WO2017167015A1 - Method and device for server device security management and computer storage medium - Google Patents

Method and device for server device security management and computer storage medium Download PDF

Info

Publication number
WO2017167015A1
WO2017167015A1 PCT/CN2017/076797 CN2017076797W WO2017167015A1 WO 2017167015 A1 WO2017167015 A1 WO 2017167015A1 CN 2017076797 W CN2017076797 W CN 2017076797W WO 2017167015 A1 WO2017167015 A1 WO 2017167015A1
Authority
WO
WIPO (PCT)
Prior art keywords
security
hardening
server device
report
scan report
Prior art date
Application number
PCT/CN2017/076797
Other languages
French (fr)
Chinese (zh)
Inventor
周祥生
陈俊
余谦益
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2017167015A1 publication Critical patent/WO2017167015A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security

Definitions

  • the present invention relates to the field of server device security management technologies, and in particular, to a server device security management method, apparatus, and computer storage medium.
  • the patch management and configuration of server equipment to form a scale many commercial companies developing security products can provide professional-grade scanning products, these products can provide security for mainstream LINUX, WINDOWS server equipment and ORACLE, SYBASE database system
  • the detection function prompts the security risks such as the old patch version and the vulnerable security configuration of the system.
  • the embodiments of the present invention provide a server device security management method, apparatus, and computer storage medium.
  • the server device is security hardened according to the keyword that does not pass the security check entry.
  • the step of performing security hardening on the server device according to the keyword that does not pass the security check entry includes:
  • the step of retrieving the hardening program library according to the search key that does not pass the security check entry, and generating an executable security hardening package for the server device includes:
  • An executable security hardening package is generated for the server device based on an executable script generated by the automated hardening program.
  • the step of obtaining a security scan report for the server device includes:
  • the method further includes:
  • the embodiment of the invention further provides a server device security management device, including:
  • Obtaining a module configured to obtain a security scan report for the server device
  • An analysis module configured to analyze the security scan report, and separate a search keyword that fails the security check entry from the security scan report;
  • the security module is configured to perform security hardening on the server device according to the keyword that does not pass the security check entry.
  • the reinforcement module includes:
  • a generating unit configured to retrieve a hardening library according to the retrieval key that does not pass the security check entry, and generate an executable security hardening package for the server device;
  • the scheduling unit is configured to upload the executable security hardening package to the corresponding server device to perform a security hardening operation on the corresponding server device.
  • the generating unit is further configured to: retrieve an automated hardening library according to the search key that does not pass the security check entry, obtain an automated hardening program corresponding to the failed security check entry; and obtain an automated hardening program Generate executable scripts; generate executable security hardening packages for server devices based on executable scripts generated by the automated hardening program.
  • the acquiring module is configured to select a third-party security scanning reporting platform, obtain the identifier and template information of the third-party security scanning reporting platform, and obtain security for the server device from the selected third-party security scanning reporting platform. Scanning report; obtaining a corresponding report resolution policy from the data storage module according to the identifier and template information of the third-party security scan report platform; and obtaining a corresponding search keyword.
  • the scheduling unit is further configured to receive a reinforcement report fed back by the server device after performing a security hardening operation.
  • the embodiment of the invention further provides a computer storage medium, the computer storage medium comprising a set of instructions, when executed, causing at least one processor to execute the server device security management method described above.
  • a server device security management method, device and computer storage medium obtains a security scan report by analyzing a security scan report of a server device, The search keyword that fails the security check entry is separated in the full scan report; the corresponding server device is security-hardened according to the search keyword that does not pass the security check entry, thereby realizing the server device security assessment, analysis, and security hardening ( Automated processing of server equipment security management, improve the efficiency of evaluation results analysis, reduce manual analysis errors, and improve the automation level of security reinforcement.
  • FIG. 1 is a schematic structural diagram of a system involved in an embodiment of the present invention
  • FIG. 2 is a schematic flowchart of a first embodiment of a server device security management method according to the present invention
  • FIG. 3 is a schematic diagram of a service flow for initiating a third-party security scan report and automatically analyzing a report by using a scan report analysis module according to an embodiment of the present invention
  • FIG. 4 is a schematic flowchart of a second embodiment of a server device security management method according to the present invention.
  • FIG. 5 is a schematic diagram of a service process for automatically hardening a device according to an embodiment of the present invention
  • FIG. 6 is a schematic diagram of a business process of one-click completion report analysis and security hardening in the embodiment of the present invention.
  • FIG. 7 is a schematic diagram of functional modules of a first embodiment of a server device security management apparatus according to the present invention.
  • a third-party compliance security scan report import function is provided, and the scan report is analyzed by comparing the configured parsing rules, the solution is automatically generated, and an executable security hardening program is automatically generated, and Provide online, batch, and automated server device reinforcement functions, from device security assessment to evaluation result analysis, to device security hardening process, “one button” and automated security hardening, so as to improve the efficiency of evaluation results. Provide solutions to reduce manual analysis errors and improve the automation level of security hardening.
  • the solution of the embodiment of the present invention can implement a security scan report on one or more server devices.
  • the intelligent architecture, security hardening and other automated operations, the system architecture can be seen in Figure 1.
  • the architecture may involve: a server security management device, and a plurality of server devices (ie, the host device shown in FIG. 1 , wherein a corresponding proxy module may be set to communicate with the server security management device) .
  • the server security management device may include: a basic data management module, a data storage module, a scan report analysis module, an automated reinforcement program library, and an automated hardening scheduling module.
  • the basic data management module is a human-computer interaction interface. Through this interface, the system administrator can set a third-party security scan report platform (manufacturer) that supports the security scan report, define the format of the scan report of each manufacturer, and analyze the scan report.
  • the logic and strategy (such as compliance entry keywords, scanning device IP information location, etc.), manufacturers and strategies can be dynamically increased or decreased or updated.
  • the data storage module provides data storage for the basic data. It can use commercial databases such as ORACLE and SYBASE, and can also use open source databases such as MYSQL and POSTGRESQL.
  • the automated hardening library consists of a series of executable program scripts.
  • One compliance knowledge point corresponds to an executable program.
  • the so-called compliance knowledge point is a specific requirement of security compliance, such as operating system password strength requirements, shutdown non-essential Port or service requirements, critical system file access requirements, use of secure communication protocol requirements, and more.
  • the scan report analysis module compares the imported third-party manufacturer's compliance scan report with the manufacturer's report format definition and parsing policy preset in the data storage module, and analyzes that the security scan fails the security check entry through the keyword Technical means to retrieve the automated hardening library and generate an executable script for each server device that requires security hardening (with security check entries).
  • the script concatenates the automated hardening program that does not pass the security check entry to ensure these automated hardening procedures. Can be executed sequentially.
  • the automatic hardening scheduling module is a scheduling execution engine that automates security hardening.
  • the executable scripts generated by the scanning report analysis module and the programs included in the script are uploaded to the corresponding server device, and the security hardening result is returned, and the hardening result is generated and a reinforcement report is generated.
  • Security hardening is performed on the host device, supporting proxy mode and non-proxy mode; the communication protocol between the automated scheduling module and the host device can use Secure Shell Protocol (SSH).
  • SSH Secure Shell Protocol
  • the automated scheduling module can be batch-hardened on multiple devices at once and can support virtual machine environments.
  • the automatic analysis of the scan report and the automatic execution of the security hardening are performed in the embodiment of the present invention, which Two actions can be performed with one click or separately.
  • a first embodiment of the present invention provides a server device security management method, including:
  • Step S101 Obtain a security scan report for the server device.
  • the server device in this embodiment may also be referred to as a server, a host device, and the like, and is not limited herein.
  • the obtaining of the security scan report may be locally scanned by the server security management device, or may be obtained by the server security management device from the third-party security scan report platform.
  • the third-party security scan report platform provides a security scan report of each server device.
  • the system administrator can set a third-party security scan report platform (manufacturer) that supports the security scan report through the human-computer interaction interface, define the format of each platform scan report, and scan the report analysis logic and policies (such as compliance items).
  • the keyword, the location of the scanning device IP, etc.), the platform and strategy can be dynamically increased or decreased or updated.
  • the basic data management module selects a third-party security scan report platform according to the operation instruction of the system administrator, and obtains the identifier (name, IP location, etc.) and template information of the third-party security scan report platform.
  • the third-party security scan reporting platform Specifies that the third-party security scan reporting platform performs a secure scan of the server device and imports the report.
  • the scan report analysis module obtains a security scan report for the server device from the selected third-party security scan report platform; and obtains a corresponding report resolution policy from the data storage module according to the identifier and template information of the third-party security scan report platform. And get the corresponding search keyword.
  • the data storage module returns a corresponding report resolution policy and corresponding search keywords.
  • the search keyword may be a number corresponding to various security vulnerabilities, and the number may be different in a report generated by a different third-party security scan report platform. For example, if the report is generated by a form, for the A manufacturer, The number of a certain risk vulnerability is located in the first column of the table. For the B manufacturer, the number of the same type of risk vulnerability may be in the second column of the table.
  • the selected search keyword can be used to retrieve the corresponding security check entry based on the obtained report resolution policy in the security scan report.
  • Step S102 analyzing the security scan report, and separating a search keyword that fails the security check entry from the security scan report;
  • the scan report analysis module separates the search keywords of the failed entry from the report according to the report resolution policy.
  • Step S103 Perform security hardening on the server device according to the keyword that does not pass the security check entry.
  • the hardening library is retrieved according to the retrieval key that does not pass the security check entry, and an executable security hardening package is generated for the server device.
  • the method may further include:
  • the automated reinforcement program library is retrieved according to the retrieval keyword that does not pass the security check entry, and an automated reinforcement program corresponding to each failed security check entry is obtained;
  • an executable security hardening package is generated for each server device in units of server devices, and an analysis report is formed.
  • the embodiment realizes the automatic processing of the server device security assessment analysis, improves the analysis result analysis efficiency, reduces the manual analysis error, and further improves the automation level of the server device security reinforcement.
  • Step 301 The system administrator specifies a manufacturer, a report template, and a report of the third-party security scan report through the human-computer interaction interface.
  • Step 302 The scan report analysis module acquires a corresponding search keyword and a report parsing strategy from the data storage module according to the manufacturer information and the template information.
  • Step 303 the data storage module returns a corresponding report resolution policy and a search keyword
  • Step 304 The scan report analysis module separates the search keyword of the failed entry from the report according to the report parsing policy
  • Step 305 The scan report analysis module retrieves the solution corresponding to each item and the reinforcement program script from the automated reinforcement program library according to the search keyword;
  • Step 306 returning a search result
  • Step 307 The scan report analysis module further processes the search result, generates an analysis report (reporting a recommended solution for failing the item by device), and generates an executable security hardening package;
  • Step 308 presenting an analysis report to the system administrator through the human-computer interaction interface, and the security hardening package can be downloaded through the human-computer interaction interface.
  • the executable security hardening package may be uploaded to a corresponding server device to perform a security hardening operation on the corresponding server device.
  • the system administrator can select to download an executable security hardening package through the human interface. After the executable security hardening package is obtained, the system administrator can import the executable security hardening package of each server device to the corresponding server device to perform security hardening on each server device.
  • the above process can be done automatically by the system or by the system administrator.
  • the solution of the embodiment uses the technologies such as WEB and database to realize the automatic analysis of the security compliance report, and provides the function of automatically generating the security reinforcement program, establishing a security scan, automatic analysis of the scan report, and a series of hardening operations for the security reinforcement. It realizes the automatic evaluation of server equipment security assessment and reinforcement, improves the efficiency of equipment safety assessment results analysis, reduces manual analysis errors, and improves the automation level of server equipment security reinforcement.
  • a second embodiment of the present invention provides a server device security management method. Based on the embodiment shown in FIG. 2 above, the method further includes:
  • Step S104 Receive a reinforcement report fed back by the server device after performing a security hardening operation.
  • the feedback hardening report is sent to the system administrator.
  • FIG. 5 is a service flow of the device that is automatically reinforced according to the analysis result of the process shown in FIG. 3, and the process is as follows:
  • step 401 the system administrator imports the security hardening package generated by the process of FIG. 3 through the human-computer interaction interface. After the import, the system displays the specific content of the package to the administrator, including the hardening content of each device to be executed. Based on the package, you can select which devices perform the reinforcement of which entries;
  • Step 402 the automated hardening scheduling module uploads the corresponding reinforcement package to the device A;
  • Step 403 Perform security hardening on device A.
  • Step 404 returning the reinforcement report of the device A
  • Step 405 the automated hardening scheduling module uploads the corresponding reinforcement package to the device B;
  • Step 406 Perform security hardening on device B.
  • Step 407 returning the reinforcement report of device B
  • Step 408 After all the devices are hardened, the automated hardening scheduling module sorts the hardening reports of the devices and integrates them into a unified report and presents them to the system administrator.
  • the solution of the embodiment uses the technologies such as WEB and database to realize the automatic analysis of the security compliance report, and provides the function of automatically generating the security reinforcement program, and establishes the automatic execution of the security scan, the automatic analysis of the scan report, and the security reinforcement of a series of reinforcement operations.
  • the server equipment security assessment analysis and automatic processing of reinforcement improve the efficiency of equipment safety assessment results analysis, reduce manual analysis errors, and improve the automation level of server equipment security reinforcement.
  • the scan report analysis and the automatic reinforcement can be regarded as a continuous action, that is, the "one button" completes the report analysis and the security reinforcement.
  • FIG. 6 is a combination of the process shown in FIG. 3 and the process shown in FIG. 5, that is, the scanning report analysis and the automatic reinforcement are regarded as continuous actions, that is, the “one button” completes the report analysis and the security reinforcement, and the process has For example, two devices that need to be hardened are as follows:
  • Step 501 The system administrator specifies a manufacturer, a report template, and a report of the third-party security scan report through the human-computer interaction interface.
  • Step 502 The scan report analysis module obtains a corresponding search keyword and a report parsing strategy from the data storage module according to the manufacturer information and the template information.
  • Step 503 The data storage module returns a corresponding report resolution policy.
  • Step 504 The scan report analysis module separates the search keyword of the failed entry from the report according to the report parsing policy
  • Step 505 The scan report analysis module retrieves the solution corresponding to each item and the reinforcement program script according to the search keyword to the automated reinforcement program library;
  • Step 506 returning a search result
  • Step 507 The scan report analysis module further processes the search result, generates an analysis report (reporting the recommended solution for failing the entry by the device), and generates an executable security hardening package;
  • Step 508 The scan report analysis module automatically imports the generated security hardening package into the automatic hardening scheduling module.
  • Step 509 the automated hardening scheduling module uploads the corresponding hardening package to the device A;
  • Step 510 Perform security hardening on device A.
  • Step 511 returning the reinforcement report of the device A
  • Step 512 the automated hardening scheduling module uploads the corresponding hardening package to the device B;
  • Step 513 performing security hardening on device B.
  • Step 514 returning the reinforcement report of the device B
  • Step 515 After all the devices are hardened, the automated hardening scheduling module organizes the hardening reports of the devices and integrates them into a unified report, which is presented to the system administrator.
  • the solution of the embodiment uses the technologies such as WEB and database to realize the automatic analysis of the security compliance report, and provides the function of automatically generating the security reinforcement program, establishing a security scan, automatic analysis of the scan report, and a series of hardening operations for the security reinforcement.
  • the safety assessment analysis and the automated processing of reinforcement improve the efficiency of equipment safety assessment results analysis, reduce manual analysis errors, and improve the automation level of server equipment security reinforcement.
  • the first embodiment of the present invention provides a server device security management apparatus, including: an obtaining module 201, an analyzing module 202, and a reinforcing module 203, where:
  • the obtaining module 201 is configured to obtain a security scan report for the server device, and obtain a search keyword and a report parsing policy; the obtaining module 201 corresponds to the basic data management module in the system architecture shown in FIG. 2;
  • the analyzing module 202 is configured to analyze the security scan report according to the search keyword and the report parsing policy, and separate the search keyword that fails the security check entry from the security scan report;
  • the hardening module 203 is configured to perform security hardening on the server device according to the keyword that does not pass the security check entry.
  • the reinforcement module 203 may include: a generating unit and a scheduling unit;
  • a generating unit configured to retrieve a hardening library according to the retrieval key that does not pass the security check entry, and generate an executable security hardening package for the server device;
  • the scheduling unit is configured to upload the executable security hardening package to the corresponding server device to perform a security hardening operation on the corresponding server device.
  • the analysis module 202 and the generation unit correspond to the scan report analysis module in the system architecture shown in FIG. 2.
  • the server device in this embodiment may also be referred to as a server, a host device, and the like, and is not limited herein.
  • the obtaining of the security scan report may be locally scanned by the server security management device, or may be obtained by the server security management device from the third-party security scan report platform.
  • the third-party security scan report platform provides a security scan report of each server device.
  • the system administrator can set a third-party security scan report platform (manufacturer) that supports the security scan report through the human-computer interaction interface, define the format of each platform scan report, and scan
  • the logic and strategy of the report analysis (such as the compliant entry keyword, the location of the scanning device IP, etc.), the platform and strategy can be dynamically increased or decreased or updated.
  • the third module security scan report platform is selected by the obtaining module 201 according to the operation instruction of the system administrator, and the identifier (name, IP location, etc.) and template information of the third-party security scan report platform are obtained.
  • the third-party security scan reporting platform Specifies that the third-party security scan reporting platform performs a secure scan of the server device and imports the report.
  • the obtaining module 201 (also corresponding to the scan report analysis module shown in FIG. 2) obtains a security scan report for the server device from the selected third-party security scan report platform; and according to the identifier and template of the third-party security scan report platform
  • the information is obtained from the data storage module, and the corresponding search keyword is obtained.
  • the data storage module returns a corresponding report resolution policy and corresponding search keywords.
  • the search keyword may be a number corresponding to various security vulnerabilities, and the number may be different in a report generated by a different third-party security scan report platform. For example, if the report is generated by a form, for the A manufacturer, The number of a certain risk vulnerability is located in the first column of the table. For the B manufacturer, the number of the same type of risk vulnerability may be in the second column of the table.
  • the selected search keyword can be used to retrieve the corresponding security check entry based on the obtained report resolution policy in the security scan report.
  • the analysis module 202 separates the search keywords that have not passed the entry from the report according to the report resolution policy.
  • the generating unit in the hardening module 203 retrieves the hardening program library according to the search key that does not pass the security check entry, and generates an executable security hardening package for the server device.
  • the automated reinforcement program library is retrieved according to the search keyword that does not pass the security check entry, and an automated reinforcement program corresponding to each failed security check entry is obtained;
  • an executable security hardening package is generated for the server device in units of server devices, and an analysis report is formed.
  • the embodiment implements automatic processing of server equipment security assessment analysis, improves analysis result analysis efficiency, reduces manual analysis error, and further improves server equipment.
  • the level of automation for security hardening is the level of automation for security hardening.
  • the scheduling unit in the reinforcement module 203 is configured to upload the executable security hardening package to the corresponding server device to perform a security hardening operation on the corresponding server device.
  • the scheduling unit corresponds to an automated hardening scheduling module in the system architecture shown in FIG. 2.
  • the embodiment further includes a solution for uploading the executable security hardening package to the corresponding server device to perform a security hardening operation on the corresponding server device.
  • the system administrator can select to download an executable security hardening package through the human interface. After the executable security hardening package is obtained, the system administrator can import the executable security hardening package of each server device to the corresponding server device to perform security hardening on each server device.
  • the above process can be done automatically by the system or by the system administrator.
  • the solution of the embodiment uses the technologies such as WEB and database to realize the automatic analysis of the security compliance report, and provides the function of automatically generating the security reinforcement program, establishing a security scan, automatic analysis of the scan report, and a series of hardening operations for the security reinforcement. It realizes the automatic evaluation of server equipment security assessment and reinforcement, improves the efficiency of equipment safety assessment results analysis, reduces manual analysis errors, and improves the automation level of server equipment security reinforcement.
  • the scheduling unit is further configured to receive a reinforcement report that is feedback after the server device performs a security hardening operation.
  • the solution of the embodiment of the present invention provides a third-party compliance security scan report import function, analyzes the scan report by comparing the configured parsing rules, automatically generates a solution, and automatically generates an executable security hardening program, and provides Online, batch, and automated reinforcement of server equipment, from equipment safety assessment, to evaluation results analysis, to the entire process of equipment security hardening, "one-click", automated security hardening, in order to improve the efficiency of evaluation results, Reduce the manual analysis error, improve the automation level of security reinforcement, and provide means and methods.
  • the obtaining module 201, the analyzing module 202, and the generating unit may be implemented by a processor in the server device security management device; the hardening module 203 may be implemented by a processor in the server device security management device in combination with the communication interface;
  • the scheduling unit can be implemented by a communication interface in the server device security management device.
  • the foregoing embodiment method can be implemented by means of software plus a necessary general hardware platform, and of course, can also be through hardware, but in many cases, the former is better.
  • Implementation Based on such understanding, the technical solution of the present invention, which is essential or contributes to the prior art, may be embodied in the form of a software product stored in a storage medium (such as ROM/RAM, disk,
  • the optical disc includes a number of instructions for causing a terminal device (which may be a cell phone, a computer, a server, or a network device, etc.) to perform the methods described in various embodiments of the present invention.
  • an embodiment of the present invention further provides a computer storage medium, where the computer storage medium includes a set of instructions, when executed, causing at least one processor to perform security management of the server device described in the embodiment of the present invention. method.
  • the solution provided by the embodiment of the present invention obtains a security scan report for the server device.
  • Analysis of the security scan report separating the search key that fails the security check entry from the security scan report; performing security hardening on the corresponding server device according to the search key that has not passed the security check entry, thereby implementing security assessment of the server device , analysis and security reinforcement (automatic processing, improve the efficiency of evaluation results analysis, reduce manual analysis errors, improve the automation level of security reinforcement.

Abstract

A method and device for server device security management and a computer storage medium. The method comprises: acquiring a security scan report with respect to a server device (S101); analyzing the security scan report and isolating from the security scan report a search keyword of an entry that failed a security check (S102); and, reinforcing the security of the server device on the basis of the keyword of the entry that failed the security check (S103).

Description

服务器设备安全管理方法、装置及计算机存储介质Server device security management method, device and computer storage medium 技术领域Technical field
本发明涉及服务器设备安全管理技术领域,尤其涉及一种服务器设备安全管理方法、装置及计算机存储介质。The present invention relates to the field of server device security management technologies, and in particular, to a server device security management method, apparatus, and computer storage medium.
背景技术Background technique
近年来,涉及服务器设备的侵入和攻击事件频发,服务器设备的安全越来越被企事业单位所重视。In recent years, intrusion and attacks involving server devices have occurred frequently, and the security of server devices has been increasingly valued by enterprises and institutions.
其中,对服务器设备的补丁管理及配置以形成规模,很多研发安全产品的商业公司都可以提供专业级的扫描产品,这些产品都可以为主流的LINUX、WINDOWS服务器设备以及ORACLE、SYBASE数据库系统提供安全检测功能,对系统存在的补丁版本老旧、安全配置脆弱等安全风险给出提示。Among them, the patch management and configuration of server equipment to form a scale, many commercial companies developing security products can provide professional-grade scanning products, these products can provide security for mainstream LINUX, WINDOWS server equipment and ORACLE, SYBASE database system The detection function prompts the security risks such as the old patch version and the vulnerable security configuration of the system.
然而,目前的这些工具主要还是完成安全检查功能,虽然也有些产品在安全检查完成后,会对存在的安全风险给出一些简单的修复意见,但对于目前服务器设备云化、虚拟化、数据中心化越来越成为趋势的今天,大量设备安全检查报告的逐行阅读、分析和整理工作,让设备运行维护工程师投入了大量的精力,从扫描结束到输出机房设备整体安全状况评估报告周期无法控制,同时人工阅读分析分拣产生的错误数据也无法避免;另外,有了扫描报告,也需对扫描报告进行分析,并由运维工程师对服务器设备进行加固,在加固时,目前,还是按照物理服务器的模式,通过传统手工的方式对系统补丁进行更新、配置文件进行修改,而这种加固方式已经无法应对服务器云化、虚拟化、数据中心化的现状。However, the current tools mainly complete the security check function, although some products give some simple fixes to the existing security risks after the security check is completed, but for the current server device cloud, virtualization, data center Today, the trend is becoming more and more the trend. The line-by-line reading, analysis and finishing of a large number of equipment safety inspection reports have enabled the equipment operation and maintenance engineers to put a lot of effort into the control of the overall safety status assessment report period from the end of the scan to the output equipment room. At the same time, the error data generated by manual reading and analyzing sorting can not be avoided. In addition, with the scan report, the scan report needs to be analyzed, and the operation and maintenance engineer reinforces the server equipment. At the time of reinforcement, at present, it is still according to physics. In the server mode, system patches are updated and configuration files are modified in a traditional manual manner. This hardening method cannot cope with the current situation of server cloudization, virtualization, and data centering.
发明内容Summary of the invention
为解决现有存在的技术问题,本发明实施例提供一种服务器设备安全管理方法、装置及计算机存储介质。 In order to solve the existing technical problems, the embodiments of the present invention provide a server device security management method, apparatus, and computer storage medium.
本发明实施例提出的一种服务器设备安全管理方法,包括:A server device security management method according to an embodiment of the present invention includes:
获取对服务器设备的安全扫描报告;Obtain a security scan report for the server device;
分析所述安全扫描报告,从所述安全扫描报告中分离出未通过安全检查条目的检索关键字;Analyzing the security scan report, separating a search keyword that fails the security check entry from the security scan report;
根据所述未通过安全检查条目的关键字,对所述服务器设备进行安全加固。The server device is security hardened according to the keyword that does not pass the security check entry.
上述方案中,所述根据所述未通过安全检查条目的关键字,对所述服务器设备进行安全加固的步骤包括:In the foregoing solution, the step of performing security hardening on the server device according to the keyword that does not pass the security check entry includes:
根据所述未通过安全检查条目的检索关键字,检索加固程序库,为服务器设备生成可执行的安全加固程序包;Retrieving the reinforcement program library according to the retrieval keyword that does not pass the security check entry, and generating an executable security reinforcement package for the server device;
将所述可执行的安全加固程序包上传至对应的服务器设备,以在所述对应的服务器设备上执行安全加固操作。Uploading the executable security hardening package to a corresponding server device to perform a security hardening operation on the corresponding server device.
上述方案中,所述根据所述未通过安全检查条目的检索关键字,检索加固程序库,为服务器设备生成可执行的安全加固程序包的步骤包括:In the above solution, the step of retrieving the hardening program library according to the search key that does not pass the security check entry, and generating an executable security hardening package for the server device includes:
根据所述未通过安全检查条目的检索关键字,检索自动化加固程序库,获得与未通过安全检查条目对应的自动化加固程序;Retrieving an automated hardening library according to the search key that does not pass the security check entry, and obtaining an automated hardening program corresponding to the failed security check entry;
为获得的自动化加固程序生成可执行脚本;Generate executable scripts for the obtained automated hardening program;
基于自动化加固程序生成的可执行脚本,为服务器设备生成可执行的安全加固程序包。An executable security hardening package is generated for the server device based on an executable script generated by the automated hardening program.
上述方案中,所述获取对服务器设备的安全扫描报告的步骤包括:In the above solution, the step of obtaining a security scan report for the server device includes:
选取第三方安全扫描报告平台,并获取所述第三方安全扫描报告平台的标识及模板信息;Selecting a third-party security scan report platform, and obtaining the identifier and template information of the third-party security scan report platform;
从选取的第三方安全扫描报告平台获取对服务器设备的安全扫描报告;Obtain a security scan report for the server device from the selected third-party security scan report platform;
根据所述第三方安全扫描报告平台的标识及模板信息,从数据存储模块中获取对应的报告解析策略;Obtaining a corresponding report resolution policy from the data storage module according to the identifier and template information of the third-party security scan report platform;
获取对应的检索关键字。Get the corresponding search keyword.
上述方案中,所述方法还包括:In the above solution, the method further includes:
接收所述服务器设备执行安全加固操作后反馈的加固报告。 Receiving a reinforcement report fed back by the server device after performing a security hardening operation.
本发明实施例还提出一种服务器设备安全管理装置,包括:The embodiment of the invention further provides a server device security management device, including:
获取模块,配置为获取对服务器设备的安全扫描报告;Obtaining a module configured to obtain a security scan report for the server device;
分析模块,配置为分析所述安全扫描报告,从所述安全扫描报告中分离出未通过安全检查条目的检索关键字;An analysis module configured to analyze the security scan report, and separate a search keyword that fails the security check entry from the security scan report;
加固模块,配置为根据所述未通过安全检查条目的关键字,对所述服务器设备进行安全加固。The security module is configured to perform security hardening on the server device according to the keyword that does not pass the security check entry.
上述方案中,所述加固模块包括:In the above solution, the reinforcement module includes:
生成单元,配置为根据所述未通过安全检查条目的检索关键字,检索加固程序库,为服务器设备生成可执行的安全加固程序包;a generating unit, configured to retrieve a hardening library according to the retrieval key that does not pass the security check entry, and generate an executable security hardening package for the server device;
调度单元,配置为将所述可执行的安全加固程序包上传至对应的服务器设备,以在所述对应的服务器设备上执行安全加固操作。The scheduling unit is configured to upload the executable security hardening package to the corresponding server device to perform a security hardening operation on the corresponding server device.
上述方案中,所述生成单元,还配置为根据所述未通过安全检查条目的检索关键字,检索自动化加固程序库,获得与未通过安全检查条目对应的自动化加固程序;为获得的自动化加固程序生成可执行脚本;基于自动化加固程序生成的可执行脚本,为服务器设备生成可执行的安全加固程序包。In the above solution, the generating unit is further configured to: retrieve an automated hardening library according to the search key that does not pass the security check entry, obtain an automated hardening program corresponding to the failed security check entry; and obtain an automated hardening program Generate executable scripts; generate executable security hardening packages for server devices based on executable scripts generated by the automated hardening program.
上述方案中,所述获取模块,配置为选取第三方安全扫描报告平台,并获取所述第三方安全扫描报告平台的标识及模板信息;从选取的第三方安全扫描报告平台获取对服务器设备的安全扫描报告;根据所述第三方安全扫描报告平台的标识及模板信息,从数据存储模块中获取对应的报告解析策略;获取对应的检索关键字。In the above solution, the acquiring module is configured to select a third-party security scanning reporting platform, obtain the identifier and template information of the third-party security scanning reporting platform, and obtain security for the server device from the selected third-party security scanning reporting platform. Scanning report; obtaining a corresponding report resolution policy from the data storage module according to the identifier and template information of the third-party security scan report platform; and obtaining a corresponding search keyword.
上述方案中,所述调度单元,还配置为接收所述服务器设备执行安全加固操作后反馈的加固报告。In the above solution, the scheduling unit is further configured to receive a reinforcement report fed back by the server device after performing a security hardening operation.
本发明实施例还提出一种计算机存储介质,所述计算机存储介质包括一组指令,当执行所述指令时,引起至少一个处理器执行上述的服务器设备安全管理方法。The embodiment of the invention further provides a computer storage medium, the computer storage medium comprising a set of instructions, when executed, causing at least one processor to execute the server device security management method described above.
本发明实施例提出的一种服务器设备安全管理方法、装置及计算机存储介质,通过获取对服务器设备的安全扫描报告分析安全扫描报告,从安 全扫描报告中分离出未通过安全检查条目的检索关键字;根据未通过安全检查条目的检索关键字,对相应的服务器设备进行安全加固,由此实现对服务器设备安全评估、分析及安全加固(对服务器设备安全管理)的自动化处理,提高评估结果分析效率、降低人工分析误差、提升安全加固的自动化水平。A server device security management method, device and computer storage medium according to an embodiment of the present invention obtains a security scan report by analyzing a security scan report of a server device, The search keyword that fails the security check entry is separated in the full scan report; the corresponding server device is security-hardened according to the search keyword that does not pass the security check entry, thereby realizing the server device security assessment, analysis, and security hardening ( Automated processing of server equipment security management, improve the efficiency of evaluation results analysis, reduce manual analysis errors, and improve the automation level of security reinforcement.
附图说明DRAWINGS
图1是本发明实施例方案涉及的系统架构示意图;1 is a schematic structural diagram of a system involved in an embodiment of the present invention;
图2是本发明服务器设备安全管理方法第一实施例的流程示意图;2 is a schematic flowchart of a first embodiment of a server device security management method according to the present invention;
图3是本发明实施例中通过扫描报告分析模块发起第三方安全扫描报告并自动分析报告的业务流程示意图;3 is a schematic diagram of a service flow for initiating a third-party security scan report and automatically analyzing a report by using a scan report analysis module according to an embodiment of the present invention;
图4是本发明服务器设备安全管理方法第二实施例的流程示意图;4 is a schematic flowchart of a second embodiment of a server device security management method according to the present invention;
图5是本发明实施例中对设备进行自动化加固的业务流程示意图;FIG. 5 is a schematic diagram of a service process for automatically hardening a device according to an embodiment of the present invention; FIG.
图6是本发明实施例中一键完成报告分析和安全加固的业务流程示意图;6 is a schematic diagram of a business process of one-click completion report analysis and security hardening in the embodiment of the present invention;
图7是本发明服务器设备安全管理装置第一实施例的功能模块示意图。FIG. 7 is a schematic diagram of functional modules of a first embodiment of a server device security management apparatus according to the present invention.
具体实施方式detailed description
为了使本发明的技术方案更加清楚、明了,下面将结合附图作进一步详述。In order to make the technical solutions of the present invention clearer and clearer, the following will be further described in detail with reference to the accompanying drawings.
应当理解,此处所描述的具体实施例仅仅用以解释本发明,并不用于限定本发明。It is understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
在本发明实施例的各种实施例中:提供第三方合规安全扫描报告导入功能,通过对比配置的解析规则,分析扫描报告,自动生成解决方案,同时自动生成可执行的安全加固程序,并提供在线、批量、自动化对服务器设备进行加固功能,实现从设备安全评估,到评估结果分析,再到设备安全加固的全流程、“一键”化、自动化安全加固,从而为提高评估结果分析效率、降低人工分析误差、提升安全加固的自动化水平提供解决方案。In various embodiments of the embodiments of the present invention, a third-party compliance security scan report import function is provided, and the scan report is analyzed by comparing the configured parsing rules, the solution is automatically generated, and an executable security hardening program is automatically generated, and Provide online, batch, and automated server device reinforcement functions, from device security assessment to evaluation result analysis, to device security hardening process, “one button” and automated security hardening, so as to improve the efficiency of evaluation results. Provide solutions to reduce manual analysis errors and improve the automation level of security hardening.
本发明实施例方案可以实现对一个或多个服务器设备的安全扫描报告 的智能分析、安全加固等自动化操作,其系统架构可以参照图1所示。The solution of the embodiment of the present invention can implement a security scan report on one or more server devices. The intelligent architecture, security hardening and other automated operations, the system architecture can be seen in Figure 1.
如图1所示,该架构可以涉及:服务器安全管理装置,以及多个服务器设备(即图1中所示的主机设备,在该主机设备中可以设置相应的代理模块与服务器安全管理装置通讯)。As shown in FIG. 1 , the architecture may involve: a server security management device, and a plurality of server devices (ie, the host device shown in FIG. 1 , wherein a corresponding proxy module may be set to communicate with the server security management device) .
其中,服务器安全管理装置可以包括:基础数据管理模块、数据存储模块、扫描报告分析模块、自动化加固程序库,以及自动化加固调度模块等。The server security management device may include: a basic data management module, a data storage module, a scan report analysis module, an automated reinforcement program library, and an automated hardening scheduling module.
其中,基础数据管理模块,是一个人机交互界面,通过此界面,系统管理员可以设置支持安全扫描报告的第三方安全扫描报告平台(厂家),定义各厂家扫描报告的格式,以及扫描报告解析的逻辑和策略(如合规条目关键字、扫描设备IP信息所在位置等),厂家及策略可动态的增减或更新。The basic data management module is a human-computer interaction interface. Through this interface, the system administrator can set a third-party security scan report platform (manufacturer) that supports the security scan report, define the format of the scan report of each manufacturer, and analyze the scan report. The logic and strategy (such as compliance entry keywords, scanning device IP information location, etc.), manufacturers and strategies can be dynamically increased or decreased or updated.
数据存储模块,为基础数据提供数据存储,可使用ORACLE、SYBASE等商业数据库,也可以使用MYSQL、POSTGRESQL等开源数据库。The data storage module provides data storage for the basic data. It can use commercial databases such as ORACLE and SYBASE, and can also use open source databases such as MYSQL and POSTGRESQL.
自动化加固程序库,由一系列的可执行程序脚本组成,一个合规知识点对应一个可执行程序,所谓合规知识点即安全合规的一个具体要求,例如操作系统密码强度要求、关闭非必要端口或服务要求、关键系统文件访问权限要求、使用安全通讯协议要求等等。The automated hardening library consists of a series of executable program scripts. One compliance knowledge point corresponds to an executable program. The so-called compliance knowledge point is a specific requirement of security compliance, such as operating system password strength requirements, shutdown non-essential Port or service requirements, critical system file access requirements, use of secure communication protocol requirements, and more.
扫描报告分析模块,对导入的第三方厂家的合规扫描报告,比对预置在数据存储模块中的该厂家报告格式定义和解析策略,分析出安全扫描未通过安全检查条目,通过关键字的技术手段,检索自动化加固程序库,为每一个需要安全加固(有未通过安全检查条目)服务器设备生成一个可执行脚本,该脚本串联未通过安全检查条目对应的自动化加固程序,保证这些自动化加固程序可顺序执行。The scan report analysis module compares the imported third-party manufacturer's compliance scan report with the manufacturer's report format definition and parsing policy preset in the data storage module, and analyzes that the security scan fails the security check entry through the keyword Technical means to retrieve the automated hardening library and generate an executable script for each server device that requires security hardening (with security check entries). The script concatenates the automated hardening program that does not pass the security check entry to ensure these automated hardening procedures. Can be executed sequentially.
自动化加固调度模块,是自动化安全加固的调度执行引擎,将扫描报告分析模块生成的可执行脚本及脚本包含的程序上传至对应的服务器设备,执行安全加固,返回安全加固结果并生成加固报告。安全加固在主机设备上的执行,支持代理模式、非代理模式;自动化调度模块与主机设备之间的通信协议可以使用安全外壳协议(SSH)。自动化调度模块可一次性在多个设备批量化加固,并可以支持虚拟机环境。The automatic hardening scheduling module is a scheduling execution engine that automates security hardening. The executable scripts generated by the scanning report analysis module and the programs included in the script are uploaded to the corresponding server device, and the security hardening result is returned, and the hardening result is generated and a reinforcement report is generated. Security hardening is performed on the host device, supporting proxy mode and non-proxy mode; the communication protocol between the automated scheduling module and the host device can use Secure Shell Protocol (SSH). The automated scheduling module can be batch-hardened on multiple devices at once and can support virtual machine environments.
此外,本发明实施例方案扫描报告自动分析与安全加固自动执行,这 两个动作可以一键执行,也可以分开执行。In addition, the automatic analysis of the scan report and the automatic execution of the security hardening are performed in the embodiment of the present invention, which Two actions can be performed with one click or separately.
以下基于上述系统架构对本发明实施例方案进行详细阐述。The embodiments of the present invention are described in detail below based on the above system architecture.
具体地,如图2所示,本发明第一实施例提出一种服务器设备安全管理方法,包括:Specifically, as shown in FIG. 2, a first embodiment of the present invention provides a server device security management method, including:
步骤S101,获取对服务器设备的安全扫描报告;Step S101: Obtain a security scan report for the server device.
本实施例服务器设备也可以称为服务器、主机设备等,在此不作限定。The server device in this embodiment may also be referred to as a server, a host device, and the like, and is not limited herein.
为了实现对服务器设备的安全检查、评估与加固,首先需要获取对服务器设备的安全扫描报告。To implement security check, evaluation, and hardening of server devices, you first need to obtain a security scan report for the server device.
其中,安全扫描报告的获取可以由服务器安全管理装置本地扫描,也可以由服务器安全管理装置从第三方安全扫描报告平台获取,本实施例以第三方安全扫描报告平台提供各服务器设备的安全扫描报告进行举例。The obtaining of the security scan report may be locally scanned by the server security management device, or may be obtained by the server security management device from the third-party security scan report platform. In this embodiment, the third-party security scan report platform provides a security scan report of each server device. Give an example.
具体地,系统管理员可以通过人机交互界面,设置支持安全扫描报告的第三方安全扫描报告平台(厂家),定义各平台扫描报告的格式,以及扫描报告解析的逻辑和策略(如合规条目关键字、扫描设备IP所在位置等),平台及策略可动态的增减或更新。Specifically, the system administrator can set a third-party security scan report platform (manufacturer) that supports the security scan report through the human-computer interaction interface, define the format of each platform scan report, and scan the report analysis logic and policies (such as compliance items). The keyword, the location of the scanning device IP, etc.), the platform and strategy can be dynamically increased or decreased or updated.
具体实现过程如下:The specific implementation process is as follows:
首先,由基础数据管理模块根据系统管理员的操作指令选取第三方安全扫描报告平台,并获取所述第三方安全扫描报告平台的标识(名称、IP所在位置等)及模板信息。First, the basic data management module selects a third-party security scan report platform according to the operation instruction of the system administrator, and obtains the identifier (name, IP location, etc.) and template information of the third-party security scan report platform.
指定第三方安全扫描报告平台对该服务器设备进行安全扫描,并导入报告。Specifies that the third-party security scan reporting platform performs a secure scan of the server device and imports the report.
之后,扫描报告分析模块从选取的第三方安全扫描报告平台获取对服务器设备的安全扫描报告;根据所述第三方安全扫描报告平台的标识及模板信息,从数据存储模块中获取对应的报告解析策略,并获取对应的检索关键字。数据存储模块返回对应的报告解析策略及对应的检索关键字。Then, the scan report analysis module obtains a security scan report for the server device from the selected third-party security scan report platform; and obtains a corresponding report resolution policy from the data storage module according to the identifier and template information of the third-party security scan report platform. And get the corresponding search keyword. The data storage module returns a corresponding report resolution policy and corresponding search keywords.
其中,检索关键字可以是各种安全漏洞等指标对应的编号,该编号在不同的第三方安全扫描报告平台生成的报告中的位置可能不同,比如若报告以表格形成生成,则对于A厂家,某一风险漏洞的编号位于表格的第一列,对于B厂家,同样类型的风险漏洞的编号则可能位于表格的第二列。 The search keyword may be a number corresponding to various security vulnerabilities, and the number may be different in a report generated by a different third-party security scan report platform. For example, if the report is generated by a form, for the A manufacturer, The number of a certain risk vulnerability is located in the first column of the table. For the B manufacturer, the number of the same type of risk vulnerability may be in the second column of the table.
通过选取的检索关键字,可以在安全扫描报告中,基于获取的报告解析策略检索相应的安全检查条目是否通过。The selected search keyword can be used to retrieve the corresponding security check entry based on the obtained report resolution policy in the security scan report.
步骤S102,分析所述安全扫描报告,从所述安全扫描报告中分离出未通过安全检查条目的检索关键字;Step S102, analyzing the security scan report, and separating a search keyword that fails the security check entry from the security scan report;
这里,扫描报告分析模块根据报告解析策略,从报告中分离出未通过条目的检索关键字。Here, the scan report analysis module separates the search keywords of the failed entry from the report according to the report resolution policy.
步骤S103,根据所述未通过安全检查条目的关键字,对所述服务器设备进行安全加固。Step S103: Perform security hardening on the server device according to the keyword that does not pass the security check entry.
具体包括:Specifically include:
根据所述未通过安全检查条目的检索关键字,检索加固程序库,为服务器设备生成可执行的安全加固程序包。The hardening library is retrieved according to the retrieval key that does not pass the security check entry, and an executable security hardening package is generated for the server device.
在一实施例中,还可以包括:In an embodiment, the method may further include:
将所述可执行的安全加固程序包上传至对应的服务器设备,以在所述对应的服务器设备上执行安全加固操作。Uploading the executable security hardening package to a corresponding server device to perform a security hardening operation on the corresponding server device.
具体地,首先,根据所述未通过安全检查条目的检索关键字,检索自动化加固程序库,获得与各未通过安全检查条目对应的自动化加固程序;Specifically, first, the automated reinforcement program library is retrieved according to the retrieval keyword that does not pass the security check entry, and an automated reinforcement program corresponding to each failed security check entry is obtained;
为获得的自动化加固程序生成可执行脚本;Generate executable scripts for the obtained automated hardening program;
然后,基于自动化加固程序生成的可执行脚本,以服务器设备为单位,为每一服务器设备生成可执行的安全加固程序包,并形成分析报告。Then, based on the executable script generated by the automated hardening program, an executable security hardening package is generated for each server device in units of server devices, and an analysis report is formed.
本实施例通过上述方案,实现对服务器设备安全评估分析的自动化处理,提高评估结果分析效率、降低人工分析误差,进而提升了服务器设备安全加固的自动化水平。Through the above solution, the embodiment realizes the automatic processing of the server device security assessment analysis, improves the analysis result analysis efficiency, reduces the manual analysis error, and further improves the automation level of the server device security reinforcement.
以下结合图3,详细阐述本实施例中,通过扫描报告分析模块发起第三方安全扫描报告并自动分析报告的业务流程,具体流程为:The following describes the business process of initiating a third-party security scan report and automatically analyzing the report through the scan report analysis module in the embodiment, with reference to FIG. 3, the specific process is as follows:
步骤301,系统管理员通过人机交互界面,指定第三方安全扫描报告的厂家、报告模板,并导入报告;Step 301: The system administrator specifies a manufacturer, a report template, and a report of the third-party security scan report through the human-computer interaction interface.
步骤302,扫描报告分析模块根据厂家信息、模板信息,从数据存储模块获取对应的检索关键字及报告解析策略; Step 302: The scan report analysis module acquires a corresponding search keyword and a report parsing strategy from the data storage module according to the manufacturer information and the template information.
步骤303,数据存储模块返回对应的报告解析策略及检索关键字;Step 303, the data storage module returns a corresponding report resolution policy and a search keyword;
步骤304,扫描报告分析模块根据报告解析策略,从报告中分离出未通过条目的检索关键字;Step 304: The scan report analysis module separates the search keyword of the failed entry from the report according to the report parsing policy;
步骤305,扫描报告分析模块根据检索关键字,从自动化加固程序库检索获得各条目对应的解决方案、加固程序脚本;Step 305: The scan report analysis module retrieves the solution corresponding to each item and the reinforcement program script from the automated reinforcement program library according to the search keyword;
步骤306,返回检索结果;Step 306, returning a search result;
步骤307,扫描报告分析模块对检索结果进行进一步处理,生成分析报告(以设备为单位报告未通过条目的建议解决方案),并生成可执行的安全加固程序包;Step 307: The scan report analysis module further processes the search result, generates an analysis report (reporting a recommended solution for failing the item by device), and generates an executable security hardening package;
步骤308,通过人机交互接口,向系统管理员呈现分析报告,安全加固程序包可通过人机交互接口下载。Step 308, presenting an analysis report to the system administrator through the human-computer interaction interface, and the security hardening package can be downloaded through the human-computer interaction interface.
由此实现了对服务器设备安全评估分析的自动化处理,提高评估结果分析效率、降低人工分析误差,进而提升了服务器设备安全加固的自动化水平。Thereby, the automatic processing of the server equipment safety assessment analysis is realized, the analysis result analysis efficiency is improved, the manual analysis error is reduced, and the automation level of the server equipment security reinforcement is improved.
实际应用时,可以将所述可执行的安全加固程序包上传至对应的服务器设备,以在所述对应的服务器设备上执行安全加固操作。In an actual application, the executable security hardening package may be uploaded to a corresponding server device to perform a security hardening operation on the corresponding server device.
具体地,系统管理员可以通过人机交互接口选择下载可执行的安全加固程序包。在得到可执行的安全加固程序包后,系统管理员可以将各个服务器设备的可执行的安全加固程序包导入至对应的服务器设备,对各服务器设备进行安全加固。Specifically, the system administrator can select to download an executable security hardening package through the human interface. After the executable security hardening package is obtained, the system administrator can import the executable security hardening package of each server device to the corresponding server device to perform security hardening on each server device.
上述过程可以由系统自动完成,也可以由系统管理员指引操作完成。The above process can be done automatically by the system or by the system administrator.
本实施例方案利用WEB、数据库等技术,实现安全合规报告的自动化分析,并提供自动生成安全加固程序的功能,建立安全扫描、扫描报告自动化分析、安全加固一系列加固操作一键执行能力,实现了对服务器设备安全评估分析及加固的自动化处理,提高了设备安全评估结果分析效率、降低人工分析误差,同时提升了服务器设备安全加固的自动化水平。The solution of the embodiment uses the technologies such as WEB and database to realize the automatic analysis of the security compliance report, and provides the function of automatically generating the security reinforcement program, establishing a security scan, automatic analysis of the scan report, and a series of hardening operations for the security reinforcement. It realizes the automatic evaluation of server equipment security assessment and reinforcement, improves the efficiency of equipment safety assessment results analysis, reduces manual analysis errors, and improves the automation level of server equipment security reinforcement.
如图4所示,本发明第二实施例提出一种服务器设备安全管理方法, 基于上述图2所示的实施例,所述方法还包括:As shown in FIG. 4, a second embodiment of the present invention provides a server device security management method. Based on the embodiment shown in FIG. 2 above, the method further includes:
步骤S104,接收所述服务器设备执行安全加固操作后反馈的加固报告。Step S104: Receive a reinforcement report fed back by the server device after performing a security hardening operation.
在服务器设备执行安全加固操作后,反馈加固报告给系统管理员。After the server device performs the security hardening operation, the feedback hardening report is sent to the system administrator.
以下结合图5,详细阐述本实施例中对设备进行自动化加固的业务流程。The business process of automatically hardening the device in this embodiment is described in detail below with reference to FIG.
图5是本实施例依据图3所示流程产生的分析结果,对设备进行自动化加固的业务流程,本流程以有两个需要加固的设备(设备A和设备B)为例,具体流程为:FIG. 5 is a service flow of the device that is automatically reinforced according to the analysis result of the process shown in FIG. 3, and the process is as follows:
步骤401,系统管理员通过人机交互接口导入图3流程生成的安全加固程序包,导入后,系统向管理员展示程序包具体内容,包括各个设备待执行的加固内容,此处管理员在加固程序包的基础上,可选择哪些设备执行哪些条目的加固;In step 401, the system administrator imports the security hardening package generated by the process of FIG. 3 through the human-computer interaction interface. After the import, the system displays the specific content of the package to the administrator, including the hardening content of each device to be executed. Based on the package, you can select which devices perform the reinforcement of which entries;
步骤402,自动化加固调度模块上传对应的加固程序包至设备A;Step 402, the automated hardening scheduling module uploads the corresponding reinforcement package to the device A;
步骤403,在设备A上执行安全加固;Step 403: Perform security hardening on device A.
步骤404,返回设备A的加固报告;Step 404, returning the reinforcement report of the device A;
步骤405,自动化加固调度模块上传对应的加固程序包至设备B;Step 405, the automated hardening scheduling module uploads the corresponding reinforcement package to the device B;
步骤406,在设备B上执行安全加固;Step 406: Perform security hardening on device B.
步骤407,返回设备B的加固报告;Step 407, returning the reinforcement report of device B;
步骤408,所有设备加固完成后,自动化加固调度模块整理各设备的加固报告,整合成一个整体的报告,呈现给系统管理员。Step 408: After all the devices are hardened, the automated hardening scheduling module sorts the hardening reports of the devices and integrates them into a unified report and presents them to the system administrator.
本实施例方案利用WEB、数据库等技术,实现安全合规报告的自动化分析,并提供自动生成安全加固程序的功能,建立安全扫描、扫描报告自动化分析、安全加固一系列加固操作自动执行能力,实现了对服务器设备安全评估分析及加固的自动化处理,提高了设备安全评估结果分析效率、降低人工分析误差,同时提升了服务器设备安全加固的自动化水平。The solution of the embodiment uses the technologies such as WEB and database to realize the automatic analysis of the security compliance report, and provides the function of automatically generating the security reinforcement program, and establishes the automatic execution of the security scan, the automatic analysis of the scan report, and the security reinforcement of a series of reinforcement operations. The server equipment security assessment analysis and automatic processing of reinforcement, improve the efficiency of equipment safety assessment results analysis, reduce manual analysis errors, and improve the automation level of server equipment security reinforcement.
需要说明的是,还可以将扫描报告分析、自动化加固作为连续动作,即“一键”完成报告分析和安全加固。 It should be noted that the scan report analysis and the automatic reinforcement can be regarded as a continuous action, that is, the "one button" completes the report analysis and the security reinforcement.
如图6所示,图6是图3所示流程和图5所示流程的结合,即将扫描报告分析、自动化加固作为连续动作,即“一键”完成报告分析和安全加固,本流程以有两个需要加固的设备为例,具体流程为:As shown in FIG. 6, FIG. 6 is a combination of the process shown in FIG. 3 and the process shown in FIG. 5, that is, the scanning report analysis and the automatic reinforcement are regarded as continuous actions, that is, the “one button” completes the report analysis and the security reinforcement, and the process has For example, two devices that need to be hardened are as follows:
步骤501,系统管理员通过人机交互界面,指定第三方安全扫描报告的厂家、报告模板,并导入报告;Step 501: The system administrator specifies a manufacturer, a report template, and a report of the third-party security scan report through the human-computer interaction interface.
步骤502,扫描报告分析模块,根据厂家信息、模板信息,从数据存储模块获取对应的检索关键字及报告解析策略;Step 502: The scan report analysis module obtains a corresponding search keyword and a report parsing strategy from the data storage module according to the manufacturer information and the template information.
步骤503,数据存储模块返回对应的报告解析策略;Step 503: The data storage module returns a corresponding report resolution policy.
步骤504,扫描报告分析模块根据报告解析策略,从报告中分离出未通过条目的检索关键字;Step 504: The scan report analysis module separates the search keyword of the failed entry from the report according to the report parsing policy;
步骤505,扫描报告分析模块根据检索关键字,至自动化加固程序库检索获得各条目对应的解决方案、加固程序脚本;Step 505: The scan report analysis module retrieves the solution corresponding to each item and the reinforcement program script according to the search keyword to the automated reinforcement program library;
步骤506,返回检索结果;Step 506, returning a search result;
步骤507,扫描报告分析模块对检索结果进行进一步处理,生成分析报告(以设备为单位报告未通过条目的建议解决方案),并生成可执行的安全加固程序包;Step 507: The scan report analysis module further processes the search result, generates an analysis report (reporting the recommended solution for failing the entry by the device), and generates an executable security hardening package;
步骤508,扫描报告分析模块自动将生成的安全加固程序包导入自动化加固调度模块;Step 508: The scan report analysis module automatically imports the generated security hardening package into the automatic hardening scheduling module.
步骤509,自动化加固调度模块上传对应的加固程序包至设备A;Step 509, the automated hardening scheduling module uploads the corresponding hardening package to the device A;
步骤510,在设备A上执行安全加固;Step 510: Perform security hardening on device A.
步骤511,返回设备A的加固报告;Step 511, returning the reinforcement report of the device A;
步骤512,自动化加固调度模块上传对应的加固程序包至设备B;Step 512, the automated hardening scheduling module uploads the corresponding hardening package to the device B;
步骤513,在设备B上执行安全加固;Step 513, performing security hardening on device B.
步骤514,返回设备B的加固报告;Step 514, returning the reinforcement report of the device B;
步骤515,所有设备加固完成后,自动化加固调度模块整理各设备的加固报告,整合成一个整体的报告,呈现给系统管理员。Step 515: After all the devices are hardened, the automated hardening scheduling module organizes the hardening reports of the devices and integrates them into a unified report, which is presented to the system administrator.
本实施例方案利用WEB、数据库等技术,实现安全合规报告的自动化分析,并提供自动生成安全加固程序的功能,建立安全扫描、扫描报告自动化分析、安全加固一系列加固操作一键执行能力,实现了对服务器设备 安全评估分析及加固的自动化处理,提高了设备安全评估结果分析效率、降低人工分析误差,同时提升了服务器设备安全加固的自动化水平。The solution of the embodiment uses the technologies such as WEB and database to realize the automatic analysis of the security compliance report, and provides the function of automatically generating the security reinforcement program, establishing a security scan, automatic analysis of the scan report, and a series of hardening operations for the security reinforcement. Implemented the server device The safety assessment analysis and the automated processing of reinforcement improve the efficiency of equipment safety assessment results analysis, reduce manual analysis errors, and improve the automation level of server equipment security reinforcement.
对应地,提出本发明服务器设备安全管理装置实施例。Correspondingly, an embodiment of the server device security management apparatus of the present invention is proposed.
如图7所示,本发明第一实施例提出一种服务器设备安全管理装置,包括:获取模块201、分析模块202及加固模块203,其中:As shown in FIG. 7, the first embodiment of the present invention provides a server device security management apparatus, including: an obtaining module 201, an analyzing module 202, and a reinforcing module 203, where:
获取模块201,配置为获取对服务器设备的安全扫描报告,并获取检索关键字及报告解析策略;该获取模块201对应图2所示的系统架构中的基础数据管理模块;The obtaining module 201 is configured to obtain a security scan report for the server device, and obtain a search keyword and a report parsing policy; the obtaining module 201 corresponds to the basic data management module in the system architecture shown in FIG. 2;
分析模块202,配置为根据所述检索关键字及报告解析策略,分析所述安全扫描报告,从所述安全扫描报告中分离出未通过安全检查条目的检索关键字;The analyzing module 202 is configured to analyze the security scan report according to the search keyword and the report parsing policy, and separate the search keyword that fails the security check entry from the security scan report;
加固模块203,配置为根据所述未通过安全检查条目的关键字,对所述服务器设备进行安全加固。The hardening module 203 is configured to perform security hardening on the server device according to the keyword that does not pass the security check entry.
其中,加固模块203可以包括:生成单元和调度单元;The reinforcement module 203 may include: a generating unit and a scheduling unit;
生成单元,配置为根据所述未通过安全检查条目的检索关键字,检索加固程序库,为服务器设备生成可执行的安全加固程序包;a generating unit, configured to retrieve a hardening library according to the retrieval key that does not pass the security check entry, and generate an executable security hardening package for the server device;
调度单元,配置为将所述可执行的安全加固程序包上传至对应的服务器设备,以在所述对应的服务器设备上执行安全加固操作。The scheduling unit is configured to upload the executable security hardening package to the corresponding server device to perform a security hardening operation on the corresponding server device.
上述分析模块202及生成单元对应图2所示的系统架构中的扫描报告分析模块。The analysis module 202 and the generation unit correspond to the scan report analysis module in the system architecture shown in FIG. 2.
具体地,本实施例服务器设备也可以称为服务器、主机设备等,在此不作限定。Specifically, the server device in this embodiment may also be referred to as a server, a host device, and the like, and is not limited herein.
为了实现对服务器设备的安全检查、评估与加固,首先需要获取对服务器设备的安全扫描报告。To implement security check, evaluation, and hardening of server devices, you first need to obtain a security scan report for the server device.
其中,安全扫描报告的获取可以由服务器安全管理装置本地扫描,也可以由服务器安全管理装置从第三方安全扫描报告平台获取,本实施例以第三方安全扫描报告平台提供各服务器设备的安全扫描报告进行举例。The obtaining of the security scan report may be locally scanned by the server security management device, or may be obtained by the server security management device from the third-party security scan report platform. In this embodiment, the third-party security scan report platform provides a security scan report of each server device. Give an example.
具体地,系统管理员可以通过人机交互界面,设置支持安全扫描报告的第三方安全扫描报告平台(厂家),定义各平台扫描报告的格式,以及扫 描报告解析的逻辑和策略(如合规条目关键字、扫描设备IP所在位置等),平台及策略可动态的增减或更新。Specifically, the system administrator can set a third-party security scan report platform (manufacturer) that supports the security scan report through the human-computer interaction interface, define the format of each platform scan report, and scan The logic and strategy of the report analysis (such as the compliant entry keyword, the location of the scanning device IP, etc.), the platform and strategy can be dynamically increased or decreased or updated.
具体实现过程如下:The specific implementation process is as follows:
首先,由获取模块201根据系统管理员的操作指令选取第三方安全扫描报告平台,并获取所述第三方安全扫描报告平台的标识(名称、IP所在位置等)及模板信息。First, the third module security scan report platform is selected by the obtaining module 201 according to the operation instruction of the system administrator, and the identifier (name, IP location, etc.) and template information of the third-party security scan report platform are obtained.
指定第三方安全扫描报告平台对该服务器设备进行安全扫描,并导入报告。Specifies that the third-party security scan reporting platform performs a secure scan of the server device and imports the report.
之后,获取模块201(也可以对应图2所示的扫描报告分析模块)从选取的第三方安全扫描报告平台获取对服务器设备的安全扫描报告;根据所述第三方安全扫描报告平台的标识及模板信息,从数据存储模块中获取对应的报告解析策略,并获取对应的检索关键字。数据存储模块返回对应的报告解析策略及对应的检索关键字。Then, the obtaining module 201 (also corresponding to the scan report analysis module shown in FIG. 2) obtains a security scan report for the server device from the selected third-party security scan report platform; and according to the identifier and template of the third-party security scan report platform The information is obtained from the data storage module, and the corresponding search keyword is obtained. The data storage module returns a corresponding report resolution policy and corresponding search keywords.
其中,检索关键字可以是各种安全漏洞等指标对应的编号,该编号在不同的第三方安全扫描报告平台生成的报告中的位置可能不同,比如若报告以表格形成生成,则对于A厂家,某一风险漏洞的编号位于表格的第一列,对于B厂家,同样类型的风险漏洞的编号则可能位于表格的第二列。The search keyword may be a number corresponding to various security vulnerabilities, and the number may be different in a report generated by a different third-party security scan report platform. For example, if the report is generated by a form, for the A manufacturer, The number of a certain risk vulnerability is located in the first column of the table. For the B manufacturer, the number of the same type of risk vulnerability may be in the second column of the table.
通过选取的检索关键字,可以在安全扫描报告中,基于获取的报告解析策略检索相应的安全检查条目是否通过。The selected search keyword can be used to retrieve the corresponding security check entry based on the obtained report resolution policy in the security scan report.
之后,分析模块202根据报告解析策略,从报告中分离出未通过条目的检索关键字。Thereafter, the analysis module 202 separates the search keywords that have not passed the entry from the report according to the report resolution policy.
加固模块203中的生成单元根据所述未通过安全检查条目的检索关键字,检索加固程序库,为服务器设备生成可执行的安全加固程序包。The generating unit in the hardening module 203 retrieves the hardening program library according to the search key that does not pass the security check entry, and generates an executable security hardening package for the server device.
具体地,首先,根据所述未通过安全检查条目的检索关键字,检索自动化加固程序库,获得各未通过安全检查条目对应的自动化加固程序;Specifically, first, the automated reinforcement program library is retrieved according to the search keyword that does not pass the security check entry, and an automated reinforcement program corresponding to each failed security check entry is obtained;
为获得的自动化加固程序生成可执行脚本;Generate executable scripts for the obtained automated hardening program;
然后,基于自动化加固程序生成的可执行脚本,以服务器设备为单位,为服务器设备生成可执行的安全加固程序包,并形成分析报告。Then, based on the executable script generated by the automated hardening program, an executable security hardening package is generated for the server device in units of server devices, and an analysis report is formed.
本实施例通过上述方案,实现对服务器设备安全评估分析的自动化处理,提高评估结果分析效率、降低人工分析误差,进而提升了服务器设备 安全加固的自动化水平。Through the above solution, the embodiment implements automatic processing of server equipment security assessment analysis, improves analysis result analysis efficiency, reduces manual analysis error, and further improves server equipment. The level of automation for security hardening.
在一实施例中,加固模块203中的调度单元,配置为将所述可执行的安全加固程序包上传至对应的服务器设备,以在所述对应的服务器设备上执行安全加固操作。In an embodiment, the scheduling unit in the reinforcement module 203 is configured to upload the executable security hardening package to the corresponding server device to perform a security hardening operation on the corresponding server device.
调度单元对应图2所示的系统架构中的自动化加固调度模块。The scheduling unit corresponds to an automated hardening scheduling module in the system architecture shown in FIG. 2.
相比上述实施例,本实施例还包括将可执行的安全加固程序包上传至对应的服务器设备,以在对应的服务器设备上执行安全加固操作的方案。Compared with the foregoing embodiment, the embodiment further includes a solution for uploading the executable security hardening package to the corresponding server device to perform a security hardening operation on the corresponding server device.
具体地,系统管理员可以通过人机交互接口选择下载可执行的安全加固程序包。在得到可执行的安全加固程序包后,系统管理员可以将各个服务器设备的可执行的安全加固程序包导入至对应的服务器设备,对各服务器设备进行安全加固。Specifically, the system administrator can select to download an executable security hardening package through the human interface. After the executable security hardening package is obtained, the system administrator can import the executable security hardening package of each server device to the corresponding server device to perform security hardening on each server device.
上述过程可以由系统自动完成,也可以由系统管理员指引操作完成。The above process can be done automatically by the system or by the system administrator.
本实施例方案利用WEB、数据库等技术,实现安全合规报告的自动化分析,并提供自动生成安全加固程序的功能,建立安全扫描、扫描报告自动化分析、安全加固一系列加固操作一键执行能力,实现了对服务器设备安全评估分析及加固的自动化处理,提高了设备安全评估结果分析效率、降低人工分析误差,同时提升了服务器设备安全加固的自动化水平。The solution of the embodiment uses the technologies such as WEB and database to realize the automatic analysis of the security compliance report, and provides the function of automatically generating the security reinforcement program, establishing a security scan, automatic analysis of the scan report, and a series of hardening operations for the security reinforcement. It realizes the automatic evaluation of server equipment security assessment and reinforcement, improves the efficiency of equipment safety assessment results analysis, reduces manual analysis errors, and improves the automation level of server equipment security reinforcement.
进一步地,所述调度单元还配置为接收所述服务器设备执行安全加固操作后反馈的加固报告。Further, the scheduling unit is further configured to receive a reinforcement report that is feedback after the server device performs a security hardening operation.
相比现有技术,本发明实施例方案提供第三方合规安全扫描报告导入功能,通过对比配置的解析规则,分析扫描报告,自动生成解决方案,同时自动生成可执行的安全加固程序,并提供在线、批量、自动化对服务器设备进行加固功能,实现从设备安全评估,到评估结果分析,再到设备安全加固的全流程、“一键”化、自动化安全加固,从而为提高评估结果分析效率、降低人工分析误差、提升安全加固的自动化水平,提供手段和方法。 Compared with the prior art, the solution of the embodiment of the present invention provides a third-party compliance security scan report import function, analyzes the scan report by comparing the configured parsing rules, automatically generates a solution, and automatically generates an executable security hardening program, and provides Online, batch, and automated reinforcement of server equipment, from equipment safety assessment, to evaluation results analysis, to the entire process of equipment security hardening, "one-click", automated security hardening, in order to improve the efficiency of evaluation results, Reduce the manual analysis error, improve the automation level of security reinforcement, and provide means and methods.
实际应用时,所述获取模块201、分析模块202、生成单元可由服务器设备安全管理装置中的处理器实现;所述加固模块203可由服务器设备安全管理装置中的处理器结合通信接口实现;所述调度单元可由服务器设备安全管理装置中的通信接口实现。In an actual application, the obtaining module 201, the analyzing module 202, and the generating unit may be implemented by a processor in the server device security management device; the hardening module 203 may be implemented by a processor in the server device security management device in combination with the communication interface; The scheduling unit can be implemented by a communication interface in the server device security management device.
还需要说明的是,在本文中,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者装置不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者装置所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括该要素的过程、方法、物品或者装置中还存在另外的相同要素。It is also to be understood that the term "comprises", "comprising", or any other variants thereof is intended to encompass a non-exclusive inclusion, such that a process, method, article, or device that comprises a And includes other elements not explicitly listed, or elements that are inherent to such a process, method, article, or device. An element that is defined by the phrase "comprising a ..." does not exclude the presence of additional equivalent elements in the process, method, item, or device that comprises the element.
上述本发明实施例序号仅仅为了描述,不代表实施例的优劣。The serial numbers of the embodiments of the present invention are merely for the description, and do not represent the advantages and disadvantages of the embodiments.
通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到上述实施例方法可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件,但很多情况下前者是更佳的实施方式。基于这样的理解,本发明的技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质(如ROM/RAM、磁碟、光盘)中,包括若干指令用以使得一台终端设备(可以是手机,计算机,服务器,或者网络设备等)执行本发明各个实施例所述的方法。Through the description of the above embodiments, those skilled in the art can clearly understand that the foregoing embodiment method can be implemented by means of software plus a necessary general hardware platform, and of course, can also be through hardware, but in many cases, the former is better. Implementation. Based on such understanding, the technical solution of the present invention, which is essential or contributes to the prior art, may be embodied in the form of a software product stored in a storage medium (such as ROM/RAM, disk, The optical disc includes a number of instructions for causing a terminal device (which may be a cell phone, a computer, a server, or a network device, etc.) to perform the methods described in various embodiments of the present invention.
基于此,本发明实施例还提供了一种计算机存储介质,所述计算机存储介质包括一组指令,当执行所述指令时,引起至少一个处理器执行本发明实施例所描述的服务器设备安全管理方法。Based on this, an embodiment of the present invention further provides a computer storage medium, where the computer storage medium includes a set of instructions, when executed, causing at least one processor to perform security management of the server device described in the embodiment of the present invention. method.
以上所述仅为本发明的实施例,并非因此限制本发明的专利范围,凡是利用本发明说明书及附图内容所作的等效结构或流程变换,或直接或间接运用在其它相关的技术领域,均同理包括在本发明的专利保护范围内。The above is only the embodiment of the present invention, and is not intended to limit the scope of the invention, and the equivalent structure or process change made by the specification and the drawings of the present invention may be directly or indirectly applied to other related technical fields. The same is included in the scope of patent protection of the present invention.
工业实用性Industrial applicability
本发明实施例提供的方案,通过获取对服务器设备的安全扫描报告分 析安全扫描报告,从安全扫描报告中分离出未通过安全检查条目的检索关键字;根据未通过安全检查条目的检索关键字,对相应的服务器设备进行安全加固,由此实现对服务器设备安全评估、分析及安全加固(的自动化处理,提高评估结果分析效率、降低人工分析误差、提升安全加固的自动化水平。 The solution provided by the embodiment of the present invention obtains a security scan report for the server device. Analysis of the security scan report, separating the search key that fails the security check entry from the security scan report; performing security hardening on the corresponding server device according to the search key that has not passed the security check entry, thereby implementing security assessment of the server device , analysis and security reinforcement (automatic processing, improve the efficiency of evaluation results analysis, reduce manual analysis errors, improve the automation level of security reinforcement.

Claims (11)

  1. 一种服务器设备安全管理方法,包括:A server device security management method includes:
    获取对服务器设备的安全扫描报告;Obtain a security scan report for the server device;
    分析所述安全扫描报告,从所述安全扫描报告中分离出未通过安全检查条目的检索关键字;Analyzing the security scan report, separating a search keyword that fails the security check entry from the security scan report;
    根据所述未通过安全检查条目的关键字,对所述服务器设备进行安全加固。The server device is security hardened according to the keyword that does not pass the security check entry.
  2. 根据权利要求1所述的方法,其中,所述根据所述未通过安全检查条目的关键字,对所述服务器设备进行安全加固的步骤包括:The method according to claim 1, wherein the step of performing security hardening on the server device according to the keyword that does not pass the security check entry comprises:
    根据所述未通过安全检查条目的检索关键字,检索加固程序库,为服务器设备生成可执行的安全加固程序包;Retrieving the reinforcement program library according to the retrieval keyword that does not pass the security check entry, and generating an executable security reinforcement package for the server device;
    将所述可执行的安全加固程序包上传至对应的服务器设备,以在所述对应的服务器设备上执行安全加固操作。Uploading the executable security hardening package to a corresponding server device to perform a security hardening operation on the corresponding server device.
  3. 根据权利要求2所述的方法,其中,所述根据所述未通过安全检查条目的检索关键字,检索加固程序库,为服务器设备生成可执行的安全加固程序包的步骤包括:The method of claim 2, wherein the step of retrieving the hardening library according to the retrieval key that does not pass the security check entry, and generating an executable security hardening package for the server device comprises:
    根据所述未通过安全检查条目的检索关键字,检索自动化加固程序库,获得与未通过安全检查条目对应的自动化加固程序;Retrieving an automated hardening library according to the search key that does not pass the security check entry, and obtaining an automated hardening program corresponding to the failed security check entry;
    为获得的自动化加固程序生成可执行脚本;Generate executable scripts for the obtained automated hardening program;
    基于自动化加固程序生成的可执行脚本,为服务器设备生成可执行的安全加固程序包。An executable security hardening package is generated for the server device based on an executable script generated by the automated hardening program.
  4. 根据权利要求1、2或3所述的方法,其中,所述获取对服务器设备的安全扫描报告的步骤包括:The method of claim 1, 2 or 3, wherein the step of obtaining a security scan report for the server device comprises:
    选取第三方安全扫描报告平台,并获取所述第三方安全扫描报告平台的标识及模板信息;Selecting a third-party security scan report platform, and obtaining the identifier and template information of the third-party security scan report platform;
    从选取的第三方安全扫描报告平台获取对服务器设备的安全扫描报 告;Obtain a security scan report of the server device from the selected third-party security scan report platform Report
    根据所述第三方安全扫描报告平台的标识及模板信息,从数据存储模块中获取对应的报告解析策略;Obtaining a corresponding report resolution policy from the data storage module according to the identifier and template information of the third-party security scan report platform;
    获取对应的检索关键字。Get the corresponding search keyword.
  5. 根据权利要求2所述的方法,其中,所述方法还包括:The method of claim 2, wherein the method further comprises:
    接收所述服务器设备执行安全加固操作后反馈的加固报告。Receiving a reinforcement report fed back by the server device after performing a security hardening operation.
  6. 一种服务器设备安全管理装置,包括:A server device security management device includes:
    获取模块,配置为获取对服务器设备的安全扫描报告;Obtaining a module configured to obtain a security scan report for the server device;
    分析模块,配置为分析所述安全扫描报告,从所述安全扫描报告中分离出未通过安全检查条目的检索关键字;An analysis module configured to analyze the security scan report, and separate a search keyword that fails the security check entry from the security scan report;
    加固模块,配置为根据所述未通过安全检查条目的关键字,对所述服务器设备进行安全加固。The security module is configured to perform security hardening on the server device according to the keyword that does not pass the security check entry.
  7. 根据权利要求6所述的装置,其中,所述加固模块包括:The apparatus of claim 6 wherein said reinforcement module comprises:
    生成单元,配置为根据所述未通过安全检查条目的检索关键字,检索加固程序库,为服务器设备生成可执行的安全加固程序包;a generating unit, configured to retrieve a hardening library according to the retrieval key that does not pass the security check entry, and generate an executable security hardening package for the server device;
    调度单元,配置为将所述可执行的安全加固程序包上传至对应的服务器设备,以在所述对应的服务器设备上执行安全加固操作。The scheduling unit is configured to upload the executable security hardening package to the corresponding server device to perform a security hardening operation on the corresponding server device.
  8. 根据权利要求7所述的装置,其中,The apparatus according to claim 7, wherein
    所述生成单元,还配置为根据所述未通过安全检查条目的检索关键字,检索自动化加固程序库,获得与未通过安全检查条目对应的自动化加固程序;为获得的自动化加固程序生成可执行脚本;基于自动化加固程序生成的可执行脚本,为服务器设备生成可执行的安全加固程序包。The generating unit is further configured to: retrieve an automated hardening library according to the search key that does not pass the security check entry, obtain an automated hardening program corresponding to the failed security check entry; generate an executable script for the obtained automated hardening program An executable security hardening package for the server device based on an executable script generated by the automated hardening program.
  9. 根据权利要求6、7或8所述的装置,其中,The device according to claim 6, 7 or 8, wherein
    所述获取模块,配置为选取第三方安全扫描报告平台,并获取所述第三方安全扫描报告平台的标识及模板信息;从选取的第三方安全扫描报告 平台获取对服务器设备的安全扫描报告;根据所述第三方安全扫描报告平台的标识及模板信息,从数据存储模块中获取对应的报告解析策略;获取对应的检索关键字。The obtaining module is configured to select a third-party security scan reporting platform, and obtain the identifier and template information of the third-party security scan reporting platform; and select a third-party security scan report. The platform obtains a security scan report for the server device, and obtains a corresponding report resolution policy from the data storage module according to the identifier and template information of the third-party security scan report platform; and obtains a corresponding search keyword.
  10. 根据权利要求7所述的装置,其中,The apparatus according to claim 7, wherein
    所述调度单元,还配置为接收所述服务器设备执行安全加固操作后反馈的加固报告。The scheduling unit is further configured to receive a reinforcement report fed back by the server device after performing a security hardening operation.
  11. 一种计算机存储介质,所述计算机存储介质包括一组指令,当执行所述指令时,引起至少一个处理器执行如权利要求1至5任一项所述的服务器设备安全管理方法。 A computer storage medium comprising a set of instructions that, when executed, cause at least one processor to perform the server device security management method of any one of claims 1 to 5.
PCT/CN2017/076797 2016-04-01 2017-03-15 Method and device for server device security management and computer storage medium WO2017167015A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201610203332.9A CN107292175A (en) 2016-04-01 2016-04-01 Server apparatus method for managing security and device
CN201610203332.9 2016-04-01

Publications (1)

Publication Number Publication Date
WO2017167015A1 true WO2017167015A1 (en) 2017-10-05

Family

ID=59962560

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/076797 WO2017167015A1 (en) 2016-04-01 2017-03-15 Method and device for server device security management and computer storage medium

Country Status (2)

Country Link
CN (1) CN107292175A (en)
WO (1) WO2017167015A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111596968A (en) * 2020-04-28 2020-08-28 上海帆一尚行科技有限公司 Security reinforcement system, method thereof, server, client, electronic device and storage medium

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108881159B (en) * 2018-05-04 2022-06-21 中国信息安全研究院有限公司 Safety control method
CN110233758A (en) * 2019-06-10 2019-09-13 广东电网有限责任公司 A kind of safety encryption of service system, device and relevant device

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101873231A (en) * 2010-07-06 2010-10-27 联想网御科技(北京)有限公司 Network intrusion character configuration method and system
CN102075347A (en) * 2010-11-18 2011-05-25 北京神州绿盟信息安全科技股份有限公司 Security configuration checking equipment and method, and network system adopting equipment
CN102684911A (en) * 2012-03-14 2012-09-19 北京神州绿盟信息安全科技股份有限公司 Security configuration checking device and method and security configuration checking network system
CN103049702A (en) * 2013-01-05 2013-04-17 浪潮电子信息产业股份有限公司 Server layer based security reinforcing strategy
US8850587B2 (en) * 2007-05-04 2014-09-30 Wipro Limited Network security scanner for enterprise protection
CN104778414A (en) * 2015-05-06 2015-07-15 广州万方计算机科技有限公司 Vulnerability management system and method
CN106033512A (en) * 2015-03-20 2016-10-19 中兴通讯股份有限公司 Security vulnerability reinforcing method and system

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8850587B2 (en) * 2007-05-04 2014-09-30 Wipro Limited Network security scanner for enterprise protection
CN101873231A (en) * 2010-07-06 2010-10-27 联想网御科技(北京)有限公司 Network intrusion character configuration method and system
CN102075347A (en) * 2010-11-18 2011-05-25 北京神州绿盟信息安全科技股份有限公司 Security configuration checking equipment and method, and network system adopting equipment
CN102684911A (en) * 2012-03-14 2012-09-19 北京神州绿盟信息安全科技股份有限公司 Security configuration checking device and method and security configuration checking network system
CN103049702A (en) * 2013-01-05 2013-04-17 浪潮电子信息产业股份有限公司 Server layer based security reinforcing strategy
CN106033512A (en) * 2015-03-20 2016-10-19 中兴通讯股份有限公司 Security vulnerability reinforcing method and system
CN104778414A (en) * 2015-05-06 2015-07-15 广州万方计算机科技有限公司 Vulnerability management system and method

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111596968A (en) * 2020-04-28 2020-08-28 上海帆一尚行科技有限公司 Security reinforcement system, method thereof, server, client, electronic device and storage medium
CN111596968B (en) * 2020-04-28 2023-10-17 上海帆一尚行科技有限公司 Security reinforcement system and method, server side, client side, electronic equipment and storage medium thereof

Also Published As

Publication number Publication date
CN107292175A (en) 2017-10-24

Similar Documents

Publication Publication Date Title
US11038784B2 (en) Techniques for evaluating server system reliability, vulnerability and component compatibility using crowdsourced server and vulnerability data
US20210352099A1 (en) System for automatically discovering, enriching and remediating entities interacting in a computer network
US7890802B2 (en) System and method for automated and assisted resolution of IT incidents
US9467393B2 (en) Network component placement architecture
US20180293233A1 (en) Automated database migration architecture
US20210342313A1 (en) Autobuild log anomaly detection methods and systems
US11327827B1 (en) Optimizing display of suggested actions in a workbook
US20150121526A1 (en) Methods and systems for malware analysis
WO2019100576A1 (en) Automated test management method and apparatus, terminal device, and storage medium
WO2019100577A1 (en) Automated test management method and apparatus, terminal device, and storage medium
US10936308B2 (en) Multi-tenant collaborative learning
US20170228220A1 (en) Self-healing automated script-testing tool
US10379894B1 (en) Lineage-based trust for virtual machine images
US11533223B2 (en) Systems and methods for network management
WO2017167015A1 (en) Method and device for server device security management and computer storage medium
US10599454B2 (en) Database systems and related methods for validation workflows
US11055205B1 (en) Regression testing using automation technologies
US20210344701A1 (en) System and method for detection promotion
US20130091152A1 (en) Identifying unknown parameter and name value pairs
CN112015715A (en) Industrial Internet data management service testing method and system
US11341090B2 (en) Seamless data movement and metadata management in a hybrid cloud setting using a configurable micro services based architecture
US11360823B2 (en) Predicting and Scheduling a frequency of scanning areas where occurrences of an actual state of a cloud environment departing from a desired state are high
CN113297028A (en) Script execution method and device, computer equipment and storage medium
US10606577B1 (en) System and method for assuring customers during software deployment
US20240037079A1 (en) Automated validation of database deployments

Legal Events

Date Code Title Description
NENP Non-entry into the national phase

Ref country code: DE

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17773045

Country of ref document: EP

Kind code of ref document: A1

122 Ep: pct application non-entry in european phase

Ref document number: 17773045

Country of ref document: EP

Kind code of ref document: A1