LINUX文件系统实时监控方法

为了保证LINUX操作系统的安全性,通过对其文件系统进行实时监控来阻止恶意程序的入侵.使用内核可加载模块修改LINUX内核,通过修改内核中的系统调用表拦截对文件系统的系统调用;使用PROC文件系统进行内核与用户进程的信息传递;使用用户进程对内核拦截到的文件信息进行处理,实现实时监控.讨论了PROC文件的注册方法,给出了在内核中通过文件句柄获取文件全路径的方法.为了实现对并行文件操作的实时监控,利用等待队列和信号机制给出了一个内核和守护进程进行同步与通信的解决方案.给出了对LINUX文件系统实时监控的一个完整的方法,并为实际编程提供了框架程序.

The Method of Real-time Monitoring the LINUX File System

For the security of LINUX operation system, it is necessary to monitor the file system of LINUX to prevent the invasion of malevolent programs. Accordingly, the authors modify the kernel of LINUX by loading LKM (loadable kernel module) to hold up system calls of file system by modifing the system_call_table; the PROC file system is used to realize the correspondence between the kernel and the user process; Finally, the user process can deal with the files which are holded up by kernel. The authors discuss how to register a PROC file in linux kernel and offer a method for getting file' s absolute path in LINUX kernel. To solve the problem of real-time monitoring parallel file opreations, the authors use wait queues and signals to implement the synchronization and interaction between kernel and user process. A complete solution to real-time monitoring the file system of LINUX is given, and then a skeleton of programs to realize the solution is provided.