摘要
为了达到安全管理单机或网络系统的目的 ,需要全面地获取 Linux系统下各种所需的审计信息 .通过分析 L inux内核源代码 ,并根据 L inux系统提供的内核可加载模块以及系统调用的机制 ,找出获取 L inux审计信息的方法 .通过编写核心监控模块和记录构造模块 ,实现了在 L inux系统下获取各种审计信息 .证明了利用改造内核获取系统审计信息方法的可行性 ,并且克服了 L inux系统原有日志信息的不足 .
To achieve the goal of administrating mainframe and network safely, it is necessary to acquire various audit information in a Linux system completely. According to the mechanisms of Linux's loadable module and system call, the sources are analyzed and the method of getting audit information in Linux is determined. By constructing the kernel monitor module and record creating module, the aim in getting various audit information in a Linux system is achieved. Finally, the method of getting audit information of a system by customizing the kernel is demonstrated to be feasible and reliable, and the insufficiency of Linux's original log information is overcome.
出处
《北京理工大学学报》
EI
CAS
CSCD
北大核心
2001年第1期69-72,共4页
Transactions of Beijing Institute of Technology
