摘要
为提高Linux系统安全性,在逐步分析Linux系统调用机制的基础上,设计并实现了基于系统调用的日志系统。通过在内核添加新的系统调用,从内核实时截获日志信息,并导出到用户态,使系统能够实时获取与系统安全相关的各种信息,从而分析系统的行为,审计系统的安全性。为尽可能减少内核代码的修改,核心功能模块以内核可加载模块机制实现,减少了调试难度,加大了系统的可扩充性。
In order to analyze the system's security easily and timely,the Linux system call mechanism is studied and a log system based on system call is designed and implemented.By this design,new system calls are added to the kernel,form which logs are captured and exported to the user mode part in real-time.To reduce the modification of kernel source as much as possible,the core function module is designed as kernel loadable module,which also brings the debugging difficulty to be lower and makes the system extend easier.
出处
《西安邮电学院学报》
2011年第4期59-61,65,共4页
Journal of Xi'an Institute of Posts and Telecommunications
