CN109560964B - Equipment compliance checking method and device - Google Patents

Equipment compliance checking method and device Download PDF

Info

Publication number
CN109560964B
CN109560964B CN201811425390.1A CN201811425390A CN109560964B CN 109560964 B CN109560964 B CN 109560964B CN 201811425390 A CN201811425390 A CN 201811425390A CN 109560964 B CN109560964 B CN 109560964B
Authority
CN
China
Prior art keywords
rule
compliance
equipment
relation
checking
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811425390.1A
Other languages
Chinese (zh)
Other versions
CN109560964A (en
Inventor
张玉妹
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
New H3C Technologies Co Ltd
Original Assignee
New H3C Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by New H3C Technologies Co Ltd filed Critical New H3C Technologies Co Ltd
Priority to CN201811425390.1A priority Critical patent/CN109560964B/en
Publication of CN109560964A publication Critical patent/CN109560964A/en
Application granted granted Critical
Publication of CN109560964B publication Critical patent/CN109560964B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0866Checking the configuration
    • H04L41/0869Validating the configuration within one network element

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Stored Programmes (AREA)

Abstract

The embodiment of the invention provides a method and a device for checking equipment compliance, wherein the method for checking the equipment compliance comprises the following steps: receiving a compliance checking instruction input by a user, wherein the compliance checking instruction comprises equipment information of equipment to be checked and a compliance rule relation corresponding to the equipment to be checked, and the compliance rule relation comprises a logical relation among a plurality of compliance rules; determining a checking result of the compliance rule in the compliance rule relation according to the equipment information of the equipment to be checked; and calculating the compliance checking result of the equipment to be checked according to the compliance rule relation and the checking result of the compliance rule in the compliance rule relation. By the scheme, flexible configuration of compliance checking can be realized.

Description

Equipment compliance checking method and device
Technical Field
The invention relates to the technical field of network security, in particular to a method and a device for checking equipment compliance.
Background
With the popularization of networks, especially the wide application of wireless networks, the working efficiency and the life convenience are greatly improved. Based on the consideration of network operation security, compliance check of the configuration of the network device, such as loop check of the device, device access configuration check, etc., is required, and under the condition that the configuration of the network device is determined to meet the national information security regulation or the company management regulation, the network is ensured to be in a safe and stable operation environment for a long time.
In the existing device compliance checking method, each configuration of the device is checked through network management software, and after each configuration is determined to reach a compliance checking result, the device is determined to be compliant. However, such a compliance check requires that all the check results are compliant in order to determine that the device is compliant, and that the compliance check is not configurable.
Disclosure of Invention
The embodiment of the invention aims to provide a method and a device for checking equipment compliance, so as to realize flexible configuration of compliance checking. The specific technical scheme is as follows:
in a first aspect, an embodiment of the present invention provides an apparatus compliance checking method, where the method includes:
receiving a compliance checking instruction input by a user, wherein the compliance checking instruction comprises equipment information of equipment to be checked and a compliance rule relation corresponding to the equipment to be checked, and the compliance rule relation comprises a logical relation among a plurality of compliance rules;
determining a checking result of a compliance rule in the compliance rule relation according to the equipment information of the equipment to be checked;
and calculating a compliance checking result of the equipment to be checked according to the compliance rule relation and the checking result of the compliance rule in the compliance rule relation.
In a second aspect, an embodiment of the present invention provides an apparatus for checking compliance of a device, where the apparatus includes:
the device comprises a receiving module, a judging module and a judging module, wherein the receiving module is used for receiving a compliance checking instruction input by a user, the compliance checking instruction comprises equipment information of equipment to be checked and a compliance rule relation corresponding to the equipment to be checked, and the compliance rule relation comprises a logic relation among a plurality of compliance rules;
the determining module is used for determining the checking result of the compliance rule in the compliance rule relation according to the equipment information of the equipment to be checked;
and the calculation module is used for calculating the compliance check result of the equipment to be checked according to the compliance rule relation and the check result of the compliance rule in the compliance rule relation.
In a third aspect, an embodiment of the present invention provides an inspection system, including a processor and a machine-readable storage medium, the machine-readable storage medium storing machine-executable instructions executable by the processor, the processor being caused by the machine-executable instructions to: the method steps according to the first aspect of the embodiments of the present invention are performed.
In a fourth aspect, embodiments of the invention provide a machine-readable storage medium storing machine-executable instructions that, when invoked and executed by a processor, cause the processor to: the method steps according to the first aspect of the embodiments of the present invention are performed.
According to the equipment compliance checking method and device provided by the embodiment of the invention, the compliance checking instruction input by a user is received, the checking result of the compliance rule in the compliance rule relation is determined according to the equipment information of the equipment to be checked in the compliance checking instruction and the compliance rule relation corresponding to the equipment to be checked, and the compliance checking result of the equipment to be checked is calculated according to the compliance rule relation and the checking result of the compliance rule in the compliance rule relation. The equipment information of the equipment to be checked and the compliance rule relation corresponding to the equipment to be checked are input by a user, and the user can configure the logic relation among a plurality of compliance rules in the compliance rule relation according to requirements, so that flexible configuration of compliance checking is realized.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a flow chart illustrating a method for compliance checking of a device according to an embodiment of the present invention;
FIG. 2 is a flow chart illustrating a compliance checking method of a device according to another embodiment of the present invention;
FIG. 3 is a flow chart illustrating a compliance checking method of a device according to another embodiment of the present invention;
FIG. 4 is a schematic structural diagram of an apparatus compliance checking device according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of an inspection system according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In order to ensure the normal operation of a network, the embodiment of the invention provides a device compliance checking method, a device, a checking system and a machine readable storage medium. The following first describes a device compliance checking method provided by an embodiment of the present invention.
The execution subject of the device compliance checking method provided by the embodiment of the present invention may be, for example, an intelligent management platform or other checking system for checking device security, and a manner of implementing the device compliance checking method provided by the embodiment of the present invention may be at least one manner of software, a hardware circuit, and a logic circuit provided in the execution subject.
As shown in fig. 1, a device compliance checking method provided in an embodiment of the present invention may include the following steps:
s101, receiving a compliance checking instruction input by a user, wherein the compliance checking instruction comprises equipment information of equipment to be checked and a compliance rule relation corresponding to the equipment to be checked, and the compliance rule relation comprises a logic relation among a plurality of compliance rules.
The user can input a compliance checking instruction on a display page of the checking system to create a compliance checking task, and the user can configure the requirement of compliance checking on which to-be-checked device with what logical relationship by inputting the compliance checking instruction, so that the compliance checking instruction comprises the device information of the to-be-checked device and the compliance rule relationship corresponding to the to-be-checked device. The devices to be inspected may be any type of devices, such as network devices in a corporate lan, campus lan, home network, etc., devices in a production line of a plant, etc. The Device information may be a type of the Device (for example, a Device of a network switching type such as a switch and a router, a Device of a network security type such as a firewall), location information of the Device in the network, and information of a role or a function assumed by the Device in the network, and of course, since the setting of the compliance rule relationship may be individually set for each Device, the Device information may also be information of a Device name, a Device type, a Media Access Control (MAC) address, a Unique Device Identifier (UDID), and the like of the Device.
The compliance rule relationship may be set according to national information security regulations or network security requirements of a company, and the type of device. Devices of the same type may be set to have the same compliance rule relationship, or each device may be set to have an independent compliance rule relationship. The logical relationship between the compliance rules in the compliance rule relationship may be set for analysis by the inspection system based on the extent of the impact of each compliance rule on the security of the device.
The compliance rule relationships characterize the logical relationships between different compliance rules, i.e., a compliance rule relationship may be represented by an expression comprising: the rule names of the compliance rules (e.g., user login authentication rule, enable global password management rule, user login retry rule, user connection rule, connection timeout rule, etc.) AND the logical relationship between the compliance rules (e.g., AND operation logic "AND", OR operation logic "OR", etc.), AND the expressions may also include priority logic (which may be indicated by "(", "), i.e., the expression in parentheses is calculated preferentially).
For example, a compliance check is configured with 5 compliance rules, the names of which are a user login authentication rule, an enable global password management rule, a user login retry rule, a user connection rule, and a connection timeout rule, and the compliance rule relationship set for device a is as follows: (user login authentication rule OR enables global password management rule AND user login retry rule) AND (user connection rule OR connection timeout rule).
S102, determining the inspection result of the compliance rule in the compliance rule relation according to the equipment information of the equipment to be inspected.
S103, calculating a compliance check result of the equipment to be checked according to the compliance rule relation and the check result of the compliance rule in the compliance rule relation.
The final compliance check result of the equipment to be checked is determined by the check result of the compliance rule in the compliance rule relation, the check result of the compliance rule in the compliance rule relation can be determined according to the equipment information of the equipment to be checked, the compliance rule relation is combined, the check result is substituted into the compliance rule relation expression, and the final compliance check result of the equipment to be checked can be obtained through calculation. The checking mode of the compliance rule in the compliance rule relationship may be that a configuration item of the device to be checked is acquired, the configuration item is checked by using the rule content of the rule corresponding to the configuration item, if the rule content is satisfied, the checking result is considered to pass, and if the rule content is not satisfied, the checking result is considered to not pass.
Alternatively, the logical relationship may comprise OR-operation logic, and/or AND-operation logic.
Correspondingly, S103 may specifically be:
and calculating the compliance checking result of the equipment to be checked according to the compliance rule relation and the checking result of the compliance rule in the compliance rule relation and the calculation rule of the priority calculation and operation logic.
And for the check result of the compliance rule which is not greatly influenced by the normal operation of the network, correspondingly setting or operation logic in the logic relation, besides or operation logic, also comprising and operation logic in the logic operation. Of course, the logical relationship may also only include or operation logic, in which case, the rule check result requirement for the device is most relaxed, and the device is considered to be in compliance as long as one compliance rule check passes; the logical relationship may also include only and logic, in which case the rule check result for the device is most critical, and all compliance rule checks are required to pass before the device is considered to be compliant.
Optionally, the logical relationship may further include priority logic.
Correspondingly, S103 may specifically be:
and calculating the compliance checking result of the equipment to be checked according to the compliance rule relationship and the checking result of the compliance rule in the compliance rule relationship and the calculation rule of the operation expression between the priority initial character and the priority termination character.
If the logic relationship includes priority logic in addition to or operation logic, typically an operation expression between a priority calculation priority start character and a priority end character, such as a calculation expression in parentheses (), which has the highest calculation priority, the priority logic should be calculated first, and if there is an and operation and an or operation in the priority logic, the and operation and then the or operation may be performed.
By the adoption of the method and the device, the compliance checking instruction input by a user is received, the checking result of the compliance rule in the compliance rule relation is determined according to the device information of the device to be checked in the compliance checking instruction and the compliance rule relation corresponding to the device to be checked, and the compliance checking result of the device to be checked is calculated according to the compliance rule relation and the checking result of the compliance rule in the compliance rule relation. The equipment information of the equipment to be checked and the compliance rule relation corresponding to the equipment to be checked are input by a user, and the user can configure the logic relation among a plurality of compliance rules in the compliance rule relation according to requirements, so that flexible configuration of compliance checking is realized. And the logical relationship may include or operation logic, which may not greatly affect the normal operation of the network, and may adopt or operation, even if the devices under the compliance rules check that the devices are not compliant, the normal operation of the network may not be affected.
Based on the above method embodiment, as shown in fig. 2, a specific implementation of the device compliance checking method provided by the embodiment of the present invention may include the following steps:
s201, aiming at each device, according to the rule name and the rule content of each preset rule in the preset rule list, the device is subjected to rule check of each preset rule one by one, and device information of the device, the rule name of the preset rule and a corresponding check result are stored in a database in a mapping mode.
The checking system may perform rule checking on each device in advance, where a corresponding relationship between a rule name of a preset rule and a rule content is recorded in the preset rule list, for example, the rule name is a user login verification rule, and the corresponding rule content is a non-verification mode that does not include authentication-mode none; the rule name is an enabled global password management rule, and the corresponding rule content includes password-controlled enable (enabled password management) and the like. Thus, the configuration of the equipment is compared with the rule content in the preset rule list for checking, and the checking result can be obtained. For example, if the device configuration does not include the authentication-mode none, it may be determined that the device needs to perform user login authentication, and accordingly, the check result of the user login authentication rule is pass; if the authentication-mode none is included in the device configuration, it may be determined that the device does not need to perform user login authentication, and accordingly, the check result of the user login authentication rule is not passed. For another example, if the device configuration includes password-control enable, it may be determined that the device needs to enable password management, and accordingly, the check result of the enabled global password management rule is pass; if password-control enable is not included in the device configuration, it may be determined that the device does not need to enable password management, and accordingly, the check result of the global password management rule is disabled.
The checking system can store the equipment information of the equipment, the rule name of the preset rule and the corresponding checking result into the database in a mapping mode, so that the checking result of the compliance rule can be accurately read when the calculation of the compliance checking result of the equipment to be checked is carried out, and the checking system can output the checking result recorded in the database to a user, so that the user can clearly master whether each configuration of the equipment is compliant or not.
S202, receiving a compliance checking instruction input by a user, wherein the compliance checking instruction comprises equipment information of equipment to be checked and a compliance rule relation corresponding to the equipment to be checked, and the compliance rule relation comprises a logic relation among a plurality of compliance rules.
S202 is the same as S101 of the embodiment shown in fig. 1, and is not described again here.
S203, extracting the inspection result of each compliance rule in the compliance rule relation from the database according to the equipment information of the equipment to be inspected and the rule name of each compliance rule in the compliance rule relation.
Because the mapping relation among the equipment name of the equipment, the rule name of the preset rule and the check result is stored in the database, after the relation between the equipment information of the equipment to be checked and the compliance rule is obtained, the corresponding compliance rule check result can be searched from the database according to the equipment information and the rule name of the compliance rule. The inspection result includes both pass and fail cases, and may be represented by "1" for pass and "0" for fail.
And S204, establishing a rule relation formula according to the compliance rule relation.
According to the compliance rule relationship, a rule relationship formula can be established, the rule relationship formula can be that the logic operation description in the compliance rule relationship is replaced by a logic operator, AND the AND operation logic description "AND" can be replaced by the AND operator "& &", AND the OR operator "|" is used for replacing OR operating the logic description "OR", etc., then exemplarily, according to the compliance rule relationship: (user login authentication rule OR enables global password management rule AND user login retry rule) AND (user connection rule OR connection timeout rule), a rule relation formula may be established: (user login authentication rule | | enables global password management rule & & user login retry rule & (user connection rule | | connection timeout rule). Based on the compliance rule relation, the software codes corresponding to the rule relation formula can be automatically generated, manual editing of the software codes based on the compliance rule relation is not needed, and the implementation efficiency is improved.
And S205, calculating the compliance checking result of the equipment to be checked according to the checking result of each compliance rule in the compliance rule relation and the rule relation formula.
And extracting the checking result of the compliance rule from the database as '1' or '0', and substituting the checking result into the rule relation formula to calculate the compliance checking result of the equipment to be checked. Assuming that the check result of the user login authentication rule is pass, the check result of the enabled global password management rule is fail, the check result of the user login retry rule is pass, the check result of the user connection rule is fail, and the check result of the connection timeout rule is pass, the pass and fail corresponding "1" and "0" are substituted into the rule relation formula, and (1| |0& &1) & & (0| |1) can be obtained.
Specifically, the calculation process of the compliance inspection result of the device to be inspected is as follows:
identifying characters from a rule relation formula according to the sequence from left to right; if the current character is "(", then storing "(" in a list and recording the position of the character, "& &" and "|", if the current character is "1", "0", "&" and "|", then directly storing in a list, if the current character is ")", then storing ")" in a list and operating according to the operation expression located between "(" and current character ")" in the position extraction list of the latest "(" and replacing the operation expressions between "(", ") and" ("in the list with the operation result.
For the rule relation formula "(1 | |0& &1) & (0| | | 1)", firstly, taking out "1 | |0& & 1" for calculation, preferentially calculating the "&" operator, namely calculating "0 & & 1", and obtaining an and operation result of "0"; replacing the expression "0 & & 1" with "0" to obtain "1 | | | 0", continuously calculating the "| |" operator to obtain an OR operation result of "1"; using "1" instead of the expression "(1 | |0& & 1)", the regular relationship formula is changed to "1 & & (0| | 1)".
Continuing to perform character recognition rightward, taking out '0 | | | 1' for calculation, and obtaining an OR operation result of '1'; if the expression "1" is replaced by "0 | | 1", the rule relation formula is changed to "1 & & 1", and finally the operation result is "1", that is, the compliance check result of the device to be checked is passed.
By the adoption of the method and the device, the compliance checking instruction input by a user is received, the checking result of the compliance rule in the compliance rule relation is determined according to the device information of the device to be checked in the compliance checking instruction and the compliance rule relation corresponding to the device to be checked, and the compliance checking result of the device to be checked is calculated according to the compliance rule relation and the checking result of the compliance rule in the compliance rule relation. The equipment information of the equipment to be checked and the compliance rule relation corresponding to the equipment to be checked are input by a user, and the user can configure the logic relation among a plurality of compliance rules in the compliance rule relation according to requirements, so that flexible configuration of compliance checking is realized. And the logical relation can include or operation logic, and operation logic and priority logic, the check result of the compliance rule which has great influence on the normal operation of the network is not very large, or operation can be adopted, the check result of the compliance rule which has great influence on the normal operation of the network can adopt and operation or set a higher priority, the equipment compliance check is flexible, and the normal operation of the network can be ensured. Each rule of each device needs to be checked, and the checking result data is complete, but the checking efficiency is low because each rule of each device needs to be checked.
Based on the embodiment shown in fig. 1, as shown in fig. 3, a specific implementation of the device compliance checking method provided in the embodiment of the present invention may include the following steps:
s301, receiving a compliance checking instruction input by a user, wherein the compliance checking instruction comprises equipment information of equipment to be checked and a compliance rule relation corresponding to the equipment to be checked, and the compliance rule relation comprises a logic relation among a plurality of compliance rules.
S301 is the same as S101 of the embodiment shown in fig. 1, and is not described again here.
S302, establishing a rule relation formula according to the compliance rule relation.
According to the compliance rule relationship, a rule relationship formula can be established, the rule relationship formula can be that the logic operation description in the compliance rule relationship is replaced by a logic operator, AND the AND operation logic description "AND" can be replaced by the AND operator "& &", AND the OR operator "|" is used for replacing OR operating the logic description "OR", etc., then exemplarily, according to the compliance rule relationship: (user login authentication rule OR enables global password management rule AND user login retry rule) AND (user connection rule OR connection timeout rule), a rule relation formula may be established: (user login authentication rule | | enables global password management rule & & user login retry rule & (user connection rule | | connection timeout rule).
S303, performing character recognition on the rule relation formula from left to right, and determining the rule name of the compliance rule to be checked according to the recognized operator.
Character recognition is performed from left to right on the rule relation formula, if the current character is not the four cases of "(", ")", "&", "|", the character is saved and recognition continues to the right until one of "(", ")", "&", "|", is encountered, so that the complete rule name is obtained, and the rule name can be stored in the list. As in the above example, "user login authentication rule", "enable global password management rule", "user login retry rule", "user connection rule", "connection timeout rule". When the "& &" or "|" operator is recognized, the rule name on the left side may be determined as the rule name of the compliance rule to be checked.
S304, reading rule contents corresponding to the rule names from a preset rule list according to the rule names and the equipment information of the equipment to be checked.
S305, carrying out rule check on the equipment to be checked according to the rule content to obtain a check result of the compliance rule to be checked.
Because the preset rule list stores the corresponding relation between the preset rule and the rule content, after the rule name of the compliance rule to be checked is determined, the rule content corresponding to the rule name can be read from the preset rule list, and the rule check is performed on the equipment to be checked according to the rule content, so that the check result that the compliance rule to be checked is 1 or 0 is obtained.
S306, calculating the compliance checking result of the equipment to be checked according to the checking result of the compliance rule to be checked and the rule relation formula.
And substituting the checking result of the compliance rule to be checked into the rule relation formula to calculate the compliance checking result of the equipment to be checked.
Specifically, the calculation process of the compliance inspection result of the device to be inspected is as follows:
identifying characters from a rule relation formula according to the sequence from left to right; if the current character is "(", the "(" is stored in a list and the position of the character is recorded, "&", "|", and four cases are not found, the character is stored and recognition is continued to the right until one of "(", ")", "&", "|", is encountered, so that the complete rule name is obtained, the rule name can be stored in the list, if the current character is "&", "|", the list is directly stored, if the current character is ")", the "") is stored in the list and an operation is performed according to the position of the latest "(" to take out the operation between "(" and the current character ") in the list, and the operation expressions between" (",") and "(" in the list are replaced with the operation result.
For the rule relation formula "(user login authentication rule | | enable global password management rule & & user login retry rule) & (user connection rule | | connection timeout rule)", first take out the "user login authentication rule | | enable global password management rule & & user login retry rule" for calculation, preferentially calculate the "&" operator, namely, calculates the "enable global password management rule & & user login retry rule", performs a rule check of the "enable global password management rule" on the device, and as a result, fails (noted as "0"), according to the short-circuit rule of the & operator, the rule check of the user login retry rule is not performed on the device, the global password management rule and the user login retry rule are enabled by using a ' 0 ' replacement expression ', and a ' user login verification rule | | |0 ' is obtained after replacement; the rule check of the user login authentication rule is continuously performed on the device, the result is that through (marked as "1"), the result of the expression is determined to be "1" according to the | | operator short-circuit rule, the "1" replacement expression "user login authentication rule | | | enables the global password management rule & & the user login retry rule", and the rule relationship formula is changed to be "1 & (user connection rule | | connection timeout rule)".
And continuing to perform character recognition rightward, taking out the 'user connection rule | | | connection timeout rule' for calculation, performing rule check on the 'user connection rule' on the equipment, and if the result is that the rule check does not pass (marked as '0'), continuing to perform rule check on the 'connection timeout rule' on the equipment, and if the result is that the rule check passes (marked as '1'), obtaining that the result of the expression is '1', replacing the expression 'user connection rule | | connection timeout rule' by '1', changing the rule relation formula into '1 & & 1', and finally obtaining that the operation result is 1, namely the result of the compliance check of the equipment to be checked passes.
By the adoption of the method and the device, the compliance checking instruction input by a user is received, the checking result of the compliance rule in the compliance rule relation is determined according to the device information of the device to be checked in the compliance checking instruction and the compliance rule relation corresponding to the device to be checked, and the compliance checking result of the device to be checked is calculated according to the compliance rule relation and the checking result of the compliance rule in the compliance rule relation. The equipment information of the equipment to be checked and the compliance rule relation corresponding to the equipment to be checked are input by a user, and the user can configure the logic relation among a plurality of compliance rules in the compliance rule relation according to requirements, so that flexible configuration of compliance checking is realized. And the logical relation can include or operation logic, and operation logic and priority logic, the check result of the compliance rule which has great influence on the normal operation of the network is not very large, or operation can be adopted, the check result of the compliance rule which has great influence on the normal operation of the network can adopt and operation or set a higher priority, the equipment compliance check is flexible, and the normal operation of the network can be ensured. According to the practical situation, if the AND operator in the rule relation formula is identified and the check result on the left side of the AND operator is 0, the result of the AND operation can be directly determined to be 0 without checking the compliance rule on the right side according to the AND operation short-circuit rule, if the OR operator in the rule relation formula is identified and the check result on the left side of the AND operator is 1, the result of the OR operation can be directly determined to be 1 without checking the compliance rule on the right side according to the OR operation short-circuit rule, and therefore, the check efficiency is high without checking each rule of each device.
Corresponding to the above method embodiment, an embodiment of the present invention provides an apparatus compliance checking device, as shown in fig. 4, where the apparatus compliance checking device may include:
a receiving module 410, configured to receive a compliance checking instruction input by a user, where the compliance checking instruction includes device information of a device to be checked and a compliance rule relationship corresponding to the device to be checked, and the compliance rule relationship includes a logical relationship among a plurality of compliance rules;
a determining module 420, configured to determine, according to the device information of the device to be inspected, an inspection result of the compliance rule in the compliance rule relationship;
the calculating module 430 is configured to calculate a compliance checking result of the device to be checked according to the compliance rule relationship and a checking result of a compliance rule in the compliance rule relationship.
Optionally, the apparatus may further include:
the checking module is used for carrying out rule checking on the equipment one by one according to the rule name and the rule content of each preset rule in the preset rule list aiming at each equipment, and storing the equipment information of the equipment, the rule name of the preset rule and the corresponding checking result into the database in a mapping mode;
then, the determining module 420 may specifically be configured to: extracting the inspection result of each compliance rule in the compliance rule relation from the database according to the equipment information of the equipment to be inspected and the rule name of each compliance rule in the compliance rule relation;
then, the calculating module 430 may specifically be configured to: establishing a rule relation formula according to the compliance rule relation; and calculating the compliance checking result of the equipment to be checked according to the checking result of each compliance rule in the compliance rule relation and the rule relation formula.
Optionally, the apparatus may further include:
the identification module is used for establishing a rule relation formula according to the compliance rule relation; performing character recognition on the rule relation formula from left to right, and determining the rule name of the compliance rule to be checked according to the recognized operator;
then, the determining module 420 may specifically be configured to: reading rule contents corresponding to the rule names from a preset rule list according to the rule names and the equipment information of the equipment to be checked; carrying out rule checking on the equipment to be checked according to the rule content to obtain a checking result of the compliance rule to be checked;
then, the calculating module 430 may specifically be configured to: and calculating the compliance checking result of the equipment to be checked according to the checking result of the compliance rule to be checked and the rule relation formula.
Optionally, the logical relationship may include or operation logic, and/or and operation logic;
the calculating module 430 may be specifically configured to:
and calculating the compliance checking result of the equipment to be checked according to the compliance rule relation and the checking result of the compliance rule in the compliance rule relation and the calculation rule of the priority calculation and operation logic.
Optionally, the logical relationship may further include priority logic;
the calculating module 430 may be specifically configured to:
and calculating the compliance checking result of the equipment to be checked according to the compliance rule relationship and the checking result of the compliance rule in the compliance rule relationship and the calculation rule of the operation expression between the priority initial character and the priority termination character.
By the adoption of the method and the device, the compliance checking instruction input by a user is received, the checking result of the compliance rule in the compliance rule relation is determined according to the device information of the device to be checked in the compliance checking instruction and the compliance rule relation corresponding to the device to be checked, and the compliance checking result of the device to be checked is calculated according to the compliance rule relation and the checking result of the compliance rule in the compliance rule relation. The equipment information of the equipment to be checked and the compliance rule relation corresponding to the equipment to be checked are input by a user, and the user can configure the logic relation among a plurality of compliance rules in the compliance rule relation according to requirements, so that flexible configuration of compliance checking is realized.
An embodiment of the present invention further provides an inspection system, as shown in fig. 5, including a processor 501 and a machine-readable storage medium 502, where the machine-readable storage medium 502 stores machine-executable instructions capable of being executed by the processor 501, and the processor 501 is caused by the machine-executable instructions to: all steps of the device compliance checking method provided by the embodiment of the invention are executed.
The machine-readable storage medium may include a RAM (Random Access Memory) and a NVM (Non-Volatile Memory), such as at least one disk Memory. Alternatively, the machine-readable storage medium may be at least one memory device located remotely from the processor.
The Processor may be a general-purpose Processor, including a Central Processing Unit (CPU), a Network Processor (NP), and the like; but also a DSP (Digital Signal Processing), an ASIC (Application Specific Integrated Circuit), an FPGA (Field-Programmable Gate Array) or other Programmable logic device, discrete Gate or transistor logic device, discrete hardware component.
In this embodiment, the processor can realize that: the method comprises the steps of receiving a compliance checking instruction input by a user, determining a checking result of a compliance rule in a compliance rule relation according to equipment information of equipment to be checked in the compliance checking instruction and the compliance rule relation corresponding to the equipment to be checked, and calculating a compliance checking result of the equipment to be checked according to the compliance rule relation and the checking result of the compliance rule in the compliance rule relation. The equipment information of the equipment to be checked and the compliance rule relation corresponding to the equipment to be checked are input by a user, and the user can configure the logic relation among a plurality of compliance rules in the compliance rule relation according to requirements, so that flexible configuration of compliance checking is realized.
Additionally, embodiments of the present invention also provide a machine-readable storage medium for storing machine-executable instructions that, when invoked and executed by a processor, cause the processor to: all steps of the device compliance checking method provided by the embodiment of the invention are executed.
In this embodiment, a machine-readable storage medium stores machine-executable instructions for executing the device compliance checking method provided in the embodiment of the present invention when executed, so that the following can be implemented: the method comprises the steps of receiving a compliance checking instruction input by a user, determining a checking result of a compliance rule in a compliance rule relation according to equipment information of equipment to be checked in the compliance checking instruction and the compliance rule relation corresponding to the equipment to be checked, and calculating a compliance checking result of the equipment to be checked according to the compliance rule relation and the checking result of the compliance rule in the compliance rule relation. The equipment information of the equipment to be checked and the compliance rule relation corresponding to the equipment to be checked are input by a user, and the user can configure the logic relation among a plurality of compliance rules in the compliance rule relation according to requirements, so that flexible configuration of compliance checking is realized.
For the embodiments of the inspection system and the machine-readable storage medium, the contents of the related methods are substantially similar to the foregoing embodiments of the methods, so that the description is relatively simple, and for the relevant points, reference may be made to the partial description of the embodiments of the methods.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
All the embodiments in the present specification are described in a related manner, and the same and similar parts among the embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the apparatus, inspection system, and machine-readable storage medium embodiments, the description is relatively simple as they are substantially similar to the method embodiments, and reference may be made to some descriptions of the method embodiments for relevant points.
The above description is only for the preferred embodiment of the present invention, and is not intended to limit the scope of the present invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention shall fall within the protection scope of the present invention.

Claims (10)

1. A device compliance checking method, the method comprising:
receiving a compliance checking instruction input by a user, wherein the compliance checking instruction comprises equipment information of equipment to be checked and a compliance rule relation corresponding to the equipment to be checked, and the compliance rule relation comprises a logical relation among a plurality of compliance rules; the logical relationship comprises OR operation logic and/or AND operation logic; the logical relationship further comprises priority logic;
determining a checking result of a compliance rule in the compliance rule relation according to the equipment information of the equipment to be checked;
and calculating a compliance checking result of the equipment to be checked according to the compliance rule relation and the checking result of the compliance rule in the compliance rule relation.
2. The method of claim 1, further comprising: aiming at each device, according to the rule name and the rule content of each preset rule in the preset rule list, carrying out rule check on each preset rule one by one on the device, and storing the device information of the device, the rule name of the preset rule and the corresponding check result into a database in a mapping mode;
then, the determining, according to the device information of the device to be inspected, the inspection result of the compliance rule in the compliance rule relationship includes: extracting the inspection result of each compliance rule in the compliance rule relation from the database according to the equipment information of the equipment to be inspected and the rule name of each compliance rule in the compliance rule relation;
then, the calculating a compliance check result of the device to be checked according to the compliance rule relationship and a check result of a compliance rule in the compliance rule relationship includes: establishing a rule relation formula according to the compliance rule relation; and calculating the compliance checking result of the equipment to be checked according to the checking result of each compliance rule in the compliance rule relation and the rule relation formula.
3. The method of claim 1, wherein prior to said determining a result of checking for a compliance rule in said compliance rule relationship, said method further comprises: establishing a rule relation formula according to the compliance rule relation; performing character recognition on the rule relation formula from left to right, and determining the rule name of the compliance rule to be checked according to the recognized operator;
then, the determining, according to the device information of the device to be inspected, the inspection result of the compliance rule in the compliance rule relationship includes: reading rule contents corresponding to the rule names from a preset rule list according to the rule names and the equipment information of the equipment to be checked; carrying out rule checking on the equipment to be checked according to the rule content to obtain a checking result of the compliance rule to be checked;
then, the calculating a compliance check result of the device to be checked according to the compliance rule relationship and a check result of a compliance rule in the compliance rule relationship includes: and calculating the compliance checking result of the equipment to be checked according to the checking result of the compliance rule to be checked and the rule relation formula.
4. A method according to any of claims 1-3, wherein the logical relationship comprises or operation logic, and/or and operation logic;
the calculating a compliance check result of the device to be checked according to the compliance rule relationship and a check result of a compliance rule in the compliance rule relationship includes:
and calculating the compliance checking result of the equipment to be checked according to the compliance rule relation and the checking result of the compliance rule in the compliance rule relation and the calculation rule of the priority calculation and operation logic.
5. The method of claim 4, wherein the logical relationship further comprises priority logic;
the calculating a compliance check result of the device to be checked according to the compliance rule relationship and a check result of a compliance rule in the compliance rule relationship includes:
and calculating the compliance checking result of the equipment to be checked according to the compliance rule relationship and the checking result of the compliance rule in the compliance rule relationship and the calculation rule of the operation expression between the priority initial character and the priority termination character.
6. An apparatus for device compliance checking, the apparatus comprising:
the device comprises a receiving module, a judging module and a judging module, wherein the receiving module is used for receiving a compliance checking instruction input by a user, the compliance checking instruction comprises equipment information of equipment to be checked and a compliance rule relation corresponding to the equipment to be checked, and the compliance rule relation comprises a logic relation among a plurality of compliance rules; the logical relationship comprises OR operation logic and/or AND operation logic; the logical relationship further comprises priority logic;
the determining module is used for determining the checking result of the compliance rule in the compliance rule relation according to the equipment information of the equipment to be checked;
and the calculation module is used for calculating the compliance check result of the equipment to be checked according to the compliance rule relation and the check result of the compliance rule in the compliance rule relation.
7. The apparatus of claim 6, further comprising:
the checking module is used for carrying out rule checking on the equipment one by one according to the rule name and the rule content of each preset rule in the preset rule list aiming at each equipment, and storing the equipment information of the equipment, the rule name of the preset rule and the corresponding checking result into the database in a mapping mode;
then, the determining module is specifically configured to: extracting the inspection result of each compliance rule in the compliance rule relation from the database according to the equipment information of the equipment to be inspected and the rule name of each compliance rule in the compliance rule relation;
then, the calculation module is specifically configured to: establishing a rule relation formula according to the compliance rule relation; and calculating the compliance checking result of the equipment to be checked according to the checking result of each compliance rule in the compliance rule relation and the rule relation formula.
8. The apparatus of claim 6, further comprising:
the identification module is used for establishing a rule relation formula according to the compliance rule relation; performing character recognition on the rule relation formula from left to right, and determining the rule name of the compliance rule to be checked according to the recognized operator;
then, the determining module is specifically configured to: reading rule contents corresponding to the rule names from a preset rule list according to the rule names and the equipment information of the equipment to be checked; carrying out rule checking on the equipment to be checked according to the rule content to obtain a checking result of the compliance rule to be checked;
then, the calculation module is specifically configured to: and calculating the compliance checking result of the equipment to be checked according to the checking result of the compliance rule to be checked and the rule relation formula.
9. The apparatus according to any of claims 6-8, wherein the logical relationship comprises or operation logic, and/or and operation logic;
the calculation module is specifically configured to:
and calculating the compliance checking result of the equipment to be checked according to the compliance rule relation and the checking result of the compliance rule in the compliance rule relation and the calculation rule of the priority calculation and operation logic.
10. The apparatus of claim 9, wherein the logical relationship further comprises priority logic;
the calculation module is specifically configured to:
and calculating the compliance checking result of the equipment to be checked according to the compliance rule relationship and the checking result of the compliance rule in the compliance rule relationship and the calculation rule of the operation expression between the priority initial character and the priority termination character.
CN201811425390.1A 2018-11-27 2018-11-27 Equipment compliance checking method and device Active CN109560964B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811425390.1A CN109560964B (en) 2018-11-27 2018-11-27 Equipment compliance checking method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811425390.1A CN109560964B (en) 2018-11-27 2018-11-27 Equipment compliance checking method and device

Publications (2)

Publication Number Publication Date
CN109560964A CN109560964A (en) 2019-04-02
CN109560964B true CN109560964B (en) 2022-02-25

Family

ID=65867737

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811425390.1A Active CN109560964B (en) 2018-11-27 2018-11-27 Equipment compliance checking method and device

Country Status (1)

Country Link
CN (1) CN109560964B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112395193A (en) * 2020-11-17 2021-02-23 中国外运股份有限公司 Method and device for verifying nesting rule

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101063954A (en) * 2006-04-26 2007-10-31 明基电通股份有限公司 Method for examining configuration of radio communication device and relevant device thereof
CN104506351A (en) * 2014-12-18 2015-04-08 北京随方信息技术有限公司 Method and system for performing online full-automatic configuration of compliance safety audit
CN104601524A (en) * 2013-10-30 2015-05-06 北京神州泰岳软件股份有限公司 Security check method and system
CN105228138A (en) * 2015-08-28 2016-01-06 广东电网有限责任公司信息中心 A kind of safety detecting method of Wireless Communication Equipment and system

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10749748B2 (en) * 2017-03-23 2020-08-18 International Business Machines Corporation Ranking health and compliance check findings in a data storage environment

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101063954A (en) * 2006-04-26 2007-10-31 明基电通股份有限公司 Method for examining configuration of radio communication device and relevant device thereof
CN104601524A (en) * 2013-10-30 2015-05-06 北京神州泰岳软件股份有限公司 Security check method and system
CN104506351A (en) * 2014-12-18 2015-04-08 北京随方信息技术有限公司 Method and system for performing online full-automatic configuration of compliance safety audit
CN105228138A (en) * 2015-08-28 2016-01-06 广东电网有限责任公司信息中心 A kind of safety detecting method of Wireless Communication Equipment and system

Also Published As

Publication number Publication date
CN109560964A (en) 2019-04-02

Similar Documents

Publication Publication Date Title
CN109800258B (en) Data file deployment method, device, computer equipment and storage medium
EP3178011B1 (en) Method and system for facilitating terminal identifiers
CN108845930B (en) Interface operation test method and device, storage medium and electronic device
CN108985057B (en) Webshell detection method and related equipment
WO2018000607A1 (en) Method and electronic apparatus for identifying test case failure causes
CN110866258B (en) Rapid vulnerability positioning method, electronic device and storage medium
CN113271237B (en) Industrial control protocol analysis method and device, storage medium and processor
CN112181804A (en) Parameter checking method, equipment and storage medium
CN109815697B (en) Method and device for processing false alarm behavior
CN113946546B (en) Abnormality detection method, computer storage medium, and program product
CN112256635B (en) Method and device for identifying file type
CN111884876A (en) Method, device, equipment and medium for detecting protocol type of network protocol
CN112529697A (en) Bank pipelining processing method and device combining RPA and AI
JP2016099857A (en) Fraudulent program handling system and fraudulent program handling method
CN113518019B (en) System identification method based on survival port
CN109560964B (en) Equipment compliance checking method and device
CN114328017A (en) Database backup method, system, computer equipment and storage medium
CN107678917B (en) Test machine automation management method, device, equipment and storage medium
CN112637888A (en) Coverage hole area identification method, device, equipment and readable storage medium
CN112363939A (en) Method, system and equipment for quickly generating fuzzy test network protocol template
CN111538994A (en) System security detection and repair method, device, storage medium and terminal
CN115098362A (en) Page testing method and device, electronic equipment and storage medium
CN113220949B (en) Construction method and device of private data identification system
CN112765041B (en) Game automation testing method and device and electronic equipment
CN110572285B (en) Device code writing method, device code writing device and readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant