CN114095269A - System detection method, device, electronic equipment and storage medium - Google Patents

System detection method, device, electronic equipment and storage medium Download PDF

Info

Publication number
CN114095269A
CN114095269A CN202111433670.9A CN202111433670A CN114095269A CN 114095269 A CN114095269 A CN 114095269A CN 202111433670 A CN202111433670 A CN 202111433670A CN 114095269 A CN114095269 A CN 114095269A
Authority
CN
China
Prior art keywords
sub
item
detection
detected
project
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202111433670.9A
Other languages
Chinese (zh)
Other versions
CN114095269B (en
Inventor
刁扬
李�杰
陈滔
江文卓
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Power Grid Co Ltd
Shaoguan Power Supply Bureau Guangdong Power Grid Co Ltd
Original Assignee
Guangdong Power Grid Co Ltd
Shaoguan Power Supply Bureau Guangdong Power Grid Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Power Grid Co Ltd, Shaoguan Power Supply Bureau Guangdong Power Grid Co Ltd filed Critical Guangdong Power Grid Co Ltd
Priority to CN202111433670.9A priority Critical patent/CN114095269B/en
Publication of CN114095269A publication Critical patent/CN114095269A/en
Application granted granted Critical
Publication of CN114095269B publication Critical patent/CN114095269B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/445Program loading or initiating
    • G06F9/44505Configuring for program initiating, e.g. using registry, configuration files

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Storage Device Security (AREA)
  • Computer And Data Communications (AREA)

Abstract

The embodiment of the invention discloses a system detection method, a system detection device, electronic equipment and a storage medium, wherein the method comprises the following steps: responding to a network security detection instruction, and determining a to-be-detected item; the items to be detected comprise at least one of a user management sub-item, a password configuration sub-item, a login timeout sub-item, a port sub-item, a service switch state sub-item, a remote access sub-item, an auditing function sub-item and a history command sub-item; calling a sub-detection program code corresponding to each sub-item in the item to be detected, and detecting the corresponding sub-item based on the sub-detection program code to obtain a sub-detection result corresponding to each sub-item; and determining a target detection result based on each sub-detection result, and feeding back the target detection result to the target terminal equipment. The technical scheme of the embodiment of the invention realizes the detection of the network security condition of the host in an automatic mode, reduces the labor cost and improves the working efficiency.

Description

System detection method, device, electronic equipment and storage medium
Technical Field
The embodiment of the invention relates to the technical field of network security, in particular to a system detection method, a system detection device, electronic equipment and a storage medium.
Background
At present, with the popularization of the requirement for strengthening the network security of the host, the proportion of the security strengthening inspection of the network security of the host in daily work is increasing, for example, in a scene such as a transformer substation with a high requirement for the network security of the host, the regular security inspection of each host is more required.
In the prior art, when network security inspection is performed on a plurality of hosts, a worker is usually required to carry an inspection table to personally operate corresponding equipment, and items related to the hosts are inspected one by one according to contents in the inspection table, so that the speed is low, the efficiency is low, and careless mistakes are likely to be generated in the inspection process due to a plurality of human factors.
Disclosure of Invention
The invention provides a system detection method, a system detection device, electronic equipment and a storage medium, which realize the detection of the network security condition of a host in an automatic mode, reduce the labor cost, improve the working efficiency and avoid the problem of careless mistakes possibly caused by manually carrying out network security detection.
In a first aspect, an embodiment of the present invention provides a system detection method, where the method includes:
responding to a network security detection instruction, and determining a to-be-detected item; the project to be detected comprises at least one of a user management sub project, a password configuration sub project, a login overtime sub project, a port sub project, a service switch state sub project, a remote access sub project, an auditing function sub project and a history command sub project;
calling a sub-detection program code corresponding to each sub-item in the item to be detected, and detecting the corresponding sub-item based on the sub-detection program code to obtain a sub-detection result corresponding to each sub-item;
and determining a target detection result based on each sub-detection result, and feeding back the target detection result to the target terminal equipment.
In a second aspect, an embodiment of the present invention further provides a system detection apparatus, where the apparatus includes:
the to-be-detected item determining module is used for responding to the network security detection instruction and determining to-be-detected items; the project to be detected comprises at least one of a user management sub project, a password configuration sub project, a login overtime sub project, a port sub project, a service switch state sub project, a remote access sub project, an auditing function sub project and a history command sub project;
the detection module is used for calling a sub-detection program code corresponding to each sub-item in the item to be detected, and detecting the corresponding sub-item based on the sub-detection program code to obtain a sub-detection result corresponding to each sub-item;
and the feedback module is used for determining a target detection result based on each sub-detection result and feeding the target detection result back to the target terminal equipment.
In a third aspect, an embodiment of the present invention further provides an electronic device, where the electronic device includes:
one or more processors;
a storage device for storing one or more programs,
when the one or more programs are executed by the one or more processors, the one or more processors implement the system detection method according to any of the embodiments of the present invention.
In a fourth aspect, embodiments of the present invention further provide a storage medium containing computer-executable instructions, which when executed by a computer processor, are configured to perform the system detection method according to any one of the embodiments of the present invention.
According to the technical scheme of the embodiment of the invention, in response to a network security check instruction, determining the item to be detected, namely determining at least one item from a user management sub-item, a password configuration sub-item, a login timeout sub-item, a port sub-item, a service switch state sub-item, a remote access sub-item, an audit function sub-item and a history command sub-item; calling a sub-detection program code corresponding to each sub-item in the item to be detected, and detecting the corresponding sub-item based on the sub-detection program code to obtain a sub-detection result corresponding to each sub-item; and finally, determining a target detection result based on each sub-detection result, and feeding the target detection result back to the target terminal equipment, so that the detection of the network security condition of the host is realized in an automatic mode, the labor cost is reduced, the working efficiency is improved, and the problem of careless mistakes possibly caused by manual network security detection is avoided.
Drawings
In order to more clearly illustrate the technical solutions of the exemplary embodiments of the present invention, a brief description is given below of the drawings used in describing the embodiments. It should be clear that the described figures are only views of some of the embodiments of the invention to be described, not all, and that for a person skilled in the art, other figures can be derived from these figures without inventive effort.
Fig. 1 is a schematic flowchart of a system detection method according to an embodiment of the present invention;
fig. 2 is a schematic flowchart of a system detection method according to a second embodiment of the present invention;
fig. 3 is a schematic flowchart of a system detection method according to a third embodiment of the present invention;
fig. 4 is a block diagram of a system detection apparatus according to a fourth embodiment of the present invention;
fig. 5 is a schematic structural diagram of an electronic device according to a fifth embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some of the structures related to the present invention are shown in the drawings, not all of the structures.
Example one
Fig. 1 is a schematic flow chart of a system detection method according to an embodiment of the present invention, which is applicable to a situation where a host in a system is subjected to network security detection in an automated manner, and the method may be executed by a system detection apparatus, and the apparatus may be implemented in the form of software and/or hardware, and the hardware may be an electronic device, such as a mobile terminal, a PC terminal, or a server.
As shown in fig. 1, the method specifically includes the following steps:
and S110, responding to the network security detection instruction, and determining the item to be detected.
The network security detection instruction is an instruction for triggering the host to be detected to perform network security detection. Specifically, in this embodiment, in order to perform network security detection on the host to be detected associated with the system, it is first necessary to install pre-developed network security detection application software on the target terminal device that sends the detection instruction, or on each host to be detected, and it can be understood that the software at least can respond to the network security detection instruction.
In this embodiment, after receiving the network security detection instruction, it is further required to determine the item to be detected for the device to be detected. The items to be detected comprise at least one of a user management sub-item, a password configuration sub-item, a login timeout sub-item, a port sub-item, a service switch state sub-item, a remote access sub-item, an audit function sub-item and a history command sub-item, and the state and configuration condition of the sub-items may affect the network security of the host system to be detected. It can be understood that the network security detection instruction may carry corresponding sub-item identifiers, the host system to be detected may determine the sub-items to be detected based on the sub-item identifiers in the instruction, and meanwhile, when the instruction does not carry any sub-item identifier, the instruction detects all the sub-items by default.
Specifically, the user management sub-item refers to an item checked for user comments and user permissions; the password configuration sub-item is an item for detecting whether the passwords corresponding to the accounts in the host system to be detected are in compliance; the login timeout sub-item is an item for checking the operation timeout configuration of the account of the login terminal; the port sub-item is an item for checking whether a high-level port in the host system to be detected is closed or not; the service switch status sub-item refers to an item for checking whether certain specific services in the host system to be detected are closed or not; the remote access sub-item refers to an item for checking whether the remote service in the host system to be detected is opened facing a specific port; the audit function sub-item is an item for checking whether an audit log and an audit function in the host system to be detected are opened or not; the history command sub-item refers to an item for checking whether the history command stored in the host system to be detected exceeds a preset threshold value.
It should be understood by those skilled in the art that, in an actual application process, a server of the system may send a network security detection instruction to one host to be detected at a time, or send a corresponding network security detection instruction to multiple hosts to be detected at a time, which is not specifically limited in this embodiment of the present disclosure. Meanwhile, when there are multiple hosts to be detected, the sub-items to be detected by each device may be different, that is, each host may independently determine the corresponding items to be detected according to the received network security detection instruction.
S120, calling a sub-detection program code corresponding to each sub-item in the item to be detected, and detecting the corresponding sub-item based on the sub-detection program code to obtain a sub-detection result corresponding to each sub-item.
In this embodiment, after the host system to be detected determines the items to be detected according to the network security detection instruction, the sub-detection program codes corresponding to the sub-items need to be called. In particular, the sub-detection program code may be program code associated with a particular detection module in pre-developed network security detection application software. For example, the sub detection program code corresponding to the user management sub-item is associated with the module identified as a in the application software, and the sub detection program code corresponding to the password configuration sub-item is associated with the module identified as B in the application software.
Further, after the corresponding sub-detection program code is determined, the program code may be run to detect the corresponding sub-item, thereby obtaining a sub-detection result corresponding to each sub-item. It should be understood by those skilled in the art that when the detected sub-items are different, that is, the running sub-detection program codes are different, the detection effect achieved is also different, for example, when the sub-detection program corresponding to the password configuration sub-item, the login timeout sub-item, the remote access sub-item, the audit function sub-item and the history command sub-item is run, the application software may automatically call the system configuration file of the host system and detect the specific parameters in the file; when the sub-detection program corresponding to the user management sub-item, the port sub-item and the service switch state sub-item is operated, the application software can automatically operate the corresponding command line in the host system to be detected, and detection is realized according to the operation result of the command line.
And S130, determining a target detection result based on each sub-detection result, and feeding the target detection result back to the target terminal equipment.
In this embodiment, after the sub-detection programs corresponding to the sub-items are completely run, the sub-detection results can be obtained, and further, the sub-detection results are integrated as target detection results, and the target detection results are fed back to the target terminal device in the form of mails, text messages, and the like, where the target terminal device and the hosts to be detected are in the same communication network, or the target terminal device can perform data communication with the hosts to be detected at least in a specific manner.
For example, after the application software finishes detecting the user management sub-item and the port sub-item, it may be determined that the user management sub-item detection result information is in accordance with the specification and the port sub-item detection result is not in accordance with the specification, and further, the two types of detection result information are filled into a network security detection result table and the table is sent to the target terminal device to complete the feedback of the detection result.
According to the technical scheme, in response to a network security check instruction, determining items to be detected, namely determining at least one item from a user management sub-item, a password configuration sub-item, a login timeout sub-item, a port sub-item, a service switch state sub-item, a remote access sub-item, an audit function sub-item and a history command sub-item; calling a sub-detection program code corresponding to each sub-item in the item to be detected, and detecting the corresponding sub-item based on the sub-detection program code to obtain a sub-detection result corresponding to each sub-item; and finally, determining a target detection result based on each sub-detection result, and feeding the target detection result back to the target terminal equipment, so that the detection of the network security condition of the host is realized in an automatic mode, the labor cost is reduced, the working efficiency is improved, and the problem of careless mistakes possibly caused by manual network security detection is avoided.
Example two
Fig. 2 is a flowchart illustrating a system detection method according to a second embodiment of the present invention, where on the basis of the foregoing embodiment, in response to a network security detection instruction, a network security detection item table is obtained, and each sub-item in an item to be detected for a host system to be detected is determined based on the item table; when the sub-items to be detected are different, detecting the sub-items in a differentiated mode, and obtaining corresponding sub-detection results; basic information of the host system to be detected and all the sub-detection results are filled into the network security detection project table together, and the table is fed back to the target terminal equipment, so that the technical effect of automatically feeding back the target detection results to the staff in a concise and clear form is achieved. The specific implementation manner can be referred to the technical scheme of the embodiment. The technical terms that are the same as or corresponding to the above embodiments are not repeated herein.
As shown in fig. 2, the method specifically includes the following steps:
s210, responding to the network security detection instruction, and determining a system identifier of the host system to be detected; and determining each sub-item in the items to be detected from the network security detection item table according to the system identification.
In this embodiment, in response to the network security detection instruction, first, a system identifier of the host system to be detected needs to be determined, where the system identifier may be used to determine a name or a system of the host to be detected, for example, according to the network security detection instruction, it is determined that the host system to be detected is an apparatus identified as a1 and equipped with a Linux system.
In this embodiment, while the host system identifier to be detected is determined, the network security detection item table may also be obtained from a server or a target terminal of the system. The network security detection item table may be a table including multi-dimensional detection items, and it can be understood that each item in the table corresponds to each sub-item in the item to be detected in the first embodiment. Further, after the host to be detected acquires the network security detection item table, each sub-item can be determined based on the content in the table.
S220, calling a sub-detection program code corresponding to each sub-item in the item to be detected, and detecting the corresponding sub-item based on the sub-detection program code to obtain a sub-detection result corresponding to each sub-item.
In this embodiment, when the items to be detected determined by the host system to be detected are different, the adopted detection modes are also different, optionally, when the items to be detected include at least one of a password configuration sub-item, a login timeout sub-item, a remote access sub-item, an audit function sub-item and a history command sub-item, for each sub-item, based on a sub-detection program code corresponding to the current sub-item, the parameters of the items to be detected of the current sub-item are read; and determining the sub-detection result of the current sub-project based on the project parameter to be detected and the specified parameter corresponding to the current sub-project.
Specifically, when a host to be detected carries a Linux system, and when a password configuration sub-item is detected, a logic.defs file and a system-auth file can be determined under a directory of a system configuration file (namely, an etc file), further, whether a PASS _ MIN _ LEN (namely, a parameter corresponding to the minimum length of a password) in the files is greater than or equal to 8 or not and whether a PASS _ MAX _ dys (namely, a parameter corresponding to a modification period of the password) is less than or equal to 180 or not are detected, and meanwhile, whether values of four parameters, namely, dcred, ucred, lcred and ocred, are respectively detected to be less than or equal to-1 or not, so that whether the current system forcibly requires that the password has upper and lower letters, numbers, special symbols and the like is determined. It can be understood that the detected parameters in the host system to be detected are the parameters of the items to be detected, and after the values of the parameters of the items are determined, the parameters can be compared with the specified parameters, so as to obtain the sub-detection results of the password configuration sub-items.
When the login timeout sub-item is detected, a profile file can be determined under a directory of a system configuration file, further, whether the value of TMOUT in the file is less than or equal to 300 (that is, whether the static locking time after login is less than or equal to 5 minutes) is detected, and similarly, according to the actual value of the parameter, the sub-detection result of the login timeout sub-item can be obtained.
When detecting the remote access sub-item, a service sshd status command may be triggered first to check whether the ssh service is currently started by the system, if it is determined that the system has started the service, a sshd _ config file is determined under a directory of a system configuration file, further, whether a port number in the file is a default port number 22 is detected, and similarly, a sub-detection result of the remote access sub-item may be obtained according to an actual value of the port number.
When the audit function sub-items are detected, service rsyslog status and service audio status commands can be respectively triggered to check whether the system starts the log checking function and the audit function currently, if the log checking function is determined to be started, a sshd _ config file is determined under a directory of a system configuration file, and further, whether the syslog facility AUTH in the file is annotated is detected, so that whether the system starts SSH log audit is determined; and if the audit function is determined to be started by the system, determining a lograte. config file under a directory of the system configuration file, further detecting a value of rotate in the file, so as to determine whether the audit content of the host system to be detected is set to be stored for 6 months, and obtaining a sub-detection result of the sub-item of the audit function through the detection.
When the historical command sub-items are detected, a profile file can be determined under a directory of a system configuration file, further, whether the values of HISTSIZE and HISTFILESSIZE in the file are less than or equal to 5 (namely whether the historical commands exceed 5 items) is detected respectively, and similarly, the sub-detection results of the historical command sub-items can be obtained according to the actual values of the parameters.
It should be noted that, when the sub-detection result of the sub-item is determined, the sub-item may be temporarily stored in the network security detection application software.
Optionally, when the item to be detected includes at least one of a user management sub-item, a port sub-item, and a service switch state sub-item, determining a sub-detection command corresponding to the current sub-item for each sub-item, and running the sub-detection command; and determining the sub-detection result of the current sub-item based on the running result of the sub-detection command and the specified running result corresponding to the current sub-item.
Specifically, when detecting the user management sub-item, a password file can be determined under a directory of a system configuration file, a user without being annotated or with closed login authority is determined according to file content, and when the user is detected, user information is recorded in a remark column; further, based on the umask command run by the host system to be detected, it is determined whether the execution result of the command is 0022 (that is, the default umask value of the system of the root user), and it can be understood that the sub-detection result of the user management sub-item can be obtained according to the actual execution result of the command.
When port sub-items are detected, high-risk ports such as 135, 137, 138, 139, 445 and 3389 of a host system to be detected can be tested to determine whether the ports are occupied by other programs, when partial ports are determined to be occupied by other programs, the corresponding ports are not closed, and the sub-detection results of the port sub-items can be obtained according to the port test results.
When the service switch state sub-item is detected, the current service started by the host system to be detected can be determined in the generated service list according to the command operation result based on the chkconfig-list command operated by the host system to be detected, specifically, the started service can be automatically compared with the service required to be closed in the network security detection item table, and the comparison result is used as the sub-detection result of the service switch state sub-item.
It should be understood by those skilled in the art that, in the embodiment, when the sub-detection result of the sub-item is determined, the sub-detection result may also be temporarily stored in the network security detection application software; meanwhile, it should be noted that the specified parameters or the specified operation results in this embodiment may be adjusted according to actual situations, and this is not specifically limited in this disclosure.
And S230, updating the system identification corresponding to the network security detection instruction, the application parameters of the host system to be detected and the target detection result into a target result table, so as to send the target detection result to the target terminal equipment based on the target result table.
In this embodiment, when performing network security detection on the host system to be detected, the system identifier corresponding to the network security detection instruction, the application parameter of the host system, and the target detection result may also be obtained. The application parameters include system version information and network protocol addresses, and the target detection result is a set constructed based on sub-detection results corresponding to each sub-item in the item to be detected. Further, the information may be updated to the target result table, so as to feed back the target result table to the target terminal device. It can be understood that, in the actual application process, the target result table is the network security detection item table filled with the correlation information of the host system to be detected and each sub-detection result.
When the target detection result is fed back to the target terminal equipment, the corresponding host system association information is filled in the table, so that the target terminal equipment can distinguish the detected hosts from the feedback results in the form of multiple tables after network security detection is carried out on multiple hosts.
S240, determining a target detection result based on each sub-detection result, determining a compliance judgment field corresponding to the detected item according to the target detection result, and filling the compliance judgment field into a network security detection item table; and sending the filled network security detection item table to the target terminal equipment.
In this embodiment, after obtaining the sub-detection results of each sub-item, the detection results may be integrated to obtain the target detection result. In order to feed back the target detection result to the target terminal device in a concise form, in an actual application process, the sub-detection results in the set may be replaced based on a compliance determination field (such as a pair number and a cross number), for example, the sub-detection result that conforms to the network security regulation is replaced with the pair number, the sub-detection result that does not conform to the network security regulation is replaced with the cross number, and further, the compliance determination field is filled in a corresponding position of the network security detection item table, and the filled table is sent to the target terminal device.
It should be noted that, when the target terminal device receives the filled network security detection form, it can not only quickly determine whether the host system to be detected conforms to the network security detection rules, but also output the form in the form of an Excel document. Meanwhile, after the sub-detection results corresponding to the sub-items are obtained, the sub-items to be adjusted which do not meet the preset requirements are determined according to the sub-detection results, prompt information associated with the sub-items to be adjusted is generated according to the specified parameters corresponding to the sub-items to be adjusted, and the prompt information is displayed on a target display interface, so that the reminding of workers is achieved.
According to the technical scheme, a network security detection item table is obtained in response to a network security detection instruction, and each sub-item in the items to be detected for the host system to be detected is determined based on the item table; when the sub-items to be detected are different, detecting the sub-items in a differentiated mode, and obtaining corresponding sub-detection results; basic information of the host system to be detected and all the sub-detection results are filled into the network security detection project table together, and the table is fed back to the target terminal equipment, so that the technical effect of automatically feeding back the target detection results to the staff in a concise and clear form is achieved.
EXAMPLE III
As an alternative embodiment of the foregoing embodiment, fig. 3 is a schematic flow chart of a system detection method according to a third embodiment of the present invention. For clearly describing the technical solution of the present embodiment, the application scenario is directed to performing network security detection on a host in a Linux system in an automated manner, but the present invention is not limited to the above scenario and may be applied to various scenarios requiring network security detection on a system.
Referring to fig. 3, when performing network security detection on a host system to be detected, first, a network security ledger standard table source file, that is, a network security detection item table in the first embodiment and the second embodiment, needs to be obtained based on a program in application software. In the practical application process, the table is mainly used for checking whether the network security reinforcement of the host to be detected meets the requirements item by item, and meanwhile, after the detection of the sub-items in the items to be detected is finished, the corresponding sub-detection results can be filled in the item table and fed back to the target terminal equipment in the form of mails.
With reference to fig. 3, after the network security detection item table is obtained, the item table needs to be filled based on basic information such as a release version and an IP address of the host system to be detected, so that the target terminal device can distinguish the multiple hosts to be detected. Furthermore, the user management sub-item, the password configuration sub-item, the login timeout sub-item, the port sub-item, the service switch state sub-item, the remote access sub-item, the audit function sub-item and the history command sub-item are detected one by one to judge whether the items meet the requirements or regulations of network safety or not, and the judgment result is temporarily stored in each sub-detection program.
With reference to fig. 3, after the sub-detection results corresponding to the sub-items are obtained, the sub-detection results may be continuously filled in the obtained network security detection item table in the form of a check mark or a cross mark, where the check mark indicates that the sub-detection results of the sub-items meet the requirement or specification of network security, and the cross mark indicates that the sub-detection results of the sub-items do not meet the requirement or specification of network security. After the network security detection item table is filled, the host system to be detected can feed the table back to the target terminal equipment. It should be noted that, after receiving the populated network security detection item table, the target terminal device may not only know the current network security reinforcement status of the host system to be detected in an indirect clear manner, but also output the table in the form of an Excel table.
The beneficial effects of the above technical scheme are: the method and the device realize the detection of the network security condition of the host in an automatic mode, not only reduce the labor cost and improve the working efficiency, but also avoid the problem of careless mistakes which may occur when the network security detection is manually carried out.
Example four
Fig. 4 is a block diagram of a system detection apparatus according to a fourth embodiment of the present invention, which is capable of executing a system detection method according to any embodiment of the present invention, and has functional modules and beneficial effects corresponding to the execution method. As shown in fig. 4, the apparatus specifically includes: an item to be detected determination module 310, a detection module 320, and a feedback module 330.
The to-be-detected item determining module 310 is configured to determine an item to be detected in response to the network security detection instruction; the items to be detected comprise at least one of a user management sub-item, a password configuration sub-item, a login timeout sub-item, a port sub-item, a service switch state sub-item, a remote access sub-item, an auditing function sub-item and a history command sub-item.
The detecting module 320 is configured to retrieve sub-detecting program codes corresponding to the sub-items in the item to be detected, and detect the corresponding sub-items based on the sub-detecting program codes to obtain sub-detecting results corresponding to the sub-items.
The feedback module 330 is configured to determine a target detection result based on each sub-detection result, and feed back the target detection result to the target terminal device.
On the basis of the above technical solutions, the to-be-detected item determining module 310 includes a system identifier determining unit and a sub-item determining unit.
And the system identification determining unit is used for responding to the network security detection instruction and determining the system identification of the host system to be detected.
And the sub-item determining unit is used for determining each sub-item in the items to be detected from the network security detection item table according to the system identifier.
Optionally, when the item to be detected includes at least one of a password configuration sub-item, a login timeout sub-item, a remote access sub-item, an audit function sub-item, and a history command sub-item, the detection module 320 is further configured to, for each sub-item, read a parameter of the item to be detected of the current sub-item based on a sub-detection program code corresponding to the current sub-item; and determining the sub-detection result of the current sub-project based on the project parameter to be detected and the specified parameter corresponding to the current sub-project.
Optionally, when the item to be detected includes at least one of a user management sub-item, a port sub-item, and a service switch state sub-item, the detection module 320 is further configured to determine, for each sub-item, a sub-detection command corresponding to the current sub-item, and run the sub-detection command; and determining the sub-detection result of the current sub-item based on the running result of the sub-detection command and the specified running result corresponding to the current sub-item.
On the basis of the technical schemes, the system detection device also comprises a target result table updating module.
A target result table updating module, configured to update the system identifier corresponding to the network security detection instruction, the application parameter of the host system to be detected, and the target detection result into a target result table, so as to send the target detection result to the target terminal device based on the target result table; wherein the application parameters include system version information and network protocol addresses.
On the basis of the above technical solutions, the feedback module 330 includes a filling unit and a feedback unit.
And the filling unit is used for determining a compliance judgment field corresponding to the detected item according to the target detection result and filling the compliance judgment field into the network security detection item table.
And the feedback unit is used for sending the filled network security detection item table to the target terminal equipment.
On the basis of the technical schemes, the system detection device further comprises a prompt module.
And the prompting module is used for determining the sub-items to be adjusted which do not meet the preset requirements according to the sub-detection results, generating prompting information associated with the sub-items to be adjusted according to the specified parameters corresponding to the sub-items to be adjusted, and displaying the prompting information on a target display interface.
According to the technical scheme provided by the embodiment, in response to a network security check instruction, determining an item to be detected, namely determining at least one item from a user management sub-item, a password configuration sub-item, a login timeout sub-item, a port sub-item, a service switch state sub-item, a remote access sub-item, an audit function sub-item and a history command sub-item; calling a sub-detection program code corresponding to each sub-item in the item to be detected, and detecting the corresponding sub-item based on the sub-detection program code to obtain a sub-detection result corresponding to each sub-item; and finally, determining a target detection result based on each sub-detection result, and feeding the target detection result back to the target terminal equipment, so that the detection of the network security condition of the host is realized in an automatic mode, the labor cost is reduced, the working efficiency is improved, and the problem of careless mistakes possibly caused by manual network security detection is avoided.
The system detection device provided by the embodiment of the invention can execute the system detection method provided by any embodiment of the invention, and has corresponding functional modules and beneficial effects of the execution method.
It should be noted that, the units and modules included in the apparatus are merely divided according to functional logic, but are not limited to the above division as long as the corresponding functions can be implemented; in addition, specific names of the functional units are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the embodiment of the invention.
EXAMPLE five
Fig. 5 is a schematic structural diagram of an electronic device according to a fifth embodiment of the present invention. FIG. 5 illustrates a block diagram of an exemplary electronic device 40 suitable for use in implementing embodiments of the present invention. The electronic device 40 shown in fig. 5 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiment of the present invention.
As shown in fig. 5, electronic device 40 is embodied in the form of a general purpose computing device. The components of electronic device 40 may include, but are not limited to: one or more processors or processing units 401, a system memory 402, and a bus 403 that couples the various system components (including the system memory 402 and the processing unit 401).
Bus 403 represents one or more of any of several types of bus structures, including a memory bus or memory controller, a peripheral bus, an accelerated graphics port, and a processor or local bus using any of a variety of bus architectures. By way of example, such architectures include, but are not limited to, Industry Standard Architecture (ISA) bus, micro-channel architecture (MAC) bus, enhanced ISA bus, Video Electronics Standards Association (VESA) local bus, and Peripheral Component Interconnect (PCI) bus.
Electronic device 40 typically includes a variety of computer system readable media. Such media may be any available media that is accessible by electronic device 40 and includes both volatile and nonvolatile media, removable and non-removable media.
The system memory 402 may include computer system readable media in the form of volatile memory, such as Random Access Memory (RAM)404 and/or cache memory 405. The electronic device 40 may further include other removable/non-removable, volatile/nonvolatile computer system storage media. By way of example only, storage system 406 may be used to read from and write to non-removable, nonvolatile magnetic media (not shown in FIG. 5, commonly referred to as a "hard drive"). Although not shown in FIG. 5, a magnetic disk drive for reading from and writing to a removable, nonvolatile magnetic disk (e.g., a "floppy disk") and an optical disk drive for reading from or writing to a removable, nonvolatile optical disk (e.g., a CD-ROM, DVD-ROM, or other optical media) may be provided. In these cases, each drive may be connected to the bus 403 by one or more data media interfaces. Memory 402 may include at least one program product having a set (e.g., at least one) of program modules that are configured to carry out the functions of embodiments of the invention.
A program/utility 408 having a set (at least one) of program modules 407 may be stored, for example, in memory 402, such program modules 407 including, but not limited to, an operating system, one or more application programs, other program modules, and program data, each of which examples or some combination thereof may comprise an implementation of a network environment. Program modules 407 generally perform the functions and/or methods of the described embodiments of the invention.
The electronic device 40 may also communicate with one or more external devices 409 (e.g., keyboard, pointing device, display 410, etc.), with one or more devices that enable a user to interact with the electronic device 40, and/or with any devices (e.g., network card, modem, etc.) that enable the electronic device 40 to communicate with one or more other computing devices. Such communication may be through input/output (I/O) interface 411. Also, the electronic device 40 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network, such as the internet) via the network adapter 412. As shown, the network adapter 412 communicates with the other modules of the electronic device 40 over the bus 403. It should be appreciated that although not shown in FIG. 5, other hardware and/or software modules may be used in conjunction with electronic device 40, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.
The processing unit 401 executes various functional applications and data processing by executing programs stored in the system memory 402, for example, to implement the system detection method provided by the embodiment of the present invention.
EXAMPLE six
An embodiment of the present invention also provides a storage medium containing computer-executable instructions, which when executed by a computer processor, perform a system detection method.
The method comprises the following steps:
responding to a network security detection instruction, and determining a to-be-detected item; the project to be detected comprises at least one of a user management sub project, a password configuration sub project, a login overtime sub project, a port sub project, a service switch state sub project, a remote access sub project, an auditing function sub project and a history command sub project;
calling a sub-detection program code corresponding to each sub-item in the item to be detected, and detecting the corresponding sub-item based on the sub-detection program code to obtain a sub-detection result corresponding to each sub-item;
and determining a target detection result based on each sub-detection result, and feeding back the target detection result to the target terminal equipment.
Computer storage media for embodiments of the invention may employ any combination of one or more computer-readable media. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
A computer readable signal medium may include a propagated data signal with computer readable item code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
The item code embodied on the computer readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Computer project code for carrying out operations for embodiments of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The project code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present invention and the technical principles employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.

Claims (10)

1. A method for system detection, comprising:
responding to a network security detection instruction, and determining a to-be-detected item; the project to be detected comprises at least one of a user management sub project, a password configuration sub project, a login overtime sub project, a port sub project, a service switch state sub project, a remote access sub project, an auditing function sub project and a history command sub project;
calling a sub-detection program code corresponding to each sub-item in the item to be detected, and detecting the corresponding sub-item based on the sub-detection program code to obtain a sub-detection result corresponding to each sub-item;
and determining a target detection result based on each sub-detection result, and feeding back the target detection result to the target terminal equipment.
2. The method of claim 1, wherein determining the item to be detected in response to the network security detection instruction comprises:
responding to the network security detection instruction, and determining a system identifier of the host system to be detected;
and determining each sub-item in the items to be detected from the network security detection item table according to the system identification.
3. The method according to claim 1, wherein when the item to be detected includes at least one of a password configuration sub-item, a login timeout sub-item, a remote access sub-item, an audit function sub-item and a history command sub-item, the detecting the corresponding sub-item based on the sub-detection program code to obtain a sub-detection result corresponding to each sub-item, includes:
for each sub-item, reading the to-be-detected item parameter of the current sub-item based on the sub-detection program code corresponding to the current sub-item;
and determining the sub-detection result of the current sub-project based on the project parameter to be detected and the specified parameter corresponding to the current sub-project.
4. The method according to claim 1, wherein when the item to be detected includes at least one of a user management sub-item, a port sub-item, and a service switch status sub-item, the detecting the corresponding sub-item based on the sub-detection program code to obtain a sub-detection result corresponding to each sub-item includes:
aiming at each sub-item, determining a sub-detection command corresponding to the current sub-item, and operating the sub-detection command;
and determining the sub-detection result of the current sub-item based on the running result of the sub-detection command and the specified running result corresponding to the current sub-item.
5. The method of claim 2, further comprising:
updating a system identifier corresponding to the network security detection instruction, application parameters of the host system to be detected and a target detection result into a target result table, so as to send the target detection result to the target terminal device based on the target result table;
wherein the application parameters include system version information and network protocol addresses.
6. The method of claim 5, wherein the feeding back the target detection result to a target terminal device comprises:
determining a compliance judgment field corresponding to a detected item according to the target detection result, and filling the compliance judgment field into the network security detection item table;
and sending the filled network security detection item table to the target terminal equipment.
7. The method according to claim 1, further comprising, after obtaining the sub-detection results corresponding to the sub-items:
and determining the sub-items to be adjusted which do not meet the preset requirements according to the sub-detection results, generating prompt information associated with the sub-items to be adjusted according to the specified parameters corresponding to the sub-items to be adjusted, and displaying the prompt information on a target display interface.
8. A system detection apparatus, comprising:
the to-be-detected item determining module is used for responding to the network security detection instruction and determining to-be-detected items; the project to be detected comprises at least one of a user management sub project, a password configuration sub project, a login overtime sub project, a port sub project, a service switch state sub project, a remote access sub project, an auditing function sub project and a history command sub project;
the detection module is used for calling a sub-detection program code corresponding to each sub-item in the item to be detected, and detecting the corresponding sub-item based on the sub-detection program code to obtain a sub-detection result corresponding to each sub-item;
and the feedback module is used for determining a target detection result based on each sub-detection result and feeding the target detection result back to the target terminal equipment.
9. An electronic device, characterized in that the electronic device comprises:
one or more processors;
a storage device for storing one or more programs,
when executed by the one or more processors, cause the one or more processors to implement the system detection method of any one of claims 1-7.
10. A storage medium containing computer-executable instructions for performing the system detection method of any one of claims 1-7 when executed by a computer processor.
CN202111433670.9A 2021-11-29 2021-11-29 System detection method, device, electronic equipment and storage medium Active CN114095269B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111433670.9A CN114095269B (en) 2021-11-29 2021-11-29 System detection method, device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111433670.9A CN114095269B (en) 2021-11-29 2021-11-29 System detection method, device, electronic equipment and storage medium

Publications (2)

Publication Number Publication Date
CN114095269A true CN114095269A (en) 2022-02-25
CN114095269B CN114095269B (en) 2024-04-30

Family

ID=80305602

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111433670.9A Active CN114095269B (en) 2021-11-29 2021-11-29 System detection method, device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN114095269B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104253809A (en) * 2013-06-29 2014-12-31 北京新媒传信科技有限公司 Method and system for detecting network content
CN106446691A (en) * 2016-11-24 2017-02-22 工业和信息化部电信研究院 Method and device for detecting integrated or customized open source project bugs in software
CN107578345A (en) * 2017-09-08 2018-01-12 南方电网科学研究院有限责任公司 Power system safety detection method and device, storage medium and computer equipment
CN110928777A (en) * 2019-11-15 2020-03-27 深圳前海微众银行股份有限公司 Test case processing method, device, equipment and storage medium
CN112491782A (en) * 2020-09-29 2021-03-12 新华三信息安全技术有限公司 Safety detection analysis method and device
US20210279513A1 (en) * 2019-03-21 2021-09-09 Tecent Technology (Shenzhen) Company Limited Target detection method and apparatus, model training method and apparatus, device, and storage medium

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104253809A (en) * 2013-06-29 2014-12-31 北京新媒传信科技有限公司 Method and system for detecting network content
CN106446691A (en) * 2016-11-24 2017-02-22 工业和信息化部电信研究院 Method and device for detecting integrated or customized open source project bugs in software
CN107578345A (en) * 2017-09-08 2018-01-12 南方电网科学研究院有限责任公司 Power system safety detection method and device, storage medium and computer equipment
US20210279513A1 (en) * 2019-03-21 2021-09-09 Tecent Technology (Shenzhen) Company Limited Target detection method and apparatus, model training method and apparatus, device, and storage medium
CN110928777A (en) * 2019-11-15 2020-03-27 深圳前海微众银行股份有限公司 Test case processing method, device, equipment and storage medium
CN112491782A (en) * 2020-09-29 2021-03-12 新华三信息安全技术有限公司 Safety detection analysis method and device

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
GITXIAOJUN: "Linux***安全检查脚本", pages 1 - 6, Retrieved from the Internet <URL:https://github.com/gitxiaojun/shell/blob/master/Linux%E7%B3%BB%E7%BB%9F%E5%AE%89%E5%85%A8%E6%A3%80%E6%9F%A5%E8%84%9A%E6%9C%AC> *
IT_狂奔者: "linux下安全基线配置", pages 1 - 32, Retrieved from the Internet <URL:https://blog.csdn.net/chj_1224365967/article/details/114589867> *

Also Published As

Publication number Publication date
CN114095269B (en) 2024-04-30

Similar Documents

Publication Publication Date Title
CN111695156A (en) Service platform access method, device, equipment and storage medium
CN111416811B (en) Unauthorized vulnerability detection method, system, equipment and storage medium
US9262208B2 (en) Automated, controlled distribution and execution of commands and scripts
CN112636957B (en) Early warning method and device based on log, server and storage medium
CN109358827B (en) Method, system, equipment and storage medium for controlling application serial port printing
CN112363753A (en) Data verification method and device, electronic equipment and storage medium
JP5936798B2 (en) Log analysis device, unauthorized access audit system, log analysis program, and log analysis method
CN114253864A (en) Service testing method and device, electronic equipment and storage medium
CN113704102B (en) Application program compliance detection method, device, equipment and medium
CN113961836A (en) Page jump method and device, electronic equipment and storage medium
CN113282458A (en) Anti-flash-back method and device for application program, electronic equipment and storage medium
CN110162982B (en) Method and device for detecting illegal rights, storage medium and electronic equipment
CN114095269B (en) System detection method, device, electronic equipment and storage medium
CN112464176B (en) Authority management method and device, electronic equipment and storage medium
CN112995143B (en) Safety reporting method, device, equipment and medium based on mail system
CN115296895A (en) Request response method and device, storage medium and electronic equipment
CN114443721A (en) Data processing method and device, electronic equipment and storage medium
CN114817990A (en) Sensitive data management method and device, electronic equipment and storage medium
CN113467941A (en) Method and device for sharing information
CN112818204A (en) Service processing method, device, equipment and storage medium
CN111124423A (en) Multi-platform-based compiling detection method, device, server and medium
CN115080977B (en) Security vulnerability defending method, system, computer equipment and storage medium
CN110750764B (en) Terminal control management method, device, computer equipment and storage medium
CN114844691B (en) Data processing method and device, electronic equipment and storage medium
CN115114670B (en) File unlocking method and device based on external link, network disk and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant