摘要
提出了一个增强Linux系统安全审计功能的机制。该机制以可装载内核模块技术为基础,提供系统层和应用层两个层次的审计功能。系统审计为每个安全相关的系统调用生成审计记录。应用层审计改变了传统的完全依赖于应用程序在用户空间写日志文件的方式,由应用程序和内核共同产生审计记录。最后给出用该审计机制进行入侵检测的例子。
An enhanced security auditing mechanism for Linux is proposed.This mechanism is based on loadable kernel mo-(dule) and provides system level and application level auditing functions.System audit generates an audit record for every security sensitive system call.Application level audit abandons the traditional auditing fashion that auditing system completely depends on applications writing log file in user space.Instead,applications and system kernel will generate audit record coordinately.Examples are given for intrusion detection with this mechanism.
出处
《计算机应用研究》
CSCD
北大核心
2004年第11期150-153,共4页
Application Research of Computers
关键词
审计
系统审计
应用层审计
审计记录
可装载内核模块
入侵检测
Audit
System Audit
Application Level Audit
Audit Record
Loadable Kernel Module
Intrusion Detection
