The invention provides a security protection method for an operation
system command. A command white
list file comprising all operation commands allowed to be executed is configured and encrypted, and an
encryption key is stored in a credible security
chip, so that the security of the command white
list file can be effectively protected and prevented from being stolen or tampered; all the operation commands in the command white
list file are stored in a kernel space in the form of a command
linked list structure; and when a kernel space execution command executes a
processing function, whether the operation command can be executed or not can be judged by judging whether the to-be-executed operation command is in a command white list file list or not. According to the method, the operation commands of an operation
system are managed through a method of configuring the command white list file, so that a
superuser can be prevented from executing any operation command by utilizing a right of the
superuser, the execution of an illegal operation command of a malicious program is avoided, the security of the operation
system commands is improved, and the system security is enhanced.