CN114116274A - Linux operating system abnormal signal detection method and device - Google Patents
Linux operating system abnormal signal detection method and device Download PDFInfo
- Publication number
- CN114116274A CN114116274A CN202111272870.0A CN202111272870A CN114116274A CN 114116274 A CN114116274 A CN 114116274A CN 202111272870 A CN202111272870 A CN 202111272870A CN 114116274 A CN114116274 A CN 114116274A
- Authority
- CN
- China
- Prior art keywords
- signal
- abnormal
- abnormal signal
- kernel
- detection function
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
- 230000002159 abnormal effect Effects 0.000 title claims abstract description 128
- 238000001514 detection method Methods 0.000 title claims abstract description 68
- 238000000034 method Methods 0.000 claims abstract description 87
- 230000008569 process Effects 0.000 claims abstract description 51
- 238000012545 processing Methods 0.000 claims abstract description 13
- 230000007246 mechanism Effects 0.000 claims abstract description 12
- 230000006870 function Effects 0.000 claims description 68
- 238000001914 filtration Methods 0.000 claims description 15
- 238000004590 computer program Methods 0.000 claims description 9
- 238000004891 communication Methods 0.000 claims description 6
- 238000007619 statistical method Methods 0.000 claims description 5
- 238000005265 energy consumption Methods 0.000 abstract description 2
- 238000012544 monitoring process Methods 0.000 description 10
- 238000010586 diagram Methods 0.000 description 8
- 230000009471 action Effects 0.000 description 5
- 230000001360 synchronised effect Effects 0.000 description 3
- 230000014509 gene expression Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000011160 research Methods 0.000 description 2
- 230000002547 anomalous effect Effects 0.000 description 1
- 230000003190 augmentative effect Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 230000009131 signaling function Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
- 238000013024 troubleshooting Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/0703—Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
- G06F11/0706—Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation the processing taking place on a specific hardware platform or in a specific software environment
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/0703—Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
- G06F11/0766—Error or fault reporting or storing
Abstract
The invention provides a method and a device for detecting an abnormal signal of a Linux operating system, which comprises the following steps: opening an abnormal signal detection function of an operating system, and opening/closing the abnormal signal detection function by modifying a configuration file; capturing a signal sent to a process by a kernel under the starting state of an abnormal signal detection function, and transmitting related information of the signal to a user state record; capturing an abnormal signal; after capturing abnormal signals, sending digital codes of the signals, pids of signal receiving processes, pids of current signal sending processes and timestamps of current generated signals to a user state for processing through a netlink mechanism; collecting abnormal signals; receiving abnormal signal information sent by a kernel in a user mode; and (4) carrying out statistic analysis on the abnormal signals, namely counting the abnormal signal information received by the user mode from the kernel mode and writing the abnormal signal information into a log file. According to the method, the configuration file is newly added, the start and stop of the abnormal signal detection method can be dynamically configured, and the abnormal detection function is closed under the condition that detection is not needed, so that the energy consumption of the system is reduced.
Description
Technical Field
The invention relates to the technical field of operating system detection, in particular to a method and a device for detecting abnormal signals of a Linux operating system.
Background
Signal is a very important mechanism in linux. The signal provides a method for handling asynchronous events for linux, for example, a process can be set to execute a preset action after receiving a specific signal. However, in a test environment or a production environment, many processes may be exited by receiving an exception signal, for example, a process may be exited by receiving a signal from a kernel due to some illegal operation. When troubleshooting a system problem or optimizing a system, there are times when there is interest in anomalous signals in the system. Therefore, the collection of exception signals in an operating system is a valuable thing, and can help to know which exception signals are generated by the system and which processes are involved in a certain period of time, thereby assisting in solving certain system problems.
The current linux operating system has three main ways to process signals:
1. the signal is ignored, i.e. nothing happens when doing so. Most signals in the operating system can be processed in this manner.
2. The default action of the process on the signal is performed directly.
3. Signals are captured, i.e., captured using a signal function, so that when a certain signal occurs in the system, a user-defined action is performed.
The problems thus presented are: the method comprises the steps that a specific function is used for capturing in a user mode and cannot be recorded in an operating system in a log mode, if an abnormal signal received by a process is detected, a signal processing function can be only written in the corresponding process, the signal is monitored, when the signal is received, a user-defined action is executed, and at the moment, if the number of signals or processes is too large, unnecessary code amount and workload can be increased.
Therefore, it is one of the problems to be solved to research a detection method capable of capturing and providing the abnormal signal of dynamic switch.
Disclosure of Invention
In view of this, the present invention provides a method and an apparatus for detecting an abnormal signal of a linux operating system, which are used for capturing the abnormal signal in a kernel mode, sending the captured abnormal signal to a user mode, and recording the abnormal signal in a log form in the user mode to facilitate subsequent query.
Based on the above purpose, the invention provides a linux operating system abnormal signal detection method, which comprises the following steps:
step S101, opening an abnormal signal detection function of an operating system, and opening/closing the abnormal signal detection function by modifying a configuration file;
capturing a signal sent to a process by a kernel under the starting state of an abnormal signal detection function, and transmitting related information of the signal to a user state record;
step S102: capturing an abnormal signal; after capturing abnormal signals, sending digital codes of the signals, pids of signal receiving processes, pids of current signal sending processes and timestamps of current generated signals to a user state for processing through a netlink mechanism;
step S103, collecting abnormal signals; receiving abnormal signal information sent by a kernel in a user mode;
s104, carrying out statistical analysis on abnormal signals; and counting the abnormal signal information received by the user mode from the kernel mode and writing the abnormal signal information into a log file.
The configuration file/proc/sys/kernel/signal _ detect _ enable is used for controlling the on/off of the abnormal signal detection function, the default value is 0, the abnormal signal detection function is not started,
executing echo 1>/proc/sys/kernel/signal _ detect _ enable to start an abnormal signal detection function;
if echo 0>/proc/sys/kernel/signal _ detect _ enable is executed, the abnormal signal detection function is closed.
The method comprises a signal filtering function, in particular to write signals needing to be filtered into a/proc/sys/kernel/signal _ filter configuration file.
The step S102: the abnormal signal capturing specifically comprises:
step S201 Netlink initialization
Judging whether an abnormal signal detection function is started or not; if the state is a non-opening state, skipping the signal capture code; if the state is the opening state, normally executing the abnormal signal detection function;
initializing a Netlink, and creating a socket by using a kernel API of the Netlink and a Netlink _ kernel _ create function;
step S202, sending signal related information;
after initialization of the Netlink is completed, firstly processing a filtering signal, and if the captured signal is an ignored signal, directly quitting abnormal signal detection; and if the captured signal is a set signal, sending the set signal related information to a user mode process through the previously acquired socket.
The set signal information includes the type of signal, the pid of the process receiving the signal, the pid of the current sending process and the timestamp of the current generated signal.
The log file of the exception signal includes: information obtained from a kernel and statistical information of a user mode process;
the information obtained from the kernel includes: the type of the signal, the pid of the process of receiving the signal, the pid of the current sending process and the timestamp of the current generated signal;
the statistical information of the user mode process comprises: the number of exception signals generated by the system since the user mode program was run, and the statistical number of each exception signal.
The invention also provides an abnormal signal detection device of the linux operating system, which comprises an abnormal signal detection function configuration module, an abnormal signal capture module, an abnormal signal collection module and an abnormal signal analysis and statistics module;
an abnormal signal detection function configuration module for dynamically configuring the start/stop of the abnormal signal detection function of the operating system and the dynamic configuration function of signal filtering,
the signal capturing module is used for capturing a signal generated by a process in a kernel mode and sending information related to the signal to a user mode for processing through a Netlink communication mechanism;
the abnormal signal collection module is used for collecting information related to signals sent from the kernel mode in the user mode;
and the abnormal signal analysis and statistics module is used for analyzing and counting the related information of the signals and writing the information into a log file.
The dynamic configuration function of start-stop and signal filtering of the abnormal signal detection function of the dynamic configuration operating system comprises/proc/sys/kernel/signal _ detect _ enable for controlling the start-stop of the abnormal signal detection function and/proc/sys/kernel/signal _ filter for controlling the filtering of signals.
A computer readable storage medium storing computer program instructions which, when executed, implement the method.
A computer device comprising a memory and a processor, the memory having stored therein a computer program that, when executed by the processor, performs a method.
The invention has at least the following beneficial technical effects:
1. according to the invention, the configuration file is added, the start and stop of the abnormal signal detection method can be dynamically configured, and the abnormal detection function is closed under the condition that detection is not needed, so that the energy consumption of the system is reduced.
2. The invention can dynamically filter the unwanted signals, so that the signals can not appear in the statistical log, thereby further improving the efficiency.
3. The invention captures signals in the kernel and sends the signals to the user mode through the kernel mode and user mode communication mechanism, thereby helping research personnel to know abnormal signals generated by the system within a certain period of time and assisting in solving the system problem.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other embodiments can be obtained by using the drawings without creative efforts.
FIG. 1 is a schematic diagram of a linux operating system exception signal detection method;
FIG. 2 is a schematic diagram of an abnormal signal detection device for the linux operating system;
FIG. 3 is a schematic diagram of a computer-readable storage medium for implementing a resource monitoring method according to an embodiment of the present invention;
fig. 4 is a schematic diagram of a hardware structure of a computer device for performing a resource monitoring method according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the following embodiments of the present invention are described in further detail with reference to the accompanying drawings.
It should be noted that all expressions using "first" and "second" in the embodiments of the present invention are used for distinguishing two non-identical entities with the same name or different parameters, and it is understood that "first" and "second" are only used for convenience of expression and should not be construed as limiting the embodiments of the present invention. Furthermore, the terms "comprises" and "comprising," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements does not include all of the other steps or elements inherent in the list.
Based on the above purpose, in a first aspect of the embodiments of the present invention, a method for detecting an abnormal signal of a linux operating system is provided. Fig. 1 is a schematic diagram illustrating an embodiment of an exception signal detection method for a Linux operating system according to the present invention. As shown in fig. 1, the embodiment of the present invention includes the following steps:
fig. 1 is a schematic diagram of a method for detecting an abnormal signal of a linux operating system according to some embodiments of the present application, including the following steps:
opening an abnormal signal detection function of an operating system, capturing an abnormal signal, collecting the abnormal signal and carrying out statistical analysis on the abnormal signal.
In some embodiments, the implementation method is shown in fig. 1, and specifically may include the following steps:
and step S101, opening an abnormal signal detection function of the operating system.
The method for detecting the abnormal signal of the linux operating system provided by the invention can be dynamically switched on and off. That is, when the abnormal signal detection function is required, the function can be opened by modifying the configuration file, and if the abnormal signal detection function is not required, the function can be closed by modifying the configuration file. The invention controls the switch of the function by adding configuration files/proc/sys/kernel/signal _ detect _ enable, the default value of the switch is 0, the switch indicates that the abnormal signal detection function is not started,
the user starts the abnormal signal detection function by executing echo 1>/proc/sys/kernel/signal _ detect _ enable.
On the contrary, if echo 0>/proc/sys/kernel/signal _ detect _ enable is executed, the abnormal signal detection function of the operating system is closed.
When the above function is turned on, when the kernel sends a signal to the process, the signal is captured and then the relevant information of the signal is transmitted to the user mode to be recorded, and the specific principle or process refers to step S102.
In some embodiments, the user-mode profile may be augmented.
In addition, the methods of the present application may filter signals. The signal filtering is dynamically configured in a user mode, and a configuration file/proc/sys/kernel/signal _ filter is newly added.
When the set signal needs to be filtered, the set signal can be written into the configuration file, and it should be noted that the corresponding value of the signal should be written, for example: if filtering the SIGKILL signal is desired, sig can be written to 9, and if there are multiple signals to be filtered, the written content should be in the following format: sig & & sig ═ 10.
Step S102: and capturing abnormal signals.
The signal sent by one process to another process or generated by other modes such as hardware exception is firstly operated in a kernel mode and then sent to a user mode process for processing. The abnormal signal capturing method provided by the invention is realized in the kernel. __ send _ signal () function is a key function of kernel mode signal processing, so the capture of exception signals should be implemented in this function. After capturing the abnormal signal, the digital code of the signal, the pid of the signal process, the pid of the current signal sending process and the timestamp of the current generated signal are sent to the user state for processing through a netlink mechanism.
In some embodiments, step S102 includes the steps of:
step S201 Netlink initialization
The abnormal signal detection function provided by the invention can be dynamically started and stopped through the kernel configuration file, so that whether the abnormal signal detection function is started or not needs to be judged before the Netlink kernel is initialized.
If the state is not on, the signal capture code is skipped, and the kernel cannot sense the existence of the abnormal signal detection function.
If the state is the opening state, the abnormal signal detection function is normally executed.
Netlink is a socket-based communication method provided by linux for a kernel and a user-mode process, so that firstly, a socket needs to be created by using a kernel API of Netlink and a Netlink _ kernel _ create function.
Step S202, signal-related information transmission
After the initialization of the Netlink is completed, the relevant information of the required information is sent to the socket user mode process acquired in step S201. The abnormal signal detection method provided by the invention supports signal filtering, namely, signals which do not need to be detected are dynamically configured in a user mode, and after the configuration is finished, the configured signals are ignored when the kernel mode carries out signal capture. Therefore, before sending the specific information of the signal, the filtered signal needs to be processed first, and if the currently captured signal is an ignored signal, the abnormal signal detection is directly exited.
In some example implementations, the signal information includes: the type of signal (i.e., the digital code of the signal), the pid of the process that received the signal, the pid of the current sending process, and the timestamp of the current generation of the signal. The Netlink mechanism is a basic communication mechanism in the linux kernel, and the specific mode of the Netlink mechanism is not described any more.
Step S103, collecting abnormal signals.
Exception signal collection occurs in the user mode. When a signal is sent from the kernel mode to the Netlink buffer, the information sent by the kernel needs to be received in the user mode. The exception signal collection function is a process running in a user mode.
And collecting abnormal signals by using Netlink, wherein the steps comprise creating socket sockets, binding, receiving messages and the like.
And step S104, carrying out statistical analysis on abnormal signals.
And (4) abnormal signal statistical analysis, namely counting the information related to the signal received by the user mode from the kernel mode and writing the information into a log file.
The log information of the exception signal includes two parts, the first part is the information directly taken from the kernel, including the above related information: the type of signal (i.e., the digital code of the signal), the pid of the process that received the signal, the pid of the current sending process, and the timestamp of the current generation of the signal.
The second part is the statistical information of the user mode process, including the times of abnormal signals generated by the system since the user mode program runs and the statistical times of each abnormal signal.
In some embodiments, the apparatus 200 for detecting an abnormal signal of a linux operating system according to the present invention, as shown in fig. 2, the apparatus 200 for detecting an abnormal signal of a linux operating system can be divided into four modules: the abnormal signal detection function configuration module 201, the abnormal signal capture module 202, the abnormal signal collection module 203 and the abnormal signal analysis and statistics module 204.
The abnormal signal detection function configuration module 201 is used for dynamically configuring the start and stop of the abnormal signal detection function of the operating system and the signal filtering dynamic configuration function, including/proc/sys/kernel/signal _ detect _ enable to control the start and stop of the abnormal signal detection function and/proc/sys/kernel/signal _ filter to control the filtering of the signal;
the abnormal signal capturing module 202 is used for capturing a signal generated by a process in a kernel mode, and sending information related to the signal to a user mode for processing through a Netlink communication mechanism;
the abnormal signal collection module 203 is used for collecting information related to signals sent from the kernel mode in the user mode;
the abnormal signal analyzing and counting module 204 is used for analyzing the information related to the statistical signal and writing the information into a log file.
In a third aspect of the embodiment of the present invention, a computer-readable storage medium is further provided, and fig. 3 is a schematic diagram of a computer-readable storage medium for implementing a resource monitoring method according to an embodiment of the present invention. As shown in fig. 3, the computer-readable storage medium 3 stores computer program instructions 31, the computer program instructions 31 being executable by a processor. The computer program instructions 31 when executed implement the method of any of the embodiments described above.
It is to be understood that all embodiments, features and advantages set forth above with respect to the resource monitoring method according to the present invention apply equally, without conflict therewith, to the resource monitoring system and the storage medium according to the present invention.
In a fourth aspect of the embodiments of the present invention, there is further provided a computer device, including a memory 402 and a processor 401, where the memory stores a computer program, and the computer program, when executed by the processor, implements the method of any one of the above embodiments.
Fig. 4 is a schematic hardware structure diagram of an embodiment of a computer device for performing a resource monitoring method according to the present invention. Taking the computer device shown in fig. 4 as an example, the computer device includes a processor 401 and a memory 402, and may further include: an input device 403 and an output device 404. The processor 401, the memory 402, the input device 403 and the output device 404 may be connected by a bus or other means, and fig. 4 illustrates an example of a connection by a bus. The input device 403 may receive input numeric or character information and generate key signal inputs related to user settings and function control of the resource monitoring system. The output device 404 may include a display device such as a display screen.
The memory 402, which is a non-volatile computer-readable storage medium, may be used to store non-volatile software programs, non-volatile computer-executable programs, and modules, such as program instructions/modules corresponding to the resource monitoring method in the embodiments of the present application. The memory 402 may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created by use of the resource monitoring method, and the like. Further, the memory 402 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device. In some embodiments, memory 402 may optionally include memory located remotely from processor 401, which may be connected to local modules via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The processor 401 executes various functional applications of the server and data processing by running nonvolatile software programs, instructions and modules stored in the memory 402, that is, implements the resource monitoring method of the above-described method embodiment.
Finally, it should be noted that the computer-readable storage medium (e.g., memory) herein can be either volatile memory or nonvolatile memory, or can include both volatile and nonvolatile memory. By way of example, and not limitation, nonvolatile memory can include Read Only Memory (ROM), Programmable ROM (PROM), Electrically Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM), which can act as external cache memory. By way of example and not limitation, RAM is available in a variety of forms such as synchronous RAM (DRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), double data rate SDRAM (DDR SDRAM), Enhanced SDRAM (ESDRAM), Synchronous Link DRAM (SLDRAM), and Direct Rambus RAM (DRRAM). The storage devices of the disclosed aspects are intended to comprise, without being limited to, these and other suitable types of memory.
Those of skill would further appreciate that the various illustrative logical blocks, modules, circuits, and algorithm steps described in connection with the disclosure herein may be implemented as electronic hardware, computer software, or combinations of both. To clearly illustrate this interchangeability of hardware and software, various illustrative components, blocks, modules, circuits, and steps have been described above generally in terms of their functionality. Whether such functionality is implemented as software or hardware depends upon the particular application and design constraints imposed on the overall system. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the disclosed embodiments of the present invention.
The various illustrative logical blocks, modules, and circuits described in connection with the disclosure herein may be implemented or performed with the following components designed to perform the functions herein: a general purpose processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or any combination of these components. A general purpose processor may be a microprocessor, but in the alternative, the processor may be any conventional processor, controller, microcontroller, or state machine. A processor may also be implemented as a combination of computing devices, e.g., a combination of a DSP and a microprocessor, a plurality of microprocessors, one or more microprocessors in conjunction with a DSP, and/or any other such configuration.
The foregoing is an exemplary embodiment of the present disclosure, but it should be noted that various changes and modifications could be made herein without departing from the scope of the present disclosure as defined by the appended claims. The functions, steps and/or actions of the method claims in accordance with the disclosed embodiments described herein need not be performed in any particular order. Furthermore, although elements of the disclosed embodiments of the invention may be described or claimed in the singular, the plural is contemplated unless limitation to the singular is explicitly stated.
It should be understood that, as used herein, the singular forms "a", "an" and "the" are intended to include the plural forms as well, unless the context clearly supports the exception. It should also be understood that "and/or" as used herein is meant to include any and all possible combinations of one or more of the associated listed items. The numbers of the embodiments disclosed in the embodiments of the present invention are merely for description, and do not represent the merits of the embodiments.
Those of ordinary skill in the art will understand that: the discussion of any embodiment above is meant to be exemplary only, and is not intended to intimate that the scope of the disclosure, including the claims, of embodiments of the invention is limited to these examples; within the idea of an embodiment of the invention, also technical features in the above embodiment or in different embodiments may be combined and there are many other variations of the different aspects of the embodiments of the invention as described above, which are not provided in detail for the sake of brevity. Therefore, any omissions, modifications, substitutions, improvements, and the like that may be made without departing from the spirit and principles of the embodiments of the present invention are intended to be included within the scope of the embodiments of the present invention.
Claims (10)
1. A linux operating system abnormal signal detection method is characterized by comprising the following steps:
step S101, opening an abnormal signal detection function of an operating system, and opening/closing the abnormal signal detection function by modifying a configuration file;
capturing a signal sent to a process by a kernel under the starting state of an abnormal signal detection function, and transmitting related information of the signal to a user state record;
step S102: capturing an abnormal signal; after capturing abnormal signals, sending digital codes of the signals, pids of signal receiving processes, pids of current signal sending processes and timestamps of current generated signals to a user state for processing through a netlink mechanism;
step S103, collecting abnormal signals; receiving abnormal signal information sent by a kernel in a user mode;
s104, carrying out statistical analysis on abnormal signals; and counting the abnormal signal information received by the user mode from the kernel mode and writing the abnormal signal information into a log file.
2. The method of claim 1, wherein the configuration file/proc/sys/kernel/signal _ detect _ enable controls the abnormal signal detection function to be turned on/off, the default value is 0, which indicates that the abnormal signal detection function is not turned on,
if echo 1>/proc/sys/kernel/signal _ detect _ enable is executed, the abnormal signal detection function is started;
if echo 0>/proc/sys/kernel/signal _ detect _ enable is executed, the abnormal signal detection function is closed.
3. The method as claimed in claim 1, wherein the method comprises a signal filtering function, specifically writing the signal to be filtered into a/proc/sys/kernel/signal _ filter configuration file.
4. The method for detecting the abnormal signal of the linux operating system according to claim 1, wherein the step S102: the abnormal signal capturing specifically comprises:
step S201 Netlink initialization
Judging whether an abnormal signal detection function is started or not; if the state is a non-opening state, skipping the signal capture code; if the state is the opening state, normally executing the abnormal signal detection function;
initializing a Netlink, and creating a socket by using a kernel API of the Netlink and a Netlink _ kernel _ create function;
step S202, sending signal related information;
after initialization of the Netlink is completed, firstly processing a filtering signal, and if the captured signal is an ignored signal, directly quitting abnormal signal detection; and if the captured signal is a set signal, sending the set signal related information to a user mode process through the previously acquired socket.
5. The method as claimed in claim 4, wherein the set signal information includes the type of signal, the pid of the process receiving the signal, the pid of the process currently sending the signal, and the timestamp of the currently generated signal.
6. The linux operating system exception signal detection method of claim 1, wherein the log file of the exception signal comprises: information obtained from a kernel and statistical information of a user mode process;
the information obtained from the kernel includes: the type of the signal, the pid of the process of receiving the signal, the pid of the current sending process and the timestamp of the current generated signal;
the statistical information of the user mode process comprises: the number of exception signals generated by the system since the user mode program was run, and the statistical number of each exception signal.
7. The linux operating system abnormal signal detection device is characterized by comprising an abnormal signal detection function configuration module, an abnormal signal capture module, an abnormal signal collection module and an abnormal signal analysis and statistics module;
an abnormal signal detection function configuration module for dynamically configuring the start/stop of the abnormal signal detection function of the operating system and the dynamic configuration function of signal filtering,
the signal capturing module is used for capturing a signal generated by a process in a kernel mode and sending information related to the signal to a user mode for processing through a Netlink communication mechanism;
the abnormal signal collection module is used for collecting information related to signals sent from the kernel mode in the user mode;
and the abnormal signal analysis and statistics module is used for analyzing and counting the related information of the signals and writing the information into a log file.
8. The apparatus for detecting the abnormal signal of the linux operating system according to claim 7, wherein: the dynamic configuration function of start-stop and signal filtering of the abnormal signal detection function of the dynamic configuration operating system comprises/proc/sys/kernel/signal _ detect _ enable for controlling the start-stop of the abnormal signal detection function and/proc/sys/kernel/signal _ filter for controlling the filtering of signals.
9. A computer-readable storage medium, characterized in that computer program instructions are stored which, when executed, implement the method according to any one of claims 1-6.
10. A computer device comprising a memory and a processor, characterized in that the memory has stored therein a computer program which, when executed by the processor, performs the method according to any one of claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111272870.0A CN114116274A (en) | 2021-10-29 | 2021-10-29 | Linux operating system abnormal signal detection method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111272870.0A CN114116274A (en) | 2021-10-29 | 2021-10-29 | Linux operating system abnormal signal detection method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114116274A true CN114116274A (en) | 2022-03-01 |
Family
ID=80379511
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111272870.0A Withdrawn CN114116274A (en) | 2021-10-29 | 2021-10-29 | Linux operating system abnormal signal detection method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114116274A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115437881A (en) * | 2022-08-25 | 2022-12-06 | 北京万里开源软件有限公司 | Database process exception handling method based on user mode file system |
-
2021
- 2021-10-29 CN CN202111272870.0A patent/CN114116274A/en not_active Withdrawn
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115437881A (en) * | 2022-08-25 | 2022-12-06 | 北京万里开源软件有限公司 | Database process exception handling method based on user mode file system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107423194B (en) | Front-end abnormal alarm processing method, device and system | |
| CN102314561A (en) | Automatic analysis method and system of malicious codes based on API (application program interface) HOOK | |
| CN103023984B (en) | Terminal application server and application log filtering method thereof | |
| CN109327357B (en) | Feature extraction method and device of application software and electronic equipment | |
| US20110131450A1 (en) | Using synchronized event types for testing an application | |
| CN105955876B (en) | Data monitoring processing method and device | |
| CN108153647A (en) | log processing method, device, terminal device and storage medium | |
| US11889135B2 (en) | Video stream playing control method and apparatus, and storage medium | |
| CN114116274A (en) | Linux operating system abnormal signal detection method and device | |
| CN112667407A (en) | Processor parameter adjusting method and device, electronic equipment and storage medium | |
| WO2016176053A1 (en) | Establishing causality order of computer trace records | |
| CN111930472A (en) | Code debugging method and device, electronic equipment and storage medium | |
| CN112988679A (en) | Log collection control method and device, storage medium and server | |
| CN105589764A (en) | CPU (Central Processing Unit) abnormality processing method and apparatus | |
| CN111078497A (en) | Data storage method, equipment and storage medium of BMC (baseboard management controller) | |
| CN112688924A (en) | Network protocol analysis system | |
| EP3671388A1 (en) | Configurable distributed smart sensor system | |
| CN108491483B (en) | Method and device for remotely monitoring running state of program | |
| WO2018026452A1 (en) | System and method for distributing and replaying trigger packets via a variable latency bus interconnect | |
| CN116192835A (en) | Method, device, equipment and medium for inquiring network data packet of pre-start execution environment | |
| CN115904719A (en) | Data acquisition method and device, electronic equipment and storage medium | |
| CN112580016B (en) | Login authority configuration method and device for industrial control firewall | |
| CN108710563B (en) | Application program log recording method and device | |
| CN113568932A (en) | Cache data management method, system and storage medium | |
| CN109213467B (en) | Method for acquiring sound of audio equipment, storage medium, electronic equipment and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WW01 | Invention patent application withdrawn after publication | ||
| WW01 | Invention patent application withdrawn after publication |
Application publication date: 20220301 |