Abstract
Security is one of the major challenge while single machine is shared among multiple users. Linux is the operating system which supports multiple users. All the users can have access to different files in the system and they can access the file using local machine or the network connection. Any inappropriate action by some user can cause system failure or some unexpected troubles. All the activities by different users must be monitored in order to identify the exact reason for system failure and the user who is responsible for that. In the operating system, system call is the only window for a user process to get into the kernel and access different resources provided by the kernel. Linux Security Module (LSM) is a Loadable Kernel Module (LKM) which intercept the file i/o system calls and network i/o system calls in order to log the valuable information. It adds a layer between the user process and actual system call by replacing the actual system call with spy system call. The LSM supports 32 bit machine and older version of the kernel. As 64 bit machines are common today, LSM is required to be ported on a 64 bit machine with the latest version of kernel source. To port the actual LSM on latest hardware and latest kernel, changes are required and LSM need to be upgraded based on current system call structure. User activities monitoring system using LKM includes upgraded LSM as system layer utility. This is required to hack the file i/o and network i/o and to generate the log files based on gathered information. And as application layer utility it also includes automation system, which required to filter the data from log file and insert that data into the database. It also has a GUI based web interface to query the data in the database and to generate the report for system administrator. The entire system will be really helpful to monitor user activities both on local machine as well as on the network. Using this tool, the administrator of the system can trace the file i/o and network i/o, so in case the system goes down, the admin can investigate about the activities done by different users. And can explore the actual reason for crash.