CN102143168A - Linux platform-based server safety performance real-time monitoring method and system - Google Patents
Linux platform-based server safety performance real-time monitoring method and system Download PDFInfo
- Publication number
- CN102143168A CN102143168A CN2011100471326A CN201110047132A CN102143168A CN 102143168 A CN102143168 A CN 102143168A CN 2011100471326 A CN2011100471326 A CN 2011100471326A CN 201110047132 A CN201110047132 A CN 201110047132A CN 102143168 A CN102143168 A CN 102143168A
- Authority
- CN
- China
- Prior art keywords
- server
- legal
- access
- visitor
- control module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000012544 monitoring process Methods 0.000 title claims abstract description 64
- 238000000034 method Methods 0.000 title claims abstract description 29
- 238000012550 audit Methods 0.000 claims description 16
- 238000005516 engineering process Methods 0.000 description 13
- 230000007246 mechanism Effects 0.000 description 7
- 230000008569 process Effects 0.000 description 6
- 238000004364 calculation method Methods 0.000 description 5
- 239000000203 mixture Substances 0.000 description 5
- 238000004458 analytical method Methods 0.000 description 4
- 230000008901 benefit Effects 0.000 description 4
- 238000007405 data analysis Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 238000012545 processing Methods 0.000 description 4
- 238000007726 management method Methods 0.000 description 3
- 238000013474 audit trail Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 230000003139 buffering effect Effects 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 241001269238 Data Species 0.000 description 1
- 241000700605 Viruses Species 0.000 description 1
- 230000015572 biosynthetic process Effects 0.000 description 1
- 238000007906 compression Methods 0.000 description 1
- 230000006835 compression Effects 0.000 description 1
- 239000012141 concentrate Substances 0.000 description 1
- 230000007123 defense Effects 0.000 description 1
- 230000008260 defense mechanism Effects 0.000 description 1
- 230000002950 deficient Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000007613 environmental effect Effects 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 238000009472 formulation Methods 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 238000010606 normalization Methods 0.000 description 1
- GOLXNESZZPUPJE-UHFFFAOYSA-N spiromesifen Chemical compound CC1=CC(C)=CC(C)=C1C(C(O1)=O)=C(OC(=O)CC(C)(C)C)C11CCCC1 GOLXNESZZPUPJE-UHFFFAOYSA-N 0.000 description 1
Images
Landscapes
- Storage Device Security (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a linux platform-based server safety performance real-time monitoring method and a linux platform-based server safety performance real-time monitoring system, which aim to overcome the shortcoming of real-time monitoring realization incapability of a conventional linux platform-based server safety performance monitoring scheme. The system comprises an access control module, a data control module and a service control module, wherein the access control module is used for generating an access log to monitor the safety performance of a server in real time when a server access request submitted by an accessor is legal; the data control module is used for generating an operating log according to operations corresponding to operating requests to monitor the safety performance of the server in real time when the legal accessor has the rights of operating target data in the server; and the service control module is used for generating a service log to monitor the safety performance of the server in real time when the server externally performs service accessing according to standard accessing rules. By the system and the method, the real-time monitoring of the safety performance of the server is realized.
Description
Technical field
The present invention relates to server security performance monitoring technology, relate in particular to a kind of server security performance method for real-time monitoring and system based on the linux platform.
Background technology
Along with the quickening of IT application process, computer and network are used widely in all trades and professions, and it is more and more important that safety issue has become.To the client that the data confidentiality is had relatively high expectations, press for the fail safe server safety guarantee is provided.On the other hand, the service management personnel also press for the security performance of fail safe framework technology raising self system.
At present, though the server security performance monitoring scheme of existing a small amount of linux platform, but also all can not accomplish real-time monitoring, and when monitoring to the occupancy of host resource than higher, versatility is also relatively poor, mainly carry out, can not expand on dynamic flexible ground at concrete industry or application.
Summary of the invention
Technical problem to be solved by this invention is to provide a kind of server security performance real-time monitoring technique, overcomes existing server security performance monitoring scheme based on the linux platform and can not realize the defective of monitoring in real time.
In order to solve the problems of the technologies described above, the present invention at first provides a kind of server security performance real-time monitoring system based on the linux platform, comprising:
Access control module is used to receive the access request to this server that the visitor submits to, generates access log according to this access request when this visitor is legal, monitors the security performance of this server in real time according to this access log;
The Data Control module, be used for receiving the operation requests of this legal visitor to this server target data, when possessing operating right to this target data, this legal visitor, monitors the security performance of this server in real time according to this Operation Log according to the operation generating run daily record of this operation requests correspondence;
Message control module is used for generating business diary when this server externally carries out Operational Visit according to the access rule of standard, and monitors the security performance of this server according to this business diary in real time.
Preferably, this access control module comprises:
First receives submodule, is used to receive this access request that this visitor submits to;
First judges submodule, is used to judge whether this access request is legal;
First enables submodule, is used for this and first judges that submodule judges this access request and allow the Operational Visit of this visitor to this server when legal;
First generates submodule, generates access log when being used for legal visitor and according to this access request this server being carried out this Operational Visit;
First monitoring submodule is used for monitoring in real time according to this access log the security performance of this server.
Preferably, this access control module comprises:
Second receives submodule, is used for receiving this access control module and thinks legal this visitor this operation requests to this server target data;
Second judges submodule, is used for judging that according to this operation requests this access control module thinks whether this legal visitor possesses this operating right to this server target data;
Second enables submodule, is used for this second judge module and judges this access control module and think the operation of legal this visitor of permission when this legal visitor possesses this operating right to this server target data to this target data;
Second generates submodule, is used for this and second enables submodule when allowing this legal visitor to the operation of this target data, generates this Operation Log according to the operation of this operation requests correspondence;
Second monitoring submodule is used for monitoring in real time according to this Operation Log the security performance of this server.
Preferably, this message control module comprises:
Formulate submodule, be used for this access rule that business tine that characteristics and user according to the external Operational Visit of this server be concerned about is formulated standard;
The 3rd generates submodule, is used for generating when this server externally carries out this Operational Visit according to this access rule of standard this business diary;
The 3rd monitoring submodule is used for monitoring in real time according to this business diary the security performance of this server.
Preferably, this system further comprises:
The audit module is used for follow-up auditing is carried out in this access log, Operation Log and business diary.
In order to solve the problems of the technologies described above, the present invention also provides a kind of server security performance method for real-time monitoring based on the linux platform, comprising:
Receive the access request that the visitor submits to, when this visitor is legal, generate access log, monitor the security performance of this server according to this access log in real time according to this access request to this server;
Receive the operation requests of this legal visitor to target data in this server, when possessing operating right to this target data, this legal visitor, monitors the security performance of this server in real time according to this Operation Log according to the operation generating run daily record of this operation requests correspondence;
When this server externally carries out Operational Visit according to the access rule of standard, generate business diary, and monitor the security performance of this server according to this business diary in real time.
Preferably, when this visitor is legal, generate the step of access log, comprising according to this access request:
Judge whether this access request is legal;
Judge this access request and allow the Operational Visit of this visitor when legal this server;
When carrying out this Operational Visit according to this access request to this server, legal visitor generates access log.
Preferably, when possessing operating right to this target data, this legal visitor, comprising according to the step of the operation generating run daily record of this operation requests correspondence:
Judge that according to this operation requests this access control module thinks whether this legal visitor possesses this operating right to target data in this server;
Judge this access control module and think that legal this visitor allows the operation of this legal visitor to this target data when target data possesses this operating right in this server;
When allowing this legal visitor, generate this Operation Log according to the operation of this operation requests correspondence to the operation of this target data.
Preferably, when this server externally carries out Operational Visit according to the access rule of standard, generate the step of business diary, comprising:
The business tine of being concerned about according to the characteristics of the external Operational Visit of this server and user is formulated this access rule of standard;
This server generates this business diary when externally carrying out this Operational Visit according to this access rule of standard.
Preferably, this method further comprises:
Follow-up auditing is carried out in this access log, Operation Log and business diary.
In the technical scheme of the present invention, comprise the transmission and the analysis of daily record, the monitoring of host computer system status data and data analysis etc. all are based on the realization of linux technology, therefore technical scheme of the present invention is based on the dynamic state server security performance monitoring technique of linux platform, it is compared with traditional server performance monitoring technique, and main advantage shows:
(1) data message that obtains is timely, accurate, expandability is good, can fill monitor event at any time, satisfies the security monitoring demand; All at the safe condition of monitoring server, guarantee the timely and accuracy of the information of obtaining from start to finish; Utilize Data Control module and message control module to define flexibly, and provide on limits interface, so extendibility and highly versatile, satisfy obstructed user's monitoring demand for the user definition monitor event according to the characteristics of using.
(2) flexible, low to the server resource occupancy, by introducing buffer technology, the batch updating buffered data has improved the resource utilization of server, has alleviated load of server; By introducing buffer technology, the a large amount of access log that produces in the access control module is submitted to buffering area earlier, treats to be submitted on the hard disk in batches again when a period of time or buffering area are full, avoid the contention of disk I like this, alleviate the burden of writing of server, improved the disk I performance.
(3) adopt text file format as transfer files, reduce the network bandwidth greatly; In technical scheme of the present invention, the access log that is generated all writes down with text formatting and transmits, so be convenient to handle, and Document type data itself to take byte few, save the network bandwidth during transfer of data.
(4) safe, utilize layered defense mechanism, improved server security greatly; In the technical scheme of the present invention, at first mask illegal requestor by access control module, come further control section legitimate request person's visit then by the Data Control module, also write down legitimate request person's behavior at last by message control module, by defence layer by layer, the fail safe that has improved server greatly.
Other features and advantages of the present invention will be set forth in the following description, and, partly from specification, become apparent, perhaps understand by implementing the present invention.Purpose of the present invention and other advantages can realize and obtain by specifically noted structure in specification, claims and accompanying drawing.
Description of drawings
Accompanying drawing is used to provide the further understanding to technical solution of the present invention, and constitutes the part of specification, is used from embodiments of the invention one and explains technical scheme of the present invention, does not constitute the restriction to technical solution of the present invention.In the accompanying drawings:
Fig. 1 is the composition schematic diagram of the embodiment of the invention one server safe monitoring system;
Fig. 2 is the composition schematic diagram of middle access control module embodiment illustrated in fig. 1;
Fig. 3 is the composition schematic diagram of middle Data Control module embodiment illustrated in fig. 1;
Fig. 4 is the composition schematic diagram of another embodiment of the present invention server safe monitoring system;
Fig. 5 is the schematic flow sheet of the embodiment of the invention two server safe monitoring methods.
Embodiment
Describe embodiments of the present invention in detail below with reference to drawings and Examples, how the application technology means solve technical problem to the present invention whereby, and the implementation procedure of reaching technique effect can fully understand and implements according to this.
At first, if do not conflict, the mutually combining of each feature among the embodiment of the invention and the embodiment is all within protection scope of the present invention.In addition, can in computer system, carry out in the step shown in the flow chart of accompanying drawing such as a set of computer-executable instructions, and, though there is shown logical order in flow process, but in some cases, can carry out step shown or that describe with the order that is different from herein.
Embodiment one, based on the server safe monitoring system of linux platform
As shown in Figure 1, present embodiment safety monitoring system 100 mainly comprises access control module 110, Data Control module 120 and message control module 130, wherein:
This message control module 130 is with the standardized process of access rule, be to formulate flexibly according to the characteristics of the external Operational Visit of server and the business tine that the user was concerned about, classified papers for example, if a unauthorized requestor (illegal request person in other words) attempts continuous 3 visits to attempt opening this file, so just can trigger early warning, generating access log is potential object of suspicion to write down this requestor.All surpass 95% such as the long-time Intranet card of server network utilance again, so also can trigger early warning, think that this server may be subjected to the network attack or the middle virus of certain website.These classified papers are herein visited for 3 times and 95% network card utilance is exactly the normalisation rule of respective behavior.
If continuous 3 visits of definition requestor (user) are not during to the classified papers (also being that access request is illegal) of its mandate, its server security grade is 0, continuous when visiting these classified papers 20 times, its server security grade is 1, continuous 30 visits, its server security tier definition is 2, is 2 o'clock if the analyzing and processing layer counts on safe class, will forbid that server provides service for this user.This shows that all analysis data all come from user's behavior record, the analyzing and processing layer can be according to these rules, and the information that extracts in the access log is analyzed, and lists the safety problem grade.
In the present embodiment, above-mentioned access control module 110 can comprise that the first reception submodule 210, the first judgement submodule 220, first enable submodule 230, first and generate the submodule 240 and first monitoring submodule 250 as shown in Figure 2, wherein:
First receives submodule 210, is used to receive the access request that the visitor submits to;
First judges submodule 220, receives submodule 210 and links to each other with first, is used to judge whether the access request that the first reception submodule 210 received is legal;
First enables submodule 230, judges that with first submodule 220 links to each other, be used for first judge submodule 220 judge first receive access request that submodule 210 received when legal the permission visitor to the Operational Visit of this server;
First generates submodule 240, first receives submodule 210 and first and enables submodule 230 and link to each other with this, generation access log when being used for legal visitor and according to access request this server being carried out this Operational Visit;
First monitoring submodule 250 links to each other with this first generation submodule 240, is used for monitoring in real time according to access log the security performance of this server, and can carries out Realtime Alerts according to monitored results where necessary.
Above-mentioned Data Control module 120 mainly is to be used to resist the invador who breaks through access control module 110, prevents that the invador from destroying the data that database is stored in the server.This module adopts the administrative mechanism of role-view-user right to realize, refine to the row in the table data, and the critical data at database storage adopts encryption mechanism to handle simultaneously.
In the administrative mechanism of above-mentioned role-view-user right, role's definition is the management for the ease of security permission, be certain data to be read and/or a combination of write permission with fine-grained, for example Li worker can read and/or write the data of certain table, so just can define a role, be read-write this table.If Wang worker also has the role of this table of read-write, so directly this role is composed to Wang worker, and do not need to compose separately authority, this role can define flexibly.View is in order to shield True Data, to be provided with according to user right, and the user can only see the data that belong within the scope of authority, and can not see the data that exceed outside the scope of authority.The above-mentioned implication that refine to the row in the table data is meant that the granularity of Data Security Control can reach a columns certificate, for example the address name of Bank Account Number table row are maintained secrecy, just can encrypt control to the name row, this user's age can allow the user see, then can not encrypt.
In the present embodiment, above-mentioned Data Control module 120 can comprise that the second reception submodule 310, the second judgement submodule 320, second enable submodule 330, second and generate the submodule 340 and second monitoring submodule 350 as shown in Figure 3, wherein:
Second receives submodule 310, links to each other with this access control module 110, is used for receiving access control module 110 and thinks the legal visitor operation requests to the server target data;
Second judges submodule 320, receives submodule 310 with this access control module 110 and second and links to each other, and is used for judging that according to this operation requests access control module 110 thinks whether legal visitor possesses corresponding operating right to the server target data;
Second enables submodule 330, judge that with second submodule 320 links to each other, be used for second judge module and judge access control module 110 and think the operation of the legal visitor of permission when legal visitor possesses corresponding operating right to the server target data target data;
Second generates submodule 340, enables submodule 330 and links to each other with second, is used for second when enabling the legal visitor of submodule 330 permissions to the operation of target data, according to the operation generating run daily record of operation requests correspondence;
In the present embodiment, above-mentioned message control module 130 can comprise that formulating submodule, the 3rd generates submodule and the 3rd monitoring submodule, wherein:
Formulate submodule, be used for this access rule that business tine that characteristics and user according to the external Operational Visit of this server be concerned about is formulated standard;
The 3rd generates submodule, links to each other with this formulations submodule, generation business diary when being used for this server and externally carrying out this Operational Visit according to this access rule of standard;
The 3rd monitoring submodule links to each other with the 3rd generation submodule, is used for the security performance according to the real-time monitoring server of this business diary, and can carries out Realtime Alerts according to monitored results where necessary.
As shown in Figure 4, in the embodiment of another real-time monitoring system of the present invention, can also comprise an audit module 410, wherein:
Embodiment two, based on the server security performance method for real-time monitoring of linux platform
Please refer to Fig. 1 to Fig. 3 and corresponding explanatory note, present embodiment as shown in Figure 5 mainly comprises the steps:
Step S510 receives the access request to this server that the visitor submits to, generates access log according to this access request when this visitor is legal, monitors the security performance of this server in real time according to this access log;
Step S520, receive the operation requests of this legal visitor to target data in this server, when possessing operating right to this target data, this legal visitor, monitors the security performance of this server in real time according to this Operation Log according to the operation generating run daily record of this operation requests correspondence;
Step S530 generates business diary when this server externally carries out Operational Visit according to the access rule of standard, and monitors the security performance of this server in real time according to this business diary.
Wherein, the above-mentioned step that generates access log when this visitor is legal according to this access request can comprise:
Judge whether this access request is legal;
Judge this access request and allow the Operational Visit of this visitor when legal this server;
When carrying out this Operational Visit according to this access request to this server, legal visitor generates access log.
Wherein, above-mentioned when this legal visitor possesses operating right to this target data according to the step of the operation generating run daily record of this operation requests correspondence, can comprise:
Judge that according to this operation requests this access control module thinks whether this legal visitor possesses this operating right to target data in this server;
Judge this access control module and think that legal this visitor allows the operation of this legal visitor to this target data when target data possesses this operating right in this server;
When allowing this legal visitor, generate this Operation Log according to the operation of this operation requests correspondence to the operation of this target data.
Wherein, the above-mentioned step that generates business diary when this server externally carries out Operational Visit according to the access rule of standard can comprise:
The business tine of being concerned about according to the characteristics of the external Operational Visit of this server and user is formulated this access rule of standard;
This server generates this business diary when externally carrying out this Operational Visit according to this access rule of standard.
Wherein, this method of present embodiment may further include step:
Follow-up auditing is carried out in this access log, Operation Log and business diary.
Technical scheme of the present invention is when specific implementation, and at first the environmental variance of define system comprises host information, and the installation directory of database and some other information are mainly used to that certain of correct identified server is concrete to be used.Utilize the monitor command of linux system self such as the time that TOP, SAR and Uptime etc. obtain the host server operation then, whether the system resource operation is normal, all these information are all recorded in the relevant journal file, by Network Transmission corresponding journal file is copied on the security server at last and prepare for the follow-up data analysis.Whether the system always service processing result of the tested server of circulatory monitoring reaches the threshold value of a certain index.If reach this threshold value, then call monitor-interface and monitor and report to the police.The major function of monitor-interface is the server security rank of obtaining according to data analysis, judge that the mode of notifying the user is to select mail or mobile phone mode, if level of security is than higher, just directly send to the user by note, if level of security is lower, then send to the user by mail, if just some warning, could post-processed.Show that in the result handling is exactly the result who handles according to data analysis, carry out the arrangement of historical data, be depicted as the form of chart then, be convenient to the security performance variation tendency of the whole server running of customer analysis.
The present invention is based on the raising server security performance of linux platform and the technical scheme of real-time early warning, when having improved server security, also add audit function, in case can carry out audit-trail when preventing from the server security problem takes place, prevent to deny and take place, and, remind administrative staff to take timely measure by real-time early warning mechanism.In addition, technical solution of the present invention has been introduced the layered defense technology, access control module can utilize encryption mechanism and password controls, encryption mechanism and audit-trail that access control module can utilize the database security encryption technology to be provided to row are handled, message control module can provide log analysis and management function, comprise the compression of daily record, dump etc.
Technical scheme of the present invention both had been suitable for user's deployment secure architectural schemes of security request data strictness, was suitable for researching and developing the fail safe server again, improved the performance of security server.For the attendant, can solve the denial that causes because of safety problem well by technical scheme of the present invention and take place, can take measures as early as possible simultaneously, loss is dropped to minimum.And technical scheme of the present invention also has in time, accurately, extensibility is strong, to plurality of advantages such as the server resource occupation rate are low.
Technical scheme of the present invention is the operation conditions of monitoring server in real time, and comes the security threat of reponse system existence promptly and accurately by customized strategy.Utilize buffer technology, reduce system load, and provide because of Insufficient disk space adopts circulation daily record overlay strategy and compress backup function, these all traditional method for monitoring performance and general audit safety monitoring technology are difficult to realize.
Those skilled in the art should be understood that, each module among above-mentioned system of the present invention or the device embodiment, submodule, and/or each step among the method embodiment can realize with the general calculation device, they can concentrate on the single calculation element, perhaps be distributed on the network that a plurality of calculation element forms, alternatively, they can be realized with the executable program code of calculation element, thereby, they can be stored in the storage device and carry out by calculation element, perhaps they are made into each integrated circuit modules respectively, perhaps a plurality of modules in them or step are made into the single integrated circuit module and realize.Like this, the present invention is not restricted to any specific hardware and software combination.
Though the disclosed execution mode of the present invention as above, the execution mode that described content just adopts for the ease of understanding the present invention is not in order to limit the present invention.Technical staff in any the technical field of the invention; under the prerequisite that does not break away from the disclosed spirit and scope of the present invention; can do any modification and variation what implement in form and on the details; but scope of patent protection of the present invention still must be as the criterion with the scope that appending claims was defined.
Claims (10)
1. server security performance real-time monitoring system based on the linux platform comprises:
Access control module is used to receive the access request to this server that the visitor submits to, generates access log according to this access request when this visitor is legal, monitors the security performance of this server in real time according to this access log;
The Data Control module, be used for receiving the operation requests of this legal visitor to this server target data, when possessing operating right to this target data, this legal visitor, monitors the security performance of this server in real time according to this Operation Log according to the operation generating run daily record of this operation requests correspondence;
Message control module is used for generating business diary when this server externally carries out Operational Visit according to the access rule of standard, and monitors the security performance of this server according to this business diary in real time.
2. system according to claim 1, wherein, this access control module comprises:
First receives submodule, is used to receive this access request that this visitor submits to;
First judges submodule, is used to judge whether this access request is legal;
First enables submodule, is used for this and first judges that submodule judges this access request and allow the Operational Visit of this visitor to this server when legal;
First generates submodule, generates access log when being used for legal visitor and according to this access request this server being carried out this Operational Visit;
First monitoring submodule is used for monitoring in real time according to this access log the security performance of this server.
3. system according to claim 1, wherein, this access control module comprises:
Second receives submodule, is used for receiving this access control module and thinks legal this visitor this operation requests to this server target data;
Second judges submodule, is used for judging that according to this operation requests this access control module thinks whether this legal visitor possesses this operating right to this server target data;
Second enables submodule, is used for this second judge module and judges this access control module and think the operation of legal this visitor of permission when this legal visitor possesses this operating right to this server target data to this target data;
Second generates submodule, is used for this and second enables submodule when allowing this legal visitor to the operation of this target data, generates this Operation Log according to the operation of this operation requests correspondence;
Second monitoring submodule is used for monitoring in real time according to this Operation Log the security performance of this server.
4. system according to claim 1, wherein, this message control module comprises:
Formulate submodule, be used for this access rule that business tine that characteristics and user according to the external Operational Visit of this server be concerned about is formulated standard;
The 3rd generates submodule, is used for generating when this server externally carries out this Operational Visit according to this access rule of standard this business diary;
The 3rd monitoring submodule is used for monitoring in real time according to this business diary the security performance of this server.
5. system according to claim 1, wherein, this system further comprises:
The audit module is used for follow-up auditing is carried out in this access log, Operation Log and business diary.
6. server security performance method for real-time monitoring based on the linux platform comprises:
Receive the access request that the visitor submits to, when this visitor is legal, generate access log, monitor the security performance of this server according to this access log in real time according to this access request to this server;
Receive the operation requests of this legal visitor to target data in this server, when possessing operating right to this target data, this legal visitor, monitors the security performance of this server in real time according to this Operation Log according to the operation generating run daily record of this operation requests correspondence;
When this server externally carries out Operational Visit according to the access rule of standard, generate business diary, and monitor the security performance of this server according to this business diary in real time.
7. method according to claim 6 wherein, generates the step of access log according to this access request when this visitor is legal, comprising:
Judge whether this access request is legal;
Judge this access request and allow the Operational Visit of this visitor when legal this server;
When carrying out this Operational Visit according to this access request to this server, legal visitor generates access log.
8. method according to claim 6 wherein, according to the step of the operation generating run daily record of this operation requests correspondence, comprising when this legal visitor possesses operating right to this target data:
Judge that according to this operation requests this access control module thinks whether this legal visitor possesses this operating right to target data in this server;
Judge this access control module and think that legal this visitor allows the operation of this legal visitor to this target data when target data possesses this operating right in this server;
When allowing this legal visitor, generate this Operation Log according to the operation of this operation requests correspondence to the operation of this target data.
9. method according to claim 6 wherein, generates the step of business diary when this server externally carries out Operational Visit according to the access rule of standard, comprising:
The business tine of being concerned about according to the characteristics of the external Operational Visit of this server and user is formulated this access rule of standard;
This server generates this business diary when externally carrying out this Operational Visit according to this access rule of standard.
10. method according to claim 6, wherein, this method further comprises:
Follow-up auditing is carried out in this access log, Operation Log and business diary.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110047132.6A CN102143168B (en) | 2011-02-28 | 2011-02-28 | Linux platform-based server safety performance real-time monitoring method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110047132.6A CN102143168B (en) | 2011-02-28 | 2011-02-28 | Linux platform-based server safety performance real-time monitoring method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102143168A true CN102143168A (en) | 2011-08-03 |
| CN102143168B CN102143168B (en) | 2014-07-09 |
Family
ID=44410390
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110047132.6A Active CN102143168B (en) | 2011-02-28 | 2011-02-28 | Linux platform-based server safety performance real-time monitoring method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102143168B (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103051496A (en) * | 2012-12-21 | 2013-04-17 | 大唐软件技术股份有限公司 | Monitoring method and device of monitoring point server |
| CN104102878A (en) * | 2013-04-10 | 2014-10-15 | 中国科学院计算技术研究所 | Malicious code analysis method and system under Linux platform |
| CN104504014A (en) * | 2014-12-10 | 2015-04-08 | 无锡城市云计算中心有限公司 | Data processing method and device based on large data platform |
| CN104700024A (en) * | 2013-12-10 | 2015-06-10 | 中国移动通信集团黑龙江有限公司 | Method and system for auditing operational order of Unix-type host user |
| CN105207831A (en) * | 2014-06-12 | 2015-12-30 | 腾讯科技(深圳)有限公司 | Detection method and apparatus for operation event |
| CN105450660A (en) * | 2015-12-23 | 2016-03-30 | 北京安托软件技术有限公司 | Business resource security control system |
| CN107329884A (en) * | 2017-06-30 | 2017-11-07 | 郑州云海信息技术有限公司 | The access auditing method and system of a kind of storage system |
| CN111444061A (en) * | 2020-03-30 | 2020-07-24 | 浪潮商用机器有限公司 | Server resource monitoring method and system |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20010056550A1 (en) * | 2000-06-27 | 2001-12-27 | Lg Electronics Inc. | Protective device for internal resource protection in network and method for operating the same |
| CN101018119A (en) * | 2007-02-09 | 2007-08-15 | 浪潮电子信息产业股份有限公司 | Hardware-based server network security centralized management system without relevance to the operation system |
| CN101247263A (en) * | 2008-03-18 | 2008-08-20 | 浪潮电子信息产业股份有限公司 | Server centralized management method based on data link layer |
| US7437763B2 (en) * | 2003-06-05 | 2008-10-14 | Microsoft Corporation | In-context security advisor in a computing environment |
| CN101707632A (en) * | 2009-10-28 | 2010-05-12 | 浪潮电子信息产业股份有限公司 | Method for dynamically monitoring performance of server cluster and alarming real-timely |
| CN101826993A (en) * | 2010-02-04 | 2010-09-08 | 蓝盾信息安全技术股份有限公司 | Method, system and device for monitoring security event |
-
2011
- 2011-02-28 CN CN201110047132.6A patent/CN102143168B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20010056550A1 (en) * | 2000-06-27 | 2001-12-27 | Lg Electronics Inc. | Protective device for internal resource protection in network and method for operating the same |
| US7437763B2 (en) * | 2003-06-05 | 2008-10-14 | Microsoft Corporation | In-context security advisor in a computing environment |
| CN101018119A (en) * | 2007-02-09 | 2007-08-15 | 浪潮电子信息产业股份有限公司 | Hardware-based server network security centralized management system without relevance to the operation system |
| CN101247263A (en) * | 2008-03-18 | 2008-08-20 | 浪潮电子信息产业股份有限公司 | Server centralized management method based on data link layer |
| CN101707632A (en) * | 2009-10-28 | 2010-05-12 | 浪潮电子信息产业股份有限公司 | Method for dynamically monitoring performance of server cluster and alarming real-timely |
| CN101826993A (en) * | 2010-02-04 | 2010-09-08 | 蓝盾信息安全技术股份有限公司 | Method, system and device for monitoring security event |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103051496B (en) * | 2012-12-21 | 2016-06-22 | 大唐软件技术股份有限公司 | The monitoring method of a kind of monitoring point server and device |
| CN103051496A (en) * | 2012-12-21 | 2013-04-17 | 大唐软件技术股份有限公司 | Monitoring method and device of monitoring point server |
| CN104102878A (en) * | 2013-04-10 | 2014-10-15 | 中国科学院计算技术研究所 | Malicious code analysis method and system under Linux platform |
| CN104102878B (en) * | 2013-04-10 | 2017-02-08 | 中国科学院计算技术研究所 | Malicious code analysis method and system under Linux platform |
| CN104700024A (en) * | 2013-12-10 | 2015-06-10 | 中国移动通信集团黑龙江有限公司 | Method and system for auditing operational order of Unix-type host user |
| CN104700024B (en) * | 2013-12-10 | 2018-05-04 | 中国移动通信集团黑龙江有限公司 | A kind of method and system of Unix classes host subscriber operational order audit |
| CN105207831A (en) * | 2014-06-12 | 2015-12-30 | 腾讯科技(深圳)有限公司 | Detection method and apparatus for operation event |
| CN105207831B (en) * | 2014-06-12 | 2017-11-03 | 腾讯科技(深圳)有限公司 | The detection method and device of Action Events |
| CN104504014A (en) * | 2014-12-10 | 2015-04-08 | 无锡城市云计算中心有限公司 | Data processing method and device based on large data platform |
| CN104504014B (en) * | 2014-12-10 | 2018-03-13 | 无锡城市云计算中心有限公司 | Data processing method and device based on big data platform |
| CN105450660A (en) * | 2015-12-23 | 2016-03-30 | 北京安托软件技术有限公司 | Business resource security control system |
| CN107329884A (en) * | 2017-06-30 | 2017-11-07 | 郑州云海信息技术有限公司 | The access auditing method and system of a kind of storage system |
| CN111444061A (en) * | 2020-03-30 | 2020-07-24 | 浪潮商用机器有限公司 | Server resource monitoring method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102143168B (en) | 2014-07-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102143168B (en) | Linux platform-based server safety performance real-time monitoring method and system | |
| AU2018229433B2 (en) | System for the measurement and automated accumulation of diverging cyber risks, and corresponding method thereof | |
| US8601531B1 (en) | System authorization based upon content sensitivity | |
| CN101512490B (en) | Securing data in a networked environment | |
| CN100449540C (en) | Client-side security management for an operations, administration, and maintenance system for wireless clients | |
| KR102542720B1 (en) | System for providing internet of behavior based intelligent data security platform service for zero trust security | |
| CN108268354A (en) | Data safety monitoring method, background server, terminal and system | |
| CN104380657A (en) | System and method for determining and using local reputations of users and hosts to protect information in a network environment | |
| US10225249B2 (en) | Preventing unauthorized access to an application server | |
| US11693981B2 (en) | Methods and systems for data self-protection | |
| CN103763313A (en) | File protection method and system | |
| CN103530106A (en) | Method and system of context-dependent transactional management for separation of duties | |
| Wald | Legal Ethics' Next Frontier: Lawyers and Cybersecurity | |
| Luckey et al. | Assessing continuous evaluation approaches for insider threats | |
| Menascé | The insider threat security architecture: a framework for an integrated, inseparable, and uninterrupted self-protection mechanism | |
| GB2535579A (en) | Preventing unauthorized access to an application server | |
| Cha et al. | A blockchain-enabled IoT auditing management system complying with ISO/IEC 15408-2 | |
| Papa et al. | Availability based risk analysis for SCADA embedded computer systems | |
| CN202218262U (en) | Safety management system for internal network information | |
| Van Bael et al. | A context-aware break glass access control system for iot environments | |
| KR20200071811A (en) | Security Service system based on cloud | |
| Zeng et al. | Auditing overhead, auditing adaptation, and benchmark evaluation in Linux | |
| CN108600178A (en) | A kind of method for protecting and system, reference platform of collage-credit data | |
| Ellison et al. | Security and survivability reasoning frameworks and architectural design tactics | |
| Mansikka | DATA LOSS PREVENTION: for securing enterprise data integrity |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20201106 Address after: 215100 No. 1 Guanpu Road, Guoxiang Street, Wuzhong Economic Development Zone, Suzhou City, Jiangsu Province Patentee after: SUZHOU LANGCHAO INTELLIGENT TECHNOLOGY Co.,Ltd. Address before: 100085 Beijing, Haidian District on the road to information on the ground floor, building 2-1, No. 1, C Patentee before: Inspur (Beijing) Electronic Information Industry Co.,Ltd. |
|
| TR01 | Transfer of patent right |