摘要
用户登录后在Linux Shell中留下的历史记录是审计信息的重要来源,但未能包含判断入侵与否的足够信息,且很容易被篡改。文中基于shell机制,利用可装入内核模块/、proc虚拟文件系统和系统调用劫持技术,实现了一个较全面的入侵检测的审计机制,同时给出了一个用其进行安全监测的简单实例以及该方法的优点。
Command history records which generated by Linux shell after user login is one of the important sources of system auditing information. But command history does not include sufficient information for intrusion detection and the history records can be easily modified. Adopted loadable kernel module technique, /proc virtual file system and system call interception, a full- function security auditing mechanism based on Linux shell is implemented in this paper, and then a simple example is given for security monitoring with the new mechanism. At last a discussion of its advantage is given.
出处
《计算机技术与发展》
2007年第6期155-158,共4页
Computer Technology and Development
基金
国家自然科学基金(60473142)
安徽省教育厅自然科学研究项目(2006KJ063B)
安徽省高等学校青年教师科研资助项目(2007jq1028)
