| 利用LKM的Linux审计功能实现 |
| |
| 引用本文: | 王斌,须文波,冯斌.利用LKM的Linux审计功能实现[J].计算机工程,2004,30(3):136-138. |
| |
| 作者姓名: | 王斌 须文波 冯斌 |
| |
| 作者单位: | 江南大学信息工程学院,无锡,214036 |
| |
| 摘 要: | 安全和完整地获得信息对于审计和入侵检测系统是极其重要的,但是Linux的shell记录并没有提供充足的信息并且历史记录可以被用户轻易地修改。分析了当前审计系统的缺点,给出了一个利用可加载内核模块的方法实现审计功能的例子。
|
| 关 键 词: | 审计 系统调用 可加载内核模块 设备驱动 |
| 文章编号: | 1000-3428(2004)03-0136-03 |
Realization of the Function of Auditing in Linux with LKM |
| |
| WANG Bin,XU Wenbo,FENG Bin.Realization of the Function of Auditing in Linux with LKM[J].Computer Engineering,2004,30(3):136-138. |
| |
| Authors: | WANG Bin XU Wenbo FENG Bin |
| |
| Abstract: | Obtaining information of Linux safely and sufficiently is critical for system auditing or IDS. But Linux shell records do not provide sufficient information and the history records can be readily modified by user. This paper analyses the disadvantage of current Linux audit system, then an example using LKM is given to illustrat the realization of the function of auditing. |
| |
| Keywords: | Auditing System call LKM Device driver |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
