[0049] In order to enable those skilled in the art to better understand the technical solutions in the present invention, the technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the drawings in the embodiments of the present invention. Obviously, the described The embodiments are only some of the embodiments of the present invention, not all of them. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts shall fall within the protection scope of the present invention.
[0050] see figure 1 , a schematic flowchart of an application program management and control method for an SSR centralized management platform provided by an embodiment of the present invention, as shown in figure 1 As shown, the application program management and control method of the SSR centralized management platform provided by the embodiment of the present invention includes:
[0051] S10: Search for an application program to be controlled.
[0052] The centralized management platform is an operating system in which various applications are installed. Some programs can be automatically set to the whitelist because of their wide application range or large number of users, but many of them also have trust levels that are not in the whitelist. Misoperation may have a great impact on the centralized management platform. Therefore, it is necessary to search the applications installed on the centralized management platform to determine the applications to be controlled. For specific search steps, see figure 2 , a schematic flowchart of a method for searching for an application program to be controlled provided by an embodiment of the present invention, as shown in figure 2 As shown, searching for applications to be controlled specifically includes:
[0053] S11: Search for all application programs in the operating system.
[0054] S12: Obtain the trust level of each application.
[0055] S13: Use the application whose trust level is unknown or graylisted as the application to be controlled.
[0056] Search all applications on the centralized management platform to obtain the trust level of all applications. Among them, the trust level includes whitelist, blacklist, graylist and unknown, and the application with the trust level of whitelist can be run directly , for applications whose trust level is blacklisted, the operating system will prohibit them from running, because the corresponding operations of the two trust levels are determined, so no further control is required. For applications whose trust level is graylisted or unknown, because they cannot To determine its security level, it needs to be controlled, so it is an application to be controlled.
[0057] S20: Obtain the operating system signature database from the whitelist data center.
[0058] The embodiment of the present invention is implemented based on the whitelist data center, and the whitelist data center involved in the embodiment of the present invention is the whole network whitelist data center, including all the application programs that can run safely in various operating systems under different server configurations The data is included in the form of the operating system feature library. When you want to determine whether an application can be set as a whitelist, you first need to obtain the operating system feature library. See image 3 , a schematic flowchart of the method for obtaining the operating system feature library provided by the embodiment of the present invention, as shown in image 3 As shown, obtaining the operating system feature library from the whitelist data center specifically includes:
[0059] S21: Obtain the operating system type and feature code.
[0060] S21: Send the operating system type and feature code to the whitelist data center.
[0061] S21: Authenticate the feature code.
[0062] S21: Search the operating system feature database according to the operating system type after authentication.
[0063] The operating system feature library includes various application information and trust levels in a certain operating system under a certain server configuration. In the operating system feature library, the application program information is represented by the SHA1 value. Therefore, in order to obtain the operating system feature library, you first need to submit the The whitelist data center sends the operating system type and feature code, and the white list data center authenticates the feature code to confirm whether the source of the operating system type and feature code is reliable. When the authentication result indicates that the source of the information is reliable, the operating system type to judge, and obtain the operating system feature library corresponding to the operating system type, wherein the operating system type refers to the specific operating system type and version number, such as windows 7x86 or centOs 5.0, and the feature code is related to the server hardware information on the installation management platform. It is generated after encrypting the hardware information.
[0064] S30: Match the application program to be controlled with the operating system feature library.
[0065] After obtaining the operating system signature database, it is necessary to compare the searched applications to be controlled with the applications saved in the operating system signature database, and determine the trust level of the application to be controlled based on the trust level recorded in the operating system signature database , because the application information in the operating system signature database is stored in the form of SHA1 value, therefore, firstly, it is necessary to obtain the SHA1 value of the application to be controlled, and then match the SHA1 value of the application to be controlled with the SHA1 value in the operating system signature database .
[0066] S40: Modify the trust level of the application program to be controlled according to the matching result.
[0067] After matching the SHA1 value of the application to be controlled with the SHA1 value in the operating system signature database, two situations will occur. One situation is that the same SHA1 value can be matched, indicating that the application to be controlled and the operating system signature database are successfully matched. , modify the trust level of the application to be controlled to the whitelist (because the operating system signature library is obtained from the whitelist data center, so the trust levels of the applications stored in it are all whitelist), and the other case is that it cannot match If the same SHA1 value is found, it means that the application to be controlled fails to match the operating system signature database, but the failure to match the application to be controlled and the operating system signature database does not mean that the trust level of the application is not in the whitelist, it may be because the application It has not been run in this operating system, and there is no matching value. Therefore, the trust level of the application to be controlled that fails to be matched needs to be kept unchanged.
[0068] S50: Determine whether there is an application program to be controlled after the trust level is modified.
[0069] After all the application programs are matched, in order to more fully determine the trust level of the application programs, it is necessary to determine whether there are still application programs to be controlled, and to determine whether there are application programs to be controlled that fail to match, and if so, perform step S60: obtain again Trust level and modify, if not, end.
[0070] see Figure 4 , a schematic flowchart of the method for re-acquiring the trust level provided by the embodiment of the present invention, as shown in Figure 4 As shown, obtain the trust level again and modify it specifically includes:
[0071] S61: Obtain the SHA1 value of the application to be controlled.
[0072] S62: Send the SHA1 value to the whitelist data center.
[0073] S63: Perform matching according to the SHA1 value.
[0074] When the SHA1 value matches the whitelist data center successfully, perform step S64: modify the trust level of the application to be controlled to the whitelist.
[0075] When the SHA1 value fails to match the whitelist data center, perform step S65: modify the trust level of the application to be controlled to a blacklist.
[0076] In order to avoid the situation that there is no matching object for an application because it is running for the first time on a certain operating system, the SHA1 value of the application to be controlled that fails to match in the operating system signature database is directly sent to the whitelist data center, and the whitelist data center The application programs under all operating system types are matched. If the same SHA1 value can be matched, it means that the application to be controlled is running on the system for the first time, and its trust level can be whitelisted. If the matching fails again, it indicates that the application The trust level of the application to be controlled is indeed blacklisted.
[0077] see Figure 5 , a schematic flow diagram of another application program management and control method of the SSR centralized management platform provided by the embodiment of the present invention, as shown in Figure 5 As shown, the application control method of the SSR centralized management platform provided by the embodiment of the present invention also includes:
[0078] S70: Log in to the whitelist data center.
[0079] The centralized management platform and the whitelist data center are two independent systems. In order to prevent random modification of the information in the whitelist data center and affect its accuracy, you need to log in first when accessing the whitelist data center. See Image 6 A schematic flowchart of a method for logging in to a whitelist data center provided by an embodiment of the present invention, as shown in Image 6 As shown, the login to the whitelist data center specifically includes:
[0080] S71: Send a login request to the whitelist data center.
[0081] S72: Authenticate the feature code in the login request.
[0082] If the authentication result meets the login condition, execute step S73: allow login, otherwise execute step S74: prohibit login.
[0083] When the centralized management platform logs in to the whitelist data center, it first needs to send a login request. The login request includes the characteristic code of the centralized management platform (equivalent to a user name and password). The whitelist data center authenticates the characteristic code and determines the source Whether it is reliable, if the source is reliable, the login condition is met and the login is allowed, and if the source is unreliable, the login condition is not met and the login is prohibited.
[0084] The signature code sent when logging in to the whitelist data center is the same signature code as the signature code sent when obtaining the operating system signature database. The purpose of the former is to determine whether the identity of the centralized management platform is reliable, and the latter is to determine the identity of the operating system Whether the request source of the feature library is reliable.
[0085] It should be noted that the embodiment of the present invention can be used both online and offline. When using online, the centralized management platform and the whitelist data center directly communicate data through the network. When using offline, the centralized management platform does not need to log in to the whitelist data. Center, the data interaction between the two requires the user to manually import and export.
[0086] The above descriptions are only specific embodiments of the present invention, so that those skilled in the art can understand or implement the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the general principles defined herein may be implemented in other embodiments without departing from the spirit or scope of the invention. Therefore, the present invention will not be limited to the embodiments shown herein, but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
