document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2025-02-03 23:40:14 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'LCTT/master'

Browse Source
This commit is contained in:
Xingyu Wang 2019-07-20 06:31:55 +08:00
commit 205e72dc1f
4 changed files with 641 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

70
translated/tech/20190708 10 ways to get started with Linux.md → published/20190708 10 ways to get started with Linux.md
View File

@ -1,8 +1,8 @@
[#]: collector: (lujun9972)
[#]: translator: (wxy)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: reviewer: (wxy)
[#]: publisher: (wxy)
[#]: url: (https://linux.cn/article-11124-1.html)
[#]: subject: (10 ways to get started with Linux)
[#]: via: (https://opensource.com/article/19/7/ways-get-started-linux)
[#]: author: (Seth Kenlon https://opensource.com/users/seth/users/don-watkins)
@ -12,9 +12,9 @@ Linux 入门十法
> 想要进入 Linux 之门,试试这十个方法。
![Penguins gathered together in the Artic][1]
![](https://img.linux.net.cn/data/attachment/album/201907/20/061809wwkmb51vqookoqq5.jpg)
文章《[什么是 Linux 用户?][2]》的作者 Anderson Silva 明确表示,现今人们使用 Linux在某种程度上就像使用 Windows 一样,只要你对“使用 Linux”这个事情定义得足够广泛。尽管如此,如果你的生活中没有足够的使用 Linux 的机会,现在正是以前所未有的方式尝试 Linux 的好时机。
文章《[什么是 Linux 用户?][2]》的作者 Anderson Silva 明确表示,现今人们使用 Linux在某种程度上就像使用 Windows 一样,只要你对“使用 Linux”这个事情定义得足够广义。尽管如此,如果你的生活中没有太多的使用 Linux 的机会,现在正是以前所未有的方式尝试 Linux 的好时机。
以下是 Linux 入门的十种方法。你可以试试其中一个或者全部试试。
@ -22,65 +22,65 @@ Linux 入门十法
![Free shell screenshot][3]
有很多人在用不上的服务器上运行 Linux 请记住“Linux 服务器”可以是从最新的超级计算机到丢弃的已经用了 12 年的笔记本电脑中的任何一个)。为了充分利用多余的计算机,许多管理员用这些备用的机器提供了免费的 shell 帐户。
有很多人在用不上的服务器上运行 Linux 请记住“Linux 服务器”可以是从最新的超级计算机到丢弃的已经用了 12 年的笔记本电脑中的任何一个)。为了充分利用多余的计算机,许多管理员用这些备用的机器提供了免费的 shell 帐户。
如果你想要登录到 Linux 终端中学习命令、shell 脚本、Python 以及 Web 开发的基础知识,那么免费的 shell 帐户是一种简单、免费的入门方式。这是一个简短的列表:
如果你想要登录到 Linux 终端中学习命令、shell 脚本、Python 以及 Web 开发的基础知识,那么免费的 shell 帐户是一种简单、免费的入门方式。下面是一个可以体验一下的简短列表:
* [Freeshell.de][4] 是一个自 2002 年以来一直在线的公用 Linux 系统。你可以通过 SSH、IPv6 和 OpenSSL 进行访问,以获得 Linux shell 体验,并且可以使用 MySQL 数据库。
* [Blinkenshell][5] 提供了一个学习 Unix、使用 IRC、托管简单网站和共享文件的 Linux shell。它自 2006 年以来一直在线。
* [SDF 公用 Unix 系统][6]成立于 1987 年,提供了免费的 NetBSD 账户。当然NetBSD 不是 Linux但它是开源的 Unix因此它提供了类似的体验。它也有几个自制应用程序因此它跨越了老派 BBS 和普通的免费 shell 之间的界限
* [Freeshell.de][4] 是一个自 2002 年以来一直在线服务的公用 Linux 系统。你可以通过 SSH、IPv6 和 OpenSSL 进行访问,以获得 Linux shell 体验,并且可以使用 MySQL 数据库。
* [Blinkenshell][5] 提供了一个学习 Unix、使用 IRC、托管简单网站和共享文件的 Linux shell。它自 2006 年以来一直在线服务
* [SDF 公用 Unix 系统][6]成立于 1987 年,提供了免费的 NetBSD 账户。当然NetBSD 不是 Linux但它是开源的 Unix因此它提供了类似的体验。它也有几个自制应用程序因此它不但有普通的免费 shell还提供了老派 BBS
免费 shell 帐户受到很多滥用,因此你表现出的信任度和参与集体活动的意愿越多,你的体验就越好。你通常可以访问数据库引擎、编译器和高级编程语言(通过特殊请求或小额捐赠来证明声誉)。你还可以要求安装其他软件或库,但需经管理员批准。
免费 shell 帐户常会受到滥用,因此你表现出的可信程度和积极参与协作的意愿越多,你的体验就越好。你可以通过专门请求或小额捐赠来证明你的诚意,通常可以访问数据库引擎、编译器和高级编程语言。你还可以要求安装其他软件或库,但需经管理员批准。
#### 如何使用
公用 shell 帐户是尝试真正的 Linux 系统的好方法。你无法获得 root 权限这一事实意味着你可学习本地软件管理,而无需做更多的维护工作。你可以做很多实际操作,以完成真正的工作,尽管它们对于学习关键任务还不够。
公用 shell 帐户是尝试真正的 Linux 系统的好方法。你无法获得 root 权限这一事实意味着你可学习本地软件管理,而无需做更多的维护工作。你可以做很多实际操作,以完成真正的工作,尽管它们对于学习关键任务还不够。
### 2、试试 Windows WSL 2 里面的 Linux
不管你信不信,微软从 2019 年 6 月开始在 Windows 里面带上了 Linux这意味着你可以从 Windows 运行 Linux 应用程序,这是第二代的 [Windows 里的 Linux 子系统][7]WSL 2。虽然它主要针对开发人员但 Windows 用户会发现 WSL 2 是一个熟悉的桌面上的 Linux 环境,而没有被任何虚拟化占用额外资源。这是一个以进程方式运行在 Windows 机器上的 Linux。在这个时候,它仍然是一个新的动向和正在进行中的工作,因此它可能会发生变化。如果你试图用它承担重任,你可能会遇到一两个错误,但是如果你只是想入门 Linux、学习一些命令并感受在基于文本的环境如何完成工作那么 WSL 2 可能正是你所需要的。
不管你信不信,微软从 2019 年 6 月开始在 Windows 里面带上了 Linux这意味着你可以从 Windows 运行 Linux 应用程序,这是 [Windows 里的 Linux 子系统][7]的第二版WSL 2。虽然它主要针对开发人员但 Windows 用户可以发现 WSL 2 是一个来自于他们熟悉的桌面上的 Linux 环境,而没有被任何虚拟化占用额外资源。这是一个以进程方式运行在 Windows 机器上的 Linux。现阶段,它仍然是一个新的动向和正在进行中的工作,因此它可能会发生变化。如果你试图用它承担重任,你可能会遇到一两个错误,但是如果你只是想入门 Linux、学习一些命令并感受在基于文本的环境如何完成工作那么 WSL 2 可能正是你所需要的。
#### 如何使用
WSL 还没有明确的方向或目的,但它在 Windows 机器上提供了 Linux 环境。你可以获得 root 访问权限,并可以运行 Linux 发行版和应用程序,因此这是一种简单而无缝的学习方式。但是,即使 WSL *是Linux*,它也不能给你典型的 Linux 体验。它是由 Windows 提供的 Linux而这不太会是你在现实世界中遇到的。WSL 是一个开发和教育工具,但如果你可以使用它,那么你应该试试它。
WSL 还没有明确的用途或目的,但它在 Windows 机器上提供了 Linux 环境。你可以获得 root 访问权限,并可以运行 Linux 发行版和应用程序,因此这是一种简单而无缝的学习方式。但是,即使 WSL *是Linux*,它也不能给你典型的 Linux 体验。它是由 Windows 提供的 Linux而这不太会是你在现实世界中遇到的情况。WSL 是一个开发和教育工具,但如果你可以使用它,那么你应该试试它。
### 3、把 Linux 放到可启动的 U 盘上
![Porteus Linux][8]
便携 Linux 可以安装到 U 盘上随身携带,并用该 U 盘启动你遇到的任何计算机。你可以获得个性化的 Linux 桌面,而无需担心所启动的主机上的数据。计算机不会接触你的 Linux 操作系统,并且你的 Linux 操作系统也不会影响计算机。它非常适合酒店商务中心、图书馆、学校的公共计算机,或者只是给自己一个不时启动 Linux 的借口。
便携 Linux 可以安装到 U 盘上随身携带,并用该 U 盘启动你遇到的任何计算机。你可以获得个性化的 Linux 桌面,而无需担心所用于启动的主机上的数据。该计算机上原有的系统不会与你的 Linux 系统相接触,并且你的 Linux 操作系统也不会影响计算机。它非常适合酒店商务中心、图书馆、学校的公共计算机,或者只是给自己一个不时启动 Linux 的借口。
与许多其他快速得的 Linux shell 不同,此方法为你提供了一个完整而强大的 Linux 系统,包括桌面环境,可访问你需要的任何软件以及持久的数据存储。
与许多其他快速得的 Linux shell 不同,此方法为你提供了一个完整而强大的 Linux 系统,包括桌面环境,可访问你需要的任何软件以及持久的数据存储。
这个系统永远不会改变。你要保存的任何数据都将写入压缩的文件系统中,然后在引导时将其作为覆盖层应用于该系统。这种灵活性允许你选择是以持久模式启动,将所有数据保存回 U 盘;还是以临时模式启动,以便一旦关闭电源,你所做的一切都会消失。换句话说,你可以将其用作不受信任的计算机上的安全信息亭或你信任的计算机上的便携式操作系统。
你可以尝试很多 [U 盘发行版][9],有些桌面环境很少,适用于低功耗计算机,有些适用于完整桌面环境。我偏爱 [Porteus][10] Linux。在过去的八年里我每天都把它放在我的钥匙链上在商务旅行中使用它作为我的主要计算平台如果在工作或家中计算机发生问题它也会用作工具盘。它是一个可靠而稳定的操作系统有趣且易于使用。
你可以尝试很多 [U 盘发行版][9],有些带有精简的桌面环境,适用于低功耗计算机,而另一些带有完整的桌面环境。我偏爱 [Porteus][10] Linux。在过去的八年里我每天都把它放在我的钥匙链上在商务旅行中使用它作为我的主要计算平台如果在工作场所或家中计算机发生问题,它也会用作工具盘。它是一个可靠而稳定的操作系统,有趣且易于使用。
在 Mac 或 Windows 上,下载 [Fedora Media Writer][11] 以创建你下载的任何便携式发行版的可启动 U 盘。
#### 如何使用
从 U 盘启动一个“实时 Linux”可提供完整的 Linux 发行版。虽然数据存储与你安装到硬盘驱动器的系统略有不同,但其所有内容都与你在 Linux 桌面上所期望的一样。在便携式 Linux 操作系统上你几乎没有什么不能做的,所以在你的钥匙串上安装一个以解锁你遇到的每台计算机的全部潜力吧。
从 U 盘启动一个 “实时 Linux” 可提供完整的 Linux 发行版环境。虽然数据存储与你安装到硬盘驱动器的系统略有不同,但其它的所有内容都与你在 Linux 桌面上所期望的一样。在便携式 Linux 操作系统上你几乎没有什么不能做的,所以在你的钥匙串上挂上一个以解锁你遇到的每台计算机的全部潜力吧。
### 4、在线
### 4、在线
![Linux tour screenshot][12]
Ubuntu 的某个人想到了在浏览器中托管 Ubuntu GNOME 桌面的好主意。想要自己尝试一下,可以打开 Web 浏览器并导航到 [tour.ubuntu.com][13]。你可以选择要演示的活动,也可以跳过单个课程并单击 “四处看看” 按钮。
Ubuntu 的某个人想到了在浏览器中托管 Ubuntu GNOME 桌面的好主意。如果想要自己尝试一下,可以打开 Web 浏览器并导航到 [tour.ubuntu.com][13]。你可以选择要演示的活动,也可以跳过单个课程并单击 “<ruby>四处看看<rt>Show Yourself Around</rt></ruby>” 按钮。
即使你是 Linux 桌面的新用户,你也可能会发现“四处看看”功能比你想象的更还简单。在线游览中,可以四处看看,查看可用的应用程序,以及查看典型的默认 Linux 桌面。你不能在 Firefox 中调整设置或启动另一个在线导览(这是我尝试的第一件事),虽然你可以完成安装应用程序的动作,但你无法启动它们。 但是,如果你之前从未使用过 Linux 桌面,并且想要看到各种新奇的东西,那这就是一场旋风之旅。
即使你是 Linux 桌面的新用户,你也可能会发现“四处看看”功能比你想象的更还简单。在线游览中,可以四处看看,查看可用的应用程序,以及查看典型的默认 Linux 桌面。你不能在 Firefox 中调整设置或启动另一个在线游览(这是我尝试过的第一件事),虽然你可以完成安装应用程序的动作,但你无法启动它们。但是,如果你之前从未使用过 Linux 桌面,并且想要看到各种新奇的东西,那这就是一场旋风之旅。
#### 如何使用
在线览真的只是一次旅行。如果你从未见过 Linux 桌面,那么这是一个了解它的情况的机会。不是为了正式的使用,而是一个吸引过客的展示。
在线览真的只是一次旅行。如果你从未见过 Linux 桌面,那么这是一个了解它的情况的机会。这不是一个正式的使用,而是一个吸引过客的展示。
### 5、在浏览器中用 JavaScript 运行 Linux
![JSLinux][14]
就在不久之前,虚拟化的计算成本还很高,这仅限于使用高级硬件的用户。而现在虚拟化已被优化到可以由 JavaScript 引擎执行的程度,这要归功于 Fabrice Bellard它是优秀的开源 [QEMU][15] 机器仿真器和虚拟器的创建者。
就在不久之前,虚拟化的计算成本还很高,还仅限于使用先进的硬件的用户。而现在虚拟化已被优化到可以由 JavaScript 引擎执行的程度,这要归功于 Fabrice Bellard它是优秀的开源 [QEMU][15] 机器仿真器和虚拟器的创建者。
Bellard 还启动了 JSLinux 项目,该项目允许你在浏览器中运行 Linux 和其他操作系统,算是闲暇时间的一个乐趣。它仍然是一个实验项目,但它是一个技术奇迹。打开 Web 浏览器导航到 [JSLinux][16] 页面,你可以启动基于文本的 Linux shell 或简的图形 Linux 环境。你可以上传和下载文件到 JSLinux 主机上或(在理论上)将文件发送到一个网络备份位置,因为 JSLinux 可以通过 VPN 套接字访问互联网(尽管上限速度取决于 VPN 服务)。
Bellard 还启动了 JSLinux 项目,该项目允许你在浏览器中运行 Linux 和其他操作系统,算是闲暇时间的一个乐趣。它仍然是一个实验项目,但它是一个技术奇迹。打开 Web 浏览器导航到 [JSLinux][16] 页面,你可以启动基于文本的 Linux shell 或简的图形 Linux 环境。你可以上传和下载文件到 JSLinux 主机上或(在理论上可以)将文件发送到一个网络备份位置,因为 JSLinux 可以通过 VPN 套接字访问互联网(尽管上限速度取决于 VPN 服务)。
#### 如何使用
@ -88,7 +88,7 @@ Bellard 还启动了 JSLinux 项目,该项目允许你在浏览器中运行 Li
### 6、阅读关于它的书
并非每种 Linux 体验都要用计算机。也许你是那种喜欢在开始新事物之前保持距离先观察和研究的人,或者你可能还不清楚 “Linux” 所包含的内容,或者你喜欢全情投入其中。关于 Linux 如何工作、运行 Linux 的方式以及 Linux 世界中有什么,有很多书可以读。
并非每种 Linux 体验都要用计算机。也许你是那种喜欢在开始新事物之前保持距离先观察和研究的人,或者你可能还不清楚 “Linux” 所包含的内容,或者你喜欢全情投入其中。关于 Linux 如何工作、运行 Linux 的方式以及 Linux 世界中有什么,有很多书可以读。
你越熟悉开源世界,就越容易理解常用术语,将城市神话与实际经验区分开来。我们不时会发布[图书清单] [17],但我的最爱之一是 Hazel Russman 的《[The Charm of Linux][18]》。这是一个从不同角度巡览 Linux 的过程,是由一位独立作者在发现 Linux 时兴奋之余写作的。
@ -100,41 +100,41 @@ Bellard 还启动了 JSLinux 项目,该项目允许你在浏览器中运行 Li
![Raspberry Pi 4][19]
如果你正在使用[树莓派][20],那么你就正在运行 Linux。Linux 和低功耗计算很容易上手。关于树莓派的好处,除了价格低于 100 美元之外,它的[网站][21]是专为教育而设计的。你可以了解树莓派所做的一切,当你了解之后,就知道了 Linux 可以为你做些什么。
如果你正在使用[树莓派][20],那么你就正在运行 Linux。Linux 和低功耗计算很容易上手。关于树莓派的好处,除了价格低于 100 美元之外,它的[网站][21]是专为教育而设计的。你可以了解树莓派所做的一切,当你了解之后,就知道了 Linux 可以为你做些什么。
#### 如何使用
树莓派被设计为低功耗计算机。这意味着你不能像过去那样做那么多的多任务处理,但这是一种避免不堪重负的方便方法。树莓派是学习 Linux 及其附带的所有可能性的好方法,它是发现环保、小型、简化计算能力的有趣方式。并且一定要关注 Opensource.com 上的[提示][22][技巧][23]和[有趣的][24][活动] [25],特别是在每年三月份的树莓派之周期间。
树莓派被设计为低功耗计算机。这意味着你不能像过去那样做那么多的多任务处理,但这是一种避免不堪重负的方便方法。树莓派是学习 Linux 及其附带的所有可能性的好方法,它是发现环保、小型、简化计算能力的有趣方式。并且一定要关注 Opensource.com 上的[提示][22][技巧][23]和[有趣的][24][活动] [25],特别是在每年三月份的树莓派之周期间。
### 8、赶上容器热潮
如果你在神话般的[云][26]的后端附近工作,那么你已经听说过容器热潮。虽然你可以在 Windows、Azure、Mac 和 Linux 上运行 Docker 和 Kubernetes但你可能不知道容器本身就是 Linux。云计算应用和基础设施实际上是精简的 Linux 系统,部分虚拟化,部分基于裸机。如果启动容器,则会启动微型的超特定的 Linux 发行版。
如果你从事于神话般的[云服务][26]的后端工作,那么你已经听说过容器热潮。虽然你可以在 Windows、Azure、Mac 和 Linux 上运行 Docker 和 Kubernetes但你可能不知道容器本身就是 Linux。云计算应用和基础设施实际上是精简的 Linux 系统,部分虚拟化,部分基于裸机。如果启动容器,则会启动微型的超特定的 Linux 发行版。
容器与虚拟机或物理服务器[不同][27]。它们不打算用作通用操作系统。但是,如果你在容器中进行开发,你可以停下来四处打量一下,你将了解到 Linux 系统的结构、保存重要文件的位置以及最常见的命令。你甚至可以[在线尝试容器][28],你可以在我的文章中[深入到 Linux 容器的背后][29]了解它们如何工作的。
#### 如何使用
根据设计,容器特定于单个任务,但它们是 Linux因此它们非常灵活。你可以如你预期的使用它们也可以在你的 Linux 实验当中将容器构建到大部分完整系统中。它虽然不桌面 Linux 体验,但它是完整的 Linux 体验。
根据设计,容器特定于一个单一任务,但它们是 Linux因此它们非常灵活。你可以如你预期的使用它们也可以在你的 Linux 实验当中将容器构建到大部分完整系统中。它虽然不提供桌面 Linux 体验,但它是完整的 Linux 体验。
### 9、以虚拟机方式安装 Linux
虚拟化是尝试操作系统的简便方法,[VirtualBox][30]是一种很好的开源虚拟化方法。VirtualBox 可以在 Windows 和 Mac 上运行,因此你可以将 Linux 安装为虚拟机VM并使用它就好像它只是一个应用程序一样。如果你不习惯安装操作系统VirtualBox 也是一种尝试 Linux 的非常安全的方式,而不会意外地将其安装在你通常的操作系统上。
虚拟化是尝试操作系统的简便方法,[VirtualBox][30] 是一种很好的开源虚拟化方法。VirtualBox 可以在 Windows 和 Mac 上运行,因此你可以将 Linux 安装为虚拟机VM并使用它就好像它只是一个应用程序一样。如果你不习惯安装操作系统VirtualBox 也是一种尝试 Linux 的非常安全的方式,而不会意外地将其安装覆盖在你通常的操作系统上。
#### 如何使用
将 Linux 作为虚拟机运行既方便又简单,既可以作为试运行使用,也可以在需要 Linux 环境时进行双启动或重启。它功能齐全,因为它使用虚拟硬件,主操作系统负责驱动你的外围设备。将 Linux 作为虚拟机运行的唯一缺点主要是心理上的。如果你打算使用 Linux 作为主操作系统,但最终默认在宿主操作系统做除了特定于 Linux 的大多数任务,那么虚拟机就会让你失望。否则,虚拟机是现代技术的胜利,在 VirtualBox 中使用 Linux 可以为你提供 Linux 所提供的所有最佳功能。
将 Linux 作为虚拟机运行既方便又简单,既可以作为试运行使用,也可以在需要 Linux 环境时进行双启动或重启进入。它功能齐全,因为它使用虚拟硬件,宿主操作系统负责驱动你的外围设备。将 Linux 作为虚拟机运行的唯一缺点主要是心理上的。如果你打算使用 Linux 作为主操作系统,但最终默认在宿主操作系统做除了特定于 Linux 的大多数任务,那么虚拟机就会让你失望。否则,虚拟机是现代技术的胜利,在 VirtualBox 中使用 Linux 可以为你提供 Linux 所提供的所有最佳功能。
### 10、安装一个 Linux
![Fedora Silverblue][31]
如果对上述方式有疑问,那么总会有传统的方式。如果你想给予 Linux 应有的关注,你可以下载 Linux将安装程序刻录到 U 盘(或 DVD如果你更喜欢光学介质的话并将其安装在你的计算机上。Linux 是开源的,所以任何想要花时间打包 Linux 的人都可以分发 Linux并且可以将所有可用的部分分配到通常称为发行版的内容中。询问任何 Linux 用户哪个发行版是“最好的”,你必然会得到一个不同的答案(主要是因为术语“最佳”通常是未定义的)。大多数人都认可你应该使用适合你的 Linux 发行版,这意味着你应该测试一些流行的发行版,并坚持使你的计算机按照你期望的行为行事。这是一种务实和功能性的方法。例如,如果发行版无法识别你的网络摄像头而你希望它可以正常工作,则可以使用一个可识别该网络摄像头的发行版。
如果对上述方式有疑问,那么总会有传统的方式。如果你想给予 Linux 应有的关注,你可以下载 Linux将安装程序刻录到 U 盘(或 DVD如果你更喜欢光学介质的话并将其安装在你的计算机上。Linux 是开源的,所以任何想要花时间打包 Linux 的人都可以分发 Linux并且可以将所有可用的部分分配到通常称为发行版的内容中。无论问哪一个 Linux 用户什么发行版是“最好的”,你必然都会得到一个不同的答案(主要是因为这个术语“最佳”通常是尚未定义的)。大多数人都认可:你应该使用适合你的 Linux 发行版,这意味着你应该测试一些流行的发行版,并坚持使你的计算机按照你期望的行为行事。这是一种务实和功能性的方法。例如,如果发行版无法识别你的网络摄像头而你希望它可以正常工作,则可以使用一个可识别该网络摄像头的发行版。
如果你之前从未安装过操作系统,你会发现大多数 Linux 发行版都包含友好且简单的安装程序。只需下载一个发行版(它们作为 ISO 文件提供),然后下载 [Fedora Media Writer][11] 来创建一个可启动的安装 U 盘。
如果你之前从未安装过操作系统,你会发现大多数 Linux 发行版都包含一个友好且简单的安装程序。只需下载一个发行版(它们 ISO 文件提供),然后下载 [Fedora Media Writer][11] 来创建一个可启动的安装 U 盘。
#### 如何使用
安装 Linux 并将其用作操作系统是迈向熟悉和熟悉它的一步。怎么使用它都可以。你可能会发现你从未了解过所需的必备功能,你可能会比你想象的更多地了解计算机,并且可能会改变你的世界观。或者你可以使用 Linux 桌面,因为它易于下载和安装,或者因为你想要削减某些公司霸主的中间人,或者因为它可以帮助你完成工作。
安装 Linux 并将其用作操作系统是迈向熟悉它的一步。怎么使用它都可以。你可能会发现一些你从未了解过所需的必备功能,你可能会比你想象的更多地了解计算机,并且可能会改变你的世界观。你使用一个 Linux 桌面,或者是因为它易于下载和安装,或者是因为你想要削弱公司中某些人的霸主地位,或者只是因为它可以帮助你完成工作。
无论你的原因是什么,只需尝试使用上面这些任何(或所有)这些方式。
@ -145,7 +145,7 @@ via: https://opensource.com/article/19/7/ways-get-started-linux
作者:[Seth Kenlon][a]
选题:[lujun9972][b]
译者:[wxy](https://github.com/wxy)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出

151
sources/talk/20190718 Worst DNS attacks and how to mitigate them.md Normal file
View File

@ -0,0 +1,151 @@
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Worst DNS attacks and how to mitigate them)
[#]: via: (https://www.networkworld.com/article/3409719/worst-dns-attacks-and-how-to-mitigate-them.html)
[#]: author: (Michael Cooney https://www.networkworld.com/author/Michael-Cooney/)
Worst DNS attacks and how to mitigate them
======
DNS threats, including DNS hijacking, tunneling, phishing, cache poisoning and DDoS attacks, are all on the rise.
![Max Bender \(CC0\)][1]
The Domain Name System remains under constant attack, and there seems to be no end in sight as threats grow increasingly sophisticated.
DNS, known as the internets phonebook, is part of the global internet infrastructure that translates between familiar names and the numbers computers need to access a website or send an email. While DNS has long been the target of assailants looking to steal all manner of corporate and private information, the threats in the [past year][2] or so indicate a worsening of the situation.
**More about DNS:**
* [DNS in the cloud: Why and why not][3]
* [DNS over HTTPS seeks to make internet use more private][4]
* [How to protect your infrastructure from DNS cache poisoning][5]
* [ICANN housecleaning revokes old DNS security key][6]
IDC reports that 82% of companies worldwide have faced a DNS attack over the past year. The research firm recently published its fifth annual [Global DNS Threat Report][7], which is based on a survey IDC conducted on behalf of DNS security vendor EfficientIP of 904 organizations across the world during the first half of 2019.
According to IDC's research, the average costs associated with a DNS attack rose by 49% compared to a year earlier. In the U.S., the average cost of a DNS attack tops out at more than $1.27 million. Almost half of respondents (48%) report losing more than $500,000 to a DNS attack, and nearly 10% say they lost more than $5 million on each breach. In addition, the majority of U.S. organizations say that it took more than one day to resolve a DNS attack.
“Worryingly, both in-house and cloud applications were damaged, with growth of over 100% for in-house application downtime, making it now the most prevalent damage suffered,” IDC wrote. "DNS attacks are moving away from pure brute-force to more sophisticated attacks acting from the internal network. This will force organizations to use intelligent mitigation tools to cope with insider threats."
### Sea Turtle DNS hijacking campaign
An ongoing DNS hijacking campaign known as Sea Turtle is one example of what's occuring in today's DNS threat landscape.
This month, [Cisco Talos][8] security researchers said the people behind the Sea Turtle campaign have been busy [revamping their attacks][9] with new infrastructure and going after new victims.
**[ [Prepare to become a Certified Information Security Systems Professional with this comprehensive online course from PluralSight. Now offering a 10-day free trial!][10] ]**
In April, Talos released a [report detailing][11] Sea Turtle and calling it the “first known case of a domain name registry organization that was compromised for cyber espionage operations.” Talos says the ongoing DNS threat campaign is a state-sponsored attack that abuses DNS to harvest credentials to gain access to sensitive networks and systems in a way that victims are unable to detect, which displays unique knowledge on how to manipulate DNS.
By obtaining control of victims DNS, the attackers can change or falsify any data on the Internet and illicitly modify DNS name records to point users to actor-controlled servers; users visiting those sites would never know, Talos reports. 
The hackers behind Sea Turtle appear to have regrouped after the April report from Talos and are redoubling their efforts with new infrastructure  a move Talos researchers find to be unusual: “While many actors will slow down once they are discovered, this group appears to be unusually brazen, and will be unlikely to be deterred going forward,” Talos [wrote][9] in July.
“Additionally, we discovered a new DNS hijacking technique that we assess with moderate confidence is connected to the actors behind Sea Turtle. This new technique is similar in that the threat actors compromise the name server records and respond to DNS requests with falsified A records,” Talos stated. 
“This new technique has only been observed in a few highly targeted operations. We also identified a new wave of victims, including a country code top-level domain (ccTLD) registry, which manages the DNS records for every domain [that] uses that particular country code; that access was used to then compromise additional government entities. Unfortunately, unless there are significant changes made to better secure DNS, these sorts of attacks are going to remain prevalent,” Talos wrote.
### DNSpionage attack upgrades its tools
Another newer threat to DNS comes in the form of an attack campaign called [DNSpionage][12]. 
DNSpionage initially used two malicious websites containing job postings to compromise targets via crafted Microsoft Office documents with embedded macros. The malware supported HTTP and DNS communication with the attackers. And the attackers are continuing to develop new assault techniques.
“The threat actor's ongoing development of DNSpionage malware shows that the attacker continues to find new ways to avoid detection. DNS tunneling is a popular method of exfiltration for some actors, and recent examples of DNSpionage show that we must ensure DNS is monitored as closely as an organization's normal proxy or weblogs,” [Talos wrote][13]. “DNS is essentially the phonebook of the internet, and when it is tampered with, it becomes difficult for anyone to discern whether what they are seeing online is legitimate.”
The DNSpionage campaign targeted various businesses in the Middle East as well as United Arab Emirates government domains.
“One of the biggest problems with DNS attacks or the lack of protection from them is complacency,” said Craig Williams, director of Talos outreach. Companies think DNS is stable and that they dont need to worry about it. “But what we are seeing with attacks like DNSpionage and Sea Turtle are kind of the opposite, because attackers have figured out how to use it to their advantage how to use it to do damage to credentials in a way, in the case of Sea Turtle, that the victim never even knows it happened. And thats a real potential problem.”
If you know, for example, your name server has been compromised, then you can force everyone to change their passwords. But if instead they go after the registrar and the registrar points to the bad guys name, you never knew it happened because nothing of yours was touched thats why these new threats are so nefarious, Williams said.
“Once attackers start using it publicly, successfully, other bad guys are going to look at it and say, Hey, why don't I use that to harvest a bunch of credentials from the sites I am interested in,’” Williams said.
### **The DNS IoT risk**
Another developing risk would be the proliferation of IoT devices.  The Internet Corporation for Assigned Names and Numbers (ICANN) recently wrote a [paper on the risk that IoT brings to DNS][14]. 
“The IoT is a risk to the DNS because various measurement studies suggest that IoT devices could stress the DNS infrastructure in ways that we have not seen before,” ICANN stated.   “For example, a software update for a popular IP-enabled IoT device that causes the device to use the DNS more frequently (e.g., regularly lookup random domain names to check for network availability) could stress the DNS in individual networks when millions of devices automatically install the update at the same time.”
While this is a programming error from the perspective of individual devices, it could result in a significant attack vector from the perspective of DNS infrastructure operators. Incidents like this have already occurred on a small scale, but they may occur more frequently in the future due to the growth of heterogeneous IoT devices from manufacturers that equip their IoT devices with controllers that use the DNS, ICANN stated.
ICANN also suggested that IoT botnets will represent an increased threat to DNS operators. “Larger DDoS attacks, partly because IoT bots are more difficult to eradicate. Current botnet sizes are on the order of hundreds of thousands. The most well-known example is the Mirai botnet, which involved 400K (steady-state) to 600K (peak) infected IoT devices.  The Hajime botnet hovers around 400K infected IoT devices, but has not launched any DDoS attacks yet. With the growth of the IoT, these attacks may grow to involve millions of bots and as a result larger DDoS attacks.
### **DNS security warnings grow**
The UK's [National Cyber Security Centre (NCSC)][15] issued a warning this month about ongoing DNS attacks, particularly focusing on DNS hijacking. It cited a number of risks associated with the uptick in DNS hijacking including:
**Creating malicious DNS records.** A malicious DNS record could be used, for example, to create a phishing website that is present within an organizations familiar domain. This may be used to phish employees or customers.
**Obtaining SSL certificates.** Domain-validated SSL certificates are issued based on the creation of DNS records; thus an attacker may obtain valid SSL certificates for a domain name, which could be used to create a phishing website intended to look like an authentic website, for example.
**Transparent proxying.** One serious risk employed recently involves transparently proxying traffic to intercept data. The attacker modifies an organizations configured domain zone entries (such as “A” or “CNAME” records) to point traffic to their own IP address, which is infrastructure they manage.
“An organization may lose total control of their domain and often the attackers will change the domain ownership details making it harder to recover,” the NCSC wrote.
These new threats, as well as other dangers, led the U.S. government to issue a warning earlier this year about DNS attacks on federal agencies. 
The Department of Homeland Securitys Cybersecurity and Infrastructure Security Agency (CISA) told all federal agencies to bolt down their DNS in the face of a series of global hacking campaigns.
CISA said in its [Emergency Directive][16] that it was tracking a series of incidents targeting DNS infrastructure. CISA wrote that it “is aware of multiple executive branch agency domains that were impacted by the tampering campaign and has notified the agencies that maintain them.”
CISA says that attackers have managed to intercept and redirect web and mail traffic and could target other networked services. The agency said the attacks start with compromising user credentials of an account that can make changes to DNS records.  Then the attacker alters DNS records, like Address, Mail Exchanger, or Name Server records, replacing the legitimate address of the services with an address the attacker controls.
These actions let the attacker direct user traffic to their own infrastructure for manipulation or inspection before passing it on to the legitimate service, should they choose. This creates a risk that persists beyond the period of traffic redirection, CISA stated. 
“Because the attacker can set DNS record values, they can also obtain valid encryption certificates for an organizations domain names. This allows the redirected traffic to be decrypted, exposing any user-submitted data. Since the certificate is valid for the domain, end users receive no error warnings,” CISA stated.
### **Get on the DNSSEC bandwagon**
“Enterprises that are potential targets in particular those that capture or expose user and enterprise data through their applications should heed this advisory by the NSCS and should pressure their DNS and registrar vendors to make DNSSEC and other domain security best practices easy to implement and standardized,” said Kris Beevers, co-founder and CEO of DNS security vendor [NS1][17]. “They can easily implement DNSSEC signing and other domain security best practices with technologies in the market today. At the very least, they should work with their vendors and security teams to audit their implementations.”
DNSSEC was in the news earlier this year when in response to increased DNS attacks, ICANN called for an intensified community effort to install stronger DNS security technology. 
Specifically, ICANN wants full deployment of the Domain Name System Security Extensions ([DNSSEC][18]) across all unsecured domain names. DNSSEC adds a layer of security on top of DNS. Full deployment of DNSSEC ensures end users are connecting to the actual web site or other service corresponding to a particular domain name, ICANN said. “Although this will not solve all the security problems of the Internet, it does protect a critical piece of it the directory lookup complementing other technologies such as SSL (https:) that protect the conversation, and provide a platform for yet-to-be-developed security improvements,” ICANN stated.
DNSSEC technologies have been around since about 2010 but are not widely deployed, with less than 20% of the worlds DNS registrars having deployed it, according to the regional internet address registry for the Asia-Pacific region ([APNIC][19]).
DNSSEC adoption has been lagging because it was viewed as optional and can require a tradeoff between security and functionality, said NS1's Beevers.
### **Traditional DNS threats**
While DNS hijacking may be the front line attack method, other more traditional threats still exist. 
The IDC/EfficientIP study found most popular DNS threats have changed compared with last year. Phishing (47%) is now more popular than last years favorite, DNS-based malware (39%), followed by DDoS attacks (30%), false positive triggering (26%), and lock-up domain attacks (26%).
--------------------------------------------------------------------------------
via: https://www.networkworld.com/article/3409719/worst-dns-attacks-and-how-to-mitigate-them.html
作者:[Michael Cooney][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://www.networkworld.com/author/Michael-Cooney/
[b]: https://github.com/lujun9972
[1]: https://images.idgesg.net/images/article/2018/08/anonymous_faceless_hooded_mand_in_scary_halloween_mask_finger_to_lips_danger_threat_stealth_attack_hacker_hush_silence_warning_by_max_bender_cc0_via_unsplash_1200x800-100766358-large.jpg
[2]: https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
[3]: https://www.networkworld.com/article/3273891/hybrid-cloud/dns-in-the-cloud-why-and-why-not.html
[4]: https://www.networkworld.com/article/3322023/internet/dns-over-https-seeks-to-make-internet-use-more-private.html
[5]: https://www.networkworld.com/article/3298160/internet/how-to-protect-your-infrastructure-from-dns-cache-poisoning.html
[6]: https://www.networkworld.com/article/3331606/security/icann-housecleaning-revokes-old-dns-security-key.html
[7]: https://www.efficientip.com/resources/idc-dns-threat-report-2019/
[8]: https://www.talosintelligence.com/
[9]: https://blog.talosintelligence.com/2019/07/sea-turtle-keeps-on-swimming.html
[10]: https://pluralsight.pxf.io/c/321564/424552/7490?u=https%3A%2F%2Fwww.pluralsight.com%2Fpaths%2Fcertified-information-systems-security-professional-cisspr
[11]: https://blog.talosintelligence.com/2019/04/seaturtle.html
[12]: https://www.networkworld.com/article/3390666/cisco-dnspionage-attack-adds-new-tools-morphs-tactics.html
[13]: https://blog.talosintelligence.com/2019/04/dnspionage-brings-out-karkoff.html
[14]: https://www.icann.org/en/system/files/files/sac-105-en.pdf
[15]: https://www.ncsc.gov.uk/news/ongoing-dns-hijacking-and-mitigation-advice
[16]: https://cyber.dhs.gov/ed/19-01/
[17]: https://ns1.com/
[18]: https://www.icann.org/resources/pages/dnssec-qaa-2014-01-29-en
[19]: https://www.apnic.net/

80
sources/tech/20190719 Buying a Linux-ready laptop.md Normal file
View File

@ -0,0 +1,80 @@
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Buying a Linux-ready laptop)
[#]: via: (https://opensource.com/article/19/7/linux-laptop)
[#]: author: (Ricardo Berlasso https://opensource.com/users/rgb-eshttps://opensource.com/users/greg-phttps://opensource.com/users/chrisodhttps://opensource.com/users/victorhckhttps://opensource.com/users/hankghttps://opensource.com/users/noplanman)
Buying a Linux-ready laptop
======
Tuxedo makes it easy to buy an out-of-the-box "penguin-ready" laptop.
![Penguin with green background][1]
Recently, I bought and started using a Tuxedo Book BC1507, a Linux laptop computer. Ten years ago, if someone had told me that, by the end of the decade, I could buy top-quality, "penguin-ready" laptops from companies such as [System76][2], [Slimbook][3], and [Tuxedo][4], I probably would have laughed. Well, now I'm laughing, but with joy!
Going beyond designing computers for free/libre open source software (FLOSS), all three companies recently [announced][5] they are trying to eliminate proprietary BIOS software by switching to [Coreboot][6].
### Buying it
Tuxedo Computers is a German company that builds Linux-ready laptops. In fact, if you want a different operating system, it costs more.
Buying the computer was incredibly easy. Tuxedo offers many payment methods: not only credit cards but also PayPal and even bank transfers. Just fill out the bank transfer form on Tuxedo's web page, and the company will send you the bank coordinates.
Tuxedo builds every computer on demand, and picking exactly what you want is as easy as selecting the basic model and exploring the drop-down menus to select different components. There is a lot of information on the page to guide you in the purchase.
If you pick a different Linux distribution from the recommended one, Tuxedo does a "net install," so have a network cable ready to finish the installation, or you can burn your preferred image onto a USB key. I used a DVD with the openSUSE Leap 15.1 installer through an external DVD reader instead, but you get the idea.
The model I chose accepts up to two disks: one SSD and the other either an SSD or a conventional hard drive. As I was already over budget, I decided to pick a conventional 1TB disk and increase the RAM to 16GB. The processor is an 8th Generation i5 with four cores. I selected a back-lit Spanish keyboard, a 1920×1080/96dpi screen, and an SD card reader—all in all, a great system.
If you're fine with the default English or German keyboard, you can even ask for a penguin icon on the Meta key! I needed a Spanish keyboard, which doesn't offer this option.
### Receiving and using it
The perfectly packaged computer arrived in total safety to my door just six working days after the payment was registered. After unpacking the computer and unlocking the battery, I was ready to roll.
![Tuxedo Book BC1507][7]
The new toy on top of my (physical) desktop.
The computer's design is really nice and feels solid. Even though the chassis on this model is not aluminum, it stays cool. The fan is really quiet, and the airflow goes to the back edge, not to the sides, as in many other laptops. The battery provides several hours of autonomy from an electrical outlet. An option in the BIOS called FlexiCharger stops charging the battery after it reaches a certain percentage, so you don't need to remove the battery when you work for a long time while plugged in.
The keyboard is really comfortable and surprisingly quiet. Even the touchpad keys are quiet! Also, you can easily adjust the light intensity on the back-lit keyboard.
Finally, it's easy to access every component in the laptop so the computer can be updated or repaired without problems. Tuxedo even sends spare screws!
### Conclusion
After a month of heavy use, I'm really happy with the system. I got exactly what I asked for, and everything works perfectly.
Because they are usually high-end systems, Linux-included computers tend to be on the expensive side of the spectrum. If you compare the price of a Tuxedo or Slimbook computer with something with similar specifications from a more established brand, the prices are not that different. If you are after a powerful system to use with free software, don't hesitate to support these companies: What they offer is worth the price.
Let's us know in the comments about your experience with Tuxedo and other "penguin-friendly" companies.
* * *
_This article is based on "[My new 'penguin ready' laptop: Tuxedo-Book-BC1507][8]," published on Ricardo's blog, [From Mind to Type][9]._
--------------------------------------------------------------------------------
via: https://opensource.com/article/19/7/linux-laptop
作者:[Ricardo Berlasso][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/rgb-eshttps://opensource.com/users/greg-phttps://opensource.com/users/chrisodhttps://opensource.com/users/victorhckhttps://opensource.com/users/hankghttps://opensource.com/users/noplanman
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/linux_penguin_green.png?itok=ENdVzW22 (Penguin with green background)
[2]: https://system76.com/
[3]: https://slimbook.es/en/
[4]: https://www.tuxedocomputers.com/
[5]: https://www.tuxedocomputers.com/en/Infos/News/Tuxedo-Computers-stands-for-Free-Software-and-Security-.tuxedo
[6]: https://coreboot.org/
[7]: https://opensource.com/sites/default/files/uploads/tuxedo-600_0.jpg (Tuxedo Book BC1507)
[8]: https://frommindtotype.wordpress.com/2019/06/17/my-new-penguin-ready-laptop-tuxedo-book-bc1507/
[9]: https://frommindtotype.wordpress.com/

375
sources/tech/20190719 Modifying Windows local accounts with Fedora and chntpw.md Normal file
View File

@ -0,0 +1,375 @@
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Modifying Windows local accounts with Fedora and chntpw)
[#]: via: (https://fedoramagazine.org/modifying-windows-local-accounts-with-fedora-and-chntpw/)
[#]: author: (Shaun Assam https://fedoramagazine.org/author/sassam/)
Modifying Windows local accounts with Fedora and chntpw
======
![][1]
I recently encountered a problem at work where a clients Windows 10 PC lost trust to the domain. The user is an executive and the hindrance of his computer can affect real-time mission-critical tasks. He gave me 30 minutes to resolve the issue while he attended a meeting.
Needless to say, Ive encountered this issue many times in my career. Its an easy fix using the Windows 7/8/10 installation media to reset the Administrator password, remove the PC off the domain and rejoin it. Unfortunately it didnt work this time. After 20 minutes of scouring the net and scanning through the Microsoft Docs with no success, I turned to my development machine running Fedora with hopes of finding a solution.
With _dnf search_ I found a utility called **chntpw**:
```
$ dnf search windows | grep password
```
According to the summary, _chntpw_ will “change passwords in Windows SAM files.”
Little did I know at the time there was more to this utility than explained in the summary. Hence, this article will go through the steps I used to successfully reset a Windows local user password using _chntpw_ and a Fedora Workstation Live boot USB. The article will also cover some of the features of _chntpw_ used for basic user administration.
### Installation and setup
If the PC can connect to the internet after booting the live media, install _chntpw_ from the official Fedora repository with:
```
$ sudo dnf install chntpw
```
If youre unable to access the internet, no sweat! Fedora Workstation Live boot media has all the dependencies installed out-of-the-box, so all we need is the package. You can find the builds for your Fedora version from the [Fedora Projects Koji][2] site. You can use another computer to download the utility and use a USB thumb drive, or other form of media to copy the package.
First and foremost we need to create the Fedora Live USB stick. If you need instructions, the article on [How to make a Fedora USB stick][3] is a great reference.
Once the key is created shut-down the Windows PC, insert the thumb drive if the USB key was created on another computer, and turn on the PC — be sure to boot from the USB drive. Once the live media boots, select “Try Fedora” and open the Terminal application.
Also, we need to mount the Windows drive to access the files. Enter the following command to view all drive partitions with an NTFS filesystem:
```
$ sudo blkid | grep ntfs
```
Most hard drives are assigned to _/dev/sdaX_ where X is the partition number — virtual drives may be assigned to _/dev/vdX_, and some newer drives (like SSDs) use _/dev/nvmeX_. For this example the Windows C drive is assigned to _/dev/sda2_. To mount the drive enter:
```
$ sudo mount /dev/sda2 /mnt
```
Fedora Workstation contains the _ntfs-3g_ and _ntfsprogs_ packages out-of-the-box. If youre using a spin that does not have NTFS working out of the box, you can install these two packages from the official Fedora repository with:
```
$ sudo dnf install ntfs-3g ntfsprogs
```
Once the drive is mounted, navigate to the location of the SAM file and verify that its there:
```
$ cd /mnt/Windows/System32/config
$ ls | grep SAM
SAM
SAM.LOG1
SAM.LOG2
```
### Clearing or resetting a password
Now its time to get to work. The help flag **-h** provides everything we need to know about this utility and how to use it:
```
$ chntpw -h
chntpw: change password of a user in a Windows SAM file,
or invoke registry editor. Should handle both 32 and 64 bit windows and
all version from NT3.x to Win8.1
chntpw [OPTIONS] [systemfile] [securityfile] [otherreghive] […]
-h This message
-u Username or RID (0x3e9 for example) to interactively edit
-l list all users in SAM file and exit
-i Interactive Menu system
-e Registry editor. Now with full write support!
-d Enter buffer debugger instead (hex editor),
-v Be a little more verbose (for debuging)
-L For scripts, write names of changed files to /tmp/changed
-N No allocation mode. Only same length overwrites possible (very safe mode)
-E No expand mode, do not expand hive file (safe mode)
Usernames can be given as name or RID (in hex with 0x first)
See readme file on how to get to the registry files, and what they are.
Source/binary freely distributable under GPL v2 license. See README for details.
NOTE: This program is somewhat hackish! You are on your own!
```
Use the **-l** parameter to display a list of users it reads from the SAM file:
```
$ sudo chntpw -l SAM
chntpw version 1.00 140201, (c) Petter N Hagen
Hive name (from header): <\SystemRoot\System32\Config\SAM>
ROOT KEY at offset: 0x001020 * Subkey indexing type is: 686c
File size 65536 [10000] bytes, containing 7 pages (+ 1 headerpage)
Used for data: 346/37816 blocks/bytes, unused: 23/7016 blocks/bytes.
| RID -|---------- Username ------------| Admin? |- Lock? --|
| 01f4 | Administrator | ADMIN | dis/lock |
| 01f7 | DefaultAccount | | dis/lock |
| 03e8 | defaultuser0 | | dis/lock |
| 01f5 | Guest | | dis/lock |
| 03ea | sysadm | ADMIN | |
| 01f8 | WDAGUtilityAccount | | dis/lock |
| 03e9 | WinUser | | |
```
Now that we have a list of Windows users we can edit the account. Use the **-u** parameter followed by the username and the name of the SAM file. For this example, edit the _sysadm_ account:
```
$ sudo chntpw -u sysadm SAM
chntpw version 1.00 140201, (c) Petter N Hagen
Hive name (from header): <\SystemRoot\System32\Config\SAM>
ROOT KEY at offset: 0x001020 * Subkey indexing type is: 686c
File size 65536 [10000] bytes, containing 7 pages (+ 1 headerpage)
Used for data: 346/37816 blocks/bytes, unused: 23/7016 blocks/bytes.
================= USER EDIT ====================
RID : 1002 [03ea]
Username: sysadm
fullname: SysADM
comment :
homedir :
00000220 = Administrators (which has 2 members)
Account bits: 0x0010 =
[ ] Disabled | [ ] Homedir req. | [ ] Passwd not req. |
[ ] Temp. duplicate | [X] Normal account | [ ] NMS account |
[ ] Domain trust ac | [ ] Wks trust act. | [ ] Srv trust act |
[ ] Pwd don't expir | [ ] Auto lockout | [ ] (unknown 0x08) |
[ ] (unknown 0x10) | [ ] (unknown 0x20) | [ ] (unknown 0x40) |
Failed login count: 0, while max tries is: 0
Total login count: 0
- - - User Edit Menu:
1 - Clear (blank) user password
(2 - Unlock and enable user account) [seems unlocked already]
3 - Promote user (make user an administrator)
4 - Add user to a group
5 - Remove user from a group
q - Quit editing user, back to user select
Select: [q] >
```
To clear the password press **1** and ENTER. If successful you will see the following message:
```
...
Select: [q] > 1
Password cleared!
================= USER EDIT ====================
RID : 1002 [03ea]
Username: sysadm
fullname: SysADM
comment :
homedir :
00000220 = Administrators (which has 2 members)
Account bits: 0x0010 =
[ ] Disabled | [ ] Homedir req. | [ ] Passwd not req. |
[ ] Temp. duplicate | [X] Normal account | [ ] NMS account |
[ ] Domain trust ac | [ ] Wks trust act. | [ ] Srv trust act |
[ ] Pwd don't expir | [ ] Auto lockout | [ ] (unknown 0x08) |
[ ] (unknown 0x10) | [ ] (unknown 0x20) | [ ] (unknown 0x40) |
Failed login count: 0, while max tries is: 0
Total login count: 0
** No NT MD4 hash found. This user probably has a BLANK password!
** No LANMAN hash found either. Try login with no password!
...
```
Verify the change by repeating:
```
$ sudo chntpw -l SAM
chntpw version 1.00 140201, (c) Petter N Hagen
Hive name (from header): <\SystemRoot\System32\Config\SAM>
ROOT KEY at offset: 0x001020 * Subkey indexing type is: 686c
File size 65536 [10000] bytes, containing 7 pages (+ 1 headerpage)
Used for data: 346/37816 blocks/bytes, unused: 23/7016 blocks/bytes.
| RID -|---------- Username ------------| Admin? |- Lock? --|
| 01f4 | Administrator | ADMIN | dis/lock |
| 01f7 | DefaultAccount | | dis/lock |
| 03e8 | defaultuser0 | | dis/lock |
| 01f5 | Guest | | dis/lock |
| 03ea | sysadm | ADMIN | *BLANK* |
| 01f8 | WDAGUtilityAccount | | dis/lock |
| 03e9 | WinUser | | |
...
```
The “Lock?” column now shows _BLANK_ for the sysadm user. Type **q** to exit and **y** to write the changes to the SAM file. Reboot the machine into Windows and login using the account (in this case _sysadm_) without a password.
### Features
Furthermore, _chntpw_ can perform basic Windows user administrative tasks. It has the ability to promote the user to the administrators group, unlock accounts, view and modify group memberships, and edit the registry.
#### The interactive menu
_chntpw_ has an easy-to-use interactive menu to guide you through the process. Use the **-i** parameter to launch the interactive menu:
```
$ chntpw -i SAM
chntpw version 1.00 140201, (c) Petter N Hagen
Hive name (from header): <\SystemRoot\System32\Config\SAM>
ROOT KEY at offset: 0x001020 * Subkey indexing type is: 686c
File size 65536 [10000] bytes, containing 7 pages (+ 1 headerpage)
Used for data: 346/37816 blocks/bytes, unused: 23/7016 blocks/bytes.
<>========<> chntpw Main Interactive Menu <>========<>
Loaded hives:
1 - Edit user data and passwords
2 - List groups
- - -
9 - Registry editor, now with full write support!
q - Quit (you will be asked if there is something to save)
```
#### Groups and account membership
To display a list of groups and view its members, select option **2** from the interactive menu:
```
...
What to do? [1] -> 2
Also list group members? [n] y
=== Group # 220 : Administrators
0 | 01f4 | Administrator |
1 | 03ea | sysadm |
=== Group # 221 : Users
0 | 0004 | NT AUTHORITY\INTERACTIVE |
1 | 000b | NT AUTHORITY\Authenticated Users |
2 | 03e8 | defaultuser0 |
3 | 03e9 | WinUser |
=== Group # 222 : Guests
0 | 01f5 | Guest |
=== Group # 223 : Power Users
...
=== Group # 247 : Device Owners
```
#### Adding the user to the administrators group
To elevate the user with administrative privileges press **1** to edit the account, then **3** to promote the user:
```
...
Select: [q] > 3
=== PROMOTE USER
Will add the user to the administrator group (0x220)
and to the users group (0x221). That should usually be
what is needed to log in and get administrator rights.
Also, remove the user from the guest group (0x222), since
it may forbid logins.
(To add or remove user from other groups, please other menu selections)
Note: You may get some errors if the user is already member of some
of these groups, but that is no problem.
Do it? (y/n) [n] : y
Adding to 0x220 (Administrators) …
sam_put_user_grpids: success exit
Adding to 0x221 (Users) …
sam_put_user_grpids: success exit
Removing from 0x222 (Guests) …
remove_user_from_grp: NOTE: group not in users list of groups, may mean user not member at all. Safe. Continuing.
remove_user_from_grp: NOTE: user not in groups list of users, may mean user was not member at all. Does not matter, continuing.
sam_put_user_grpids: success exit
Promotion DONE!
```
#### Editing the Windows registry
Certainly the most noteworthy, as well as the most powerful, feature of chntpw is the ability to edit the registry and write to it. Select **9** from the interactive menu:
```
...
What to do? [1] -> 9
Simple registry editor. ? for help.
> ?
Simple registry editor:
hive [] - list loaded hives or switch to hive number
cd - change current key
ls | dir [] - show subkeys & values,
cat | type - show key value
dpi - show decoded DigitalProductId value
hex - hexdump of value data
ck [] - Show keys class data, if it has any
nk - add key
dk - delete key (must be empty)
ed - Edit value
nv - Add value
dv - Delete value
delallv - Delete all values in current key
rdel - Recursively delete key & subkeys
ek - export key to (Windows .reg file format)
debug - enter buffer hexeditor
st [] - debug function: show struct info
q - quit
```
#### Finding help
As we saw earlier, the **-h** parameter allows us to quickly access a reference guide to the options available with chntpw. The man page contains detailed information and can be accessed with:
```
$ man chntpw
```
Also, if youre interested in a more hands-on approach, spin up a virtual machine. [Windows Server 2019][4] has an evaluation period of 180 days, and [Windows Hyper-V Server 2019][5] is unlimited. Creating a Windows guest VM will provide the basics to modify the Administrator account for testing and learning. For help with quickly creating a guest VM refer to the article [Getting started with virtualization in Gnome Boxes][6].
### Conclusion
_chntpw_ is a hidden gem for Linux administrators and IT professionals alike. While a nifty tool to quickly reset Windows account passwords, it can also be used to troubleshoot and modify local Windows accounts with a no-nonsense feel that delivers. This is perhaps only one such tool for solving the problem, though. If youve experienced this issue and have an alternative solution, feel free to put it in the comments below.
This tool, like many other “hacking” tools, holds with it an ethical responsibility. Even chntpw states:
> NOTE: This program is somewhat hackish! You are on your own!
When using such programs, we should remember the three edicts outlined in the message displayed when running **sudo** for the first time:
1. Respect the privacy of others.
2. Think before you type.
3. With great power comes great responsibility.
* * *
_Photo by _[_Silas Köhler_][7]_ on _[_Unsplash_][8]_,_
--------------------------------------------------------------------------------
via: https://fedoramagazine.org/modifying-windows-local-accounts-with-fedora-and-chntpw/
作者:[Shaun Assam][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://fedoramagazine.org/author/sassam/
[b]: https://github.com/lujun9972
[1]: https://fedoramagazine.org/wp-content/uploads/2019/07/chntpw-816x345.jpg
[2]: https://koji.fedoraproject.org/koji/packageinfo?packageID=6945
[3]: https://fedoramagazine.org/make-fedora-usb-stick/
[4]: https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-2019
[5]: https://www.microsoft.com/en-us/evalcenter/evaluate-hyper-v-server-2019
[6]: https://fedoramagazine.org/getting-started-with-virtualization-in-gnome-boxes/
[7]: https://unsplash.com/@silas_crioco?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText
[8]: https://unsplash.com/search/photos/key-lock?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText