CN112650557A - Command execution method and device - Google Patents
Command execution method and device Download PDFInfo
- Publication number
- CN112650557A CN112650557A CN202011580906.7A CN202011580906A CN112650557A CN 112650557 A CN112650557 A CN 112650557A CN 202011580906 A CN202011580906 A CN 202011580906A CN 112650557 A CN112650557 A CN 112650557A
- Authority
- CN
- China
- Prior art keywords
- target command
- parameters
- command
- target
- execution
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 50
- 238000004590 computer program Methods 0.000 claims description 21
- 238000012544 monitoring process Methods 0.000 claims description 8
- 238000009825 accumulation Methods 0.000 claims description 4
- 238000012795 verification Methods 0.000 claims description 4
- 238000001514 detection method Methods 0.000 claims description 3
- 238000002955 isolation Methods 0.000 abstract description 9
- 101150098958 CMD1 gene Proteins 0.000 description 44
- 101100382321 Caenorhabditis elegans cal-1 gene Proteins 0.000 description 44
- 238000010586 diagram Methods 0.000 description 13
- 230000006870 function Effects 0.000 description 8
- 238000012545 processing Methods 0.000 description 7
- 230000008569 process Effects 0.000 description 5
- 238000004891 communication Methods 0.000 description 3
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 238000004458 analytical method Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45587—Isolation or security of virtual machine instances
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Stored Programmes (AREA)
Abstract
The application provides a command execution method and a device, wherein the method comprises the following steps: registering a session bus between the application container engine docker in the host machine and the application container engine docker; when the target command and the parameters of the target command in the session bus are monitored, verifying whether the target command and the parameters of the target command are tampered; under the condition that the target command and the parameters of the target command are not tampered, detecting whether the target command and the parameters of the target command have the execution authority; under the condition that the target command and the parameters of the target command are detected to have the execution authority, executing the target command to obtain an execution result; and uploading the execution result to a session bus so that the docker can acquire and display the execution result through the session bus. Therefore, the command line can be deployed in the docker, application isolation is facilitated, and safety is improved.
Description
Technical Field
The present application relates to the field of communications technologies, and in particular, to a method and an apparatus for executing a command.
Background
The difference between the command line in the white box switch system and the traditional CISCO-like command line is large, and the cost for operation and maintenance personnel to know the system command is high. In order to avoid mutual influence among different functions, particularly avoid the situations of system restart or service restart caused by function upgrade, the system can deploy different applications in a plurality of application container engines dockers to ensure independence of functions. In the prior art, a command line system is directly deployed on a host machine, and although a command in the host machine can be directly called, application isolation cannot be achieved, and the safety is low.
Disclosure of Invention
The application provides a command execution method and a command execution device, and aims to solve the problems that in the prior art, a command line system is directly deployed on a host machine, although a command in the host machine can be directly called, application isolation cannot be achieved, and safety is low.
In a first aspect, the present invention provides a command execution method, applied to a hostserver server in a host, including:
registering a session bus with an application container engine docker in the host machine;
when a target command and parameters of the target command in the session bus are monitored, verifying whether the target command and the parameters of the target command are tampered, wherein the target command and the parameters of the target command are uploaded to the session bus by the docker;
under the condition that the target command and the parameters of the target command are determined not to be tampered, detecting whether the target command and the parameters of the target command have execution authority or not;
under the condition that the target command and the parameters of the target command are detected to have the execution authority, executing the target command to obtain an execution result;
and uploading the execution result to the session bus, so that the docker acquires and displays the execution result through the session bus.
Optionally, the verifying whether the target command and the parameter of the target command are tampered includes:
searching a target path corresponding to the target command in cmdlist according to the target command;
searching a target command file under the target path;
calculating a target md5 code of the target command file;
comparing the target md5 code with the md5 code prestored in md5 sum;
determining that the target command and parameters of the target command have not been tampered if the target md5 code matches a pre-stored md5 code in the md5 sum.
Optionally, the detecting whether the target command and the parameter of the target command have the execution permission includes:
comparing the parameters of the target command with preset parameters corresponding to the target command in the cmdlist;
and under the condition that the parameters of the target command are matched with preset parameters corresponding to the target command in the cmdlist, determining that the target command and the parameters of the target command have the execution permission.
Optionally, after the step of uploading the execution result to the session bus, the method further includes:
and accumulating the use times of the target command in the cmdlist.
Optionally, after the step of accumulating the number of times of use of the target command in the cmdlist, the method further includes:
and adjusting the position of the target command in the cmdlist according to the use times of the target command in the cmdlist obtained through accumulation.
Optionally, the execution result is in a JSON format.
In a second aspect, the present invention further provides a command execution method, applied to a docker in a host computer, including:
receiving a target command input by a user and a parameter of the target command;
judging whether the type of the parameter of the target command meets a preset parameter type or not;
uploading the target command and the parameters of the target command to a session bus under the condition that the type of the parameters of the target command meets the preset parameter type, so that a hostperver server in the host machine monitors the target command and the parameters of the target command through the session bus and executes the target command to obtain an execution result;
receiving the execution result uploaded by the hoststerver server through the session bus;
and displaying the execution result.
In a third aspect, the present invention further provides a command execution apparatus, including:
the registration module is used for registering a session bus between the application container engine docker in the host machine;
the verification module is used for verifying whether the target command and the parameters of the target command are tampered when monitoring the target command and the parameters of the target command in the session bus, wherein the parameters of the target command and the target command are uploaded to the session bus by the docker;
the detection module is used for detecting whether the target command and the parameters of the target command have the execution authority or not under the condition that the target command and the parameters of the target command are not tampered;
the execution module is used for executing the target command to obtain an execution result under the condition that the target command and the parameters of the target command are detected to have the execution authority;
and the uploading module is used for uploading the execution result to the session bus so that the docker can obtain and display the execution result through the session bus.
In a fourth aspect, the present invention further provides an electronic device, which includes a memory and a processor, where the processor is configured to implement the steps of the command execution method according to the first aspect when executing the computer program stored in the memory.
In a fifth aspect, the present invention also provides a computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the command execution method of the first aspect.
As can be seen from the foregoing technical solutions, in the command execution method and apparatus provided in the embodiments of the present invention, a session bus between the application container engine docker and the host is registered; when a target command and parameters of the target command in the session bus are monitored, verifying whether the target command and the parameters of the target command are tampered, wherein the target command and the parameters of the target command are uploaded to the session bus by the docker; under the condition that the target command and the parameters of the target command are determined not to be tampered, detecting whether the target command and the parameters of the target command have execution authority or not; under the condition that the target command and the parameters of the target command are detected to have the execution authority, executing the target command to obtain an execution result; and uploading the execution result to the session bus, so that the docker acquires and displays the execution result through the session bus. Therefore, the docker can upload the target command and the parameters of the target command to the session bus, and the hoststerver server can execute the target command to obtain an execution result when monitoring the target command and the parameters of the target command in the session bus, and the docker can obtain and display the execution result through the session bus. The command line can be deployed in the docker, application isolation is facilitated, and safety is improved.
Drawings
In order to more clearly explain the technical solution of the present application, the drawings needed to be used in the embodiments will be briefly described below, and it is obvious to those skilled in the art that other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a flow chart of a command execution method according to the present invention;
FIG. 2 is a flow chart of another command execution method provided by the present invention;
FIG. 3 is a block diagram of a command execution apparatus according to the present invention;
FIG. 4 is a schematic diagram of an embodiment of an electronic device provided in the invention;
fig. 5 is a schematic diagram of an embodiment of a computer-readable storage medium provided in the invention.
Detailed Description
Reference will now be made in detail to embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following examples do not represent all embodiments consistent with the present application. But merely as exemplifications of systems and methods consistent with certain aspects of the application, as recited in the claims.
Referring to fig. 1, fig. 1 is a flowchart of a command execution method provided by the present invention, and is applied to a hostserver server in a host. As shown in fig. 1, the method comprises the following steps:
and 101, registering a session bus between the application container engine docker in the host machine.
For example, after the host is started, a hoststerver server in the host may register a session bus with an application container engine docker in the host, and may monitor a message on the session bus after the registration is completed. Meanwhile, the hostserver server creates a subprocess initialization log recording module, then creates a link cmdlist corresponding to admin.cmdlist for the admin user and a link md5sum of the md5 code list admin.md5sum of each command file according to the preset user authority and the white list template.
For example, a user can input an admin user name and a password, and after login, an interactive interface in a command line docker can be directly started, and at the moment, a command can be input for operation.
For example, a target command cmd1 and parameters for the target command cmd1 may be input, and the command generation tool may check the syntax and parameter type of the input target command cmd 1. After the check passes, the DBus client handler defined in the command generation tool may be invoked to generate a message from the target command cmd1 and the parameters of the target command cmd1 and send the message onto the session bus. After listening to the message, the hoststerver server may strip the parameters of the target command cmd1 and the target command cmd1 from the message and verify whether the parameters of the target command cmd1 and the target command cmd1 are tampered. The parameters of the target command cmd1 and the target command cmd1 are docker uploaded to the session bus.
Optionally, the verifying whether the target command and the parameter of the target command are tampered includes:
searching a target path corresponding to the target command in cmdlist according to the target command;
searching a target command file under the target path;
calculating a target md5 code of the target command file;
comparing the target md5 code with the md5 code prestored in md5 sum;
determining that the target command and parameters of the target command have not been tampered if the target md5 code matches a pre-stored md5 code in the md5 sum.
Further, the hoststerver server may search a target path corresponding to the target command cmd1 in cmdlist according to the target command cmd1, and then may search a target command file under the target path. Next, the target md5 code of the target command file may be calculated, and the target md5 code may be compared with the md5 code pre-stored in md5 sum. In the case where the target md5 code matches the md5 code prestored in md5sum, it may be determined that the parameters of the target command cmd1 and the target command cmd1 have not been tampered with. Thus, by verifying whether the parameters of the target command cmd1 and the target command cmd1 are tampered, the security of information interaction can be ensured.
For example, in the case where it is determined that the parameters of the target command cmd1 and the target command cmd1 have not been tampered with, it may be detected whether the parameters of the target command cmd1 and the target command cmd1 have the execution authority.
Optionally, the detecting whether the target command and the parameter of the target command have the execution permission includes:
comparing the parameters of the target command with preset parameters corresponding to the target command in the cmdlist;
and under the condition that the parameters of the target command are matched with preset parameters corresponding to the target command in the cmdlist, determining that the target command and the parameters of the target command have the execution permission.
Further, the parameters of the target command cmd1 may be compared with preset parameters corresponding to the target command cmd1 in the cmdlist. When the parameter of the target command cmd1 is matched with the preset parameter corresponding to the target command cmd1 in the cmdlist, it may be determined that the parameters of the target command cmd1 and the target command cmd1 have the execution authority.
And 104, executing the target command to obtain an execution result under the condition that the target command and the parameters of the target command are detected to have the execution authority.
For example, when the parameters of the target command cmd1 and the target command cmd1 are detected to have the execution authority, the target command cmd1 may be executed to obtain the execution result.
Optionally, the execution result is in a JSON format.
Illustratively, the execution result may be in JSON format.
And 105, uploading the execution result to the session bus, so that the docker obtains and displays the execution result through the session bus.
For example, the hoststerver server may upload the execution result to the session bus, so that the docker obtains and displays the execution result through the session bus.
Optionally, after the step of uploading the execution result to the session bus, the method further includes:
and accumulating the use times of the target command in the cmdlist.
Further, the logging module may also accumulate the number of uses of the target command cmd1 in the cmdlist.
Optionally, after the step of accumulating the number of times of use of the target command in the cmdlist, the method further includes:
and adjusting the position of the target command in the cmdlist according to the use times of the target command in the cmdlist obtained through accumulation.
Furthermore, the position of the target command cmd1 in the cmdlist can be adjusted according to the use times of the target command cmd1 in the cmdlist obtained through accumulation. For example, the more times the target command cmd1 is used, the more advanced the target command cmd1 may be adjusted to the cmdlist. That is, the log recording module records the heat of the input command, the command sequence in the command white list template can be automatically adjusted every other preset period, and the command with high heat can be adjusted to the top of the white list admin.cmdlist and admin.md5sum list, so that the analysis efficiency is improved.
It should be noted that, in the prior art, the command line system is directly deployed on the host, and although the command in the host can be directly called, application isolation cannot be achieved, and the security is low.
In the application, the docker can upload the target command and the parameters of the target command to the session bus, and then the hoststerver server can execute the target command to obtain an execution result when monitoring the target command and the parameters of the target command in the session bus, and the docker can obtain and display the execution result through the session bus. The command line can be deployed in the docker, application isolation is facilitated, and safety is improved.
As can be seen from the foregoing technical solutions, the command execution method provided in the embodiments of the present invention is applied to a hostserver server in a host, and registers a session bus with an application container engine docker in the host; when a target command and parameters of the target command in the session bus are monitored, verifying whether the target command and the parameters of the target command are tampered, wherein the target command and the parameters of the target command are uploaded to the session bus by the docker; under the condition that the target command and the parameters of the target command are determined not to be tampered, detecting whether the target command and the parameters of the target command have execution authority or not; under the condition that the target command and the parameters of the target command are detected to have the execution authority, executing the target command to obtain an execution result; and uploading the execution result to the session bus, so that the docker acquires and displays the execution result through the session bus. Therefore, the docker can upload the target command and the parameters of the target command to the session bus, and the hoststerver server can execute the target command to obtain an execution result when monitoring the target command and the parameters of the target command in the session bus, and the docker can obtain and display the execution result through the session bus. The command line can be deployed in the docker, application isolation is facilitated, and safety is improved.
Referring to fig. 2, fig. 2 is a flowchart of another command execution method provided by the present invention, which is applied to a docker in a host. As shown in fig. 2, the method comprises the following steps:
For example, in the case of host startup, a docker within the host may receive user input of the target command cmd1 and parameters of the target command cmd 1.
For example, it may be determined whether the type of parameter of the target command cmd1 satisfies a preset parameter type.
For example, in the case that the type of the parameter of the target command cmd1 satisfies the preset parameter type, the parameters of the target command cmd1 and the target command cmd1 may be uploaded to the session bus, so that the hoststerver server in the host listens to the parameters of the target command cmd1 and the target command cmd1 through the session bus and executes the target command cmd1 to obtain an execution result.
And 204, receiving the execution result uploaded by the hostperver server through the session bus.
Illustratively, a docker in the host computer may receive an execution result uploaded by the hostserver server through the session bus.
And step 205, displaying the execution result.
Illustratively, docker within the host computer may present the execution results.
As can be seen from the foregoing technical solutions, the command execution method provided in the embodiments of the present invention is applied to a docker in a host, and receives a target command input by a user and a parameter of the target command; judging whether the type of the parameter of the target command meets a preset parameter type or not; uploading the target command and the parameters of the target command to a session bus under the condition that the type of the parameters of the target command meets the preset parameter type, so that a hostperver server in the host machine monitors the target command and the parameters of the target command through the session bus and executes the target command to obtain an execution result; receiving the execution result uploaded by the hoststerver server through the session bus; and displaying the execution result. Therefore, the docker can upload the target command and the parameters of the target command to the session bus, and the hoststerver server can execute the target command to obtain an execution result when monitoring the target command and the parameters of the target command in the session bus, and the docker can obtain and display the execution result through the session bus. The command line can be deployed in the docker, application isolation is facilitated, and safety is improved.
Referring to fig. 3, fig. 3 is a structural diagram of a command execution device according to the present invention. As shown in fig. 3, the command execution apparatus 300 includes a registration module 301, a verification module 302, a detection module 303, an execution module 304, and an upload module 305, wherein:
a registration module 301, configured to register a session bus with an application container engine docker in the host;
a verification module 302, configured to verify whether a target command and a parameter of the target command in the session bus are tampered with when monitoring the target command and the parameter of the target command, where the target command and the parameter of the target command are uploaded to the session bus by the docker;
a detecting module 303, configured to detect whether the target command and the parameter of the target command have an execution authority or not, if it is determined that the target command and the parameter of the target command are not tampered with;
an executing module 304, configured to execute the target command and obtain an execution result when it is detected that the target command and the parameter of the target command have the execution permission;
an uploading module 305, configured to upload the execution result to the session bus, so that the docker obtains and displays the execution result through the session bus.
The command execution device 300 can implement each process implemented by the command execution device in the method embodiment of fig. 1, and is not described herein again to avoid repetition. And the command executing apparatus 300 may enable the docker to upload the target command and the parameter of the target command to the session bus, and then the hoststerver server may execute the target command while monitoring the target command and the parameter of the target command in the session bus, obtain an execution result, and obtain and display the execution result through the session bus by the docker. The command line can be deployed in the docker, application isolation is facilitated, and safety is improved.
Referring to fig. 4, fig. 4 is a schematic view of an embodiment of an electronic device according to an embodiment of the present disclosure.
As shown in fig. 4, an electronic device 400 according to an embodiment of the present application includes a memory 410, a processor 420, and a computer program 411 stored in the memory 410 and executable on the processor 420, where the processor 420 executes the computer program 411 to implement the following steps:
registering a session bus with an application container engine docker in the host machine;
when a target command and parameters of the target command in the session bus are monitored, verifying whether the target command and the parameters of the target command are tampered, wherein the target command and the parameters of the target command are uploaded to the session bus by the docker;
under the condition that the target command and the parameters of the target command are determined not to be tampered, detecting whether the target command and the parameters of the target command have execution authority or not;
under the condition that the target command and the parameters of the target command are detected to have the execution authority, executing the target command to obtain an execution result;
and uploading the execution result to the session bus, so that the docker acquires and displays the execution result through the session bus.
In a specific implementation, when the processor 420 executes the computer program 411, any of the embodiments corresponding to fig. 1 may be implemented.
Since the electronic device described in this embodiment is a device used for implementing one of the command execution devices in this embodiment, based on the method described in this embodiment, a person skilled in the art can understand the specific implementation manner of the electronic device of this embodiment and various variations thereof, so that how to implement the method in this embodiment by the electronic device is not described in detail herein, and as long as the person skilled in the art implements the device used for implementing the method in this embodiment, the device falls within the scope of the present application.
Referring to fig. 5, fig. 5 is a schematic diagram illustrating an embodiment of a computer-readable storage medium according to the present application.
As shown in fig. 5, the present embodiment provides a computer-readable storage medium 500 having a computer program 511 stored thereon, the computer program 511 implementing the following steps when executed by a processor:
registering a session bus with an application container engine docker in the host machine;
when a target command and parameters of the target command in the session bus are monitored, verifying whether the target command and the parameters of the target command are tampered, wherein the target command and the parameters of the target command are uploaded to the session bus by the docker;
under the condition that the target command and the parameters of the target command are determined not to be tampered, detecting whether the target command and the parameters of the target command have execution authority or not;
under the condition that the target command and the parameters of the target command are detected to have the execution authority, executing the target command to obtain an execution result;
and uploading the execution result to the session bus, so that the docker acquires and displays the execution result through the session bus.
In a specific implementation, the computer program 511 may implement any of the embodiments corresponding to fig. 1 when executed by a processor.
It should be noted that, in the foregoing embodiments, the descriptions of the respective embodiments have respective emphasis, and reference may be made to relevant descriptions of other embodiments for parts that are not described in detail in a certain embodiment.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Embodiments of the present application further provide a computer program product, where the computer program product includes computer software instructions, and when the computer software instructions are executed on a processing device, the processing device executes the flow in the command execution method in the embodiment corresponding to fig. 1.
The computer program product includes one or more computer instructions. When loaded and executed on a computer, cause the processes or functions described in accordance with the embodiments of the application to occur, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored on a computer readable storage medium or transmitted from one computer readable storage medium to another, for example, from one website, computer, server, or data center to another website, computer, server, or data center via wire (e.g., coaxial cable, fiber optic, Digital Subscriber Line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that a computer can store or a data storage device, such as a server, a data center, etc., that is integrated with one or more available media. The usable medium may be a magnetic medium (e.g., floppy disk, hard disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., Solid State Disk (SSD)), among others.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be substantially implemented or contributed to by the prior art, or all or part of the technical solution may be embodied in a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
The above embodiments are only used for illustrating the technical solutions of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not depart from the spirit and scope of the corresponding technical solutions in the embodiments of the present application.
Claims (10)
1. A command execution method is applied to a hostserver server side in a host machine, and is characterized by comprising the following steps:
registering a session bus with an application container engine docker in the host machine;
when a target command and parameters of the target command in the session bus are monitored, verifying whether the target command and the parameters of the target command are tampered, wherein the target command and the parameters of the target command are uploaded to the session bus by the docker;
under the condition that the target command and the parameters of the target command are determined not to be tampered, detecting whether the target command and the parameters of the target command have execution authority or not;
under the condition that the target command and the parameters of the target command are detected to have the execution authority, executing the target command to obtain an execution result;
and uploading the execution result to the session bus, so that the docker acquires and displays the execution result through the session bus.
2. The method of claim 1, wherein the verifying whether the target command and the parameters of the target command are tampered with comprises:
searching a target path corresponding to the target command in cmdlist according to the target command;
searching a target command file under the target path;
calculating a target md5 code of the target command file;
comparing the target md5 code with the md5 code prestored in md5 sum;
determining that the target command and parameters of the target command have not been tampered if the target md5 code matches a pre-stored md5 code in the md5 sum.
3. The method of claim 2, wherein the detecting whether the target command and the parameters of the target command have the execution authority comprises:
comparing the parameters of the target command with preset parameters corresponding to the target command in the cmdlist;
and under the condition that the parameters of the target command are matched with preset parameters corresponding to the target command in the cmdlist, determining that the target command and the parameters of the target command have the execution permission.
4. The method of claim 2 or 3, wherein after the step of uploading the execution results to the session bus, the method further comprises:
and accumulating the use times of the target command in the cmdlist.
5. The method of claim 4, wherein after the step of accumulating the number of uses of the target command in the cmdlist, the method further comprises:
and adjusting the position of the target command in the cmdlist according to the use times of the target command in the cmdlist obtained through accumulation.
6. The method of claim 5, wherein the execution result is in a JSON format.
7. A command execution method is applied to a docker in a host machine, and is characterized by comprising the following steps:
receiving a target command input by a user and a parameter of the target command;
judging whether the type of the parameter of the target command meets a preset parameter type or not;
uploading the target command and the parameters of the target command to a session bus under the condition that the type of the parameters of the target command meets the preset parameter type, so that a hostperver server in the host machine monitors the target command and the parameters of the target command through the session bus and executes the target command to obtain an execution result;
receiving the execution result uploaded by the hoststerver server through the session bus;
and displaying the execution result.
8. A command execution apparatus, comprising:
the registration module is used for registering a session bus between the application container engine docker in the host machine;
the verification module is used for verifying whether the target command and the parameters of the target command are tampered when monitoring the target command and the parameters of the target command in the session bus, wherein the parameters of the target command and the target command are uploaded to the session bus by the docker;
the detection module is used for detecting whether the target command and the parameters of the target command have the execution authority or not under the condition that the target command and the parameters of the target command are not tampered;
the execution module is used for executing the target command to obtain an execution result under the condition that the target command and the parameters of the target command are detected to have the execution authority;
and the uploading module is used for uploading the execution result to the session bus so that the docker can obtain and display the execution result through the session bus.
9. An electronic device comprising a memory, a processor, characterized in that the processor is adapted to carry out the steps of the command execution method according to any of claims 1 to 6 when executing a computer program stored in the memory.
10. A computer-readable storage medium having stored thereon a computer program, characterized in that: the computer program realizing the steps of the command execution method according to any one of claims 1 to 6 when executed by a processor.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011580906.7A CN112650557B (en) | 2020-12-28 | 2020-12-28 | Command execution method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011580906.7A CN112650557B (en) | 2020-12-28 | 2020-12-28 | Command execution method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112650557A true CN112650557A (en) | 2021-04-13 |
| CN112650557B CN112650557B (en) | 2022-12-27 |
Family
ID=75363580
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011580906.7A Active CN112650557B (en) | 2020-12-28 | 2020-12-28 | Command execution method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112650557B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117271169A (en) * | 2023-11-03 | 2023-12-22 | 广东保伦电子股份有限公司 | Communication method for calling host machine command by container |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110764985A (en) * | 2019-10-11 | 2020-02-07 | 苏州浪潮智能科技有限公司 | Method, system, equipment and readable storage medium for recording command line |
| CN111858179A (en) * | 2020-07-24 | 2020-10-30 | 苏州浪潮智能科技有限公司 | Method and device for improving stability of system based on container engine |
-
2020
- 2020-12-28 CN CN202011580906.7A patent/CN112650557B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110764985A (en) * | 2019-10-11 | 2020-02-07 | 苏州浪潮智能科技有限公司 | Method, system, equipment and readable storage medium for recording command line |
| CN111858179A (en) * | 2020-07-24 | 2020-10-30 | 苏州浪潮智能科技有限公司 | Method and device for improving stability of system based on container engine |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117271169A (en) * | 2023-11-03 | 2023-12-22 | 广东保伦电子股份有限公司 | Communication method for calling host machine command by container |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112650557B (en) | 2022-12-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3575975B1 (en) | Method and apparatus for operating smart network interface card | |
| CN109376078B (en) | Mobile application testing method, terminal equipment and medium | |
| CN110908909B (en) | Automatic test method, device, storage medium and equipment | |
| CN112395616B (en) | Vulnerability processing method and device and computer equipment | |
| JP6290297B2 (en) | System and method for detecting modified or damaged external devices | |
| CN105787364B (en) | Automatic testing method, device and system for tasks | |
| CN104765678A (en) | Method and device for testing applications on mobile terminal | |
| CN106302025B (en) | Automatic testing method and device for communication protocol | |
| CN111211929A (en) | Fault positioning method, fault positioning device, control equipment and intelligent equipment | |
| CN108306787B (en) | Application monitoring method and related equipment | |
| CN111258913A (en) | Automatic algorithm testing method and device, computer system and readable storage medium | |
| US20140189103A1 (en) | System for monitoring servers and method thereof | |
| CN105279078A (en) | Method and device for detecting security hole | |
| CN112650557B (en) | Command execution method and device | |
| US20200028733A1 (en) | Method and apparatus for processing information | |
| CN114510381A (en) | Fault injection method, device, equipment and storage medium | |
| CN114020678A (en) | Redirection method, device and system for server serial console and electronic equipment | |
| US10628583B2 (en) | Detecting a spoofed image in an information handling system | |
| CN114911656A (en) | Automatic IPMI instruction testing method, single chip microcomputer and related device | |
| CN114064510A (en) | Function testing method and device, electronic equipment and storage medium | |
| RU2671999C1 (en) | Method and system for diagnostics of mobile computer devices | |
| CN114968696A (en) | Index monitoring method, electronic equipment and chip system | |
| CN117332412B (en) | Detection method and device for data security system and electronic equipment | |
| CN113840139B (en) | Method, device, equipment and storage medium for detecting television signal power in real time | |
| EP4160454A1 (en) | Computer-implemented systems and methods for application identification and authentication |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |