CN115878238A - Operation and maintenance auditing method and pattern fort machine - Google Patents
Operation and maintenance auditing method and pattern fort machine Download PDFInfo
- Publication number
- CN115878238A CN115878238A CN202111165172.0A CN202111165172A CN115878238A CN 115878238 A CN115878238 A CN 115878238A CN 202111165172 A CN202111165172 A CN 202111165172A CN 115878238 A CN115878238 A CN 115878238A
- Authority
- CN
- China
- Prior art keywords
- tool
- maintenance
- linux
- user terminal
- target
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The embodiment of the application provides an operation and maintenance auditing method and a pattern fort machine, the method is applied to the pattern fort machine, a sandbox module is deployed in the pattern fort machine, and the method comprises the following steps: when a remote desktop connection relation is kept with a user terminal, desktop parameters of a Linux graphic desktop are sent to the user terminal, so that the user terminal can display the content of the Linux graphic desktop according to the desktop parameters, wherein the content of the Linux graphic desktop comprises at least one operation and maintenance tool which can be called through the sandbox module; receiving a tool calling request sent by the user terminal according to the content of the Linux graphic desktop; and running a target operation and maintenance tool in the at least one operation and maintenance tool through the sandbox module according to the tool calling request, so that the target operation and maintenance tool provides operation and maintenance services for the user terminal under the sandbox environment provided by the sandbox module. Therefore, the safety of the operation and maintenance auditing process can be improved.
Description
Technical Field
The application relates to the technical field of information security, in particular to an operation and maintenance auditing method and a graph bastion machine.
Background
According to the difference of the network facing users, the network can be classified, for example, into an intranet and an extranet, and the intranet can be classified into an office network and a production network. The production network may be referred to as a data center. Normally, the operation and maintenance staff will access the equipment in the data center to work with their respective server accounts. However, the number of devices in the data center is large, and account data corresponding to the devices is large, which makes management difficult.
The graphical bastion machine is a bastion machine which centrally releases graphical operation tools through a virtualization technology, records user operation behaviors in a graphical video mode, limits tools used by operation and maintenance, and can provide important technical guarantee for a safe operation and maintenance control process.
Currently, the graphics bastion machines on the market rely on the underlying Windows operating system. However, the Windows operating system itself has low security, frequently has bugs, and the security depends on microsoft corporation, and during the network protection period, the attack team tries to use Windows as the first breach to perform subsequent attacks. In addition, under the condition of using the graphical bastion machine of the Windows kernel, when facing a large amount of authorization, the graphical bastion machine is influenced by high license fee, and the security control range is limited to a small part of resources, so that great potential safety hazard exists.
Therefore, the problem of low safety exists in the operation and maintenance auditing process by adopting the graphical bastion machine of the Windows operating system at present.
Disclosure of Invention
The embodiment of the application provides an operation and maintenance auditing method and a graph bastion machine, and can solve the problem that the existing graph bastion machine is low in safety in the operation and maintenance auditing process.
In a first aspect, the embodiment of the application provides an operation and maintenance auditing method which is applied to a graphical bastion machine, wherein a sandbox module is deployed in the graphical bastion machine, and the method comprises the following steps: when a remote desktop connection relation is kept between the user terminal and the user terminal, desktop parameters of a Linux graphic desktop are sent to the user terminal, so that the user terminal can display the content of the Linux graphic desktop according to the desktop parameters, wherein the content of the Linux graphic desktop comprises at least one operation and maintenance tool which is allowed to be called through the sandbox module; receiving a tool calling request sent by the user terminal according to the content of the Linux graphic desktop; and running a target operation and maintenance tool in the at least one operation and maintenance tool through the sandbox module according to the tool calling request, so that the target operation and maintenance tool provides operation and maintenance services for the user terminal under the sandbox environment provided by the sandbox module.
In the method, in the operation and maintenance auditing process, when a tool calling request sent by the user terminal according to the content of the Linux graphical desktop is received, the target operation and maintenance tool is operated through a sandbox module deployed in the graphical bastion machine, so that the target operation and maintenance tool provides operation and maintenance services for the user terminal in a sandbox environment. Compared with Windows, the graphics bastion machine is based on a Linux operating system, the Linux kernel is open-source and supports high concurrency, the Linux kernel has higher safety, and the performance and stability of the Linux kernel are superior to those of the Windows kernel in a scene of simultaneous use of multiple users. In addition, because the source code of the Linux kernel is open, compared with Windows, the method can save the license fee, improve the processing limitation in the aspect of resource security management and control due to the high license fee of Windows in the prior art, and is favorable for carrying out comprehensive security management and control on various resources under the condition of adopting a Linux operating system, thereby improving the overall security. In addition, as the sandbox module capable of providing the sandbox environment is also deployed in the graphical bastion machine adopting the Linux operating system, a target operation and maintenance tool used by a user in operation and maintenance operation runs in the sandbox environment, and the target operation and maintenance tool provides service for the user in the sandbox environment, so that data isolation and operation isolation can be ensured, the safety is improved, and the safety under a high-concurrency scene can be ensured.
In a possible implementation manner, the running, by the sandbox module, a target operation and maintenance tool in the at least one operation and maintenance tool according to the tool call request includes: analyzing the tool calling request, and determining the tool type of the target operation and maintenance tool corresponding to the tool calling request; and calling the sandbox module to operate the target operation and maintenance tool in a mode of being matched with the tool type of the target operation and maintenance tool according to the tool type of the target operation and maintenance tool. Through the implementation mode, the graphical bastion machine can call the sandbox module to run the target operation and maintenance tool according to the tool type of the target operation and maintenance tool to be called and the type matching mode, can support running of different types of operation and maintenance tools, and is good in compatibility.
In a possible implementation manner, the invoking the sandbox module to run the target operation and maintenance tool in a manner matching the tool type of the target operation and maintenance tool according to the tool type of the target operation and maintenance tool includes: and when the tool type of the target operation and maintenance tool is a non-native tool of a Linux operating system, operating the target operation and maintenance tool through an application programming interface converter under a sandbox environment provided by the sandbox module. By the implementation mode, the non-native tool of the Linux operating system can be safely operated, the operation and maintenance tools of other operating systems can be safely operated in the Linux environment, and compatibility is improved. For example, when the target operation and maintenance tool is a Windows tool, the Windows environment can be used for safely accessing resources in the graphical bastion machine through the above embodiment, and under the condition of improving compatibility, safe operation and maintenance can be realized in a sandbox environment, and containerization expansion and contraction are supported.
In a possible implementation manner, the invoking the sandbox module to run the target operation and maintenance tool in a manner matching the tool type of the target operation and maintenance tool according to the tool type of the target operation and maintenance tool includes: and when the tool type of the target operation and maintenance tool is a native tool of a Linux operating system, operating the target operation and maintenance tool according to a native program execution method of a Linux graphic tool in a sandbox environment provided by the sandbox module. By the implementation mode, the Linux native tool can be safely operated in a sandbox environment, and safe operation and maintenance are realized.
In a possible implementation manner, before the receiving a tool call request sent by the user terminal according to the content of the Linux graphics desktop, the method further includes: when the operation and maintenance tool to be issued is a first graphic tool of a non-Linux operating system, converting an application programming interface instruction of the first graphic tool into a Linux instruction through an application programming interface converter to obtain a second graphic tool, wherein the second graphic tool is the Linux graphic tool; and issuing the second graphic tool through the sandbox module. By the implementation method, the graphics tool originally running in other operating system environments, such as the graphics tool running in the Windows operating system, can be released in the Linux environment through the sandbox module, and programs of other non-Linux operating systems can run in the Linux operating system through the application programming interface conversion technology. The implementation mode can be compatible with the safe release of various graphic tools, and is beneficial to realizing safe operation and maintenance.
In a possible implementation manner, the tool invocation request includes an operation and maintenance operation instruction, and the running of the target operation and maintenance tool in the at least one operation and maintenance tool through the sandbox module according to the tool invocation request includes: and calling the target operation and maintenance tool through the sandbox module to execute an operation and maintenance task corresponding to the operation and maintenance operation instruction, wherein the operation and maintenance task comprises at least one of data viewing, data operation and data downloading of target resource equipment. By the implementation mode, various operation and maintenance tasks can be safely executed in a sandbox environment.
In one possible implementation, the contents of the Linux graphics desktop further include a secure folder in the sandbox environment, and the method further comprises: when the operation and maintenance task indication is that a target resource is downloaded from the target resource device to the user terminal, determining that the user terminal has a sensitive operation behavior; checking and approving the sensitive operation behavior and downloading the sensitive operation behavior; when the sensitive operation behavior is checked and approved, the target resource is downloaded into the safe folder through the target operation and maintenance tool; and when the sensitive operation behavior passes the download approval, the target resource in the safe folder is sent to the user terminal after safe operation. Through the implementation mode, when a download request scene of a user is faced, the operation behavior of the user can be subjected to double approval, when the approval is only checked, data required by the user is redirected to the security folder in the sandbox environment and is not directly sent to the user terminal, the user can only check the required data from the security folder through the content of the Linux graphic desktop displayed on the user terminal but cannot directly download, and when the approval is carried out through downloading, the data required by the user in the security folder is sent to the user terminal after being subjected to security operation. This is favorable to data security, avoids the fortune dimension personnel to download the resource data at will, download illegally.
In a possible implementation manner, an auditing module is further deployed in the graph bastion machine, the auditing module includes a video recording service module, and the method further includes: when the remote desktop connection relation is kept with the user terminal, the video recording service module is called to record the user operation behavior of the user terminal to obtain a first video recording file; carrying out duplicate removal processing on each frame of image in the first video file according to a Hash algorithm; and adding an attribute label to each frame of image subjected to the deduplication processing. By the method, the storage space of the video files can be saved, and after the video files are processed based on the method, when the video files are examined, auditors can not search key operation and maintenance time points in a mode of continuously watching the video files one frame by one frame any more, required video data can be quickly determined through modes of label searching and character searching, and the audit efficiency of screen video data is favorably improved.
In one possible implementation manner, before the sending of the desktop parameters of the Linux graphics desktop to the user terminal, the method further includes: responding to an access request of the user terminal, and performing identity authentication on a target user corresponding to the user terminal according to the access request; and when the target user passes the identity authentication, establishing the remote desktop connection relation with the user terminal through a specified remote desktop protocol. By the embodiment, identity authentication and access authorization can be performed on the visitor of the graph bastion machine.
In a second aspect, an embodiment of the present application further provides a pattern fort machine, including: at least one processor; and at least one memory communicatively coupled to the processor; the memory has stored therein program instructions executable by the processor, the program instructions being capable of performing the method of the first aspect when executed by the processor.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to these drawings without inventive exercise.
Fig. 1 is a schematic view of an application scenario of a graphics fort machine according to an embodiment of the present application;
fig. 2 is a flowchart of an operation and maintenance auditing method according to an embodiment of the present application;
FIG. 3 is a flowchart of another operation and maintenance auditing method provided in an embodiment of the present application;
FIG. 4 is a flowchart of another operation and maintenance auditing method provided in the embodiments of the present application;
fig. 5 is an operation and maintenance processing schematic diagram in an application scenario provided in the embodiment of the present application;
FIG. 6 is a flowchart of another operation and maintenance auditing method provided in this application;
FIG. 7 is a partial flowchart of an operation and maintenance auditing method according to an embodiment of the present disclosure;
fig. 8 is a flowchart of a video recording processing procedure in an operation and maintenance auditing method according to an embodiment of the present application;
figure 9 is a structural block diagram of a pattern bastion machine provided by the embodiment of the application.
Detailed Description
In order to better understand the technical solution of the present application, the following detailed description is made with reference to the accompanying drawings. It should be understood that the embodiments described are only a few embodiments of the present application, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application. The terminology used in the embodiments of the present application is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in the examples of this application and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
As described in the background, most of the graphics bastion machines on the market today rely on the Windows operating system. For the existing Windows graphical bastion, a user terminal as an access party usually performs operation and maintenance work under the condition of remote connection with the Windows graphical bastion machine, and the operation and maintenance work is performed based on the content projected by a virtualization interface provided by the Windows graphical bastion machine. The Windows graphical bastion machine directly runs the Windows graphical tool corresponding to the user operation according to the operation of the user on the virtual interface, so that the user can access the target resource equipment through the Windows graphical tool on the Windows graphical bastion machine. The realization scheme of the virtual interface of the conventional graphical bastion machine comprises the following steps: the Windows-based virtualization mode provides a Windows remote desktop, the Citrix-based virtualization service mode provides a virtual interface, and the Windows-based virtualization application provides a virtual desktop.
The service license cost required by a graph bastion machine product using a Windows kernel is high, and for the circulation of an operator accessing resources, a graph tool used by operation and maintenance and operation and maintenance data, a unified network service gateway and a unified tool version are adopted to record a complete operation video so as to carry out real-time operation and maintenance safety control, but the method is limited by the influence of high license cost required by a large number of remote desktop authorization and operation authorization of the Windows graph bastion machine, the safety control of the resources is actually limited, and the security of a Windows operating system is low and frequent, so that the existing Windows based bastion machine scheme has the problem of low security. In addition, because the Windows operating system does not provide a corresponding interface for character auditing at no cost, the existing Windows-based graphical bastion machine is usually connected with a separate protocol bastion server for character auditing.
In view of the above, the inventor proposes the following embodiments to improve, and based on the technical solutions provided in the embodiments of the present application, the problem of high license cost and the problem of operation and maintenance security faced by the Windows-based graphics bastion machine in the prior art can be improved.
Referring to fig. 1, fig. 1 is a schematic view of an application scenario of a graphics bastion machine 200 according to an embodiment of the present disclosure.
As shown in fig. 1, the graphics bastion machine 200 provided by the embodiment of the present application is a graphics bastion machine 200 based on a Linux operating system, and may be referred to as a Linux graphics bastion machine 200. The graphical bastion machine 200 can provide services for a plurality of user terminals 100, for example, can provide operation and maintenance services for several user terminals 100 marked as A1, A2 and A3 respectively. Wherein any user terminal 100 after authorization can access the destination resource device 300 through the graph bastion machine 200, for example, the user terminal 100 marked as A1 can access several destination resource devices 300 marked as B1, B2, B3 through the graph bastion machine 200 after authorization by the graph bastion machine 200. Similarly, other user terminals 100 may access the destination resource devices 300 through the graph bastion machine 200 when authorized. The destination resource device 300 is a device for storing various resources, and different destination resources are stored in different devices, but in the present embodiment, the devices for storing these destination resources are collectively referred to as the destination resource device 300.
To enable the user terminal 100 to access the destination resource device 300 through the patterning device 200, the patterning device 200 issues a corresponding operation tool for accessing the destination resource device 300 on the patterning device 200 for operation and maintenance.
In the embodiment of the application, for the user terminal 100 accessing the graphics bastion 200, the operating system of the user terminal 100 may be a Windows, mac, linux, or other operating system other than Linux. The user terminal 100 can be deployed with a bastion client of a cross-terminal environment, and the user terminal 100 can establish an access connection relationship with the graphical bastion machine 200 of Linux through the bastion client. For the user terminal 100 whose operating system is not Linux, an instruction converter may be deployed to convert the non-Linux instruction into an instruction recognizable by the Linux operating system, and then send the instruction to the Linux graphics bastion 200 for processing.
The Linux graphics baster 200 can be based on an X86 processor architecture and can also be based on an ARM processor architecture.
The pattern bastion machine 200 is loaded with a bastion service module, a sandbox module, a desktop service module and an audit module. The bastion service module is used for providing a tool single sign-on service function, an operation and maintenance service control function and an automatic upgrading service function. The single sign-on function provides a convenient and fast access way for a user with multiple accounts, and can perform centralized management on the accounts of all the target resource devices 300. The sandbox module is used for providing a sandbox environment, issuing operation and maintenance tools and operating the issued operation and maintenance tools in the sandbox environment. The desktop service module is used for providing a Linux graphic desktop for a user, so that resources which are allowed to be accessed by the user, operation and maintenance tools which are allowed to be used by the user and personal folders which are allowed to be viewed by the user are graphically presented on the Linux graphic desktop. The auditing module is used for providing a video recording service function and a character auditing function.
The processor architecture of the destination resource device 300 may be an X86 architecture or an ARM architecture, and the destination resource device 300 is not limited in this application.
Through the Linux-based graphical bastion machine 200 provided by the embodiment of the application, the respective access of various types of user terminals 100 to various types of target resource devices 300 can be realized.
For any user terminal 100, the operation and maintenance operation can be performed on a lightweight Linux graphics desktop provided for the user terminal 100 by the graphics bastion machine 200. The graphical bastion machine 200 obtains the operation behavior of the user terminal 100 by receiving and identifying the operation of the user terminal 100 based on the Linux graphical desktop, so as to call the sandbox module, and operate the corresponding operation and maintenance tool in the sandbox environment provided by the sandbox module, so that the user terminal 100 can access the target resource device 300 through the operation and maintenance tool operated in the sandbox environment. The sandbox environment can ensure data isolation, operation isolation and operation and maintenance tool isolation among different users.
Referring to fig. 2, fig. 2 is a flowchart of an operation and maintenance auditing method according to an embodiment of the present application. The method is applied to the graph bastion machine, and an operating system of the graph bastion machine is Linux and runs based on a Linux operating system. A sandbox module is deployed in the graphical bastion machine. The pattern bastion machine can be a server or a server cluster.
As shown in fig. 2, the operation and maintenance auditing method includes:
s110: and when the remote desktop connection relation is kept with the user terminal, sending desktop parameters of a Linux graphic desktop to the user terminal so that the user terminal can display the content of the Linux graphic desktop according to the desktop parameters, wherein the content of the Linux graphic desktop comprises at least one operation and maintenance tool which is allowed to be called through the sandbox module.
As shown in fig. 3, before S110, the method may include:
s101: and responding to the access request of the user terminal, and performing identity verification on a target user corresponding to the user terminal according to the access request.
S102: and when the target user passes the identity authentication, establishing the remote desktop connection relation with the user terminal through a specified remote desktop protocol.
Therefore, the identity authentication and access authorization can be carried out on the visitor of the graph bastion machine.
In an application scenario, a user terminal may initiate an access request to a Linux graphics bastion server through an RDP (Remote Desktop Protocol), and the server of the graphics bastion may perform identity verification on a target user corresponding to the user terminal according to the access request, for example, verify the identity of the target user by using a specified authentication interface. And after the identity authentication is passed, establishing a remote desktop connection relation with the user terminal through an RDP protocol. The RDP protocol is a multi-channel telnet protocol provided by microsoft corporation. The application does not limit the specific authentication process.
Each user terminal can establish a Remote Desktop connection relation with the graphical bastion server through an RDP protocol, each user terminal can establish a Remote Desktop connection relation with the Linux graphical bastion server through a Microsoft Remote Desktop client published by Microsoft, and accordingly each user terminal can input an account and a password on the Remote Desktop client to log in a user, and the graphical bastion machine is accessed remotely.
Under the condition that the user terminal and the graph bastion machine keep a remote desktop connection relation, the graph bastion machine can grant the authority of remote desktop display to the user terminal through an RDP protocol, desktop parameters related to the user terminal can be determined through a Linux desktop service module deployed in the graph bastion machine, and the desktop parameters are parameters for describing desktop contents. And the graphics bastion machine sends the desktop parameters to the user terminal through the RDP protocol, so that the content of the Linux graphics desktop is displayed by the desktop parameters received by the user terminal through the RDP protocol.
The Linux graphic desktop is a customized lightweight Linux desktop provided by the graphic bastion machine for a target user corresponding to the user terminal, and the content displayed in the desktop may include graphically presented content: common Linux office software with high use frequency, at least one operation and maintenance tool published and allowed to be accessed by the target user, and a safe folder created for the target user. If the tools are distinguished according to the types of devices that can be operated by the tools, at least one operation and maintenance tool here may include a graphics tool for operating a host class, a graphics tool for operating a database class, a graphics tool for operating a network element resource class, and a graphics tool for operating a Web server class. In the embodiments of the present application, the graphic tool refers to a tool capable of being presented in a graphical manner, and is generally referred to as a shortcut or a launcher. If the tools are distinguished according to the operating systems corresponding to the tools, at least one operation and maintenance tool here may include a native tool of a Linux operating system and a non-native tool of the Linux operating system.
Under the condition that the graphics fort machine sends desktop parameters of a Linux graphics desktop to the user terminal and the user terminal starts to remotely display the Linux graphics desktop of the graphics fort machine, the graphics fort machine can start user behavior monitoring functions, including starting a screen recording function and a user behavior identification function, so that the operation and maintenance operation behaviors of a target user are recorded and monitored in the whole process.
Under the condition that the user terminal and the graphical bastion machine are in a remote desktop connection relation, the user terminal has the authority of accessing the graphical bastion machine, and if operation and maintenance tools issued on the graphical bastion machine need to be called continuously, single sign-on of the operation and maintenance tools needs to be carried out through the graphical bastion machine. In the embodiment of the application, the Linux-based graphical bastion machine supports single sign-on.
Based on the foregoing S110, S120 may be performed.
S120: and receiving a tool calling request sent by the user terminal according to the content of the Linux graphic desktop.
The user can operate on the Linux graphic desktop displayed on the user terminal through the content of the Linux graphic desktop displayed on the user terminal. The operation and maintenance user can click and start an icon of one operation and maintenance tool displayed on a desktop on a Linux graphic desktop displayed on a user terminal so as to initiate a tool calling request for the operation and maintenance tool, and can click and start operation on operation and maintenance software displayed on the desktop through the Linux graphic desktop displayed on a specific client window or browser page so as to initiate the tool calling request for the operation and maintenance tool. The tool invocation request can comprise a single sign-on request of a target user.
The graph bastion machine can obtain input information of input equipment such as a mouse, a keyboard and the like of the user terminal through the connection relation of the remote desktop, and the input information is combined and analyzed with corresponding desktop parameters, so that the operation behavior of a user can be known. The graph bastion machine can receive a tool calling request sent by a user terminal according to the content of the Linux graph desktop through an RDP protocol, and therefore a single sign-on request is obtained. Based on the single sign-on request, the graphical bastion machine can call a bastion service module deployed in the graphical bastion machine, grant single sign-on permission to a target user corresponding to the user terminal, and can call a sandbox module to provide a sandbox running environment of an operation and maintenance tool through the sandbox module.
Based on the foregoing S120, S130 may be performed.
S130: and running a target operation and maintenance tool in the at least one operation and maintenance tool through the sandbox module according to the tool calling request, so that the target operation and maintenance tool provides operation and maintenance services for the user terminal under the sandbox environment provided by the sandbox module.
Regarding the sandbox mentioned in the embodiments of the present application: the Sandbox is a virtual system program, can provide a safe and credible virtual execution environment, can provide an independent isolated operation environment for a user, and can delete changes generated by running a program in a Sandbox environment without permanently influencing a hard disk.
In the embodiment of the application, the Linux-based graphical bastion machine has the function of publishing various operation and maintenance tools, wherein various operation and maintenance tools can be published through the sandbox module, and for the published various operation and maintenance tools, application programs corresponding to the operation and maintenance tools are allowed to run in the sandbox environment.
After the graphical bastion machine receives a tool calling request of a user terminal, a target operation and maintenance tool corresponding to the tool calling request can be called through the sandbox module, single sign-on of a target user to the target operation and maintenance tool is carried out under the sandbox environment provided by the sandbox module based on single sign-on permission granted to the target user, and after the single sign-on is completed, the target operation and maintenance tool running under the sandbox environment can execute operation and maintenance tasks based on operation and maintenance operation behaviors of the user on a Linux graphical desktop on the user terminal, so that operation and maintenance services are provided for the user terminal under the sandbox environment.
As an embodiment, the tool call request may include an operation and maintenance operation instruction, and S130 may include: and calling the target operation and maintenance tool through the sandbox module to execute an operation and maintenance task corresponding to the operation and maintenance operation instruction, wherein the operation and maintenance task comprises at least one of data viewing, data operation and data downloading of target resource equipment. Therefore, various operation and maintenance tasks can be safely executed in the sandbox environment.
The target resource device may include a host resource server, a database resource server, a network element resource device, and a Web application server.
Regarding to S110 to S130, in an application scenario, a user terminal is in communication connection with a Linux graphical bastion through a bastion client of a cross-terminal environment deployed on the user terminal, and after a target user of the user terminal passes identity authentication, the Linux graphical bastion establishes a remote desktop connection relationship with the user terminal based on an RDP protocol. The Linux graphics bastion machine provides desktop parameters of the Linux graphics desktop for the target user through the deployed Linux desktop service module. The Linux graphical bastion machine obtains a tool calling request according to the operation of a target user on a user terminal, and selects to start and operate a corresponding target operation and maintenance tool in a sandbox environment according to specific parameters of the tool calling request. After the target operation and maintenance tool is started, the operation and maintenance connection relation with the corresponding target resource equipment can be established according to the single sign-on permission of the target user, so that the user can access the target resource equipment through the target operation and maintenance tool. The operation and maintenance target tool can be operated and the operation and maintenance task can be executed on the graphical bastion machine based on the tool calling request, and the operation and maintenance target tool can be remotely displayed on the user terminal in a graphical mode. The target user can continue operation and maintenance operation on the graphical target operation and maintenance tool according to the content displayed on the user terminal, the Linux graphical bastion machine analyzes and identifies the operation and maintenance operation behaviors of the user, the operation instruction corresponding to the operation and maintenance operation behaviors can be forwarded to the target resource device through the target operation and maintenance tool, so that the target resource device serving as the accessed party executes the corresponding operation instruction, and result data obtained after the operation instruction is executed is returned to the Linux graphical bastion machine.
In the method of S110 to S130, in the operation and maintenance auditing process, when receiving a tool call request sent by the user terminal according to the content of the Linux graphics desktop by the graphics fort machine based on the Linux operating system, the target operation and maintenance tool is operated by the sandbox module deployed in the graphics fort machine, so that the target operation and maintenance tool provides operation and maintenance services for the user terminal in the sandbox environment. Compared with a Windows bastion machine, the graphics bastion machine is a Linux operating system, the Linux kernel is open-source, high concurrency is supported, the Linux kernel is more safe, and the performance and stability of the Linux kernel are superior to those of the Windows kernel in a scene of simultaneous use of multiple users. In addition, because the source code of the Linux kernel is open, compared with the bastion machine of Windows, the Linux-based graphics bastion machine can save license fees, so that the processing limitation in the aspect of resource security management and control due to the high license fees of Windows in the prior art can be improved, and under the condition of adopting a Linux operating system of the graphics bastion machine, the comprehensive security management and control on various resources are facilitated, and the overall security is improved. In addition, as the sandbox module capable of providing the sandbox environment is also deployed in the graphical bastion machine adopting the Linux operating system, a target operation and maintenance tool used by a user in operation and maintenance operation runs in the sandbox environment, and the target operation and maintenance tool provides service for the user in the sandbox environment, so that data isolation and operation isolation can be ensured, the safety is improved, and the safety under a high-concurrency scene can be ensured.
In the embodiment of the application, in order to process and record user operation behaviors, an auditing module can be deployed in the graph bastion machine, the auditing module can comprise a video recording service module, a character service module and an agent module, the video recording service module is used for carrying out screen video recording and is used for recording the user operation behaviors in an image mode, the character service module is used for recording the user operation behaviors in a character log mode, and the agent module is used for carrying out network agent. And a video audit function and a character audit function can be respectively provided through a video service module and a character service module which are deployed in the graph bastion machine. The character service module can have a protocol data transmission function and is used for carrying out data transmission of various protocols to the accessed destination resource device.
In some embodiments, the character service module may be packaged into each operation and maintenance tool as a component, so that when the corresponding operation and maintenance tool is operated in a sandbox environment, the character log can be automatically recorded, and thus, the operation log when the user uses the operation and maintenance tool can be obtained.
As an embodiment of S130, as shown in fig. 4, S130 may include:
s131: analyzing the tool calling request, and determining the tool type of the target operation and maintenance tool corresponding to the tool calling request.
S132: and calling the sandbox module to operate the target operation and maintenance tool in a mode of being matched with the tool type of the target operation and maintenance tool according to the tool type of the target operation and maintenance tool.
The graph bastion machine can be provided with an analysis module which is used for analyzing various requests from the user terminal. For example, the tool call request in S120 may be parsed by the parsing module, and based on this, a call object and a call mode corresponding to the tool call request may be determined.
The tool types of the target operation and maintenance tool include a native tool of a Linux operating system and a non-native tool of the Linux operating system, and the tools corresponding to the two types can be respectively marked as a Linux native tool and a non-Linux native tool. Based on this, S132 may include two embodiments:
as an embodiment of S132, when the tool type of the target operation and maintenance tool is a native tool of the Linux operating system, the target operation and maintenance tool is operated according to a native program execution method of the Linux graphics tool in a sandbox environment provided by the sandbox module.
The graphical presentation form of the Linux native tool is a Linux graphical tool. In an embodiment of the present application, the Linux native tool that may be issued and run by a sandbox module may include: secure CRT and other Linux operation and maintenance tools.
The native program execution method of the Linux graphic tool comprises the following steps: on the Linux operating system, the target operation and maintenance tool presented in the form of the Linux graphic tool is operated as a Linux native application program, and the executable file of the target operation and maintenance tool is operated by adopting a command for executing the executable file in the Linux operating system.
By the implementation mode, the Linux native tool can be safely operated in a sandbox environment, and safe operation and maintenance are realized.
As another embodiment of S132, when the tool type of the target operation and maintenance tool is a non-native tool of the Linux operating system, the target operation and maintenance tool is run through the api converter in a sandbox environment provided by the sandbox module.
The graphical presentation form of the non-Linux native tool is related to a graphics library used in the publishing process, and for example, the graphical presentation content of a Windows tool in the Linux environment may be specified by the publishing process to be the same as or different from the graphical presentation content of the tool in the Windows environment.
Exemplary non-Linux native tools that may be published and run by a sandbox module, such as Windows tools, may include: PLSQL and other Windows operation and maintenance tools. The executable file format of the Windows tool may be exe, sys, com, bat, etc. format.
Illustratively, when the non-native tool of the Linux operating system is a Windows tool, an Application Programming Interface (API) converter may be Wine, which may provide a compatible layer capable of running Windows applications on the Linux operating system. Windows tools can be run on the Linux graphics bastion machine through Wine.
Taking the target operation and maintenance tool as PLSQL as an example, PLSQL may be executed through a Windows program execution container provided by Wine in a sandbox environment.
It can be understood that based on the API conversion technology, a person skilled in the art can deploy a corresponding API converter on the Linux graphics bastion machine according to the types of various operation and maintenance tools managed and issued according to actual needs, so that various non-Linux native tools can be issued and operated.
By the implementation mode, the non-native tool of the Linux operating system can be safely operated, the operation and maintenance tools of other operating systems can be safely operated in the Linux environment, and compatibility is improved. For example, when the target operation and maintenance tool is a Windows tool, the above-mentioned embodiment can enable Windows environment to safely access resources in the graphical bastion machine, and can realize safe operation and maintenance in a sandbox environment and support containerization expansion and contraction under the condition of improving compatibility. Wherein, the condition of going to Windows means that the operating system of the graphics bastion machine can not be Windows any more. The support of containerization expansion means that program operation containers corresponding to various operating systems can be provided under a sandbox environment based on an API conversion technology, and good compatibility is achieved.
Through the implementation mode of S131-S132, the Linux-based graphical bastion machine can call the sandbox module to operate the target operation and maintenance tool according to the tool type of the target operation and maintenance tool to be called and the type matching mode, can support the operation of different types of operation and maintenance tools, and is good in compatibility.
As shown in fig. 5, in one application scenario, the tool invocation process may include: the remote desktop connection relation is established between a user terminal and a Linux graphic bastion machine through an RDP protocol and a bastion client in a cross-terminal environment, the Linux graphic bastion machine provides desktop parameters through a Linux desktop service module, when a tool calling request of the user terminal is received, the desktop service module and a sandbox module are called according to the parameters of the request, and a corresponding target operation and maintenance tool is selected to execute an operation and maintenance task according to the parameters of the request in a sandbox environment provided by the sandbox module, so that a user can access accessed resources in target resource equipment through the target operation and maintenance tool. The called target operation and maintenance tool can be the Linux native tool: the Secure CRT and other Linux operation and maintenance tools may also be the aforementioned non-Linux native tools: PLSQL and other Windows operation tools, for Windows tool, windows program can be run in a sandbox environment through a Windows program running container provided by an API translator. The accessed resource may be a host resource, a database resource, a network element resource, or an application resource.
In this embodiment of the application, before S120, as shown in fig. 6, the method may further include:
s201: when the operation and maintenance tool to be issued is a first graphic tool of a non-Linux operating system, converting an application programming interface instruction of the first graphic tool into a Linux instruction through an application programming interface converter to obtain a second graphic tool, wherein the second graphic tool is the Linux graphic tool.
Illustratively, the first graphics tool of the non-Linux operating system may be a Windows tool, a Mac tool, or other tool of the non-Linux operating system.
S202: and issuing the second graphic tool through the sandbox module.
The tool issuing process of S201-S202 may be understood as that the issuing process is independent from the process of establishing the remote desktop connection relationship, the tool issuing process may be executed before establishing the remote desktop connection relationship with the user terminal, or may be executed after establishing the remote desktop connection relationship, and the Linux graphics desktop may be updated after the tool issuing is completed, so that the newly issued tool is present on the Linux graphics desktop, as long as the user can operate the issued tool through the remotely displayed Linux graphics desktop.
Taking the operation and maintenance tool to be issued as a Windows tool as an example, the API converter Wine can convert the API instruction of the Windows tool into a Linux instruction recognizable by a Linux operating system, which is beneficial to running a Windows program on a Linux kernel, and the Windows tool is issued as a Linux tool based on the Windows tool, so that the Windows tool is issued in a Linux environment. The application program interface can provide a running container of the Windows program in a Linux environment through the API converter Wine.
The person skilled in the art can set an icon associated with the issued operation and maintenance tool in the issuing process, wherein the icon is used as an initiator to be displayed on the Linux graphic desktop.
When the operation and maintenance tools of the non-Linux operating system are released on the Linux graphics fort machine, the user terminal can display the Linux graphics desktop according to the desktop parameters provided by the graphics fort machine and display the released tools on the Linux graphics desktop. The user can view the published tools through a Linux graphical desktop displayed on the user terminal. When single sign-on is carried out, the Linux graphical bastion machine can obtain the single sign-on request parameters of the user terminal through the desktop service module, call the sandbox module through the desktop service module, call the running container provided by the API converter under the sandbox environment provided by the sandbox module, and call the Windows program of the issued operation and maintenance tool in the running container.
The tool is released through the sandbox module, so that safety can be improved, and the tool can be released in the sandbox environment, so that the tools can be operated in the sandbox environment safely and quickly.
Through the implementation mode of S201-S202, the graphics bastion machine based on the Linux operating system can release the graphics tools originally running in other operating system environments, such as the graphics tools running in the Windows operating system, in the Linux environment through the sandbox module, and can enable programs of other non-Linux operating systems to run in the Linux operating system through the application programming interface conversion technology. The implementation method can be compatible with the safe release of various graphic tools, and is beneficial to realizing safe operation and maintenance. According to the embodiment, the pattern bastion machine can distribute various types of tools in a centralized way, and tools such as PLSQL and CRT which are used frequently can stably run on the pattern bastion machine.
Compared with the mode that the traditional Windows bastion machine can only display one tool or one operation and maintenance tool of one operating system, the processing mode of the Windows bastion machine only reflects the virtualization service capability actually, the operation and maintenance tools of various types and various operating systems can be distributed and operated on the Linux graphic bastion machine through the method provided by the embodiment of the application, various operation and maintenance tools on the whole Linux graphic desktop can be provided through the Linux graphic bastion machine, the Linux graphic desktop is customized for users, and each user can own one Linux graphic desktop. The method not only can provide customized virtualization service for the user, but also provides a safe, reliable and well-compatible operation and maintenance execution environment for the user customization. By the method provided by the embodiment of the application, the information safety and the operation and maintenance safety can be reliably improved under the condition of saving Windows license fees.
In the embodiment of the present application, the content of the Linux graphics desktop may include a secure folder in the sandbox environment in addition to the various operation and maintenance tools described above. The secure folder is customized by the graphical bastion machine for a target user corresponding to the user terminal. The safe folder means: in order to provide a file space specific to a user who needs to frequently operate a document, interact with a server file or relate to a sensitive data document, the user can upload, download and distribute the file contents in a safe folder under the condition of authorization, and support the folder management function.
Based on the foregoing S130, as shown in fig. 7, the foregoing method may further include:
s140: and when the operation and maintenance task indication is that target resources are downloaded from the target resource equipment to the user terminal, determining that the user terminal has sensitive operation behaviors.
The target resource device is any one of the aforementioned destination resource devices.
S150: and checking and approving the sensitive operation behaviors and downloading the sensitive operation behaviors.
S160: and when the sensitive operation behavior passes the examination and approval, downloading the target resource into the safety folder through the target operation and maintenance tool.
S170: and when the sensitive operation behavior passes the download approval, the target resource in the safe folder is sent to the user terminal after safe operation.
When the graph bastion machine starts to provide desktop parameters of a Linux graph desktop for the user terminal, the monitoring function can be started to detect and block the operation behaviors of the user on the graph bastion machine and the target resource device through the user terminal. The monitoring process can monitor all the graphic sessions initiated by the user terminal through the graphic bastion machine in real time. The session is distinguished according to the object which the user requests to access, and if the access objects are different, the session is different. In the monitoring process, the graphical bastion machine can present session information such as a current main account name, an IP address and the like according to a session mode, and the function of the current session is blocked, the blocked session is a single session of a current user aiming at a certain target resource device, and the user does not influence other sessions of other resource devices through the graphical bastion machine.
For example, when the user accesses the database B4 in the destination resource device by clicking the target operation and maintenance tool on the Linux graphics desktop displayed on the user terminal, a graphics session is performed. When the access object is switched to another database B5 or network element device B6 in the destination resource device, it is implemented based on a new graphics session.
Under the condition that the monitoring function of the graph bastion machine is started, screen video recording is carried out through a video recording service module, log recording is carried out through a character service module, and the process comprises the step of translating information input by a user through input equipment such as a keyboard, a mouse and the like into characters for recording. Based on the monitoring function of the pattern fort machine, the following can be known: when the user operates what is done by the user terminal to which object in the graphics baster or the destination resource device.
When detecting that a user initiates a downloading request for a target resource device through a user terminal and a target operation and maintenance tool in a graph bastion machine, and when detecting that an operation and maintenance task is to download a target resource from the target resource device to the user terminal, determining that the user terminal has a sensitive operation behavior.
When sensitive operational behavior involving data download is involved, the graphical bastion machine can perform double approval detection of the behavior, which can include review approval and download approval. The specific approval process can be directly executed by the graph bastion machine or indirectly executed by the graph bastion machine, and for example, the graph bastion machine can call other clients with approval functions to execute the specific approval process.
For example, the graphical bastion machine can call a vault client with an approval function to initiate and execute an approval process when a sensitive operation behavior is detected, and the graphical bastion machine only needs to process the current sensitive behavior according to an approval result. The vault client can adopt a vault mode to examine and approve the current sensitive operation behavior, the core thought of the vault mode is that when the sensitive operation behavior is detected, vault authentication is triggered, and the current sensitive operation behavior is examined and approved by a specified approver with higher authority, and the specific examination and approval mode can include but is not limited to: judging whether approval information of an approver for the current sensitive operation behavior is obtained, detecting whether the current sensitive operation behavior is a behavior subjected to approval, detecting whether the current sensitive operation behavior is a white list behavior, and the like. The detailed approval process is not limited in this application.
When the graph bastion machine detects that the sensitive operation behavior passes the checking approval, for example, when a checking approval result provided by a vault client is received, the target resource can be downloaded to the corresponding safe folder of the user through the target operation and maintenance tool according to the content of the downloading request of the user. The process is realized based on a data redirection technology, and when a user accesses data in the target resource device through the Linux graph bastion machine, the data required by the user is redirected to a safe folder in a sandbox environment. All operation and maintenance tools called by the target user run in the sandbox environment of the graphical bastion machine, redirected data are also in the sandbox environment, and data in the operation and maintenance process are not directly stored in a local memory of the user terminal, so that the data can be prevented from falling to the ground.
When the graph bastion machine detects that the sensitive operation behavior passes the download approval, for example, after a user checks a secure folder through the content displayed on the user terminal and initiates a download request for the target resource in the secure folder, and detects that the vault client side provides a result of approving the download approval, the target resource in the secure folder can be sent to the user terminal after being subjected to the secure operation according to the download request of the user. Among these, secure operations include, but are not limited to: desensitization operation, encryption operation, watermarking operation.
Those skilled in the art can set the approval rules according to actual requirements, for example, set a specific approval mode, set a link for initiating various approvals, and set an approval scenario. In some embodiments, the viewing approval may be performed when the viewing operation of the user on the target resource is detected, and the one-stage or multi-stage download approval may be performed when the downloading operation of the user on the target resource is detected.
During the approval process, the graphical bastion machine can pause to provide services related to the sensitive operation behaviors for the user, and when the approval is passed, the graphical bastion machine can recover the corresponding services according to the approval result. And when the approval result indicates that the sensitive operation behavior is not approved, the graph bastion machine can block the conversation corresponding to the current sensitive operation behavior. For example, a user may be blocked from accessing a target resource in the target resource device and may be blocked from accessing the target resource device when the viewing approval is not passed.
Through the implementation mode of S140-S170, when a download request scene of a user is faced, the operation behavior of the user can be double-approved, when the user only checks and approves, data required by the user is redirected to the safe folder in the sandbox environment and is not directly sent to the user terminal, the user can only check the required data from the safe folder through the content of the Linux graphic desktop displayed on the user terminal, but the required data cannot be directly downloaded, and when the user passes the download approval, the data required by the user in the safe folder is sent to the user terminal after the safe operation. This is favorable to data security, avoids the fortune dimension personnel to download the resource data at will, download violating the regulations.
The technical personnel in the field can preset more approval rules according to actual needs, in other approval scenes, the actions of deleting logs, switching to an account of a super manager, downloading a specific file and the like can be used as sensitive operation actions in different scenes, corresponding approval processes are respectively set for the sensitive operation actions in each scene, and when the actions pass the approval, higher-level authorization is obtained.
The graph bastion machine can realize user operation behavior video recording under a multi-user scene through the video recording service module, so as to obtain video files respectively associated with each user.
For the operation and maintenance flow initiated by any user through the graph bastion machine, the user does not always perform operation and maintenance operation at all times in the monitoring process of the graph bastion machine, so that the video files obtained in the monitoring process can be processed, and the storage space of the video files is saved. The processing of the video files comprises de-duplication processing and labeling processing, after the processing is carried out, when the auditing is needed, auditors can not find key operation and maintenance time points in a mode of continuously watching the video files frame by frame any more, required video data can be quickly determined in modes of label searching and character searching, and the auditing efficiency of the screen video data is favorably improved.
As shown in fig. 8, the recording process may include:
s181: and when the remote desktop connection relation is kept with the user terminal, calling the video recording service module to record the user operation behavior of the user terminal to obtain a first video recording file.
In the embodiment of the present application, the video recording is not limited to the case where the graphics bastion must be recorded when displaying the recorded content, and may be a back-end video recording executed by a server, and the content obtained by the video recording may include: the system comprises a Linux graphic desktop, change contents caused by operation of a user on the Linux graphic desktop, and operation records executed by the user through the graphic bastion machine. The content obtained by the back-end video recording can be stored as images of continuous frames and operation logs. The process for storing and obtaining the images of the continuous frames can be realized by the video service module, and the process for storing and obtaining the operation logs can be realized by the character service module.
The first video file may contain a collection of images of consecutive frames.
S182: and carrying out duplicate removal processing on each frame of image in the first video file according to a Hash algorithm.
Under the condition that the duplicate removal processing is not carried out, some images with repeated contents exist in the first video file, after the duplicate removal processing is carried out, the space required for storing the repeated images can be reduced, the number of the images is reduced, and the video file obtained after the duplicate removal processing can be marked as a second video file.
The deduplication process may include: for continuous frame images in a period of time needing deduplication, two adjacent frame images are obtained according to a set frequency, and deduplication is performed by adopting a Hash algorithm (Hash algorithm), wherein the process comprises the following steps: calculating the hash value of the current frame image, taking the hash value of the current frame image as index content, searching the hash value in a stored hash table, if the hash value exists in the stored hash table, pointing a pointer for image indexing to the current frame image corresponding to the hash value, so that the image with repeated content does not need to be stored, and if the hash value does not exist in the stored hash table, taking the current frame image as a new image to be stored, so that omission of the new image can be avoided.
The Hash value may be calculated in an MD5 (Message Digest Algorithm 5), SHA (Secure Hash Algorithm), or other manners.
S183: and adding an attribute label to each frame of image subjected to the deduplication processing.
For the second video file obtained after the deduplication processing, each frame of image in the second video file can be identified, classified and added with an attribute tag.
The window identification can be performed on each frame of image, where a window refers to a graphic window corresponding to a certain application or process. In the window identification process, a window area of the current application can be obtained from the current image, the position of the window is determined, the name of the window can be identified, and the process corresponding to the current window can be identified based on the name of the window.
Since the operation and maintenance tools used in the operation and maintenance process are associated with the service scenarios, each operation and maintenance tool generally has a class of service scenarios corresponding to the operation and maintenance tool, and has a device corresponding to the operation and maintenance tool that can be accessed, for example, an operation and maintenance tool such as FlashFXP is a tool for performing file upload and download operations for an FTP server. An FTP Server (File Transfer Protocol Server) is a computer that provides File storage and access services on the internet, and provides services in accordance with the FTP Protocol. Therefore, in the identification process, the image can be subjected to feature extraction, and the image can be subjected to feature extraction, identification and classification according to graphical features and functional block distribution characteristics of various operation and maintenance tools. According to the functional characteristics of each functional block, the text area and the non-text area can be distinguished from each functional block, and the images can be classified according to the character information recognized from each functional block. Various functional blocks such as a menu bar, an editing area, and a status bar can be recognized from an image, and the image can be classified based on the contents recognized by character recognition of tool-specific areas such as the menu bar, the editing area, and the status bar, for example, based on the recognized information such as "database", "business system", and "FlashFXP".
In the classification process, the images can be classified according to the operation and maintenance tool determined by identification and the type of equipment which can be accessed by the tool. Based on the principle, each frame of image can be identified and classified, and each frame of image can be rapidly classified according to the identified contents for classification, such as database identification content, host identification content, service system identification content and the like.
The basis used in the classification process, such as classification items used in the classification, can be used as attribute tags. When the attribute label is added, the attribute of the image can be updated in a text form without changing the pixel content of the image.
For example, the attribute tags of a frame of image may include, but are not limited to: the image name, the window name, the name of the operation and maintenance tool, the operation account number, the name of the operation and maintenance personnel, the operation time, the address of the accessed equipment, the operation and maintenance command and the like. Language categories for the attribute tags include, but are not limited to: simplified Chinese and English. A corresponding feature library can be established in advance for each language category so as to facilitate query. And under the condition that the attribute label comprises an operation and maintenance operation command, the method is favorable for realizing quick and accurate audit.
After the attribute labels are added to each frame of image in the second video file, when an auditor needs to perform auditing, the attribute labels of the images can be searched in a text searching mode, so that the required video images can be quickly searched, and the key operation and maintenance nodes can be quickly determined.
In one application scenario, the auditor may be configured to index as input during an audit search, including: operator, operation time, identification of a host, and operation and maintenance operation commands, such as a "su-root" command, input by the operator. Whereby a fine audit can be achieved.
Optionally, the method may further include: and automatically upgrading the bastion client of the user terminal. When the fortress client corresponding to the graph fortress machine has a new version, the fortress client can be automatically upgraded in a mode that a user does not sense, so that the fortress client deployed on a user terminal is automatically upgraded. The process can be realized based on the agreed protocol between the user terminal and the graphical bastion machine, and the graphical bastion machine controls the user terminal to automatically finish the client upgrading based on the agreed protocol.
In summary, by the operation and maintenance auditing method provided by the embodiment of the application, a Windows bastion machine can be omitted, the operation and maintenance security service with high safety, high reliability, good stability and good compatibility can be provided based on the Linux graphics bastion machine with the operating system as Linux, and the Linux graphics desktop, sandbox and API conversion technology, the operation and maintenance security management and control of various resource devices can be reliably carried out in a high concurrency scene, and the high license fee required by the Windows bastion machine for security management of a large amount of resources when facing a large amount of authorization can be saved.
Optionally, regarding the functional architecture of the graph bastion machine, the functional architecture may include: an interface dependency layer, a business service layer, and a base capability layer.
Interface dependent layer: and the server is used for providing a unified data interaction point between the inside of the server and the outside of the server of the graph bastion machine. The interfaces that the interface dependency layer may provide include, but are not limited to: three account management interfaces IAM and NOC4A, IT A, a configuration parameter synchronization interface, an interface for ending a designated process, an interface for logging in and detecting, an interface for opening service process information by a user, an online conversation information interface, a window title information transmission interface, a clipboard information transmission interface, a vault approval interface and an interface for sending an audit log.
And a service layer: the service layer is the core capability service layer of the graph bastion machine, and the service processing and data processing functions of the graph bastion machine can be provided according to the service layer. Services that can be provided by the service layer include, but are not limited to: the method comprises the steps of tool login substitution filling service, mounting personal disk service, account management service, window title auditing service, keyboard auditing service, session management service, cash box exporting service, image-text auditing integrated service, dynamic plug-in loading service, screen recording service, bypass detection service and alarm service.
Base capacity layer: and the graph bastion basic capability service layer provides basic service capability for the graph bastion of linux. Services that the base capability layer can provide include, but are not limited to: the system comprises an automatic updating service, a communication data transmission service, a system pressure parameter acquisition service, a data caching service, a configuration updating service and a remote tool installation service.
The functional architecture described above is intended to be illustrative only, and the specific functional architecture of the graphics bastion machine should not be construed as limiting the application.
Optionally, the graph bastion machine in the embodiment of the present application may exist in a server cluster form, so as to avoid a potential safety hazard of service interruption that easily occurs in a single-center cluster, based on a master-slave backup idea, deployment may be performed in a dual-center cluster or multi-center cluster manner, and each cluster may be directly connected through a bus or connected through wireless communication. Each cluster can independently provide operation and maintenance safety service for users, when one cluster cannot work normally, service can be continuously provided for the users through the other clusters, service interruption is avoided, and system safety and stability are guaranteed.
In some embodiments, the graphical bastion machine can also be deployed in a distributed manner on a site basis and on a function basis. The particular manner of deployment of the graphics bastion machine should not be construed as limiting the application.
Figure 9 shows a schematic structural diagram of a pattern bastion machine 200 provided by the embodiment of the application. The configuration shown in fig. 9 is merely an example, and should not impose any limitation on the function and range of use of the embodiments of the present application.
As shown in fig. 9, the components of the graphical bastion machine 200 may include: at least one processor 220, and at least one memory 210 communicatively coupled to the processor 220, may also include a communication bus 230 for connecting the various components within the graphics bastion machine 200. The memory 210 stores program instructions executable by the processor 220, and the program instructions, when executed by the processor 220, are capable of performing the aforementioned operation and maintenance auditing method.
Included in memory 210 may be at least one program product having at least one program module configured to carry out the functions of embodiments of the application. The program/utilities of the at least one program module may be stored in the memory 210, such program module including but not limited to an operating system, one or more application programs, other program modules, and program data, each of which examples or some combination may comprise an implementation of a network environment. Program modules are generally utilized to perform the functions and/or methodologies of embodiments described herein.
The processor 220 executes various functional applications and data processing of the graphics bastion machine 200 by executing instructions, programs stored in the memory 210, and/or instructions stored in a memory provided in the processor 220. For example, the processor 220 may execute various functional applications and data processing by executing program instructions stored in the memory 210, for example, to implement the operation and maintenance auditing method provided by the embodiment of the present application.
The graphics bastion 200 can communicate with one or more external devices, such as a keyboard, pointing device, display, etc., as well as with one or more devices that enable a user to interact with the graphics bastion 200, such as the user terminals previously described, and the graphics bastion 200 can communicate with any device (e.g., network card, modem, etc.) that communicates with one or more other computing devices via an input/output (I/O) interface. Furthermore, the graphical bastion machine 200 can also communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public Network such as the internet) via a Network adapter. The network adapter communicates with other modules in the graphics bastion machine 200 via bus 230. It should be understood that although not shown in fig. 9, other hardware and/or software modules may be used in conjunction with the graphics bastion machine 200, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.
The embodiment of the application also provides a non-transitory computer readable storage medium, and the non-transitory computer readable storage medium stores computer instructions, and the computer instructions enable the computer to execute the operation and maintenance auditing method.
The non-transitory computer readable storage medium described above may take any combination of one or more computer readable media. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer-readable storage medium may include: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a Read Only Memory (ROM), an Erasable Programmable Read Only Memory (EPROM), a flash Memory, an optical fiber, a portable compact disc Read Only Memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing. The program code may execute entirely or partially on one computer, as a stand-alone software package, partly on a user's computer and partly on a remote computer or entirely on the remote computer or server. In the latter scenario, the remote computer may be connected to the user's computer through any type of Network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
In the description of the present specification, the terms "first", "second" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implying any number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one such feature. In the description of the present application, "plurality" means at least two, e.g., two, three, etc., unless specifically limited otherwise. Any process or method descriptions in flow charts or otherwise described herein may be understood as representing modules, segments, or portions of code which include one or more executable instructions for implementing steps of a custom logic function or process, and alternate implementations are included within the scope of the preferred embodiment of the present application in which functions may be executed out of order from that shown or discussed, including substantially concurrently or in reverse order, depending on the functionality involved, as would be understood by those reasonably skilled in the art of the present application.
The above description is only exemplary of the present application and should not be taken as limiting the present application, as any modification, equivalent replacement, or improvement made within the spirit and principle of the present application should be included in the scope of protection of the present application.
Claims (10)
1. An operation and maintenance auditing method is applied to a graph bastion machine, a sandbox module is deployed in the graph bastion machine, and the method comprises the following steps:
when a remote desktop connection relation is kept with a user terminal, desktop parameters of a Linux graphic desktop are sent to the user terminal, so that the user terminal can display the content of the Linux graphic desktop according to the desktop parameters, wherein the content of the Linux graphic desktop comprises at least one operation and maintenance tool which can be called through the sandbox module;
receiving a tool calling request sent by the user terminal according to the content of the Linux graphic desktop;
and running a target operation and maintenance tool in the at least one operation and maintenance tool through the sandbox module according to the tool calling request so that the target operation and maintenance tool provides operation and maintenance services for the user terminal under the sandbox environment provided by the sandbox module.
2. The method according to claim 1, wherein the running a target operation and maintenance tool of the at least one operation and maintenance tool through the sandbox module according to the tool call request comprises:
analyzing the tool calling request, and determining the tool type of the target operation and maintenance tool corresponding to the tool calling request;
and calling the sandbox module to operate the target operation and maintenance tool in a mode of being matched with the tool type of the target operation and maintenance tool according to the tool type of the target operation and maintenance tool.
3. The method of claim 2, wherein invoking the sandbox module to run the target operation and maintenance tool in a manner matching the tool type of the target operation and maintenance tool according to the tool type of the target operation and maintenance tool comprises:
and when the tool type of the target operation and maintenance tool is a non-native tool of a Linux operating system, operating the target operation and maintenance tool through an application programming interface converter under the sandbox environment provided by the sandbox module.
4. The method of claim 2, wherein the invoking the sandbox module to run the target operation and maintenance tool according to the tool type of the target operation and maintenance tool in a manner matching the tool type of the target operation and maintenance tool comprises:
and when the tool type of the target operation and maintenance tool is a native tool of a Linux operating system, operating the target operation and maintenance tool according to a native program execution method of a Linux graphic tool in a sandbox environment provided by the sandbox module.
5. The method according to claim 1, wherein before the receiving of the tool call request sent by the user terminal according to the content of the Linux graphics desktop, the method further comprises:
when the operation and maintenance tool to be issued is a first graphic tool of a non-Linux operating system, converting an application programming interface instruction of the first graphic tool into a Linux instruction through an application programming interface converter to obtain a second graphic tool, wherein the second graphic tool is the Linux graphic tool;
and issuing the second graphic tool through the sandbox module.
6. The method according to claim 1, wherein the tool call request includes an operation and maintenance operation instruction, and the running a target operation and maintenance tool of the at least one operation and maintenance tool through the sandbox module according to the tool call request comprises:
and calling the target operation and maintenance tool through the sandbox module to execute an operation and maintenance task corresponding to the operation and maintenance operation instruction, wherein the operation and maintenance task comprises at least one of data viewing, data operation and data downloading of target resource equipment.
7. The method according to claim 6, wherein the contents of the Linux graphics desktop further comprise a secure folder in the sandbox environment, the method further comprising:
when the operation and maintenance task indication is that a target resource is downloaded from the target resource device to the user terminal, determining that the user terminal has a sensitive operation behavior;
checking and approving the sensitive operation behavior and downloading the sensitive operation behavior;
when the sensitive operation behavior passes the examination and approval, downloading the target resource into the safety folder through the target operation and maintenance tool;
and when the sensitive operation behavior passes the download approval, the target resource in the safe folder is sent to the user terminal after safe operation.
8. The method according to any one of claims 1-7, wherein an audit module is further deployed in the graph bastion machine, wherein the audit module comprises a video recording service module, and wherein the method further comprises:
when the remote desktop connection relation is kept with the user terminal, the video recording service module is called to record the user operation behavior of the user terminal to obtain a first video recording file;
carrying out duplicate removal processing on each frame of image in the first video file according to a Hash algorithm;
and adding an attribute label to each frame of image subjected to the deduplication processing.
9. The method according to any one of claims 1-7, wherein prior to said sending desktop parameters of a Linux graphical desktop to the user terminal, the method further comprises:
responding to an access request of the user terminal, and performing identity authentication on a target user corresponding to the user terminal according to the access request;
and when the target user passes the identity authentication, establishing the remote desktop connection relation with the user terminal through a specified remote desktop protocol.
10. A graphics fort machine, comprising:
at least one processor; and
at least one memory communicatively coupled to the processor;
the memory has stored therein program instructions executable by the processor, the program instructions being capable of performing the method of any one of claims 1 to 9 when executed by the processor.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111165172.0A CN115878238A (en) | 2021-09-30 | 2021-09-30 | Operation and maintenance auditing method and pattern fort machine |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111165172.0A CN115878238A (en) | 2021-09-30 | 2021-09-30 | Operation and maintenance auditing method and pattern fort machine |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115878238A true CN115878238A (en) | 2023-03-31 |
Family
ID=85756736
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111165172.0A Pending CN115878238A (en) | 2021-09-30 | 2021-09-30 | Operation and maintenance auditing method and pattern fort machine |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115878238A (en) |
-
2021
- 2021-09-30 CN CN202111165172.0A patent/CN115878238A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP5446860B2 (en) | Virtual machine operation system, virtual machine operation method and program | |
| US10447560B2 (en) | Data leakage protection in cloud applications | |
| US9628357B2 (en) | Service compliance enforcement using user activity monitoring and work request verification | |
| US9906547B2 (en) | Mechanism to augment IPS/SIEM evidence information with process history snapshot and application window capture history | |
| CN108667855B (en) | Network flow abnormity monitoring method and device, electronic equipment and storage medium | |
| CN111695156A (en) | Service platform access method, device, equipment and storage medium | |
| KR20100049258A (en) | Method and system for protecting abusinng based browser | |
| CN114254304A (en) | Container security intrusion detection method and device, computer equipment and storage medium | |
| CN109614203B (en) | Android application cloud data evidence obtaining and analyzing system and method based on application data simulation | |
| JP5936798B2 (en) | Log analysis device, unauthorized access audit system, log analysis program, and log analysis method | |
| US8516376B2 (en) | Identification system for network data processing systems | |
| CN114253864A (en) | Service testing method and device, electronic equipment and storage medium | |
| CN113595997A (en) | File uploading safety detection method and device and electronic equipment | |
| KR20120078017A (en) | Cloud computing-based system for supporting analysis of malicious code and analyst terminal using the same | |
| CN114175067A (en) | Incident survey workspace generation and survey control | |
| CN115878238A (en) | Operation and maintenance auditing method and pattern fort machine | |
| CN115185644A (en) | Detection method, system, equipment and storage medium based on container interactive application | |
| US11388172B2 (en) | Cleared user facilitation and control system | |
| CN113420302A (en) | Host vulnerability detection method and device | |
| CN113467941A (en) | Method and device for sharing information | |
| CN111324872A (en) | Method and system for redirected centralized audit of login records and operation records | |
| US20230128474A1 (en) | Gathering universal serial bus threat intelligence | |
| CN113779543A (en) | Software authentication method and device | |
| US20230376607A1 (en) | Analysis apparatus, analysis system, analysis method, and analysis program | |
| CN113641923A (en) | Access page generation method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |