TWM583959U - Inspection and correction system of server's configuration - Google Patents

Abstract

A server configuration check and correction system, including an authorization device and a server. The authorization device includes a storage circuit and a control circuit. The storage circuit stores the hard body code and the first hash value. The control circuit includes first and second triggering elements. The control circuit generates the first or second operation signals respectively when the first or second triggering element receives the triggering operation. The server is used to install the verification program, check program and correction program. The verification program is used to determine whether the authorization device, the verification program and the correction program are legal. The check program is executed after the verification program determines that it is legal and receives the first operation signal to generate an inspection report. The correction program is executed to correct at least one configuration value of the server after the verification program determines that it is legal and receives the second operation signal.

Description

Server configuration check and correction system

This creation is about the configuration check and correction of the server, especially a system and method for checking and correcting the configuration of the server through the authorization device.

New servers or computers purchased by financial institutions can be installed with various open operating systems such as Windows, AIX, Linux, etc. Before these servers are actually operating, the security personnel need to confirm that the security settings in each server or computer are in compliance with internal specifications.

However, the way in which the server configuration is now checked is labor intensive and labor intensive. In particular, the auditor must be familiar with the command operations of the command line interface such as Windows PowerShell, Linux Bash or IBM AIX korn shell to check smoothly. In addition, not only the laborious and time-consuming inspection, but also the correction of the server configuration with incorrect parameter settings requires a lot of time and labor costs. Furthermore, due to the large number of open server operating systems, when the server updates the version of the operating system, the instructions used to check or correct the server configuration may be updated, resulting in checks and programs. Developers may not be able to quickly complete related operations using previous instructions, increasing the difficulty of checking and correcting operations. Another point that cannot be ignored is that the manual inspection method is likely to affect the stability and security of the entire server system due to a small error of the auditor.

In view of this, this author proposes a server configuration check correction system and a method for checking and correcting the configuration of the server. Under the premise of meeting the financial security requirements of the financial institution, the server configuration check and correction are saved. Manpower and time costs of the program.

A server configuration check and correction system, including an authorization device and a server, according to an embodiment of the present invention. The authorization device includes a storage circuit and a control circuit. The storage circuit is used to store the hard body code and the first hash value. The control circuit includes a first trigger element and a second trigger element. The control circuit is configured to generate a first operation signal when the first trigger element receives the trigger operation, and generate a second operation signal when the second trigger element receives another trigger operation. The server is electrically connected to the authorized device. The server is used to install the verification program, check program and correction program. The verification program is used to determine whether the authorization device, the verification program and the correction program are legal. The check program is executed after the verification program determines that it is legal and receives the first operation signal to generate an inspection report. The correction program is configured to perform at least one configuration value of the correction server after the verification program determines that it is legal and receives the second operation signal.

A method for checking and correcting a server configuration according to an embodiment of the present invention includes: electrically connecting a server with a check program and a correction program to an authorized device; and executing a verification program to determine an authorized device and checking the server Whether the nuclear program and the correction program are legal; when the verification program determines that the authorization device, the verification program and the correction program are both legal, the authorized device outputs one of the first operation signal and the second operation signal; wherein the server receives the first operation When the signal is received, the check program is executed to generate a check report; or when the server receives the second operation signal, the correction program is executed to correct at least one configuration value of the server.

The above description of the disclosure and the following description of the embodiments are intended to illustrate and explain the spirit and principles of the present invention, and to provide further explanation of the scope of the patent application of the present invention.

The detailed features and advantages of the present invention are described in detail below in the embodiments, which are sufficient to enable any skilled artisan to understand the technical contents of the present invention and implement it according to the contents, the scope of the patent application and the drawings. Anyone familiar with the relevant art can easily understand the purpose and advantages of this creation. The following examples are intended to further illustrate the scope of this creation, but do not limit the scope of the creation in any way.

1 is a block diagram of a server configuration check and correction system 10 in accordance with an embodiment of the present invention. As shown in FIG. 1, the server configuration check and correction system 10 includes an authorization device 1 and a server 3. The authorization device 1 is electrically connected to the server 3. Specifically, the authorization device 1 is electrically connected to the server 3 based on a Human Interface Device (HID) protocol in the Universal Serial Bus (USB) standard. Compared with the USB Stroage Device Class (MSC) protocol in the Universal Serial Bus (USB) standard as the authorization device for the connection interface, the HID protocol can reduce the risk of computer poisoning. In addition, the authorization device 1 employing the HID protocol can be used for the server 3 to which the USB port is disabled.

Please refer to Figure 1. The authorization device 1 includes a storage circuit 12 and a control circuit 14. The storage circuit 12 can store the hard body code and the first hash value, wherein the hard body code and the first hash value are written to the storage circuit 12 in advance. The hard body code is used to prove that the authorizing device 1 belongs to a trusted device. The first hash value is used by server 3 to verify that the program installed by itself has not been tampered with. The application of the hard body code and the first hash value will be described later.

The control circuit 14 includes a first trigger element 16 and a second trigger element 18. Please refer to FIG. 2. FIG. 2 is a schematic diagram of the connection between the authorization device 1 and the server 3 according to the server configuration check and correction system 10 according to an embodiment of the present invention. In practice, the authorization device 1 is presented, for example, in the appearance of a USB flash drive type, and is electrically connected to the server 3 through the connector 11 . The first triggering element 16 and the second triggering element 18 are presented, for example, in the form of buttons or toggle switches. The exterior of the second triggering element 18 may further include a protective casing 19 to prevent false touches. It should be noted that the above appearance is merely an example and is not intended to limit the creation.

Please refer to Figure 1. The control circuit 14 generates a first operational signal when the first triggering component 16 receives the triggering operation. When the second triggering element 18 receives another triggering operation, the control circuit 14 generates a second operational signal. The triggering operation is, for example, pressing a button or a toggle switch, and the present creation does not limit the manner in which the operation is triggered.

Please refer to FIG. 1 and FIG. 3 together. FIG. 3 is a flow chart showing a method for checking and correcting the configuration of the server according to an embodiment of the present invention. The server 3 includes an arithmetic circuit 32 and a storage circuit 34. The arithmetic circuit 32 is electrically connected to the storage circuit 34. The storage circuit 34 can be pre-installed with the verification program, the check program, and the correction program, as shown in step S0 of FIG.

Please refer to step S1: electrically connecting the authorization device 1 to the server 3. After the step S1 is completed, the server 3 will execute the verification program by the operation circuit 32 to determine whether the device connected to itself is a legitimate device, and then according to the legal authorization device 1 to determine whether the check program and the correction program installed by itself are legal. The term "legal" means that the check-up procedure and the correction program have not been infected by a computer virus or have been damaged.

In detail, as shown in step S2, the verification program first obtains the hardware code and the current time of the system. In practice, the hardware signal of the authorization device 1 can be obtained by the operation circuit 32 of the server 3 to obtain the hard code of the authorization device 1; the authorization device 1 can also actively send the hard signal to the server 3 after the server 3 is electrically connected. In vivo code, this creation does not limit the way in which the hard body code is obtained.

After obtaining the hard body code, the verification program determines whether the hardware code is legal, as shown in step S3. For example, the verification program stores a list that includes a plurality of sub-lists. Each sub-list includes a plurality of legal hard-codes and a legal time segment. These legal hard body codes are, for example, pre-written into the list by the security unit. The legal time zone represents the effective use time of the hard body code in the sub-list. Therefore, the verification program finds that the current time falls on the sub-list of the legal time zone, and then compares the obtained hard body code with the legal hard body code in the sub-list; if the match is found, it represents the authorized device. 1 is a legal authorization device; if no match is found, the operation unit 32 sends a notification signal to inform the user that the authorization device 1 is an illegal authorization device, and returns to step S2 to re-acquire the hard body code.

After confirming that the authorizing device 1 is legal, the verification program continues to obtain the first hash value stored in the storage circuit 12 of the authorizing device 1, as shown in step S4. The verification program executes a hash algorithm according to the check program and the correction program to generate a second hash value, as shown in step S5. The hash algorithm is, for example, a third-generation Secure Hash Algorithm 3 (SHA-3), but the present invention is not limited thereto. Referring to step S6, the verification program compares whether the first hash value and the second hash value are the same, thereby confirming whether the check program and the correction program installed on the server 3 are still the original installed version. If the first hash value is the same as the second hash value, the contents of the check program and the correction program are not changed. Therefore, the verification program generates a legal signal to indicate legality. The legal signal, for example, instructs the arithmetic circuit 32 to send another notification signal, thereby informing the user that the verification or correction of the configuration of the server 3 can be started.

Referring to step S7, after confirming that the check program and the correction program are legal, the user can trigger the first trigger component 16 on the authorization device 1 to select to execute the check program on the server 3, or trigger the first on the authorization device 1. The trigger element 18 is selected to be on the server 3 or to modify the program.

When the first operation signal generated by the first triggering component 16 is received (corresponding to the user pressing the check button), step S8 is performed: the computing unit 32 executes the checking program to generate a check report. In detail, the check program detects the type of the operating system of the server 3 and executes a plurality of check instructions corresponding to the type of the operating system, and the check command is used to obtain a plurality of configuration settings of the server 3. value. The check program can compare the obtained configuration settings according to a standard set value list (for example, a specification table defined by the financial institution), and output the comparison result to the check report, and the user can check according to the check. The report knows the configuration settings of the server 3.

The configuration value is, for example, the password length setting value of the server 3, or the protection stack function of the operating system is turned on to prevent IP transmission or host spoofing. In practice, the inspection instructions in the verification program can be defined by the financial institution's internal specifications.

When the second operation signal generated by the second triggering component 18 is received (corresponding to the user pressing the correction button), step S9 is performed: the arithmetic unit 32 executes a correction program to modify at least one configuration value of the server 3. In detail, the correction program detects the type of the operating system of the server 3 and executes a plurality of correction instructions corresponding to the type of the operating system. The correction command is used to replace the plurality of configuration settings of the server 3 according to a plurality of setting values of the standard set value list.

In another embodiment of the present creation, a password verification program may be further included before step S8 or step S9 is performed. The user must input the specified password in the interface provided by the server 3 to continue the check program of step S8 or the correction program of step S9. The above method can enhance the security of the check or correction operation.

In practice, the check program and the correction program are written in Java language, for example, and developed with the Java Development Kit. Therefore, the check program and the correction program can be operated in the environment of various operating systems, and call the check command or the correction command corresponding to the current operating system. The use of cross-platform programming language development check and correction programs can reduce the cost of subsequent program maintenance and reduce the cost of education and training. In addition, the update of the subsequent server 3 operating system can be easily applied to the server 3 running different operating systems only by corresponding to the check command in the check check program or the correction command in the correction program.

In summary, the server configuration check and correction system and the method for checking and correcting the server configuration disclosed in the present invention only need to connect the authorized device to the server and then press the check or correction button on the authorized device. The server itself can check or correct its own configuration settings by batch operation, thus greatly shortening the working time and increasing the working efficiency. Secondly, the authoring device proposed by this creation uses the USB Human Interface Device protocol instead of the USB Mass Storage Device protocol adopted by the traditional USB flash drive. Therefore, the risk of poisoning the server system caused by the flash drive can be avoided, and the server verification check operation can be performed on the server that limits the use of the USB device by using the HID protocol. Furthermore, before the correction and verification program is executed, it is necessary to confirm whether the firmware code of the authorized device is legal, thereby avoiding unauthorized operations. Therefore, this creation can achieve Authenticity and Accountability in the information security principles. In addition, the verification and correction program disclosed in this work uses the SHA-3 algorithm to perform the safety hash calculation in advance and put the hash value into the authorization device. Before performing the check and correction program, it is necessary to perform the hash value verification with the authorized device, and the execution can be continued after the verification program is passed. Therefore, it is possible to avoid the tampering of the check program and the correction program, so that the integrity of the information security principle (Integrity) can be achieved. When the hash value verification fails, the user may also be reminded that the server may have been infected with a virus. In addition, the check and correction program described in this creation is developed by JDK, so the same program can be executed on different platforms. Therefore, it is possible to reduce the educational training and use costs of the check and correction operators, and to improve the portability of the check and correction program. This creation can also update the instructions of the operating system by checking and updating the program, thereby solving the problem of checking or correcting the interruption of operations due to different instructions between the operating systems.

Although the present invention has been disclosed above in the foregoing embodiments, it is not intended to limit the present invention. The changes and refinements that are made without departing from the spirit and scope of this creation are within the scope of patent protection of this creation. Please refer to the attached patent application scope for the scope of protection defined by this creation.

10‧‧‧Server configuration check and correction system  1‧‧‧Authorized device  11‧‧‧Connecting head  12‧‧‧Storage circuit  14‧‧‧Control circuit  16‧‧‧First trigger element  18‧‧‧second trigger element  19‧‧‧ protective cover  3‧‧‧Server  32‧‧‧Operating circuit  34‧‧‧Storage circuit  

1 is a block diagram of a server configuration check and correction system according to an embodiment of the present invention.  2 is a schematic diagram showing the connection between an authorization device and a server according to the server configuration check and correction system according to an embodiment of the present invention.  3 is a flow chart showing a method of checking and correcting a server configuration according to an embodiment of the present invention.  

Claims (5)

A server configuration check and correction system includes: an authorization device, including a storage circuit and a control circuit, the storage circuit is electrically connected to the control circuit and configured to store a hard body code and a first hash value; The control circuit includes a first trigger component and a second trigger component. The control circuit is configured to generate a first operation signal when the first trigger component receives a trigger operation, and receive another trigger operation when the second trigger component receives a trigger operation. And generating a second operation signal; and a server electrically connected to the authorization device, wherein the server is configured to install a verification program, a verification program and a correction program, wherein the verification program is used to determine the authorization device, Whether the check program and the correction program are legal; the check program is executed after the verification program determines that it is legal and receives the first operation signal to generate a check report; the correction program is used for the verification After the program determines that it is legal and receives the second operation signal, it is executed to correct at least one configuration value of the server. The server configuration check and correction system of claim 1, wherein the verification program is further configured to obtain the hardware code of the authorized device, determine whether the hardware code is legal to determine whether the authorized device is legal; The verification program is further configured to obtain the first hash value of the authorized device, execute a hash algorithm according to the check program and the correction program to generate a second hash value, and compare the first hash value with the second The hash value selectively generates a legal signal to indicate whether the check program and the correction program are legal; wherein the hash algorithm is a third generation Secure Hash Algorithm 3 (SHA-3). The server configuration check and correction system of claim 2, wherein the verification program is further configured to store a list, the list includes a plurality of sub-lists, each of the sub-lists including a plurality of legal hard-body codes, Each of the sub-lists has a legal time segment; the verification program is further configured to: according to a current time and the hardware code ratio of the authorized device, the legal time segment of the sub-list and one of the sub-lists The legal hard body code, wherein the current time falls within the legal time zone of one of the sub-lists. The server configuration check and correction system of claim 1, wherein the authorization device is electrically connected to the server based on a Human Interface Device protocol. The server configuration check and correction system of claim 1, wherein the check program and the correction program are developed by the Java Development Kit; the check program is further configured to detect an operating system of the server and Executing a plurality of check instructions corresponding to the operating system, the check commands are used to obtain a plurality of configuration settings of the server, according to a standard set value list, and a set value of the configuration, and output one Checking the report, and the correction program is further configured to detect the operating system of the server and execute a plurality of correction commands corresponding to the operating system, the correction commands being used to determine a plurality of settings according to the standard set value list Replace the configuration settings of the server separately.