Development of Change Detection System using Linux C/C++, Kernel Space programming, & User Space Programming.
The Client:
Portland, Oregon based leading software product company.
The Challenge:
The client needed a driver that could:
Communicate with external auditing
agent to get rules for change detection
Capture Linux file system events
Validate the captured events against
the rules
Report the validated events to external
auditing agent
Run on RHEL 3, 4, 5 Linux, with 32-bit
as well as 64-bit OS
The CPU usage of this driver during
heavy file I/O not to exceed 5%
Support SMP
The Solution:
While developing change detecting system we used Layered
architecture to ensure low coupling, high scalability
and easy maintenance. Also we specially Developed Daemon
that:
Registers with the kernel to receive
file system change events.
Creates socket for communication.
Starts the IPC thread to handle external
auditing agent request.
Design Highlights:
Supported Linux Distributions:
Linux Distribution
Linux Kernel
RHEL 4 AS
2.6.9-1.648_EL
RHEL 4 ES
2.6.9-1.648_EL
RHEL 3 AS
2.4.21-9.EL
RHEL 3 ES
2.4.21-9.EL
RHEL 5
2.6
Best Practices and Standards:
Versioning of source code for history
management
Source control server does not contain
partial code
Industrial guidelines for standards
and best practices are strictly followed
