[关键词]
[摘要]
Unix Shell生成的命令历史记录是系统审计信息的重要来源,但它未能包含检测入侵所需的足够信息,且容易被用户本人篡改.利用可装入内核模块和系统调用劫持技术实现了对Linux Shell安全审计机制的扩展,并给出了用其进行安全监测的例子.
[Key word]
[Abstract]
Command history records generated by Unix shell is one of the important sources of system auditing information. But command history does not include sufficient information for intrusion detection and the history records can be easily modified by user themselves. With Linux loadable kernel module technique and system call interception, an extension to security auditing mechanism of Linux shell is implemented in this paper, and then some examples are given for security monitoring with the new mechanism.
[中图分类号]
[基金项目]