Info

Publication number: CN115270110B
Application number: CN202211178205.XA
Authority: CN
Inventors: 刘兵; 王天亮; 冯起凡; 王志彪
Original assignee: Beijing Shengborun High Tech Co ltd
Current assignee: Beijing Shengborun High Tech Co ltd
Priority date: 2022-09-27
Filing date: 2022-09-27
Publication date: 2023-01-03
Anticipated expiration: 2042-09-27
Also published as: CN115270110A

Abstract

The application relates to an account inspection method, an account inspection device, electronic equipment and a storage medium, and relates to the field of account inspection. Acquiring resource information of a local account, performing first inspection on the local account according to the resource information of the local account, and determining password state information and communication state information corresponding to the local account; determining a privileged account from the determined local accounts which are communicated with the normal password and are not empty passwords, and determining the associated information of the target account in the corresponding host equipment through the privileged account; performing second inspection according to the resource information of the local account and the associated information of the target account, and determining other state information corresponding to the local account and the target account; and determining the account to be managed based on the password state information, the communication state information and other state information corresponding to the local account and other state information corresponding to the target account. The method and the device have the effect of improving the account inspection efficiency.

Description

Account inspection method and device, electronic equipment and storage medium

Technical Field

The present disclosure relates to the field of account checking technologies, and in particular, to an account polling method, an account polling device, an electronic device, and a storage medium.

Background

When the account in the computer equipment is abnormal, the account is more easily attacked by lawless persons, the risk of account information leakage is increased, and further huge loss is generated. In the process of enterprise management, with the continuous expansion of enterprise business and scale, a large number of accounts exist in an enterprise, so that the management difficulty is increased.

In a traditional account management mode, after an account has a problem, a manager directly or remotely controls a host device where the account is located to check the problem of the account. Management personnel are required to make certain subjective judgment on the specific conditions of the account, determine the abnormal conditions of the account and eliminate the potential safety hazard of the account. This method requires that the administrator judge the problems of the account one by one, and the inspection efficiency is low.

Therefore, how to improve the account checking efficiency is a problem to be solved in the field.

Disclosure of Invention

In order to improve account inspection efficiency, the application provides an account inspection method, an account inspection device, electronic equipment and a storage medium.

In a first aspect, the present application provides an account inspection method, which is implemented by an electronic device, and adopts the following technical scheme:

an account polling method comprises the following steps:

acquiring resource information of a local account, wherein the resource information of the local account comprises names, passwords, ip addresses and ports of a plurality of local accounts which are locally stored;

performing first routing inspection based on the resource information of the local accounts to determine communication state information and password state information corresponding to each local account, wherein the communication state information comprises normal communication and abnormal communication, and the password state information comprises an empty password and a non-empty password;

determining all privileged accounts from all the determined local accounts which are communicated with the normal password and are not empty passwords, wherein the privileged accounts are accounts which have the authority of acquiring information of all target accounts in the host equipment where the privileged accounts are located, and the target accounts are accounts which can log in the host equipment where the privileged accounts are located;

for each privileged account, determining association information for all target accounts corresponding to the privileged account;

performing second routing inspection on the basis of the resource information of the local account and the associated information of all target accounts corresponding to all privilege accounts respectively to determine each local account and other state information corresponding to each target account respectively, wherein the other state information comprises ghost information, zombie information, password potential safety hazard information and authority change information;

and determining all the accounts to be managed based on the communication state information, the password state information and other state information of all the local accounts and other state information of all the target accounts corresponding to all the privileged accounts.

By adopting the technical scheme, the first inspection is carried out according to the acquired resource information of the local accounts, and the communication state information and the password state information existing in each local account are determined. And meanwhile, according to the determined local account which is communicated with the normal password and is not empty, the privileged account which can acquire the target account information in the host equipment is determined, the query range of the privileged account is narrowed, and the inspection rate is improved. And determining the associated information of the target account in the host equipment corresponding to the privileged account according to all the privileged accounts, performing second inspection according to the resource information of the local account and the associated information of the target account, and determining other abnormal information of the account. And performing high-speed repeatability inspection on all accounts, judging the state information of each account in each inspection in a short time, and improving the account inspection efficiency.

In a possible implementation manner, determining, based on the resource information of the local accounts, link status information corresponding to each local account includes:

determining network information corresponding to all local accounts based on ip addresses and ports of all local accounts of the resource information of the local accounts, wherein the network information comprises network normality and network abnormality;

and determining login information corresponding to all local accounts with normal networks based on the names and the passwords of all local accounts with normal networks in the resource information of the local accounts, wherein the login information comprises normal login and abnormal login, and the communication state information comprises network information and login information.

By adopting the technical scheme, whether the local account can be connected with the network of the corresponding host equipment or not is judged according to the ip address and the port of the local account, the network information of the local account is determined, the login information of the local account with normal network is judged according to the name and the password of the local account with normal network, the account inspection range of repeated operation is reduced, and the account inspection efficiency is improved.

In one possible implementation, determining all privileged accounts from all determined local accounts communicating a normal and non-null password comprises:

determining a current account from all local accounts which are communicated with normal passwords and are not empty passwords, and logging in host equipment where the current account is located based on resource information of the current account;

after the current account successfully logs in, sending preset request information to host equipment where the current account is located, wherein the preset request information is used for acquiring information of all target accounts in the host equipment corresponding to the current account;

acquiring return information which is sent by host equipment corresponding to the current account and corresponds to the request information;

judging whether the return information comprises information of all target accounts in the host equipment corresponding to the current account, and if so, determining the current account as a privileged account; if not, determining the current account as a non-privileged account;

and executing the judgment of the next normal local account login until all privileged accounts are determined.

By adopting the technical scheme, the current account is determined in the local accounts which are corresponding to any host device and are communicated with the normal and non-empty passwords, whether the current account is the privileged account of the host device is determined according to the return information of the host device, and then the next account is determined, so that the fact that all the local accounts which are communicated with the normal and non-empty passwords are judged to be privileged accounts can be ensured.

In one possible implementation, each host device corresponds to a unique set of named pipes, a set of named pipes comprising: an input named pipe for receiving request information, a first output named pipe for redirecting valid return information of the output host device, and a second output named pipe for redirecting invalid return information of the output host device;

after the current account is successfully logged in, sending preset request information to the host equipment where the current account is located, including:

after the current account is successfully logged in, sending preset request information to host equipment where the current account is located based on an input named pipeline corresponding to the current account;

correspondingly, the obtaining of the return information corresponding to the request information, which is sent by the host device corresponding to the current account, includes:

acquiring return information corresponding to the request information, which is sent by the host equipment corresponding to the current account, based on the output named pipeline corresponding to the current account; when the return information is valid, the output named pipeline is a first output named pipeline, and when the return information is invalid, the output named pipeline is a second output named pipeline.

By adopting the technical scheme, the communication with the host equipment is realized in a pipeline naming mode. The returned information is redirected through a named pipeline and is not directly output in the host equipment, so that the interference to the host equipment is reduced; meanwhile, effective and invalid return information is respectively output to different named pipelines, so that the difficulty of judging the content of the return information is reduced, and the judgment efficiency is improved.

In one possible implementation, the association information includes: the second routing inspection is performed based on the resource information of the local account and the associated information of all target accounts corresponding to all privilege accounts respectively, so as to determine each local account and other state information corresponding to each target account respectively, and the method comprises the following steps:

determining ghost information corresponding to all local accounts and all target accounts respectively based on the names of all the local accounts and the names of all the target accounts, wherein the ghost information comprises local ghost, asset ghost and non-ghost;

determining zombie information of all non-ghost accounts based on the last login time of all non-ghost accounts;

determining password potential safety hazard information of all non-ghost accounts based on the last secret changing time and the secret changing authority of all non-ghost accounts;

and determining authority change information of all the non-ghost accounts based on the belonged group of all the non-ghost accounts.

By adopting the technical scheme, the stored resource information of the local account and the associated information of the target account acquired from the host equipment at present are subjected to second inspection. Whether the account between the local account and the target account is different or not is determined, and whether the local ghost and the asset ghost exist or not is determined. And for accounts existing in both the local account and the target account, further inspection is carried out based on the associated information of the target account, and zombies, password potential safety hazards and authority change which cannot be judged by locally stored resource information are determined.

In a possible implementation manner, determining all accounts to be managed based on the connected state information, the password state information, and the other state information of all local accounts and the other state information of all target accounts corresponding to each of all privileged accounts includes:

the names of all the local accounts and all the target accounts are deduplicated, and a plurality of initial accounts to be managed are determined;

and determining the account to be managed based on the communication state information, the password state information and other state information of the plurality of initial accounts to be managed.

By adopting the technical scheme, the duplicate removal processing is carried out according to the name of the local account and the name of the target account, so that the information processing amount caused by repeated information is reduced, and the efficiency of determining the account to be managed is improved.

In a possible implementation manner, after determining the account to be managed based on the status information of the initial account to be managed, the method further includes:

determining the management type of the account to be managed based on the state information of the account to be managed, wherein the management type comprises account information editing, routing inspection information downloading and account confirmation;

and managing the account to be managed based on the management type.

By adopting the technical scheme, the management type corresponding to the account to be managed is determined based on the state information of the account to be managed, and the account to be managed is subjected to classified management according to the management type, so that the account management efficiency is improved.

In a second aspect, the application provides an account inspection device, which adopts the following technical scheme:

an account inspection device, comprising:

the system comprises a local account resource information acquisition module, a local account resource information acquisition module and a local account resource information acquisition module, wherein the local account resource information acquisition module is used for acquiring resource information of a local account, and the resource information of the local account comprises names, passwords, ip addresses and ports of a plurality of local accounts which are locally stored;

the first inspection module is used for performing first inspection on the basis of the resource information of the local accounts to determine communication state information and password state information corresponding to each local account, wherein the communication state information comprises normal communication and abnormal communication, and the password state information comprises an empty password and a non-empty password;

the privileged account determining module is used for determining all privileged accounts from all the determined local accounts which are communicated with the normal and non-empty passwords, wherein the privileged accounts are accounts which have the authority of acquiring all target account information in the host equipment where the privileged accounts are located, and the target accounts are accounts which can log in the host equipment where the privileged accounts are located;

the system comprises a target account associated information acquisition module, a privilege account management module and a privilege account management module, wherein the target account associated information acquisition module is used for determining associated information of all target accounts corresponding to the privilege accounts aiming at each privilege account;

the second inspection module is used for performing second inspection on the basis of the resource information of the local account and the associated information of all target accounts corresponding to all privilege accounts to determine each local account and other state information corresponding to each target account, wherein the other state information comprises ghost information, zombie information, password potential safety hazard information and authority change information;

and the account to be managed determining module is used for determining all accounts to be managed based on the communication state information, the password state information and other state information of all local accounts and other state information of all target accounts corresponding to all privileged accounts.

By adopting the technical scheme, the first routing inspection is carried out according to the acquired resource information of the local accounts, and the communication state information and the password state information existing in each local account are determined. And meanwhile, according to the determined local account which is communicated with the normal password and is not empty, the privileged account which can acquire the target account information in the host equipment is determined, the query range of the privileged account is narrowed, and the inspection rate is improved. And determining the associated information of the target account in the host equipment corresponding to the privileged account according to all the privileged accounts, performing second inspection according to the resource information of the local account and the associated information of the target account, and determining other abnormal information of the account. The method has the advantages that high-speed repeatability inspection is carried out on all accounts, the state information of each account in each patrol is judged in a short time, and the account inspection efficiency is improved.

In a possible implementation manner, when the first inspection module executes resource information based on the local accounts and determines the respective communication state information corresponding to each local account, the first inspection module is specifically configured to:

In a possible implementation manner, when the privileged account determination module determines all privileged accounts from all the determined local accounts communicating the normal and non-null passwords, the privileged account determination module is specifically configured to:

determining a current account from all local accounts which are normally communicated and are not provided with blank passwords, and logging in host equipment where the current account is located based on resource information of the current account;

In one possible implementation, each host device corresponds to a unique set of named pipes, and the set of named pipes includes: an input named pipe for receiving request information, a first output named pipe for redirecting effective return information of the output host device, and a second output named pipe for redirecting ineffective return information of the output host device;

when the privileged account determining module sends preset request information to the host device where the current account is located after the current account is successfully logged in, the privileged account determining module is configured to:

when the privileged account determination module executes the obtaining of the return information corresponding to the request information sent by the host device corresponding to the current account, the privileged account determination module is configured to:

acquiring return information which is sent by host equipment corresponding to the current account and corresponds to the request information based on the output named pipeline corresponding to the current account; when the return information is valid, the output named pipeline is a first output named pipeline, and when the return information is invalid, the output named pipeline is a second output named pipeline.

In a possible implementation manner, when the second inspection module performs the second inspection based on the resource information of the local account and the association information of all target accounts corresponding to all privilege accounts, so as to determine each local account and other state information corresponding to each target account, the second inspection module is specifically configured to:

determining password potential safety hazard information of all non-ghost accounts based on the last password changing time and password changing authority of all non-ghost accounts;

In a possible implementation manner, when the to-be-managed account determining module is executing, based on the link status information, the password status information, and other status information of all local accounts and other status information of all target accounts corresponding to all privileged accounts, to determine all to-be-managed accounts, the to-be-managed account determining module is specifically configured to:

In one possible implementation manner, the apparatus further includes:

the management type determining module is used for determining the management type of the account to be managed based on the state information of the account to be managed, wherein the management type comprises account information editing, routing inspection information downloading and account confirmation;

and the management module is used for managing the account to be managed based on the management type.

In a third aspect, the present application provides an electronic device, which adopts the following technical solutions:

the electronic device includes:

at least one processor;

a memory;

at least one application, wherein the at least one application is stored in the memory and configured to be executed by the at least one processor, the at least one application configured to: the above-described method is performed.

In a fourth aspect, the present application provides a computer-readable storage medium, which adopts the following technical solutions:

a computer-readable storage medium, on which a computer program is stored which, when executed in a computer, causes the computer to carry out the method described above.

In summary, the present application includes at least one of the following beneficial technical effects:

1. and performing first routing inspection according to the acquired resource information of the local accounts, and determining the communication state information and the password state information existing in each local account. And meanwhile, according to the determined local account which is communicated with the normal password and is not the empty password, the privileged account which can acquire the target account information in the host equipment is determined, the inquiry range of the privileged account is narrowed, and the inspection rate is improved. And determining the associated information of the target account in the host equipment corresponding to the privileged account according to all the privileged accounts, performing second inspection according to the resource information of the local account and the associated information of the target account, and determining other abnormal information of the account. And performing high-speed repeatability inspection on all accounts, judging the state information of each account in each inspection in a short time, and improving the account inspection efficiency.

2. And communicating with the host equipment by means of named pipes. The returned information is redirected through a named pipeline and is not directly output in the host equipment, so that the interference to the host equipment is reduced; meanwhile, effective and invalid return information is respectively output to different named pipelines, so that the difficulty of judging the content of the return information is reduced, and the judgment efficiency is improved.

3. And performing deduplication processing according to the name of the local account and the name of the target account, so that the information processing amount caused by repeated information is reduced, and the efficiency of determining the account to be managed is improved.

Drawings

Fig. 1 is a schematic flowchart of an account inspection method according to an embodiment of the present application.

FIG. 2 is a flowchart illustrating the determination of privileged accounts according to one embodiment of the present application.

Fig. 3 is a schematic flow chart of the account inspection device according to an embodiment of the application.

Fig. 4 is a schematic structural diagram of an electronic device in an implementation of the present application.

Detailed Description

The present application is described in further detail below with reference to fig. 1 to 4.

The present embodiment is only for explaining the present application, and it is not limited to the present application, and those skilled in the art can make modifications of the present embodiment without inventive contribution as needed after reading the present specification, but all of them are protected by patent law within the scope of the claims of the present application.

In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments in the present application without making any creative effort belong to the protection scope of the present application.

In addition, the term "and/or" herein is only one kind of association relationship describing an associated object, and means that there may be three kinds of relationships, for example, a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" herein generally indicates that the former and latter related objects are in an "or" relationship, unless otherwise specified.

The embodiments of the present application will be described in further detail with reference to the drawings attached hereto.

The embodiment of the application provides an account inspection method, which is executed by electronic equipment, wherein the electronic equipment can be a server or terminal equipment, the server can be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, and a cloud server for providing cloud computing service. The terminal device may be a smart phone, a tablet computer, a notebook computer, a desktop computer, and the like, but is not limited thereto, the terminal device and the server may be directly or indirectly connected through a wired or wireless communication manner, and an embodiment of the present application is not limited thereto, as shown in fig. 1, the method includes steps S101 to S106, where:

step S101, acquiring resource information of a local account, wherein the resource information of the local account comprises names, passwords, ip addresses and ports of a plurality of local accounts which are locally stored.

Specifically, the resource information of the local account is information already stored in the electronic device, and the resource information of the local account is actually account information generated after the user registers the account in the host device.

When detecting that the user triggers an account information collection test task, acquiring the resource information of the local account needing to be patrolled. In the embodiment of the present application, the resource information acquisition manners include two manners, static acquisition and dynamic matching acquisition. Therefore, in the static acquisition condition, acquiring the resource information of the local account comprises determining the information in the fixed resource, wherein the information of the fixed resource is the resource information of all local accounts corresponding to the host equipment and stored in the electronic equipment according to the host equipment, the fixed resource has a unique identifier, and the resource information of the local account under the fixed resource is acquired according to the unique identifier. In the case of dynamic matching acquisition, acquiring resource information of the local account includes: and matching and acquiring the resource information of the local account according to the user requirement. If the resource information of the local account containing '123' in the account name needs to be acquired, the local account containing '123' in the name needs to be inquired in the resource, and the corresponding resource information is determined according to the inquired local account meeting the condition.

Further, before acquiring the resource information of the local account, the method further includes: and configuring local account resource information. Specifically, the process of configuring the local account resource information may report: adding host information into the resources, wherein the host information is information of the host equipment to be inspected, and the host information comprises but is not limited to the name, type, ip address, brief description, department, system code and person in charge of the host equipment, wherein the type is the type of the host equipment operating system, such as windows2003; the department is a department of the host equipment in an enterprise or organization, such as the human department and the administrative department; after the host information is added, determining a maintenance Protocol of the host equipment corresponding to the host information, wherein the maintenance Protocol is determined according to the specific situation of the host equipment and comprises an account collection Protocol and a login test encryption Protocol, the account collection Protocol and the login test encryption Protocol respectively comprise a WinRPC (Windows Remote Procedure Call) Protocol and a WinRM (Windows Remote Management) Protocol, the WinRPC Protocol is used by default, if the WinRM Protocol is used, a port and a communication Protocol are selected, the default port is 5985, and the default communication Protocol is an HTTP (Hypertext Transfer Protocol) bottom layer Protocol; adding a plurality of local accounts, wherein the local accounts include but are not limited to domain accounts and accounts registered in host equipment, the ip address and the port of each local account are consistent with the host information of the host equipment where the local account is located, adding the name of each local account, determining the password of each local account through password test, and if the name and the password of each local account pass the password test, storing the password of each account in the resource information of each local account.

Step S102, based on the resource information of the local accounts, first routing inspection is carried out to determine communication state information and password state information corresponding to each local account, wherein the communication state information comprises normal communication and abnormal communication, and the password state information comprises an empty password and a non-empty password.

Specifically, according to the acquired resource information of the local account, a first routing inspection is performed. In the embodiment of the application, the password state information of all local accounts and the communication state information can be determined when the first routing inspection is carried out, the communication state information can be determined firstly, the password state information can be determined after the communication state information is normal, the communication state information and the password state information can be determined respectively, the embodiment of the application is not limited any more, and the user can select the password by self.

The password state information may include an empty password and a non-empty password, where the non-empty password includes a normal password and a weak password, and specifically, the password of each local account is determined to be an empty password, and if the password is empty, the password state information of the local account is determined to be an empty password; if the password is not null, determining that the password state information of the local account is a non-null password, judging whether the password of the local account of the non-null password accords with a preset check rule or not aiming at the local account of the non-null password so as to carry out weak password judgment, if the password does not accord with the preset check rule, determining that the password state information of the local account is a weak password, otherwise, determining that the password state information of the local account is a normal password. In the embodiment of the present application, the determining, by the weak password, the preset check rule includes: 1. the password at least comprises any two symbols of capital letters, lowercase letters, numbers and special symbols; 2. the password cannot be a common password, such as admin123 and root 01; 3. and if the password length is greater than or equal to the preset length and the local account password conforms to any one or more than one item, determining that the password state information of the account is a weak password.

The communication state information comprises normal communication and abnormal communication, the local account is normally logged in and the network is normal when the communication is normal, and otherwise, the communication is abnormal. Specifically, whether the network state information of the local account is normal or abnormal can be determined according to the ip address and the port of the local account; and determining whether the login state information of the local account is normal or abnormal according to the name and the password of the local account.

Step S103, determining all privileged accounts from all determined local accounts which are communicated normally and are not provided with the blank passwords, wherein the privileged accounts are accounts which have the authority of acquiring information of all target accounts in the host equipment where the privileged accounts are located, and the target accounts are accounts which can log in the host equipment where the privileged accounts are located.

Specifically, all privileged accounts are determined from all local accounts communicating a normal and non-null password. The privilege account is used for logging in the corresponding host equipment to obtain a target account in the host equipment, determining the privilege account from the local account which is determined by the first routing inspection and is communicated with the normal password and the non-empty password, and reducing the search range of the privilege account. In this embodiment, for windows operating systems, the privileged account is the administrator account. The local account is an account in one or more host devices which have stored information in the electronic device, the local account includes a privileged account, the privileged account is an account which has authority to acquire information of all target accounts in the host devices, each host device corresponds to a unique privileged account, the target account is all accounts which are currently existing in the host devices and acquired through the privileged account, and all the target accounts corresponding to the privileged accounts include the privileged account.

For any host device, determining a privileged account, performing the following steps: logging in the host equipment for a local account which is corresponding to any current host equipment and is communicated with a normal and non-empty password; acquiring the association information of a target account in the host equipment based on the current account; and judging whether the current account can acquire the associated information of the target account, if so, judging that the current account is a privileged account, and if not, judging that the next local account is normally communicated and has a non-empty password until determining the privileged account corresponding to the current host equipment. And then judging the privilege account corresponding to the next host device.

Step S104, aiming at each privilege account, determining the association information of all target accounts corresponding to the privilege accounts.

In the embodiment of the application, for any privileged account, message information is constructed according to resource information corresponding to the privileged account and preset timeout time information; and sending the corresponding message information and the corresponding acquisition command to the host equipment corresponding to the privileged account through the privileged account, and acquiring the associated information of all target accounts sent in the host equipment corresponding to the privileged account. It can be understood that the timeout information is a set response time of the host device of one minute, that is, if no corresponding return information is acquired within one minute, the process is ended. The overtime is used for avoiding the uncertainty of calling time caused by uncertain factors, avoiding the deadlocking of the process caused by long-time processing and ending the process exceeding the response time.

Specifically, for any privileged account, determining the associated information of the target account in the corresponding host device includes the following steps:

1. and determining two time format information based on the message information and the time format command, wherein the time format information is used for uniformly processing the time format. The time format information includes yyy/m/d, h: mm: ss, and the specific time format is not specifically limited in the present application.

2. And determining the account name in the management group in the host equipment of the privileged account based on the message information and the management group account acquisition command, wherein the account in the management group of the Windows system is an administrator account, namely the privileged account corresponding to the host equipment.

3. And determining the names of all target accounts in the host equipment where the privileged account is located based on the message information and other account acquisition commands.

4. And determining the associated information of all target accounts in the host equipment corresponding to the privileged account based on the message information and the associated information acquisition command, wherein the associated information comprises the name, the group to which the target account belongs, the last login time, the last encryption changing time and the encryption changing authority, and the last login time and the last encryption changing time are output in a unified format according to the time format information.

And S105, performing second inspection based on the resource information of the local accounts and the associated information of all target accounts corresponding to all privilege accounts to determine each local account and other state information corresponding to each target account, wherein the other state information comprises ghost information, zombie information, password potential safety hazard information and authority change information.

Specifically, the method and the device carry out secondary inspection, determine whether the stored local account is consistent with the target account in the current host equipment or not according to the second inspection, and judge ghost information of the local account and the target account; and determining zombie information, password potential safety hazard information and authority change information of the target account according to the acquired associated information of the target account.

Wherein ghost information includes: local ghost, asset ghost, and non-ghost. Wherein the local ghost: an account present in the local account and not present in the target account; an asset ghost: an account that exists in the target account but does not exist in the local account; non-ghost: an account that exists in both the local account and the target account.

Zombie information includes: and (4) a zombie, wherein the zombie is an account with the unregistered time being more than or equal to the preset first time, such as three months.

The password security hidden danger information comprises: and password safety hazard, wherein the password safety hazard is an account with the current password use time more than or equal to a preset second time, such as three months.

The right change information includes: and (4) changing the authority into the account of which the group to which the account belongs is changed.

Step S106, all the accounts to be managed are determined based on the communication state information, the password state information and other state information of all the local accounts and other state information of all the target accounts corresponding to all the privileged accounts.

Specifically, according to the communication state information, the password state information and other state information corresponding to the local account and the target account, state information integration is performed according to the names of the local account and the target account, and the account to be managed is determined according to the state information. In this embodiment of the present application, the status information of the account to be managed includes: weak password, empty password, network exception, login exception, local ghost, asset ghost, zombie, permission change and password security risk. The local account is an account in the host device which has stored information in the electronic device, and the target accounts are all accounts stored in the current host device, so that the local account and the target account are overlapped, and the local account and the target account with the same name are considered to be the same account, and information is integrated according to the name of the account.

Therefore, according to the resource information of the obtained local accounts, the first routing inspection is carried out, and the communication state information and the password state information existing in each local account are determined. And meanwhile, according to the determined local account which is communicated with the normal password and is not empty, the privileged account which can acquire the target account information in the host equipment is determined, the query range of the privileged account is narrowed, and the inspection rate is improved. And determining the associated information of the target account in the host equipment corresponding to the privileged account according to all the privileged accounts, performing second inspection according to the resource information of the local account and the associated information of the target account, and determining other abnormal information of the account. The method has the advantages that high-speed repeatability inspection is carried out on all accounts, the state information of each account in each patrol is judged in a short time, and the account inspection efficiency is improved.

Further, the first polling is performed on the local account, and the determination of the communication status information includes steps S1021 to S1022 (not shown in the drawings), where:

step S1021, determining network information corresponding to all local accounts based on ip addresses and ports of all local accounts of the resource information of the local accounts, wherein the network information comprises network normality and network abnormality.

Specifically, the network connection judgment for any local account includes: according to the ip address and the port of the local account, communicating host equipment corresponding to the local account, determining whether the network of the local account is communicated, and if the network communication is normal, determining that the network information of the local account is normal; and if the network cannot be normally communicated, determining that the network information of the local account is abnormal.

Step S1022, based on the names and passwords of all the local accounts with normal network in the resource information of the local accounts, determining login information corresponding to all the local accounts with normal network, where the login information includes normal login and abnormal login, and the communication status information includes network information and login information.

Specifically, for any local account with a normal network, logging in host equipment to which the local account belongs according to the name and the password of the local account, and if normal logging in can be performed, determining that the logging in information of the local account is normal; if the local account can not be normally logged in, determining that the login information of the local account is abnormal. In the embodiment of the present application, the case of abnormal login includes: a password error; the host equipment to which the local account belongs does not start remote login; the account is disabled; the encryption mode of resource allocation on the windows server is false; closing admin $bywindows resources; the python server is abnormal.

Therefore, according to the ip address and the port of the local account, whether the local account can be connected with the network of the corresponding host device or not is judged, the network information of the local account is determined, the login information of the local account with normal network is judged according to the names and the passwords of the local accounts with normal network, the account routing inspection range of repeated operation is narrowed, and the account routing inspection efficiency is improved.

Further, referring to fig. 2, fig. 2 is a schematic flowchart illustrating a process of determining a privileged account according to an embodiment of the present application, specifically, step S103 determines all privileged accounts from all determined local accounts with normal communication and non-null passwords, including step S1031 to step S1035, where:

and step S1031, determining a current account from all local accounts which are communicated with normal and non-empty passwords, and logging in the host equipment where the current account is located based on resource information of the current account.

Specifically, any local account which is communicated with the normal password and is not empty is determined, the local account is determined as the current account, and the corresponding host equipment is logged in through the resource information of the current account.

Step S1032, after the current account successfully logs in, sending preset request information to the host device where the current account is located, where the preset request information is used to obtain information of all target accounts in the host device corresponding to the current account.

In the embodiment of the application, the preset request information includes message information of the privileged account and a corresponding acquisition command, and specifically, send cmd request information to the host device corresponding to the current account through stdin, and after the host device corresponding to the current account receives the request information, if the host device corresponding to the current account uses the agent server, the host device preferentially uses the agent server to acquire the target account associated information. If the current account is a privileged account, the host device can acquire the association information of all target accounts; otherwise, the associated information of the target account cannot be acquired; the electronic device obtains the return information.

Step S1033, obtaining the return information corresponding to the request information sent by the host device corresponding to the current account.

Step S1034, judging whether the returned information includes the information of all target accounts in the host equipment corresponding to the current account, if so, determining the current account as a privileged account; if not, the current account is determined to be a non-privileged account.

And step 1035, executing judgment of the next local account with normal and non-empty password until all privileged accounts are determined.

Specifically, whether the returned information includes the associated information of the target account in the host device is judged, if the associated information of the target account can be acquired through the current account, the current account is determined to be the privileged account of the current host device, otherwise, the current account is not determined to be the privileged account, and the next local account which is normally communicated and is not empty passwords is judged until all privileged accounts are determined.

In one implementation, making the next determination of the local account that is connected to the normal and non-null password until all privileged accounts are determined may include: and taking the next local account with normal communication and non-empty password as a new current account, and circularly executing the steps S1031 to S1034 until all the local accounts with normal communication and non-empty password are judged so as to determine all the privileged accounts.

In another implementation, the determining the next local account that is connected to the normal and non-empty password until all privileged accounts are determined may include: if the current account is a privileged account, an account which is not the same as the current account in the same host device is selected from the remaining local accounts with normal communication and non-empty passwords as a new current account, and the steps S1031 to S1034 are executed in a circulating manner until all privileged accounts are determined.

Therefore, in the embodiment of the application, for any local account which is communicated with the normal password and is not communicated with the blank password and corresponds to any host device, the current account is determined, whether the current account is the privileged account of the host device is determined according to the return information of the host device, and then the next account is determined, so that the fact that all local accounts which are communicated with the normal password and are not communicated with the blank password are judged by the privileged account can be ensured.

Further, each host device corresponds to a unique set of named pipes, and the set of named pipes includes: an input named pipe for receiving request information, a first output named pipe for redirecting valid return information of the output host device, and a second output named pipe for redirecting invalid return information of the output host device;

after the login is successful, sending preset request information to the host equipment where the current account is located, including:

after login is successful, sending preset request information to host equipment where a current account is located based on an input named pipeline corresponding to the current account;

Specifically, in the embodiment of the present application, a named pipe for communicating with a host device where a current privileged account is located is established using a psexecsvc service, where the psexecsvc service serves as a redirector, and is used to redirect an output result of the host device to the named pipe for transmission to an electronic device, without being directly displayed on the host device. The psexecsvc service is used to launch interactive command prompt windows, such as ipconfig, whoami, in remote systems and remote support tools to display information about the remote system that cannot otherwise be displayed.

Wherein, determining the named pipe comprises the following steps: performing admin $ sharing of a resource based on an ipc $ pipe, wherein the ipc $ pipe is a resource on windows for sharing a named pipe, the named pipe is opened for inter-process communication, in the embodiment of the present application, the ipc $ pipe is used for creating the named pipe, the admin $ is a system directory sharing, and is one of system default sharing, and the default sharing includes: all logic shares (c $, d $, e $ 8230; \8230;) are shared with the system catalog winnt or windows (admin $); based on an ipc $ pipeline, installing psexecsvc service in host equipment where a current privilege account is located, and writing the psexecsvc service into a shared directory of the host equipment, namely, a c: \ windows; calling an svcctl service based on the ipc $ pipeline, starting the installed psexecsvc service through DCE/RPC of the svcctl service, and deleting the svcctl service and corresponding files after the execution of the svcctl service is completed; four named pipes are generated based on the psexecsvc service creation for information transfer between the electronic device and the host device, and the four named pipes comprise: the system comprises a main service channel used for sending a psexecsvc service task message request to host equipment, a standard input Stdin channel used for redirecting information input into the host equipment, a standard output Stdout channel used for redirecting return information output from the host equipment, and a standard error output Stderr channel used for redirecting return information output from the error output host equipment. The electronic equipment sends a command requesting for acquiring the host equipment information to the host equipment through the standard input stdin, executes the command in the host equipment, calls the redirected standard output stdout if the execution is successful, and sends the return information to the electronic equipment; if the execution fails, calling the redirected standard error output stderr, and sending the return information to the electronic equipment.

Specifically, based on the privileged account, the request information is sent to the host device for execution through the standard output stdin named pipe, an execution result is obtained, and if the execution is successful, the execution result (namely, return information) is returned through the standard output stdout named pipe; if the execution fails, the stderr named pipeline is output in a standard error mode, and an execution result is returned.

Specifically, if the execution is successful, the host device calls the redirected standard output stdout named pipe, the host device returns the result to the electronic device, and if the execution is failed, the host device calls the redirected standard error stderr named pipe, and returns the result to the electronic device. And the electronic equipment processes and analyzes the returned result of the cmd polling command and determines the returned information. Updating the polling execution state and ending the service calling.

Therefore, the embodiment of the application communicates with the host device in a pipeline naming mode. The returned information is redirected through a named pipeline and is not directly output in the host equipment, so that the interference to the host equipment is reduced; meanwhile, effective and invalid return information is respectively output to different named pipelines, so that the difficulty of judging the content of the return information is reduced, and the judgment efficiency is improved.

Further, the association information includes: the name, the group to which the target account belongs, the last login time, the last encryption time and the encryption permission of the target account are based on the resource information of the local account and the association information of all target accounts corresponding to all privileged accounts, and a second round is performed to determine each local account and other state information of the account corresponding to each target account, including steps S1051-S1054 (not shown in the attached figures), wherein:

step S1051, determining ghost information corresponding to all local accounts and all target accounts respectively based on the names of all local accounts and the names of all target accounts, wherein the ghost information comprises local ghost, asset ghost and non-ghost.

Specifically, based on the names of all local accounts and the names of all target accounts, ghost information corresponding to the accounts is determined. And determining that the ghost information of the local account is a local ghost by the account which exists in the local account and does not exist in the target account. And determining the ghost information of the target account as the asset ghost of the account which does not exist in the local account and exists in the target account. And for the account name existing in the local account and also existing in the target account, determining that the ghost information of the account is not ghost.

And step S1052, determining zombie information of all the non-ghost accounts based on the last login time of all the non-ghost accounts.

Specifically, according to the last login time of the non-ghost account, a time difference value between the last login time and the current inspection time is determined, and if the difference value is larger than or equal to a preset time, for example, 90 days, zombie information of the target account is determined.

And S1053, determining the password safety hidden danger information of all the non-ghost accounts based on the last secret changing time and the secret changing authority of all the non-ghost accounts.

Specifically, the difference value between the last secret-changing time of the target account and the current inspection time is determined according to the last secret-changing time and the secret-changing authority of the non-ghost target account, and if the difference value is larger than or equal to the preset time, such as 90 days, or the secret-changing authority of the target account is in a closed state, the password potential safety hazard information of the target account is determined.

And step S1054, determining authority change information of all target accounts based on the belonging group of all non-ghost accounts.

Specifically, whether the affiliated group of the target account is the same as the recorded information or not is determined according to the affiliated group of the non-ghost target account, if the affiliated group is changed, the corresponding authority of the target account is considered to be changed, and the authority change information of the target account is determined for accounts in the same affiliated group with the same authority.

Further, based on the link status information, password status information, and account other status information of all local accounts, and account other status information of all target accounts corresponding to all privileged accounts, determining all accounts to be managed, including step S1061-step S1062 (not shown in the drawings), wherein:

step S1061, the names of all local accounts and all target accounts are deduplicated, and a plurality of initial accounts to be managed are determined.

In the embodiment of the application, the local account and the target account with the same name are the same account, and the repeated information corresponding to the same account is removed according to the name of the account. And performing duplicate removal processing according to the place name of the local account and the name of the target account, and determining all the accounts which are inspected in the inspection process.

Further, the removing the duplicate of the names of all the local accounts and all the target accounts, and the determining the plurality of initial accounts to be managed may include: acquiring device identifications and device versions of host devices corresponding to all local accounts and all target accounts; judging whether the account name of the same equipment is sensitive to case or not according to the equipment version of the same equipment identifier; if so, the upper case account name and the lower case account name are used as the same account name to complete the duplicate removal. For example, an administer of an administer is considered not to be the same account when the device version is case sensitive.

Step S1062, determining the account to be managed based on the communication state information, the password state information and other state information of the plurality of initial accounts to be managed.

After the deduplication is performed, no duplicate account exists in the plurality of initial accounts to be managed, and the status information of each initial account to be managed includes: the state information of the communication, the password state information and the other state information of the account. For occurrences in the status information: and determining an initial account to be managed of at least one state information of the empty password, the weak password, the network abnormity, the login abnormity, the local ghost, the asset ghost, the zombie, the authority change and the password safety hidden danger as the account to be managed.

Therefore, duplicate removal processing is performed according to the name of the local account and the name of the target account, information processing amount caused by repeated information is reduced, and efficiency of determining the account to be managed is improved.

Further, after determining the account to be managed based on the linked status information, the password status information and other status information of the plurality of initial accounts to be managed, the method further includes steps S201 to S202 (not shown in the drawings), wherein:

step S201, determining the management type of the account to be managed based on the communication state information, the password state information and other state information of the account to be managed, wherein the management type comprises account information editing, routing inspection information downloading and account confirmation.

And step S202, managing the account to be managed based on the management type.

Specifically, the connected state information, the password state information and other state information of the account to be managed are integrated into state information, wherein the state information is the connected state information or the password state information, and the other state information is the account to be managed of the local ghost, and the state information of the account to be managed is determined to be the local ghost. For the account of the local ghost, because the local ghost is only stored in the electronic equipment and does not exist in the host equipment, the state information of the account, such as a weak password, determined in the first patrol is meaningless, the state information is simplified, and the accuracy of the state information of the account to be managed is improved.

Further, in the embodiment of the application, for the account to be managed, the state information of which is a null password, a weak password, a network exception, a login exception, a zombie, a permission change and password security risks, the corresponding management type is determined to be account information editing; for the account to be managed with the state information of local ghost and asset ghost, determining the corresponding management type as account confirmation; and determining the management type as polling information downloading for all the accounts to be managed. The account information editing comprises account attributes, account editing, password management and account logs. The account attribute can be used for viewing basic information of the account, such as a belonging group, a last encryption time, a last login time, an expiration time and the like. The account editing can edit and select the account type, the password changing permission, the set password and the confirmation password. Password management operable content includes login testing and password viewing; password management also includes what can be viewed: the last routing inspection result, the last encryption changing time, the encryption changing plan, the next encryption changing time, the historical passwords and the like. The account logs can be checked, and all the inspection logs of the account in the inspection process are included. The embodiments of the present application are not limited to specific viewable and operable contents in the editing of the account information. The inspection information downloading comprises account information downloading and account inspection information downloading. The account information downloading method comprises the steps of downloading the resource information of all local accounts and the associated information of target accounts which are inspected in the first inspection process and the second inspection process, and downloading the account inspection information which comprises the state information of all local accounts and target accounts which are inspected in the first inspection process and the second inspection process. Account validation management includes add, delete and ignore. Newly adding: and synchronizing the target account of the asset ghost into a local account, wherein the content of the newly added information comprises a password modification authority and password setting, and the password setting can be null or a stored password. And (3) deleting: the local account of the local ghost is deleted from the resource. Ignoring: the account is not displayed in the next round trip.

In the embodiment of the application, the inspection results are mutually independent. And after the current inspection is finished, generating a file in the electronic equipment and storing an inspection result, wherein the inspection result is the state information of the account to be managed. When the polling is needed again, the state information of the account under the same resource at the last time is deleted, and the resource information of the local account in the current electronic equipment is obtained again.

Therefore, the management type corresponding to the account to be managed is determined based on the state information of the account to be managed, the account to be managed is managed in a classified mode according to the management type, and the account management efficiency is improved.

The above embodiment introduces an account inspection method from the perspective of method flow, and the following embodiment introduces an account inspection device from the perspective of a virtual module or a virtual unit, which is described in detail in the following embodiment.

The embodiment of the application provides an account inspection device, as shown in fig. 3, account inspection device specifically can include:

the local account resource information acquiring module 301 is configured to acquire resource information of a local account, where the resource information of the local account includes names, passwords, ip addresses, and ports of a plurality of local accounts that are locally stored;

the first inspection module 302 is configured to perform first inspection based on the resource information of the local accounts to determine communication state information and password state information corresponding to each local account, where the communication state information includes normal communication and abnormal communication, and the password state information includes an empty password and a non-empty password;

the privileged account determining module 303 is configured to determine all privileged accounts from all determined local accounts which are communicated with the normal password and are not blank passwords, where the privileged accounts are accounts which have authority to acquire information of all target accounts in the host device where the privileged accounts are located, and the target accounts are accounts which can log in the host device where the privileged accounts are located;

a target account association information obtaining module 304, configured to determine, for each privileged account, association information of all target accounts corresponding to the privileged account;

a second inspection module 305, configured to perform a second inspection based on the resource information of the local account and the association information of all target accounts corresponding to all privilege accounts, so as to determine each local account and other state information corresponding to each target account, where the other state information includes ghost information, zombie information, password security risk information, and authority change information;

the account to be managed determining module 306 is configured to determine all accounts to be managed based on the communication status information, the password status information, and the other status information of all local accounts and the other status information of all target accounts corresponding to all privilege accounts.

In a possible implementation manner of the embodiment of the present application, when executing the resource information based on the local accounts and determining the respective communication status information corresponding to each local account, first inspection module 302 is configured to:

determining network information corresponding to all local accounts based on ip addresses and ports of all local accounts of resource information of the local accounts, wherein the network information comprises network normality and network abnormality;

In a possible implementation manner of the embodiment of the present application, when determining all privileged accounts from all determined local accounts logged normally, the privileged account determining module 303 is configured to:

judging whether the returned information comprises information of all target accounts in the host equipment corresponding to the current account, and if so, determining the current account as a privileged account; if not, determining the current account as a non-privileged account;

In a possible implementation manner of the embodiment of the present application, each host device corresponds to a unique group of named pipes, where the group of named pipes includes: an input named pipe for receiving request information, a first output named pipe for redirecting effective return information of the output host device, and a second output named pipe for redirecting ineffective return information of the output host device;

when the privileged account determining module 303 sends the preset request information to the host device where the current account is located after the current account is successfully logged in, the privileged account determining module is configured to:

when the privileged account determination module 303 is executing to acquire the return information corresponding to the request information sent by the host device corresponding to the current account, the privileged account determination module is configured to:

In a possible implementation manner of the embodiment of the present application, when the second inspection module 305 is configured to perform the second inspection based on the resource information of the local account and the association information of all target accounts corresponding to all privilege accounts, so as to determine each local account and other state information corresponding to each target account, the second inspection module is specifically configured to:

determining ghost information corresponding to all local accounts and all target accounts respectively based on the names of all local accounts and the names of all target accounts, wherein the ghost information comprises local ghosts, asset ghosts and non-ghosts;

and determining permission change information of all the non-ghost accounts based on the group to which all the non-ghost accounts belong.

In a possible implementation manner of the embodiment of the present application, when the to-be-managed account determining module 306 is configured to determine all to-be-managed accounts based on the communication status information, the password status information, and the other status information of all local accounts and the other status information of all target accounts corresponding to all privileged accounts, the to-be-managed account determining module is specifically configured to:

the method comprises the steps of removing duplication of names of all local accounts and all target accounts, and determining a plurality of initial accounts to be managed;

In a possible implementation manner of the embodiment of the present application, the apparatus further includes:

and the management module is used for managing the account to be managed based on the management type. It can be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working process of the apparatus described above may refer to the corresponding process in the foregoing method embodiment, and is not described herein again.

In an embodiment of the present application, an electronic device is provided, and as shown in fig. 4, an electronic device 400 shown in fig. 4 includes: a processor 401 and a memory 403. Wherein the processor 401 is coupled to the memory 403, such as via a bus 402. Optionally, the electronic device 400 may also include a transceiver 404. It should be noted that the transceiver 404 is not limited to one in practical applications, and the structure of the electronic device 400 is not limited to the embodiment of the present application.

The Processor 401 may be a CPU (Central Processing Unit), a general purpose Processor, a DSP (Digital Signal Processor), an ASIC (Application Specific Integrated Circuit), an FPGA (Field Programmable Gate Array) or other Programmable logic device, a transistor logic device, a hardware component, or any combination thereof. Which may implement or perform the various illustrative logical blocks, modules, and circuits described in connection with the disclosure. The processor 401 may also be a combination of computing functions, e.g., comprising one or more microprocessors, a combination of a DSP and a microprocessor, or the like.

Bus 402 may include a path that transfers information between the above components. The bus 402 may be a PCI (Peripheral Component Interconnect) bus, an EISA (Extended Industry Standard Architecture) bus, or the like. Bus 402 may be divided into an address bus, a data bus, a control bus, and the like. For ease of illustration, only one thick line is shown in fig. 4, but this does not represent only one bus or one type of bus.

The Memory 403 may be a ROM (Read Only Memory) or other type of static storage device that can store static information and instructions, a RAM (Random Access Memory) or other type of dynamic storage device that can store information and instructions, an EEPROM (Electrically Erasable Programmable Read Only Memory), a CD-ROM (Compact Disc Read Only Memory) or other optical Disc storage, optical Disc storage (including Compact Disc, laser Disc, optical Disc, digital versatile Disc, blu-ray Disc, etc.), a magnetic disk storage medium or other magnetic storage device, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer, but is not limited to these.

The memory 403 is used for storing application program codes for executing the scheme of the application, and the execution is controlled by the processor 401. Processor 401 is configured to execute application program code stored in memory 403 to implement the aspects illustrated in the foregoing method embodiments.

Wherein, the electronic device includes but is not limited to: mobile terminals such as mobile phones, notebook computers, digital broadcast receivers, PDAs (personal digital assistants), PADs (tablet computers), PMPs (portable multimedia players), in-vehicle terminals (e.g., in-vehicle navigation terminals), and the like, and fixed terminals such as digital TVs, desktop computers, and the like. But also a server, etc. The electronic device shown in fig. 4 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present application.

The present application provides a computer-readable storage medium, on which a computer program is stored, which, when running on a computer, enables the computer to execute the corresponding content in the foregoing method embodiments. Compared with the prior art, the method and the device for detecting the local account resource information perform first routing inspection according to the acquired resource information of the local account, and determine the communication state information and the password state information existing in each local account. And meanwhile, the normal local account is determined to be logged in, the privileged account capable of acquiring the target account in the host equipment is determined, the inquiry range of the privileged account is narrowed, and the inspection rate is improved. And determining the associated information of the target account in the host equipment corresponding to the privileged account according to all the privileged accounts, performing second inspection according to the resource information of the local account and the associated information of the target account, and performing inspection on other abnormal information of each account. High-speed repetitive operation is realized for each account, the state information of each account in each patrol is judged in a short time, and the account checking efficiency is improved.

It should be understood that, although the steps in the flowcharts of the figures are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and may be performed in other orders unless explicitly stated herein. Moreover, at least a portion of the steps in the flow chart of the figure may include multiple sub-steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, and the order of execution is not necessarily sequential, but may be performed alternately or alternately with other steps or at least a portion of the sub-steps or stages of other steps.

The foregoing is only a partial embodiment of the present application, and it should be noted that, for those skilled in the art, various modifications and decorations can be made without departing from the principle of the present application, and these modifications and decorations should also be regarded as the protection scope of the present application.

Claims

1. An account inspection method is characterized by comprising the following steps:

determining all privileged accounts from all the determined local accounts which are communicated with the normal password and are not empty passwords, wherein the privileged accounts are accounts which have the authority of acquiring all target account information in the host equipment where the privileged accounts are located, and the target accounts are accounts which can log in the host equipment where the privileged accounts are located;

determining all accounts to be managed based on the communication state information, the password state information and other state information of all local accounts and other state information of all target accounts corresponding to all privilege accounts;

the determining all accounts to be managed based on the communication status information, the password status information and the other status information of all local accounts and the other status information of all target accounts corresponding to all privilege accounts includes:

2. The account inspection method according to claim 1, wherein the determining communication state information corresponding to each local account based on the resource information of the local accounts comprises:

3. The account inspection method according to claim 1, wherein the step of determining all privileged accounts from all the determined local accounts with normal and non-null passwords comprises the steps of:

acquiring return information corresponding to the request information, which is sent by the host equipment corresponding to the current account;

4. The account inspection method according to claim 3, wherein each host device corresponds to a unique set of named pipes, and the set of named pipes comprises: an input named pipe for receiving request information, a first output named pipe for redirecting valid return information of the output host device, and a second output named pipe for redirecting invalid return information of the output host device;

after the current account is successfully logged in, sending preset request information to host equipment where the current account is located, including:

5. The account inspection method according to claim 1, wherein the associated information comprises: the name, the group to which the target account belongs, the last login time, the last encryption time and the encryption permission of the target account comprise:

performing a second round inspection based on the resource information of the local account and the association information of all target accounts corresponding to all privilege accounts respectively to determine other state information corresponding to each local account and each target account respectively, including:

6. The account inspection method according to claim 1, wherein after determining the account to be managed based on the communication status information, the password status information and other status information of the plurality of initial accounts to be managed, the method further comprises:

determining the management type of the account to be managed based on the communication state information, the password state information and other state information of the account to be managed, wherein the management type comprises account information editing, routing inspection information downloading and account confirmation;

and managing the account to be managed based on the management type.

7. An account inspection device, comprising:

the system comprises a local account resource information acquisition module, a local account resource information acquisition module and a local account resource information processing module, wherein the local account resource information acquisition module is used for acquiring resource information of a local account, and the resource information of the local account comprises names, passwords, ip addresses and ports of a plurality of local accounts which are locally stored;

the privileged account determining module is used for determining all privileged accounts from all the determined local accounts which are communicated with the normal and non-empty passwords, wherein the privileged accounts are accounts which have the authority of acquiring information of all target accounts in the host equipment where the privileged accounts are located, and the target accounts are accounts which can log in the host equipment where the privileged accounts are located;

the account to be managed determining module is used for determining all accounts to be managed based on the communication state information, the password state information and other state information of all local accounts and other state information of all target accounts corresponding to all privileged accounts;

when the account to be managed determining module is executing all-pass status information, password status information, and other status information based on all local accounts, and other status information of all target accounts corresponding to all privileged accounts, and determines all accounts to be managed, the account to be managed determining module is configured to:

8. An electronic device, comprising:

at least one processor;

a memory;

at least one application, wherein the at least one application is stored in the memory and configured to be executed by the at least one processor, the at least one application configured to: performing the method of any one of claims 1 to 6.

9. A computer-readable storage medium, having stored thereon a computer program which, when executed in a computer, causes the computer to perform the method of any one of claims 1 to 6.