| Case
Studies
Real
Time Change Event Detection System on Linux
Client :
Client:
A leading software product company, Portland, Oregon
Project
Description :
The client needed a driver on Linux to capture any changes
on the Linux file system i.e. creation, deletion, changes
to the files or changes to the permissions on the file.
A software product was needed that would continuously
run in the background, monitor and report the system
level events for auditing. There was external auditing
agent to set the rules for monitoring the events.
There
were following requirements for the Linux driver:
• Communicate with external auditing agent to
get rules for change detection
• Capture Linux file system events
• Validate the captured events against the rules
• Report the validated events to external auditing
agent
• Run on RHEL 3, 4, 5 Linux, with 32-bit as well
as 64-bit OS
• The CPU usage of this driver during heavy file
I/O not to exceed 5%
• Support SMP
Design
Highlights:
Following
are the design highlights of our solution:
•
Layered architecture to ensure low coupling, high scalability
and easy maintenance
• Development of Daemon that
• registers with the kernel to receive file system
change events
•creates socket for communication
• starts the IPC thread to handle external auditing
agent request
TSupported Linux Distributions :
Linux
Distribution |
Linux
Kernel |
RHEL 4 AS
|
2.6.9-1.648_EL |
RHEL 4 ES |
2.6.9-1.648_EL |
RHEL 3 AS
|
2.4.21-9.EL |
RHEL 3 ES
|
2.4.21-9.EL |
RHEL 5 |
2.6 |
Technology
:
• C, Linux
• Kernel Space programming
• User Space Programming
Back
To Case Studies
|
Clients
