发明名称 |
Computer-implemented command control in information technology service environment |
摘要 |
A computer-implemented agent process running on a first computer automatically intercepts a command issued from the first computer to execute on a target computer prior to invocation of the command on the target computer. A server profile built for an application running on the target computer that supports the command may be retrieved. At least based on the server profile a risk enforcement policy is dynamically constructed. Based on the risk enforcement policy, one or more computer-executable enforcement actions to perform prior to sending the command to the target computer for execution is determined. Based on executing of one or more of the computer-executable enforcement actions, the command may be transmitted to execute on the target computer or prevented from executing on the target computer. |
申请公布号 |
US9584378(B1) |
申请公布日期 |
2017.02.28 |
申请号 |
US201514978291 |
申请日期 |
2015.12.22 |
申请人 |
International Business Machines Corporation |
发明人 |
Adam Constantin M;Anerousis Nikolaos;Chandran Vysakh K.;Hernandez Milton H.;Padhi Debasisha K.;Ruan Yaoping;Tanada Fabio M.;Wu Frederick Y.-F.;Zeng Sai |
分类号 |
H04L12/24;H04L29/08 |
主分类号 |
H04L12/24 |
代理机构 |
Scully, Scott, Murphy & Presser, P.C. |
代理人 |
Scully, Scott, Murphy & Presser, P.C. ;Percello, Esq. Louis J. |
主权项 |
1. A computer-implemented method of controlling execution of computer-executable commands, the method performed by one or more hardware processors, comprising:
intercepting, automatically by a computer-implemented agent process running on a first computer, a command issued from the first computer to execute on a target computer prior to invocation of the command on the target computer; retrieving a server profile built for an application running on the target computer that supports the command; dynamically constructing a risk enforcement policy at least based on the server profile and change policy; determining based on the risk enforcement policy, one or more computer-executable enforcement actions to perform prior to sending the command to the target computer for execution; and based on executing of one or more of the computer-executable enforcement actions, transmitting the command to execute on the target computer or preventing the command from executing on the target computer to prevent error, the computer-executable enforcement actions comprising at least detecting a connection to the target computer, mapping a process identifier associated with the connection, mapping a process binary from the process identifier, computing a checksum of the process binary and detecting whether the computed checksum matches a pre-computed checksum associated with a custom shell client, wherein the intercepting comprises capturing by the computer-implemented agent process an application invocation signal, and intercepting user input to the application. |
地址 |
Armonk NY US |