document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2025-01-01 21:50:13 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3 from LCTT/master

Browse Source 
update
This commit is contained in:
ChenYi 2018-01-08 18:45:51 +08:00 committed by GitHub
commit 1a339462e7
12 changed files with 736 additions and 534 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

158
published/20171205 How to Use the Date Command in Linux.md Normal file
View File

@ -0,0 +1,158 @@
如何使用 date 命令
======
![](https://www.rosehosting.com/blog/wp-content/uploads/2017/12/How-to-Use-the-Date-Command-in-Linux.jpg)
在本文中, 我们会通过一些案例来演示如何使用 Linux 中的 `date` 命令。`date` 命令可以用户输出/设置系统日期和时间。 `date` 命令很简单, 请参见下面的例子和语法。
默认情况下,当不带任何参数运行 `date` 命令时,它会输出当前系统日期和时间:
```shell
$ date
Sat 2 Dec 12:34:12 CST 2017
```
### 语法
```
Usage: date [OPTION]... [+FORMAT]
or: date [-u|--utc|--universal] [MMDDhhmm[[CC]YY][.ss]]
以给定格式显示当前时间,或设置系统时间。
```
### 案例
下面这些案例会向你演示如何使用 `date` 命令来查看前后一段时间的日期时间。
#### 1、 查找 5 周后的日期
```shell
date -d "5 weeks"
Sun Jan 7 19:53:50 CST 2018
```
#### 2、 查找 5 周后又过 4 天的日期
```shell
date -d "5 weeks 4 days"
Thu Jan 11 19:55:35 CST 2018
```
#### 3、 获取下个月的日期
```shell
date -d "next month"
Wed Jan 3 19:57:43 CST 2018
```
#### 4、 获取下周日的日期
```shell
date -d last-sunday
Sun Nov 26 00:00:00 CST 2017
```
`date` 命令还有很多格式化相关的选项, 下面的例子向你演示如何格式化 `date` 命令的输出.
#### 5、 以 `yyyy-mm-dd` 的格式显示日期
```shell
date +"%F"
2017-12-03
```
#### 6、 以 `mm/dd/yyyy` 的格式显示日期
```shell
date +"%m/%d/%Y"
12/03/2017
```
#### 7、 只显示时间
```shell
date +"%T"
20:07:04
```
#### 8、 显示今天是一年中的第几天
```shell
date +"%j"
337
```
#### 9、 与格式化相关的选项
| 格式 | 说明 |
|---------------|----------------|
| `%%` | 显示百分号 `%`)。 |
| `%a` | 星期的缩写形式 (如: `Sun`)。 |
| `%A` | 星期的完整形式 (如: `Sunday`)。 |
| `%b` | 缩写的月份 (如: `Jan`)。 |
| `%B` | 当前区域的月份全称 (如: `January`)。 |
| `%c` | 日期以及时间 (如: `Thu Mar 3 23:05:25 2005`)。 |
| `%C` | 当前世纪;类似 `%Y` 但是会省略最后两位 (如: `20`)。 |
| `%d` | 月中的第几日 (如: `01`)。 |
| `%D` | 日期;效果与 `%m/%d/%y` 一样。 |
| `%e` | 月中的第几日, 会填充空格;与 `%_d` 一样。 |
| `%F` | 完整的日期;跟 `%Y-%m-%d` 一样。 |
| `%g` | 年份的后两位 (参见 `%G`)。 |
| `%G` | 年份 (参见 `%V`);通常跟 `%V` 连用。 |
| `%h` | 同 `%b`。 |
| `%H` | 小时 `00`..`23`)。 |
| `%I` | 小时 `01`..`12`)。 |
| `%j` | 一年中的第几天 `001`..`366`)。 |
| `%k` | 小时, 用空格填充 `0`..`23`; 与 `%_H` 一样。 |
| `%l` | 小时, 用空格填充 `1`..`12`; 与 `%_I` 一样。 |
| `%m` | 月份 `01`..`12`)。 |
| `%M` | 分钟 `00`..`59`)。 |
| `%n` | 换行。 |
| `%N` | 纳秒 `000000000`..`999999999`)。 |
| `%p` | 当前区域时间是上午 `AM` 还是下午 `PM`;未知则为空。 |
| `%P` | 类似 `%p` 但是用小写字母显示。 |
| `%r` | 当前区域的 12 小时制显示时间 (如: `11:11:04 PM`)。 |
| `%R` | 24 小时制的小时和分钟;同 `%H:%M`。 |
| `%s` | 从 1970-01-01 00:00:00 UTC 到现在经历的秒数。 |
| `%S` | 秒数 `00`..`60`)。 |
| `%t` | 制表符。 |
| `%T` | 时间;同 `%H:%M:%S`。 |
| `%u` | 星期 `1`..`7`1 表示 `星期一`。 |
| `%U` | 一年中的第几个星期,以周日为一周的开始 `00`..`53`)。 |
| `%V` | 一年中的第几个星期,以周一为一周的开始 `01`..`53`)。 |
| `%w` | 用数字表示周几 `0`..`6` 0 表示 `周日`。 |
| `%W` | 一年中的第几个星期, 周一为一周的开始 `00`..`53`)。 |
| `%x` | 当前区域的日期表示(如: `12/31/99`)。 |
| `%X` | 当前区域的时间表示 (如: `23:13:48`)。 |
| `%y` | 年份的后面两位 `00`..`99`)。 |
| `%Y` | 年。 |
| `%z` | 以 `+hhmm` 的数字格式表示时区 (如: `-0400`)。 |
| `%:z` | 以 `+hh:mm` 的数字格式表示时区 (如: `-04:00`)。 |
| `%::z` | 以 `+hh:mm:ss` 的数字格式表示时区 (如: `-04:00:00`)。 |
| `%:::z` | 以数字格式表示时区, 其中 `:` 的个数由你需要的精度来决定 (例如, `-04` `+05:30`)。 |
| `%Z` | 时区的字符缩写(例如, `EDT`)。 |
#### 10、 设置系统时间
你也可以使用 `date` 来手工设置系统时间,方法是使用 `--set` 选项, 下面的例子会将系统时间设置成 2017 年 8 月 30 日下午 4 点 22 分。
```shell
date --set="20170830 16:22"
```
当然, 如果你使用的是我们的 [VPS 托管服务][1],你总是可以联系并咨询我们的 Linux 专家管理员(通过客服电话或者下工单的方式)关于 `date` 命令的任何东西。他们是 24×7 在线的会立即向您提供帮助。LCTT 译注:原文的广告~
PS. 如果你喜欢这篇帖子,请点击下面的按钮分享或者留言。谢谢。
--------------------------------------------------------------------------------
via: https://www.rosehosting.com/blog/use-the-date-command-in-linux/
作者:[rosehosting][a]
译者:[lujun9972](https://github.com/lujun9972)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://www.rosehosting.com
[1]:https://www.rosehosting.com/hosting-services.html

3
sources/tech/20090127 Anatomy of a Program in Memory.md
View File

@ -1,6 +1,3 @@
ezio is translating
Anatomy of a Program in Memory
============================================================

116
sources/tech/20170526 Creating a YUM repository from ISO - Online repo.md Normal file
View File

@ -0,0 +1,116 @@
Creating a YUM repository from ISO & Online repo
======
YUM tool is one of the most important tool for Centos/RHEL/Fedora. Though in latest builds of fedora, it has been replaced with DNF but that not at all means that it has ran its course. It is still used widely for installing rpm packages, we have already discussed YUM with examples in our earlier tutorial ([ **READ HERE**][1]).
In this tutorial, we are going to learn to create a Local YUM repository, first by using ISO image of OS & then by creating a mirror image of an online yum repository.
### Creating YUM with DVD ISO
We are using a Centos 7 dvd for this tutorial & same process should work on RHEL 7 as well.
Firstly create a directory named YUM in root folder
```
$ mkdir /YUM-
```
then mount Centos 7 ISO ,
```
$ mount -t iso9660 -o loop /home/dan/Centos-7-x86_x64-DVD.iso /mnt/iso/
```
Next, copy the packages from mounted ISO to /YUM folder. Once all the packages have been copied to the system, we will install the required packages for creating YUM. Open /YUM & install the following RPM packages,
```
$ rpm -ivh deltarpm
$ rpm -ivh python-deltarpm
$ rpm -ivh createrepo
```
Once these packages have been installed, we will create a file named " **local.repo "** in **/etc/yum.repos.d** folder with all the yum information
```
$ vi /etc/yum.repos.d/local.repo
```
```
LOCAL REPO]
Name=Local YUM
baseurl=file:///YUM
gpgcheck=0
enabled=1
```
Save & exit the file. Next we will create repo-data by running the following command
```
$ createrepo -v /YUM
```
It will take some time to create the repo data. Once the process finishes, run
```
$ yum clean all
```
to clean cache & then run
```
$ yum repolist
```
to check the list of all repositories. You should see repo "local.repo" in the list.
### Creating mirror YUM repository with online repository
Process involved in creating a yum is similar to creating a yum with an ISO image with one exception that we will fetch our rpm packages from an online repository instead of an ISO.
Firstly, we need to find an online repository to get the latest packages . It is advised to find an online yum that is closest to your location , in order to optimize the download speeds. We will be using below mentioned , you can select one nearest to yours location from [CENTOS MIRROR LIST][2]
After selecting a mirror, we will sync that mirror with our system using rsync but before you do that, make sure that you plenty of space on your server
```
$ rsync -avz rsync://mirror.fibergrid.in/centos/7.2/os/x86_64/Packages/s/ /YUM
```
Sync will take quite a while (maybe an hour) depending on your internet speed. After the syncing is completed, we will update our repo-data
```
$ createrepo - v /YUM
```
Our Yum is now ready to used . We can create a cron job for our repo to be updated automatically at a determined time daily or weekly as per you needs.
To create a cron job for syncing the repository, run
```
$ crontab -e
```
& add the following line
```
30 12 * * * rsync -avz http://mirror.centos.org/centos/7/os/x86_64/Packages/ /YUM
```
This will enable the syncing of yum every night at 12:30 AM. Also remember to create repository configuration file in /etc/yum.repos.d , as we did above.
That's it guys, you now have your own yum repository to use. Please share this article if you like it & leave your comments/queries in the comment box down below.
--------------------------------------------------------------------------------
via: http://linuxtechlab.com/creating-yum-repository-iso-online-repo/
作者:[Shusain][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://linuxtechlab.com/author/shsuain/
[1]:http://linuxtechlab.com/using-yum-command-examples/
[2]:http://mirror.centos.org/centos/

83
sources/tech/20171011 What is a firewall.md
View File

@ -1,83 +0,0 @@
Translating by zjon
What is a firewall?
======
Network-based firewalls have become almost ubiquitous across US enterprises for their proven defense against an ever-increasing array of threats.
A recent study by network testing firm NSS Labs found that up to 80% of US large businesses run a next-generation firewall. Research firm IDC estimates the firewall and related unified threat management market was a $7.6 billion industry in 2015 and expected to reach $12.7 billion by 2020.
**[ If you 're upgrading, here's [What to consider when deploying a next generation firewall][1].]**
### What is a firewall?
Firewalls act as a perimeter defense tool that monitor traffic and either allow it or block it. Over the years functionality of firewalls has increased, and now most firewalls can not only block a set of known threats and enforce advanced access control list policies, but they can also deeply inspect individual packets of traffic and test packets to determine if they're safe. Most firewalls are deployed as network hardware that processes traffic and software that allow end users to configure and manage the system. Increasingly, software-only versions of firewalls are being deployed in highly virtualized environments to enforce policies on segmented networks or in the IaaS public cloud.
Advancements in firewall technology have created new options firewall deployments over the past decade, so now there are a handful of options for end users looking to deploy a firewall. These include:
### Stateful firewalls
When firewalls were first created they were stateless, meaning that the hardware that the traffic traverse through while being inspected monitored each packet of network traffic individually and either blocking or allowing it in isolation. Beginning in the mid to late 1990s, the first major advancements in firewalls was the introduction of state. Stateful firewalls examine traffic in a more holistic context, taking into account the operating state and characteristics of the network connection to provide a more holistic firewall. Maintaining this state allows the firewall to allow certain traffic to access certain users while blocking at same traffic to other users, for example.
### Next-generation firewalls
Over the years firewalls have added myriad new features, including deep packet inspection, intrusion detection and prevention and inspection of encrypted traffic. Next-generation firewalls (NGFWs) refer to firewalls that have integrated many of these advanced features into the firewall.
### Proxy-based firewalls
These firewalls act as a gateway between end users who request data and the source of that data. All traffic is filtered through this proxy before being passed on to the end user. This protects the client from exposure to threats by masking the identity of the original requester of the information.
### Web application firewalls
These firewalls sit in front of specific applications as opposed to sitting on an entry or exit point of a broader network. Whereas proxy-based firewalls are typically thought of as protecting end-user clients, WAFs are typically thought of as protecting the application servers.
### Firewall hardware
Firewall hardware is typically a straightforward server that can act as a router for filtering traffic and running firewall software. These devices are placed at the edge of a corporate network, between a router and the Internet service provider's connection point. A typical enterprise may deploy dozens of physical firewalls throughout a data center. Users need to determine what throughput capacity they need the firewall to support based on the size of the user base and speed of the Internet connection.
### Firewall software
Typically end users deploy multiple firewall hardware endpoints and a central firewall software system to manage the deployment. This central system is where policies and features are configured, where analysis can be done and threats can be responded to.
### Next-generation firewalls
Over the years firewalls have added myriad new features, including deep packet inspection, intrusion detection and prevention and inspection of encrypted traffic. Next-generation firewalls (NGFWs) refer to firewalls that have integrated many of these advanced features, and here is a description of some of them.
### Stateful inspection
This is the basic firewall functionality in which the device blocks known unwanted traffic
### Anti-virus
This functionality that searches for known virus and vulnerabilities in network traffic is aided by the firewall receiving updates on the latest threats and being constantly updated to protect against them.
### Intrusion Prevention Systems (IPS)
This class of security products can be deployed as a standalone product, but IPS functionality is increasingly being integrated into NGFWs. Whereas basic firewall technologies identify and block certain types of network traffic, IPS uses more granular security measures such as signature tracing and anomaly detection to prevent unwanted threats from entering corporate networks. IPS systems have replaced the previous version of this technology, Intrusion Detection Systems (IDS) which focused more on identifying threats rather than containing them.
### Deep Packet Inspection (DPI)
DPI can be part of or used in conjunction with an IPS, but its nonetheless become an important feature of NGFWs because of the ability to provide granular analysis of traffic, most specifically the headers of traffic packets and traffic data. DPI can also be used to monitor outbound traffic to ensure sensitive information is not leaving corporate networks, a technology referred to as Data Loss Prevention (DLP).
### SSL Inspection
Secure Sockets Layer (SSL) Inspection is the idea of inspecting encrypted traffic to test for threats. As more and more traffic is encrypted, SSL Inspection is becoming an important component of DPI technology that is being implemented in NGFWs. SSL Inspection acts as a buffer that unencrypts the traffic before it's delivered to the final destination to test it.
### Sandboxing
This is one of the newer features being rolled into NGFWs and refers to the ability of a firewall to take certain unknown traffic or code and run it in a test environment to determine if it is nefarious.
--------------------------------------------------------------------------------
via: https://www.networkworld.com/article/3230457/lan-wan/what-is-a-firewall-perimeter-stateful-inspection-next-generation.html
作者:[Brandon Butler][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://www.networkworld.com/author/Brandon-Butler/
[1]:https://www.networkworld.com/article/3236448/lan-wan/what-to-consider-when-deploying-a-next-generation-firewall.html

159
sources/tech/20171030 How To Create Custom Ubuntu Live CD Image.md
View File

@ -1,159 +0,0 @@
How To Create Custom Ubuntu Live CD Image
======
![](https://www.ostechnix.com/wp-content/uploads/2017/10/Cubic-720x340.png)
Today let us discuss about how to create custom Ubuntu live cd image (ISO). We already have done this using [**Pinguy Builder**][1]. But, It seems to be discontinued now. I don't see any updates lately from the Pinguy builder official site. Fortunately, I found an alternative tool to create Ubuntu live cd images. Meet **Cubic** , acronym for **C** ustom **Ub** untu **I** SO **C** reator, a GUI application to create a customized bootable Ubuntu Live CD (ISO) image.
Cubic is being actively developed and it offers many options to easily create a customized Ubuntu live cd. It has an integrated command-line chroot environment where you can do all customization, such as installing new packages, Kernels, adding more background wallpapers, adding additional files and folders. It has an intuitive GUI interface that allows effortless navigation (back and forth with a mouse click) during the live image creation process. You can create with a new custom image or modify existing projects. Since it is used to make Ubuntu live images, I believe it can be used in other Ubuntu flavours and derivatives such as Linux Mint.
### Install Cubic
Cubic developer has made a PPA to ease the installation process. To install Cubic on your Ubuntu system, run the following commands one by one in your Terminal:
```
sudo apt-add-repository ppa:cubic-wizard/release
```
```
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 6494C6D6997C215E
```
```
sudo apt update
```
```
sudo apt install cubic
```
### Create Custom Ubuntu Live Cd Image Using Cubic
Once installed, launch Cubic from application menu or dock. This is how Cubic looks like in my Ubuntu 16.04 LTS desktop system.
Choose a directory for your new project. It is the directory where your files will be saved.
[![][2]][3]
Please note that Cubic will not create a live cd of your system. Instead it just creates a custom live cd from an Ubuntu installation cd. So, you should have a latest ISO image in hand.
Choose the path where you have stored your Ubuntu installation ISO image. Cubic will automatically fill out all details of your custom OS. You can change the details if you want. Click Next to continue.
[![][2]][4]
Next, the compressed Linux file system from the source installation medium will be extracted to your project's directory (i.e **/home/ostechnix/custom_ubuntu** in our case).
[![][2]][5]
Once the file system extracted, you will be landed to chroot environment automatically. If you don't see Terminal prompt, press the ENTER key few times.
[![][2]][6]
From here you can install any additional packages, add background images, add software sources repositories list, add latest Linux kernel to your live cd and all other customization.
For example, I want vim installed in my live cd, so I am going to install it now.
[![][2]][7]
We don't need to "sudo", because we are already in root environment.
Similarly, install any additional Linux Kernel version if you want.
```
apt install linux-image-extra-4.10.0-24-generic
```
Also, you can update software sources list (Add or remove repositories list):
[![][2]][8]
After modifying the sources list, don't forget to run "apt update" command to update the sources list:
```
apt update
```
Also, you can add files or folders to the live cd. Copy the files/folders (right click on them and choose copy or CTRL+C) and right click in the Terminal (inside Cubic window), choose **Paste file(s)** and finally click Copy in the bottom corner of the Cubic wizard.
[![][2]][9]
**Note for Ubuntu 17.10 users: **
In Ubuntu 17.10 system, the DNS lookup may not work in chroot environment. If you are making a custom Ubuntu 17.10 live image, you need to point the correct file resolve.conf file:
```
ln -sr /run/systemd/resolve/resolv.conf /run/systemd/resolve/stub-resolv.conf
```
To verify DNS resolution works, run:
```
cat /etc/resolv.conf
ping google.com
```
Add your own wallpapers if you want. To do so, go to the **/usr/share/backgrounds/** directory,
```
cd /usr/share/backgrounds
```
and drag/drop the images into the Cubic window. Or copy the images and right click on Cubic Terminal window and choose **Paste file(s)** option. Also, make sure you have added the new wallpapers in an XML file under **/usr/share/gnome-background-properties** , so you can choose the newly added image **Change Desktop Background** dialog when you right-click on your desktop. When you made all changes, click Next in Cubic wizard.
In the next, choose Linux Kernel version to use when booting into the new live ISO. If you have installed any additional kernels, they will also listed in this section. Just choose the Kernel you'd like to use in your live cd.
[![][2]][10]
In the next section, select the packages that you want to remove from your live image. The selected packages will be automatically removed after the Ubuntu OS has been installed using the custom live image. Please be careful while choosing the packages to remove, you might have unknowingly removed a package that depends on another package.
[![][2]][11]
Now, the live image creation process will start. It will take some time depending upon your system's specifications.
[![][2]][12]
Once the image creation process completed, click Finish. Cubic will display the newly created custom image details.
If you want to modify the newly create custom live image in the future, **uncheck** the option that says **" Delete all project files, except the generated disk image and the corresponding MD5 checksum file"**. Cubic will left the custom image in the project's working directory, you can make any changes in future. You don't have start all over again.
To create a new live image for different Ubuntu versions, use a different project directory.
### Modify Custom Ubuntu Live Cd Image Using Cubic
Launch Cubic from menu, and select an existing project directory. Click the Next button, and you will see the following three options:
1. Create a disk image from the existing project.
2. Continue customizing the existing project.
3. Delete the existing project.
[![][2]][13]
The first option will allow you to create a new live ISO image from your existing project using the same customization you previously made. If you lost your ISO image, you can use the first option to create a new one.
The second option allows you to make any additional changes in your existing project. If you choose this option, you will be landed into chroot environment again. You can add new files or folders, install any new softwares, remove any softwares, add other Linux kernels, add desktop backgrounds and so on.
The third option will delete the existing project, so you can start all over from the beginning. Please that this option will delete all files including the newly generated ISO.
I made a custom Ubuntu 16.04 LTS desktop live cd using Cubic. It worked just fine as described here. If you want to create an Ubuntu live cd, Cubic might be good choice.
Cheers!
--------------------------------------------------------------------------------
via: https://www.ostechnix.com/create-custom-ubuntu-live-cd-image/
作者:[SK][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://www.ostechnix.com/author/sk/
[1]:https://www.ostechnix.com/pinguy-builder-build-custom-ubuntu-os/
[2]:data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7
[3]:http://www.ostechnix.com/wp-content/uploads/2017/10/Cubic-1.png ()
[4]:http://www.ostechnix.com/wp-content/uploads/2017/10/Cubic-2.png ()
[5]:http://www.ostechnix.com/wp-content/uploads/2017/10/Cubic-3.png ()
[6]:http://www.ostechnix.com/wp-content/uploads/2017/10/Cubic-4.png ()
[7]:http://www.ostechnix.com/wp-content/uploads/2017/10/Cubic-6.png ()
[8]:http://www.ostechnix.com/wp-content/uploads/2017/10/Cubic-5.png ()
[9]:http://www.ostechnix.com/wp-content/uploads/2017/10/Cubic-7.png ()
[10]:http://www.ostechnix.com/wp-content/uploads/2017/10/Cubic-8.png ()
[11]:http://www.ostechnix.com/wp-content/uploads/2017/10/Cubic-10-1.png ()
[12]:http://www.ostechnix.com/wp-content/uploads/2017/10/Cubic-12-1.png ()
[13]:http://www.ostechnix.com/wp-content/uploads/2017/10/Cubic-13.png ()

99
sources/tech/20180104 Whats behind the Intel design flaw forcing numerous patches.md Normal file
View File

@ -0,0 +1,99 @@
Whats behind the Intel design flaw forcing numerous patches?
============================================================
### There's obviously a big problem, but we don't know exactly what.
![](https://cdn.arstechnica.net/wp-content/uploads/2015/06/intel-48-core-larrabee-probably-640x427.jpg)
Both Windows and Linux are receiving significant security updates that can, in the worst case, cause performance to drop by half, to defend against a problem that as yet hasn't been fully disclosed.
Patches to the Linux kernel have been trickling in over the past few weeks. Microsoft has been [testing the Windows updates in the Insider program since November][3], and it is expected to put the alterations into mainstream Windows builds on Patch Tuesday next week. Microsoft's Azure has scheduled maintenance next week, and Amazon's AWS is scheduled for maintenance on Friday—presumably related.
Since the Linux patches [first came to light][4], a clearer picture of what seems to be wrong has emerged. While Linux and Windows differ in many regards, the basic elements of how these two operating systems—and indeed, every other x86 operating system such as FreeBSD and [macOS][5]—handle system memory is the same, because these parts of the operating system are so tightly coupled to the capabilities of the processor.
### Keeping track of addresses
Every byte of memory in a system is implicitly numbered, those numbers being each byte's address. The very earliest operating systems operated using physical memory addresses, but physical memory addresses are inconvenient for lots of reasons. For example, there are often gaps in the addresses, and (particularly on 32-bit systems), physical addresses can be awkward to manipulate, requiring 36-bit numbers, or even larger ones.
Accordingly, modern operating systems all depend on a broad concept called virtual memory. Virtual memory systems allow both programs and the kernels themselves to operate in a simple, clean, uniform environment. Instead of the physical addresses with their gaps and other oddities, every program, and the kernel itself, uses virtual addresses to access memory. These virtual addresses are contiguous—no need to worry about gaps—and sized conveniently to make them easy to manipulate. 32-bit programs see only 32-bit addresses, even if the physical address requires 36-bit or more numbering.
While this virtual addressing is transparent to almost every piece of software, the processor does ultimately need to know which physical memory a virtual address refers to. There's a mapping from virtual addresses to physical addresses, and that's stored in a large data structure called a page table. Operating systems build the page table, using a layout determined by the processor, and the processor and operating system in conjunction use the page table whenever they need to convert between virtual and physical addresses.
This whole mapping process is so important and fundamental to modern operating systems and processors that the processor has dedicated cache—the translation lookaside buffer, or TLB—that stores a certain number of virtual-to-physical mappings so that it can avoid using the full page table every time.
The use of virtual memory gives us a number of useful features beyond the simplicity of addressing. Chief among these is that each individual program is given its own set of virtual addresses, with its own set of virtual to physical mappings. This is the fundamental technique used to provide "protected memory;" one program cannot corrupt or tamper with the memory of another program, because the other program's memory simply isn't part of the first program's mapping.
But these uses of an individual mapping per process, and hence extra page tables, puts pressure on the TLB cache. The TLB isn't very big—typically a few hundred mappings in total—and the more page tables a system uses, the less likely it is that the TLB will include any particular virtual-to-physical translation.
### Half and half
To make the best use of the TLB, every mainstream operating system splits the range of virtual addresses into two. One half of the addresses is used for each program; the other half is used for the kernel. When switching between processes, only half the page table entries change—the ones belonging to the program. The kernel half is common to every program (because there's only one kernel), and so it can use the same page table mapping for every process. This helps the TLB enormously; while it still has to discard mappings belonging to the process' half of memory addresses, it can keep the mappings for the kernel's half.
This design isn't completely set in stone. Work was done on Linux to make it possible to give a 32-bit process the entire range of addresses, with no sharing between the kernel's page table and that of each program. While this gave the programs more address space, it carried a performance cost, because the TLB had to reload the kernel's page table entries every time kernel code needed to run. Accordingly, this approach was never widely used on x86 systems.
One downside of the decision to split the virtual address space between the kernel and each program is that the memory protection is weakened. If the kernel had its own set of page tables and virtual addresses, it would be afforded the same protection as different programs have from one another; the kernel's memory would be simply invisible. But with the split addressing, user programs and the kernel use the same address range, and, in principle, a user program would be able to read and write kernel memory.
To prevent this obviously undesirable situation, the processor and virtual addressing system have a concept of "rings" or "modes." x86 processors have lots of rings, but for this issue, only two are relevant: "user" (ring 3) and "supervisor" (ring 0). When running regular user programs, the processor is put into user mode, ring 3\. When running kernel code, the processor is in ring 0, supervisor mode, also known as kernel mode.
These rings are used to protect the kernel memory from user programs. The page tables aren't just mapping from virtual to physical addresses; they also contain metadata about those addresses, including information about which rings can access an address. The kernel's page table entries are all marked as only being accessible to ring 0; the program's entries are marked as being accessible from any ring. If an attempt is made to access ring 0 memory while in ring 3, the processor blocks the access and generates an exception. The result of this is that user programs, running in ring 3, should not be able to learn anything about the kernel and its ring 0 memory.
At least, that's the theory. The spate of patches and update show that somewhere this has broken down. This is where the big mystery lies.
### Moving between rings
Here's what we do know. Every modern processor performs a certain amount of speculative execution. For example, given some instructions that add two numbers and then store the result in memory, a processor might speculatively do the addition before ascertaining whether the destination in memory is actually accessible and writeable. In the common case, where the location  _is_  writeable, the processor managed to save some time, as it did the arithmetic in parallel with figuring out what the destination in memory was. If it discovers that the location isn't accessible—for example, a program trying to write to an address that has no mapping and no physical location at all—then it will generate an exception and the speculative execution is wasted.
Intel processors, specifically—[though not AMD ones][6]—allow speculative execution of ring 3 code that writes to ring 0 memory. The processors  _do_  properly block the write, but the speculative execution minutely disturbs the processor state, because certain data will be loaded into cache and the TLB in order to ascertain whether the write should be allowed. This in turn means that some operations will be a few cycles quicker, or a few cycles slower, depending on whether their data is still in cache or not. As well as this, Intel's processors have special features, such as the Software Guard Extensions (SGX) introduced with Skylake processors, that slightly change how attempts to access memory are handled. Again, the processor does still protect ring 0 memory from ring 3 programs, but again, its caches and other internal state are changed, creating measurable differences.
What we don't know, yet, is just how much kernel memory information can be leaked to user programs or how easily that leaking can occur. And which Intel processors are affected? Again it's not entirely clear, but indications are that every Intel chip with speculative execution (which is all the mainstream processors introduced since the Pentium Pro, from 1995) can leak information this way.
The first wind of this problem came from researchers from [Graz Technical University in Austria][7]. The information leakage they discovered was enough to undermine kernel mode Address Space Layout Randomization (kernel ASLR, or KASLR). ASLR is something of a last-ditch effort to prevent the exploitation of [buffer overflows][8]. With ASLR, programs and their data are placed at random memory addresses, which makes it a little harder for attackers to exploit security flaws. KASLR applies that same randomization to the kernel so that the kernel's data (including page tables) and code are randomly located.
The Graz researchers developed [KAISER][9], a set of Linux kernel patches to defend against the problem.
If the problem were just that it enabled the derandomization of ASLR, this probably wouldn't be a huge disaster. ASLR is a nice protection, but it's known to be imperfect. It's meant to be a hurdle for attackers, not an impenetrable barrier. The industry reaction—a fairly major change to both Windows and Linux, developed with some secrecy—suggests that it's not just ASLR that's defeated and that a more general ability to leak information from the kernel has been developed. Indeed, researchers have [started to tweet][10] that they're able to leak and read arbitrary kernel data. Another possibility is that the flaw can be used to escape out of a virtual machine and compromise a hypervisor.
The solution that both the Windows and Linux developers have picked is substantially the same, and derived from that KAISER work: the kernel page table entries are no longer shared with each process. In Linux, this is called Kernel Page Table Isolation (KPTI).
With the patches, the memory address is still split in two; it's just the kernel half is almost empty. It's not quite empty, because a few kernel pieces need to be mapped permanently, whether the processor is running in ring 3  _or_  ring 0, but it's close to empty. This means that even if a malicious user program tries to probe kernel memory and leak information, it will fail—there's simply nothing to leak. The real kernel page tables are only used when the kernel itself is running.
This undermines the very reason for the split address space in the first place. The TLB now needs to clear out any entries related to the real kernel page tables every time it switches to a user program, putting an end to the performance saving that splitting enabled.
The impact of this will vary depending on the workload. Every time a program makes a call into the kernel—to read from disk, to send data to the network, to open a file, and so on—that call will be a little more expensive, since it will force the TLB to be flushed and the real kernel page table to be loaded. Programs that don't use the kernel much might see a hit of perhaps 2-3 percent—there's still some overhead because the kernel always has to run occasionally, to handle things like multitasking.
But workloads that call into the kernel a ton will see much greater performance drop off. In a benchmark, a program that does virtually nothing  _other_  than call into the kernel saw [its performance drop by about 50 percent][11]; in other words, each call into the kernel took twice as long with the patch than it did without. Benchmarks that use Linux's loopback networking also see a big hit, such as [17 percent][12] in this Postgres benchmark. Real database workloads using real networking should see lower impact, because with real networks, the overhead of calling into the kernel tends to be dominated by the overhead of using the actual network.
While Intel systems are the ones known to have the defect, they may not be the only ones affected. Some platforms, such as SPARC and IBM's S390, are immune to the problem, as their processor memory management doesn't need the split address space and shared kernel page tables; operating systems on those platforms have always isolated their kernel page tables from user mode ones. But others, such as ARM, may not be so lucky; [comparable patches for ARM Linux][13] are under development.
<aside class="ad_native" id="ad_xrail_native" style="box-sizing: inherit;"></aside>
[][15][PETER BRIGHT][14]Peter is Technology Editor at Ars. He covers Microsoft, programming and software development, Web technology and browsers, and security. He is based in Brooklyn, NY.
--------------------------------------------------------------------------------
via: https://arstechnica.com/gadgets/2018/01/whats-behind-the-intel-design-flaw-forcing-numerous-patches/
作者:[ PETER BRIGHT ][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://arstechnica.com/author/peter-bright/
[1]:https://arstechnica.com/author/peter-bright/
[2]:https://arstechnica.com/gadgets/2018/01/whats-behind-the-intel-design-flaw-forcing-numerous-patches/?comments=1
[3]:https://twitter.com/aionescu/status/930412525111296000
[4]:https://lwn.net/SubscriberLink/741878/eb6c9d3913d7cb2b/
[5]:https://twitter.com/aionescu/status/948609809540046849
[6]:https://lkml.org/lkml/2017/12/27/2
[7]:https://gruss.cc/files/kaiser.pdf
[8]:https://arstechnica.com/information-technology/2015/08/how-security-flaws-work-the-buffer-overflow/
[9]:https://github.com/IAIK/KAISER
[10]:https://twitter.com/brainsmoke/status/948561799875502080
[11]:https://twitter.com/grsecurity/status/947257569906757638
[12]:https://www.postgresql.org/message-id/20180102222354.qikjmf7dvnjgbkxe@alap3.anarazel.de
[13]:https://lwn.net/Articles/740393/
[14]:https://arstechnica.com/author/peter-bright
[15]:https://arstechnica.com/author/peter-bright

105
sources/tech/20090718 Vmware Linux Guest Add a New Hard Disk Without Rebooting Guest.md → translated/tech/20090718 Vmware Linux Guest Add a New Hard Disk Without Rebooting Guest.md
View File

@ -1,76 +1,75 @@
translating by lujun9972
Vmware Linux Guest Add a New Hard Disk Without Rebooting Guest
在不重启的情况下为 Vmware Linux 客户机添加新硬盘
======
As a system admin, I need to use additional hard drives for to provide more storage space or to separate system data from user data. This procedure, adding physical block devices to virtualized guests, describes how to add a hard drive on the host to a virtualized guest using VMWare software running Linux as guest.
作为一名系统管理员,我经常需要用额外的硬盘来扩充存储空间或将系统数据从用户数据中分离出来。将物理块设备加到虚拟主机的这个过程,告诉你如何将一个块主机上的硬盘加到一台使用 VMWare 软件虚拟化的 Linux 客户机上。
It is possible to add or remove a SCSI device explicitly, or to re-scan an entire SCSI bus without rebooting a running Linux VM guest. This how to is tested under Vmware Server and Vmware Workstation v6.0 (but should work with older version too). All instructions are tested on RHEL, Fedora, CentOS and Ubuntu Linux guest / hosts operating systems.
你可以显式的添加或删除一个 SCSI 设备,或者重新扫描整个 SCSI 总线而不用重启 Linux 虚拟机。本指南在 Vmware Server 和 Vmware Workstation v6.0 中通过测试(更老版本应该也支持)。所有命令在 RHELFedoraCentOS 和 Ubuntu Linux 客户机 / 主机操作系统下都经过了测试。
## Step # 1: Add a New Disk To Vm Guest
## 步骤 # 1添加新硬盘到虚拟客户机
First, you need to add hard disk by visiting vmware hardware settings menu.
Click on VM > Settings
首先,通过 vmware 硬件设置菜单添加硬盘。
点击 VM > Settings
![Fig.01: Vmware Virtual Machine Settings ][1]
![Fig.01Vmware Virtual Machine Settings ][1]
Alternatively you can press CTRL + D to bring settings dialog box.
或者你也可以按下 CTRL + D 也能进入设置对话框。
Click on Add+ to add new hardware to guest:
点击 Add+ 添加新硬盘到客户机:
![Fig.02: VMWare adding a new hardware][2]
![Fig.02VMWare adding a new hardware][2]
选择硬件类型为 Hard disk 然后点击 Next
Select hardware type Hard disk and click on Next
![Fig.03 VMware Adding a new disk wizard ][3]
Select create a new virtual disk and click on Next
选择 `create a new virtual disk` 然后点击 Next
![Fig.04: Vmware Wizard Disk ][4]
![Fig.04Vmware Wizard Disk ][4]
Set virtual disk type to SCSI and click on Next
设置虚拟磁盘类型为 SCSI 然后点击 Next
![Fig.05: Vmware Virtual Disk][5]
![Fig.05Vmware Virtual Disk][5]
Set maximum disk size as per your requirements and click on Next
按需要设置最大磁盘大小,然后点击 Next
![Fig.06: Finalizing Disk Virtual Addition ][6]
![Fig.06Finalizing Disk Virtual Addition ][6]
Finally, set file location and click on Finish.
最后,选择文件存放位置然后点击 Finish。
## Step # 2: Rescan the SCSI Bus to Add a SCSI Device Without rebooting the VM
## 步骤 # 2重新扫描 SCSI 总线,在不重启虚拟机的情况下添加 SCSI 设备
A rescan can be issued by typing the following command:
输入下面命令重新扫描 SCSI 总线:
```
echo "- - -" > /sys/class/scsi_host/ **host#** /scan
echo "- - -" > /sys/class/scsi_host/host# /scan
fdisk -l
tail -f /var/log/message
```
Sample outputs:
输出为:
![Linux Vmware Rescan New Scsi Disk Without Reboot][7]
Replace host# with actual value such as host0. You can find scsi_host value using the following command:
你需要将 `host#` 替换成真实的值,比如 host0。你可以通过下面命令来查出这个值
`# ls /sys/class/scsi_host`
Output:
输出:
```
host0
```
Now type the following to send a rescan request:
然后输入下面过命令来请求重新扫描:
```
echo "- - -" > /sys/class/scsi_host/ **host0** /scan
echo "- - -" > /sys/class/scsi_host/host0/scan
fdisk -l
tail -f /var/log/message
```
Sample Outputs:
输出为:
```
Jul 18 16:29:39 localhost kernel: Vendor: VMware, Model: VMware Virtual S Rev: 1.0
@ -109,33 +108,33 @@ Jul 18 16:29:39 localhost kernel: sd 0:0:2:0: Attached scsi disk sdc
Jul 18 16:29:39 localhost kernel: sd 0:0:2:0: Attached scsi generic sg2 type 0
```
### How Do I Delete a Single Device Called /dev/sdc?
### 如何删除 =/dev/sdc= 这块设备?
In addition to re-scanning the entire bus, a specific device can be added or existing device deleted using the following command:
除了重新扫描整个总线外,你也可以使用下面命令添加或删除指定磁盘:
```
# echo 1 > /sys/block/devName/device/delete
# echo 1 > /sys/block/ **sdc** /device/delete
# echo 1 > /sys/block/sdc/device/delete
```
### How Do I Add a Single Device Called /dev/sdc?
### 如何添加 =/dev/sdc= 这块设备?
To add a single device explicitly, use the following syntax:
使用下面语法添加指定设备:
```
# echo "scsi add-single-device <H> <B> <T> <L>" > /proc/scsi/scsi
```
Where,
这里,
* <H> : Host
* <B> : Bus (Channel)
* <T> : Target (Id)
* <L> : LUN numbers
* <H>Host
* <B>Bus (Channel)
* <T>Target (Id)
* <L>LUN numbers
For e.g. add /dev/sdc with host # 0, bus # 0, target # 2, and LUN # 0, enter:
例如。使用参数 host#0bus#0target#2以及 LUN#0 来添加 /dev/sdc则输入
```
# echo "scsi add-single-device 0 0 2 0">/proc/scsi/scsi
@ -143,7 +142,7 @@ For e.g. add /dev/sdc with host # 0, bus # 0, target # 2, and LUN # 0, enter:
# cat /proc/scsi/scsi
```
Sample Outputs:
结果输出:
```
Attached devices:
@ -158,9 +157,9 @@ Host: scsi0 Channel: 00 Id: 02 Lun: 00
Type: Direct-Access ANSI SCSI revision: 02
```
## Step #3: Format a New Disk
## 步骤 #3:格式化新磁盘
Now, you can create partition using [fdisk and format it using mkfs.ext3][8] command:
现在使用 [fdisk 并通过 mkfs.ext3][8] 命令创建分区:
```
# fdisk /dev/sdc
@ -170,39 +169,39 @@ Now, you can create partition using [fdisk and format it using mkfs.ext3][8] com
# mkfs.ext4 /dev/sdc3
```
## Step #4: Create a Mount Point And Update /etc/fstab
## 步骤 #4:创建挂载点并更新 /etc/fstab
`# mkdir /disk3`
Open /etc/fstab file, enter:
打开 /etc/fstab 文件,输入:
`# vi /etc/fstab`
Append as follows:
加入下面这行:
```
/dev/sdc3 /disk3 ext3 defaults 1 2
```
For ext4 fs:
若是 ext4 文件系统则加入:
```
/dev/sdc3 /disk3 ext4 defaults 1 2
```
Save and close the file.
保存并关闭文件。
#### Optional Task: Label the partition
#### 可选操作:为分区加标签
[You can label the partition using e2label command][9]. For example, if you want to label the new partition /backupDisk, enter
[你可以使用 e2label 命令为分区加标签 ][9]。假设,你想要为 /backupDisk 这块新分区加标签,则输入
`# e2label /dev/sdc1 /backupDisk`
See "[The importance of Linux partitions][10]
详情参见 "[Linux 分区的重要性 ][10]
## about the author
## 关于作者
The author is the creator of nixCraft and a seasoned sysadmin and a trainer for the Linux operating system/Unix shell scripting. He has worked with global clients and in various industries, including IT, education, defense and space research, and the nonprofit sector. Follow him on [Twitter][11], [Facebook][12], [Google+][13].
作者即是 nixCraft 的创造者,也是一名经验丰富的系统管理员,还是 Linux 操作系统 /Unix shell 脚本培训师。他曾服务过全球客户并与多个行业合作过,包括 IT教育国防和空间研究以及非盈利机构。你可以在 [Twitter][11][Facebook][12][Google+][13] 上关注它。
--------------------------------------------------------------------------------

50
sources/tech/20160117 How to use curl command with proxy username-password on Linux- Unix.md → translated/tech/20160117 How to use curl command with proxy username-password on Linux- Unix.md
View File

@ -1,8 +1,8 @@
translating by lujun9972
How to use curl command with proxy username/password on Linux/ Unix
如何让 curl 命令通过代理访问
======
My sysadmin provided me the following proxy details:
我的系统管理员给我提供了如下代理信息:
```
IP: 202.54.1.1
Port: 3128
@ -10,15 +10,14 @@ Username: foo
Password: bar
```
The settings worked perfectly with Google Chrome and Firefox browser. How do I use it with the curl command? How do I tell the curl command to use my proxy settings from Google Chrome browser?
该设置在 Google Chrome 和 Firefox 浏览器上很容易设置。但是我要怎么把它应用到 curl 命令上呢?我要如何让 curl 命令使用我在 Google Chrome 浏览器上的代理设置呢?
很多 Linux 和 Unix 命令行工具(比如 curl 命令wget 命令lynx 命令等)使用名为 `http_proxy``https_proxy``ftp_proxy` 的环境变量来获取代理信息。它允许你通过代理服务器(使用或不使用用户名/密码都行)来连接那些基于文本的会话和应用。**本文就会演示一下如何让 curl 通过代理服务器发送 HTTP/HTTPS 请求。**
## 让 curl 命令使用代理的语法
Many Linux and Unix command line tools such as curl command, wget command, lynx command, and others; use the environment variable called http_proxy, https_proxy, ftp_proxy to find the proxy details. It allows you to connect text based session and applications via the proxy server with or without a userame/password. T **his page shows how to perform HTTP/HTTPS requests with cURL cli using PROXY server.**
## Unix and Linux curl command with proxy syntax
The syntax is:
语法为:
```
## Set the proxy address of your uni/company/vpn network ##
export http_proxy=http://your-ip-address:port/
@ -32,7 +31,7 @@ export https_proxy=https://user:password@your-proxy-ip-address:port/
```
Another option is to pass the -x option to the curl command. To use the specified proxy:
另一种方法是使用 curl 命令的 -x 选项:
```
curl -x <[protocol://][user:password@]proxyhost[:port]> url
--proxy <[protocol://][user:password@]proxyhost[:port]> url
@ -40,9 +39,9 @@ curl -x <[protocol://][user:password@]proxyhost[:port]> url
-x http://user:password@Your-Ip-Here:Port url
```
## Linux use curl command with proxy
## 在 Linux 上的一个例子
First set the http_proxy:
首先设置 `http_proxy`
```
## proxy server, 202.54.1.1, port: 3128, user: foo, password: bar ##
export http_proxy=http://foo:bar@202.54.1.1:3128/
@ -51,7 +50,7 @@ export https_proxy=$http_proxy
curl -I https://www.cyberciti.biz
curl -v -I https://www.cyberciti.biz
```
Sample outputs:
输出为:
```
* Rebuilt URL to: www.cyberciti.biz/
@ -98,44 +97,43 @@ Connection: keep-alive
* Connection #0 to host 10.12.249.194 left intact
```
In this example, I'm downloading a pdf file:
本例中,我来下载一个 pdf 文件:
```
$ export http_proxy="vivek:myPasswordHere@10.12.249.194:3128/"
$ curl -v -O http://dl.cyberciti.biz/pdfdownloads/b8bf71be9da19d3feeee27a0a6960cb3/569b7f08/cms/631.pdf
```
OR use the -x option:
也可以使用 -x 选项:
```
curl -x 'http://vivek:myPasswordHere@10.12.249.194:3128' -v -O https://dl.cyberciti.biz/pdfdownloads/b8bf71be9da19d3feeee27a0a6960cb3/569b7f08/cms/631.pdf
```
Sample outputs:
[![Fig.01: curl in action \(click to enlarge\)][1]][2]
输出为:
![Fig.01curl in action \(click to enlarge\)][1]
## How to use the specified proxy server with curl on Unix
## Unix 上的一个例子
```
$ curl -x http://prox_server_vpn:3128/ -I https://www.cyberciti.biz/faq/howto-nginx-customizing-404-403-error-page/
```
## How to use socks protocol?
## socks 协议怎么办呢?
The syntax is same:
语法也是一样的:
```
curl -x socks5://[user:password@]proxyhost[:port]/ url
curl --socks5 192.168.1.254:3099 https://www.cyberciti.biz/
```
## How do I configure and setup curl to permanently use a proxy connection?
## 如何让代理设置永久生效?
Update/edit your ~/.curlrc file using a text editor such as vim:
编辑 ~/.curlrc 文件:
`$ vi ~/.curlrc`
Append the following:
添加下面内容:
```
proxy = server1.cyberciti.biz:3128
proxy-user = "foo:bar"
```
Save and close the file. Another option is create a bash shell alias in your ~/.bashrc file:
保存并关闭该文件。另一种方法是在你的 `~/.bashrc` 文件中创建一个别名:
```
## alias for curl command
## set proxy-server and port, the syntax is
@ -143,7 +141,7 @@ Save and close the file. Another option is create a bash shell alias in your ~/.
alias curl = "curl -x server1.cyberciti.biz:3128"
```
Remember, the proxy string can be specified with a protocol:// prefix to specify alternative proxy protocols. Use socks4://, socks4a://, socks5:// or socks5h:// to request the specific SOCKS version to be used. No protocol specified, http:// and all others will be treated as HTTP proxies. If the port number is not specified in the proxy string, it is assumed to be 1080. The -x option overrides existing environment variables that set the proxy to use. If there's an environment variable setting a proxy, you can set proxy to "" to override it. See curl command man page [here for more info][3].
记住,代理字符串中可以使用 `protocol//` 前缀来指定不同的代理协议。使用 `socks4//``socks4a//``socks5// `或者 `socks5h//` 来指定使用的 SOCKS 版本。若没有指定协议或者 `http//` 表示 HTTP 协议。若没有指定端口号则默认为 1080。-x 选项的值要优先于环境变量设置的值。若不想走代理,而环境变量总设置了代理,那么可以通过设置代理为 "" 来覆盖环境变量的值。[详细信息请参阅 curl 的 man 页 ][3]。
--------------------------------------------------------------------------------

78
translated/tech/20171011 What is a firewall.md Normal file
View File

@ -0,0 +1,78 @@
什么是防火墙?
=====
基于网络的防火墙已经在美国企业无处不在,因为它们证实了抵御日益增长的威胁的防御能力。
通过网络测试公司 NSS 实验室最近的一项研究发现高达 80% 的美国大型企业运行着下一代防火墙。研究公司 IDC 评估防火墙和相关的统一威胁管理市场营业额在 2015 是 76 亿美元,预计到 2020 年底将达到 127 亿美元。
**如果你想提升,这里是[What to consider when deploying a next generation firewall][1]**
### 什么是防火墙?
防火墙充当一个监控流量的边界防御工具,要么允许它要么屏蔽它。 多年来,防火墙的功能不断增强,现在大多数防火墙不仅可以阻止已知的一组威胁,并执行高级访问控制列表策略,还可以深入检查各个包的流量和测试包,以确定它们是否安全。大多数防火墙被部署为网络硬件,用于处理流量和允许终端用户配置和管理系统的软件。越来越多的软件版防火墙部署到高度虚拟机环境中执行策略在被隔离的网络或 IaaS 公有云中。
随着防火墙技术的进步在过去十年中创造了新的防火墙部署选项,所以现在对于部署防火墙的最终用户来说,有一些选择。这些选择包括:
### 有状态的防火墙
当首次创造防火墙时它们是无状态的这意味着流量通过硬件在检查被监视的每个网络包流量的过程中并单独屏蔽或允许它。从1990年代中后期开始防火墙的第一个主要进展是引入状态。有状态防火墙在更全面的上下文中检查流量同时考虑到网络连接的工作状态和特性以提供更全面的防火墙。例如维持这状态的防火墙允许某些流量访问某些用户同时阻塞其他用户的同一流量。
### 下一代防火墙
多年来防火墙增加了多种新的特性包括深度包检查、入侵检测以及对加密流量的预防和检查。下一代防火墙NGFWs是指有许多先进的功能集成到防火墙的防火墙。
### 基于代理的防火墙
这些防火墙充当请求数据的最终用户和数据源之间的网关。在传递给最终用户之前,所有的流量都通过这个代理过滤。这通过掩饰信息的原始请求者的身份来保护客户端不受威胁。
### Web 应用防火墙
这些防火墙位于特定应用程序的前面而不是在更广阔的网络的入口或则出口上。而基于代理的防火墙通常被认为是保护终端客户WAFs 通常被认为是保护应用服务器。
### 防火墙硬件
防火墙硬件通常是一个简单的服务器,它可以充当路由器来过滤流量和运行防火墙软件。这些设备放置在企业网络的边缘,路由器和 Internet 服务提供商的连接点之间。通常企业可能在整个数据中心部署十几个物理防火墙。 用户需要根据用户基数的大小和 Internet 连接的速率来确定防火墙需要支持的吞吐量容量。
### 防火墙软件
通常,终端用户部署多个防火墙硬件端和一个中央防火墙软件系统来管理部署。 这个中心系统是配置策略和特性的地方,在那里可以进行分析,并可以对威胁作出响应。
### 下一代防火墙
多年来防火墙增加了多种新的特性包括深度包检查、入侵检测以及对加密流量的预防和检查。下一代防火墙NGFWs是指集成了这些先进功能的防火墙这里描述的是它们中的一些。
### 有状态的检测
阻止已知不需要的流量,这是基本的防火墙功能。
### 抵御病毒
在网络流量中搜索已知病毒和漏洞,这个功能有助于防火墙接收最新威胁的更新,并不断更新以保护它们。
### 入侵防御系统
这类安全产品可以部署为一个独立的产品,但 IPS 功能正逐步融入 NGFWs。 虽然基本的防火墙技术识别和阻止某些类型的网络流量,但 IPS 使用更多的细粒度安全措施,如签名跟踪和异常检测,以防止不必要的威胁进入公司网络。 IPS 系统已经取代了以前这一技术的版本入侵检测系统IDS的重点是识别威胁而不是遏制它们。
### 深度包检测DPI
DPI 可部分或用于与 IPS 的结合,但其仍然成为一个 NGFWs 的重要特征因为它提供细粒度分析的能力具体到流量包和流量数据的头文件。DPI 还可以用来监测出站流量以确保敏感信息不会离开公司网络这种技术称为数据丢失预防DLP
### SSL 检测
安全套接字层SSL检测是一个检测加密流量来测试威胁的方法。随着越来越多的流量进行加密SSL 检测成为 DPI 技术NGFWs 正在实施的一个重要组成部分。SSL 检测作为一个缓冲区,它在送到最终目的地之前解码流量以检测它。
### 沙盒
这个是被卷入 NGFWs 中的一个较新的特性,它指防火墙接收某些未知的流量或者代码,并在一个测试环境运行,以确定它是否是邪恶的能力。
--------------------------------------------------------------------------------
via: https://www.networkworld.com/article/3230457/lan-wan/what-is-a-firewall-perimeter-stateful-inspection-next-generation.html
作者:[Brandon Butler][a]
译者:[zjon](https://github.com/zjon)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://www.networkworld.com/author/Brandon-Butler/
[1]:https://www.networkworld.com/article/3236448/lan-wan/what-to-consider-when-deploying-a-next-generation-firewall.html

157
translated/tech/20171030 How To Create Custom Ubuntu Live CD Image.md Normal file
View File

@ -0,0 +1,157 @@
如何创建 Ubuntu Live CD Linux 中国注Ubuntu 原生光盘)的定制镜像
======
![](https://www.ostechnix.com/wp-content/uploads/2017/10/Cubic-720x340.png)
今天让我们来讨论一下如何创建 Ubuntu Live CD 的定制镜像(ISO)。我们已经使用[* *Pinguy Builder* *][1]完成了这项工作。但是,现在似乎停止了。最近 Pinguy Builder 的官方网站似乎没有任何更新。幸运的是,我找到了另一种创建 Ubuntu Live CD 镜像的工具。使用 **Cubic** 即 **C**ustom **Ub**untu **I**SO **C**reator Linux 中国注Ubuntu 镜像定制器)的首字母所写,一个 GUI (图形用户界面)应用程序用来创建一个可定制的可启动的 Ubuntu Live CD(ISO)镜像。
Cubic 正在积极开发,它提供了许多选项来轻松地创建一个定制的 Ubuntu Live CD ,它有一个集成的命令行环境``chroot``Linux 中国注Change Root也就是改变程序执行时所参考的根目录位置在那里你可以定制所有比如安装新的软件包内核添加更多的背景壁纸添加更多的文件和文件夹。它有一个直观的 GUI 界面,在实时镜像创建过程中可以轻松的利用导航(可以利用点击鼠标来回切换)。您可以创建一个新的自定义镜像或修改现有的项目。因为它可以用来实时制作 Ubuntu 镜像,所以我相信它可以被利用在制作其他 Ubuntu 的发行版和衍生版镜像中使用,比如 Linux Mint。
### 安装 Cubic
Cubic 的开发人员已经开发出了一个 PPA Linux 中国注Personal Package Archives 首字母简写,私有的软件包档案) 来简化安装过程。要在 Ubuntu 系统上安装 Cubic ,在你的终端上运行以下命令:
```
sudo apt-add-repository ppa:cubic-wizard/release
```
```
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 6494C6D6997C215E
```
```
sudo apt update
```
```
sudo apt install cubic
```
### 利用 Cubic 创建 Ubuntu Live CD 的定制镜像
安装完成后,从应用程序菜单或坞站启动 Cubic。这是在我在 Ubuntu 16.04 LTS 桌面系统中 Cubic 的样子。
为新项目选择一个目录。它是保存镜像文件的目录。
[![][2]][3]
请注意Cubic 不是创建您系统的 Live CD 镜像。而它只是利用 Ubuntu 安装 CD 来创建一个定制的 Live CD因此你应该有一个最新的 ISO 镜像。
选择您存储 Ubuntu 安装 ISO 镜像的路径。Cubic 将自动填写您定制操作系统的所有细节。如果你愿意,你可以改变细节。单击 Next 继续。
[![][2]][4]
接下来,从压缩的源安装介质中的 Linux 文件系统将被提取到项目的目录(在我们的例子中目录的位置是 **/home/ostechnix/custom_ubuntu**)。
[![][2]][5]
一旦文件系统被提取出来,将自动加载到``chroot``环境。如果你没有看到终端提示,按下回车键几次。
[![][2]][6]
在这里可以安装任何额外的软件包,添加背景图片,添加软件源列表,添加最新的 Linux 内核和所有其他定制到你的 Live CD 。
例如,我希望 `vim` 安装在我的 Live CD 中,所以现在就要安装它。
[![][2]][7]
我们不需要使用 ``sudo``因为我们已经在具有最高权限root)的环境中了。
类似地,如果需要,可以安装添加的任何版本 Linux Kernel 。
```
apt install linux-image-extra-4.10.0-24-generic
```
此外,您还可以更新软件源列表(添加或删除软件存储库列表):
[![][2]][8]
修改源列表后,不要忘记运行 ``apt update`` 命令来更新源列表:
```
apt update
```
另外,您还可以向 Live CD 中添加文件或文件夹。复制文件/文件夹(右击它们并选择复制或者利用 `CTRL+C`),在终端右键单击(在 Cubic 窗口内),选择**Paste file(s)**,最后点击它将其复制进 Cubic 向导的底部。
[![][2]][9]
**Ubuntu 17.10 用户注意事项: **
在 Ubuntu 17.10 系统中DNS 查询可能无法在 ``chroot``环境中工作。如果您正在制作一个定制的 Ubuntu 17.10 原生镜像,您需要指向正确的 `resolve.conf` 配置文件:
```
ln -sr /run/systemd/resolve/resolv.conf /run/systemd/resolve/stub-resolv.conf
```
验证 DNS 解析工作,运行:
```
cat /etc/resolv.conf
ping google.com
```
如果你想的话,可以添加你自己的壁纸。要做到这一点,请切换到 **/usr/share/backgrounds/** 目录,
```
cd /usr/share/backgrounds
```
并将图像拖放到 Cubic 窗口中。或复制图像,右键单击 Cubic 终端窗口,选择 **Paste file(s)** 选项。此外,确保你在**/usr/share/gnome-backproperties** 的XML文件中添加了新的壁纸这样你可以在桌面上右键单击新添加的图像选择**Change Desktop Background** 进行交互。完成所有更改后,在 Cubic 向导中单击 ``Next``。
接下来,选择引导到新的原生 ISO 镜像时使用的 Linux 内核版本。如果已经安装了其他版本内核,它们也将在这部分中被列出。然后选择您想在 Live CD 中使用的内核。
[![][2]][10]
在下一节中,选择要从您的原生映像中删除的软件包。在使用定制的原生映像安装完 Ubuntu 操作系统后,所选的软件包将自动删除。在选择要删除的软件包时,要格外小心,您可能在不知不觉中删除了一个软件包,而此软件包又是另外一个软件包的依赖包。
[![][2]][11]
接下来,原生镜像创建过程将开始。这里所要花费的时间取决于你定制的系统规格。
[![][2]][12]
镜像创建完成后后,单击 ``Finish``。Cubic 将显示新创建的自定义镜像的细节。
如果你想在将来修改刚刚创建的自定义原生镜像,**uncheck** 选项解释说**" Delete all project files, except the generated disk image and the corresponding MD5 checksum file"** **除了生成的磁盘映像和相应的MD5校验和文件之外删除所有的项目文件** Cubic 将在项目的工作目录中保留自定义图像,您可以在将来进行任何更改。而不用从头再来一遍。
要为不同的 Ubuntu 版本创建新的原生镜像,最好使用不同的项目目录。
### 利用 Cubic 修改 Ubuntu Live CD 的定制镜像
从菜单中启动 Cubic ,并选择一个现有的项目目录。单击 Next 按钮,您将看到以下三个选项:
1. 从现有项目创建一个磁盘映像。
2. 继续定制现有项目。
3. 删除当前项目。
[![][2]][13]
第一个选项将允许您使用之前所做的自定义在现有项目中创建一个新的原生 ISO 镜像。如果您丢失了 ISO 镜像,您可以使用第一个选项来创建一个新的。
第二个选项允许您在现有项目中进行任何其他更改。如果您选择此选项,您将再次进入 ``chroot``环境。您可以添加新的文件或文件夹,安装任何新的软件,删除任何软件,添加其他的 Linux 内核,添加桌面背景等等。
第三个选项将删除现有的项目,所以您可以从头开始。选择此选项将删除所有文件,包括新生成的 ISO 镜像文件。
我用 Cubic 做了一个定制的 Ubuntu 16.04 LTS 桌面 Live CD 。就像这篇文章里描述的一样。如果你想创建一个 Ubuntu Live CD Cubic 可能是一个不错的选择。
就这些了,再会!
--------------------------------------------------------------------------------
via: https://www.ostechnix.com/create-custom-ubuntu-live-cd-image/
作者:[SK][a]
译者:[stevenzdg988](https://github.com/stevenzdg988)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://www.ostechnix.com/author/sk/
[1]:https://www.ostechnix.com/pinguy-builder-build-custom-ubuntu-os/
[2]:data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7
[3]:http://www.ostechnix.com/wp-content/uploads/2017/10/Cubic-1.png ()
[4]:http://www.ostechnix.com/wp-content/uploads/2017/10/Cubic-2.png ()
[5]:http://www.ostechnix.com/wp-content/uploads/2017/10/Cubic-3.png ()
[6]:http://www.ostechnix.com/wp-content/uploads/2017/10/Cubic-4.png ()
[7]:http://www.ostechnix.com/wp-content/uploads/2017/10/Cubic-6.png ()
[8]:http://www.ostechnix.com/wp-content/uploads/2017/10/Cubic-5.png ()
[9]:http://www.ostechnix.com/wp-content/uploads/2017/10/Cubic-7.png ()
[10]:http://www.ostechnix.com/wp-content/uploads/2017/10/Cubic-8.png ()
[11]:http://www.ostechnix.com/wp-content/uploads/2017/10/Cubic-10-1.png ()
[12]:http://www.ostechnix.com/wp-content/uploads/2017/10/Cubic-12-1.png ()
[13]:http://www.ostechnix.com/wp-content/uploads/2017/10/Cubic-13.png ()

163
translated/tech/20171205 How to Use the Date Command in Linux.md
View File

@ -1,163 +0,0 @@
如何使用 Date 命令
======
在本文中, 我们会通过一些案例来演示如何使用 linux 中的 date 命令. date 命令可以用户输出/设置系统日期和时间. Date 命令很简单, 请参见下面的例子和语法.
默认情况下,当不带任何参数运行 date 命令时,它会输出当前系统日期和时间:
```shell
date
```
```
Sat 2 Dec 12:34:12 CST 2017
```
#### 语法
```
Usage: date [OPTION]... [+FORMAT]
or: date [-u|--utc|--universal] [MMDDhhmm[[CC]YY][.ss]]
Display the current time in the given FORMAT, or set the system date.
```
### 案例
下面这些案例会向你演示如何使用 date 命令来查看前后一段时间的日期时间.
#### 1\. 查找5周后的日期
```shell
date -d "5 weeks"
Sun Jan 7 19:53:50 CST 2018
```
#### 2\. 查找5周后又过4天的日期
```shell
date -d "5 weeks 4 days"
Thu Jan 11 19:55:35 CST 2018
```
#### 3\. 获取下个月的日期
```shell
date -d "next month"
Wed Jan 3 19:57:43 CST 2018
```
#### 4\. 获取下周日的日期
```shell
date -d last-sunday
Sun Nov 26 00:00:00 CST 2017
```
date 命令还有很多格式化相关的选项, 下面的例子向你演示如何格式化 date 命令的输出.
#### 5\. 以 yyyy-mm-dd 的格式显示日期
```shell
date +"%F"
2017-12-03
```
#### 6\. 以 mm/dd/yyyy 的格式显示日期
```shell
date +"%m/%d/%Y"
12/03/2017
```
#### 7\. 只显示时间
```shell
date +"%T"
20:07:04
```
#### 8\. 显示今天是一年中的第几天
```shell
date +"%j"
337
```
#### 9\. 与格式化相关的选项
| **%%** | 百分号 (“**%**“). |
| **%a** | 星期的缩写形式 (像这样, **Sun**). |
| **%A** | 星期的完整形式 (像这样, **Sunday**). |
| **%b** | 缩写的月份 (像这样, **Jan**). |
| **%B** | 当前区域的月份全称 (像这样, **January**). |
| **%c** | 日期以及时间 (像这样, **Thu Mar 3 23:05:25 2005**). |
| **%C** | 本世纪; 类似 **%Y**, 但是会省略最后两位 (像这样, **20**). |
| **%d** | 月中的第几日 (像这样, **01**). |
| **%D** | 日期; 效果与 **%m/%d/%y** 一样. |
| **%e** | 月中的第几日, 会填充空格; 与 **%_d** 一样. |
| **%F** | 完整的日期; 跟 **%Y-%m-%d** 一样. |
| **%g** | 年份的后两位 (参见 **%G**). |
| **%G** | 年份 (参见 **%V**); 通常跟 **%V** 连用. |
| **%h** | 同 **%b**. |
| **%H** | 小时 (**00**..**23**). |
| **%I** | 小时 (**01**..**12**). |
| **%j** | 一年中的第几天 (**001**..**366**). |
| **%k** | 小时, 用空格填充 ( **0**..**23**); same as **%_H**. |
| **%l** | 小时, 用空格填充 ( **1**..**12**); same as **%_I**. |
| **%m** | 月份 (**01**..**12**). |
| **%M** | 分钟 (**00**..**59**). |
| **%n** | 换行. |
| **%N** | 纳秒 (**000000000**..**999999999**). |
| **%p** | 当前区域时间是上午 **AM** 还是下午 **PM**; 未知则为空哦. |
| **%P** | 类似 **%p**, 但是用小写字母现实. |
| **%r** | 当前区域的12小时制现实时间 (像这样, **11:11:04 PM**). |
| **%R** | 24-小时制的小时和分钟; 同 **%H:%M**. |
| **%s** | 从 1970-01-01 00:00:00 UTC 到现在经历的秒数. |
| **%S** | 秒数 (**00**..**60**). |
| **%t** | tab 制表符. |
| **%T** | 时间; 同 **%H:%M:%S**. |
| **%u** | 星期 (**1**..**7**); 1 表示 **星期一**. |
| **%U** | 一年中的第几个星期, 以周日为一周的开始 (**00**..**53**). |
| **%V** | 一年中的第几个星期,以周一为一周的开始 (**01**..**53**). |
| **%w** | 用数字表示周几 (**0**..**6**); 0 表示 **周日**. |
| **%W** | 一年中的第几个星期, 周一为一周的开始 (**00**..**53**). |
| **%x** | Locales date representation (像这样, **12/31/99**). |
| **%X** | Locales time representation (像这样, **23:13:48**). |
| **%y** | 年份的后面两位 (**00**..**99**). |
| **%Y** | 年. |
| **%z** | +hhmm 指定数字时区 (像这样, **-0400**). |
| **%:z** | +hh:mm 指定数字时区 (像这样, **-04:00**). |
| **%::z** | +hh:mm:ss 指定数字时区 (像这样, **-04:00:00**). |
| **%:::z** | 指定数字时区, 其中 “**:**” 的个数由你需要的精度来决定 (例如, **-04**, **+05:30**). |
| **%Z** | 时区的字符缩写(例如, EDT). |
#### 10\. 设置系统时间
你也可以使用 date 来手工设置系统时间,方法是使用 `--set` 选项, 下面的例子会将系统时间设置成2017年8月30日下午4点22分
```shell
date --set="20170830 16:22"
```
当然, 如果你使用的是我们的 [VPS Hosting services][1], 你总是可以联系并咨询我们的Linux专家管理员 (通过客服电话或者下工单的方式) 关于 date 命令的任何东西. 他们是 24×7 在线的,会立即向您提供帮助.
PS. 如果你喜欢这篇帖子,请点击下面的按钮分享或者留言. 谢谢.
--------------------------------------------------------------------------------
via: https://www.rosehosting.com/blog/use-the-date-command-in-linux/
作者:[][a]
译者:[lujun9972](https://github.com/lujun9972)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://www.rosehosting.com
[1]:https://www.rosehosting.com/hosting-services.html

99
sources/tech/20180105 yum find out path where is package installed to on CentOS-RHEL.md → translated/tech/20180105 yum find out path where is package installed to on CentOS-RHEL.md
View File

@ -1,32 +1,35 @@
yum find out path where is package installed to on CentOS/RHEL
在 CentOS/RHEL 上查找 yum 安裝软件的位置
======
I have [install htop package on a CentOS/RHEL][1] . I wanted find out where and at what path htop package installed all files. Is there an easy way to tell yum where is package installed on a CentOS/RHEL?
我已经在 CentOS/RHEL 上[安装 htop][1] 。现在想知道软件被安装在哪个位置。有没有简单的方法能找到软件包安装的目录呢?
[yum command][2] is an interactive, open source, rpm based, package manager for a CentOS/RHEL and clones. It can automatically perform the following operations for you:
[yum 命令][2] 是可交互的,开源的,基于 rpm 的 CentOS/RHEL 的软件包管理工具。它会帮助你自动地完成以下操作:
1. Core system file updates
2. Package updates
3. Install a new packages
4. Delete of old packages
5. Perform queries on the installed and/or available packages
1. 操作系统内核更新
2. 软件包更新
3. 安装新的软件包
4. 删除旧的软件包
5. 查找已安装和可用的软件包
yum is similar to other high level package managers like [apt-get command][3]/[apt command][4].
和 yum 相似的软件包管理工具有: [apt-get command][3] 和 [apt command][4]。
### yum where is package installed
### yum 安装软件包的位置
The syntax is as follows to install htop package for a demo purpose:
我们以安装 htop 为例:
`# yum install htop`
```
# yum install htop
```
To list the files installed by a yum package called htop, run the following rpm command:
使用以下命令列出 yum 安装 htop 的文件:
```
# rpm -q {packageNameHere}
# rpm -ql htop
```
Sample outputs:
输出例子:
```
/usr/bin/htop
@ -40,15 +43,15 @@ Sample outputs:
```
### How to see the files installed by a yum package using repoquery command
### 如何使用 repoquery 命令查看 yum 安装的软件包的位置
First install yum-utils package using [yum command][2]:
首先使用 [yum 命令][2] 安装 yum-utils 软件包:
```
# yum install yum-utils
```
Sample outputs:
例子输出:
```
Resolving Dependencies
@ -60,9 +63,9 @@ Resolving Dependencies
---> Package libxml2-python.x86_64 0:2.9.1-6.el7_2.3 will be installed
---> Package python-kitchen.noarch 0:1.1.1-5.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
=======================================================================================
Package Arch Version Repository Size
=======================================================================================
@ -71,56 +74,56 @@ Installing:
Installing for dependencies:
libxml2-python x86_64 2.9.1-6.el7_2.3 rhui-rhel-7-server-rhui-rpms 247 k
python-kitchen noarch 1.1.1-5.el7 rhui-rhel-7-server-rhui-rpms 266 k
Transaction Summary
=======================================================================================
Install 1 Package (+2 Dependent packages)
Total download size: 630 k
Installed size: 3.1 M
Is this ok [y/d/N]: y
Downloading packages:
(1/3): python-kitchen-1.1.1-5.el7.noarch.rpm | 266 kB 00:00:00
(2/3): libxml2-python-2.9.1-6.el7_2.3.x86_64.rpm | 247 kB 00:00:00
(3/3): yum-utils-1.1.31-42.el7.noarch.rpm | 117 kB 00:00:00
(1/3): python-kitchen-1.1.1-5.el7.noarch.rpm | 266 kB 00:00:00
(2/3): libxml2-python-2.9.1-6.el7_2.3.x86_64.rpm | 247 kB 00:00:00
(3/3): yum-utils-1.1.31-42.el7.noarch.rpm | 117 kB 00:00:00
---------------------------------------------------------------------------------------
Total 1.0 MB/s | 630 kB 00:00
Total 1.0 MB/s | 630 kB 00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : python-kitchen-1.1.1-5.el7.noarch 1/3
Installing : libxml2-python-2.9.1-6.el7_2.3.x86_64 2/3
Installing : yum-utils-1.1.31-42.el7.noarch 3/3
Verifying : libxml2-python-2.9.1-6.el7_2.3.x86_64 1/3
Verifying : yum-utils-1.1.31-42.el7.noarch 2/3
Verifying : python-kitchen-1.1.1-5.el7.noarch 3/3
Installing : python-kitchen-1.1.1-5.el7.noarch 1/3
Installing : libxml2-python-2.9.1-6.el7_2.3.x86_64 2/3
Installing : yum-utils-1.1.31-42.el7.noarch 3/3
Verifying : libxml2-python-2.9.1-6.el7_2.3.x86_64 1/3
Verifying : yum-utils-1.1.31-42.el7.noarch 2/3
Verifying : python-kitchen-1.1.1-5.el7.noarch 3/3
Installed:
yum-utils.noarch 0:1.1.31-42.el7
yum-utils.noarch 0:1.1.31-42.el7
Dependency Installed:
libxml2-python.x86_64 0:2.9.1-6.el7_2.3 python-kitchen.noarch 0:1.1.1-5.el7
libxml2-python.x86_64 0:2.9.1-6.el7_2.3 python-kitchen.noarch 0:1.1.1-5.el7
Complete!
```
### 如何列出通过 yum 安装的命令?
### How do I list the contents of a installed package using YUM?
Now run repoquery command as follows:
使用 repoquery 命令:
`# repoquery --list htop`
OR
或者
`# repoquery -l htop`
Sample outputs:
例子输出:
[![yum where is package installed][5]][5]
You can also use the type command or command command to just find location of given binary file such as httpd or htop:
你也可以使用 type 命令或者 command 命令查找指定二进制文件的位置,例如 httpd 或者 htop
```
$ type -a httpd
@ -128,19 +131,19 @@ $ type -a htop
$ command -V htop
```
### about the author
### 关于作者
The author is the creator of nixCraft and a seasoned sysadmin and a trainer for the Linux operating system/Unix shell scripting. He has worked with global clients and in various industries, including IT, education, defense and space research, and the nonprofit sector. Follow him on [Twitter][6], [Facebook][7], [Google+][8].
作者是 nixCraft 的创始人,是经验丰富的系统管理员并且是 Linux 命令行脚本编程的教练。他拥有全球多行业合作的经验,客户包括 IT教育安防和空间研究。他的联系方式[Twitter][6], [Facebook][7], [Google+][8]。
--------------------------------------------------------------------------------
via: https://www.cyberciti.biz/faq/yum-determining-finding-path-that-yum-package-installed-to/
作者:[][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
译者:[译者 ID](https://github.com/cyleung)
校对:[校对者 ID](https://github.com/ 校对者 ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux 中国](https://linux.cn/) 荣誉推出
[a]:https://www.cyberciti.biz
[1]:https://www.cyberciti.biz/faq/centos-redhat-linux-install-htop-command-using-yum/
@ -151,3 +154,5 @@ via: https://www.cyberciti.biz/faq/yum-determining-finding-path-that-yum-package
[6]:https://twitter.com/nixcraft
[7]:https://facebook.com/nixcraft
[8]:https://plus.google.com/+CybercitiBiz