Article Title: Problems and Countermeasures in Linux system calls. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
Linux Process monitoring methods and tools are implemented based on the corresponding API functions or system calls provided to us by calling the operating system. All we get is the result of interface function processing. We cannot actively obtain the information we need from the process data structure of the operating system kernel.
Therefore, they have the following problems:
1. Traditional process monitoring methods have low operation efficiency, long response time, and poor real-time performance.
2. It is impossible to report the security status of the current system to the user in real time and efficiently. Even if any illegal process in the system is running, the system cannot identify it.
3. users cannot be provided with evidence to capture behaviors of illegal processes and the activity track of the processes. When an illegal process runs and damages the system, the user finds an illegal process by checking the process list, it is also unclear what damage the process has caused to the system for a period of time from the process to the capture of such an illegal process. For example, access and modify important system files and occupy system resources. These problems have brought a lot of problems to future recovery and processing.
[1] [2] Next page