| With the proliferation of computers and the development of information technology, in the enjoyment of computer technology to bring convenient, fast services, people become more and more concerned about computer security issues. Computer security involving personal privacy, even to the important national organizations confidential information and so on, any small mistakes, may have unexpected economic losses. Because of Linux system's open source and low cost, more and more organizations, individuals and groups use the system.Pelople pay more attention to the security issues in the Linux system. The traditional Linux system monitoring method has low efficiency, accuracy, and other disadvantages, so develop a tool listening Linux system has important significance.The most immediate needs of Linux system security is monitoring equipment. Getting a unified summary of, analysis and filtering the information. Any operations of the Linux system are ultimately translated into action on the file, so the file system in Linux plays an important role. And the storage devices to store information also occupy the same position. Therefore, monitor the two in Linux system can effectively ensure the system safety and stability. Monitoring at different levels, different levels of Linux system can from different aspects protect the system security.The dissertation designs and implements a Linux environment, based on filter driver the monitoring system. Main achievements are as follows:(1) Study of the the Linux kernel hierarchical structure, the process of system calls, virtual file system and block device files to read and write operation. Further describes the the structure and process of SCSI subsystem and other technologies such as timer used in the filter.(2) The overall design of the filter driver using in the monitoring system. Design the process and some custom orders structure in detail. The overall design of filter rules, facilitate the expansion of filter rules.(3) According to the overall design, make the monitoring system to achieve. Through the the different of specific role, modular division of the filter driver, can clearly show the various functions.(4) In the real test environment to test the filter driver to verify the previous design is reasonable. And comparison with traditional monitoring methods, get the the system's performance evaluation.(5) Summary the work in this article. Analyze the advantages and disadvantages of the system design; propose the direction of improving the system in the future. |
PDF Full Text Request