Expert: how to monitor and protect process security in Linux

Source: Internet
Author: User
Expert: how to monitor and protect process security in Linux-Linux Enterprise Application-Linux server application information. The following is a detailed description. By using user-level top, ps, and other system tools as well as Linux kernel protection technologies, we can comprehensively protect the security of important system processes and user processes in Linux systems from the user/kernel levels, to protect the security of Linux.

The Bell-LaPadula model, a classic information Confidentiality security model, points out that a process is a subject of the entire computer system. It must take a certain level of security to act on the object. Under certain conditions, a process can operate objects such as files and databases.

If a process is used for other illegal purposes, it will cause major harm to the system. In real life, many cyber hackers use Trojans to destroy computer systems and intrude into the system, without exception, these "Trojan" programs must run on machines through the process method to play a role.

In addition, many destructive programs and attack techniques must destroy the legitimate processes of the target computer system, especially important system processes, so that the system cannot complete normal work or even work, in this way, the target computer system is destroyed. As a Linux system that accounts for the vast majority of the market share of servers, to ensure the security of computer systems, we must monitor and protect its processes.

User-level process monitoring tool

Linux provides who, w, ps, top, and other system calls to view process information. By using these system calls, we can clearly understand the running status and survival status of processes, so as to take appropriate measures to ensure the security of the Linux system. They are currently the most common tool for viewing Process Conditions in Linux. They are released along with the Linux suite and can be used after the system is installed.

1. who command: this command is mainly used to view the current online user information. The system administrator can use the who command to monitor what every login user is doing at this moment.

2. w command: this command is also used to display the user login to the system, but unlike who, w command is more powerful, it can not only show who logged on to the system, it can also display the work that these users are currently working on. The w command is an enhanced version of the who command.

3. ps command: this command is the most basic and powerful process view command. It can be used to determine which processes are running and running, whether the processes are terminated, whether the processes are dead, and which processes are occupying excessive resources. The ps command can monitor the working status of background processes, because background processes do not communicate with standard input/output devices such as the screen keyboard. To detect the situation, you can use the ps command. The following is an example of a ps command:


$ Ps x

PID TTY STAT TIME COMMAND

5800 ttyp0 S-bash

5813 ttyp1 S-bash

5921 ttyp0 S man ps

5922 ttyp0 S sh-c
/Usr/bin/gunzip-c
/Var/catman/cat1/ps.1.gz/

5923 ttyp0 S/usr/bin/gunzip-c
/Var/catman/cat1/ps.1.gz

5924 ttyp0 S/usr/bin/less-is

5941 ttyp1 R ps x

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.