|
|||||
|
|
| 基于Linux Shell的安全审计机制 | |
| 引用本文: | 阮越,秦锋,周建钦. 基于Linux Shell的安全审计机制[J]. 计算机技术与发展, 2007, 17(6): 155-158 |
| 作者姓名: | 阮越 秦锋 周建钦 |
| 作者单位: | 安徽工业大学,计算机学院,安徽,马鞍山,243002 |
| 基金项目: | 国家自然科学基金;安徽省教育厅自然科学基金;安徽省高校青年教师科研项目 |
| 摘 要: | 用户登录后在Linux Shell中留下的历史记录是审计信息的重要来源,但未能包含判断入侵与否的足够信息,且很容易被篡改。文中基于shell机制,利用可装入内核模块/、proc虚拟文件系统和系统调用劫持技术,实现了一个较全面的入侵检测的审计机制,同时给出了一个用其进行安全监测的简单实例以及该方法的优点。 |
| 关 键 词: | 安全审计 可装入内核模块 /proc虚拟文件系统 系统调用劫持 |
| 文章编号: | 1673-629X(2007)06-0155-04 |
| 收稿时间: | 2006-08-28 |
| 修稿时间: | 2006-08-28 |
Security Auditing Mechanism Based on Linux Shell |
|
| RUAN Yue,QIN Feng,ZHOU Jian-qin. Security Auditing Mechanism Based on Linux Shell[J]. Computer Technology and Development, 2007, 17(6): 155-158 | |
| Authors: | RUAN Yue QIN Feng ZHOU Jian-qin |
| Abstract: | Command history records which generated by Linux shell after user login is one of the important sources of system auditing information. But command history does not include sufficient information for intrusion detection and the history records can be easily modified. Adopted loadable kernel module technique, /proc virtual file system and system call interception, a full- function security auditing mechanism based on Linux shell is implemented in this paper, and then a simple example is given for security monitoring with the new mechanism. At last a discussion of its advantage is given. |
| Keywords: | security audit loadable kernel module /proc virtual file system system call interception |
| 本文献已被 维普 万方数据 等数据库收录! | |