[go: up one dir, main page]

CN108833358A - Method and system for managing security baseline - Google Patents

Method and system for managing security baseline Download PDF

Info

Publication number
CN108833358A
CN108833358A CN201810496227.8A CN201810496227A CN108833358A CN 108833358 A CN108833358 A CN 108833358A CN 201810496227 A CN201810496227 A CN 201810496227A CN 108833358 A CN108833358 A CN 108833358A
Authority
CN
China
Prior art keywords
security
task
client
baseline
management
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810496227.8A
Other languages
Chinese (zh)
Inventor
梁媛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhengzhou Yunhai Information Technology Co Ltd
Original Assignee
Zhengzhou Yunhai Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhengzhou Yunhai Information Technology Co Ltd filed Critical Zhengzhou Yunhai Information Technology Co Ltd
Priority to CN201810496227.8A priority Critical patent/CN108833358A/en
Publication of CN108833358A publication Critical patent/CN108833358A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Debugging And Monitoring (AREA)

Abstract

本发明提供一种安全基线的管理方法及系统,方法:步骤1.客户端接收任务;所述任务包括对操作系统的安全配置项进行操作的任务;步骤2.客户端判断任务类型;所述任务类型包括安全扫描任务、修复任务和恢复初始配置任务;步骤3.当任务为安全扫描任务时,客户端对操作系统的安全配置项进行扫描,获取安全配置项的扫描值;获取安全策略中的基线值;比较安全配置项的扫描值和安全策略设定的基线值来判断安全配值项是否合规;客户端返回安全扫描任务的结果;返回步骤1。系统包括客户端;客户端包括子任务管理模块和安全基线安全组件模块。本发明对安全配置项进行扫描和修复,提高操作系统的安全性和合规性,有效防御未知恶意行为对主机的破坏。

The present invention provides a security baseline management method and system, the method: Step 1. The client receives the task; the task includes the task of operating the security configuration items of the operating system; Step 2. The client judges the task type; the Task types include security scan tasks, repair tasks, and restore initial configuration tasks; Step 3. When the task is a security scan task, the client scans the security configuration items of the operating system to obtain the scan value of the security configuration items; The baseline value of the security configuration item; compare the scanning value of the security configuration item with the baseline value set by the security policy to determine whether the security configuration item is compliant; the client returns the result of the security scanning task; return to step 1. The system includes a client; the client includes a subtask management module and a safety baseline safety component module. The invention scans and repairs security configuration items, improves the security and compliance of the operating system, and effectively prevents damage to the host computer by unknown malicious behaviors.

Description

一种安全基线的管理方法及系统Method and system for managing security baseline

技术领域technical field

本发明属于服务器主机安全领域,具体涉及一种安全基线的管理方法及系统。The invention belongs to the field of server host security, and in particular relates to a security baseline management method and system.

背景技术Background technique

操作系统安全基线:安全基线是一个操作系统的最小安全保证,即该信息系统最基本需要满足的安全要求。Operating system security baseline: The security baseline is the minimum security guarantee of an operating system, that is, the most basic security requirements that the information system needs to meet.

安全配置:由于信息管理员人为的疏忽造成,涉及到用户账号、用户口令、访问授权、系统日志等方面内容,反映了系统自身的安全脆弱性。Security configuration: Due to the negligence of the information administrator, it involves user accounts, user passwords, access authorization, system logs, etc., reflecting the security vulnerability of the system itself.

随着企业信息化建设取得快速进展,同时面临着更为严峻的信息安全风险,在信息安全风险里,信息系统配置操作是否安全是及其重要的方面。安全配置错误一般是人为操作失误导致,而满足大量信息系统设备的安全配置要求,对运维人员业务水平、技术水平要求相对较高。信息安全基线管理对提高企业网络与信息系统的安全起到了至关重要的作用。With the rapid progress of enterprise information construction, it is facing more severe information security risks. In information security risks, whether the information system configuration operation is safe is an extremely important aspect. Security configuration errors are generally caused by human error, and meeting the security configuration requirements of a large number of information system equipment requires relatively high professional and technical levels of operation and maintenance personnel. Information security baseline management plays a vital role in improving the security of enterprise network and information system.

面对庞大的信息系统各类资产,作为信息系统运维人员,要对海量的信息资产进行安全配置分析、识别不符合安全规范的项目并进行整改符合安全规范,这是一件很难完成的事情。Faced with a huge variety of assets in the information system, as an information system operation and maintenance personnel, it is difficult to perform security configuration analysis on massive information assets, identify items that do not meet security specifications, and rectify them to meet security specifications. matter.

以往的安全配置修复完成后,操作系统的安全性和合规性提高了,但是可能会影响用户现有业务的正常运行,即便是卸载了软件,也无法恢复。After the previous security configuration repair is completed, the security and compliance of the operating system have been improved, but it may affect the normal operation of the user's existing business, even if the software is uninstalled, it cannot be restored.

此为现有技术的不足,因此,针对现有技术中的上述缺陷,提供一种安全基线的管理方法及系统,是非常有必要的。This is a deficiency of the prior art. Therefore, it is very necessary to provide a safety baseline management method and system for the above-mentioned defects in the prior art.

发明内容Contents of the invention

本发明的目的在于,针对上述信息系统的资产安全配置分析识别困难以及安全配置修复后影响正常业务无法恢复的缺陷,提供一种安全基线的管理方法及系统,以解决上述技术问题。The object of the present invention is to provide a security baseline management method and system to solve the above-mentioned technical problems, aiming at the difficulty in analyzing and identifying the asset security configuration of the above-mentioned information system and the defect that the normal business cannot be restored after the security configuration is repaired.

为实现上述目的,本发明给出以下技术方案:To achieve the above object, the present invention provides the following technical solutions:

一种安全基线的管理方法,包括如下步骤:A method for managing a security baseline, comprising the steps of:

步骤1.客户端接收任务;所述任务包括对操作系统的安全配置项进行操作的任务;所述安全配置项包括身份鉴别、访问控制、安全审计、剩余信息保护、入侵防范、恶意代码防范以及资源控制;Step 1. The client receives the task; the task includes the task of operating the security configuration item of the operating system; the security configuration item includes identity authentication, access control, security audit, remaining information protection, intrusion prevention, malicious code prevention and resource control;

步骤2.客户端判断任务类型;所述任务类型包括安全扫描任务、修复任务和恢复初始配置任务;Step 2. The client judges the task type; the task type includes a security scan task, a repair task and a recovery initial configuration task;

步骤3.当任务为安全扫描任务时,客户端通过安全基线安全组件对操作系统的安全配置项进行扫描,获取安全配置项的扫描值;Step 3. When the task is a security scanning task, the client scans the security configuration items of the operating system through the security baseline security component to obtain the scan value of the security configuration items;

获取安全策略中的基线值;Obtain the baseline value in the security policy;

比较安全配置项的扫描值和安全策略设定的基线值来判断安全配值项是否合规;Compare the scan value of the security configuration item with the baseline value set by the security policy to determine whether the security configuration item is compliant;

客户端返回安全扫描任务的结果;The client returns the result of the security scanning task;

返回步骤1。Return to step 1.

进一步地,还包括如下步骤:Further, the following steps are also included:

步骤4.当任务为修复任务时,客户端通过安全基线安全组件对操作系统的安全配置项进行扫描;Step 4. When the task is a repair task, the client scans the security configuration items of the operating system through the security baseline security component;

获取安全配置项的扫描值;Obtain the scan value of the security configuration item;

获取安全策略中的基线值;Obtain the baseline value in the security policy;

比较安全配置项的扫描值和安全策略设定的基线值来判断安全配置项是否合规;Compare the scan value of the security configuration item with the baseline value set by the security policy to determine whether the security configuration item is compliant;

若不合规,则通过安全基线安全组件将安全配置项设置为安全策略中的基线值;If not, set the security configuration item to the baseline value in the security policy through the security baseline security component;

若合规,则不进行操作;If it complies with the regulations, do not operate;

客户端返回修复任务的结果;The client returns the result of the repair task;

返回步骤1。Return to step 1.

进一步地,步骤3和步骤4中客户端对操作系统的安全配置项进行扫描的同时,判断是否为初次扫描;Further, in step 3 and step 4, when the client scans the security configuration items of the operating system, it is judged whether it is the initial scan;

若是初次扫描,则保存安全配置项的初次扫描值;If it is the first scan, save the first scan value of the security configuration item;

若不是初次扫描,则不进行操作;If it is not the first scan, no operation is performed;

步骤4之后还包括:After step 4 also include:

步骤5.当任务为恢复初始配置任务时,客户端获取安全配置项的初次扫描值,通过安全基线安全组件将操作系统的安全配置项设定为初次扫描值,恢复初次扫描时的状态,客户端返回恢复初始配置任务的执行结果;Step 5. When the task is to restore the initial configuration task, the client obtains the initial scan value of the security configuration item, sets the security configuration item of the operating system to the initial scan value through the security baseline security component, and restores the state at the time of the initial scan. The terminal returns the execution result of restoring the initial configuration task;

返回步骤1。Return to step 1.

进一步地,步骤1之前还包括步骤1A:客户端接收安全策略;所述安全策略包括扫描设置、修复设置以及安全配置项设置;Further, step 1A is also included before step 1: the client receives a security policy; the security policy includes scan settings, repair settings, and security configuration item settings;

扫描设置包括设置是否开启定时扫描和设置扫描频率;Scanning settings include setting whether to enable scheduled scanning and setting the scanning frequency;

修复设置包括设置修复范围;The repair setting includes setting the repair range;

安全配置项设置,包括对基线值进行设置;Security configuration item settings, including setting baseline values;

用户可以灵活配置安全配置项的基线值和开启状态,根据需要调整安全水平,平衡主机的安全与使用便捷程度。Users can flexibly configure the baseline value and open status of security configuration items, adjust the security level as needed, and balance the security and convenience of the host.

进一步地,对基线值进行设置通过从专家知识库中存储的安全配置项的等级模板中选择基线值的等级,安全配置项的等级模板包括高级、中级和低级。用户可以通过统一的配置管理对操作系统的安全配置项基线值进行统一的配置,专家知识库内置不同安全等级的安全配置策略模板,构造一个更加安全的操作系统平台,降低主机操作系统合规性的风险。Further, the baseline value is set by selecting the grade of the baseline value from grade templates of security configuration items stored in the expert knowledge base, and the grade templates of security configuration items include high grade, middle grade and low grade. Users can uniformly configure the baseline values of the security configuration items of the operating system through unified configuration management. The expert knowledge base has built-in security configuration policy templates of different security levels to construct a more secure operating system platform and reduce the compliance of the host operating system. risks of.

进一步地,步骤3、步骤4以及步骤5中,客户端返回任务结果的同时,返回日志。管理平台接收客户端发送的日志,生成日志报表。日志报表是详细的安全评估报告,可以更直观的表示客户端操作系统的安全状态以及对客户端操作系统安全配置项进行的操作。Further, in step 3, step 4 and step 5, the client returns the log while returning the task result. The management platform receives the logs sent by the client and generates log reports. The log report is a detailed security assessment report, which can more intuitively represent the security status of the client operating system and the operations performed on the security configuration items of the client operating system.

进一步地,步骤1之前还包括如下步骤:Further, before step 1, the following steps are also included:

步骤1B.管理平台对客户端所在操作系统的资产进行基线管理;Step 1B. The management platform performs baseline management on the assets of the operating system where the client is located;

所述操作系统的资产包括物理机、虚拟机以及虚拟化软件;The assets of the operating system include physical machines, virtual machines and virtualization software;

对操作系统的资产进行基线管理包括资产自动发现、资产手动录入以及对资产进行分组;Baseline management of operating system assets includes automatic asset discovery, manual asset entry, and asset grouping;

步骤1C.管理平台创建任务并向客户端发送任务。Step 1C. The management platform creates a task and sends the task to the client.

本发明还给出如下技术方案:The present invention also provides following technical scheme:

一种安全基线的管理系统,包括客户端;A security baseline management system, including a client;

客户端包括子任务管理模块和安全基线安全组件模块;The client includes a subtask management module and a security baseline security component module;

子任务管理模块,用于接收任务,向安全基线安全组件模块发送执行命令,并返回执行结果;The subtask management module is used to receive tasks, send execution commands to the security baseline security component module, and return execution results;

所述任务包括安全扫描任务、修复任务以及恢复初始配置任务;The tasks include a security scanning task, a repairing task, and a restoring initial configuration task;

安全扫描任务,用于扫描客户端所在操作系统实时的安全配置项,获取安全配置项的扫描值,判断是否为初次扫描,当为初次扫描时,保存安全配置项的初次扫描值;还用于获取安全策略中的基线值,比较安全配置项的扫描值和安全策略设定的基线值来判断安全配值项是否合规;所述安全配置项包括身份鉴别、访问控制、安全审计、剩余信息保护、入侵防范、恶意代码防范以及资源控制;The security scan task is used to scan the real-time security configuration items of the operating system where the client is located, obtain the scan value of the security configuration item, and judge whether it is the first scan. When it is the first scan, save the initial scan value of the security configuration item; it is also used to Obtain the baseline value in the security policy, compare the scan value of the security configuration item with the baseline value set by the security policy to determine whether the security configuration item is compliant; the security configuration item includes identity authentication, access control, security audit, and residual information protection, intrusion prevention, malicious code prevention, and resource control;

修复任务,用于扫描客户端所在操作系统实时的安全配置项,获取安全配置项的扫描值,获取安全策略中的基线值,通过比较安全配置项的扫描值和设定的安全策略的基线值来判断安全配值项是否合规;当安全配置项的扫描值不合规时,将安全配置项设置为安全策略中的基线值;The repair task is used to scan the real-time security configuration items of the operating system where the client is located, obtain the scan value of the security configuration item, obtain the baseline value in the security policy, and compare the scan value of the security configuration item with the baseline value of the security policy set To determine whether the security configuration item is compliant; when the scan value of the security configuration item is not in compliance, set the security configuration item to the baseline value in the security policy;

恢复初始配置任务,用于获取安全配置项的初次扫描值,将操作系统的安全配置项设定为初次扫描值,恢复初次扫描时的状态;Restoring the initial configuration task is used to obtain the initial scanning value of the security configuration item, set the security configuration item of the operating system to the initial scanning value, and restore the state at the initial scanning;

安全基线安全组件模块,用于执行安全扫描任务获取安全配置项的值;用于执行修复任务或者恢复初始配置任务对安全配置项的值进行设置。The security baseline security component module is used to perform a security scanning task to obtain the value of a security configuration item; it is used to perform a repair task or restore an initial configuration task to set the value of a security configuration item.

进一步地,还包括管理平台,管理平台与客户端通过消息中间件连接;消息中间件采用RabbitMQ的消息总线;Further, it also includes a management platform, the management platform and the client are connected through the message middleware; the message middleware adopts the message bus of RabbitMQ;

管理平台包括任务管理模块;The management platform includes a task management module;

任务管理模块,用于创建任务并向客户端的子任务管理模块发送任务,接收客户端子任务管理模块返回的任务执行结果。The task management module is used to create a task and send the task to the subtask management module of the client, and receive the task execution result returned by the subtask management module of the client.

进一步地,管理平台与客户端采用B/S架构或C/S架构。B/S架构与C/S架构相结合,适用范围更广。Further, the management platform and the client adopt B/S architecture or C/S architecture. The combination of B/S architecture and C/S architecture has a wider scope of application.

进一步地,客户端还包括子策略管理模块;Further, the client also includes a sub-policy management module;

子策略管理模块,用于接收安全策略;A sub-policy management module, configured to receive a security policy;

管理平台还包括策略管理模块以及知识库管理模块;The management platform also includes a policy management module and a knowledge base management module;

知识库管理模块连接有专家知识库;The knowledge base management module is connected with an expert knowledge base;

策略管理模块,用于设置并向客户端的子策略管理模块发送安全策略;所述安全策略包括扫描设置、修复设置以及安全配置项设置;A policy management module, configured to set and send a security policy to the sub-policy management module of the client; the security policy includes scan settings, repair settings, and security configuration item settings;

专家知识库,用于存储安全配置项的等级模板;所述等级模板包括高级模板、中级模板以及低级模板;The expert knowledge base is used to store level templates of security configuration items; the level templates include high-level templates, intermediate-level templates and low-level templates;

知识库管理模块,用于升级专家知识库;通过不断完善、扩展的知识库,能够帮助客户解决操作系统更新,业务系统升级,知识库落后带来的问题,降低维护成本。The knowledge base management module is used to upgrade the expert knowledge base; through continuous improvement and expansion of the knowledge base, it can help customers solve problems caused by operating system updates, business system upgrades, and outdated knowledge bases, reducing maintenance costs.

进一步地,管理平台还包括资产管理模块;Further, the management platform also includes an asset management module;

资产管理模块,用于对客户端所在操作系统的资产进行基线管理;所述操作系统的资产包括物理机、虚拟机以及虚拟化软件。The asset management module is configured to perform baseline management on the assets of the operating system where the client resides; the assets of the operating system include physical machines, virtual machines, and virtualization software.

进一步地,客户端还包括日志管理模块,管理平台还包括日志报表模块;Further, the client also includes a log management module, and the management platform also includes a log report module;

日志管理模块,用于发送日志;Log management module, used to send logs;

日志报表模块,用于接收客户端日志管理模块的日志,对资产或者资产分组在指定时间段内的资产合规性进行统计分析,生成日志报表;所述日志报表类型包括Word、PDF以及Excel。The log report module is used to receive logs from the client log management module, perform statistical analysis on asset compliance of assets or asset groups within a specified time period, and generate log reports; the types of log reports include Word, PDF, and Excel.

本发明的有益效果在于:The beneficial effects of the present invention are:

本发明通过安全基线安全组件模块对操作系统的安全配置项进行全面扫描,并提供安全配置项修复功能,提高主机操作系统的安全性和合规性,有效防御未知恶意行为对主机的破坏;第一次进行安全扫描时,保存当前主机操作系统的安全配置项的扫描值,当安全配置项修复完成后影响正常业务时,通过安全基线安全组件模块恢复安全配置项到初始扫描值,保证业务不被中的,降低了维护成本;The present invention comprehensively scans the security configuration items of the operating system through the security baseline security component module, and provides a repair function of the security configuration items, improves the security and compliance of the host operating system, and effectively prevents damage to the host by unknown malicious behaviors; When a security scan is performed, the scan value of the security configuration item of the current host operating system is saved. When the security configuration item is repaired and the normal business is affected, the security configuration item is restored to the initial scan value through the security baseline security component module to ensure that the business does not Being selected, the maintenance cost is reduced;

本发明将人工本地审计数据提取、人工分析和安全评估报告编制过程自动化,可以全面搜集系统脆弱性信息和安全问题,对各类安全隐患统一进行排查,集中提供安全管理能力建设水平。The invention automates the process of manual local audit data extraction, manual analysis and preparation of safety assessment reports, can comprehensively collect system vulnerability information and safety problems, uniformly investigate various safety hazards, and provide a centralized level of safety management capacity building.

此外,本发明设计原理可靠,结构简单,具有非常广泛的应用前景。In addition, the design principle of the present invention is reliable, the structure is simple, and has very wide application prospects.

由此可见,本发明与现有技术相比,具有突出的实质性特点和显著的进步,其实施的有益效果也是显而易见的。It can be seen that, compared with the prior art, the present invention has outstanding substantive features and remarkable progress, and the beneficial effects of its implementation are also obvious.

附图说明Description of drawings

图1为本发明的方法流程图;Fig. 1 is method flowchart of the present invention;

图2为本发明的系统示意图;Fig. 2 is a schematic diagram of the system of the present invention;

其中,1-管理平台;1.1-任务管理模块;1.2-策略管理模块;1.3-知识库管理模块;1.4-资产管理模块;1.5-日志报表模块;2-客户端;3-消息中间件;4-专家知识库。Among them, 1-management platform; 1.1-task management module; 1.2-policy management module; 1.3-knowledge base management module; 1.4-asset management module; 1.5-log report module; 2-client; 3-message middleware; 4 - Expert knowledge base.

具体实施方式:Detailed ways:

为使得本发明的目的、特征、优点能够更加的明显和易懂,下面将结合本发明具体实施例中的附图,对本发明中的技术方案进行清楚、完整地描述。In order to make the purpose, features and advantages of the present invention more obvious and understandable, the technical solutions in the present invention will be clearly and completely described below in conjunction with the drawings in the specific embodiments of the present invention.

实施例1:Example 1:

如图1所示,步骤1.客户端接收任务;所述任务包括对操作系统的安全配置项进行操作的任务;As shown in Figure 1, step 1. The client receives the task; the task includes the task of operating the security configuration item of the operating system;

步骤2.客户端判断任务类型;所述任务类型包括安全扫描任务、修复任务和恢复初始配置任务;Step 2. The client judges the task type; the task type includes a security scan task, a repair task and a recovery initial configuration task;

步骤3.当任务为安全扫描任务时,客户端对操作系统的安全配置项进行扫描;获取安全配置项的扫描值;Step 3. When the task is a security scanning task, the client scans the security configuration items of the operating system; obtains the scan value of the security configuration items;

判断是否为初次扫描;若是初次扫描,则保存安全配置项的初次扫描值;Determine whether it is the first scan; if it is the first scan, save the first scan value of the security configuration item;

若不是初次扫描,则不进行操作;If it is not the first scan, no operation is performed;

获取安全策略中的基线值;Obtain the baseline value in the security policy;

比较安全配置项的扫描值和安全策略设定的基线值来判断安全配值项是否合规;Compare the scan value of the security configuration item with the baseline value set by the security policy to determine whether the security configuration item is compliant;

客户端返回安全扫描任务的结果;The client returns the result of the security scanning task;

返回步骤1;Return to step 1;

步骤4.当任务为修复任务时,客户端对操作系统的安全配置项进行扫描;Step 4. When the task is a repair task, the client scans the security configuration items of the operating system;

获取安全配置项的扫描值;Obtain the scan value of the security configuration item;

判断是否为初次扫描;若是初次扫描,则保存安全配置项的初次扫描值;Determine whether it is the first scan; if it is the first scan, save the first scan value of the security configuration item;

若不是初次扫描,则不进行操作;If it is not the first scan, no operation is performed;

获取安全策略中的基线值;Obtain the baseline value in the security policy;

比较安全配置项的扫描值和安全策略设定的基线值来判断安全配置项是否合规;Compare the scan value of the security configuration item with the baseline value set by the security policy to determine whether the security configuration item is compliant;

若不合规,则将安全配置项设置为安全策略中的基线值;If not, set the security configuration item to the baseline value in the security policy;

若合规,则不进行操作;If it complies with the regulations, do not operate;

客户端返回修复任务的结果;The client returns the result of the repair task;

返回步骤1;Return to step 1;

步骤5.当任务为恢复初始配置任务时,客户端获取安全配置项的初次扫描值,将操作系统的安全配置项设定为初次扫描值,恢复初次扫描时的状态,客户端返回恢复初始配置任务的执行结果;Step 5. When the task is to restore the initial configuration task, the client obtains the initial scan value of the security configuration item, sets the security configuration item of the operating system as the initial scan value, restores the state at the time of the initial scan, and the client returns to restore the initial configuration the results of the execution of the task;

返回步骤1。Return to step 1.

上述实施例1,步骤1之前还包括步骤1A:客户端接收安全策略;所述安全策略包括扫描设置、修复设置以及安全配置项设置;The above-mentioned embodiment 1, before step 1, also includes step 1A: the client receives the security policy; the security policy includes scanning settings, repair settings and security configuration item settings;

扫描设置包括设置是否开启定时扫描和设置扫描频率;Scanning settings include setting whether to enable scheduled scanning and setting the scanning frequency;

修复设置包括设置修复范围;The repair setting includes setting the repair range;

安全配置项设置,包括对基线值的进行设置;对基线值进行设置,通过从专家知识库中存储的安全配置项的等级模板中选择基线值的等级,安全配置项的等级模板包括高级、中级和低级;Security configuration item settings, including the setting of baseline values; to set baseline values, select the level of baseline values from the level templates of security configuration items stored in the expert knowledge base. The level templates of security configuration items include advanced, intermediate and lower;

用户可以灵活配置安全配置项的基线值和开启状态,根据需要调整安全水平,平衡主机的安全与使用便捷程度。用户可以通过统一的配置管理对操作系统的安全配置项基线值进行统一的配置,专家知识库内置不同安全等级的安全配置策略模板,构造一个更加安全的操作系统平台,降低主机操作系统合规性的风险。Users can flexibly configure the baseline value and open status of security configuration items, adjust the security level as needed, and balance the security and convenience of the host. Users can uniformly configure the baseline values of the security configuration items of the operating system through unified configuration management. The expert knowledge base has built-in security configuration policy templates of different security levels to construct a more secure operating system platform and reduce the compliance of the host operating system. risks of.

上述实施例1,步骤1之前还包括以下步骤:步骤1B.管理平台对客户端所在操作系统的资产进行基线管理;The above embodiment 1, before step 1, also includes the following steps: Step 1B. The management platform performs baseline management on the assets of the operating system where the client is located;

所述操作系统的资产包括物理机、虚拟机以及虚拟化软件;The assets of the operating system include physical machines, virtual machines and virtualization software;

对操作系统的资产进行基线管理包括资产自动发现、资产手动录入以及对资产进行分组;Baseline management of operating system assets includes automatic asset discovery, manual asset entry, and asset grouping;

步骤1C.管理平台创建任务并向客户端发送任务。Step 1C. The management platform creates a task and sends the task to the client.

步骤3、步骤4以及步骤5中,客户端返回任务结果的同时返回日志;In step 3, step 4 and step 5, the client returns the log while returning the task result;

步骤5中,返回步骤1之前还包括:管理平台接收客户端发送的日志,生成日志报表。日志报表是详细的安全评估报告,可以更直观的表示客户端操作系统的安全状态以及对客户端操作系统安全配置项进行的操作。In step 5, before returning to step 1, the method further includes: the management platform receives the log sent by the client, and generates a log report. The log report is a detailed security assessment report, which can more intuitively represent the security status of the client operating system and the operations performed on the security configuration items of the client operating system.

实施例2:Example 2:

实施例2是应用上述实施例1对客户端操作系统的安全配置项进行操作。Embodiment 2 is to apply the above embodiment 1 to operate the security configuration items of the client operating system.

管理平台创建安全扫描任务并向客户端发送安全扫描任务;The management platform creates a security scan task and sends the security scan task to the client;

客户端接收管理平台发送的任务并判断出任务类型为安全扫描任务;The client receives the task sent by the management platform and determines that the task type is a security scanning task;

任务为安全扫描任务时,客户端通过安全基线安全组件对操作系统的安全配置项进行扫描,获取安全配置项的扫描值,客户端判断出不是初次扫描;When the task is a security scan task, the client scans the security configuration items of the operating system through the security baseline security component to obtain the scan value of the security configuration items, and the client judges that it is not the first scan;

获取安全策略中的基线值;Obtain the baseline value in the security policy;

客户端比较安全配置项的扫描值和安全策略设定的基线值来判断安全配值项是否合规;判断出安全配置项中的访问控制不合规;The client compares the scan value of the security configuration item with the baseline value set by the security policy to determine whether the security configuration item is compliant; it determines that the access control in the security configuration item is not compliant;

客户端返回安全扫描任务的结果;The client returns the result of the security scanning task;

管理平台接收客户端返回的安全扫描任务执行结果,客户端的安全配置项访问控制不合规;The management platform receives the execution result of the security scanning task returned by the client, and the access control of the security configuration items of the client is not compliant;

管理平台创建修复任务并向客户端发送修复任务;The management platform creates a repair task and sends the repair task to the client;

客户端接收管理平台发送的任务并判断出任务类型为修复任务;The client receives the task sent by the management platform and judges that the task type is a repair task;

任务为修复任务时,客户端通过安全基线安全组件对操作系统的安全配置项进行扫描,获取安全配置项的扫描值,获取安全策略中的访问控制的基线值,并通过比较安全配置项的扫描值和安全策略设定的基线值来判断安全配值项是否合规;When the task is a repair task, the client scans the security configuration items of the operating system through the security baseline security component, obtains the scan value of the security configuration item, obtains the baseline value of the access control in the security policy, and compares the security configuration item by scanning value and the baseline value set by the security policy to judge whether the security configuration items are compliant;

安全配置项访问控制不合规,通过安全基线安全组件将安全配置项访问控制设置为安全策略中的基线值,客户端返回修复任务的结果;The access control of the security configuration item is not compliant, and the access control of the security configuration item is set to the baseline value in the security policy through the security baseline security component, and the client returns the result of the repair task;

管理平台接收客户端返回的修复任务执行结果,客户端的安全配置项访问控制修复任务完成;The management platform receives the execution result of the repair task returned by the client, and the repair task of access control of the security configuration item of the client is completed;

此时,若客户端的操作系统因为修复访问控制影响了正常业务的进行,则继续以下步骤;At this time, if the operating system of the client has affected the normal business due to repairing access control, continue with the following steps;

管理平台创建初始配置任务并向客户端发送恢复初始配置任务;The management platform creates an initial configuration task and sends the recovery initial configuration task to the client;

客户端接收管理平台发送的任务并判断出任务类型为恢复初始配置任务;The client receives the task sent by the management platform and judges that the task type is to restore the initial configuration task;

任务为恢复初始配置任务时,客户端获取安全配置项的初次扫描值,通过安全基线安全组件将操作系统的安全配置项访问控制设定为初次扫描值,恢复初次扫描时的状态,客户端返回恢复初始配置任务的执行结果;When the task is to restore the initial configuration task, the client obtains the initial scan value of the security configuration item, sets the access control of the security configuration item of the operating system to the initial scan value through the security baseline security component, restores the state at the time of the initial scan, and the client returns Restore the execution result of the initial configuration task;

管理平台接收客户端返回的恢复初始配置访问控制任务执行结果,客户端的安全配置项恢复初始配置任务完成。The management platform receives the execution result of the restore initial configuration access control task returned by the client, and the restore initial configuration task of the client's security configuration items is completed.

上述实施例2中,对客户端安全操作系统进行扫描前,管理平台向客户端发送安全策略;例如,设定每隔30分钟,扫描一次;设定安全配置中访问控制选择高级、中级和低级模板中的高级模板,即访问控制采用严格的控制,如低权限禁止访问;安全配置项中控制访问的高级、中级和低级模板存储在专家知识库中,专家知识库还支持升级,从而保证安全配置项中访问控制的各级别模板符合最新标准和要求。In the above-mentioned embodiment 2, before the security operating system of the client is scanned, the management platform sends a security policy to the client; for example, it is set to scan once every 30 minutes; the access control in the security configuration is set to select high-level, medium-level and low-level The high-level templates in the templates, that is, access control adopts strict control, such as low-privilege access prohibition; the high-level, medium-level and low-level templates that control access in security configuration items are stored in the expert knowledge base, and the expert knowledge base also supports upgrades to ensure security. The templates of each level of access control in configuration items comply with the latest standards and requirements.

实施例3:Example 3:

如图2所示,本发明还提供一种安全基线的管理系统,包括管理平台1和客户端2,管理平台1与客户端2通过消息中间件3连接;消息中间件3采用RabbitMQ的消息总线;管理平台1与客户端2采用B/S架构或C/S架构;客户端2的数量为若干个,即管理平台管理多个客户端的安全;As shown in Figure 2, the present invention also provides a management system of a security baseline, including a management platform 1 and a client 2, and the management platform 1 and the client 2 are connected through a message middleware 3; the message middleware 3 adopts the message bus of RabbitMQ ; Management platform 1 and client 2 adopt B/S architecture or C/S architecture; the number of client 2 is several, that is, the management platform manages the security of multiple clients;

管理平台1包括任务管理模块1.1、策略管理模块1.2、知识库管理模块1.3、资产管理模块1.4以及日志报表模块1.5;知识库管理模块1.3连接有专家知识库4;The management platform 1 includes a task management module 1.1, a policy management module 1.2, a knowledge base management module 1.3, an asset management module 1.4, and a log report module 1.5; the knowledge base management module 1.3 is connected to an expert knowledge base 4;

客户端2包括子任务管理模块2.1、安全基线安全组件模块2.2和子策略管理模块2.3;The client 2 includes a sub-task management module 2.1, a security baseline security component module 2.2 and a sub-policy management module 2.3;

任务管理模块1.1,用于创建任务并向客户端2的子任务管理模块2.1发送任务,接收客户端2子任务管理模块2.1返回的任务执行结果;The task management module 1.1 is used to create a task and send the task to the subtask management module 2.1 of the client 2, and receive the task execution result returned by the subtask management module 2.1 of the client 2;

所述任务包括安全扫描任务、修复任务以及恢复初始配置任务;The tasks include a security scanning task, a repairing task, and a restoring initial configuration task;

安全扫描任务,用于扫描客户端所在操作系统实时的安全配置项,获取安全配置项的扫描值,判断是否为初次扫描,当为初次扫描时,保存安全配置项的初次扫描值;还用于获取安全策略中的基线值,比较安全配置项的扫描值和安全策略设定的基线值来判断安全配值项是否合规;所述安全配置项包括身份鉴别、访问控制、安全审计、剩余信息保护、入侵防范、恶意代码防范以及资源控制;The security scan task is used to scan the real-time security configuration items of the operating system where the client is located, obtain the scan value of the security configuration item, and judge whether it is the first scan. When it is the first scan, save the initial scan value of the security configuration item; it is also used to Obtain the baseline value in the security policy, compare the scan value of the security configuration item with the baseline value set by the security policy to determine whether the security configuration item is compliant; the security configuration item includes identity authentication, access control, security audit, and residual information protection, intrusion prevention, malicious code prevention, and resource control;

修复任务,用于扫描客户端所在操作系统实时的安全配置项,获取安全配置项的扫描值,获取安全策略中的基线值,通过比较安全配置项的扫描值和设定的安全策略的基线值来判断安全配值项是否合规;当安全配置项的扫描值不合规时,将安全配置项设置为安全策略中的基线值;The repair task is used to scan the real-time security configuration items of the operating system where the client is located, obtain the scan value of the security configuration item, obtain the baseline value in the security policy, and compare the scan value of the security configuration item with the baseline value of the security policy set To determine whether the security configuration item is compliant; when the scan value of the security configuration item is not in compliance, set the security configuration item to the baseline value in the security policy;

恢复初始配置任务,用于获取安全配置项的初次扫描值,将操作系统的安全配置项设定为初次扫描值,恢复初次扫描时的状态;Restoring the initial configuration task is used to obtain the initial scanning value of the security configuration item, set the security configuration item of the operating system to the initial scanning value, and restore the state at the initial scanning;

策略管理模块1.2,用于设置并向客户端2的子策略管理模块2.3发送安全策略;所述安全策略包括扫描设置、修复设置以及安全配置项设置;The policy management module 1.2 is used to set and send a security policy to the sub-policy management module 2.3 of the client 2; the security policy includes scanning settings, repair settings and security configuration item settings;

专家知识库4,用于存储安全配置项的等级模板;所述等级模板包括高级模板、中级模板以及低级模板;The expert knowledge base 4 is used to store level templates of security configuration items; the level templates include high-level templates, intermediate-level templates and low-level templates;

知识库管理模块1.3,用于升级专家知识库4;Knowledge base management module 1.3, used to upgrade expert knowledge base 4;

资产管理模块1.4,用于对客户端2所在操作系统的资产进行基线管理;所述操作系统的资产包括物理机、虚拟机以及虚拟化软件;The asset management module 1.4 is used to perform baseline management on the assets of the operating system where the client 2 is located; the assets of the operating system include physical machines, virtual machines and virtualization software;

日志报表模块1.5,用于接收客户端2日志管理模块2.4的日志,对资产或者资产分组在指定时间段内的资产合规性进行统计分析,生成日志报表;The log report module 1.5 is used to receive the logs of the log management module 2.4 of the client 2, perform statistical analysis on the asset compliance of assets or asset groups within a specified time period, and generate log reports;

子任务管理模块2.1,用于接收管理平台1任务管理模块1.1的任务,向安全基线安全组件模块1.1发送执行命令,并将任务执行结果返回管理平台1的任务管理模块1.1;The subtask management module 2.1 is used to receive the task of the task management module 1.1 of the management platform 1, send an execution command to the safety baseline security component module 1.1, and return the task execution result to the task management module 1.1 of the management platform 1;

安全基线安全组件模块2.2,用于执行安全扫描任务获取安全配置项的值;用于执行修复任务或者恢复初始配置任务对安全配置项的值进行设置;The security baseline security component module 2.2 is used to perform security scanning tasks to obtain the values of security configuration items; to perform repair tasks or restore initial configuration tasks to set the values of security configuration items;

子策略管理模块2.3,用于接收管理平台1策略管理模块1.2设置的安全策略;The sub-policy management module 2.3 is used to receive the security policy set by the policy management module 1.2 of the management platform 1;

日志管理模块2.4,用于向管理平台1的日志报表模块1.5发送日志。The log management module 2.4 is used to send logs to the log report module 1.5 of the management platform 1.

本发明的实施例是说明性的,而非限定性的,上述实施例只是帮助理解本发明,因此本发明不限于具体实施方式中所述的实施例,凡是由本领域技术人员根据本发明的技术方案得出的其他的具体实施方式,同样属于本发明保护的范围。The embodiments of the present invention are illustrative, rather than limiting, and the above-mentioned embodiments are only to help understand the present invention, so the present invention is not limited to the embodiments described in the specific implementation manner, and those skilled in the art according to the technology of the present invention Other specific implementation modes derived from the scheme also belong to the protection scope of the present invention.

Claims (10)

1.一种安全基线的管理方法,其特征在于,包括如下步骤:1. A management method of a safety baseline, characterized in that, comprising the steps of: 步骤1.客户端接收任务;所述任务包括对操作系统的安全配置项进行操作的任务;Step 1. The client receives the task; the task includes the task of operating the security configuration item of the operating system; 步骤2.客户端判断任务类型;所述任务类型包括安全扫描任务、修复任务和恢复初始配置任务;Step 2. The client judges the task type; the task type includes a security scan task, a repair task and a recovery initial configuration task; 步骤3.当任务为安全扫描任务时,客户端对操作系统的安全配置项进行扫描,获取安全配置项的扫描值;Step 3. When the task is a security scan task, the client scans the security configuration items of the operating system to obtain the scan value of the security configuration items; 获取安全策略中的基线值;Obtain the baseline value in the security policy; 比较安全配置项的扫描值和安全策略设定的基线值来判断安全配值项是否合规;Compare the scan value of the security configuration item with the baseline value set by the security policy to determine whether the security configuration item is compliant; 客户端返回安全扫描任务的结果;The client returns the result of the security scanning task; 返回步骤1。Return to step 1. 2.如权利要求1所述的一种安全基线的管理方法,其特征在于,还包括如下步骤:2. The management method of a kind of safety baseline as claimed in claim 1, is characterized in that, also comprises the steps: 步骤4.当任务为修复任务时,客户端对操作系统的安全配置项进行扫描;Step 4. When the task is a repair task, the client scans the security configuration items of the operating system; 获取安全配置项的扫描值;Obtain the scan value of the security configuration item; 获取安全策略中的基线值;Obtain the baseline value in the security policy; 比较安全配置项的扫描值和安全策略设定的基线值来判断安全配置项是否合规;Compare the scan value of the security configuration item with the baseline value set by the security policy to determine whether the security configuration item is compliant; 若不合规,则将安全配置项设置为安全策略中的基线值;If not, set the security configuration item to the baseline value in the security policy; 若合规,则不进行操作;If it complies with the regulations, do not operate; 客户端返回修复任务的结果;The client returns the result of the repair task; 返回步骤1。Return to step 1. 3.如权利要求2所述的一种安全基线的管理方法,其特征在于,步骤3和步骤4中客户端对操作系统的安全配置项进行扫描的同时,判断是否为初次扫描;3. The management method of a kind of security baseline as claimed in claim 2, is characterized in that, in step 3 and step 4, when client scans the security configuration item of operating system, judges whether it is initial scanning; 若是初次扫描,则保存安全配置项的初次扫描值;If it is the first scan, save the first scan value of the security configuration item; 若不是初次扫描,则不进行操作;If it is not the first scan, no operation is performed; 步骤4之后还包括:After step 4 also include: 步骤5.当任务为恢复初始配置任务时,客户端获取安全配置项的初次扫描值,将操作系统的安全配置项设定为初次扫描值,恢复初次扫描时的状态,客户端返回恢复初始配置任务的执行结果;Step 5. When the task is to restore the initial configuration task, the client obtains the initial scan value of the security configuration item, sets the security configuration item of the operating system as the initial scan value, restores the state at the time of the initial scan, and the client returns to restore the initial configuration the results of the execution of the task; 返回步骤1。Return to step 1. 4.如权利要求1所述的一种安全基线的管理方法,其特征在于,4. The management method of a kind of safety baseline as claimed in claim 1, is characterized in that, 步骤1之前还包括步骤1A:客户端接收安全策略;所述安全策略包括扫描设置、修复设置以及安全配置项设置;Step 1A is also included before step 1: the client receives a security policy; the security policy includes scan settings, repair settings, and security configuration item settings; 扫描设置包括设置是否开启定时扫描和设置扫描频率;Scanning settings include setting whether to enable scheduled scanning and setting the scanning frequency; 修复设置包括设置修复范围;The repair setting includes setting the repair range; 安全配置项设置,包括对基线值进行设置。Security configuration item settings, including setting baseline values. 5.如权利要求3所述的一种安全基线的管理方法,其特征在于,5. the management method of a kind of safety baseline as claimed in claim 3 is characterized in that, 步骤1之前还包括如下步骤:Before step 1, the following steps are also included: 步骤1B.管理平台对客户端所在操作系统的资产进行基线管理;Step 1B. The management platform performs baseline management on the assets of the operating system where the client is located; 所述操作系统的资产包括物理机、虚拟机以及虚拟化软件;The assets of the operating system include physical machines, virtual machines and virtualization software; 对操作系统的资产进行基线管理包括资产自动发现、资产手动录入以及对资产进行分组;Baseline management of operating system assets includes automatic asset discovery, manual asset entry, and asset grouping; 步骤1C.管理平台创建任务并向客户端发送任务。Step 1C. The management platform creates a task and sends the task to the client. 6.一种安全基线的管理系统,其特征在于,包括客户端(2);6. A security baseline management system, characterized by comprising a client (2); 客户端(2)包括子任务管理模块(2.1)和安全基线安全组件模块(2.2);The client (2) includes a subtask management module (2.1) and a security baseline security component module (2.2); 子任务管理模块(2.1),用于接收任务,向安全基线安全组件模块(2.2)发送执行命令,并返回执行结果;The subtask management module (2.1) is used to receive tasks, send execution commands to the security baseline security component module (2.2), and return the execution results; 所述任务包括安全扫描任务、修复任务以及恢复初始配置任务;The tasks include a security scanning task, a repairing task, and a restoring initial configuration task; 安全基线安全组件模块(2.2),用于执行安全扫描任务获取安全配置项的值;用于执行修复任务或者恢复初始配置任务对安全配置项的值进行设置。The security baseline security component module (2.2) is used to perform security scanning tasks to obtain the values of security configuration items; it is used to perform repair tasks or restore initial configuration tasks to set the values of security configuration items. 7.如权利要求6所述的一种安全基线的管理系统,其特征在于,还包括管理平台(1),管理平台(1)与客户端(2)通过消息中间件(3)连接;7. The security baseline management system according to claim 6, further comprising a management platform (1), and the management platform (1) is connected to the client (2) through a message middleware (3); 管理平台(1)包括任务管理模块(1.1);The management platform (1) includes a task management module (1.1); 任务管理模块(1.1),用于创建任务并向客户端(2)的子任务管理模块(2.1)发送任务,接收客户端(2)子任务管理模块(2.1)返回的任务执行结果。The task management module (1.1) is used to create a task and send the task to the subtask management module (2.1) of the client (2), and receive the task execution result returned by the subtask management module (2.1) of the client (2). 8.如权利要求7所述的一种安全基线的管理系统,其特征在于,客户端(2)还包括子策略管理模块(2.3);8. A security baseline management system according to claim 7, characterized in that the client (2) further includes a sub-policy management module (2.3); 子策略管理模块(2.3),用于接收安全策略;A sub-policy management module (2.3), configured to receive security policies; 管理平台(1)还包括策略管理模块(1.2)以及知识库管理模块(1.3);The management platform (1) also includes a strategy management module (1.2) and a knowledge base management module (1.3); 知识库管理模块(1.3)连接有专家知识库(4);The knowledge base management module (1.3) is connected with the expert knowledge base (4); 策略管理模块(1.2),用于设置并向客户端(2)的子策略管理模块(2.3)发送安全策略;所述安全策略包括扫描设置、修复设置以及安全配置项设置;A policy management module (1.2), configured to set and send a security policy to the sub-policy management module (2.3) of the client (2); the security policy includes scan settings, repair settings, and security configuration item settings; 专家知识库(4),用于存储安全配置项的等级模板;所述等级模板包括高级模板、中级模板以及低级模板;An expert knowledge base (4), used for storing level templates of security configuration items; the level templates include high-level templates, intermediate-level templates and low-level templates; 知识库管理模块(1.3),用于升级专家知识库(4)。The knowledge base management module (1.3) is used to upgrade the expert knowledge base (4). 9.如权利要求7所述的一种安全基线的管理系统,其特征在于,管理平台(1)还包括资产管理模块(1.4);9. A security baseline management system according to claim 7, characterized in that the management platform (1) further includes an asset management module (1.4); 资产管理模块(1.4),用于对客户端(2)所在操作系统的资产进行基线管理;所述操作系统的资产包括物理机、虚拟机以及虚拟化软件。An asset management module (1.4), configured to perform baseline management on the assets of the operating system where the client (2) resides; the assets of the operating system include physical machines, virtual machines, and virtualization software. 10.如权利要求7所述的一种安全基线的管理系统,其特征在于,客户端(2)还包括日志管理模块(2.4),管理平台(1)还包括日志报表模块(1.5);10. The security baseline management system according to claim 7, characterized in that, the client (2) further includes a log management module (2.4), and the management platform (1) also includes a log report module (1.5); 日志管理模块(2.4),用于发送日志;Log management module (2.4), used to send logs; 日志报表模块(1.5),用于接收客户端(2)日志管理模块(2.4)的日志,对资产或者资产分组在指定时间段内的资产合规性进行统计分析,生成日志报表。The log report module (1.5) is used to receive the logs of the client (2) log management module (2.4), perform statistical analysis on asset compliance of assets or asset groups within a specified time period, and generate log reports.
CN201810496227.8A 2018-05-22 2018-05-22 Method and system for managing security baseline Pending CN108833358A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810496227.8A CN108833358A (en) 2018-05-22 2018-05-22 Method and system for managing security baseline

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810496227.8A CN108833358A (en) 2018-05-22 2018-05-22 Method and system for managing security baseline

Publications (1)

Publication Number Publication Date
CN108833358A true CN108833358A (en) 2018-11-16

Family

ID=64148989

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810496227.8A Pending CN108833358A (en) 2018-05-22 2018-05-22 Method and system for managing security baseline

Country Status (1)

Country Link
CN (1) CN108833358A (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109558910A (en) * 2018-12-13 2019-04-02 深信服科技股份有限公司 A kind of method, system and the associated component of the evaluation and test of information security grade
CN110851172A (en) * 2019-11-13 2020-02-28 杭州安恒信息技术股份有限公司 Method, device, equipment and medium for repairing security configuration of operating system
CN112270493A (en) * 2020-11-13 2021-01-26 中盈优创资讯科技有限公司 Method and device for automatically protecting assets
CN112685743A (en) * 2020-12-28 2021-04-20 北京珞安科技有限责任公司 Automatic reinforcing method and system for host security baseline
CN119945726A (en) * 2024-12-24 2025-05-06 北京智享嘉网络信息技术有限公司 An enterprise-level automated network security situation awareness system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102096605A (en) * 2011-02-17 2011-06-15 成电汽车电子产业园(昆山)有限公司 Multi-level resource management implementation method in embedded real-time operation system
CN104135483A (en) * 2014-06-13 2014-11-05 汪志 Automatic configuration management system for network security
CN104346574A (en) * 2014-10-23 2015-02-11 武汉大学 Automatic host computer security configuration vulnerability restoration method and system based on configuration specification
US20170289198A1 (en) * 2007-09-17 2017-10-05 Ulrich Lang Method and system for managing security policies
CN107835094A (en) * 2017-11-10 2018-03-23 郑州云海信息技术有限公司 A kind of centralized security configuration inspection and reinforcement means

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170289198A1 (en) * 2007-09-17 2017-10-05 Ulrich Lang Method and system for managing security policies
CN102096605A (en) * 2011-02-17 2011-06-15 成电汽车电子产业园(昆山)有限公司 Multi-level resource management implementation method in embedded real-time operation system
CN104135483A (en) * 2014-06-13 2014-11-05 汪志 Automatic configuration management system for network security
CN104346574A (en) * 2014-10-23 2015-02-11 武汉大学 Automatic host computer security configuration vulnerability restoration method and system based on configuration specification
CN107835094A (en) * 2017-11-10 2018-03-23 郑州云海信息技术有限公司 A kind of centralized security configuration inspection and reinforcement means

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109558910A (en) * 2018-12-13 2019-04-02 深信服科技股份有限公司 A kind of method, system and the associated component of the evaluation and test of information security grade
CN109558910B (en) * 2018-12-13 2023-02-03 深信服科技股份有限公司 Method, system and related assembly for evaluating information security level
CN110851172A (en) * 2019-11-13 2020-02-28 杭州安恒信息技术股份有限公司 Method, device, equipment and medium for repairing security configuration of operating system
CN112270493A (en) * 2020-11-13 2021-01-26 中盈优创资讯科技有限公司 Method and device for automatically protecting assets
CN112270493B (en) * 2020-11-13 2023-05-12 中盈优创资讯科技有限公司 Asset automatic protection method and device
CN112685743A (en) * 2020-12-28 2021-04-20 北京珞安科技有限责任公司 Automatic reinforcing method and system for host security baseline
CN119945726A (en) * 2024-12-24 2025-05-06 北京智享嘉网络信息技术有限公司 An enterprise-level automated network security situation awareness system

Similar Documents

Publication Publication Date Title
CN108833358A (en) Method and system for managing security baseline
US9940208B2 (en) Generating reverse installation file for network restoration
US8667096B2 (en) Automatically generating system restoration order for network recovery
US20100223609A1 (en) Systems and methods for automatic discovery of network software relationships
CN110011848B (en) A mobile operation and maintenance audit system
CN109831322B (en) Multi-system account authority centralized management method, device and storage medium
CN102307114A (en) Management method of network
CN113301040B (en) Firewall strategy optimization method, device, equipment and storage medium
CN116361807A (en) Risk management and control method and device, storage medium and electronic equipment
CN108664794A (en) A Linux server automation security hardening method
CN104135483A (en) Automatic configuration management system for network security
CN116155531A (en) Method and device for network equipment security management based on SOAR and electronic equipment
CN115221504A (en) Multi-scene password configuration linkage modification method, system, storage medium and device
Mehri et al. Automated patch management: An empirical evaluation study
CN111698227B (en) Information synchronization management method, device, computer system and readable storage medium
CN109977644B (en) Hierarchical authority management method under Android platform
CN111324872A (en) Method and system for redirected centralized audit of login records and operation records
CN108343315A (en) Key management method and terminal device
CN118229234A (en) Authority management method of power plant computer monitoring system
CN118250157A (en) Verification method and device for configuration data, storage medium and electronic equipment
TWM590729U (en) Information Security Control System
CN115439104A (en) Business auditing method, device, equipment and storage medium
US12225041B2 (en) System and method for centralized cybersecurity configuration compliance management
Stackpole et al. Software deployment, updating, and patching
CN117726343B (en) Method, device, equipment and medium for supervising the execution of smart contracts in blockchain

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20181116

RJ01 Rejection of invention patent application after publication