With analysing the weakness of traditional intrusion detection system, a Linux-based DoS attack testing and auditing system is proposed. The network security detection module is used to detect the DoS attack from intranet, the network behavior regulation module is used to filter the behavior when users access to the illegal websites and the network behavior audit module is used to record the illegal behaviors of intranet users. Experiments show that the system has good performance in detecting DoS attacks, and the system can also regulate and audit illegal behaviors of the network users by contrast with the traditional intrusion detection system.