Abstract: For the security of LINUX operation system, it is necessary to monitor the file system of LINUX to prevent the invasion of malevolent programs. Accordingly, the authors modify the kernel of LINUX by loading LKM (loadable kernel module) to hold up system calls of file system by modifing the system_call_table; the PROC file system is used to realize the correspondence between the kernel and the user process; Finally, the user process can deal with the files which are holded up by kernel. The authors discuss how to register a PROC file in linux kernel and offer a method for getting file's absolute path in LINUX kernel. To solve the problem of real-time monitoring parallel file opreations, the authors use wait queues and signals to implement the synchronization and interaction between kernel and user process. A complete solution to real-time monitoring the file system of LINUX is given, and then a skeleton of programs to realize the solution is provided.