CN115964092A - Network card management method based on Linux - Google Patents

Network card management method based on Linux Download PDF

Info

Publication number
CN115964092A
CN115964092A CN202111181160.7A CN202111181160A CN115964092A CN 115964092 A CN115964092 A CN 115964092A CN 202111181160 A CN202111181160 A CN 202111181160A CN 115964092 A CN115964092 A CN 115964092A
Authority
CN
China
Prior art keywords
equipment
network card
command
kernel
event
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111181160.7A
Other languages
Chinese (zh)
Inventor
冯鹏飞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shandong Chinasoft Goldencis Software Co ltd
Original Assignee
Shandong Chinasoft Goldencis Software Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shandong Chinasoft Goldencis Software Co ltd filed Critical Shandong Chinasoft Goldencis Software Co ltd
Priority to CN202111181160.7A priority Critical patent/CN115964092A/en
Publication of CN115964092A publication Critical patent/CN115964092A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Abstract

The invention relates to a Linux-based network card management method, which comprises a multi-network card equipment processing module, a parameter configuration module and a behavior recording and exporting module, wherein the multi-network card equipment processing module comprises the following steps: s101: loading a kernel driver M and initializing a driving self-protection unit B when the system is started, and monitoring a user command by the driving self-protection unit B; s102: the kernel event monitoring unit A receives the kernel mode event notification and analyzes whether the kernel mode event notification belongs to a network card event; s103: the kernel event monitoring unit A acquires the name of the network card event equipment and compares whether the network card event equipment belongs to equipment needing to be forbidden or unloaded, if yes, the kernel event monitoring unit A sends the equipment name to the driving self-protection unit B, and the next step is executed; if not, executing S102 and continuing monitoring; s104: the driving self-protection unit B acquires the equipment information from the system equipment list according to the equipment name and disables or unloads the equipment information, and if the equipment information is successful, S102 is executed; if the user mode fails, the ifconfig command is executed in the user mode through the kernel mode API to disable the network card, and S102 is continuously executed.

Description

Network card management method based on Linux
Technical Field
The invention relates to the technical field of computer security, in particular to a Linux-based network card management method.
Background
At present, due to the requirement of network security, companies and enterprises need to strictly control network access behaviors, and particularly in an intranet environment, since multi-network-card equipment can be freely connected with an external network only through hotspots such as mobile phone wireless and the like without passing through an intranet, risks of illegal behaviors such as secret leakage and attack are increased, and therefore a terminal generally needs to install software to control the multi-network-card equipment.
In the prior art, the network is disconnected by mainly adopting intranet access, or adopting a user-state polling network card start-stop state or obtaining a state through ioctl communication, and issuing a network card deactivation command through a network card management tool ifconfig or ioctl, but a good effect cannot be achieved in an open Linux environment.
Disclosure of Invention
Aiming at the problems in the prior art, the invention aims to provide a Linux-based network card management method.
The technical scheme adopted by the invention for solving the technical problems is as follows: a Linux-based network card management method comprises a multi-network card device processing module, a parameter configuration module and a behavior recording and exporting module, wherein the multi-network card device processing module comprises the following steps:
s101: loading a kernel driver M and initializing a driving self-protection unit B when the system is started, and monitoring a user command by the driving self-protection unit B;
s102: the kernel event monitoring unit A receives the kernel mode event notification and analyzes whether the kernel mode event notification belongs to a network card event;
s103: the kernel event monitoring unit A acquires the name of the network card event equipment and compares whether the network card event equipment belongs to equipment needing to be forbidden or unloaded, if yes, the kernel event monitoring unit A sends the equipment name to the driving self-protection unit B, and the next step is executed; if not, executing S102 and continuing monitoring;
s104: the driving self-protection unit B acquires the equipment information from the system equipment list according to the equipment name and disables or unloads the equipment information, and if the equipment information is successful, S102 is executed; if the user mode fails, executing a command ifconfig to disable the network card in the user mode through the kernel mode API, and continuing to execute S102;
the parameter configuration module comprises the following steps:
s201: loading a kernel driver M when the system is started, initializing state configuration according to default parameters and starting netlink monitoring;
s202: the netlink command receiving unit C receives the user control information, if the command exists, the next step is executed, and if the command does not exist, the monitoring is continued;
s203: according to the command type, if the command is an unloading prevention command, the self-protection unit D is driven to change the driving state information, so that the user cannot unload the command; if the command is a unloadable command, the self-protection unit D is driven to change the driving state information, so that a user can unload the command; if the command is a log forbidding command, all logs are not output any more; if the function is disabled, the event acquired by the kernel event monitoring unit A is not processed; if the function is enabled, the execution is continued;
the behavior recording and deriving module comprises the following steps:
s301: loading a kernel driver M when the system is started;
s302: if the netlink command receiving unit C receives the log starting command, initializing a log cache E1 and waiting for caching data, if the data exists, sending the data through the netlink, and if the data does not exist, continuing waiting;
s303: when the multi-network card equipment processing unit B disables or unloads equipment, the netlink log notification unit E is called to put data into the cache E1;
s304: and the driving self-protection unit D monitors system calls insmod, rmmod and modprobe, and if the user executes the command, the driving self-protection unit D records and calls a netlink log notification unit E to put data into the cache E1.
Preferably, the kernel-mode event notification includes device insertion and hardware startup.
Preferably, the user control information includes anti-uninstallation, a disable log, a function disable, and a function enable.
The invention has the following beneficial effects:
1) The kernel mode monitors a hardware enabling event and processes illegal equipment in real time;
2) The kernel state drives the self-protection, and the user can not unload;
3) After the equipment is forbidden, the user can not be enabled again through a system command;
4) The user's attempt to unload behavior is monitored and recorded.
Drawings
Fig. 1 is a flow chart of a multi-network card device processing module.
FIG. 2 is a flow diagram of a parameter configuration module.
Fig. 3 is a flow chart of the behavior recording and deriving module.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
As shown in fig. 1 to 3, a Linux-based network card management method includes a kernel event monitoring unit a (monitoring enabling or stopping information of a multi-network card device), a multi-network card device processing unit B (real-time disabling and uninstalling devices), a netlink command receiving unit C (user control message), a driving self-protection unit D (uninstalling prevention), a netlink log notification unit E (sending user behavior log), and a kernel driver M composed of the above five parts, which can effectively avoid the disadvantages of the prior art.
According to the Linux-based network card management method, the corresponding multi-network card equipment management and anti-unloading functions can be realized by loading the corresponding driver on the terminal.
A Linux-based network card management method comprises a multi-network card device processing module, a parameter configuration module and a behavior recording and exporting module:
s101: loading a kernel driver M and initializing a driving self-protection unit D when the system is started, and driving the self-protection unit D to start monitoring a user command;
s102: the kernel event monitoring unit A receives kernel mode event notifications (such as equipment insertion, hardware starting and the like) and analyzes whether the kernel mode event notifications belong to network card events;
s103: the kernel event monitoring unit A acquires the name of the network card event device and compares whether the network card event device belongs to the device needing to be forbidden or unloaded, if so, the kernel event monitoring unit A sends the name of the device to the network card device processing unit B, and S104 is executed; if not, executing S102, and continuing to monitor;
s104: the driving self-protection unit D acquires the equipment information from the system equipment list according to the equipment name and disables or unloads the equipment information, and if the equipment information is successful, S102 is executed; if the user mode fails, the command ifconfig is executed in the user mode through the kernel mode API to disable the network card, and then S102 is continuously executed;
the parameter configuration module comprises the following steps:
s201: loading a kernel driver M when the system is started, initializing state configuration according to default parameters and starting netlink monitoring;
s202: the netlink command receiving unit C receives user control information (such as uninstall prevention \ uninstallable, log disabled, function deactivation \ enabled, and the like), if a command arrives, S203 is executed, otherwise, monitoring is continued;
s203: driving the self-protection unit D to change the driving state information according to the command type if the command type is anti-uninstalling, so that a user cannot uninstall the self-protection unit D; if the driver is uninstallable, the self-protection unit D is driven to change the driving state information, so that the user can uninstall; if the logs are forbidden, all the logs are not output any more; if the function is disabled, the event acquired by the kernel event monitoring unit A is not processed any more; if the function is enabled, the execution is continued;
the behavior recording and deriving module comprises the following steps:
s301: loading a kernel driver M when the system is started;
s302: if the netlink command receiving unit C receives the starting log function, initializing a log cache E1 and waiting for caching data, if the data arrives, sending the data out through the netlink, and if not, continuing to wait;
s303: when the multi-network card equipment processing unit B disables or unloads equipment, the calling unit E puts data into E1;
s304: the self-protection unit D is driven to monitor system calls (insmod, rmmod and modprobe), and if the user executes the commands, the self-protection unit D records and calls the netlink log notification unit E to put data into E1.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.

Claims (3)

1. A Linux-based network card management method is characterized by comprising a multi-network card device processing module, a parameter configuration module and a behavior recording and exporting module, wherein the multi-network card device processing module comprises the following steps:
s101: loading a kernel driver M when the system is started, initializing a driving self-protection unit B, and driving the self-protection unit B to monitor a user command;
s102: the kernel event monitoring unit A receives the kernel state event notification and analyzes whether the kernel state event notification belongs to a network card event;
s103: the kernel event monitoring unit A acquires the name of the network card event equipment and compares whether the network card event equipment belongs to equipment needing to be forbidden or unloaded, if yes, the equipment name is sent to the driving self-protection unit B, and the next step is executed; if not, executing S102 and continuing monitoring;
s104: driving the self-protection unit B to acquire equipment information from the system equipment list according to the equipment name and forbid or uninstall the equipment information, and if the equipment information is successful, executing S102; if the user mode fails, the user mode executes a command ifconfig to disable the network card through the kernel mode API, and S102 is continuously executed;
the parameter configuration module comprises the following steps:
s201: loading a kernel driver M when the system is started, initializing state configuration according to default parameters and starting netlink monitoring;
s202: the netlink command receiving unit C receives the user control information, if the command exists, the next step is executed, and if the command does not exist, the monitoring is continued;
s203: according to the command type, if the command is an unloading-preventing command, driving the self-protection unit D to change the driving state information, so that a user cannot unload the command; if the command is a loading unloading command, driving the self-protection unit D to change the driving state information so that the user can unload the command; if the command is a log forbidding command, all logs are not output any more; if the function is disabled, the event acquired by the kernel event monitoring unit A is not processed; if the function is enabled, the execution is continued;
the behavior recording and deriving module comprises the following steps:
s301: loading a kernel driver M when a system is started;
s302: if the netlink command receiving unit C receives the log starting command, initializing a log cache E1 and waiting for caching data, if the data exists, sending the data through the netlink, and if the data does not exist, continuing waiting;
s303: when the multi-network card equipment processing unit B disables or unloads equipment, the netlink log notification unit E is called to put data into the cache E1;
s304: the driving self-protection unit D monitors the system calls insmod, rmmod and modprobe, and if the user executes the command, the user records and calls the netlink log notification unit E to put data into the cache E1.
2. The Linux-based network card management method of claim 1, wherein the kernel-mode event notification comprises device insertion and hardware boot.
3. The Linux-based network card management method of claim 1, wherein the user control information comprises uninstallation prevention, uninstallation, log disabling, function disabling and function enabling.
CN202111181160.7A 2021-10-11 2021-10-11 Network card management method based on Linux Pending CN115964092A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111181160.7A CN115964092A (en) 2021-10-11 2021-10-11 Network card management method based on Linux

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111181160.7A CN115964092A (en) 2021-10-11 2021-10-11 Network card management method based on Linux

Publications (1)

Publication Number Publication Date
CN115964092A true CN115964092A (en) 2023-04-14

Family

ID=87351546

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111181160.7A Pending CN115964092A (en) 2021-10-11 2021-10-11 Network card management method based on Linux

Country Status (1)

Country Link
CN (1) CN115964092A (en)

Similar Documents

Publication Publication Date Title
US8898790B2 (en) Method for preventing a mobile communication device from leaking secret and system thereof
CN107748685B (en) Application program starting control method and device, terminal equipment and storage medium
US20120137364A1 (en) Remote attestation of a mobile device
US20030172306A1 (en) Security apparatus and method
CN103391374A (en) Dual system terminal supporting seamless switching
US20150050913A1 (en) Method and device for preventing recording during a conversation
CN107797841B (en) Window control method and device, terminal equipment and storage medium
EP2902937A1 (en) Method, apparatus, and system for triggering virtual machine introspection
KR20070086569A (en) Management of persistent software applications
CN108255542B (en) Serial port and parallel port control method and device of virtual machine
CN111712820B (en) Method and apparatus for securing a mobile device
US7472288B1 (en) Protection of processes running in a computer system
CN106203092B (en) Method and device for intercepting shutdown of malicious program and electronic equipment
CN102497479B (en) Method for smart phone to judge Trojprograms according to application software behaviors
CN111159690A (en) Remote monitoring method, system and storage medium based on embedded Linux system
CN115964092A (en) Network card management method based on Linux
CN111711656A (en) Network edge storage device with safety function
CN115809118A (en) Method, device, equipment and medium for dynamically protecting java process
US20200244461A1 (en) Data Processing Method and Apparatus
CN104008338B (en) Android malicious program processing method, device and equipment
CN114302399B (en) Control method and device for WIFI sharing hot spot and storage medium
CN111078234A (en) Method, system, device and storage medium for dynamically limiting installation and uninstallation of Android system of cloud mobile phone
US20110125994A1 (en) Methods and systems for secure online browsing
CN115329312A (en) USB management method and device based on Linux terminal
CN116055227B (en) Intelligent terminal management and control method, system and device based on android device online security

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination