CN117196539B

CN117196539B - Automatic checking method, system, equipment and medium for security base line

Info

Publication number: CN117196539B
Application number: CN202311440907.5A
Authority: CN
Inventors: 刘葵
Original assignee: Guangzhou University
Current assignee: Guangzhou University
Priority date: 2023-11-01
Filing date: 2023-11-01
Publication date: 2024-02-27
Anticipated expiration: 2043-11-01
Also published as: CN117196539A

Abstract

The method comprises the steps of collecting equipment execution data of equipment in real time, wherein the equipment execution data comprise safety baseline data and execution log data, carrying out verification tool set matching processing on the equipment execution data, deploying a verification control framework of the equipment safety baseline according to a matching relation between the equipment execution data and the verification tool set, constructing an equipment reference library conforming to current equipment safety baseline verification according to the verification control framework, generating a corresponding baseline verification task, calling preset verification execution scripts to respectively carry out independent verification processing on each safety baseline according to the baseline verification task, and generating verification operation script data of the equipment safety baseline. The method and the device have the effect of improving the efficiency of checking the equipment safety base line.

Description

Automatic checking method, system, equipment and medium for security base line

Technical Field

The invention relates to the technical field of equipment safety baseline checking, in particular to a safety baseline automatic checking method, a system, equipment and a medium.

Background

Currently, most of the equipment security baseline checking tools on the market are integrated on terminal security EDR management tools of various manufacturers, and a security service ecological tool set of a corresponding manufacturer must be deployed by using the tools, so that the checking tools are controlled by the security service ecological tool set to perform the equipment security baseline checking tools.

In the existing equipment security baseline checking method, an adapted security baseline checking tool is controlled through a security service ecological tool set under the same manufacturer, so that the security baseline checking tool can conduct targeted checking on a corresponding equipment security baseline conveniently, however, in the actual use process, the same equipment is often integrated with a plurality of client tools to conduct security baseline checking work, and the mutual coupling among the plurality of client tools is easy to cause the too slow equipment security baseline checking efficiency.

The prior art solutions described above have the following drawbacks: the mutual coupling of a plurality of equipment security baseline checking tools easily causes the checking efficiency of the security baseline to be too slow.

Disclosure of Invention

In order to improve efficiency of checking a safety baseline of equipment, the application provides a safety baseline automatic checking method, a system, equipment and a medium.

The first object of the present invention is achieved by the following technical solutions:

provided is a security baseline automation verification method, which includes:

collecting equipment execution data of equipment in real time, wherein the equipment execution data comprises safety baseline data and execution log data;

performing verification tool set matching processing on the equipment execution data, and deploying a verification control framework of the equipment safety baseline according to the matching relation between the equipment execution data and the verification tool set;

according to the checking control framework, constructing an equipment reference library which accords with the current equipment safety baseline checking, and generating a corresponding baseline checking task;

and calling a preset checking execution script to respectively and independently check each safety base line according to the base line checking task to generate checking operation script data of the safety base line of the equipment.

By adopting the technical scheme, as a plurality of client-side tools are often integrated with the same equipment to carry out the security baseline checking work, the mutual coupling among the plurality of client-side tools is easy to cause the too slow efficiency of the security baseline checking of the equipment, the whole security baseline checking process is monitored by collecting equipment execution data generated in the process of executing the security baseline checking of the equipment in real time, and the equipment execution data is matched with a preset checking tool set to deploy a checking control framework of the security baseline of the equipment, thereby improving the quick application and deployment capacity of the checking tool, enabling the security baseline checking work to be more efficient and quick, generating corresponding baseline checking tasks through the construction of an equipment reference library of the current equipment security baseline, providing a unified script generating basis in the process of checking an automatic script, enabling the script generating process to be more standard, and calling a preset checking execution script to respectively carry out independent checking treatment on each security baseline according to the baseline checking task, facilitating the decoupling of the process in the process of checking script of each security baseline, further improving the running data of the security baseline checking process, facilitating the unified operation data of the security baseline checking and improving the security baseline checking efficiency of the equipment.

The present application may be further configured in a preferred example to: and according to the base line checking task, calling a preset checking execution script to respectively and independently check each safety base line to generate checking operation script data of the safety base line of the equipment, and further comprising:

acquiring a device working mode corresponding to the baseline checking task, wherein the device working mode comprises a device networking mode and a device isolation mode;

when the equipment working mode is an equipment networking mode, checking the self-adaptive matching processing of the execution script for the base line checking task to obtain an automatic allocation strategy of the execution script;

when the equipment working mode is an equipment isolation mode, carrying out local autonomous processing on the base line checking task to obtain an isolation autonomous strategy;

and performing pre-judging treatment on the safety check of the equipment safety base line according to the automatic allocation strategy of the execution script and the isolation autonomous strategy to obtain the integral safety check result of the equipment safety base line.

By adopting the technical scheme, the device working modes of the baseline checking tasks are classified, the checking tasks under different working conditions are classified and managed, the flexibility of security baseline checking management is improved, when the device working modes are in the device networking mode with good network environment, the self-adaptive matching processing of the checking execution script is carried out on the baseline checking tasks, the automatic allocation strategy of the execution script is obtained, therefore, the suitability between each baseline checking task and the checking execution script is improved, when the device working modes are the device isolation modes with poor network environment, the local autonomous processing is carried out on the baseline checking tasks, the risk of data loss during the data isolation period is reduced through the isolation autonomous strategy, the preset checking result output standard is combined, and the security checking result of the device security baseline is prejudged according to the automatic allocation strategy of the execution script and the isolation strategy, so that the efficiency of the security baseline checking is improved according to the integral security checking result.

The present application may be further configured in a preferred example to: and when the equipment working mode is an equipment isolation mode, performing local autonomous processing on the baseline checking task to obtain an isolation autonomous strategy, wherein the method specifically comprises the following steps of:

acquiring checking execution data of a baseline checking task in the equipment isolation mode;

performing local operation processing on the checking execution data according to a pre-deployed checking control architecture to obtain a local checking control strategy matched with each base line checking task;

according to the local checking control strategy, a local checking instruction set is called to carry out security checking on the base line checking task, so that local security checking data are obtained;

and when the equipment isolation mode is converted into the equipment networking mode, calling the checking execution script to carry out checking processing on the local safety checking data, and generating an isolation autonomous strategy of the baseline checking task.

By adopting the technical scheme, the checking execution condition of the baseline checking task is controlled in real time by acquiring the checking execution data of the baseline checking task in the equipment isolation mode, the follow-up strength of the equipment baseline checking progress is improved, the checking execution data is subjected to local operation processing by a pre-deployed checking control framework, so that the local accounting mode is called to automatically control each baseline checking task to obtain an adaptive local checking control strategy, the waiting time of the accounting task in the waiting process is reduced, the applicability of the safety baseline checking to a plurality of application environments is further improved, and when the equipment isolation mode is converted into the equipment networking mode, the checking execution script is called to check the local safety checking data to generate an isolation autonomous strategy corresponding to the baseline checking task, the local self-adaptive control of the baseline checking task in the isolation state is facilitated according to the isolation autonomous strategy, the baseline checking automation degree in the isolation state is improved, and the normalization of the safety baseline checking work is improved.

The present application may be further configured in a preferred example to: the method comprises the steps of constructing a device reference library which accords with the current device security baseline check according to the check control architecture, generating a corresponding baseline check task, and further comprising:

acquiring equipment identification data under the current operation working condition in real time;

performing data association processing on the equipment identification data and a preset checking instruction set to generate checking task data corresponding to all checking items of each piece of equipment;

classifying and identifying each checking item according to the checking task data to generate a checking task configuration item for checking the security base line of each device;

and carrying out parameter adjustment processing on the checking operation script of the equipment safety base line according to the checking task configuration item to obtain a script adjustment strategy which is matched with the base line checking task of the current equipment safety base line.

By adopting the technical scheme, the device identification data under the current operation condition is acquired, the device is conveniently built to carry out adaptation association with the instruction set in the safety reference library, when the device identification data is subjected to data association processing with the preset checking instruction set, corresponding checking tasks are distributed to each checking item according to the data association relation, the automation degree of the checking task of the safety base line is conveniently improved according to the checking task data, the checking mode data of the instruction set is called, and the automatic classification identification processing is carried out on each checking item by combining the checking task data, so that the checking task configuration item which is convenient for orderly management of the configuration item is obtained, the management uniformity of the checking task is improved, the parameter adjustment processing is carried out on the checking operation script of the safety base line of the device according to the checking task configuration item, and the management cost of the base line checking task of the safety base line of the current device is facilitated to be improved.

The present application may be further configured in a preferred example to: and according to the checking task configuration item, performing parameter adjustment processing on a checking operation script of the equipment safety base line to obtain a script adjustment strategy matched with a base line checking task of the current equipment safety base line, wherein the method specifically comprises the following steps:

performing verification algorithm adaptation processing on each verification task configuration item and the equipment reference library to obtain a target verification algorithm adapted to the verification task configuration item;

performing verification script operation processing on all the verification task configuration items and the corresponding target verification algorithm to generate a verification operation script of the whole equipment security base line;

in the running process of the checking running script, acquiring the checking running progress of each baseline checking task in real time;

and according to the checking operation progress, performing parameter adjustment processing on the checking operation script under the current operation condition to obtain a script adjustment strategy which is adaptive to the current accounting operation progress.

By adopting the technical scheme, the target checking algorithm required by each checking task configuration item is obtained by adapting each checking task configuration item to the checking algorithm in the equipment reference library, the automatic checking of the security base line by the target checking algorithm is facilitated, the checking automation degree of the checking task is improved, the checking script operation processing is performed on all the checking task configuration items and the target checking algorithm, thereby generating the checking operation script for performing security checking on the whole security base line of the equipment, the automatic checking deployment is performed through the checking operation script, the efficiency of checking the security base line is further improved, in the operation process of the checking operation script, the checking operation progress of each base line checking task in the current state is obtained, the preset checking method is further optimized, the suitability of the checking operation script and the actual security situation of the security base line is improved, the automatic operation and maintenance of the checking operation script are realized by performing parameter adjustment processing on the checking operation script under the current operation condition, the script adjustment strategy adapted to the current checking operation progress is obtained, and the application range of the checking operation script can be suitable for various types of security operation scripts through real-time script parameter adjustment.

The present application may be further configured in a preferred example to: the process of matching the checking tool set is performed on the device execution data, and the checking control architecture of the device security baseline is deployed according to the matching relationship between the device execution data and the checking tool set, specifically including:

obtaining matching degree data between the device execution data and the checking tool set;

according to the matching degree data, carrying out checking control strategy matching processing on each equipment safety base line to obtain an optimal control scheme of each equipment safety base line;

when the optimal control scheme is a centralized control cloud service, a preset cloud service architecture is called to carry out remote deployment management on each equipment safety baseline, and a remote centralized control strategy of the equipment safety baseline is obtained;

and when the optimal control scheme is local self-service, a preset local intranet framework is called to perform local deployment management on each equipment safety base line, so that a local self-control strategy of the equipment safety base line is obtained.

By adopting the technical scheme, whether the equipment is matched with the preset accounting tool set or not is judged by acquiring the matching degree data between the equipment execution data and the checking tool set, and the checking control strategy matching processing is respectively carried out on each equipment safety base line according to the matching degree, the checking control scheme matching is accurately carried out through the control requirements of the equipment safety base lines with different matching degrees, the checking control accuracy of the equipment safety base lines is improved, when the optimal control scheme is the centralized control cloud service, the preset cloud service architecture is called to carry out remote deployment management on each equipment safety base line, remote control of remote command resources on the equipment safety base line checking work under the good network environment is facilitated by the remote centralized control strategy, when the optimal control scheme is local self-service, the local deployment management is carried out on each equipment safety base line through the local intranet frame, local control strategy calling local command resources are facilitated to carry out local near control on the equipment safety base line checking work with poor network environment, and unified authentication and standardization management service is provided for the equipment safety base line checking work under a plurality of environments, and the security work is enabled to be more standardized.

The present application may be further configured in a preferred example to: when the optimal control scheme is a centralized control cloud service, a preset cloud service architecture is called to perform remote deployment management on each equipment safety base line to obtain a remote centralized control strategy of the equipment safety base line, and the method further comprises the following steps:

performing data encryption processing on the equipment execution data of the equipment safety base line according to the remote centralized control strategy to obtain checking encryption data of the equipment safety base line;

performing encryption mode adaptation processing on the verification encryption data to obtain verification encryption adaptation data which can be identified by a cloud service architecture;

performing data analysis processing on the verification encryption adaptation data, and calling a remote execution script of the cloud service architecture according to a data analysis result to perform verification analysis on a device security base line to obtain remote verification analysis data;

and according to the remote verification analysis data, performing remote verification policy matching processing on the base line verification task of each equipment safety base line to obtain a target remote verification policy of the equipment safety base line.

By adopting the technical scheme, the data encryption processing is carried out on the equipment execution data of the equipment safety base line through the remote centralized control strategy, the improvement of the safety of the equipment execution data is facilitated by checking the encryption data, the encryption mode adaptation processing is carried out on the checking encryption data, the encryption state of the checking encryption data is kept in the data transmission process, the data transmission safety is further improved, after the cloud service architecture receives the checking encryption adaptation data, the data is analyzed through a preset data analysis algorithm, the remote execution script of the cloud service architecture is called according to the analysis result to carry out the checking analysis on the equipment safety base line, the full calling of the remote execution script is facilitated, the automatic safety checking analysis is carried out through the remote execution script, the remote checking strategy matching processing is carried out on the base line checking task of each equipment safety base line, the target remote checking strategy of the equipment safety base line is obtained, the remote control of the target remote checking strategy on the safety base line checking task is facilitated, and the control convenience of the safety base line checking work is improved.

The second object of the present invention is achieved by the following technical solutions:

there is provided a security baseline automation verification system, the security baseline automation verification system comprising:

the device data acquisition module is used for acquiring device execution data of the device in real time, wherein the device execution data comprises safety baseline data and execution log data;

the checking tool matching module is used for carrying out checking tool set matching processing on the equipment execution data, and deploying a checking control framework of the equipment safety base line according to the matching relation between the equipment execution data and the checking tool set;

the checking task generating module is used for constructing an equipment reference library which accords with the current equipment safety baseline checking according to the checking control architecture and generating a corresponding baseline checking task;

and the verification script generation module is used for calling a preset verification execution script to respectively and independently verify each safety baseline according to the baseline verification task to generate verification operation script data of the safety baselines of the equipment.

The third object of the present application is achieved by the following technical solutions:

a computer device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, the processor implementing the steps of the security baseline automated verification method described above when the computer program is executed.

The fourth object of the present application is achieved by the following technical solutions:

a computer readable storage medium storing a computer program which, when executed by a processor, implements the steps of the security baseline automated verification method described above.

In summary, the present application includes at least one of the following beneficial technical effects:

1. the method comprises the steps that equipment execution data generated in the process of executing safety baseline checking of equipment safety baselines are collected in real time to monitor the whole safety baseline checking process, and the equipment execution data are matched with a preset checking tool set to deploy a checking control framework of the equipment safety baselines, so that the quick application and deployment capacity of a checking tool are improved, the safety baseline checking work is more efficient and quick, a corresponding baseline checking task is generated through the construction of an equipment reference library of the current equipment safety baselines, unified script generation basis is conveniently provided in the process of generating an automatic checking script, the script generation process is more standard, the preset checking execution scripts are mobilized according to the baseline checking task to independently check each safety baseline, process decoupling is facilitated in each safety baseline checking process, mutual interference in the safety baseline checking process is reduced, and accordingly checking operation script data of the equipment safety baselines are generated, the safety baseline checking management is uniformly conducted according to the checking operation scripts, and the efficiency of the equipment safety baseline checking is improved;

2. Classifying equipment working modes of the baseline checking tasks, classifying and managing the checking tasks under different working conditions, improving the flexibility of security baseline checking management, performing self-adaptive matching processing on checking execution scripts of the baseline checking tasks when the equipment working modes are in an equipment networking mode with good network environment, obtaining an automatic allocation strategy of the execution scripts, improving the suitability between each baseline checking task and the checking execution scripts, performing local autonomous processing on the baseline checking tasks when the equipment working modes are equipment isolation modes with poor network environment, reducing the risk of data loss during data isolation through an isolation autonomous strategy, combining a preset checking result output standard, and performing prejudgment on security checking results of equipment security baselines according to the automatic allocation strategy of the execution scripts and the isolation autonomous strategy, thereby improving the efficiency of security baseline checking according to the whole security checking results;

3. the method comprises the steps of acquiring check execution data of a baseline check task in an equipment isolation mode, carrying out real-time control on the check execution condition of the baseline check task, improving follow-up strength of the equipment baseline check progress, carrying out local operation processing on the check execution data through a pre-deployed check control architecture, calling a local accounting mode to carry out automatic control on each baseline check task, obtaining an adaptive local check control strategy, reducing waiting time in a waiting process of the check task, further improving applicability of safety baseline check to a plurality of application environments, calling the check execution script to carry out check processing on the local safety check data when the equipment isolation mode is converted into the equipment networking mode, generating an isolation autonomous strategy corresponding to the baseline check task, and being beneficial to carrying out local self-adaptive control on the baseline check task in an isolation state according to the isolation autonomous strategy, improving the baseline check automation degree in the isolation state, and improving the standardization of safety baseline check work.

Drawings

Fig. 1 is a flowchart of an implementation of a security baseline automated verification method according to an embodiment of the present application.

Fig. 2 is a flowchart illustrating an implementation of step S20 of the security baseline automatic checking method according to an embodiment of the present application.

Fig. 3 is a flowchart of another implementation of step S103 of the security baseline automated verification method according to an embodiment of the present application.

Fig. 4 is a flowchart of another implementation of a security baseline automated verification method step S30 according to an embodiment of the present application.

Fig. 5 is a flowchart illustrating an implementation of step S304 of the security baseline automatic checking method according to an embodiment of the present application.

Fig. 6 is a flowchart of another implementation of a security baseline automated verification method step S40 according to an embodiment of the present application.

Fig. 7 is a flowchart showing an implementation of step S503 of the security baseline automatic checking method according to an embodiment of the present application.

Fig. 8 is a schematic structural diagram of a security baseline automated verification system according to an embodiment of the present application.

Fig. 9 is a schematic diagram of the internal architecture of a computer device for implementing a secure baseline automated verification method.

Detailed Description

The present application is described in further detail below with reference to the accompanying drawings.

In one embodiment, as shown in fig. 1, the application discloses a security baseline automation verification method, which specifically includes the following steps:

S10: device execution data of the device is collected in real time, wherein the device execution data includes security baseline data and execution log data.

Specifically, device execution data are collected through a preset operation script in the device operation process, wherein the device execution data comprise safety baseline data and execution log data, the safety baseline data are a checking work flow of a safety baseline actively collected by the device operation script in the safety baseline checking work process, an intermediate file generated in the checking process and the like, and the execution log data are script operation logs actively generated by the device operation script in the data acquisition process, and the script operation log comprises script operation objects and all intermediate data generated in the operation process.

S20: and carrying out verification tool set matching processing on the equipment execution data, and deploying a verification control framework of the equipment safety baseline according to the matching relation between the equipment execution data and the verification tool set.

Specifically, as shown in fig. 2, step S20 specifically includes:

s101: the matching degree data between the device execution data and the checking tool set is acquired.

Specifically, the device execution data is adapted to a checking tool set in a preset safety baseline reference library, and a corresponding matching relationship is established between a device unique identification code of the device execution data and the checking tool set according to the adaptation degree, so that matching degree data between the device execution data and the checking tool set is obtained.

S102: and carrying out checking control strategy matching processing on each equipment safety base line according to the matching degree data to obtain an optimal control scheme of each equipment safety base line.

Specifically, the verification control policy matching processing is performed on each equipment safety base line according to the matching degree data, for example, the matching degree and the matching association relation between the equipment execution data and the verification tool set are performed on each equipment safety base line respectively with the preset verification control policy in the safety base library, and the optimally-adapted verification control policy is independently associated with the unique identification code of each equipment safety base line according to the optimal adaptation result of the verification control policy, so that the optimal control scheme of each equipment safety base line is obtained.

S103: when the optimal control scheme is the centralized control cloud service, a preset cloud service architecture is called to carry out remote deployment management on each equipment safety base line, and a remote centralized control strategy of the equipment safety base line is obtained.

Specifically, the selected optimal control scheme is judged according to the current network environment of the security baseline checking object, when the optimal control scheme is the centralized control cloud service, the cloud service architecture associated with the centralized control cloud service can be called to carry out remote deployment management on each equipment security baseline, the cloud service architecture is obtained through data training through historical operation and maintenance data generated in the historical operation and maintenance process, and the cloud service architecture is continuously updated and optimized in the later security baseline checking working process, so that the optimized cloud service architecture is more attached to the current security baseline checking situation, and is identical to a plurality of reference sets preset in the cloud service architecture, wherein the reference sets comprise a checking instruction set, an automatic checking algorithm, a checking mode, a checking method, a standard and a checking result output standard and the like.

In one embodiment, in order to improve the security of data transmission of device execution data, as shown in fig. 3, step S103 further includes:

s201: and carrying out data encryption processing on the equipment execution data of the equipment safety base line according to the remote centralized control strategy to obtain checking encryption data of the equipment safety base line.

Specifically, according to the remote centralized control strategy, data encryption processing is performed on the device execution data of the device security baseline, for example, the device execution data is encrypted according to a time sequence of the device execution process by a preset data encryption algorithm such as an RSA algorithm or an ECC algorithm, so as to obtain verification encrypted data of the device security baseline.

It should be noted that the data encryption algorithm may be set according to actual needs, and is not limited to one of the embodiments.

S202: and carrying out encryption mode adaptation processing on the verification encryption data to obtain verification encryption adaptation data which can be identified by the cloud service architecture.

Specifically, the verification encryption data is subjected to encryption mode adaptation processing, and the verification encryption data is subjected to data format conversion processing through a preset encryption transmission mode, so that the encryption transmission mode of the converted verification encryption data can be identified by the cloud service architecture, and verification encryption adaptation data is obtained.

S203: and carrying out data analysis processing on the verification encryption adaptation data, calling a remote execution script of the cloud service architecture according to the data analysis result, and carrying out verification analysis on the equipment security base line to obtain remote verification analysis data.

Specifically, data analysis processing is performed on the verification encryption adaptation data, for example, data analysis processing is performed on the verification encryption adaptation data by calling a data analysis algorithm preset on the cloud service architecture, equipment operation data carried in the verification encryption adaptation data is obtained according to analysis results, and verification analysis processing is performed on an equipment security base line by calling an adapted remote execution script according to the equipment execution data, so that remote analysis data based on the cloud service architecture is obtained.

S204: and according to the remote verification analysis data, performing remote verification policy matching processing on the base line verification task of each equipment safety base line to obtain a target remote verification policy of the equipment safety base line.

Specifically, according to remote verification analysis data of the equipment safety baselines, remote verification strategy matching processing is respectively carried out on the baseline verification tasks of each equipment safety baseline, according to the matching degree between the remote verification strategies and the baseline verification tasks, a remote verification strategy with the optimal matching degree is selected to carry out data association with the baseline verification tasks, wherein the remote verification strategy is obtained by carrying out data training on historical operation and maintenance data in advance through a cloud service architecture, and according to the association relation between the optimally-adapted remote verification strategy and the baseline verification tasks, the target remote verification strategy of the equipment safety baselines is obtained.

S104: when the optimal control scheme is local self-service, a preset local intranet framework is called to perform local deployment management on each equipment safety base line, and a local self-control strategy of the equipment safety base line is obtained.

Specifically, when the current network environment of the security baseline checking object is poor, that is, when the execution data of the security baseline checking object is difficult to timely send to the remote cloud service architecture, the optimal control scheme is selected as a local self-service strategy, then the local intranet framework associated with the local self-service is called to perform local deployment management on the checking work task of each equipment security baseline, including performing local checking instruction set adaptation on each checking work task, and calling a local checking algorithm to perform checking work on the equipment security baseline, thereby obtaining the local self-control strategy of the equipment security baseline, being beneficial to calling local checking resources to perform local distribution control on the equipment security baseline checking work, and improving effective utilization of resources.

S30: and constructing an equipment reference library which accords with the current equipment security baseline check according to the check control architecture, and generating a corresponding baseline check task.

Specifically, according to the verification control architecture, a device reference library which accords with the security baseline verification of the current device is constructed, for example, data training is carried out according to the security baseline verification data among devices, systems or applications of each specification, an automatic verification algorithm, a verification mode, a standard, a verification result output standard and the like of the devices of each model are fitted according to the training result, so that the device reference library is obtained according to the data training result of the security baseline verification data, the device reference library is used as an automatic execution standard of a verification method, the current verification task can be rapidly applied and deployed according to the model or the type in each automatic verification task, and a corresponding baseline accounting task is generated according to the identification data of the devices.

In one embodiment, in order to make the automation running script more fit to the current security baseline operation requirement, as shown in fig. 4, step S30 further includes:

s301: and acquiring equipment identification data under the current operation working condition in real time.

Specifically, device identification data under the current operation working condition is obtained through keyword identification or manual introduction of a checker, wherein the device identification data comprises IP data, URL data, system domain names and the like of devices, and instruction adaptation is carried out with an instruction set in a safety reference library according to the device characteristics of each device identification, so that the device identification data under the current operation working condition is obtained.

S302: and carrying out data association processing on the equipment identification data and a preset checking instruction set to generate checking task data corresponding to all checking items of each piece of equipment.

Specifically, the device identification data and a preset checking instruction set are subjected to data association processing, such as building an association relation between the checking instruction set and the device identification data, and instruction allocation processing is performed between the checking instruction set and the checking item according to the association relation, so as to obtain all checking task data corresponding to all checking items of each device.

S303: and respectively carrying out classification identification processing on each checking item according to the checking task data to generate a checking task configuration item for checking the security base line of each device.

Specifically, each checking item is respectively subjected to classification identification processing according to the checking task data, so that according to the association relation between the checking instruction set and the equipment identification data, the classification identification corresponding to each checking instruction in the checking instruction set is called to mark the unique equipment identification code, so that the checking instruction and the equipment security base line checking task can be associated one to one, and the checking task configuration item comprising the checking instruction and the checking task classification is obtained.

S304: and carrying out parameter adjustment processing on the checking operation script of the equipment safety base line according to the checking task configuration item to obtain a script adjustment strategy which is matched with the base line checking task of the current equipment safety base line.

Specifically, as shown in fig. 5, step S304 specifically includes the following steps:

s401: and carrying out check algorithm adaptation processing on each check task configuration item and the equipment reference library to obtain a target check algorithm adapted to the check task configuration item.

Specifically, each checking task configuration item and a preset checking algorithm in the device reference library are subjected to adaptation processing, for example, according to a corresponding classification identifier in the checking task configuration item, the checking algorithm corresponding to the classification identifier of the configuration item in the device reference library is called to carry out algorithm adaptation, and the checking algorithm standard of each checking task configuration item is calculated by combining device execution data, so that algorithm parameter adjustment processing is carried out on the adapted checking algorithm according to the checking algorithm standard, and a target checking algorithm matched with the checking task configuration item is obtained.

S402: and carrying out operation processing on the checking script on all the checking task configuration items and the corresponding target checking algorithm to generate a checking operation script of the whole equipment security base line.

Specifically, the operation processing of the checking script is performed on all the checking task configuration items and the corresponding target checking algorithm, for example, the checking operation is performed on the checking requirement parameters in the checking task configuration items through the target checking algorithm, so that the checking operation script corresponding to the checking task configuration items is obtained.

S403: and in the running process of the checking running script, acquiring the checking running progress of each baseline checking task in real time.

Specifically, in the running process of the checking running script, the checking running progress of each baseline checking task is obtained in real time, for example, when each baseline checking task calls the checking running script to start checking work, the checking running progress of the baseline checking task is recorded, and when the operation of the checking running script is finished, the complete checking running progress is obtained.

S404: and carrying out parameter adjustment processing on the checking operation script under the current operation condition according to the checking operation progress to obtain a script adjustment strategy which is matched with the current accounting operation progress.

Specifically, according to the checking operation progress, parameter adjustment processing is performed on the checking operation script under the current operation condition, including judging whether the checking operation script runs normally according to the checking operation progress, and when the checking operation script runs faults, replacing fault parameters of the checking operation script under the fault state through equipment execution data, and synchronously generating a fault modification log, or when the operation rate of the checking operation script is slow, adjusting the operation parameters of the checking operation script into local parameter call in time, and continuously adjusting the parameters of the checking operation script to obtain a script adjustment strategy adapted to the current checking operation progress.

S40: and calling a preset checking execution script to respectively and independently check each safety base line according to the base line checking task to generate checking operation script data of the safety base line of the equipment.

Specifically, according to the base line checking task, a checking execution script preset in the safety base line library is called to respectively perform checking processing on each safety base line, for example, checking parameters in the base line checking task are input into a checking operation script, and key parameters in the checking operation script are modified to obtain checking operation script data matched with the base line checking task.

In one embodiment, in order to more orderly and accurately manage the security baseline checking operation under different working states, as shown in fig. 6, step S40 further includes:

s501: and acquiring a device working mode corresponding to the baseline checking task, wherein the device working mode comprises a device networking mode and a device isolation mode.

Specifically, according to the current network environment where the device is located, a device working mode corresponding to the base line checking task is obtained, wherein the device working mode comprises a device networking mode and a device isolation mode, for example, when the device network environment is good, the device working mode is set to the device networking mode, and when the device network environment is poor, the device working mode is set to the device isolation mode.

S502: and when the equipment working mode is the equipment networking mode, checking the self-adaptive matching processing of the execution script for the base line checking task to obtain the automatic allocation strategy of the execution script.

Specifically, when the equipment working mode is the equipment networking mode, performing self-adaptive matching processing on the checking execution script of the base line checking task, for example, actively calling online bandwidth resources to upload equipment execution data to the cloud service architecture in the equipment networking mode, calling the checking execution script of the cloud service architecture to perform automatic operation of the checking work on the base line checking task, and in the checking process of the checking execution script, timely calling the equipment execution data to perform parameter adjustment on the checking execution script through key item matching, thereby obtaining an automatic allocation strategy of the execution script.

S503: and when the equipment working mode is an equipment isolation mode, carrying out local autonomous processing on the base line checking task to obtain an isolation autonomous strategy.

Specifically, when the device operation mode is the device isolation mode, local autonomous processing is performed on the baseline checking task, for example, when the bandwidth resource of the network environment is insufficient to support the device execution data to be sent to the cloud service architecture, the device operation mode is switched to the device isolation mode, and in the device isolation mode, the device local resource can be invoked to process the security baseline checking task, as shown in fig. 7, step S503 specifically includes the following steps:

s601: and obtaining verification execution data of a baseline verification task in the equipment isolation mode.

Specifically, in the device isolation mode, when the device working mode is switched, device execution data is started to serve as device isolation data, the device isolation data is continuously uploaded to the cloud service architecture, a local baseline checking task is locally stored through a local built-in storage resource, and the type of the baseline checking task is classified and stored.

S602: and carrying out local operation processing on the checking execution data according to a pre-deployed checking control architecture to obtain a local checking control strategy which is matched with each base line checking task.

Specifically, local operation processing is performed on the checking execution data according to a checking control architecture which is deployed in advance locally in the equipment, such as a local checking instruction set, a local checking algorithm, a local checking result output index and the like in the checking control architecture are called, local resource association is performed on the checking execution data, and a local checking control strategy which is adapted to each baseline checking task is generated according to the local resource association condition.

S603: and according to the local checking control strategy, calling a local checking instruction set to perform security checking processing on the base line checking task to obtain local security checking data.

Specifically, according to the local checking control strategy, a local checking instruction set is called to perform security checking processing on the base line checking tasks, for example, automatic checking processing is performed on each base line checking task through a local automatic checking script, single checking is performed on checking parameters in the base line checking tasks through the local checking instruction set, and the checking results of the base line checking tasks are evaluated by combining the locally stored historical checking data as checking result output indexes, so that the local security checking data are obtained.

S604: and when the equipment isolation mode is converted into the equipment networking mode, calling a checking execution script to carry out checking processing on the local security checking data, and generating an isolation autonomous strategy of a base line checking task.

Specifically, when the current network environment of the device is optimized, namely, when bandwidth resources sufficient to support uploading of device execution data to the cloud service architecture exist, the device isolation mode is converted into a device networking mode, the device isolation data in the isolation mode is uploaded to the cloud service architecture, the verification execution script of the cloud service architecture is called to carry out verification processing on the local security verification data, and execution parameters of corresponding items of the verification execution script are modified through verification parameters of the local security verification data, so that an isolation autonomous strategy of a baseline verification task is obtained.

S504: and performing pre-judging treatment on the safety check of the equipment safety base line according to the automatic allocation strategy and the isolation autonomous strategy of the execution script to obtain the integral safety check result of the equipment safety base line.

Specifically, the whole process of checking the safety base line is comprehensively analyzed according to the automatic allocation strategy and the isolation autonomous strategy of the execution script, the safety checking of the safety base line is pre-judged by combining the preset checking result output standard in the safety base line library as an index, the pre-judging result comprises a plurality of checking results which are in line with, do not in line with, partially in line with, to be checked and the like, and the whole safety checking result of the safety base line of the equipment is obtained according to the execution of all the base line safety checking tasks by the execution script, thereby being beneficial to helping safety management staff to efficiently and comprehensively complete the checking task of the safety base line.

It should be understood that the sequence number of each step in the foregoing embodiment does not mean that the execution sequence of each process should be determined by the function and the internal logic of each process, and should not limit the implementation process of the embodiment of the present application in any way.

In one embodiment, a security baseline automation verification system is provided, where the security baseline automation verification system corresponds to the security baseline automation verification method in the above embodiment one-to-one. As shown in fig. 8, the security baseline automation verification system includes a device data acquisition module, a verification tool matching module, a verification task generation module, and a verification script generation module. The functional modules are described in detail as follows:

the device data acquisition module is used for acquiring device execution data of the device in real time, wherein the device execution data comprises safety baseline data and execution log data.

And the checking tool matching module is used for carrying out checking tool set matching processing on the equipment execution data and deploying a checking control framework of the equipment safety base line according to the matching relation between the equipment execution data and the checking tool set.

And the checking task generating module is used for constructing an equipment reference library which accords with the current equipment security baseline checking according to the checking control architecture and generating a corresponding baseline checking task.

Preferably, the verification script generation module further includes:

the working mode acquisition sub-module is used for acquiring a device working mode corresponding to the base line checking task, wherein the device working mode comprises a device networking mode and a device isolation mode.

And the execution script allocation sub-module is used for checking the self-adaptive matching processing of the execution script for the base line checking task when the equipment working mode is the equipment networking mode, so as to obtain the automatic allocation strategy of the execution script.

And the isolation autonomous submodule is used for carrying out local autonomous processing on the base line checking task when the equipment working mode is the equipment isolation mode to obtain an isolation autonomous strategy.

And the safety check pre-judging sub-module is used for pre-judging the safety check of the equipment safety base line according to the automatic allocation strategy and the isolation autonomous strategy of the execution script to obtain the integral safety check result of the equipment safety base line.

Preferably, the isolated autonomous submodule specifically includes:

and the checking execution data acquisition unit is used for acquiring the checking execution data of the baseline checking task in the equipment isolation mode.

And the local operation processing unit is used for carrying out local operation processing on the checking execution data according to a pre-deployed checking control framework to obtain a local checking control strategy which is matched with each base line checking task.

And the local checking unit is used for calling a local checking instruction set to perform security checking processing on the base line checking task according to the local checking control strategy to obtain local security checking data.

And the remote checking unit is used for calling a checking execution script to carry out checking processing on the local security checking data when the equipment isolation mode is converted into the equipment networking mode, and generating an isolation autonomous strategy of a base line checking task.

Preferably, the verification task generating module further includes:

the equipment identification acquisition sub-module is used for acquiring equipment identification data under the current operation working condition in real time.

And the data association sub-module is used for carrying out data association processing on the equipment identification data and a preset checking instruction set to generate checking task data corresponding to all checking items of each piece of equipment.

And the classification identification processing sub-module is used for respectively carrying out classification identification processing on each checking item according to the checking task data to generate a checking task configuration item for checking the security base line of each device.

And the running script adjusting sub-module is used for carrying out parameter adjustment processing on the checking running script of the equipment safety base line according to the checking task configuration item to obtain a script adjusting strategy which is matched with the base line checking task of the current equipment safety base line.

Preferably, the running script adjusting submodule specifically includes:

and the algorithm adaptation unit is used for carrying out the adaptation processing of the verification algorithm on each verification task configuration item and the equipment reference library to obtain a target verification algorithm adapted to the verification task configuration item.

And the script operation unit is used for carrying out verification script operation processing on all the verification task configuration items and the corresponding target verification algorithm to generate a verification operation script of the whole equipment safety base line.

And the checking operation progress acquisition unit is used for acquiring the checking operation progress of each baseline checking task in real time in the running process of the checking operation script.

And the script parameter adjustment unit is used for carrying out parameter adjustment processing on the checking operation script under the current operation working condition according to the checking operation progress to obtain a script adjustment strategy which is matched with the current accounting operation progress.

Preferably, the checking tool matching module specifically includes:

and the matching degree acquisition sub-module is used for acquiring matching degree data between the device execution data and the checking tool set.

And the verification control strategy matching sub-module is used for carrying out verification control strategy matching processing on each equipment safety base line according to the matching degree data to obtain an optimal control scheme of each equipment safety base line.

And the remote deployment management sub-module is used for calling a preset cloud service architecture to carry out remote deployment management on each equipment safety base line when the optimal control scheme is the centralized control cloud service, so as to obtain a remote centralized control strategy of the equipment safety base line.

And the local deployment management sub-module is used for calling a preset local intranet framework to perform local deployment management on each equipment safety base line when the optimal control scheme is local self-service, so as to obtain a local self-control strategy of the equipment safety base line.

Preferably, the remote deployment management sub-module further comprises:

and the data encryption unit is used for carrying out data encryption processing on the equipment execution data of the equipment safety base line according to the remote centralized control strategy to obtain check encryption data of the equipment safety base line.

And the encryption mode adapting unit is used for carrying out encryption mode adapting processing on the verification encryption data to obtain verification encryption adapting data which can be identified by the cloud service architecture.

And the data analysis unit is used for carrying out data analysis processing on the verification encryption adaptation data, calling a remote execution script of the cloud service architecture according to the data analysis result, and carrying out verification analysis on the equipment security base line to obtain remote verification analysis data.

And the verification strategy adapting unit is used for carrying out remote verification strategy matching processing on the base line verification task of each equipment safety base line according to the remote verification analysis data to obtain the target remote verification strategy of the equipment safety base line.

Specific limitations regarding the security baseline automated verification system may be found in the limitations of the security baseline automated verification method above, and are not described in detail herein. The various modules in the above-described secure baseline automated verification system may be implemented in whole or in part by software, hardware, and combinations thereof. The above modules may be embedded in hardware or may be independent of a processor in the computer device, or may be stored in software in a memory in the computer device, so that the processor may call and execute operations corresponding to the above modules.

In one embodiment, a computer device is provided, which may be a server, and the internal structure of which may be as shown in fig. 9. The computer device includes a processor, a memory, a network interface, and a database connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, computer programs, and a database. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The database of the computer device is used for storing intermediate file data generated in the automatic checking process of the safety baseline of the device. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program, when executed by a processor, implements a secure baseline automated verification method.

In one embodiment, a computer readable storage medium having a computer program stored thereon, which when executed by a processor, implements the steps of the above security baseline automated verification method.

Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in the various embodiments provided herein may include non-volatile and/or volatile memory. The nonvolatile memory can include Read Only Memory (ROM), programmable ROM (PROM), electrically Programmable ROM (EPROM), electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double Data Rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous Link DRAM (SLDRAM), memory bus direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), among others.

It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-described division of the functional units and modules is illustrated, and in practical application, the above-described functional distribution may be performed by different functional units and modules according to needs, i.e. the internal structure of the system is divided into different functional units or modules to perform all or part of the above-described functions.

The above embodiments are only for illustrating the technical solution of the present application, and are not limiting; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present application, and are intended to be included in the scope of the present application.

Claims

1. A security baseline automation verification method, characterized in that the security baseline automation verification method comprises:

the process of matching the checking tool set is performed on the device execution data, and the checking control architecture of the device security baseline is deployed according to the matching relationship between the device execution data and the checking tool set, specifically including:

when the optimal control scheme is local self-service, a preset local intranet framework is called to perform local deployment management on each equipment safety base line, and a local self-control strategy of the equipment safety base line is obtained;

2. The automatic verification method for the safety base line according to claim 1, wherein the step of calling a preset verification execution script to perform independent verification processing on each safety base line according to the base line verification task to generate verification operation script data of the safety base line of the device, further comprises:

3. The automatic verification method for the security baseline according to claim 2, wherein when the equipment working mode is an equipment isolation mode, performing local autonomous processing on the baseline verification task to obtain an isolation autonomous policy, and specifically includes:

4. The automatic security baseline verification method according to claim 1, wherein the constructing a device reference library according to the verification control architecture, and generating a corresponding baseline verification task, further comprises:

5. The automatic verification method for the safety base line according to claim 4, wherein the parameter adjustment processing is performed on the verification running script of the safety base line of the device according to the verification task configuration item to obtain a script adjustment policy adapted to the base line verification task of the current safety base line of the device, and the method specifically comprises:

6. The method for automatically checking the security baseline according to claim 1, wherein when the optimal control scheme is a centralized control cloud service, invoking a preset cloud service architecture to perform remote deployment management on each device security baseline to obtain a remote centralized control policy of the device security baseline, further comprising:

7. A security baseline automation verification system, the security baseline automation verification system comprising:

the checking tool matching module specifically comprises: the matching degree acquisition sub-module is used for acquiring matching degree data between the equipment execution data and the checking tool set;

the verification control strategy matching sub-module is used for carrying out verification control strategy matching processing on each equipment safety base line according to the matching degree data to obtain an optimal control scheme of each equipment safety base line;

the remote deployment management sub-module is used for calling a preset cloud service architecture to carry out remote deployment management on each equipment safety base line when the optimal control scheme is the centralized control cloud service, so as to obtain a remote centralized control strategy of the equipment safety base line;

The local deployment management sub-module is used for calling a preset local intranet framework to carry out local deployment management on each equipment safety base line when the optimal control scheme is local self-service, so as to obtain a local self-control strategy of the equipment safety base line;

8. A computer device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, characterized in that the processor implements the steps of the security baseline automated verification method according to any one of claims 1 to 6 when the computer program is executed by the processor.

9. A computer readable storage medium storing a computer program, wherein the computer program when executed by a processor implements the steps of the security baseline automated verification method of any one of claims 1 to 6.