关键词: 审计 系统日志 记帐 内核线程

Abstract:

To study the protection technology and predict and analyze the behaviors of an operating system is the important content of the security of the operat ing system.The action of prediction is achieved by analyzing the audit data of the system,so the secure operating system must be provided with the funct  ion of recording users＇ actions.In many cases,however,malicious users＇ attack the OS successfully,which means the malicious users have the privilege of an administrator,he can destroy audit data,change the behaviors of the audit data so as to hide the aim of his malicious action.So the Kylin operatin  g system implements the management model of power separation,and the model requires that producing and storing audit data cannot be controlled by any us er but the audit administrator.This paper studies and designs the software architecture of the kernel audit function,and avoid the fragibility of the pr evious audit system implemented by the kernel audit module and the audit process,and then guarantee the independence of audit management.

Key words: audit;syslog;accounting;kernel thread