CN115964092A - Network card management method based on Linux - Google Patents
Network card management method based on Linux Download PDFInfo
- Publication number
- CN115964092A CN115964092A CN202111181160.7A CN202111181160A CN115964092A CN 115964092 A CN115964092 A CN 115964092A CN 202111181160 A CN202111181160 A CN 202111181160A CN 115964092 A CN115964092 A CN 115964092A
- Authority
- CN
- China
- Prior art keywords
- equipment
- network card
- command
- kernel
- event
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Abstract
The invention relates to a Linux-based network card management method, which comprises a multi-network card equipment processing module, a parameter configuration module and a behavior recording and exporting module, wherein the multi-network card equipment processing module comprises the following steps: s101: loading a kernel driver M and initializing a driving self-protection unit B when the system is started, and monitoring a user command by the driving self-protection unit B; s102: the kernel event monitoring unit A receives the kernel mode event notification and analyzes whether the kernel mode event notification belongs to a network card event; s103: the kernel event monitoring unit A acquires the name of the network card event equipment and compares whether the network card event equipment belongs to equipment needing to be forbidden or unloaded, if yes, the kernel event monitoring unit A sends the equipment name to the driving self-protection unit B, and the next step is executed; if not, executing S102 and continuing monitoring; s104: the driving self-protection unit B acquires the equipment information from the system equipment list according to the equipment name and disables or unloads the equipment information, and if the equipment information is successful, S102 is executed; if the user mode fails, the ifconfig command is executed in the user mode through the kernel mode API to disable the network card, and S102 is continuously executed.
Description
Technical Field
The invention relates to the technical field of computer security, in particular to a Linux-based network card management method.
Background
At present, due to the requirement of network security, companies and enterprises need to strictly control network access behaviors, and particularly in an intranet environment, since multi-network-card equipment can be freely connected with an external network only through hotspots such as mobile phone wireless and the like without passing through an intranet, risks of illegal behaviors such as secret leakage and attack are increased, and therefore a terminal generally needs to install software to control the multi-network-card equipment.
In the prior art, the network is disconnected by mainly adopting intranet access, or adopting a user-state polling network card start-stop state or obtaining a state through ioctl communication, and issuing a network card deactivation command through a network card management tool ifconfig or ioctl, but a good effect cannot be achieved in an open Linux environment.
Disclosure of Invention
Aiming at the problems in the prior art, the invention aims to provide a Linux-based network card management method.
The technical scheme adopted by the invention for solving the technical problems is as follows: a Linux-based network card management method comprises a multi-network card device processing module, a parameter configuration module and a behavior recording and exporting module, wherein the multi-network card device processing module comprises the following steps:
s101: loading a kernel driver M and initializing a driving self-protection unit B when the system is started, and monitoring a user command by the driving self-protection unit B;
s102: the kernel event monitoring unit A receives the kernel mode event notification and analyzes whether the kernel mode event notification belongs to a network card event;
s103: the kernel event monitoring unit A acquires the name of the network card event equipment and compares whether the network card event equipment belongs to equipment needing to be forbidden or unloaded, if yes, the kernel event monitoring unit A sends the equipment name to the driving self-protection unit B, and the next step is executed; if not, executing S102 and continuing monitoring;
s104: the driving self-protection unit B acquires the equipment information from the system equipment list according to the equipment name and disables or unloads the equipment information, and if the equipment information is successful, S102 is executed; if the user mode fails, executing a command ifconfig to disable the network card in the user mode through the kernel mode API, and continuing to execute S102;
the parameter configuration module comprises the following steps:
s201: loading a kernel driver M when the system is started, initializing state configuration according to default parameters and starting netlink monitoring;
s202: the netlink command receiving unit C receives the user control information, if the command exists, the next step is executed, and if the command does not exist, the monitoring is continued;
s203: according to the command type, if the command is an unloading prevention command, the self-protection unit D is driven to change the driving state information, so that the user cannot unload the command; if the command is a unloadable command, the self-protection unit D is driven to change the driving state information, so that a user can unload the command; if the command is a log forbidding command, all logs are not output any more; if the function is disabled, the event acquired by the kernel event monitoring unit A is not processed; if the function is enabled, the execution is continued;
the behavior recording and deriving module comprises the following steps:
s301: loading a kernel driver M when the system is started;
s302: if the netlink command receiving unit C receives the log starting command, initializing a log cache E1 and waiting for caching data, if the data exists, sending the data through the netlink, and if the data does not exist, continuing waiting;
s303: when the multi-network card equipment processing unit B disables or unloads equipment, the netlink log notification unit E is called to put data into the cache E1;
s304: and the driving self-protection unit D monitors system calls insmod, rmmod and modprobe, and if the user executes the command, the driving self-protection unit D records and calls a netlink log notification unit E to put data into the cache E1.
Preferably, the kernel-mode event notification includes device insertion and hardware startup.
Preferably, the user control information includes anti-uninstallation, a disable log, a function disable, and a function enable.
The invention has the following beneficial effects:
1) The kernel mode monitors a hardware enabling event and processes illegal equipment in real time;
2) The kernel state drives the self-protection, and the user can not unload;
3) After the equipment is forbidden, the user can not be enabled again through a system command;
4) The user's attempt to unload behavior is monitored and recorded.
Drawings
Fig. 1 is a flow chart of a multi-network card device processing module.
FIG. 2 is a flow diagram of a parameter configuration module.
Fig. 3 is a flow chart of the behavior recording and deriving module.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
As shown in fig. 1 to 3, a Linux-based network card management method includes a kernel event monitoring unit a (monitoring enabling or stopping information of a multi-network card device), a multi-network card device processing unit B (real-time disabling and uninstalling devices), a netlink command receiving unit C (user control message), a driving self-protection unit D (uninstalling prevention), a netlink log notification unit E (sending user behavior log), and a kernel driver M composed of the above five parts, which can effectively avoid the disadvantages of the prior art.
According to the Linux-based network card management method, the corresponding multi-network card equipment management and anti-unloading functions can be realized by loading the corresponding driver on the terminal.
A Linux-based network card management method comprises a multi-network card device processing module, a parameter configuration module and a behavior recording and exporting module:
s101: loading a kernel driver M and initializing a driving self-protection unit D when the system is started, and driving the self-protection unit D to start monitoring a user command;
s102: the kernel event monitoring unit A receives kernel mode event notifications (such as equipment insertion, hardware starting and the like) and analyzes whether the kernel mode event notifications belong to network card events;
s103: the kernel event monitoring unit A acquires the name of the network card event device and compares whether the network card event device belongs to the device needing to be forbidden or unloaded, if so, the kernel event monitoring unit A sends the name of the device to the network card device processing unit B, and S104 is executed; if not, executing S102, and continuing to monitor;
s104: the driving self-protection unit D acquires the equipment information from the system equipment list according to the equipment name and disables or unloads the equipment information, and if the equipment information is successful, S102 is executed; if the user mode fails, the command ifconfig is executed in the user mode through the kernel mode API to disable the network card, and then S102 is continuously executed;
the parameter configuration module comprises the following steps:
s201: loading a kernel driver M when the system is started, initializing state configuration according to default parameters and starting netlink monitoring;
s202: the netlink command receiving unit C receives user control information (such as uninstall prevention \ uninstallable, log disabled, function deactivation \ enabled, and the like), if a command arrives, S203 is executed, otherwise, monitoring is continued;
s203: driving the self-protection unit D to change the driving state information according to the command type if the command type is anti-uninstalling, so that a user cannot uninstall the self-protection unit D; if the driver is uninstallable, the self-protection unit D is driven to change the driving state information, so that the user can uninstall; if the logs are forbidden, all the logs are not output any more; if the function is disabled, the event acquired by the kernel event monitoring unit A is not processed any more; if the function is enabled, the execution is continued;
the behavior recording and deriving module comprises the following steps:
s301: loading a kernel driver M when the system is started;
s302: if the netlink command receiving unit C receives the starting log function, initializing a log cache E1 and waiting for caching data, if the data arrives, sending the data out through the netlink, and if not, continuing to wait;
s303: when the multi-network card equipment processing unit B disables or unloads equipment, the calling unit E puts data into E1;
s304: the self-protection unit D is driven to monitor system calls (insmod, rmmod and modprobe), and if the user executes the commands, the self-protection unit D records and calls the netlink log notification unit E to put data into E1.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (3)
1. A Linux-based network card management method is characterized by comprising a multi-network card device processing module, a parameter configuration module and a behavior recording and exporting module, wherein the multi-network card device processing module comprises the following steps:
s101: loading a kernel driver M when the system is started, initializing a driving self-protection unit B, and driving the self-protection unit B to monitor a user command;
s102: the kernel event monitoring unit A receives the kernel state event notification and analyzes whether the kernel state event notification belongs to a network card event;
s103: the kernel event monitoring unit A acquires the name of the network card event equipment and compares whether the network card event equipment belongs to equipment needing to be forbidden or unloaded, if yes, the equipment name is sent to the driving self-protection unit B, and the next step is executed; if not, executing S102 and continuing monitoring;
s104: driving the self-protection unit B to acquire equipment information from the system equipment list according to the equipment name and forbid or uninstall the equipment information, and if the equipment information is successful, executing S102; if the user mode fails, the user mode executes a command ifconfig to disable the network card through the kernel mode API, and S102 is continuously executed;
the parameter configuration module comprises the following steps:
s201: loading a kernel driver M when the system is started, initializing state configuration according to default parameters and starting netlink monitoring;
s202: the netlink command receiving unit C receives the user control information, if the command exists, the next step is executed, and if the command does not exist, the monitoring is continued;
s203: according to the command type, if the command is an unloading-preventing command, driving the self-protection unit D to change the driving state information, so that a user cannot unload the command; if the command is a loading unloading command, driving the self-protection unit D to change the driving state information so that the user can unload the command; if the command is a log forbidding command, all logs are not output any more; if the function is disabled, the event acquired by the kernel event monitoring unit A is not processed; if the function is enabled, the execution is continued;
the behavior recording and deriving module comprises the following steps:
s301: loading a kernel driver M when a system is started;
s302: if the netlink command receiving unit C receives the log starting command, initializing a log cache E1 and waiting for caching data, if the data exists, sending the data through the netlink, and if the data does not exist, continuing waiting;
s303: when the multi-network card equipment processing unit B disables or unloads equipment, the netlink log notification unit E is called to put data into the cache E1;
s304: the driving self-protection unit D monitors the system calls insmod, rmmod and modprobe, and if the user executes the command, the user records and calls the netlink log notification unit E to put data into the cache E1.
2. The Linux-based network card management method of claim 1, wherein the kernel-mode event notification comprises device insertion and hardware boot.
3. The Linux-based network card management method of claim 1, wherein the user control information comprises uninstallation prevention, uninstallation, log disabling, function disabling and function enabling.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111181160.7A CN115964092A (en) | 2021-10-11 | 2021-10-11 | Network card management method based on Linux |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111181160.7A CN115964092A (en) | 2021-10-11 | 2021-10-11 | Network card management method based on Linux |
Publications (1)
Publication Number | Publication Date |
---|---|
CN115964092A true CN115964092A (en) | 2023-04-14 |
Family
ID=87351546
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202111181160.7A Pending CN115964092A (en) | 2021-10-11 | 2021-10-11 | Network card management method based on Linux |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN115964092A (en) |
-
2021
- 2021-10-11 CN CN202111181160.7A patent/CN115964092A/en active Pending
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8898790B2 (en) | Method for preventing a mobile communication device from leaking secret and system thereof | |
CN107748685B (en) | Application program starting control method and device, terminal equipment and storage medium | |
US20120137364A1 (en) | Remote attestation of a mobile device | |
US20030172306A1 (en) | Security apparatus and method | |
CN103391374A (en) | Dual system terminal supporting seamless switching | |
US20150050913A1 (en) | Method and device for preventing recording during a conversation | |
CN107797841B (en) | Window control method and device, terminal equipment and storage medium | |
EP2902937A1 (en) | Method, apparatus, and system for triggering virtual machine introspection | |
KR20070086569A (en) | Management of persistent software applications | |
CN108255542B (en) | Serial port and parallel port control method and device of virtual machine | |
CN111712820B (en) | Method and apparatus for securing a mobile device | |
US7472288B1 (en) | Protection of processes running in a computer system | |
CN106203092B (en) | Method and device for intercepting shutdown of malicious program and electronic equipment | |
CN102497479B (en) | Method for smart phone to judge Trojprograms according to application software behaviors | |
CN111159690A (en) | Remote monitoring method, system and storage medium based on embedded Linux system | |
CN115964092A (en) | Network card management method based on Linux | |
CN111711656A (en) | Network edge storage device with safety function | |
CN115809118A (en) | Method, device, equipment and medium for dynamically protecting java process | |
US20200244461A1 (en) | Data Processing Method and Apparatus | |
CN104008338B (en) | Android malicious program processing method, device and equipment | |
CN114302399B (en) | Control method and device for WIFI sharing hot spot and storage medium | |
CN111078234A (en) | Method, system, device and storage medium for dynamically limiting installation and uninstallation of Android system of cloud mobile phone | |
US20110125994A1 (en) | Methods and systems for secure online browsing | |
CN115329312A (en) | USB management method and device based on Linux terminal | |
CN116055227B (en) | Intelligent terminal management and control method, system and device based on android device online security |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |