CN115563621A - Computer vulnerability processing method and device - Google Patents
Computer vulnerability processing method and device Download PDFInfo
- Publication number
- CN115563621A CN115563621A CN202211193632.5A CN202211193632A CN115563621A CN 115563621 A CN115563621 A CN 115563621A CN 202211193632 A CN202211193632 A CN 202211193632A CN 115563621 A CN115563621 A CN 115563621A
- Authority
- CN
- China
- Prior art keywords
- computer
- operating system
- program
- port
- white list
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Stored Programmes (AREA)
Abstract
The invention discloses a computer vulnerability processing method and a device, relating to network security, wherein the method comprises the following steps: restarting the operating system after executing the operating system upgrading program; determining a port and a process of data communication of a computer in the starting process of an operating system; comparing the port and the process on a pre-generated white list to determine the port and the process which are not on the white list, wherein the port and the process which are allowed to carry out data communication are listed on the white list; determining a process running in the starting process of the operating system according to the port and the process which are not on the white list; and determining the program to which the running process belongs as a program generating the computer bug. The invention can position the computer bug under the condition of basically having no requirement on operators, and is also suitable for positioning the bug in the environments of enterprises and the like.
Description
Technical Field
The invention relates to the technical field of network security, in particular to a computer vulnerability processing method and device.
Background
For computer bugs, the enterprise security department finds a certain software bug and reports the bug to the management layer, the management layer issues a repair instruction, and the following situations may exist:
the office computer of the developer is handed over from other employees, and the situation of the computer is not fully known;
when the software is installed by a developer, a large amount of extra services are installed, and the services which are open to the outside are useless for the developer, so that the services which can bring defects are not concerned;
the developer's ability causes, failing to effectively locate the program with the bug, or failing to effectively process the bug.
The prior art has the defect that when the situations occur, no technical scheme enables a developer to determine the specific occurrence position of the software bug.
Disclosure of Invention
The embodiment of the invention provides a computer bug processing method, which is used for solving the problem that a developer determines the specific occurrence position of a software bug without a technical scheme, and comprises the following steps:
restarting the operating system after executing the operating system upgrading program;
determining a port and a process of data communication of a computer in the starting process of an operating system;
comparing the port and the process on a pre-generated white list to determine the port and the process which are not on the white list, wherein the white list is provided with the port and the process which are allowed to carry out data communication;
determining a process running in the starting process of the operating system according to the port and the process which are not on the white list;
and determining the program to which the running process belongs as a program generating the computer bug.
The embodiment of the invention also provides a computer bug processing device which is used for solving the problem that a developer determines the specific occurrence position of a software bug without a technical scheme, and the device comprises:
the starting module is used for restarting the operating system after executing the updating program of the operating system;
the determining module is used for determining a port and a process of data communication of the computer in the starting process of the operating system;
the comparison module is used for comparing the port and the process on a pre-generated white list and determining the port and the process which are not on the white list, wherein the port and the process which are allowed to carry out data communication are listed on the white list;
the process module is used for determining a process running in the starting process of the operating system according to the port and the process which are not on the white list;
and the program module is used for determining the program to which the running process belongs as a program generating computer bugs.
The embodiment of the invention also provides computer equipment which comprises a memory, a processor and a computer program which is stored on the memory and can run on the processor, wherein the processor realizes the computer vulnerability processing method when executing the computer program.
The embodiment of the invention also provides a computer readable storage medium, wherein a computer program is stored in the computer readable storage medium, and when the computer program is executed by a processor, the computer program realizes the computer vulnerability processing method.
The embodiment of the invention also provides a computer program product, which comprises a computer program, and when the computer program is executed by a processor, the computer program realizes the computer vulnerability processing method.
In the embodiment of the invention, compared with the technical scheme that the computer bug cannot be located in the prior art, the operating system is restarted by utilizing the upgrading program of the operating system, the port and the process in the starting process are obtained, and then the port and the process which are allowed to carry out data communication on the white list are compared, and the location of the computer bug can be determined through the relationship among the port, the process and the program;
furthermore, after the position of the leak is determined, the hidden danger caused by the leak can be processed by stopping running the corresponding process or program.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts. In the drawings:
FIG. 1 is a schematic diagram illustrating an implementation flow of a computer vulnerability handling method according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of a computer vulnerability processing architecture in an embodiment of the present invention;
FIG. 3 is a schematic diagram illustrating an implementation flow of computer vulnerability handling according to an embodiment of the present invention;
FIG. 4 is a schematic structural diagram of a computer vulnerability processing apparatus according to an embodiment of the present invention;
FIG. 5 is a schematic diagram of a computer device according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the embodiments of the present invention are further described in detail below with reference to the accompanying drawings. The exemplary embodiments and descriptions of the present invention are provided to explain the present invention, but not to limit the present invention.
First, technical features that will be involved in the explanation will be briefly explained.
Personal Computer (PC), which refers to a multi-purpose Computer of a size, price and performance suitable for Personal use. Desktop, notebook to mini-notebook and tablet computers and ultrabooks, etc. all belong to personal computers.
Virtual machine: a Virtual Machine (Virtual Machine) refers to a complete computer system with complete hardware system functionality, operating in a completely isolated environment, emulated by software. The work that can be done in a physical computer can be implemented in a virtual machine. When creating a virtual machine in a computer, it is necessary to use a part of the hard disk and the memory capacity of the physical machine as the hard disk and the memory capacity of the virtual machine. Each virtual machine has a separate CMOS (Complementary Metal Oxide Semiconductor), hard disk, and operating system, and can operate as if a physical machine is used.
The computer process: a Process (Process) is a running activity of a program in a computer on a data set, is a basic unit of resource allocation and scheduling of a system, and is the basis of an operating system structure. A process is an instance of a running program (an instance of a computer program that is being threaded executed).
A computer port: a computer "port" is an interpretation of an English port and can be considered as an outlet for communication between the computer and the outside. The ports in the hardware domain are also called interfaces.
Network protocol: a network protocol refers to a set of rules that must be followed in exchanging information between peer entities communicating with each other in a computer network. For example, TCP/IP (Transmission Control Protocol/Internet Protocol) is a formal network Protocol of the Internet.
TCP (Transmission Control Protocol)/UDP (User Datagram Protocol) port: protocol port, one of the computer ports. On the Internet, datagrams are sent and received between hosts through a TCP/IP protocol, and each datagram performs routing in the Internet according to the IP address of its destination host. One IP may have 65536 protocol ports, that is, TCP has 65536 ports, UDP also has 65536 ports, and the two are independent and do not conflict.
Computer vulnerabilities: computer bugs refer to defects in the logic design of application software or operating system software or errors generated during programming, and the defects or errors can be utilized by illegal persons or computer hackers, and attack or control the whole computer by implanting trojans, viruses and the like, so that important data and information in the computer are stolen, and even the whole system is damaged.
Vulnerability scanning: vulnerability scanning refers to detecting the security vulnerability of a designated remote or local computer system by means of scanning and the like based on a vulnerability database, and finding out a security detection (penetration attack) behavior which can utilize the vulnerability.
JAVA programming language: java is an object-oriented programming language, not only absorbs various advantages of C + + language, but also abandons concepts such as multiple inheritance, pointers and the like which are difficult to understand in C + +, so that the Java language has two characteristics of strong function, simplicity and easiness in use. The Java language, which is representative of the static object-oriented programming language, excellently implements object-oriented theory, allowing programmers to perform complex programming in an elegant thinking manner.
Java has the characteristics of simplicity, object-oriented property, distribution, robustness, safety, platform independence and portability, multithreading, dynamism and the like. Java may write desktop applications, web applications, distributed system and embedded system applications, etc.
The inventor notices in the process of invention that:
the confusion between enterprise managers, internal security departments, and development/testing employees is: the enterprise security department finds a certain software bug and reports the software bug to the management layer, the management layer issues a repair instruction, but a developer does not know the specific occurrence position of the software bug and how to repair the software bug. This is due in part to the developer's office computer being handed over from other employees, with inadequate knowledge of the computer's situation; part of the reason is that a developer installs a large pile of additional services when installing software, and the services which are open to the outside are not useful for the developer, so that the services which can bring defects are not concerned; yet a small portion of the reasons are developer's ability to effectively locate a leaking program or to effectively deal with a bug. There is a common point among these three reasons that a program process that has a bug may be aborted.
Based on the technical scheme, the method and the device for repairing the computer software bugs can help internal developers of enterprises to automatically upgrade the operating system and clear up the non-system processes with the bugs, and therefore the computer software bugs can be repaired.
The technical scheme provided by the embodiment of the invention is used for automatically solving part of bugs existing on the office computers or the office virtual machines of the employees. In principle, vulnerability scanning uses network interaction between computers, the network interaction relates to protocols and ports, a vulnerability report can record the port number and the service protocol content of a vulnerability of a remote host, the vulnerability can correspond to a process (the process uses the ports for remote interaction), and the process corresponds to a program (the process is an example of the program), so the technical problem can be solved by directly controlling the program.
From a general level, the vulnerabilities discovered by vulnerability scanning each time are divided into two categories according to actual working experience: system vulnerabilities and software vulnerabilities. The two types of vulnerabilities have different repair schemes, but can be integrated. The solution provided in the embodiments of the present invention will integrate both system updates and process control.
For system bug system update, the technical scheme provided by the embodiment of the invention can directly check the update of the operating system and execute automatic restart of update.
For software bugs, the technical solution provided in the embodiments of the present invention will directly force termination of all non-system processes occupying network ports except for white list programs.
The following examples are given by way of illustration.
Fig. 1 is a schematic diagram of an implementation flow of a computer vulnerability processing method, as shown in fig. 1, which may include:
step 101, restarting an operating system after executing an operating system upgrading program;
step 102, determining a port and a process of data communication of a computer in the starting process of an operating system;
103, comparing the port and the process on the pre-generated white list to determine the port and the process which are not on the white list, wherein the port and the process which are allowed to carry out data communication are listed on the white list;
104, determining a process running in the starting process of the operating system according to the port and the process which are not on the white list;
and 105, determining the program to which the running process belongs as a program generating computer bugs.
In an implementation, the operating system is a windows system or a linux system.
In implementation, computer vulnerability processing is carried out through java.
The scheme can be realized based on Java programming language, the actual operating environment comprises a Java operating environment, part of Linux is provided with the Java environment, windows7 and Windows10 are not provided with the Java operating environment and need extra installation (since most enterprise developers use Java, java is installed in most offices). The Java is adopted because the Java can run on all mainstream operating systems at the same time without any modification, so that the secondary development cost is saved, and obviously, the purpose of the scheme can be realized by using other languages.
And if the java needs to be installed on the equipment without the java environment, the java can be installed.
The following description is given with reference to examples.
In the examples, the JAVA under windows and linux is mainly used for explanation, and when implemented, the JAVA-based programming may be implemented on each operating system platform (windows and linux). For the windows environment, a user directly uses a mouse to double click the program; for the linux environment, the user can use java commands to run.
Fig. 2 is a schematic diagram of a computer vulnerability processing architecture, and as shown in fig. 2, at least one functional architecture that can be implemented may include:
the operation checking module: it is checked whether the container (computer) meets the minimum requirements for running this product and whether there are sufficient execution authorities (system, root).
A message prompt module: the relevant useful information is prompted by a box or float.
And a white list module: and generating an editable and maintainable white list, and storing the specified port number and process name in the list for subsequent processing.
An operating system information collection module: and confirming the type and version of the computer operating system during running, and classifying the computer operating system into a Windows processing module and a Linux processing module according to the type of the operating system. For operating systems that have stopped support (such as Windows7 or RHEL5, etc.), a pop-up box alerts the user to install a new version of the operating system. That is, in the implementation, the method may further include:
and prompting to upgrade the operating system for the operating system which is stopped to support.
The Windows patch upgrade module: and automatically executing the windows upgrading command, automatically restarting the computer after upgrading, and temporarily adding the program of the invention into the startup item so as to automatically continue executing the functions of the subsequent modules after restarting.
Windows process control module: automatically inquiring the network port opened by the computer, occupying the inquiry process through the port, and terminating the non-system process which is not in the white list.
The port occupation status can be specifically queried through a netstat command, for example, in the query result, 0.0.0.0 on the left means a local address, 8081 means a port number of 8081, and 9088 on the right means a process number of 9088.
the tasklist command queries the process name by process number. Such as terminating the process and sub-process via a taskill/T/F/PID command.
And after the completion, the user is prompted to clear the information by the popup box.
The Linux patch upgrading module: and executing an upgrading command by root authority, wherein the upgrading command is different from linux distributors, the CentOS is upgraded by yum-y update, the Ubuntu is upgraded by apt-get dist-update, and the MacOS is upgraded by softwareupdate-i-a. And reboot reboots the computer after upgrading. And temporarily adding the execution scheme into the startup item so as to automatically continue executing the functions of the subsequent modules after restarting.
The Linux process control module comprises: the same principle as Windows process control, but with some difference in calling system commands, linux uses lsof-i to inquire about the port occupation, or uses netstat-tunlp to inquire about the port occupation, and then terminates the process number of the occupied port (white list is also applicable).
Finally, a kill pid command is invoked to terminate the process occupying the port.
In an implementation, the method may further include:
and stopping the running process and/or the program to which the running process belongs.
Whether windows or linux is adopted, after the processing is finished, the program finally pops a frame to prompt that the processing is finished.
This is because the bug is generated by a program bug, the exploit bug is interacted through a network port, and if the program is closed, the bug cannot be interactively exploited through the network port, and the bug cannot be found by a bug scanning tool naturally. The principle is to block network interaction between computers.
Fig. 3 is a schematic diagram of an implementation flow of computer vulnerability processing, as shown in fig. 3, which may include:
1: (preprocessing step) the vulnerability scanning platform initiates regular intranet scanning, and judges whether vulnerabilities exist or not by scanning ip ports of all computers of the intranet.
2: (preprocessing step) if finding that the part ip has bugs, collecting the bug information of the part ip and arranging the bug information into a report. And sending the report to a transfer vulnerability management platform.
3: the vulnerability management platform is linked with the enterprise asset management platform to correspond the ip to a specific responsible person/employee.
4: the program for executing the technical scheme provided by the embodiment of the invention is placed on a computer corresponding to the ip with the bug by means of remote connection, enterprise mail, enterprise chat software, asset management platform push, USB flash disk copy and the like.
5: on the device without the java environment, the program for executing the technical scheme provided by the embodiment of the invention can be directly terminated and prompt java to be installed (the intranet environment can be obtained by finding a software management platform corresponding to the intranet), and the java can be continuously operated after being installed. The program for executing the technical scheme provided by the embodiment of the invention can automatically trigger the checking function of the checking module, and the user can be required to provide enough authority by popping the box, and the user can continue checking (the module receives enough authority, usually the system or the root authority). If the program can not provide enough authority, the program executing the technical scheme provided by the embodiment of the invention can prompt that the authority is insufficient and automatically quit. When the check is passed, the subsequent steps are performed.
6: when the operation checking module process is successfully finished, the process of the white list module is automatically triggered, the module does not need to receive any data, a white list (a white list port and a white list process) with built-in codes can be automatically generated, the white list is specially customized for enterprises (a special management program used by an enterprise office machine, a special network port and the like), and the white list does not need to be changed under normal conditions. After the list generation is successful (the program has write right, the disk space is enough, and the like), the subsequent steps are executed. If the list generation fails, the user pops up a box to prompt error information (insufficient disk space and the like) and terminates the operation of the program executing the technical scheme provided by the embodiment of the invention.
7: after 6 is successfully executed, 7 is automatically executed, namely, a flow related to an operating system information collection module is executed, the flow still does not need any user input, a program executing the technical scheme provided by the embodiment of the invention can automatically acquire a computer operating system and a version, the program executing the technical scheme provided by the embodiment of the invention can embed a published life cycle of a mainstream operating system in the market, and when the acquired operating system and version are not in the life cycle (such as windows7 SP1), a popup box prompts a user to 'the current operating system is old and unsafe, please install a new version of operating system', then 7 and 8 are skipped, and 9 is directly executed. And when the acquired operating system and version are in the life cycle, storing the operating system data and automatically executing 8.
8: after the operating system category is obtained, a program for executing the technical scheme provided by the embodiment of the invention can be divided into two processing flows, namely a windows processing flow and a linux processing flow.
And if the operating system is Windows, the operating system information collection module sends the stored data to the Windows patch upgrading module to carry out patch upgrading operation. The Windows patch upgrade module will call the Windows operating system command to perform patch check on the current system, if the current operating system is the latest version (usually, the version update identifier of the operating system is function update and patch update), skip 8, place the program execution point for executing the technical scheme provided by the embodiment of the invention into the starting flow of the Windows process control module, and execute 9; and if the patch update exists in the current operating system, calling a system command to directly install the patch. If the patch is not installed successfully (such as insufficient disk space, disconnected network, failed downloading of patch files, etc.), a pop-up box prompts the installation failure and error codes and asks the user whether to continue installing the patch, if so, the previous step is repeated, and if not, the user skips 8. If the patch is successfully installed, a pop-up box prompts information of successful installation, a one-time startup item is automatically added to a program executing the technical scheme provided by the embodiment of the invention, then the computer is restarted, the program executing the technical scheme provided by the embodiment of the invention automatically runs after being restarted, the program is executed from 1 to 8, if a new update still exists after the update, the process is circulated (the update of a Windows operating system is possibly updated for several times), until the operating system is the latest version, the process is finished 8, the program executing the technical scheme provided by the embodiment of the invention sends the data which runs at this time to a starting process of a Windows process control module, and the process is executed 9.
And if the operating system is Linux, the operating system information collection module sends the stored data to the Linux patch updating module to perform patch updating operation. The subsequent processes are basically consistent, the only difference is that the called system commands are different, and the program executing the technical scheme provided by the embodiment of the invention automatically selects the corresponding commands according to different Linux distributors.
9: if the processing flow 8 is based on a Windows operating system, then 9 is also based on the Windows operating system, the Windows process control module receives the data of the Windows patch upgrade module and starts to execute the computer port scanning task, the program executing the technical scheme provided by the embodiment of the invention stores a port-process number mapping table after the port scanning is successfully executed, the program executing the technical scheme provided by the embodiment of the invention eliminates the port overlapped with the port in the white list by comparing with the white list of 6 and generates and stores a filtered port-process number mapping table, at this time, the program executing the technical scheme provided by the embodiment of the invention starts to inquire the task, generates and stores a process number-process name-executor mapping table, then automatically filters the system process, matches the remaining list with the white list process of 6, and filters the mapping table again to obtain and store the final process number-process name-executor mapping table.
If the processing flow 8 is based on the Linux operating system, then 9 is also based on the Linux operating system, and the Linux process control module receives the data of the Linux patch upgrade module and starts to execute the steps similar to the Windows flow, except that the names of the program calling system functions for executing the technical scheme provided by the embodiment of the invention are different.
10: after the 9 is executed, the program obtains a process number-process name-executor mapping table, and after the user is prompted by a popup box, the program executing the technical scheme provided by the embodiment of the invention terminates the process numbers in the list one by one, and ensures that the program to which the process belongs does not immediately and actively run. The Windows and Linux have similar execution modes, and the difference is that the system function names for executing the program calls of the technical scheme provided by the embodiment of the invention are different.
11: after the first 10 steps are completed, executing the program of the technical scheme provided by the embodiment of the invention can pop up to prompt the user that all operations are completed, and please inform a security department to perform vulnerability scanning.
12: (good post-processing step) after the security department receives personnel feedback, the network scanning is carried out on the ip again, and the vulnerability is guaranteed to be repaired successfully.
The embodiment of the invention also provides a computer vulnerability processing device, which is described in the following embodiments. Because the principle of solving the problem of the device is similar to the computer vulnerability processing method, the implementation of the device can refer to the implementation of the computer vulnerability processing method, and repeated parts are not described again.
Fig. 4 is a schematic structural diagram of a computer vulnerability processing apparatus, as shown in fig. 4, which may include:
the starting module 401 is used for restarting the operating system after executing the operating system upgrading program;
a determining module 402, configured to determine a port and a process of data communication performed by a computer during a start-up process of an operating system;
a comparison module 403, configured to compare the port and the process on a pre-generated white list, and determine a port and a process that are not on the white list, where the white list includes ports and processes that allow data communication;
a process module 404, configured to determine, according to a port and a process that are not on the white list, a process that runs during the startup process of the operating system;
a program module 405, configured to determine that the program to which the running process belongs is a program that generates a computer bug.
In an implementation, the operating system is a windows system or a linux system.
In an implementation, the method further comprises the following steps:
and the prompt module is used for prompting the upgrading of the operating system for the operating system which is stopped to be supported.
In implementation, the device carries out computer vulnerability processing through java.
In an implementation, the method further comprises the following steps:
and the processing module is used for stopping the running process and/or the program to which the running process belongs.
When the technical scheme provided by the embodiment of the invention is implemented, the implementation can be carried out as follows.
Fig. 5 is a schematic diagram of a computer device, as shown in fig. 5, the computer device includes:
the processor 500, which is used to read the program in the memory 520, executes the following processes:
restarting the operating system after executing the operating system upgrading program;
determining a port and a process of data communication of a computer in the starting process of an operating system;
comparing the port and the process on a pre-generated white list to determine the port and the process which are not on the white list, wherein the port and the process which are allowed to carry out data communication are listed on the white list;
determining a process running in the starting process of the operating system according to the port and the process which are not on the white list;
determining the program to which the running process belongs as a program generating computer bugs;
a transceiver 510 for receiving and transmitting data under the control of the processor 500.
In an implementation, the operating system is a windows system or a linux system.
In an implementation, the method further comprises the following steps:
and prompting to upgrade the operating system for the operating system which is stopped to support.
In implementation, computer vulnerability processing is carried out through java.
In an implementation, the method further comprises the following steps:
and stopping the running process and/or the program to which the running process belongs.
Wherein in fig. 5 the bus architecture may comprise any number of interconnected buses and bridges, in particular one or more processors, represented by the processor 500, and various circuits, represented by the memory 520, linked together. The bus architecture may also link together various other circuits such as peripherals, voltage regulators, power management circuits, and the like, which are well known in the art, and therefore, will not be described any further herein. The bus interface provides an interface. The transceiver 510 may be a plurality of elements including a transmitter and a receiver that provide a means for communicating with various other apparatus over a transmission medium. The processor 500 is responsible for managing the bus architecture and general processing, and the memory 520 may store data used by the processor 500 in performing operations.
The embodiment of the invention also provides a computer readable storage medium, wherein a computer program is stored in the computer readable storage medium, and when the computer program is executed by a processor, the computer program realizes the computer vulnerability processing method.
The embodiment of the invention also provides a computer program product, which comprises a computer program, and when the computer program is executed by a processor, the computer program realizes the computer vulnerability processing method.
In the embodiment of the invention, the bug of the operating system can be automatically repaired by upgrading to the latest official version;
automatically repairing the software bug by terminating the process of the software program;
the flow processing mode can be selected according to the actual situation.
The user can use the system without special computer professional knowledge, and particularly beneficiaries are non-IT staff in an enterprise.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The above-mentioned embodiments are provided to further explain the objects, technical solutions and advantages of the present invention in detail, and it should be understood that the above-mentioned embodiments are only examples of the present invention and should not be used to limit the scope of the present invention, and any modifications, equivalents, improvements and the like made within the spirit and principle of the present invention should be included in the scope of the present invention.
Claims (13)
1. A computer vulnerability processing method is characterized by comprising the following steps:
restarting the operating system after executing the operating system upgrading program;
determining a port and a process of data communication of a computer in the starting process of an operating system;
comparing the port and the process on a pre-generated white list to determine the port and the process which are not on the white list, wherein the white list is provided with the port and the process which are allowed to carry out data communication;
determining a process running in the starting process of the operating system according to the port and the process which are not on the white list;
and determining the program to which the running process belongs as a program generating the computer bug.
2. The method of claim 1, wherein the operating system is a windows system or a linux system.
3. The method of claim 1, further comprising:
and prompting the operating system which stops supporting to upgrade the operating system.
4. The method of claim 1, wherein the computer exploit is performed by java.
5. The method of any of claims 1 to 4, further comprising:
and stopping the running process and/or the program to which the running process belongs.
6. A computer vulnerability processing apparatus, comprising:
the starting module is used for restarting the operating system after executing the operating system upgrading program;
the determining module is used for determining a port and a process of data communication of the computer in the starting process of the operating system;
the comparison module is used for comparing the ports and the processes on the pre-generated white list and determining the ports and the processes which are not on the white list, wherein the ports and the processes which are allowed to carry out data communication are listed on the white list;
the process module is used for determining a process running in the starting process of the operating system according to the port and the process which are not on the white list;
and the program module is used for determining the program to which the running process belongs as a program generating computer vulnerabilities.
7. The apparatus of claim 6, wherein the operating system is a windows system or a linux system.
8. The apparatus of claim 6, further comprising:
and the prompt module is used for prompting the upgrading of the operating system for the operating system which is stopped to be supported.
9. The apparatus of claim 6, wherein the apparatus performs the computer exploit by java.
10. The apparatus of any of claims 6 to 9, further comprising:
and the processing module is used for stopping the running process and/or the program to which the running process belongs.
11. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the method of any one of claims 1 to 5 when executing the computer program.
12. A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer program which, when executed by a processor, implements the method of any of claims 1 to 5.
13. A computer program product, characterized in that the computer program product comprises a computer program which, when being executed by a processor, carries out the method of any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211193632.5A CN115563621A (en) | 2022-09-28 | 2022-09-28 | Computer vulnerability processing method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211193632.5A CN115563621A (en) | 2022-09-28 | 2022-09-28 | Computer vulnerability processing method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115563621A true CN115563621A (en) | 2023-01-03 |
Family
ID=84742345
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211193632.5A Pending CN115563621A (en) | 2022-09-28 | 2022-09-28 | Computer vulnerability processing method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115563621A (en) |
-
2022
- 2022-09-28 CN CN202211193632.5A patent/CN115563621A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10824521B2 (en) | Generating predictive diagnostics via package update manager | |
| US8209564B2 (en) | Systems and methods for initiating software repairs in conjunction with software package updates | |
| CN102375764B (en) | Method and system for managing deployment failure in software deployment | |
| US8490082B2 (en) | System and method for representing user processes as software packages in a software package management system | |
| EP1133738B1 (en) | Method and apparatus for new device driver installation by an operating system | |
| US7937697B2 (en) | Method, system and computer program for distributing software patches | |
| Fischer et al. | Engage: a deployment management system | |
| JP4828218B2 (en) | Self-describing artifacts and application abstraction | |
| CN100440147C (en) | Method and system for automatically configuring a data processing system | |
| US20070101197A1 (en) | System and method for representing system capabilities as software packages in a software package management system | |
| US9116802B2 (en) | Diagnostic notification via package update manager | |
| US20110296398A1 (en) | Systems and methods for determining when to update a package manager software | |
| GB2440431A (en) | Updating firmware with a native change management program | |
| CN110286921B (en) | CDH method for automatically installing distributed big data platform | |
| US20210141632A1 (en) | Automated software patching for versioned code | |
| US20120246634A1 (en) | Portable virtual applications | |
| US20060053272A1 (en) | Kernel configuration recovery | |
| CN115421765A (en) | Big data management deployment method applied to domestic operating system | |
| CN119225925A (en) | Service management method, device, electronic device and storage medium | |
| CN115563621A (en) | Computer vulnerability processing method and device | |
| CN117608953A (en) | Intelligent self-checking method, system, storage medium and electronic equipment | |
| Goodwin et al. | What goes wrong in serverless runtimes? A survey of bugs in Knative Serving | |
| CN116028084A (en) | Cross-version hot upgrading method, system and terminal based on OpenStack cloud platform | |
| CN113031964A (en) | Management method, device, equipment and storage medium for big data application | |
| CN116149707B (en) | Method and device for detecting and avoiding upgrading risk of distributed system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |