document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2025-01-25 23:11:02 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/LCTT/TranslateProject.git

Browse Source
This commit is contained in:
coloka 2014-11-21 22:32:35 +08:00
commit 3b25910a09
41 changed files with 3342 additions and 1300 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
translated/tech/20141008 How to configure a host intrusion detection system on CentOS.md → published/20141008 How to configure a host intrusion detection system on CentOS.md
View File

@ -1,18 +1,18 @@
在CentOS上配置主机入侵检测系统
在CentOS上配置基于主机入侵检测系统IDS
================================================================================
所有系统管理员想要在他们生产服务器上部署的第一个安全手段之一,就是检测文件篡改的机制——不仅仅是文件内容,而且也包括它们的属性。
所有系统管理员想要在他们生产服务器上首先要部署的安全手段之一,就是检测文件篡改的机制——不仅仅是文件内容,而且也包括它们的属性。
[AIDE][1] “高级入侵检测环境”的简称是一个开源的基于主机的入侵检测系统。AIDE通过检查大量文件属性的不一致性来检查系统二进制文件和基本配置文件的完整性这些文件属性包括权限、文件类型、索引节点、链接数、链接名、用户、组、文件大小、块计数、修改时间、添加时间、创建时间、acl、SELinux安全上下文、xattrs以及md5/sha校验和在内
[AIDE][1] “高级入侵检测环境”的简称是一个开源的基于主机的入侵检测系统。AIDE通过检查大量文件属性的不一致性来检查系统二进制文件和基本配置文件的完整性这些文件属性包括权限、文件类型、索引节点、链接数、链接名、用户、组、文件大小、块计数、修改时间、添加时间、创建时间、acl、SELinux安全上下文、xattrs以及md5/sha校验值在内的各种特征
AIDE通过扫描一台未被篡改的Linux服务器的文件系统来构建文件属性数据库以后将服务器文件属性与数据库中的进行校对然后在服务器运行时对修改过的索引的文件发出警告。处于这个原因AIDE必须在系统更新后或其配置文件进行合法修改后重新对受保护的文件做索引。
AIDE通过扫描一台未被篡改的Linux服务器的文件系统来构建文件属性数据库以后将服务器文件属性与数据库中的进行校对然后在服务器运行时对被修改的索引了的文件发出警告。出于这个原因AIDE必须在系统更新后或其配置文件进行合法修改后重新对受保护的文件做索引。
对于某些客户,他们可能会根据他们的安全策略在他们的服务器上强制安装某种入侵检测系统。但是,不管客户是否要求,系统管理员都部署一个入侵检测系统,这通常是一个很好的做法。
对于某些客户,他们可能会根据他们的安全策略在他们的服务器上强制安装某种入侵检测系统。但是,不管客户是否要求,系统管理员都应该部署一个入侵检测系统,这通常是一个很好的做法。
### 安装AIDE到CentOS或RHEL ###
### 在 CentOS或RHEL 上安装AIDE ###
AIDE的初始安装同时是首次运行最好是在系统刚安装完后并且没有任何服务暴露在互联网,甚至是局域网中。在这个早期阶段我们可以将来自外部的一切闯入和破坏风险降到最低限度。事实上这也是确保系统在AIDE构建其初始数据库时保持干净的唯一途径。
AIDE的初始安装同时是首次运行最好是在系统刚安装完后并且没有任何服务暴露在互联网甚至局域网时。在这个早期阶段我们可以将来自外部的一切闯入和破坏风险降到最低限度。事实上这也是确保系统在AIDE构建其初始数据库时保持干净的唯一途径。LCTT 译注:当然,如果你的安装源本身就存在安全隐患,则无法建立可信的数据记录)
出于上面的原因,在安装完AIDE后我们可以执行下面的命令
出于上面的原因,在安装完系统后我们可以执行下面的命令安装AIDE
# yum install aide
@ -20,7 +20,7 @@ AIDE的初始安装同时是首次运行最好是在系统刚安装完后
### 配置AIDE ###
默认配置文件是/etc/aide.conf该文件介绍了几个示例保护规则如FIPSRNORMALDIRDATAONLY各个规则后面跟着一个等号以及要检查的文件属性列表,或者某些预定义的规则(由+分隔)。你也可以使用此种格式自定义规则。
默认配置文件是/etc/aide.conf该文件介绍了几个示例保护规则如FIPSRNORMALDIRDATAONLY各个规则后面跟着一个等号以及要检查的文件属性列表或者某些预定义的规则由+分隔)。你也可以使用此种格式自定义规则。
![](https://farm3.staticflickr.com/2947/15446746115_7d0a291b0a_o.png)
@ -35,11 +35,11 @@ AIDE的初始安装同时是首次运行最好是在系统刚安装完后
条目之前的感叹号告诉AIDE忽略子目录或目录中的文件对于这些可以另外定义规则。
在上面的例子中PERMS是用于/etc机器子目录和文件的默认规则。然而没有规则将用于/etc中的备份文件如/etc/.*~),也没有规则用于/etc/mtab文件。对于/etc中的一些选择性的子目录或文件NORMAL规则会被应用覆盖默认规则PERMS。
在上面的例子中PERMS是用于/etc机器子目录和文件的默认规则。然而对于/etc中的备份文件如/etc/.*~)则不应用任何规则,也没有规则用于/etc/mtab文件。对于/etc中的其它一些选定的子目录或文件使用NORMAL规则替代默认规则PERMS。
定义并应用正确的规则到系统中正确的位置是使用AIDE最难的一部分但作好的判断是一个良好的开始。作为首要的一条规则,不要检查不必要的属性。例如,检查/var/log或/var/spool里头的文件的修改时间将导致大量误报因为许多的应用程序和守护进程经常会写入内容到该位置而这些内容都没有问题。此外检查多个校验和可能加强安全性但随之而来的是AIDE的运行时间的增加。
定义并应用正确的规则到系统中正确的位置是使用AIDE最难的一部分但作一个好的判断是一个良好的开始。作为首要的一条规则,不要检查不必要的属性。例如,检查/var/log或/var/spool里头的文件的修改时间将导致大量误报因为许多的应用程序和守护进程经常会写入内容到该位置而这些内容都没有问题。此外检查多个校验值可能会加强安全性但随之而来的是AIDE的运行时间的增加。
择将检查结果发送到你邮箱如果你使用MAILTO变量指定电子邮件地址。将下面这一行放到/etc/aide.conf中的任何位置即可。
可选的如果你使用MAILTO变量指定电子邮件地址,就可以将检查结果发送到你的邮箱。将下面这一行放到/etc/aide.conf中的任何位置即可。
MAILTO=root@localhost
@ -51,7 +51,7 @@ AIDE的初始安装同时是首次运行最好是在系统刚安装完后
![](https://farm3.staticflickr.com/2942/15446399402_198472e983_o.png)
根据/etc/aide.conf生成的/var/lib/aide/aide.db.new.gz文件需要被重命名为/var/lib/aide/aide.db.gz,以便AIDE能读取它
根据/etc/aide.conf生成的/var/lib/aide/aide.db.new.gz文件需要被重命名为/var/lib/aide/aide.db.gz以便AIDE能读取它
# mv /var/lib/aide/aide.db.new.gz /var/lib/aide.db.gz
@ -67,7 +67,7 @@ AIDE的初始安装同时是首次运行最好是在系统刚安装完后
### 生产环境中管理AIDE ###
在构建了一个初始AIDE数据库后作为不断推进的系统管理活动,你常常需要处于某些合法的理由更新受保护的服务器。每次服务器更新后你必须重新构建AIDE数据库以更新数据库内容。要完成该任务请执行以下命令
在构建了一个初始AIDE数据库后作为不断进行的系统管理活动,你常常需要因为某些合法的理由更新受保护的服务器。每次服务器更新后你必须重新构建AIDE数据库以更新数据库内容。要完成该任务请执行以下命令
# aide --update
@ -109,7 +109,7 @@ AIDE的初始安装同时是首次运行最好是在系统刚安装完后
### 结尾 ###
如果你曾经发现你自己有很好的理由信系统被入侵了但是第一眼又不能确定到底哪些东西被改动了那么像AIDE这样一个基于主机的入侵检测系统就会很有帮助了因为它可以帮助你很快识别出哪些东西被改动过而不是通过猜测来浪费宝贵的时间。
如果你曾经发现你自己有很好的理由信系统被入侵了但是第一眼又不能确定到底哪些东西被改动了那么像AIDE这样一个基于主机的入侵检测系统就会很有帮助了因为它可以帮助你很快识别出哪些东西被改动过而不是通过猜测来浪费宝贵的时间。
--------------------------------------------------------------------------------
@ -117,7 +117,7 @@ via: http://xmodulo.com/host-intrusion-detection-system-centos.html
作者:[Gabriel Cánepa][a]
译者:[GOLinux](https://github.com/GOLinux)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出

12
translated/tech/20141008 How to speed up slow apt-get install on Debian or Ubuntu.md → published/20141008 How to speed up slow apt-get install on Debian or Ubuntu.md
View File

@ -1,9 +1,9 @@
如何加速Debian或Ubuntu上缓慢的apt-get安装
===
极速蜗牛apt-fast
================
如果你在Debian或Ubuntu系统上经常感觉到**apt-get** 或 **aptitude**包安装速度过慢,那么这里就有几种改善这一情况的方法。你有没有考虑过改变正被使用的默认镜像站点?你有没有排除因特网连接的上游带宽成为瓶颈的可能?
没有别的,你可以尝试第三个选择:使用[apt-fast][1]工具。apt-fast实际上是一个围绕apt-get和aptitude所写的shell脚本容器它能加速包的下载速度。apt-fast本质上采用[aria2][2]下载工具,这款工具能够以“块”的方式从多个镜像并行下载一个文件(就像BitTorrent下载)
如果不是这些原因,你可以尝试第三个选择:使用[apt-fast][1]工具。apt-fast实际上是一个围绕apt-get和aptitude所写的shell脚本容器它能加速包的下载速度。apt-fast本质上采用[aria2][2]下载工具,这款工具能够以“块”的方式从多个镜像并行下载一个文件就像BitTorrent下载
### 在Debian或Ubuntu上安装apt-fast
@ -83,7 +83,7 @@ Ubuntu/Mint
![](http://farm8.staticflickr.com/7309/10585846956_6c98c6dcc9_z.jpg)
如前面所示apt-fast的并行下载是通过aria2完成的。你可以从下面多个镜像验证并行下载。
如前面所示apt-fast的并行下载是通过aria2完成的。你可以看到如下图般从多个镜像并行下载。
$ sudo netstat -nap | grep aria2c
@ -97,7 +97,7 @@ Ubuntu/Mint
![](http://farm4.staticflickr.com/3810/10585846986_504d07b4a7_z.jpg)
正如你所见到的,**apt-fast**实质上比**apt-get**快(e.g. 快3--4秒),特别是安装庞大软件包的时候。
正如你所见到的,**apt-fast**实比**apt-get**快(e.g. 快3--4秒),特别是安装庞大软件包的时候。
当然,安装性能的提高程度还依赖你上游因特网连通性。以我为例,我有富足的带宽来支持我的上游连接。这也是为什么我看到并行下载带来了成功的提高。
@ -107,7 +107,7 @@ via: http://xmodulo.com/speed-slow-apt-get-install-debian-ubuntu.html
作者:[Dan Nanni][a]
译者:[su-kaiyao](https://github.com/su-kaiyao)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出

6
translated/tech/20141014 Linux FAQs with Answers--How to change default location of libvirt VM images.md → published/20141014 Linux FAQs with Answers--How to change default location of libvirt VM images.md
View File

@ -1,4 +1,4 @@
Linux 有问必答 -- 如何改变libvirt VM镜像的默认位置
Linux 有问必答如何改变libvirt VM镜像的默认位置
================================================================================
> **提问** 我使用libvirt和virt-manager在我的Linux系统上创建虚拟机。我注意到虚拟机镜像位于/var/lib/libvirt/images目录。有没有办法改变虚拟机镜像的默认路径
@ -16,7 +16,7 @@ Linux 有问必答 -- 如何改变libvirt VM镜像的默认位置
![](https://farm4.staticflickr.com/3935/15433062592_0d89a8d132_o.png)
你可以看到如下所是的默认存储池。在窗口的左下角,点击叉形按钮,将会停止默认的存储池。存储池一旦停止后,点击右边的垃圾桶,将会删除存储池。注意这个动作不会删除池中的镜像。
你可以看到如下所是的默认存储池。在窗口的左下角,点击叉形按钮,将会停止默认的存储池。存储池一旦停止后,点击右边的垃圾桶,将会删除存储池。**注意这个动作不会删除池中的镜像。**
现在点击左边的加号增加一个新的存储池。
@ -85,6 +85,6 @@ Linux 有问必答 -- 如何改变libvirt VM镜像的默认位置
via: http://ask.xmodulo.com/change-default-location-libvirt-vm-images.html
译者:[geekpi](https://github.com/geekpi)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出

16
translated/tech/20141014 Linux FAQs with Answers--How to create and mount an XFS file system on Linux.md → published/20141014 Linux FAQs with Answers--How to create and mount an XFS file system on Linux.md
View File

@ -1,16 +1,16 @@
Linux有问必答-如何创建和挂载XFS文件系统
================================================================================
> **问题**: 我听说一个厉害的文件系统XFS打算在我的磁盘上试试XFS。那格式化和挂载XFS文件系统的Linux命令是什么呢
> **问题**: 我听说一个牛X的文件系统XFS打算在我的磁盘上试试XFS。那格式化和挂载XFS文件系统的Linux命令是什么呢
[XFS][1]是高性能文件系统SGI为他们的IRIX平台设计。自从2001年移植到Linux内核上由于它的[高性能][2]XFS作为许多企业级系统的首选特别是有大量数据需要结构化伸缩性和稳定性的。例如RHEL/CentOS 7 和Oracle Linux将XFS作为默认文件系统SUSE/openSUSE已经为XFS做了长期支持。
[XFS][1]是高性能文件系统SGI为他们的IRIX平台设计。自从2001年移植到Linux内核上由于它的[高性能][2]XFS成为了许多企业级系统的首选特别是有大量数据需要结构化伸缩性和稳定性的。例如RHEL/CentOS 7 和Oracle Linux将XFS作为默认文件系统SUSE/openSUSE已经为XFS做了长期支持。
XFS有许多独特的功能使他从众多文件系统中脱颖而出 伸缩/并行 IO元数据日志热整理暂停/回复 IO,延迟分配等。
XFS有许多独特的性能提升功能使他从众多文件系统中脱颖而出,像可伸缩/并行 IO元数据日志热碎片整理IO 暂停/恢复,延迟分配等。
如果你想要创建和挂载XFS文件系统到你的Linux平台下面是相关命令。
如果你想要创建和挂载XFS文件系统到你的Linux平台下面是相关的操作命令。
### 安装 XFS系统工具集 ###
首先你需要安装XFS系统工具集这样允许你执行许多XFS相关的管理任务。例如,格式化,[扩展][3],修复,设置配额,改变参数等)
首先你需要安装XFS系统工具集这样允许你执行许多XFS相关的管理任务。例如格式化,[扩展][3],修复,设置配额,改变参数等)
Debian, Ubuntu , Linux Mint系统
@ -34,7 +34,7 @@ Fedora, CentOS, RHEL系统:
假设此创建的分区叫/dev/sdb1。
接下来格式化分区为XFS,使用mkfs.xfs命令。如果已有其他文件系统创建在此分区必须加上"-f"参数来覆盖它。
接下来格式化分区为XFS使用mkfs.xfs命令。如果已有其他文件系统创建在此分区必须加上"-f"参数来覆盖它。
$ sudo mkfs.xfs -f /dev/sdb1
@ -50,7 +50,7 @@ Fedora, CentOS, RHEL系统:
![](https://farm4.staticflickr.com/3938/15474273445_aeacdca6eb_o.png)
如果你想要启动时自动挂载XFS分区在/storage上加入下行到/etc/fstab
如果你想要启动时自动挂载XFS分区在/storage上加入下行到/etc/fstab
/dev/sdb1 /storage xfs defaults 0 0
@ -59,7 +59,7 @@ Fedora, CentOS, RHEL系统:
via: http://ask.xmodulo.com/create-mount-xfs-file-system-linux.html
译者:[Vic___/VicYu](http://www.vicyul.net/)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出

6
translated/tech/20141024 How to Upgrade Ubuntu 14.04 LTS to Ubuntu 14.10.md → published/20141024 How to Upgrade Ubuntu 14.04 LTS to Ubuntu 14.10.md
View File

@ -1,4 +1,4 @@
如何从Ubuntu 14.04 LTS 升级到Ubuntu 14.10
小白技巧:如何从Ubuntu 14.04 LTS 升级到Ubuntu 14.10
================================================================================
![](http://www.omgubuntu.co.uk/wp-content/uploads/2014/10/software-and-updates.jpg)
@ -17,7 +17,7 @@ Canonical不会强迫14.04的用户升级到14.10这个中间版本
切换后你会想快点更新。
现在准备就绪Canonical此刻会弹出“升级”提示给用户比较普通的ISO镜像而言经常延迟可以通过软件更新工具更新到14.10了。
现在准备就绪Canonical此刻会弹出“升级”提示给用户比较普通的ISO镜像而言经常延迟可以通过软件更新工具更新到14.10了。
--------------------------------------------------------------------------------
@ -25,7 +25,7 @@ via: http://www.omgubuntu.co.uk/2014/10/upgrade-ubuntu-14-04-to-14-10
作者:[Joey-Elijah Sneddon][a]
译者:[geekpi](https://github.com/geekpi)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出

4
translated/tech/20141029 How to Install MariaDB in Ubuntu 14.04 LTS.md → published/20141029 How to Install MariaDB in Ubuntu 14.04 LTS.md
View File

@ -4,7 +4,7 @@ MariaDB是一个开源数据库且100%与MySQL兼容目标是替代MySQL数
### MariaDB的背景 : ###
2008年MySQL被后来被Oracle在2010年收购的**Sun Microsystems**收购了。 最初被Sun公司的收购由于符合项目的需要受到MySQL社区的欢呼但是这种情绪并没有持续他热爱就接下来被Oracle的收购不幸期望远远低于预期。许多MySql的开发者离开了Sun和Oracle公司开始新的项目。在他们中间就有MySQL的创建者以及项目长期技术带头人之一的**Michael Monty Widenius**。Monty和他的团队创建了MySQL的一个fork版本并且命名它为**MariaDB**。
2008年MySQL被后来被Oracle在2010年收购的**Sun Microsystems**收购了。 最初被Sun公司的收购由于符合项目的需要受到MySQL社区的欢呼但是这种情绪并没有持续太久接下来被Oracle的收购不幸期望远远低于预期。许多MySql的开发者离开了Sun和Oracle公司开始新的项目。在他们中间就有MySQL的创建者以及项目长期技术带头人之一的**Michael Monty Widenius**。Monty和他的团队创建了MySQL的一个fork版本并且命名它为**MariaDB**。
本篇我们会讨论如何在Ubuntu上安装MariaDB。默认上MariaDB的包并没有在Ubuntu仓库中。要安装MariaDB我们首先要设置MariaDB仓库。
@ -45,7 +45,7 @@ via: http://www.linuxtechi.com/install-mariadb-in-ubuntu/
作者:[Pradeep Kumar][a]
译者:[geekpi](https://github.com/geekpi)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出

12
translated/tech/20141029 Linux FAQs with Answers--How to open a port in the firewall on CentOS or RHEL.md → published/20141029 Linux FAQs with Answers--How to open a port in the firewall on CentOS or RHEL.md
View File

@ -1,8 +1,8 @@
Linux有问必答——在CentOS或RHEL防火墙上开启端口
Linux有问必答在CentOS或RHEL防火墙上开启端口
================================================================================
> **问题**我在CentOS系统上运行一台网页或文件服务器打算远程访问服务器。因此我需要更改防火墙规则以允许访问系统上的某个TCP端口。那么有什么好方法在CentOS或RHEL系统的防火墙上开启TCP/UDP端口
Out of the box诸如CentOS或RHEL的企业级Linux发行版包含内置的强大防火墙它们默认的防火墙规则十分严格。因此如果你安装了任何定制服务比如web服务器、NFS和Samba那么它们的流量很有可能被防火墙规则阻塞。所以需要在防火墙上开启必要的端口以允许流量通过。
如果希望在服务器上提供服务诸如CentOS或RHEL的企业级Linux发行版包含内置的强大防火墙它们默认的防火墙规则十分严格。因此如果你安装了任何定制服务比如web服务器、NFS和Samba那么它们的流量很有可能被防火墙规则阻塞。所以需要在防火墙上开启必要的端口以允许流量通过。
在CentOS/RHEL 6或更早的版本上iptables服务允许用户与netfilter内核模块交互来在用户空间中配置防火墙规则。然而从CentOS/RHEL 7开始一个叫做firewalld新用户空间接口被引入以取代iptables服务。
@ -16,9 +16,9 @@ Out of the box诸如CentOS或RHEL的企业级Linux发行版包含内置的强
### 在CentOS/RHEL 7上开启端口 ###
启动CentOSRHEL 7后防火墙规则设置由firewalld服务进程默认管理。一个叫做firewall-cm的命令行客户端支持和这个守护进程通信以永久修改防火墙规则。
启动CentOS/RHEL 7后防火墙规则设置由firewalld服务进程默认管理。一个叫做firewall-cmd的命令行客户端支持和这个守护进程通信以永久修改防火墙规则。
使用这些命令来久打开一个新端口如TCP/80
使用这些命令来久打开一个新端口如TCP/80
$ sudo firewall-cmd --zone=public --add-port=80/tcp --permanent
$ sudo firewall-cmd --reload
@ -42,7 +42,7 @@ Out of the box诸如CentOS或RHEL的企业级Linux发行版包含内置的强
![](https://farm6.staticflickr.com/5602/15628237745_4409cff52f_z.jpg)
如果想要为任何已知的服务如web服务器修改防火墙只需使防火墙对该服务可用然后关闭工具。如果想要开启任意一个TCP/UDP端口选择“Forward”按钮然后进入下一个界面。
如果想要为任何已知的服务如web服务器修改防火墙只需勾选该服务然后关闭工具。如果想要开启任意一个TCP/UDP端口选择“Forward”按钮然后进入下一个界面。
![](https://farm4.staticflickr.com/3941/15604533696_12857827ea_z.jpg)
@ -63,6 +63,6 @@ Out of the box诸如CentOS或RHEL的企业级Linux发行版包含内置的强
via: http://ask.xmodulo.com/open-port-firewall-centos-rhel.html
译者:[KayGuoWhu](https://github.com/KayGuoWhu)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出

108
translated/talk/The history of Android/01 - The history of Android.md → published/The history of Android/01 - The history of Android.md
View File

@ -1,57 +1,55 @@
安卓编年史
安卓编年史1
================================================================================
> 让我们跟着安卓从0.5版本到4.4的无尽迭代来看看它的发展历史。
![这些年来历代安卓的主屏幕。](http://cdn.arstechnica.net/wp-content/uploads/2014/03/its-been-quite-a-journey1.jpg)
这些年来历代安卓的主屏幕。
图片提供Ron Amadeo
安卓已经以不止一种形式陪伴了我们六年以上。在这段时间内我们已经看到了不同于任何已有开发周期的绝对惊人变化速度。当Google卷入智能手机的战场中时它拿出了它的快速迭代Web风格的更新周期把它们应用到了开发的这个操作系统之中而结果就是突击式的持续改进。近来安卓项目甚至以前所未闻的六个月开发周期在运行这可比它之前的开发周期慢。在安卓的第一年商业运作时Google每两个半月就会发布一个新版本。
*这些年来历代安卓的主屏幕* [图片提供Ron Amadeo]
youtube视频地址开始
<iframe width="640" height="480" frameborder="0" src="http://www.youtube-nocookie.com/embed/1FJHYqE0RDg?start=0&amp;wmode=transparent" type="text/html" style="display:block"></iframe>
安卓已经以不止一种形式陪伴了我们六年以上。在这段时间内我们已经看到了不同于任何已有开发周期的绝对惊人的变化速度。当Google卷入智能手机的战场中时它拿出了它的快速迭代Web风格的更新周期把它们应用到了开发这个操作系统之中而结果就是突击式的持续改进。近来安卓项目甚至以前所未闻的六个月开发周期在运行这可比它之前的开发周期慢。在安卓的第一年商业运作时Google每两个半月就会发布一个新版本。
Google在2007年11月时对安卓最初的介绍。
youtube视频地址结束
Google在2007年11月时对安卓最初的介绍http://www.youtube-nocookie.com/embed/1FJHYqE0RDg?start=0&amp;wmode=transparen (墙外)。
同行业的其它公司和相比只能是以蜗牛的步伐在缓慢前进。微软每三到五年升级它的桌面操作系统苹果对OS X和iOS以一年为一个更新周期。另外不是每个更新都是同等地位的。iOS在七年内有一个主要的设计上的大变动而最新的Windows Phone 8看起来和Windows Phone 7十分相似。但在安卓上如果用户能看到今年的任何东西看起来和去年一样那简直是中彩票了一样。比如Play商店五年内有五次的重新设计。对安卓来说那更是家常便饭。
同行业的其它公司和相比只能是以蜗牛的步伐在缓慢前进。微软每三到五年升级它的桌面操作系统苹果对OS X和iOS以一年为一个更新周期。另外不是每个更新都是同等地位的。iOS在七年内有一个主要的设计上的大变动而最新的Windows Phone 8看起来和Windows Phone 7十分相似。但在安卓上如果用户能看到今年的任何东西看起来和去年一样那简直是中彩票了一样。比如Play商店五年内有五次的重新设计。对安卓来说那更是家常便饭。
回头看看安卓的存在是很模糊的。从其历史来看现在它是个使用量巨大的操作系统。近十亿的设备销量以及每天一百五十万左右的激活量——但Google是如何达到这种地步的安卓现在如此水平的规模和成功可能会让你觉得安卓从零开始到万众瞩目的英雄覆盖到了方方面面。但事实上不是这样的。安卓在早期并不流行以及直到安卓4.0屏幕截图还只能通过开发者工具实现。这两个因素意味着你无法轻易找到许多安卓早期版本的图片或信息。
回头看看安卓的存在是很模糊的。从其历史来看现在它是个使用量巨大的操作系统。近十亿的设备销量以及每天一百五十万左右的激活量——但Google是如何达到这种地步的安卓现在如此水平的规模和成功可能会让你觉得安卓从零开始到万众瞩目的英雄覆盖到了方方面面。但事实上不是这样的。安卓在早期并不流行以及直到安卓4.0屏幕截图还只能通过开发者工具实现。这两个因素意味着你无法轻易找到许多安卓早期版本的图片或信息。
对于早期版本的缺乏覆盖问题现在称作*安卓早期版本正在消亡*。尽管像Windows 1.0这样的系统可以永远在你身边——只要找台旧电脑把它装上去就好了——安卓可以被认为是第一个基于云的操作系统。许多功能严重依赖Google的服务来实现。随着越来越少的人使用老版本的安卓那些服务被逐渐关闭。当一个依赖云的应用其服务支持停止之后它再也不能正常运作——应用崩溃并显示空白的屏幕或直接无法启动。
正是由于这种“[云腐烂][1]”现象,安卓回顾展在几年内不可能出现。早期版本的安卓没有了云的支持会是一个不能正常工作的破碎的空壳。尽管可以简单地认为这是早期版本安卓渐渐消失的一种方法,但这是正在发生的。就在写到这里的时候正有无数的应用因为服务器支持被关闭而失去作用。例如早期的谷歌地图和安卓市场客户端已经不能和Google服务器交互。它们会弹出错误消息并崩溃或者是显示一个空白的界面。有些应用甚至在一个星期正常运行然后下个星期就宣告死亡因为就在我们写下这篇文章的时候谷歌正在积极地关闭服务器
正是由于这种“[云腐烂][1]”现象,安卓回顾展在几年内不可能出现。早期版本的安卓没有了云的支持会是一个不能正常工作的破碎的空壳。尽管可以简单地认为这是早期版本安卓渐渐消失的一种方法,但这是正在发生的。就在写到这里的时候正有无数的应用因为服务器支持被关闭而失去作用。例如早期的谷歌地图和安卓市场客户端已经不能和Google服务器交互。它们会弹出错误消息并崩溃或者是显示一个空白的界面。有些应用甚至在一个星期正常运行然后下个星期就宣告死亡,因为就在我们写下这篇文章的时候谷歌正在积极地关闭服务器!
为了防止在滚滚历史里丢失掉更多关于安卓的过去我们做了需要完成的工作。这里有20+个版本的安卓,七台设备,以及无数的屏幕截图被集合到一起。这就是安卓编年史,从最早的公开版本到罪行的KitKat。
为了防止在滚滚历史里丢失掉更多关于安卓的过去我们做了需要完成的工作。这里有20+个版本的安卓,七台设备,以及无数的屏幕截图被集合到一起。这就是安卓编年史,从最早的公开版本到最新的KitKat。
注:下面一块为文章链接列表,发布后可以改为发布后的地址
----------
### 目录 ###
(以下各篇正在翻译中,链接会逐步更正过来)
- [Android 0.5 Milestone 3——第一个公开版本][10]
- [Android 0.5 Milestone 5——报废接口的领地][11]
- [Android 0.9 Beta——嘿这看起来很眼熟][12]
- [Android 1.0——谷歌应用的引入和实体硬件][13]
- [Android 1.1——第一个真正的增量更新][14]
- [Android 1.5 Cupcake——虚拟键盘打开设备设计的大门][15]
- ----[谷歌地图———登陆安卓市场的第一个内置应用][16]
- ----[谷歌地图———登陆安卓市场的第一个内置应用][16]
- [Android 1.6 Donut——CDMA支持将安卓带给了各个运营商][17]
- [Android 2.0 Éclair——带动GPS产业][18]
- [The Nexus One——迎来Google Phone][19]
- [Android 2.1——动画的大发现(以及滥用)时代][20]
- ----[Android 2.1, update 1——无尽战争的开端][21]
- ----[Android 2.1, update 1——无尽战争的开端][21]
- [Android 2.2 Froyo——更快更华丽][22]
- ----[语音操作——口袋里的超级电脑][23]
- ----[语音操作——口袋里的超级电脑][23]
- [Android 2.3 Gingerbread——第一个UI大变][24]
- [Android 3.0 Honeycomb——平板和设计的新生][25]
- ----[Google Music Beta——云存储的内容库][26]
- ----[Google Music Beta——云存储的内容库][26]
- [Android 4.0 Ice Cream Sandwich——摩登时代][27]
- ----[Google Play以及直接面向消费者销售设备的回归][28]
- ----[Google Play以及直接面向消费者销售设备的回归][28]
- [Android 4.1 Jelly Bean——Google Now指明未来][29]
- ----[Google Play服务——碎片化以及让系统版本几乎过时][30]
- ----[Google Play服务——碎片化以及让系统版本几乎过时][30]
- [Android 4.2 Jelly Bean——新Nexus设备新平板界面][31]
- ----[周期外更新——谁需要一个新系统?][32]
- ----[周期外更新——谁需要一个新系统?][32]
- [Android 4.3 Jelly Bean——为可穿戴设备做好准备][33]
- [Android 4.4 KitKat——更完美更少的内存占用][34]
- [今日安卓无处不在][35]
@ -60,89 +58,89 @@ Google在2007年11月时对安卓最初的介绍。
### Android 0.5, Milestone 3——第一个公开版本 ###
在我们开始在实体硬件上研究安卓之前我们要从很早很早以前的安卓时光开始说起。尽管1.0是第一个运行在实体硬件上的版本但在那之前其实还有若干个只随SDK发布的模拟器beta版本。这些模拟器只用于开发的目的所以它们不含任何谷歌应用甚至是一些核心系统应用。但它们仍然是回顾安卓的发布前时光的最好渠道。
在我们开始在实体硬件上研究安卓之前我们要从很早很早以前的安卓时光开始说起。尽管1.0是第一个运行在实体硬件上的版本但在那之前其实还有若干个只随SDK发布的模拟器beta版本。这些模拟器只用于开发的目的所以它们不含任何谷歌应用甚至是一些核心系统应用。但它们仍然是回顾安卓的发布前时光的最好渠道。
![模拟器默认的qwerty布局并运行Milestone 3。](http://cdn.arstechnica.net/wp-content/uploads/2013/11/blackberrrry.png)
模拟器默认的qwerty布局并运行Milestone 3。
Ron Amadeo供图
在异想天开的糖果版本代号和[与跨国食品公司跨界合作][2]之前第一个安卓的公开发布版本的标签是“m3-rc20a”——“m3”代表“Milestone 3里程碑3”。尽管谷歌可能不会公布版本号——这个版本甚至没有一个设置应用来查看——浏览器用户标识识别为“Android 0.5”。
*模拟器默认的qwerty布局并运行Milestone 3* [Ron Amadeo供图]
在2007年11月谷歌获得安卓两年iPhone发布五个月之后[安卓正式发布][3]第一个模拟器正式释出。回到那时候看这个系统才刚处于起步阶段。它很容易就被认为“只是个黑莓的山寨而已”。模拟器使用了一个qwerty布局的皮肤以及320×240的显示屏是一台[原型设备][4]的复制品。这台设备由HTC制造通过一些早期的安卓账户可以得知这台设备的代号似乎是“Sooner”。但是Sooner从未正式上市。
在异想天开的糖果版本代号和[与跨国食品公司跨界合作][2]之前第一个安卓的公开发布版本的标签是“m3-rc20a”——“m3”代表“Milestone 3里程碑3”。尽管谷歌可能不会公布版本号——这个版本甚至没有一个设置应用来查看——浏览器用户标识被识别为“Android 0.5”。
在2007年11月谷歌获得安卓两年、iPhone发布五个月之后[安卓正式发布][3]第一个模拟器正式释出。回到那时候看这个系统才刚处于起步阶段。它很容易就被认为“只是个黑莓的山寨而已”。模拟器使用了一个qwerty布局的皮肤以及320×240的显示屏是一台[原型设备][4]的复制品。这台设备由HTC制造通过一些早期的安卓账户可以得知这台设备的代号似乎是“Sooner”。但是Sooner从未正式上市。
通过安卓早期[开发账号][5]得知当苹果在2007年1月最终发布它革命性的智能手机后谷歌不得不对安卓“从头来过”——包括放弃Sooner。考虑到Milestone 3模拟器在苹果的iPhone后近一年才推出设备界面看起来还是那么像黑莓的模型是在是令人惊奇的事情。尽管在iPhone发布后的开发里任务毫无疑问地在优先保障下完成了但模拟器仍然以被认为是“旧学院风”的界面发布。这使得它没能给人留下一个好的第一印象。
在早期阶段安卓按键布局看起来并没有最终确定下来。尽管第一台商业安卓设备使用了“主屏幕”“后退”“菜单”以及“搜索”作为标准的按键套件模拟器上有一个空白的标记为“X”的键你可能会认为是那是搜索键应该在的地方。“Sooner”原型机看起来更奇怪——它在第四个键上有个星形标记。
![从左到右:主屏幕,一个打开的通知,以及“应用”文件夹。](http://cdn.arstechnica.net/wp-content/uploads/2013/11/noti3.png)
从左到右:主屏幕,一个打开的通知,以及“应用”文件夹。
Ron Amadeo供图
*从左到右:主屏幕,一个打开的通知,以及“应用”文件夹* [Ron Amadeo供图]
在这里没有可以配置的主屏幕或小插件仅仅只是简单的在底部有聚合图标的dock可以循环或是点击。尽管已经有一些特性支持触摸屏Milestone 3主要还是使用五向十字键——一个时至今日安卓仍然支持的不合时宜的设计。甚至早期的安卓都能够实现动画效果。图标在进入dock的中心窗口时会变大或缩小。
在这时候样也还没有通知栏。通知图标显示在顶部状态栏(上面图片中的微笑标志),打开它的唯一方法是在主屏幕按下十字键的上键。你无法通过点击微笑的图标来打开它,也无法从除主屏幕以外的地方打开通知。当通知被打开的时候,状态栏些许地扩展开,通知文本会显示在一个聊天气泡中。一旦你阅读完通知,你无法手动清除它——应用本身负责清除它的通知消息。
在这时候样也还没有通知栏。通知图标显示在顶部状态栏(上面图片中的微笑标志),打开它的唯一方法是在主屏幕按下十字键的上键。你无法通过点击微笑的图标来打开它,也无法从除主屏幕以外的地方打开通知。当通知被打开的时候,状态栏扩展开些许,通知文本会显示在一个聊天气泡中。一旦你阅读完通知,你无法手动清除它——应用本身负责清除它的通知消息。
应用抽屉的职责由一个dock左侧简单的“应用程序”文件夹负责。尽管有着不少标志性的功能Milestone 3模拟器应用图标还不是十分完善。只有“浏览器”“联系人” ,以及“地图”是这里面真正的应用。奇怪的是,“最近通话”被提升为一个独立的图标。因为这仅仅只是个模拟器,像闹钟,日历,拨号,计算器,照相机,相册,以及设置这样的智能手机核心功能的图标统统没有。硬件原型倒是有[其中的大部分][6],它还有一套谷歌应用出现并运行着。不幸的是我们没办法看到它们了。它们已经老到无论如何都连不上谷歌的服务器了。
应用抽屉的职责由托盘左侧简单的“应用程序”文件夹负责。尽管有着不少标志性的功能Milestone 3模拟器应用图标还不是十分完善。只有“浏览器”“联系人” ,以及“地图”是这里面真正的应用。奇怪的是,“最近通话”被提升为一个独立的图标。因为这仅仅只是个模拟器,像闹钟,日历,拨号,计算器,照相机,相册,以及设置这样的智能手机核心功能的图标统统没有。硬件原型倒是有[其中的大部分][6],它还有一套谷歌应用出现并运行着。不幸的是我们没办法看到它们了。它们已经老到无论如何都连不上谷歌的服务器了。
![Milestone 3的浏览器菜单系统壁纸界面以及音量控制。](http://cdn.arstechnica.net/wp-content/uploads/2013/11/menu.png)
Milestone 3的浏览器菜单系统壁纸界面以及音量控制。
Ron Amadeo供图
这套现在已经过时的菜单系统出现并运行在Milestone 3上。点击实体菜单键会打开一个灰色带有蓝色梯度高亮的列表通过实体键盘完成操作。在上面的截图中你可以看到在浏览器中打开的菜单。进入二级菜单像缩放菜单一级菜单变成有些奇怪的透明状态。
*Milestone 3的浏览器菜单系统壁纸界面以及音量控制* [Ron Amadeo供图]
这套现在已经过时的菜单系统出现并运行在Milestone 3上。点击实体菜单键会打开一个灰色带有蓝色梯度高亮的列表通过实体键盘完成操作。在上面的截图中你可以看到在浏览器中打开的菜单。进入二级菜单像缩放菜单一级菜单这些变成有些奇怪的透明状态。
令人惊喜的是多任务及后台应用在Milestone 3上已经可以运作了。离开应用而不关闭它——应用会保存状态甚至写入文本保存。这个特性iOS直到2010年推出iOS 4才能与其相比这就真正显示出了这两个平台的不同。iOS最初是作为一个封闭的平台而没有第三方应用所以平台的鲁棒性并没有得到很大的关注。安卓是从头开始被构建成一个强大的应用软件平台轻松开发应用是它创造出来背后的推动力之一。
在安卓之前,谷歌已经通过[WAP网站][7]和[J2ME手机应用][8]向移动端开始迁移,这使得它们强烈地意识到移动开发的难度。据[The Atlantic][9]拉里佩奇曾这么描述公司在移动端的努力“我们有一系列超过100台手机我们在每一台设备上都要构建一次我们的应用”。开发者们现在经常抱怨安卓的碎片化但在安卓出现之前问题要比现在糟糕很多。
在安卓之前,谷歌已经通过[WAP网站][7]和[J2ME手机应用][8]向移动端开始迁移,这使得它们强烈地意识到移动开发的难度。据[The Atlantic][9],拉里.佩奇曾这么描述公司在移动端的努力“我们有一系列超过100台手机,我们在每一台设备上都要构建一次我们的应用”。开发者们现在经常抱怨安卓的碎片化,但在安卓出现之前,问题要比现在糟糕很多。
谷歌的平台战略实际上胜出了iOS最终在不久后开始慢慢加入这些围绕应用的特性——多任务跨应用分享以及应用切换。
![当你在主屏幕按数字键弹出的拨号界面,来电,以及电话会议界面。](http://cdn.arstechnica.net/wp-content/uploads/2013/12/call10000.png)
当你在主屏幕按数字键弹出的拨号界面,来电,以及电话会议界面。
Ron Amadeo供图
尽管没有拨号图标Milestone 3模拟器还是有办法拨号。按键盘上的任意键会打开左侧界面这是拨号/联系人搜索混合界面。仅输入数字并点击绿色的实体拨号键来开始通话,输入字母会搜索联系人。但是联系人无法通过数字搜索。甚至直接点击一个号码也不会打开联系人。
*当你在主屏幕按数字键弹出的拨号界面,来电,以及电话会议界面* [Ron Amadeo供图]
来电被显示成一个几乎全屏的令人愉快的透明背景弹窗。一旦进入通话背景会变成深灰色Milestone 3展现给用户一些令人惊奇的高级特性静音扬声器保持以及电话会议按钮。多方通话会显示成重叠半透明的卡片状用户有切换或者合并通话的选项可以选择。切换通话会触发一个漂亮的小卡片洗牌动画。
尽管没有拨号图标Milestone 3模拟器还是有办法拨号。按键盘上的任意键会打开上图左侧的界面这是拨号/联系人搜索混合界面。仅输入数字并点击绿色的实体拨号键来开始通话,输入字母会搜索联系人。但是联系人无法通过数字搜索。甚至直接点击一个号码也不会打开联系人。
来电被显示成一个几乎全屏的令人愉快的透明背景弹窗。一旦进入通话背景会变成深灰色Milestone 3展现给用户一些令人惊奇的高级特性静音扬声器通话保持以及电话会议按钮。多方通话会显示成重叠半透明的卡片状用户有切换或者合并通话的选项可以选择。切换通话会触发一个漂亮的小卡片洗牌动画。
![联系人列表,打开一个联系人,编缉联系人,以及最近通话界面。](http://cdn.arstechnica.net/wp-content/uploads/2013/12/recent100.png)
联系人列表,打开一个联系人,编缉联系人,以及最近通话界面。
Ron Amadeo供图
联系人是一个质朴的黑色和蓝色的姓名列表。联系人卡片中有个联系人头像的位置但是没办法设置一张图像上去至少在模拟器中不行。这里唯一的装饰是每个联系人名字左侧的XMPP状态点。传统来说一个保持在线的XMPP连接是安卓的核心它的深度集成从Milestone 3就已经开始了。安卓使用XMPP来驱动一个24/7在线的与谷歌服务器之间的连接驱动Google Talk云到端消息推送以及应用的安装和卸载信息。
*联系人列表,打开一个联系人,编缉联系人,以及最近通话界面* [Ron Amadeo供图]
联系人是一个质朴的黑色和蓝色的姓名列表。联系人卡片中有个联系人头像的位置但是没办法设置一张图像上去至少在模拟器中不行。这里唯一的装饰是每个联系人名字左侧的XMPP状态点。就传统来说一个保持在线的XMPP连接是安卓的核心它的深度集成从Milestone 3就已经开始了。安卓使用XMPP来驱动一个24/7在线的与谷歌服务器之间的连接以驱动Google Talk的云到端消息推送以及应用的安装和卸载信息。
![浏览器的假Google首页地址栏浏览历史界面。](http://cdn.arstechnica.net/wp-content/uploads/2013/11/browser3.png)
浏览器的假Google首页地址栏浏览历史界面。
Ron Amadeo供图
*浏览器的假Google首页地址栏浏览历史界面* [Ron Amadeo供图]
浏览器运行Webkit 419.3它也被用在相同时代的像Mac OS X 10.4的Safari 2上。浏览器主页并不是Google.com而是一个包含在安卓里的硬编码的home.html文件。它看起来就像是千年之前的Google.com。浏览器的OS X遗留还可以辨认出来用了光滑的Aqua风格的搜索按钮来渲染浏览器按钮。
这个小小的黑莓风格的屏幕需要一个分离的地址栏,可以通过浏览器菜单里的“前往”选项打开。尽管自动补全不起作用,地址栏会在你输入的时候实时搜索你的浏览历史。右侧图片显示的是历史界面,它使用了略缩图来显示各个站点。当前的略缩图在其它两个之前,滑动它们会触发一个猛扑的动画效果。但在早期阶段,浏览器不支持多标签或窗口——你可以看到当前站点,那就是全部了。
这个小小的黑莓风格的屏幕需要一个分离的地址栏,可以通过浏览器菜单里的“前往”选项打开。尽管自动补全不起作用,地址栏会在你输入的时候实时搜索你的浏览历史。右侧图片显示的是历史界面,它使用了略缩图来显示各个站点。当前的略缩图在其它两个缩略图之前,滑动它们会触发一个俯冲动画效果。但在早期阶段,浏览器不支持多标签或窗口——你可以看到当前站点,那就是全部了。
![一个视频屏幕抓取导出的谷歌地图界面,方向界面,相册测试界面。](http://cdn.arstechnica.net/wp-content/uploads/2013/12/maps.png)
一个视频屏幕抓取导出的谷歌地图界面,方向界面,相册测试界面。
Ron Amadeo供图
在开始的时候谷歌认识到在移动端地图将会非常重要甚至在Milestone 5模拟器中内置了地图客户端。那个版本的谷歌地图是我们遇到的第一个死于云腐烂的。这个客户端无法从谷歌的服务器上载入信息所以地图显示为一片空白灰色的网格。没有什么能够运转。
*一个视频屏幕抓取导出的谷歌地图界面,方向界面,相册测试界面* [Ron Amadeo供图]
在开始的时候谷歌认识到在移动端地图将会非常重要甚至在Milestone 5模拟器中内置了地图客户端。那个版本的谷歌地图是我们遇到的第一个死于云腐烂的这个客户端无法从谷歌的服务器上载入信息所以地图显示为一片空白灰色的网格。没有什么能够工作。
幸运的是,因为上面的第一张截图,我们能够从安卓启动视频中拼凑出准确的界面。旧的谷歌地图看起来完全是为非触摸设备准备的,实体键快捷方式列表排列在屏幕底部。这样在看地图时,或是在如果仅仅显示该点的地址的时候就不大清楚。
隐藏在菜单之后的是搜索选项,路线,以及卫星和交通图层。中间的截图是方向的UI之一你可以选择一个联系人的地址作为起点或者终点。但地图缺乏任何种类的集成GPS你在哪都找不到“我的位置”这个按钮。
隐藏在菜单之后的是搜索选项,路线,以及卫星和交通图层。中间的截图是获取路径的UI之一你可以选择一个联系人的地址作为起点或者终点。但地图缺乏任何种类的集成GPS你在哪都找不到“我的位置”这个按钮。
尽管没有合适的相册在右边是相册的测试界面隐藏在“API Demos”应用里。图片可以向左向右滚动但无法以全屏的方式打开一张照片。同样它也没有照片管理选项。它本质上就是个图片滚动界面的测试视图。
尽管没有合适的相册,不过在右边是相册的测试界面隐藏在“API Demos”应用里。图片可以向左向右滚动但无法以全屏的方式打开一张照片。同样它也没有照片管理选项。它本质上就是个图片滚动界面的测试视图。
![时间设置和日历有点字间距问题以及以Ars为特色的垂直列表测试。](http://cdn.arstechnica.net/wp-content/uploads/2013/12/datetimeshoutout.png)
时间设置和日历有点字间距问题以及以Ars为特色的垂直列表测试。
Ron Amadeo供图
*时间设置和日历有点字间距问题以及以Ars为特色的垂直列表测试* [Ron Amadeo供图]
同样模拟器中也没有设置应用但是通过API Demos我们可以看到最初的日期时间设置界面。这个示例暴露出很多安卓没来得及处理的问题到处都有的字间距问题分钟数字间巨大的间隔以及日历中星期日间不均等的间隔。尽管时间设置允许你单独更改每个数字但除非你将当前日期移出本月到前一个或下一个月否则你无法改变月份或年份。
别忘了尽管这看起来像是一些被遗忘时代的恐龙级别遗留物但这仅仅是六年前发布的。我们总趋向与适应科技的脚步。我们很容易将这样的东西看作是20年前的东西。比较一下2007年晚些时候这个时间段的桌面操作系统微软尝试将Windows Vista售往全世界快要一年了而苹果刚刚发布OS X 10.5 Leopard。
别忘了尽管这看起来像是一些被遗忘时代的恐龙级别遗留物但这仅仅是六年前发布的。我们总趋向与适应科技的脚步。我们很容易将这样的东西看作是20年前的东西。比较一下2007年晚些时候这个时间段的桌面操作系统微软尝试将Windows Vista售往全世界快要一年了而苹果刚刚发布OS X 10.5 Leopard。
最后一个关于Milestone 3的细节谷歌在Milestone 3模拟器中给了Ars Technica一个快捷方式。打开“API Demos”应用并打开"Views," "Focus,"然后"Vertical"显示一个*this very Website*的头条测试列表。
最后一个关于Milestone 3的细节谷歌在Milestone 3模拟器中给了Ars Technica一个快捷方式。打开“API Demos”应用并打开"Views," "Focus,"然后"Vertical"显示一个*this very Website*的头条测试列表。
![随Milestone 3RC37a发布的更加现代全触控风格的模拟器。](http://cdn.arstechnica.net/wp-content/uploads/2013/12/bigscreen.png)
随Milestone 3RC37a发布的更加现代全触控风格的模拟器。
Ron Amadeo供图
*随Milestone 3RC37a发布的更加现代全触控风格的模拟器* [Ron Amadeo供图]
两个月后2007年12月谷歌放出了一个Milestone 3的更新带来了更大的480×320设备设置。这个更新的标签是“m3-rc37a”。软件看起来还是像黑莓一样仅仅是带来了更多的屏幕分辨率支持。
@ -158,7 +156,7 @@ Ron Amadeo供图
via: http://arstechnica.com/gadgets/2014/06/building-android-a-40000-word-history-of-googles-mobile-os/
译者:[alim0x](https://github.com/alim0x) 校对:[校对者ID](https://github.com/校对者ID)
译者:[alim0x](https://github.com/alim0x) 校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出

79
published/The history of Android/02 - The history of Android.md Normal file
View File

@ -0,0 +1,79 @@
安卓编年史2
=============================================================================
![Milestone 5主屏幕展示了“All”按钮两个dock图标以及四个最近使用的应用。中主屏幕与打开的应用程序列表。右边电源菜单。](http://cdn.arstechnica.net/wp-content/uploads/2013/12/homescree052n.jpg)
*左Milestone 5主屏幕展示了“All”按钮两个dock图标以及四个最近使用的应用。中主屏幕与打开的应用程序列表。右边电源菜单* [Ron Amadeo供图]
### 安卓0.5, Milestone 5——如今已经是报废接口的领地了 ###
“M5-RC14”版本发布后——也就是第一个安卓模拟器发布三个月之后安卓迎来了它的首次重大革新。 2008年2月发布的“Milestone5”甩掉了延伸自黑莓的界面走向一个完全革新的设计——谷歌在触控友好界面上的第一次尝试。
在浏览器的用户代理字符串的中此版本仍然被识别为“Android 0.5”但Milestone 5与安卓的第一个版本相比已经完全不一样了。几个核心的Android功能直接追踪他们的血统会最终回到这个版本。通知面板的布局和功能几乎已经整装待发并且除了样式变化外菜单也最终成型。距离安卓1.0项目发布的时间仅仅只剩八个月,一个操作系统的基础已经开始成型了。
有一件东西目前绝对不是它的最终模样那就是是主屏幕。这是一个不可配置的单屏壁纸的应用程序的抽屉和托盘。应用程序图标是气泡状的三种颜色的组合由一个圆角矩形的白色背景包围着。应用程序抽屉在右下角有一个“所有”按钮轻按它打开的应用程序列表显示在了左边。这个“所有”按钮正上面的是两个托盘图标“联系人”和“拨号盘”分别获得了永久的专属主屏幕位置。然后上边有四个模块它们是“最近的应用程序”的早期版本展示了最后访问的应用程序。没有了左侧屏幕和右侧屏幕要是没有托盘和“最近的应用程序”占用的一整列这种布局下只能放下21个应用程序图标。模拟器仍然只带有尽量少的应用程序但在实际的设备中这样的设计看起来并不会很好的工作效果。
按住“挂断”按钮会出现电源菜单的一个相当早期的版本就像你最右侧的图片中看到的。谷歌此时仍然没有标准的智能手机命名术语对于“Turn Off Screen”关闭屏幕最好的形容也许是“Lock screen”锁定屏幕——虽然当时没有锁屏和“Turn Off Radio”关闭射频在今天被叫做“Airplane Mode”飞行模式
![从左至右依次为:令人惊喜的现代通知面板,谷歌地图的菜单在打开着(地图已经不可用了),和新的适合触控的列表视图。](http://cdn.arstechnica.net/wp-content/uploads/2013/12/noti2.png)
*从左至右依次为:令人惊喜的现代通知面板,谷歌地图的菜单在打开着(地图已经不可用了),和新的适合触控的列表视图* [Ron Amadeo供图]
回溯到Milestone 5谷歌在那时对通知面板有着明确的认识。就像在任何现代的智能手机里一样通知中心从屏幕顶部下拉下来以唤出。目前的通知都以列表的形式显示。通知面板的第一个版本是不透明的白色薄片以及底部中心有个橙色圆点的带着棱纹的的“把手”。通知是可点击的通过点击可以打开该通知关联的应用程序。没有人为此列表中垂直对齐应用程序图标而感到困扰不过也没关系随着接下来的更新它已经是过去式了。
置顶通知能够进入一个在面板顶部的“正在进行”的部分。在这个版本中这里似乎只包含通话。在“最近事件”里的通知只有打开相应的应用程序后才清楚。用户惊喜地发现可以通过内置的XMPP连接成功登录到谷歌talk。不过虽然通知面板中显示“新会话信息”这里实际上并不是一个即时消息应用程序。
Milestone 5里是全新的艺术设计。应用程序图标被重新绘制并且菜单从一个无聊的黑莓风格的文本列表转变为一个全彩、卡通的大图标方阵。通知面板图标也从简单的、突兀的、白色的图标切换到一个绿色的气泡设计。当时信号指示下边有一条奇怪的黑线没有明显的作用。早期开发版本的微小列表视图不适合手指使用所以Milestone 5带来了更加强大的整体布局。
![拨号盘,最近通话,和来电。](http://cdn.arstechnica.net/wp-content/uploads/2013/12/phonestuff.png)
*拨号盘,最近通话,和来电。* [Ron Amadeo供图]
M5是第一个有一个拨号盘的版本即使她是一个相当难看的版本。数字被显示在包含一个奇怪的聊天气泡风格的退格键的渐变填充条里看上去就像是从其他界面回收回来的。对齐问题随处可见。按钮上的数字没有正确的垂直居中而且退格键的“X”也没有与对话框对齐。由于屏幕上没有的“拨号”按钮你甚至不能从拨号盘打个电话它强制要求有个拨号的硬件实体按钮。
Milestone 5 有几个选项卡式界面,所有这些都演示了一个关于标签应该如何工作的奇怪的想法。活跃的标签是白色的,而背景标签是底部拥有一小条白色条带的黑色标签。后台标签应该是表示向下下沉的吗?切换标签时,是没有动画效果的。直到目前还不清楚这个设计试图想表达什么。
在第二张图片中显示的最近通话记录项是从一个单独的应用程序降级为拨号盘的选项卡。它抛弃了早期版本疯狂的十字UI多亏了大块列表视图现在所有必要的信息都是显示在一个正常的列表中。
不同于拨号盘来电画面有显示在屏幕上的按钮来接听和结束通话。奇怪的是来电屏幕贴在屏幕的底部而不是顶部或中心。它可能是从旧的黑莓4:3屏幕遗留下来的问题。
![通话中,触摸屏不可用的显示错误信息,和显示第二通话暂停的通话界面。](http://cdn.arstechnica.net/wp-content/uploads/2013/12/callsstuff.png)
*通话中,触摸屏不可用的显示错误信息,和显示第二通话暂停的通话界面* [Ron Amadeo供图]
通话中的界面看起来正常但在实际中毫无意义。今天在通话中为了阻止你的脸按到按钮手机近距离传感器一旦检测到物体会关闭屏幕。尽管Milestone 5不支持近距离传感器。谷歌的随意的解决方案是在通话过程中禁用整个触摸屏。与此同时通话中的屏幕显然会检测触摸。这时候是有大的可触摸的按钮*但就是不让你摸!*
M5在这里让Milestone 3版本的几个功能回归了。许多旧的界面里体面的图标被替换成了文本。像“静音”按钮在激活的时候不再提供屏幕上的反馈。合并通话被完全去除了。
![浏览器的主要菜单,浏览器的二级菜单,疯狂的变焦控制和窗口界面。](http://cdn.arstechnica.net/wp-content/uploads/2013/12/browser4.png)
*浏览器的主要菜单,浏览器的二级菜单,疯狂的变焦控制和窗口界面* [Ron Amadeo供图]
浏览器菜单中进行了常规的触摸功能大整修,并且“更多”按钮第一次出现。它充当一个[你菜单的额外菜单][1]。相对于将3x2的网格变成3x4的网格Milestone 5以及Android的许多后续版本一样中使用很长的、滚动的列表来引出其他选项。不支持双指缩放据说是[向苹果让步][2]因此Android运行着荒谬的控件就像上边第三张图片一样。谷歌将它显示在屏幕的中间而不是明智地设置成比如一个水平的、底部对齐的缩放控件。最后一张图片显示浏览器的“窗口”界面允许你打开多个网页并在它们之间更轻松地切换。
![谷歌地图的图层选择,搜索界面,以及路线界面。](http://cdn.arstechnica.net/wp-content/uploads/2013/12/amps.png)
*谷歌地图的图层选择,搜索界面,以及路线界面。* [Ron Amadeo供图]
谷歌地图仍然不能使用但我们接触的小小UI却有了显著更新。你可以选择地图图层虽然只有两种可以选择卫星和交通。顶部对齐的搜索界面奇怪地隐藏了状态栏而底部对齐的路线没有隐藏状态栏。路线的输入按钮被标有“Go”而且搜索的输入按钮却被标有一个奇怪的弯曲的箭头。这样的例子不胜枚举并演示了保守的安卓在最坏时候的情况在同一个应用程序外观和工作方式*应该*类似的两个功能,在实现上却完全相反。
----------
![Ron Amadeo](http://cdn.arstechnica.net/wp-content//uploads/authors/ron-amadeo-sq.jpg)
[Ron Amadeo][a] / Ron是Ars Technica的评论编缉专注于安卓系统和谷歌产品。他总是在追寻新鲜事物还喜欢拆解事物看看它们到底是怎么运作的。
[@RonAmadeo][t]
--------------------------------------------------------------------------------
via: http://arstechnica.com/gadgets/2014/06/building-android-a-40000-word-history-of-googles-mobile-os/2/
译者:[cereuz](https://github.com/cereuz) 邮箱:[cereuz](mailto:sunedo@qq.com)
校对:[alim0x](https://github.com/alim0x)/[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[1]:http://i.imgur.com/GIYGTnb.jpg
[2]:http://www.businessinsider.com/steve-jobs-on-android-founder-andy-rubin-big-arrogant-f-2013-11
[a]:http://arstechnica.com/author/ronamadeo
[t]:https://twitter.com/RonAmadeo

57
sources/news/20141115 LibreOffice 4.3.4 Released With 60 Bug Fixes v4.4 Shaping Up Nicely.md
View File

@ -1,57 +0,0 @@
LibreOffice 4.3.4 Released With 60 Bug Fixes, v4.4 Shaping Up Nicely
================================================================================
![](http://www.omgubuntu.co.uk/wp-content/uploads/2010/12/libreoffice.png)
**Two weeks on [from the last][1], The Document Foundation is back with yet another minor release of its open-source LibreOffice productivity suite.**
LibreOffice 4.3.4, the fourth such minor release in the fresh series, is composed solely of bug fixes, which is par for the course in these point releases.
Adding to the sense of deja vu is the number of bugs the foundation say have been caught in the developers butterfly net: around 60 or so.
- Sorting behaviour now defaults to old style again (Calc)
- Restore focus window after preview (Impress)
- Chart wizard dialog no longer cut off
- Word count with recorded changes fixed (Writer)
- Various RTF fixes, including image border import (Writer)
A full list of changes can be [found on the LibreOffice Wiki page][2].
### Download ###
Many folks have the whole LibreOffice schaboodle installed but rarely ever use it. If you count yourself among them, you could hold off on this release and never notice.
If you do fancy upgrading you can find all of the relevant download links on the official project website.
- [Download LibreOffice 4.3.4][3]
### Looking Ahead to LibreOffice 4.4 ###
![Info bar coming in LibreOffice 4.4](http://www.omgubuntu.co.uk/wp-content/uploads/2014/11/libreoffice-infobar.jpg)
Info bar coming in LibreOffice 4.4
LibreOffice 4.4 should be a little more promising.
[A wiki page details][4] the ongoing GUI tweaks in progress, with a new color picker, restyled paragraph line-spacing selector and an info bar to denote read only mode among the many, many highlights.
While the sum of these wont amount to the huge wholesale interface changes I know the desktop community clamours for, they are sure-footed steps in the right direction.
Its also salient to remember that LibreOffice is a staple — in some cases integral — software for businesses and institutions. Any dramatic overhaul in look or layout would have a big knock on effect.
Thanks Tim W!
--------------------------------------------------------------------------------
via: http://www.omgubuntu.co.uk/2014/11/libreoffice-4-3-4-arrives-bundle-bug-fixes
作者:[Joey-Elijah Sneddon][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[a]:https://plus.google.com/117485690627814051450/?rel=author
[1]:http://www.omgubuntu.co.uk/2014/10/libreoffice-4-3-3-released-62-bug-fixes
[2]:https://wiki.documentfoundation.org/Releases/4.3.4/RC1
[3]:http://www.libreoffice.org/download/libreoffice-fresh/
[4]:https://wiki.documentfoundation.org/ReleaseNotes/4.4#GUI

100
sources/news/20141118 Budgie Desktop v8 Released With Improved Menu, Panel.md Normal file
View File

@ -0,0 +1,100 @@
Budgie Desktop v8 Released With Improved Menu, Panel
================================================================================
![](http://www.omgubuntu.co.uk/wp-content/uploads/2014/11/budgie-desktop.jpg)
**A new version of [Evolve OS][1]s simple [Budgie Desktop Environment][2] has been released, and the improvements under its wing are impressive.**
Made up of 78 commits, the lightweight desktop lands with a host of new options and applets to play with. Its plumage has also benefitted from a bit of TLC, with key parts of the shell feeling fresher and looking more refined.
But will the changes ruffle the feathers of the Budgie flock or leave them squawking in awe? Lets take a closer look.
### Budgie v8 ###
#### Menu Changes ####
The **Budgie Menu** now uses a narrower compact layout by default. This style lists the applications in categories (as previously) but sorted by usage rather than name.
Software that you open most often sit nearer the top of each category header. Its an efficacious decision that should help save time for those who hunt n scroll for apps rather than use the handy search filter.
![The Menu uses compact mode by default](http://www.omgubuntu.co.uk/wp-content/uploads/2014/11/budgie-desktop-8.jpg)
The Menu uses compact mode by default
The old two-pane setup that featured in earlier builds remains available; you can toggle it back on in Budgies preferences (**right click on the menu applet > Preferences**).
The power option menu that previously
resided in the main menu has been moved over to the System Tray applet (i.e., volume). Additionally, you can now access System Settings entries from the menu itself — no more scratching of heads!
#### Panel Changes ####
![Quicklist support in Budgie 0.8](http://www.omgubuntu.co.uk/wp-content/uploads/2014/11/quicklist-support-in-budgie.jpg)
Quicklist support in Budgie 0.8
The Budgie Panel and task list applet both benefit from a raft of improvements, including new auto-hide options, dynamic theming support and a new GNOME 2-style menu bar option.
- Auto-hide (optional)
- Quicklist support
- Dark theme support
- Application pinning
- App attention hint
- GNOME Panel theming
- Old-school Menu Bar applet (optional)
![](http://www.omgubuntu.co.uk/wp-content/uploads/2014/11/classic-menu.jpg)
#### Elsewhere ####
Other changes include support for GNOME 3.10 and up; improved animations when changing wallpapers; and the run dialog has been hugely improved in design, sporting an almost Alfred/GNOME-Do-esque design. Mmmhm!
![Run, Run, Run](http://www.omgubuntu.co.uk/wp-content/uploads/2014/11/budgie-run-dialog.jpg)
Run, Run, Run
### Install Budgie Desktop on Ubuntu ###
Budgie 0.8 is, as with previous releases, available to install in Ubuntu 14.04 LTS and Ubuntu 14.10 by way of an official PPA. The desktop can be installed alongside Unity, GNOME Shell and Cinnamon without much (if any) issue.
To install, open a new Terminal window and enter the following commands. Enter your password where prompted.
sudo add-apt-repository ppa:evolve-os/ppa
sudo apt-get update && sudo apt-get install budgie-desktop
After the install has completed you will need to log out of Unity (or whichever desktop youre currently using). At the Unity Greeter click the Ubuntu logo emblem, select the Budgie session from the session list, and then log in as normal. The Budgie desktop will load.
![](http://www.omgubuntu.co.uk/wp-content/uploads/2014/11/select-budgie.jpg)
#### Notes for Ubuntu Users ####
![Expect Odd Theming Issues in Ubuntu](http://www.omgubuntu.co.uk/wp-content/uploads/2014/11/not-all-perfect.jpg)
Expect Odd Theming Issues in Ubuntu
While Budgie is now easy for Ubuntu users to install it is not designed for it specifically (the Evolve OS distribution is the best way to experience it).
Naturally, you might not fancy upheaving to another OS. Thats fine, but if you plan on keeping Budgie caged in Ubuntu youll need to note the following caveats (lest you end up bird-brained).
First up, **Budgie is under active development**. Several key features remain missing, including native network management support. An applet can be added to the panel that supports Ubuntus Indicator Applets, but its a little rough around the edges.
You should also expect some theming issues when using the shell with Ambiance/Radiance. The Adwaita theme (and other GNOME themes) work best. You should also disable Ubuntus Overlay Scrollbars.
Finally, logout (volume > power button) **does not work under Ubuntu**. To log out you should use the run dialog (Alt+F2) and the following command:
gnome-session-quit
If all of that sounds like fun rather than faff, theres plenty to enjoy in Budgie and not just its minimal system footprint! Let us know your own thoughts on it, what youd like to see it add next, etc. in the comments below.
--------------------------------------------------------------------------------
via: http://www.omgubuntu.co.uk/2014/11/budgie-desktop-0-8-released-big-changes
作者:[Joey-Elijah Sneddon][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[a]:https://plus.google.com/117485690627814051450/?rel=author
[1]:http://evolve-os.com/
[2]:http://www.omgubuntu.co.uk/2014/07/install-budgie-evolve-os-desktop-ubuntu-14-04

51
sources/news/20141118 Ubuntu 15.04 Gets Tentative Release Date of April 23, 2015.md Normal file
View File

@ -0,0 +1,51 @@
Ubuntu 15.04 Gets Tentative Release Date of April 23, 2015
================================================================================
![](http://i.imgur.com/FfX14E9.jpg)
**Doing anything special on April 23 next year? You might well be — its the tentative release date being given for Ubuntu 15.04 Vivid Vervet.**
The date, along with those of various other development milestones, is listed as part of a [draft release schedule][1] on the Ubuntu Wiki page for the V update. As of writing all dates are subject to approval from the Ubuntu release team and are therefore **not final**.
Ubuntus previous spring release, 14.04 LTS, went live on April 17, 2014.
### Veracity Potential is Void ###
![Dates not yet ready to be inked in](http://www.omgubuntu.co.uk/wp-content/uploads/2014/05/california-calendar.jpg)
Dates not yet ready to be inked in
Draft means just that, but having covered some 10 Ubuntu release over five years I do know that the proposed dates dont tend to differ too wildly from those that go final (famous last words, Im sure!).
Even so, take the proposals with a pinch of optimism for now. Ill be keeping both this page and the fancy-schmancy graphic updated as, if or when anything changes.
### Key Ubuntu 15.04 Release Dates ###
As with all releases post-13.04, Ubuntu proper only makes fleeting appearances in select milestone releases, specifically the final beta and the release candidate stages.
Ubuntus family of flavours, which may include Ubuntu MATE this cycle, take full advantage of the testing opportunities at hand.
- **Alpha 1** December 18th (for flavours)
- **Alpha 2** January 22nd (for flavours)
- *Feature Freeze* — February 19th
- **Beta 1** August 28th (for flavours)
- *UI Freeze* — March 12th
- **Final Beta** March 26th
- *Kernel Freeze* — April 9th
- **Release Candidate** April 16th
The final release of the Vivid Vervet in all its vivacious glory is pencilled in for release on:
- **Ubuntu 15.04 Final** April 23rd
--------------------------------------------------------------------------------
via: http://www.omgubuntu.co.uk/2014/11/ubuntu-15-04-release-schedule-date-vivid-vervet
作者:[Joey-Elijah Sneddon][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[a]:https://plus.google.com/117485690627814051450/?rel=author
[1]:https://wiki.ubuntu.com/VividVervet/ReleaseSchedule

42
sources/news/20141120 Systemd fallout--Two Debian technical panel members resign.md Normal file
View File

@ -0,0 +1,42 @@
Systemd fallout: Two Debian technical panel members resign
================================================================================
![](http://www.itwire.com/media/k2/items/cache/985881530be9dfdb268b3ae49be9a710_XL.jpg)
**Two well-known and experienced Debian developers, both members of the project's technical committee, have announced they will be leaving the committee.**
The resignations of [Colin Watson][1] and [Russ Allberry][2] from the panel come soon after senior developer Joey Hess [resigned][3] from the project altogether.
There has been much acrimony recently over the adoption of the systemd init system as the default for Jessie, the next release of Debian, which is expected to come out in the next few months.
The Debian Technical Committee [decided][4] back in February, via the casting vote of panel chief Bdale Garbee, to adopt systemd as the default. This decision came after months of discussion.
Recently, there has been [another push][5] for reconsideration led by another technical committee member, Ian Jackson, and [a general resolution][6] was put up for vote. It is open for voting until midnight on November 18, UTC (10am on Wednesday AEST). There are a few options proposed by others, including one from the Debian Project leader Lucas Nussbaum, besides the main resolution.
In the initial vote back in February, Allberry supported systemd as the default, while Watson, an employee of Canonical, the company that creates the Ubuntu GNU/Linux distribution, expressed a preference for upstart. Jackson also backed upstart.
In [a post][7] explaining his decision, Watson, one of the first batch to join Canonical, attributed it to a general move on his part to start spending his Debian time on things he found enjoyable. Late last month, [he asked][8] to be moved from the Ubuntu Foundations team to the Launchpad engineering team. Watson has given the Debian Technical Committee time to appoint someone in his place before he moves on.
In contrast, Allberry's [resignation post][9] said he wanted to leave immediately, though he later added that he would stay on for a while if needed.
His frustration was clear: "If any part of this doesn't make sense, or if any of it feels like an attack or a reaction to any single person or event, I'm happy to clarify. I would appreciate it if people would ask for clarification rather than making assumptions, as assumptions about other people's motives are one of the things that I find the most demoralising about the Debian project right now."
--------------------------------------------------------------------------------
via: http://www.itwire.com/business-it-news/open-source/66153-systemd-fallout-two-debian-technical-panel-members-resign
作者:[Sam Varghese][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[a]:http://www.itwire.com/business-it-news/open-source/itemlist/user/902-samvarghese
[1]:https://lists.debian.org/debian-ctte/2014/11/msg00052.html
[2]:https://lists.debian.org/debian-ctte/2014/11/msg00071.html
[3]:http://www.itwire.com/business-it-news/open-source/66014-systemd-fallout-joey-hess-quits-debian-project
[4]:http://www.itwire.com/business-it-news/open-source/63121-garbees-casting-vote-means-systemd-is-debian-init
[5]:http://www.itwire.com/business-it-news/open-source/65781-pushback-against-systemd-in-debian-gathers-steam
[6]:https://www.debian.org/vote/2014/vote_003
[7]:https://lists.debian.org/debian-ctte/2014/11/msg00052.html
[8]:http://www.chiark.greenend.org.uk/ucgi/~cjwatson/blosxom/ubuntu/2014-10-26-moving-on-but-not-too-far.html
[9]:https://lists.debian.org/debian-ctte/2014/11/msg00071.html

47
sources/share/20141119 Qshutdown--An avanced shutdown tool.md Normal file
View File

@ -0,0 +1,47 @@
Qshutdown An avanced shutdown tool
================================================================================
qshutdown is a Qt program to shutdown/reboot/suspend/hibernate the computer at a given time or after a certain number of minutes. It shows the time until the corresponding request is send to either the Gnome- or KDE-session-manager, to HAL or to DeviceKit and if none of these works the command sudo shutdown -P now' is used. This program may be useful for people who want to work with the computer only for a certain time.
qshutdown will show it self 3 times as a warning if there are less than 70 seconds left. (if 1 Minute or local time +1 Minute was set itll appear only once.)
This program uses qdbus to send a shutdown/reboot/suspend/hibernate request to either the gnome- or kde-session-manager, to HAL or to DeviceKit and if none of these works, the command sudo shutdown will be used (note that when sending the request to HAL or DeviceKit, or the shutdown command is used, the Session will never be saved. If the shutdown command is used, the program will only be able to shutdown and reboot). So if nothing happens when the shutdown- or reboot-time is reached, it means that one lacks the rights for the shutdown command.
In this case one can do the following:
Post the following in a terminal: "EDITOR:nano sudo -E visudo" and add this line: "* ALL = NOPASSWD:/sbin/shutdown" whereas * replaces the username or %groupname.
Configurationfile qshutdown.conf
The maximum Number of countdown_minutes is 1440 (24 hours).The configurationfile (and logfile) is located at ~/.qshutdown
For admins:
With the option Lock_all in qshutdown.conf set to true the user wont be able to change any settings. If you change the permissions of qshutdown.conf with "sudo chown root -R ~/.qshutdown" and "sudo chmod 744 ~/.qshutdown/qshutdown.conf", the user wont be able to change anything in the configurationfile.
### Install Qshutdown in Ubuntu ###
Open the terminal and run the following command
sudo apt-get install qshutdown
### Screenshots ###
![](http://www.ubuntugeek.com/wp-content/uploads/2014/11/12.png)
![](http://www.ubuntugeek.com/wp-content/uploads/2014/11/23.png)
![](http://www.ubuntugeek.com/wp-content/uploads/2014/11/31.png)
![](http://www.ubuntugeek.com/wp-content/uploads/2014/11/41.png)
--------------------------------------------------------------------------------
via: http://www.ubuntugeek.com/qshutdown-an-avanced-shutdown-tool.html
作者:[ruchi][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[a]:http://www.ubuntugeek.com/author/ubuntufix

86
sources/share/20141120 5 Best Open Source Web Browser Security Apps.md Normal file
View File

@ -0,0 +1,86 @@
5 Best Open Source Web Browser Security Apps
================================================================================
The Web browser acts as the gateway for myriad online services these days. Computer security problems are far from solved, and technology advances provide new ways for malware to infect our devices and enter our business networks. For example, smartphones and tablets offer fresh new fields for malware—and its malicious cousin, "[malvertising][1]"—to exploit.
Malvertising, or malicious advertising, injects malware into legitimate ads and ad networks. Granted, you could argue that there's a thin line between "legitimate" ads and ad networks and not-legitimate ads and ad networks. But dont get distracted. Privacy and security are inextricably linked, and protecting your privacy is part of protecting your security.
Firefox, Chrome, and Opera are the best Web browsers; they offer the best performance, the most compatibility, and the best security. These five open source security apps install in your Web browser, and they protect you from a variety of threats.
### Protect Your Privacy: Open Source Web Browser Security Apps ###
#### 1. [AdBlock][2] ####
Ad networks are wonderful malware vectors. A single ad network serves thousands of sites, so compromising one ad network equals many thousands of compromised machines. AdBlock, and its derivatives—[AdBlock Plus][2], [AdBlock Pro][3], and [AdBlock Edge][4]—are all great tools for blocking ads, which has the added benefit of making cluttery annoying ads-infested sites more usable.
Of course there is a downside: harming sites that depend on ad revenues. All of them have one-click whitelists, so you can selectively turn off ad-blocking on sites that you want to support. (Really, my dear Webmeisters, if you don't want your site visitors blocking your ads then don't be obnoxious.)
![](http://www.smallbusinesscomputing.com/imagesvr_ce/5731/fig-1-easylist_1.jpg)
Figure 1: Selecting additional filters for your Ad Blocker.
Ad blockers do more than block ads; they also block Web-tracking bugs and malicious domains. To turn on additional filter lists, click on your ad blocker icon > click **Preferences**, and go to the **Filter Subscriptions** tab. Click the **Add Filter Subscription** button, and then add **Easy Privacy + EasyList**. The Malware Domains filter is a good one to include as well; it blocks domains that are known to host malware and spyware. Adblock works with Firefox, Chrome, Opera, Safari, Internet Explorer, and Android.
#### 2. [HTTPS Everywhere][5] ####
HTTPS Everywhere browser extension ensures that you will never accidentally connect to a Web site with HTTP when HTTPS is available. HTTPS means your connection is encrypted with SSL (secure sockets layer), which is a commonly-used protocol for encrypting Web and email connections. HTTPS Everywhere is available for Firefox, Chrome, and Opera.
When you install HTTPS Everywhere, it asks if you want to enable the SSL Observatory. Say yes, as it offers additional protections against man-in-the-middle and bogus SSL certificate attacks. HTTPS Everywhere works with Firefox, Chrome, Opera, Android.
#### 3. [Social Fixer][6] ####
Social Fixer tames Facebook. It gives you mighty powers to filter your news feed so that you see what you want to see, creates tabbed feeds organized by topic, hides whatever you don't want to see, displays pictures full-sized on mouse-over, disables the Theater view of images, and lots more.
It's not really designed to be a security tool, but Social Fixer offers two important security features:
- It anonymizes Facebook pages for screenshots by replacing profile pictures with generic icons, and it changes usernames to fake names
- It reliably blocks Facebook games, which are notorious sources of trouble
![](http://www.smallbusinesscomputing.com/imagesvr_ce/2858/fig-2-socialfixer_1.jpg)
Figure 2: Anonymizing a Facebook screen with Social Fixer.
#### 4. [Privacy Badger][7] ####
The Electronic Frontier Foundation's Privacy Badger is a superb tracker-and spy-ads blocker. These days Web pages are composed of content from multiple sources: ad servers, comments servers, content farms, image farms, third-party login servers, and gosh knows what-all.
AdBlock is good at blocking this junk, but Privacy Badger is better. It doesn't rely on filter lists, which have to be maintained by humans somewhere, but rather algorithms and policy methods, and you can easily override it if it blocks something in error. Privacy Badger works with Firefox and Chrome.
![](http://www.smallbusinesscomputing.com/imagesvr_ce/9256/fig-3-privacybadger_1.jpg)
Figure 3: Privacy Badger blocks tracking sites.
Privacy Badger should just work. Click on its icon to see what it's blocking on any site you're visiting. Try it on Huffingtonpost.com, one of the champions of stuffing the maximum number of third-party components into each and every page (Figure 3).
The sliders tell the status of each site: red means that site is completely blocked, so it can't set cookies or serve up any content to you. Yellow indicates a third-party domain that appears to be trying to track you, but it is on Privacy Badger's whitelist of allowed domains. Green is for a third-party domain that is not yet classified as a tracker, but this could change as you visit **multiple** sites and Privacy Badger observes its behavior.
You can set the sliders yourself according to your preference; for example, on one site I visited Privacy Badger blocked bazaarvoice.com, which some shopping sites use to host their customer reviews.
#### 5. [Disconnect][8] ####
Disconnect is another anti-tracker and anti-cookie tool with a great feature set. It runs on Firefox, Chrome, Internet Explorer, and Safari, and offers special iOS and Android versions. Not only does it foil trackers, it also secures your wireless transmissions (Wi-fi, 3G, and 4G) with its own virtual private network, protecting you from wiretapping and malvertising. It protects you from widgetjacking, which is a technique used by attackers to gain access to your sites that require logins. With widgetjacking they don't even need your password; they use stolen cookies.
Disconnect also provides a safe search feature that lets you use your favorite search engines while blocking their snoopy data-mining habits.
Just assume that everyone on the Web is out to get you. It's all abstract and behind the scenes, and not obvious like someone bashing a window to get into your house. But the threats are numerous and real, and you have to take precautions to protect yourself.
Carla Schroder is the author of The Book of Audacity, Linux Cookbook, Linux Networking Cookbook,and hundreds of Linux how-to articles. She's the former managing editor of Linux Planet and Linux Today.
--------------------------------------------------------------------------------
via: http://www.smallbusinesscomputing.com/biztools/5-best-open-source-web-browser-security-apps.html
作者:[Carla Schroder][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[a]:http://www.smallbusinesscomputing.com/author/Carla-Schroder-6080.html
[1]:http://www.webopedia.com/TERM/M/malvertising.html
[2]:https://getadblock.com/
[3]:https://chrome.google.com/webstore/detail/adblock-pro/ocifcklkibdehekfnmflempfgjhbedch?hl=en-US
[4]:https://addons.mozilla.org/en-us/firefox/addon/adblock-edge/
[5]:https://www.eff.org/Https-everywhere
[6]:http://socialfixer.com/
[7]:https://www.eff.org/privacybadger
[8]:https://disconnect.me/

1
sources/talk/20141108 When hackers grow old.md
View File

@ -1,3 +1,4 @@
[translating by KayGuoWhu]
When hackers grow old
================================================================================
Lately Ive been wrestling with various members of an ancient and venerable open-source development group which I am not going to name, though people who regularly follow my adventures will probably guess which one it is by the time Im done venting.

106
sources/talk/20141119 When Microsoft Went A-Courting.md Normal file
View File

@ -0,0 +1,106 @@
When Microsoft Went A-Courting
================================================================================
![](http://www.linuxinsider.com/ai/769827/microsoft-linux-open-source.jpg)
**Open-sourcing .Net "doesn't have a thing to do with Linux -- it has to do with SaaS and having a CEO that isn't a whackadoo living in the 90s," said SoylentNews blogger hairyfeet. "Nadella is smart and realizes the value of a programming language is not patents or OS exclusivity but in services and support for the language. ... The more platforms the language can be used on, the better."**
Fans of free and open source software perhaps may be excused if they've felt a bit confused over the past few days. Dizziness, headaches and vertigo also have been common.
What strange new ailment is this, you might ask?
Well, it's no ailment, Linux Girl is glad to report. That, however, doesn't mean it's any simpler to remedy.
The cause, it turns out, is none other than the news that Microsoft is open sourcing .Net and also expanding it to run on Linux and Mac OS.
Yes, you heard that right: Steve Ballmer once may have [called Linux a "cancer,"][1] but today Redmond has a newfound "[love" for Linux][2] that can't be contained!
It's making Microsoft behave in strange new ways -- and it's also driving FOSS fans to the blogosphere's seedy Broken Windows Lounge in greater numbers than ever.
Can tequila help make sense of it all? That's one of many questions now being investigated.
### 'A Chance to Thrive' ###
"This is big news, and somewhat overdue," Chris Travers, a [blogger][3] who works on the [LedgerSMB][4] project, told Linux Girl.
![](http://www.linuxinsider.com/images/article_images/linuxgirl_bg_pinkswirl_150x245.jpg)
"We live in a world where new programming languages which are open sourced thrive even without being backed by big businesses, and closed source programming languages only survive with help from big businesses," Travers said. "Bing closed source killed REBOL 2.x," for example.
"This move has clearly been in the works for some time -- a large company like Microsoft does not open source something of this complexity overnight -- and I think to some extent Microsoft must have seen the writing on the wall when Sun open sourced the OpenJDK," he suggested.
Meanwhile, "this gives languages like C# and F# a chance to thrive well beyond their current markets," Travers said.
### 'I Still Don't Trust You' ###
"I want to be the first to say, 'Thank you Microsoft!'" [Linux Rants][5] blogger Mike Stone began. "We really appreciate you open sourcing .Net and taking it cross platform. It's a step in the right direction!
"I still don't trust you, though," he added.
"I love that Microsoft is considering open source, but I have seen no movement towards the GPL," Stone told Linux Girl. "This strikes me as an opportunity to get their software on multiple platforms but tie the developers down to Microsoft."
Moreover, there are no guarantees that Microsoft will keep .Net open source over the years, he pointed out.
"That means that Microsoft could withdraw and leave all applications developed with the intention of being cross platform legally Windows-only," he warned. "I won't put any faith in Microsoft's commitment, and I'll always be looking for their sudden but inevitable betrayal."
### 'Watch for Greeks Bearing Gifts' ###
The move reeks of desperation, Google+ blogger Alessandro Ebersol suggested.
"They arrived too late," Ebersol said. "Java already ate the best dishes, and while .Net was a Windows/Microsoft-only thing, Java was everywhere. Good luck trying to be adopted."
Besides, "I would only believe it if it was GPL'ed to protect the creators of the code," he added. "A fragile MIT license can be overturned at anytime."
In any case, "with all the hatred the company generated towards the FLOSS community, they burned the bridge beyond repair," Ebersol concluded. "The bottom line: Timeo Danaos et dona ferentes -- Watch carefully for Greeks bearing gifts..."
### 'Like a Cat Loves Mice' ###
Microsoft loves Linux "like a cat loves mice," blogger [Robert Pogson][6] quipped. "Sure, they will play with */Linux, but they are not our friends."
What's happened is that the FOSS and Linux communities have defeated "all the barriers to entry that M$ placed in the way of competition since M$ first made a deal with IBM to supply an OS," Pogson said. "You bet M$ is trying desperately to 'make friends' with 'the enemy' now that their position is overrun.
"It's all good," he added. "M$ can still cause a lot of trouble by spending $billions foolishly or they can become a normal business and compete on price/performance. That's not 'love' -- that's accepting reality."
### Adapt or Die ###
The problem for Microsoft is that "open source development packages are starting to get good enough for developers," offered consultant and [Slashdot][7] blogger Gerhard Mack.
"At my last job, most of the programmers wanted Eclipse rather than Visual Studio, even though the client software was Windows-only, and I had a slowly increasing number move their development to Linux while using Windows for testing," Mack recalled.
"Very few people want to be locked into just one platform, so more of the mindshare is moving away from single-platform languages," he added. "Microsoft must now choose between adapting or dying."
### No Warm Fuzzies Here ###
art of what's driving the move is also that "the various cloud implementations are very heavily Linux, and even on Microsoft's own Azure cloud, Linux is a strong presence," Google+ blogger Kevin O'Brien suggested.
"Nadella has made it clear he is taking Microsoft in a cloud direction, so he almost has to do this to even stay in the game," O'Brien asserted.
That said, however, "I don't expect Microsoft to be cuddly and nice -- they will do whatever they think is in their best corporate interest," he said.
In fact, "it doesn't have a thing to do with Linux -- it has to do with SaaS and having a CEO that isn't a whackadoo living in the 90s," SoylentNews blogger hairyfeet told Linux Girl.
"Nadella is smart and realizes the value of a programming language is not patents or OS exclusivity but in services and support for the language," hairyfeet explained. "With that in mind, the more platforms the language can be used on, the better, as that adds value to the language and will give you that many more you can sell services to."
### The Fall of an Empire ###
ll in all, if anything is clear, it's that "Micro$oft's empire is tumbling down," said Google+ blogger Gonzalo Velasco C.
"I don't know or care about why they are lying and saying they love Linux," he added. "I just hope the GNU/Linux community is smarter than recently (cough, Systemd, cough) and refuses Micro$oft .Net and other infections. GNU/Linux must use only FLOSS tools."
--------------------------------------------------------------------------------
via: http://www.linuxinsider.com/story/When-Microsoft-Went-A-Courting-81374.html
作者:[Katherine Noyes][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[a]:http://twitter.com/noyesk
[1]:http://www.linuxinsider.com/perl/story/35697.html
[2]:http://www.theregister.co.uk/2014/10/20/microsoft_cloud_event/
[3]:http://ledgersmbdev.blogspot.com/
[4]:http://www.ledgersmb.org/
[5]:http://linuxrants.com/
[6]:http://mrpogson.com/
[7]:http://slashdot.org/

188
sources/tech/20140818 What are useful CLI tools for Linux system admins.md
View File

@ -1,188 +0,0 @@
zpl1025
What are useful CLI tools for Linux system admins
================================================================================
System administrators (sysadmins) are responsible for day-to-day operations of production systems and services. One of the critical roles of sysadmins is to ensure that operational services are available round the clock. For that, they have to carefully plan backup policies, disaster management strategies, scheduled maintenance, security audits, etc. Like every other discipline, sysadmins have their tools of trade. Utilizing proper tools in the right case at the right time can help maintain the health of operating systems with minimal service interruptions and maximum uptime.
This article will present some of the most popular and useful CLI tools recommended for sysadmins in their day to day activities. If you would like to recommend any useful tool which is not listed here, don't forget to share it in the comment section.
### Network Tools ###
1. **ping**: Check end-to-end connectivity (RTT delay, jitter, packet loss) of a remote host with ICMP echo/reply. Useful to check system status and reachability.
2. **[phping][1]**: Network scanning and testing tool that can generate ICMP/TCP/UDP ping packets. Often used for advanced port scanning, firewall testing, manual path MTU discovery and fragmentation testing.
3. **traceroute**: Discover a layer-3 forwarding path from a local host to a remote destination host with TTL-limited ICMP/UDP/TCP probe packets. Useful to troubleshoot network reachability and routing problems.
4. **mtr**: A variation of traceroute which characterizes per-hop packet loss/jitter with running statistics. Useful to characterize routing path delays.
5. **[netcat][2]/[socat][3]**: A swiss army knife of TCP/IP networking, allowing to read/write byte streams over TCP/UDP. Useful to troubleshoot firewall policies and service availability.
6. **dig**: DNS troubleshooting tool that can generate forward queries, reverse queries, find authoritative name servers, check CNAME, MX and other DNS records. Can be instructed to query a specific DNS server of your choosing.
7. **nslookup**: Another DNS checking/troubleshooting tool. Works with all DNS queries and records. Can query a particular DNS server.
8. **dnsyo**: A DNS testing tool which checks DNS propagation by performing DNS lookup from over a number of open resolvers located across 1,500 different networks around the world.
9. **lsof**: Show information about files (e.g., regular files, pipes or sockets) which are opened by processes. Useful to monitor open network connections.
10. **iftop**: A ncurses-based TUI utility that can be used to monitor in real time bandwidth utilization and network connections for each network interfaces. Useful to keep track of bandwidth hogging applications, users, destinations and ports.
11. **netstat**: A network statistics utility that can show status information and statistics about open network connections (TCP/UDP ports, IP addresses), routing tables, TX/RX traffic and protocols. Useful for network related diagnosis and performance tuning.
12. **[tcpdump][4]**: A popular packet sniffer tool based on libpcap packet capture library. Can define packet capturing filters in Berkeley Packet Filters format.
13. **[tshark][5]**: Another CLI packet sniffer software with full compatibility with its GUI counterpart, Wireshark. Supports [1,000 protocols][6] and the list is growing. Useful to troubleshoot, analyze and store information on live packets.
14. **ip**: A versatile CLI networking tool which is part of iproute2 package. Used to check and modifying routing tables, network device state, and IP tunneling settings. Useful to view routing tables, add/remove static routes, configure network interfaces, and otherwise troubleshoot routing issues.
15. **ifup/ifdown**: Used to bring up or shut down a particular network interface. Often a preferred alternative to restarting the entire network service.
16. **[autossh][7]**: A program which create an SSH session and automatically restarts the session should it disconnect. Often useful to create a persistent reverse SSH tunnel across restrictive corporate networks.
17. **iperf**: A network testing tool which measures maximum bi-directional throughput between a pair of hosts by injecting customizable TCP/UDP data streams in between.
18. **[elinks][8]/[lynx][9]**: text-based web browsers for CLI-based server environment.
### Security Tools ###
19. **[iptables][10]**: A user-space CLI tool for configuring Linux kernel firewall. Provides means to create and modify rules for incoming, transit and outgoing packets within Linux kernel space.
20. **[nmap][11]**: A popular port scanning and network discovery tool used for security auditing purposes. Useful to find out which hosts are up and running on the local network, and what ports are open on a particular host.
21. **[TCP Wrappers][12]**: A host-based network ACL tool that can be used to filter incoming/outgoing reqeuests/replies. Often used alongside iptables as an additional layer of security.
22. **getfacl/setfacl**: View and customize access control lists of files and directories, as extensions to traditional file permissions.
23. **cryptsetup**: Used to create and manage LUKS-encrypted disk partitions.
24. **lynis**: A CLI-based vulnerability scanner tool. Can scan the entire Linux system, and report potential vulnerabilities along with possible solutions.
25. **maldet**: A malware scanner CLI tool which can detect and quarantine potentially malware-infected files. Can run as a background daemon for continuous monitoring.
26. **[rkhunter][13]/[chkrootkit][14]**: CLI tools which scan for potential rootkits, hidden backdoors and suspected exploits on a local system, and disable them.
### Storage Tools ###
27. **fdisk**: A disk partition editor tool. Used to view, create and modify disk partitions on hard drives and removable media.
28. **sfdisk**: A variant of fdisk which accesses or updates a partition table in a non-interactive fashion. Useful to automate disk partitioning as part of backup and recovery procedure.
29. **[parted][15]**: Another disk partition editor which can support disk larger than 2TB with GPT (GUID Partitioning Table). Gparted is a GTK+ GUI front-end of parted.
30. **df**: Used to check used/available storage and mount point of different partitions or file directories. A user-friendly variant dfc exists.
31. **du**: Used to view current disk usage associated with different files and directories (e.g., du -sh *).
32. **mkfs**: A disk formatting command used to build a filesystem on individual disk partitions. Filesystem-specific versions of mkfs exist for a number of filesystems including ext2, ext3, ext4, bfs, ntfs, vfat/fat.
33. **fsck**: A CLI tool used to check a filesystem for errors and repair where possible. Typically run automatically upon boot when necessary, but also invoked manually on demand once unmounting a partition.
34. **mount**: Used to map a physical disk partition, network share or remote storage to a local mount point. Any read/write in the mount point makes actual data being read/written in the correspoinding actual storage.
35. **mdadm**: A CLI tool for managing software RAID devices on top of physical block devices. Can create, build, grow or monitor RAID array.
36. **lvm**: A suite of CLI tools for managing volume groups and physical/logical volumes, which allows one to create, resize, split and merge volumes on top of multiple physical disks with minimum downtime.
### Log Processing Tools ###
37. **tail**: Used to monitor trailing part of a (growing) log file. Other variants include multitail (multi-window monitoring) and [ztail][16] (inotify support and regex filtering and coloring).
38. **logrotate**: A CLI tool that can split, compresse and mail old/large log files in a pre-defined interval. Useful for administration of busy servers which may produce a large amount of log files.
39. **grep/egrep**: Can be used to filter log content for a particular pattern or a regular expression. Variants include user-friendly ack and faster ag.
40. **awk**: A versatile text scanning and processing tool. Often used to extract certain columns or fields from text/log files, and feed the result to other tools.
41. **sed**: A text stream editor tool which can filter and transform (e.g., remove line/whitespace, substitute/convert a word, add numbering) text streams and pipeline the result to stdout/stderr or another tool.
### Backup Tools ###
42. **[rsync][17]**: A fast one-way incremental backup and mirroring tool. Often used to replicate a data repository to an offsite storage, optionally over a secure connection such as SSH or stunnel.
43. **[rdiff-backup][18]**: Another bandwidth-efficient, incremental backup tool. Maintains differential of two consecutive snapshots.
44. **duplicity**: An encrypted incremental backup utility. Uses GnuPG to encrypt a backup, and transfers to a remote server over SSH.
### Performance Monitoring Tools ###
45. **top**: A CLI-based process viewer program. Can monitor system load, process states, CPU and memory utilization. Variants include more user-friendly htop.
46. **ps**: Shows a snapshot of all running processes in the system. The output can be customized to show PID, PPID, user, load, memory, cummulative user/system time, start time, and more. Variants include pstree which shows
### processes in a tree hierarchy. ###
47. **[nethogs][19]**: A bandwidth monitoring tool which groups active network connections by processes, and reports per-process (upload/download) bandwidth consumption in real-time.
48. **ngxtop**: A web-server access log parser and monitoring tool whose interface is inspired by top command. It can report, in real time, a sorted list of web requests along with frequency, size, HTTP return code, IP address, etc.
49. **vmstat**: A simple CLI tool which shows various run-time system properties such as process count, free memory, paging status, CPU utilization, block I/O activities, interrupt/context switch statistics, and more.
50. **iotop**: An ncurses-based I/O monitoring tool which shows in real time disk I/O activities of all running processes in sorted order.
51. **iostat**: A CLI tool which reports current CPU utilization, as well as device I/O utilization, where I/O utilization (e.g., block transfer rate, byte read/write rate) is reported on a per-device or per-partition basis.
### Productivity Tools ###
52. **screen**: Used to split a single terminal into multiple persistent virtual terminals, which can also be made accessible to remote users, like teamviewer-like screen sharing.
53. **tmux**: Another terminal multiplexer tool which enables multiple persistent sessions, as well as horizontal/vertial splits of a terminal.
54. **cheat**: A simple CLI tool which allows you to read cheat sheets of many common Linux commands, conveniently right at your fingertips. Pre-built cheat sheets are fully customizable.
55. **apropos**: Useful when you are searching man pages for descriptions or keywords.
### Package Management Tools ###
56. **apt**: The de facto package manager for Debian based systems like Debain, Ubuntu or Backtrack. A life saver.
57. **apt-fast**: A supporting utility for apt-get, which can significantly improve apt-get's download speed by using multiple concurrent connections.
58. **apt-file**: Used to find out which .deb package a specific file belongs to, or to show all files in a particular .deb package. Works on both installed and non-installed packages.
59. **dpkg**: A CLI utility to install a .deb package manually. Highly advised to use apt whenever possible.
60. **yum**: The de facto automatic package manager for Red Hat based systems like RHEL, CentOS or Fedora. Yet another life saver.
61. **rpm**: Typically I use rpmyum something. Has some useful parameters like -q, -f, -l for querying, files and locations, respectively.
### Hardware Tools ###
62. **lspci**: A command line tool which shows various information about installed PCI devices, such as model names, device drivers, capabilities, memory address, PCI bus address.
63. **lshw**: A command line tool which queries and displays detailed information of hardware configuration in various categories (e.g., processor, memory, motherboard, network, storage). Supports multiple output formats: html, xml, json, text.
64. **[inxi][20]**: A comprehensive hardware reporting tool which gives an overview of various hardware components such as CPU, graphics card, sound card, network card, temperature/fan sensors, etc.
If you would like to recommend any useful tool which is not listed here, feel free to share it in the comment section.
--------------------------------------------------------------------------------
via: http://xmodulo.com/2014/08/useful-cli-tools-linux-system-admins.html
作者:[Sarmed Rahman][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[a]:http://xmodulo.com/author/sarmed
[1]:http://www.hping.org/
[2]:http://netcat.sourceforge.net/
[3]:http://www.dest-unreach.org/socat/
[4]:http://www.tcpdump.org/
[5]:https://www.wireshark.org/docs/man-pages/tshark.html
[6]:https://www.wireshark.org/docs/dfref/
[7]:http://www.harding.motd.ca/autossh/
[8]:http://elinks.or.cz/
[9]:http://lynx.isc.org/
[10]:http://www.netfilter.org/projects/iptables/
[11]:http://nmap.org/
[12]:http://en.wikipedia.org/wiki/TCP_Wrapper
[13]:http://rkhunter.sourceforge.net/
[14]:http://www.chkrootkit.org/
[15]:http://www.gnu.org/software/parted/
[16]:https://hackage.haskell.org/package/ztail
[17]:http://rsync.samba.org/
[18]:http://www.nongnu.org/rdiff-backup/
[19]:http://nethogs.sourceforge.net/
[20]:http://code.google.com/p/inxi/

259
sources/tech/20140905 Linux TCP or IP networking--net-tools vs. iproute2.md
View File

@ -1,259 +0,0 @@
[translating by KayGuoWhu]
Linux TCP/IP networking: net-tools vs. iproute2
================================================================================
Many sysadmins still manage and troubleshoot various network configurations by using a combination of ifconfig, route, arp and netstat command-line tools, collectively known as net-tools. Originally rooted in the BSD TCP/IP toolkit, the net-tools was developed to configure network functionality of older Linux kernels. Its development in the Linux community so far has ceased since 2001. Some Linux distros such as Arch Linux and CentOS/RHEL 7 have already deprecated net-tools in favor of iproute2.
iproute2, which is another family of network configuration tools, emerged to replace the functionality of net-tools. While net-tools accesses and changes kernel network configurations via procfs (/proc) and ioctl system call, iproute2 communicates with the kernel via netlink socket interface. The /proc interface is known to be more heavyweight than netlink interface. Putting performance aside, the user interface of iproute2 is more intuitive than that of net-tools. For example, network resources (e.g., link, IP address, route, tunnel, etc.) are aptly defined with "object" abstraction, and you can manage different objects using consistant syntax. Most importantly, iproute2 has been under [active development][1] so far.
If you are still using net-tools, it is time to switch to iproute2, especially if you want to catch up with the latest and greatest networking features of the latest Linux kernel. Chances are that there are many things you can do with iproute2, but cannot with net-tools.
For those who want to make the switch, here is a round-up of net-tools vs. iproute2 comparison.
### Show All Connected Network Interfaces ###
The following commands show a list of all available network interfaces (whether or not they are active).
With **net-tools**:
$ ifconfig -a
With **iproute2**:
$ ip link show
![](https://farm4.staticflickr.com/3852/15134851045_53a5135283_z.jpg)
### Activate or Deactivate a Network Interface ###
To activate/deactivate a particular network interface, use these commands.
With **net-tools**:
$ sudo ifconfig eth1 up
$ sudo ifconfig eth1 down
With **iproute2**:
$ sudo ip link set down eth1
$ sudo ip link set up eth1
### Assign IPv4 address(es) to a Network Interface ###
Use these commands to configure IPv4 addresses of a network interface.
With **net-tools**:
$ sudo ifconfig eth1 10.0.0.1/24
With **iproute2**:
$ sudo ip addr add 10.0.0.1/24 dev eth1
Note that with iproute2, you can assign multiple IP addresses to an interface, which you cannot do with ifconfig. A workaround for this with ifconfig is to use [IP aliases][2].
$ sudo ip addr add 10.0.0.1/24 broadcast 10.0.0.255 dev eth1
$ sudo ip addr add 10.0.0.2/24 broadcast 10.0.0.255 dev eth1
$ sudo ip addr add 10.0.0.3/24 broadcast 10.0.0.255 dev eth1
### Remove an IPv4 address from a Network Interface ###
As far as IP address removal is concerned, there is no proper way to remove an IPv4 address from a network interface with net-tools, other than assigning 0 to the interface. iproute2 can properly handle this.
With **net-tools**:
$ sudo ifconfig eth1 0
With **iproute2**:
$ sudo ip addr del 10.0.0.1/24 dev eth1
### Show IPv4 Address(es) of a Network Interface ###
Checking IPv4 addresses of a particular network interface can be done as follows.
With **net-tools**:
$ ifconfig eth1
With **iproute2**:
$ ip addr show dev eth1
Again, if there are multiple IP addresses assigned to an interface, iproute2 shows all of them, while net-tools shows only one IP address.
![](https://farm6.staticflickr.com/5552/15134470952_f478190693_z.jpg)
### Assign an IPv6 address to a Network Interface ###
Use these commands to add IPv6 address(es) to a network interface. Both net-tools and iproute2 allow you to add multiple IPv6 addresses to an interface.
With **net-tools**:
$ sudo ifconfig eth1 inet6 add 2002:0db5:0:f102::1/64
$ sudo ifconfig eth1 inet6 add 2003:0db5:0:f102::1/64
With **iproute2**:
$ sudo ip -6 addr add 2002:0db5:0:f102::1/64 dev eth1
$ sudo ip -6 addr add 2003:0db5:0:f102::1/64 dev eth1
### Show IPv6 address(es) of a Network Interface ###
Displaying IPv6 addresses of a particular network interface can be done as follows. Both net-tools and iproute2 can show all assigned IPv6 addresses.
With **net-tools**:
$ ifconfig eth1
With **iproute2**:
$ ip -6 addr show dev eth1
![](https://farm4.staticflickr.com/3906/15111848536_f6cb7ddb4f_z.jpg)
### Remove an IPv6 address from a Network Interface ###
Use these commands to remove any unnecessary IPv6 address from an interface.
With **net-tools**:
$ sudo ifconfig eth1 inet6 del 2002:0db5:0:f102::1/64
With **iproute2**:
$ sudo ip -6 addr del 2002:0db5:0:f102::1/64 dev eth1
### Change the MAC Address of a Network Interface ###
To [spoof the MAC address][3] of a network interface, use the commands below. Note that before changing the MAC address, you need to deactivate the interface first.
With **net-tools**:
$ sudo ifconfig eth1 hw ether 08:00:27:75:2a:66
With **iproute2**:
$ sudo ip link set dev eth1 address 08:00:27:75:2a:67
### View the IP Routing Table ###
net-tools has two options for showing the kernel's IP routing table: route or netstat. With iproute2, use ip route command.
With **net-tools**:
$ route -n
----------
$ netstat -rn
With **iproute2**:
$ ip route show
![](https://farm6.staticflickr.com/5585/14948293867_c018df8efd_z.jpg)
### Add or Modify a Default Route ###
Here are the commands to add or modify a default route in the kernel's IP routing table. Note that with net-tools, modifying a default route can be achieved by adding a new default route, and then removing an old default route. With iproute2, use ip route replace command.
With **net-tools**:
$ sudo route add default gw 192.168.1.2 eth0
$ sudo route del default gw 192.168.1.1 eth0
With **iproute2**:
$ sudo ip route add default via 192.168.1.2 dev eth0
$ sudo ip route replace default via 192.168.1.2 dev eth0
### Add or Remove a Static Route ###
A static routing can be added or removed with the following commands.
With **net-tools**:
$ sudo route add -net 172.16.32.0/24 gw 192.168.1.1 dev eth0
$ sudo route del -net 172.16.32.0/24
With **iproute2**:
$ sudo ip route add 172.16.32.0/24 via 192.168.1.1 dev eth0
$ sudo ip route del 172.16.32.0/24
### View Socket Statistics ###
Here are the commands to check socket statistics (e.g., active/listening TCP/UDP sockets).
With **net-tools**:
$ netstat
$ netstat -l
With **iproute2**:
$ ss
$ ss -l
![](https://farm4.staticflickr.com/3843/14948157419_564982b0e6_z.jpg)
### View the ARP Table ###
You can display the kernel's ARP table with these commands.
With **net-tools**:
$ arp -an
With **iproute2**:
$ ip neigh
![](https://farm4.staticflickr.com/3908/14948193370_1c5256e8e1_z.jpg)
### Add or Remove a Static ARP Entry ###
Adding or removing a [static ARP entry][4] in the local ARP table is done as follows.
With **net-tools**:
$ sudo arp -s 192.168.1.100 00:0c:29:c0:5a:ef
$ sudo arp -d 192.168.1.100
With **iproute2**:
$ sudo ip neigh add 192.168.1.100 lladdr 00:0c:29:c0:5a:ef dev eth0
$ sudo ip neigh del 192.168.1.100 dev eth0
### Add, Remove or View Multicast Addresses ###
To configure or view multicast addresses on a network interface, use the commands below.
With **net-tools**:
$ sudo ipmaddr add 33:44:00:00:00:01 dev eth0
$ sudo ipmaddr del 33:44:00:00:00:01 dev eth0
$ ipmaddr show dev eth0
$ netstat -g
With **iproute2**:
$ sudo ip maddr add 33:44:00:00:00:01 dev eth0
$ sudo ip maddr del 33:44:00:00:00:01 dev eth0
$ ip maddr list dev eth0
--------------------------------------------------------------------------------
via: http://xmodulo.com/2014/09/linux-tcpip-networking-net-tools-iproute2.html
作者:[Dan Nanni][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[a]:http://xmodulo.com/author/nanni
[1]:https://www.kernel.org/pub/linux/utils/net/iproute2/
[2]:http://xmodulo.com/2013/02/how-to-assign-multiple-ip-addresses-to-one-network-interface-on-centos.html
[3]:http://xmodulo.com/2014/02/spoof-mac-address-network-interface-linux.html
[4]:http://xmodulo.com/2013/02/how-to-add-or-remove-static-arp-entry-on-linux.html

249
sources/tech/20141029 How to install LEMP stack nginx MariaDB or MySQL and php on CentOS.md
View File

@ -1,249 +0,0 @@
(translating by runningwater)
How to install LEMP stack (nginx, MariaDB/MySQL and php) on CentOS
================================================================================
The LEMP stack is an increasingly popular web service stack, powering mission-critical web services in many production environments. As the name implies, the LEMP stack is composed of Linux, nginx, MariaDB/MySQL and PHP. nginx is a high performance and lightweight replacement of slow and hard-to-scale Apache HTTP server used in the traditional LAMP stack. MariaDB is a community-driven fork of MySQL, with more features and better performance. PHP, a server-side language for generating dynamic content, is processed by PHP-FPM, an enhanced implementation of PHP FastCGI.
In this tutorial, I demonstrate **how to set up the LEMP stack on CentOS platforms**. I target both CentOS 6 and CentOS 7 platforms, and point out differences where necessary.
### Step One: Nginx ###
As the first step, let's install nginx on CentOS, and do basic configuration for nginx, such as enabling auto-start and [customizing the firewall][1].
#### Install Nginx ####
Let's install a pre-built stable version of nginx package from its official RPM source.
On CentOS 7:
$ sudo rpm --import http://nginx.org/keys/nginx_signing.key
$ sudo rpm -ivh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
$ sudo yum install nginx
On CentOS 6:
$ sudo rpm --import http://nginx.org/keys/nginx_signing.key
$ sudo rpm -ivh http://nginx.org/packages/centos/6/noarch/RPMS/nginx-release-centos-6-0.el6.ngx.noarch.rpm
$ sudo yum install nginx
Note that if you do not import the official nginx GPG key before installing nginx RPM, you will get this warning:
warning: /var/tmp/rpm-tmp.KttVHD: Header V4 RSA/SHA1 Signature, key ID 7bd9bf62: NOKEY
#### Start Nginx ####
After installation, nginx does not start automatically. Let's start nginx right now, and configure it to auto-start upon boot. Also, we need to open a TCP/80 port in the firewall so that you can access nginx webserver remotely. All of these are achieved by entering the following commands.
On CentOS 7:
$ sudo systemctl start nginx
$ sudo systemctl enable nginx
$ sudo firewall-cmd --zone=public --add-port=80/tcp --permanent
$ sudo firewall-cmd --reload
On CentOS 6:
$ sudo service nginx start
$ sudo chkconfig nginx on
$ sudo iptables -I INPUT -p tcp -m tcp --dport 80 -j ACCEPT
$ sudo service iptables save
#### Test Nginx ####
The default document root directory of nginx is /usr/share/nginx/html. A default index.html file must be already placed in this directory. Let's check if you can access this test web page by going to http://<nginx-ip-address>/
![](https://farm4.staticflickr.com/3940/15461279287_8573948074_b.jpg)
If you see the above page, nginx must be set up correctly. Proceed to the next.
### Step Two: MariaDB/MySQL ###
The next step is to install a database component of the LEMP stack. While CentOS/RHEL 6 or earlier provides MySQL server/client packages, CentOS/RHEL 7 has adopted MariaDB as the default implementation of MySQL. As a drop-in replacement of MySQL, MariaDB ensures maximum compatibility with MySQL in terms of APIs and command-line usages. Here is how to install and configure MariaDB/MySQL on CentOS.
On CentOS 7:
Install MariaDB server/client package and start MariaDB server as follows.
$ sudo yum install mariadb-server
$ sudo systemctl start mariadb
$ sudo systemctl enable mariadb
On CentOS 6:
Install MySQL server/client package, and start MySQL server as follows.
$ sudo yum install mysql-server
$ sudo service mysqld start
$ sudo chkconfig mysqld on
After launching MariaDB/MySQL server successfully, execute the following add-on script that comes with MariaDB/MySQL server package. This one-time run conducts several security hardening steps for the database server, such as setting the (non-empty) root password, removing anonymous user, and locking down remote access.
$ sudo mysql_secure_installation
![](https://farm8.staticflickr.com/7545/15644566071_8c39875512_z.jpg)
That's it for the database setup. Now move to the next step.
### Step Three: PHP ###
PHP is an important component of the LEMP stack, which is responsible for generating dynamic content from data stored in a MariaDB/MySQL server. For the LEMP stack, you need, at a minimum, to install PHP-FPM and PHP-MySQL. PHP-FPM (FastCGI Process Manager) implements an interface between nginx and PHP applications which generate dynamic content. The PHP-MySQL module allows PHP programs to access MariaDB/MySQL.
#### Install PHP Modules ####
On CentOS 7:
$ sudo yum php php-fpm php-mysql
On CentOS 6:
First you need to install REMI repository (refer to [this guide][2]), and install the packages from the repository.
$ sudo yum --enablerepo=remi install php php-fpm php-mysql
![](https://farm4.staticflickr.com/3934/15644566121_60cbaab8b7_z.jpg)
Two observations worth noting while installing PHP:
On CentOS 6, MySQL server and client packages will automatically be upgraded as part of dependencies of the latest php-mysql in REMI.
On both CentOS 6 and 7, installing the php package will also install Apache web server (i.e., httpd) as part of its dependencies. This can cause conflicts with nginx web server. We will take care of this problem in the next section.
Depending on your use cases, you may want to install any of the following additional PHP module packages with yum command to customize your PHP engine.
- **php-cli**: command-line interface for PHP. Useful for testing PHP from the command line.
- **php-gd**: image processing support for PHP.
- **php-bcmath**: arbitrary mathematics support for PHP.
- **php-mcrypt**: encryption algorithm support for PHP (e.g., DES, Blowfish, CBC, CFB, ECB ciphers).
- **php-xml**: XML parsing and manipulation support for PHP.
- **php-dba**: database abstraction layer support for PHP.
- **php-pecl-apc**: PHP accelerator/caching support.
To see a complete list of available PHP modules to install, run:
$ sudo yum search php- (CentOS 7)
$ sudo yum --enablerepo=remi search php- (CentOS 6)
#### Start PHP-FPM ####
You will need to start PHP-FPM, and add it to auto-start list.
On CentOS 7:
$ sudo systemctl start php-fpm
$ sudo systemctl enable php-fpm
On CentOS 6:
$ sudo chkconfig php-fpm on
$ sudo service php-fpm start
### Step Four: Configure the LEMP Stack ###
The final step of the tutorial is tuning the LEMP stack configuration.
#### Disable Httpd ####
Let's first disable httpd which was installed along with the PHP package earlier.
On CentOS 7:
$ sudo systemctl disable httpd
On CentOS 6:
$ sudo chkconfig httpd off
#### Configure Nginx ####
Next, let's configure nginx virtual hosts, so that nginx can process PHP via PHP-FPM. For that, open /etc/nginx/conf.d/default.conf with a text editor, and change it to the following.
$ sudo vi /etc/nginx/conf.d/default.conf
----------
server {
listen 80;
server_name www.server_domain.com;
root /usr/share/nginx/html;
index index.php index.html index.htm;
location / {
}
# redirect server error pages to the static page /50x.html
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
# nginx passes PHP scripts to FastCGI server via a TCP/9000 socket
# this setting much be consistent with /etc/php-fpm.d/www.conf
# try_files prevents nginx from passing bad scripts to FastCGI server
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
Also, let's adjust the number of nginx worker threads (specified in /etc/nginx/nginx.conf), which is set to one by default. Typically, we create as many worker threads as the number of CPU cores you have. To check how many CPU core you have, run this command:
$ grep processor /proc/cpuinfo | wc -l
If you have 4 cores, change /etc/nginx/nginx.conf as follows.
$ sudo vi /etc/nginx/nginx.conf
----------
worker_processes 4;
#### Configure PHP ####
Next, let's customize PHP configuration in /etc/php.ini file. More specifically, add the following lines in /etc/php.ini.
cgi.fix_pathinfo=0
date.timezone = "America/New York"
As a security precaution, we want the PHP interpreter to process only an exact file path, instead of guessing any non-existing file. The first line above achieves this goal.
The second line specifies the default timezone used by date/time related PHP functions. Use [this guide][3] to find out your timezone, and set the value of **date.timezone** accordingly.
#### Test PHP ####
Finally, let's check if nginx can process a PHP page. Before testing, make sure to restart nginx and PHP-FPM.
On CentOS 7:
$ sudo systemctl restart nginx
$ sudo systemctl restart php-fpm
On CentOS 6:
$ sudo service nginx restart
$ sudo service php-fpm restart
Create a PHP file named test.php with the following content, and place it in /var/www/html/
<?php phpinfo(); ?>
Open a web browser, and go to http://<nginx-ip-address>/test.php.
![](https://farm6.staticflickr.com/5608/15647258715_9d7bcd8c73_z.jpg)
If you see the above page, you are all set with the LEMP stack!
--------------------------------------------------------------------------------
via: http://xmodulo.com/install-lemp-stack-centos.html
作者:[Dan Nanni][a]
译者:[runningwater](https://github.com/runningwater)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[a]:http://xmodulo.com/author/nanni
[1]:http://ask.xmodulo.com/open-port-firewall-centos-rhel.html
[2]:http://ask.xmodulo.com/install-remi-repository-centos-rhel.html
[3]:http://ask.xmodulo.com/set-default-timezone-php.html

155
sources/tech/20141115 How to perform system backup with backup-manager on Linux.md
View File

@ -1,155 +0,0 @@
How to perform system backup with backup-manager on Linux
================================================================================
One thing that we all may have had the chance to learn in either easy or hard ways is that the importance of backups can never be underestimated. Considering that there are as many backup methods as the number of fish in the sea, you may wonder how you can effectively choose the right tool and strategy for your system.
In this article I will introduce you to [backup-manager][1], a simple yet handy command-line backup tool which is available in the standard repositories of most Linux distributions.
What makes backup-manager stand out among other backup tools or strategies? Let me mention just a few of its distinguishing features:
- **Simple design and management**: configuration file is easy to read and edit, even for beginners.
- **Set and forget**: can be scheduled to run through cron on a periodic basis.
- **Multi-protocol support for remote backup**: integrates seamlessly with various transfer protocols, applications and cloud backend (e.g., FTP, SCP, SSH-GPG, rsync, AWS S3) to transfer generated archives to a list of remote hosts.
- **Database backup support**: includes out-of-the-box support for backing up MySQL/MariaDB and PostgreSQL databases.
- **Encryption support**: supports GPG-based file encryption during backup.
### Installing Backup-Manager on Linux ###
Installation of backup-manager is quick and effortless since it is included in the base repositories of most Linux distributions.
#### Debian, Ubuntu and their derivatives ####
# aptitude install backup-manager
During the installation process on Debian-based systems, you will be prompted to enter the directory where you want to store generated backup archives. If the chosen directory does not exist, it will be created automatically when you run backup-manager for the first time.
Select OK and press ENTER.
![](https://farm6.staticflickr.com/5614/15600105060_8cf4491e3b_z.jpg)
In the next step, you will be asked to enter all the directories (separated by space) that you want to be backed up. It is advised, though not strictly required, to list several sub-directories of the same parent directory instead of entering only the parent directory.
You can skip this step and configure the list of directories later using the variable BM_TARBALL_DIRECTORIES in the configuration file. Otherwise, feel free to add as many directories as you wish, and then choose OK:
![](https://farm6.staticflickr.com/5610/15761238616_c9651fea1c_z.jpg)
#### Fedora or CentOS/RHEL ####
# yum install backup-manager
On CentOS/RHEL, you will need to enable [EPEL repository][2] first before running the above yum command.
### Configuring Backup-Manager ###
The main configuration file for backup-manager is /etc/backup-manager.conf. This file is divided into sections where the backup methods and their associated variables (or "keys") are defined, making backup-manager a versatile tool that can be used in a wide variety of cases.
For demonstration purposes, we will consider the following scenario:
- Perform a full system backup of the /etc, /home, and /var/log directories on a weekly basis (we will set up the frequency later through cron).
- Transfer generated .tar.gz backup archives to a specific target directory in two different hosts, dev1 and dev3, over SSH.
- Back up a local MySQL database to the same destination hosts over SSH.
Open /etc/backup-manager.conf with your favorite text editor and edit the following variables. Feel free to disregard the lines beginning with # if you want. They are provided only as explanatory comments in this article:
# Specify the backup method(s) that will be used.
# tarball: takes a list of directories and builds the corresponding tarballs.
# mysql: archives MySQL databases using mysqldump. To restore the database, you # need to use the same tool manually.
export BM_ARCHIVE_METHOD="tarball mysql"
# Where to store the backups.
export BM_REPOSITORY_ROOT="/var/archives"
# The following directive indicates backup-manager to name
# the generated files after the directory that was backed up.
export BM_TARBALL_NAMEFORMAT="long"
# Define the compression type for the generated files.
export BM_TARBALL_FILETYPE="tar.gz"
# List the directories that you want to backup.
export BM_TARBALL_DIRECTORIES="/etc /home /var/log"
# Exclude some subdirectories or file extensions.
export BM_TARBALL_BLACKLIST="/var/log/myotherapp.log *.mp3 *.mp4"
# List the database(s) that you want to backup, separated by spaces.
export BM_MYSQL_DATABASES="mysql mybase wordpress dotclear phpbb2"
# MySQL username.
export BM_MYSQL_ADMINLOGIN="root"
# MySQL password for username.
export BM_MYSQL_ADMINPASS="mypassword"
# Add support for DROP statements (optional).
export BM_MYSQL_SAFEDUMPS="true"
# The hostname or IP address where the database(s) reside.
export BM_MYSQL_HOST="localhost"
# Port where MySQL server is listening.
export BM_MYSQL_PORT="3306"
# Compression type (optional).
export BM_MYSQL_FILETYPE="gzip"
# Do not archive remote hosts, but only localhost.
BM_TARBALL_OVER_SSH="false"
# User account for SSH upload.
export BM_UPLOAD_SSH_USER="root"
# Absolute path of the user's private key for passwordless SSH login.
export BM_UPLOAD_SSH_KEY="/root/.ssh/id_rsa"
# Remote hosts (make sure you have exported your public key to them):
export BM_UPLOAD_SSH_HOSTS="dev1 dev3"
# Remote destination for uploading backups. If it doesn't exist,
# this directory will be created automatically the first time
# backup-manager runs.
export BM_UPLOAD_SSH_DESTINATION="/var/archives/backups/$HOSTNAME"
### Running Backup-Manager ###
To run backup-manager manually, type the following command. Optionally, you can add the '-v' flag in order to examine the process step by step, in a verbose way.
# backup-manager
The directories listed in BM_TARBALL_DIRECTORIES will be backed up in BM_REPOSITORY_ROOT as tarballs, and then transferred over SSH to hosts dev1 and dev3 specified in BM_UPLOAD_SSH_DESTINATION.
![](https://farm8.staticflickr.com/7497/15761238646_945620d8b7_z.jpg)
As can be seen in the above image, backup-manager during runtime creates a file named /root/.backup-manager_my.cnf with the MySQL password provided in BM_MYSQL_ ADMINPASS. That way, mysqldump can authenticate to a MySQL server without having to accept login password through the command line in plain-text format, which poses a security risk.
### Running Backup-Manager through Cron ###
Once you have decided what is the best day of the week (and the best time) to perform your weekly backup, you can have cron run backup-manager for you.
Open root's crontab file (note that you must be logged on as root):
# crontab -e
Assuming that you want to run backup-manager on Sunday at 5:15 am, add the following line.
15 05 * * 0 /usr/sbin/backup-manager > /dev/null 2>&1
### Summary ###
In this article we have shown how backup-manager is a simple, yet powerful and easy-to-use backup tool. There are several other options that you may want to consider in your backup strategy, so feel free to refer to the man page or to the user guide, which also contains several implementation examples and advice.
Hope it helps. Feel free to leave your questions and comments below.
--------------------------------------------------------------------------------
via: http://xmodulo.com/linux-backup-manager.html
作者:[Gabriel Cánepa][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[a]:http://xmodulo.com/author/gabriel
[1]:https://github.com/sukria/Backup-Manager
[2]:http://xmodulo.com/how-to-set-up-epel-repository-on-centos.html

214
sources/tech/20141115 What are some obscure but useful Vim commands.md
View File

@ -1,214 +0,0 @@
wangjiezhe translating...
What are some obscure but useful Vim commands
================================================================================
If my [latest post on the topic][1] did not tip you off, I am a Vim fan. So before some of you start stoning me, let me present you a list of "obscure Vim commands." What I mean by that is: a collection of commands that you might have not encountered before, but that might be useful to you. As a second disclaimer, I do not know which commands you might know and which one you find useful. So this list really is a collection of relatively less known Vim commands, but which can still probably be useful.
### Saving a file and exiting ###
I am a bit ashamed of myself for that one, but I only recently learned that the command
:x
is equivalent to:
:wq
which is saving and quitting the current file.
### Basic calculator ###
While in insert mode, you can press Ctrl+r then type '=' followed by a simple calculation. Press ENTER, and the result will be inserted in the document. For example, try:
Ctrl+r '=2+2' ENTER
![](https://farm8.staticflickr.com/7486/15543918097_fbcf33ee6b.jpg)
And 4 will be inserted in the document.
### Finding duplicate consecutive words ###
When you type something quickly, it happens that you write a word twice in a row. Just like this this. This kind of error can fool anyone, even when re-reading yourself. Hopefully, there is a simple regular expression to prevent this. Use the search ('/' by default) and type:
\(\<\w\+\>\)\_s*\1
This should display all the duplicate words. And for maximum effect, don't forget to place:
set hlsearch
in your .vimrc file to highlight all search hits.
![](https://farm8.staticflickr.com/7531/15730650082_c2764857e2.jpg)
### Abbreviations ###
Probably one of the most impressive tricks, you can define abbreviations in Vim, which will replace what you type with somethig else in real time. The syntax is the following:
:ab [abbreviation] [what to replace it with]
The generic example is:
:ab asap as soon as possible
Which will replace "asap" with "as soon as possible" as you write.
### Save a file that you forgot to open as root ###
This is maybe an all time favorite in the forums. Whenever you open a file that you do not have permission to write to (say a system configuration file for example) and make some changes, Vim will not save them with the normal command: ':w'
Instead of redoing the changes after opening it again as root, simply run:
:w !sudo tee %
Which will save it as root directly.
### Crypt your text on the go ###
If you do not want someone to be able to read whatever is on your screen, Vim has the built in option to [ROT13][2]-encode your text with the following command:
ggVGg?
![](https://farm8.staticflickr.com/7487/15727174681_7773a97ea2.jpg)
'gg' for moving the cursor to the first line of the Vim buffer, 'V' for entering visual mode, and 'G' for moving the cursor to the last line of the buffer. So 'ggVG' will make the visual mode cover the entire buffer. Finally 'g?' applies ROT13 encoding to the selected region.
Notice that this should be mapped to a key for maximum efficiency. It also works best with alphabetical characters. And to undo it, the best is simply to use the undo command: 'u'
### Auto-completion ###
Another one to be ashamed of, but I see a lot of people around me not knowing it. Vim has by default an auto-completion features. Yes it is very basic, and can be enhanced by plugins, but it can still help you. The process is simple. Vim can try to guess the end of your word based on the word you wrote earlier. If you are typing the word "compiler" for the second time in the same file for example, just start typing "com" and still in insertion mode, press Ctrl+n to see Vim finish your word for you. Simple but handy.
### Look at the diff between two files ###
Probably a lot of you know about vimdiff command, which allows you to open Vim in split mode and compare two files with the syntax:
$ vimdiff [file1] [file2]
But the same result is achievable with the Vim command:
:diffthis
First open your initial file in Vim. Then open the second one in split mode with:
:vsp [file2]
Finally launch:
:diffthis
in the first buffer, switch buffer with Ctrl+w and type:
:diffthis
again.
The two files will then be highlighted with focus on their differences.
To turn the diff off, simply use:
:diffoff
### Revert the document in time ###
Vim keeps track of the changes you make to a file, and can easily revert it to what it was earlier in time. The command is quite intuitive. For example:
:earlier 1m
will revert the document to what it was a minute ago.
Note that you can inverse this with the command:
:later
### Delete inside markers ###
Something that I always wanted to be comfortable doing when I started using Vim: easily delete text between brackets or parenthesis. Go to the first marker and simply use the syntax:
di[marker]
So for example, deleting between parenthesis would be:
di(
once your cursor is on the first parenthesis. For brackets or quotation marks, it would be:
di{
and:
di"
### Delete until a specific maker ###
A bit similar to deleting inside a marker but for different purpose, the command:
dt[marker]
will delete everything in between your cursor and the marker (leaving it safe) if the marker is found on the same line. For example:
dt.
will delete the end of your sentence, leaving the '.' intact.
### Turn Vim into a hex editor ###
This is not my favorite trick, but some might find it interesting. You can chain Vim and the xxd utility to convert the text into hexadecimal with the command:
:%!xxd
![](https://farm6.staticflickr.com/5607/15109142674_e99466f2db_z.jpg)
And similarly, you can revert this with:
:%!xxd -r
### Place the text under your cursor in the middle of the screen ###
Everything is in the title. If you want to force the screen to scroll and place whatever is under your cursor in the middle, use the command:
zz
in visual mode.
### Jump to previous/next position ###
When editing a very big file, it is frequent to make changes somewhere, and jump to another place right after. If you wish to jump back simply, use:
Ctrl+o
to go back to where you were.
And similarly:
Ctrl+i
will revert such jump back.
### Render the current file as a web page ###
This will generate an HTML page displaying your text, and show the code in a split screen:
:%Tohtml
![](https://farm8.staticflickr.com/7550/15727174701_c405f85a84_z.jpg)
Very basic but so fancy.
To conclude, this list was assembled after reading some various forum threads and the [Vim Tips wiki][3], which I really recommend if you want to boost your knowledge about the editor.
If you know any Vim command that you find useful and that you think most people do not know about, feel free to share it in the comments. As said in the introduction, an "obscure but useful" command is very subjective, but sharing is always good.
--------------------------------------------------------------------------------
via: http://xmodulo.com/useful-vim-commands.html
作者:[Adrien Brochard][a]
译者:[wangjiezhe](https://github.com/wangjiezhe)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[a]:http://xmodulo.com/author/adrien
[1]:http://xmodulo.com/turn-vim-full-fledged-ide.html
[2]:https://en.wikipedia.org/wiki/ROT13
[3]:http://vim.wikia.com/wiki/Vim_Tips_Wiki

199
sources/tech/20141117 Restricting process CPU usage using nice cpulimit and cgroups.md Normal file
View File

@ -0,0 +1,199 @@
Restricting process CPU usage using nice, cpulimit, and cgroups
================================================================================
注:本文中的图片似乎都需要翻墙后才能看到,发布的时候注意
![](https://dl.dropboxusercontent.com/u/468982/blog/cpu_usage_blog/juggle.jpg)
The Linux kernel is an incredible circus performer, carefully juggling many processes and their resource needs to keep your server humming along. The kernel is also all about equity: when there is competition for resources, the kernel tries to distribute those resources fairly.
However, what if you've got an important process that needs priority? What about a low-priority process? Or what about limiting resources for a group of a processes?
**The kernel can't determine what CPU processes are important without your help. **
Most processes are started at the same priority level and the Linux kernel schedules time for each task evenly on the processor. Have a CPU intensive process that can be run at a lower priority? Then you need to tell the scheduler about it!
There are at least three ways in which you can control how much CPU time a process gets:
- Use the nice command to manually lower the task's priority.
- Use the cpulimit command to repeatedly pause the process so that it doesnt exceed a certain limit.
- Use Linuxs built-in **control groups**, a mechanism which tells the scheduler to limit the amount of resources available to the process.
Let's look at how these work and the pros and cons of each.
### Simulating high CPU usage ###
Before looking at these three techniques, we need to find a tool that will simulate high CPU usage on a system. We will be using CentOS as our base system, and to artificially load the processor we can use the prime number generator from the [Mathomatic toolkit][1].
There isnt a prebuilt package for CentOS so you will need to build it yourself. Download the source code from http://mathomatic.orgserve.de/mathomatic-16.0.5.tar.bz2 and then unpack the archive file. Change directory into **mathomatic-16.0.5/primes**. Run **make** and **sudo make install** to build and install the binaries. You will now have the **matho-primes** binary in **/usr/local/bin**.
Run the command like this:
/usr/local/bin/matho-primes 0 9999999999 > /dev/null &
This will generate a list of prime numbers from zero to nine billion nine hundred ninety-nine million nine hundred ninety-nine thousand nine hundred ninety-nine. Since we dont really want to keep the list, the output is redirected to /dev/null.
Now run top and you will see that the matho-primes process is using all the available CPU.
![](https://dl.dropboxusercontent.com/u/468982/blog/cpu_usage_blog/image00.jpg)
Exit top (press the q key) and kill the matho-primes process (fg to bring the process to the foreground and press CTRL+C).
### nice ###
The nice command tweaks the priority level of a process so that it runs less frequently. **This is useful when you need to run a CPU intensive task as a background or batch job**. The niceness level ranges from -20 (most favorable scheduling) to 19 (least favorable). Processes on Linux are started with a niceness of 0 by default. The nice command (without any additional parameters) will start a process with a niceness of 10. At that level the scheduler will see it as a lower priority task and give it less CPU resources.
Start two **matho-primes** tasks, one with nice and one without:
nice matho-primes 0 9999999999 > /dev/null &
matho-primes 0 9999999999 > /dev/null &
Now run top.
![](https://dl.dropboxusercontent.com/u/468982/blog/cpu_usage_blog/image05.jpg)
Observe that the process started without nice (at niceness level 0) gets more processor time, whereas the process with a niceness level of 10 gets less.
What this means in real terms is that if you want to run a CPU intensive task you can start it using nice and the scheduler will always ensure that other tasks have priority over it. This means that the server (or desktop) will remain responsive even when under heavy load.
Nice has an associated command called renice. It changes the niceness level of an already running process. To use it, find out the PID of process hogging all the CPU time (using ps) and then run renice:
renice +10 1234
Where 1234 is the PID.
Dont forget to kill the **matho-primes** processes once you have finished experimenting with the **nice** and **renice** commands.
### cpulimit ###
The **cpulimit** tool curbs the CPU usage of a process by pausing the process at different intervals to keep it under the defined ceiling. It does this by sending SIGSTOP and SIGCONT signals to the process. It does not change the **nice** value of the process, instead it monitors and controls the real-world CPU usage.
cpulimit **is useful when you want to ensure that a process doesn't use more than a certain portion of the CPU**. The disadvantage over nice is that the process can't use all of the available CPU time when the system is idle.
To install it on CentOS type:
wget -O cpulimit.zip https://github.com/opsengine/cpulimit/archive/master.zip
unzip cpulimit.zip
cd cpulimit-master
make
sudo cp src/cpulimit /usr/bin
The commands above will download the source code from GitHub, unpack the archive file, build the binary, and copy it to /usr/bin.
cpulimit is used in a similar way to nice, however you need to explicitly define the maximum CPU limit for the process using the -l parameter. For example:
cpulimit -l 50 matho-primes 0 9999999999 > /dev/null &
![](https://dl.dropboxusercontent.com/u/468982/blog/cpu_usage_blog/image03.jpg)
Note how the matho-primes process is now only using 50% of the available CPU time. On my example system the rest of the time is spent in idle.
You can also limit a currently running process by specifying its PID using the -p parameter. For example
cpulimit -l 50 -p 1234
Where 1234 is the PID of the process.
### cgroups ###
Control groups (cgroups) are a Linux kernel feature that allows you to specify how the kernel should allocate specific resources to a group of processes. With cgroups you can specify how much CPU time, system memory, network bandwidth, or combinations of these resources can be used by the processes residing in a certain group.
**The advantage of control groups over** nice **or** cpulimit **is that the limits are applied to a set of processes, rather than to just one**. Also, nice or cpulimit only limit the CPU usage of a process, whereas cgroups can limit other process resources.
By judiciously using cgroups the resources of entire subsystems of a server can be controlled. For example in CoreOS, the minimal Linux distribution designed for massive server deployments, the upgrade processes are controlled by a cgroup. This means the downloading and installing of system updates doesnt affect system performance.
To demonstrate cgroups, we will create two groups with different CPU resources allocated to each group. The groups will be called cpulimited and lesscpulimited.
The groups are created with the cgcreate command like this:
sudo cgcreate -g cpu:/cpulimited
sudo cgcreate -g cpu:/lesscpulimited
The “-g cpu” part of the command tell cgroups that the groups can place limits on the amount of CPU resources given to the processes in the group. Other contollers include cpuset, memory, and blkio. The cpuset controller is related to the cpu controller in that it allows the processes in a group to be bound to a specific CPU, or set of cores in a CPU.
The cpu controller has a property known as cpu.shares. It is used by the kernel to determine the share of CPU resources available to each process across the cgroups. The default value is 1024. By leaving one group (lesscpulimited) at the default of 1024 and setting the other (cpulimited) to 512, we are telling the kernel to split the CPU resources using a 2:1 ratio.
To set the cpu.shares to 512 in the cpulimited group, type:
sudo cgset -r cpu.shares=512 cpulimited
To start a task in a particular cgroup you can use the cgexec command. To test the two cgroups, start matho-primes in the cpulimited group, like this:
sudo cgexec -g cpu:cpulimited /usr/local/bin/matho-primes 0 9999999999 > /dev/null &
If you run top you will see that the process is taking all of the available CPU time.
![](https://dl.dropboxusercontent.com/u/468982/blog/cpu_usage_blog/image01.jpg)
This is because when a single process is running, it uses as much CPU as necessary, regardless of which cgroup it is placed in. The CPU limitation only comes into effect when two or more processes compete for CPU resources.
Now start a second matho-primes process, this time in the lesscpulimited group:
sudo cgexec -g cpu:lesscpulimited /usr/local/bin/matho-primes 0 9999999999 > /dev/null &
The top command shows us that the process in the cgroup with the greater cpu.shares value is getting more CPU time.
![](https://dl.dropboxusercontent.com/u/468982/blog/cpu_usage_blog/image02.jpg)
Now start another matho-primes process in the cpulimited group:
sudo cgexec -g cpu:cpulimited /usr/local/bin/matho-primes 0 9999999999 > /dev/null &
![](https://dl.dropboxusercontent.com/u/468982/blog/cpu_usage_blog/image04.jpg)
Observe how the CPU is still being proportioned in a 2:1 ratio. Now the two matho-primes tasks in the cpulimited group are sharing the CPU equally, while the process in the other group still gets more processor time.
You can [read the full control groups documentation from Red Hat][2] (which applies equally to CentOS 7).
### Monitoring process CPU usage with Scout ###
What's the easiest way to monitor process CPU usage? [Scout][3] automatically tracks track process CPU + memory usage when our monitoring agent is installed on your servers.
### Monitoring process CPU usage with Scout ###
What's the easiest way to monitor process CPU usage? Scout automatically tracks track process CPU + memory usage when our monitoring agent is installed on your servers.
![](https://dl.dropboxusercontent.com/u/468982/blog/server_view/processes.png)
You can then create triggers to alert you when processes exceed specific CPU + memory usage thresholds.
[Signup for a free trial of Scout][4] to try process CPU monitoring.
### TL;DR ###
![](https://dl.dropboxusercontent.com/u/468982/blog/cpu_usage_blog/overview.png)
The finite resources of any server or desktop are a valuable commodity. The tools described above help you manage those resources, especially the CPU resource:
- **nice** is a great tool for 'one off' tweaks to a system.
- **cpulimit** is useful when you need to run a CPU intensive job and having free CPU time is essential for the responsiveness of a system.
- **cgroups** are the Swiss army knife of process limiting and offer the greatest flexibility.
--------------------------------------------------------------------------------
via: http://blog.scoutapp.com/articles/2014/11/04/restricting-process-cpu-usage-using-nice-cpulimit-and-cgroups
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[1]:http://www.mathomatic.org/
[2]:https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Resource_Management_and_Linux_Containers_Guide/chap-Introduction_to_Control_Groups.html
[3]:https://scoutapp.com/
[4]:https://scoutapp.com/
[5]:
[6]:
[7]:
[8]:
[9]:
[10]:
[11]:
[12]:
[13]:
[14]:
[15]:
[16]:
[17]:
[18]:
[19]:
[20]:

179
sources/tech/20141118 Linux FAQs with Answers--How to install phpMyAdmin on CentOS.md Normal file
View File

@ -0,0 +1,179 @@
Linux FAQs with Answers--How to install phpMyAdmin on CentOS
================================================================================
> **Question**: I am running a MySQL/MariaDB server on CentOS, and I would like to manage its databases via web-based interface using phpMyAdmin. What is a proper way to install phpMyAdmin on CentOS?
phpMyAdmin is an open-source PHP application designed as a web-based MySQL/MariaDB database administration tool. While there exist lightweight database management tools such as [Adminer][1], phpMyAdmin is more popularly used among webmasters to conduct various MySQL/MariaDB administration tasks. It supports pretty much all MySQL database/table related operations such as browse, create, copy, drop, rename, alter, as well as MySQL user/privilege management, and database import/export. Here is **how to install phpMyAdmin on CentOS 6 or 7**.
### Prerequisites ###
To install phpMyAdmin on CentOS, you first need to set up a web server (e.g., Apache or nginx), MySQL/MariaDB and PHP. Depending on your preference or requirement, you can choose to install either [LAMP stack][2] or [LEMP stack][3].
Another requirement is to enable EPEL repository on your CentOS. Follow [this guide][4] to set up EPEL repository if you haven't done so.
### Install phpMyAdmin on CentOS 6 or 7 ###
Once you set up EPEL repository, you can install phpMyAdmin easily with yum command as follows.
On CentOS 7:
$ sudo yum install phpmyadmin
On CentOS 6:
$ sudo yum install phpmyadmin php-mcrypt
### Configure phpMyAdmin on CentOS 7 ###
By default, phpMyAdmin on CentOS 7 allows access only from loopback address (127.0.0.1). To enable remote access, you will need to update its configuration.
Open phpMyAdmin's configuration (/etc/httpd/conf.d/phpMyAdmin.conf) with a text editor. Find and comment out every line that says "Require ip XXXX". There will be four such lines. Add "Require all granted" instead. The updated configuration file will look like the following.
$ sudo vi /etc/httpd/conf.d/phpMyAdmin.conf
----------
. . . . .
<Directory /usr/share/phpMyAdmin/>
AddDefaultCharset UTF-8
<IfModule mod_authz_core.c>
# Apache 2.4
<RequireAny>
#Require ip 127.0.0.1
#Require ip ::1
Require all granted
</RequireAny>
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order Deny,Allow
Deny from All
Allow from 127.0.0.1
Allow from ::1
</IfModule>
</Directory>
<Directory /usr/share/phpMyAdmin/setup/>
<IfModule mod_authz_core.c>
# Apache 2.4
<RequireAny>
#Require ip 127.0.0.1
#Require ip ::1
Require all granted
</RequireAny>
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order Deny,Allow
Deny from All
Allow from 127.0.0.1
Allow from ::1
</IfModule>
</Directory>
. . . . .
Finally, restart httpd to activate the change.
$ sudo systemctl restart httpd
### Configure phpMyAdmin on CentOS 6 ###
By default, phpMyAdmin on CentOS 6 blocks access from every IP address. To enable remote access, you will need to update its configuration.
Open phpMyAdmin's configuration (/etc/httpd/conf.d/phpmyadmin.conf) with a text editor. Find a line that says "Deny from all", and comment it out. Then change the line that says "Allow from 127.0.0.1" to "Allow from 0.0.0.0". The updated configuration will look like the following.
$ sudo vi /etc/httpd/conf.d/phpmyadmin.conf
----------
<Directory "/usr/share/phpmyadmin">
Order Deny,Allow
# Deny from all
Allow from 0.0.0.0
</Directory>
The next step is to add a blowfish password to the phpMyAdmin's configuration. This step is needed to encrypt password in cookie as part of cookie-based authentication.
Open the following file with a text editor, and set a random blowfish password as follows.
$ sudo vi /usr/share/phpmyadmin/config.inc.php
----------
$cfg['blowfish_secret'] = 'kd5G}d33aXDc50!'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */
Finally, restart httpd to activate the change.
$ sudo service httpd restart
### Test phpMyAdmin ###
To test if phpMyAdmin is successfully set up, go to http://<web-server-ip-addresss>/phpmyadmin
![](https://farm6.staticflickr.com/5606/15550758749_0f7ab66b5b_z.jpg)
You should be able to log with any MySQL user (e.g., root), and manage MySQL/MariaDB databases/tables via a web-based interface.
![](https://farm8.staticflickr.com/7505/15551187008_86ac7e7db1_z.jpg)
### Troubleshooting ###
Here are a few troubleshooting tips during phpMyAdmin installation on CentOS.
1. When you are trying to access phpMyAdmin page in web browser, you are getting "403 Forbidding" error with:
You don't have permission to access /phpMyAdmin on this server.
This error is happening because the default setting of phpMyAdmin blocks access from a remote IP address. To fix this error, you need to edit its configuration to allow remote access. See the above for more detail.
2. When you access phpMyAdmin page, you are seeing "The configuration file now needs a secret passphrase (blowfish_secret)." message, and you cannot login.
To fix this error, you need to edit /usr/share/phpmyadmin/config.inc.php to add a random blowfish password as follows, and restart httpd.
$cfg['blowfish_secret'] = 'kd5G}d33aXDc50!'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */
----------
$ sudo service httpd restart (CentOS 6)
$ sudo systemctl restart httpd (CentOS 7)
3. When you access phpMyAdmin page, you are getting "Cannot load mcrypt extension. Please check your PHP configuration" error message.
To solve this error, install the following package:
$ sudo yum install php-mcrypt
and restart httpd:
$ sudo service httpd restart (CentOS 6)
$ sudo systemctl restart httpd (CentOS 7)
--------------------------------------------------------------------------------
via: http://ask.xmodulo.com/install-phpmyadmin-centos.html
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[1]:http://xmodulo.com/set-web-based-database-management-system-adminer.html
[2]:http://xmodulo.com/install-lamp-stack-centos.html
[3]:http://xmodulo.com/install-lemp-stack-centos.html
[4]:http://xmodulo.com/how-to-set-up-epel-repository-on-centos.html
[5]:
[6]:
[7]:
[8]:
[9]:
[10]:
[11]:
[12]:
[13]:
[14]:
[15]:
[16]:
[17]:
[18]:
[19]:
[20]:

238
sources/tech/20141119 10 SCP Commands to Transfer Files or Folders in Linux.md Normal file
View File

@ -0,0 +1,238 @@
10 SCP Commands to Transfer Files/Folders in Linux
================================================================================
Linux administrator should be familiar with **CLI** environment. Since **GUI** mode in Linux servers is not a common to be installed. **SSH** may the most popular protocol to enable Linux administrator to manage the servers via remote in secure way. Built-in with **SSH** command there is **SCP** command. **SCP** is used to copy file(s) between servers in secure way.
![](http://www.tecmint.com/wp-content/uploads/2013/10/SCP-Commands.png)
The below command will read as “**copy source_file_name**” into “**destination_folder**” at “**destination_host**” using “**username account**”.
#### Basic syntax of SCP ####
scp source_file_name username@destination_host:destination_folder
There are much parameters in **SCP** command that you can use. Here are the parameters that may useful on daily basis usage.
### Provide the detail information of SCP process using -v parameter ###
Basic **SCP** command without parameter will copy the files in background. User will see nothing unless the process is done or some error appears. You can use “**-v**” parameter to print debug information into the screen. It can help you debugging connection, authentication and configuration problems.
pungki@mint ~/Documents $ scp -v Label.pdf mrarianto@202.x.x.x:.
#### Sample Output ####
Executing: program /usr/bin/ssh host 202.x.x.x, user mrarianto, command scp -v -t .
OpenSSH_6.0p1 Debian-3, OpenSSL 1.0.1c 10 May 2012
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 202.x.x.x [202.x.x.x] port 22.
debug1: Connection established.
debug1: Host '202.x.x.x' is known and matches the RSA host key.
debug1: Found key in /home/pungki/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: Next authentication method: password
mrarianto@202.x.x.x's password:
debug1: Authentication succeeded (password).
Authenticated to 202.x.x.x ([202.x.x.x]:22).
Sending file modes: C0770 3760348 Label.pdf
Sink: C0770 3760348 Label.pdf
Label.pdf 100% 3672KB 136.0KB/s 00:27
Transferred: sent 3766304, received 3000 bytes, in 65.2 seconds
Bytes per second: sent 57766.4, received 46.0
debug1: Exit status 0
### Provide modification times, access times, and modes from original files ###
The “**-p**” parameter will help you on this. An estimated time and the connection speed will appear on the screen.
pungki@mint ~/Documents $ scp -p Label.pdf mrarianto@202.x.x.x:.
#### Sample Output ####
mrarianto@202.x.x.x's password:
Label.pdf 100% 3672KB 126.6KB/s 00:29
### Make file transfer faster using -C parameter ###
One of parameter that can faster your file transfer is “**-C**” parameter. The “**-C**” parameter will compress your files on the go. The unique thing is the compression is only happen in the network. When the file is arrived to the destination server, it will returning into the original size as before the compression happen.
Take a look of these commands. It is using a single file of **93 Mb**.
pungki@mint ~/Documents $ scp -pv messages.log mrarianto@202.x.x.x:.
#### Sample Output ####
Executing: program /usr/bin/ssh host 202.x.x.x, user mrarianto, command scp -v -p -t .
OpenSSH_6.0p1 Debian-3, OpenSSL 1.0.1c 10 May 2012
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 202.x.x.x [202.x.x.x] port 22.
debug1: Connection established.
debug1: identity file /home/pungki/.ssh/id_rsa type -1
debug1: Found key in /home/pungki/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: Trying private key: /home/pungki/.ssh/id_rsa
debug1: Next authentication method: password
mrarianto@202.x.x.x's password:
debug1: Authentication succeeded (password).
Authenticated to 202.x.x.x ([202.x.x.x]:22).
debug1: Sending command: scp -v -p -t .
File mtime 1323853868 atime 1380425711
Sending file timestamps: T1323853868 0 1380425711 0
messages.log 100% 93MB 58.6KB/s 27:05
Transferred: sent 97614832, received 25976 bytes, in 1661.3 seconds
Bytes per second: sent 58758.4, received 15.6
debug1: Exit status 0
Copying file without “**-C**” parameter will result **1661.3** second. Yo may compare the result to the command below which using “**-C**” parameter.
pungki@mint ~/Documents $ scp -Cpv messages.log mrarianto@202.x.x.x:.
#### Sample Output ####
Executing: program /usr/bin/ssh host 202.x.x.x, user mrarianto, command scp -v -p -t .
OpenSSH_6.0p1 Debian-3, OpenSSL 1.0.1c 10 May 2012
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 202.x.x.x [202.x.x.x] port 22.
debug1: Connection established.
debug1: identity file /home/pungki/.ssh/id_rsa type -1
debug1: Host '202.x.x.x' is known and matches the RSA host key.
debug1: Found key in /home/pungki/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: Next authentication method: publickey
debug1: Trying private key: /home/pungki/.ssh/id_rsa
debug1: Next authentication method: password
mrarianto@202.x.x.x's password:
debug1: Enabling compression at level 6.
debug1: Authentication succeeded (password).
Authenticated to 202.x.x.x ([202.x.x.x]:22).
debug1: channel 0: new [client-session]
debug1: Sending command: scp -v -p -t .
File mtime 1323853868 atime 1380428748
Sending file timestamps: T1323853868 0 1380428748 0
Sink: T1323853868 0 1380428748 0
Sending file modes: C0600 97517300 messages.log
messages.log 100% 93MB 602.7KB/s 02:38
Transferred: sent 8905840, received 15768 bytes, in 162.5 seconds
Bytes per second: sent 54813.9, received 97.0
debug1: Exit status 0
debug1: compress outgoing: raw data 97571111, compressed 8806191, factor 0.09
debug1: compress incoming: raw data 7885, compressed 3821, factor 0.48
As you can see, when you are using compression, transfer process is done in **162.5** second. It is **10** times faster than not using “**-C**” parameter. If you are copying a lot files across the network, “**-C**” parameter would help you to decrease the total time you need.
The thing that we should notice that compression method will not work on any files. When the source file is already compressed, you will not find any improvement there. Files such as **.zip**, **.rar**, **pictures**, and **.iso** files will not affected by “**-C**” parameter.
### Select another cipher to encrypt files ###
By default **SCP** using “**AES-128**” to encrypt files. If you want to change to another cipher to encrypt it, you can use “**-c**” parameter. Take a look of this command.
pungki@mint ~/Documents $ scp -c 3des Label.pdf mrarianto@202.x.x.x:.
mrarianto@202.x.x.x's password:
Label.pdf 100% 3672KB 282.5KB/s 00:13
Above command tell **SCP** to use **3des algorithm** to encrypt file. Please be careful that this parameter using “**-c**” not “**-C**“.
### Limiting bandwidth usage ###
Another parameter that may useful is “**-l**” parameter. The “**-l**” parameter will limit the bandwidth to use. It will be useful if you do an automation script to copy a lot of file, but you dont want the bandwidth is drained by the **SCP** process.
pungki@mint ~/Documents $ scp -l 400 Label.pdf mrarianto@202.x.x.x:.
mrarianto@202.x.x.x's password:
Label.pdf 100% 3672KB 50.3KB/s 01:13
The **400** value behind “**-l**” parameter is mean that we limit the bandwidth for **SCP** process only **50 KB/sec**. One thing to remember that bandwidth is specified in **Kilobits/sec** (**kbps**). It is mean that **8 bits** equal with **1 byte**.
While **SCP** counts in **Kilobyte/sec** (**KB/s**). So if you want to limit your bandwidth for **SCP** maximum only **50 KB/s**, you need to set it into **50 x 8 = 400**.
### Specify specific port to use with SCP ###
Usually **SCP** is using port **22** as a default port. But for security reason, you may change the port into another port. For example, we are using port **2249**. Then the command should be like this.
pungki@mint ~/Documents $ scp -P 2249 Label.pdf mrarianto@202.x.x.x:.
mrarianto@202.x.x.x's password:
Label.pdf 100% 3672KB 262.3KB/s 00:14
Make sure that it use capital “**P**” not “**p**“, since “**p**” is already used for preserved times and modes.
### Copy files inside directory recursively ###
Sometimes we need to copy directory and all **files** / **directories** inside it. It will be better if we can do it in **1** command. **SCP** support that scenario using “**-r**” parameter.
pungki@mint ~/Documents $ scp -r documents mrarianto@202.x.x.x:.
mrarianto@202.x.x.x's password:
Label.pdf 100% 3672KB 282.5KB/s 00:13
scp.txt 100% 10KB 9.8KB/s 00:00
When the copy process is done, at the destination server you will found a directory named “**documents**” with all its files. The folder “**documents**” is automatically created.
### Disable progress meter and warning / diagnostic message ###
If you choose not to see progress meter and warning / diagnostic messages from SCP, you may disable it using “**-q**” parameter. Heres the example.
pungki@mint ~/Documents $ scp -q Label.pdf mrarianto@202.x.x.x:.
mrarianto@202.x.x.x's password:
pungki@mint ~/Documents $
As you can see, after the you enter the password, there is no any information about SCP process. After the process is complete, you will be see a prompt again.
### Copy files using SCP through Proxy ###
Proxy server is usually used in office environment. Natively, SCP is not proxy configured. When your environment using proxy, you have to “tell” SCP to communicate with the proxy.
Heres the scenario. The proxy address is **10.0.96.6** and the proxy port is **8080**. The proxy also implemented user authentication. First, you need to create “**~/.ssh/config**” file. Second you put this command inside it.
ProxyCommand /usr/bin/corkscrew 10.0.96.6 8080 %h %p ~/.ssh/proxyauth
Then you need to create file “**~/.ssh/proxyauth**” which contain.
myusername:mypassword
After that you can do SCP transparently as usual.
Please notice that corkscrew is might not installed yet on your system. On my Linux Mint, I need to install it first, using standard Linux Mint installation procedure.
$ apt-get install corkscrew
For other yum based systems, users can install corkscrew using the following yum command.
# yum install corkscrew
Another thing that since “**~/.ssh/proxyauth**” file contain your “**username**” and “**password**” in clear-text format, please make sure that the file can be accessed by you only.
### Select different ssh_config file ###
For mobile user who often switch between company network and public network, it will be suffer to always change settings in SCP. It is better if we can put a different **ssh_config** file to match our needs.
#### Heres a sample scenario ####
Proxy is used in company network but not in public network and you are regularly switch network.
pungki@mint ~/Documents $ scp -F /home/pungki/proxy_ssh_config Label.pdf
mrarianto@202.x.x.x:.
mrarianto@202.x.x.x's password:
Label.pdf 100% 3672KB 282.5KB/s 00:13
By default “**ssh_config**” file per user will be placed in “**~/.ssh/config**“. Creating a specific “**ssh_config**” file with proxy compatible, will make you easier to switch between networks.
When you are on company network, you can use “**-F**” parameter. When you are on public network, you can skip “**-F**” parameter.
Thats all about **SCP**. You can see **man pages** of **SCP** for more detail. Please feel free to leave comments and suggestions.
--------------------------------------------------------------------------------
via: http://www.tecmint.com/scp-commands-examples/
作者:[Pungki Arianto][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[a]:http://www.tecmint.com/author/pungkiarianto/

61
sources/tech/20141119 How To Make Raspberry Pi Boot In To GUI By Default.md Normal file
View File

@ -0,0 +1,61 @@
How To Make Raspberry Pi Boot In To GUI By Default
================================================================================
![](http://itsfoss.itsfoss.netdna-cdn.com/wp-content/uploads/2014/11/raspberry_pi_gui.jpg)
Its been some times since I bought Raspberry Pi but honestly, I hardly did anything with it. Since my Dell Ultrabook is in Dell service center (for weeks now), I started using Raspberry Pi once again as an alternative.
I have previously written about [how to install Raspbian OS on a SD card in Ubuntu][1]. I did the same once again and installed Raspberry Pi once again. Only thing which I missed at the first run was to set up the GUI. And thus when I booted in Raspberry Pi again, I landed in command line directly. So how to you run Raspbian GUI then?
### Set up Raspbian GUI boot ###
When you install Raspbian for the first time, it indeed present several option to configure for the first use. But since I did not pay attention in a hurry, I just tabbed finish on that screen. If you faced the same situation and end up with just command line in Raspbian OS, no need to despair, it is very easy to set up Raspberry Pi to boot in GUI by default. Lets see how to do it.
### Step 1: ###
When you are in the command line, log in with default user password (if you did not change it). Default user for Raspbian OS is pi and the default password should be raspberry.
#### Step 2: ####
When you are logged in, run the following command:
sudo raspi-config
This command will open up the Raspberry Pi configuration, the same which we saw in the first boot.
#### Step 3: ####
In this configuration screen, look for the option of **Enable Boot to Desktop/Scratch**. Select it using a combination of arrow, tab and/or enter keys (I forgot which ones are used).
![](http://itsfoss.itsfoss.netdna-cdn.com/wp-content/uploads/2014/11/Raspbian_Gui_setup.jpg)
#### Step 4: ####
In the next screen, choose **Desktop Login as user Pi at the graphical desktop.
**
![](http://itsfoss.itsfoss.netdna-cdn.com/wp-content/uploads/2014/11/Raspbian_Gui_setup_1.jpg)
#### Step 5: ####
Youll be asked to reboot afterwards.
![](http://itsfoss.itsfoss.netdna-cdn.com/wp-content/uploads/2014/11/Raspbian_Gui_setup_2.jpg)
On the next boot, you will be logged in to LXDE desktop environment. And you can enjoy the GUI experience with Raspberry Pi.
![](http://itsfoss.itsfoss.netdna-cdn.com/wp-content/uploads/2014/11/raspbian-welcome-screen-gui.jpeg)
I hope this tutorial helped you to set up your Raspberry Pi to boot in GUI by default. Feel free to drop your questions and suggestions in the comment box.
--------------------------------------------------------------------------------
via: http://itsfoss.com/raspberry-pi-gui-boot/
作者:[Abhishek][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[a]:http://itsfoss.com/author/Abhishek/
[1]:http://itsfoss.com/tutorial-how-to-install-raspberry-pi-os-raspbian-wheezy/

228
sources/tech/20141120 How to install Xen hypervisor on unused old hardware.md Normal file
View File

@ -0,0 +1,228 @@
How to install Xen hypervisor on unused old hardware
================================================================================
Xen is a bare metal hypervisor, meaning that you must prepare a bare machine to install and run Xen. KVM is a little different - you can add it to any machine already running Linux. This tutorial describes how to install and configure Xen hypervisor on unused hardware.
This procedure uses Debian Jessie (their testing distribution) as the host OS (also known as [Dom0][1]). Jessie is not the only choice - Xen support is built into the Linux kernel, and [plenty of Linux distributions][2] include one of these Xen-enabled kernels.
### Find unused hardware ###
As a start, find a suitable workstation which can be wiped out, such as an old laptop or desktop. Older hardware may not be good for gaming, but it is good enough for a host OS and a couple of guests. A PC with these specifications works fine.
- 1 CPU with 2 cores (64-bit)
- 4GB memory
- 80GB hard disk
- ability to boot from CD, DVD or USB
- a network interface
Note that the CPU must be a 64-bit processor since Debian dropped support for 32-bit Xen packages. If you don't have spare hardware, you could invest in an old machine. 2010's $1000 flagship laptop is today's $100 bargain. A second-hand laptop from eBay and a memory upgrade will do fine.
### Burn a bootable CD/USB ###
Download the ISO image for Debian Jessie. The small netinst image available from the [official Debian website][3] works fine.
$ wget http://cdimage.debian.org/cdimage/jessie_di_beta_2/amd64/iso-cd/debian-jessie-DI-b2-amd64-netinst.iso
Next, identify the device name assigned to your [CD/DVD][4] or [USB drive][5] (e.g., /dev/sdc).
Burn the downloaded ISO image into a bootable CD or a USB using dd command. Replace /dev/sdc with the device name you identified above.
$ sudo dd if=debian-jessie-DI-b2-amd64-netinst.iso of=/dev/sdc
### Start the installation ###
To start the installation, boot with the Debian installer CD/USB.
It's a good idea to use a wired connection, not WiFi. If the WiFi won't connect because firmware or driver software is missing, you won't get very far.
![](https://farm8.staticflickr.com/7516/15772286696_c31e4c7754_z.jpg)
### Partition the disk ###
This setup uses four primary disk partitions. Automatic OS installers usually set up an extended partition that contains logical partitions. Set up the four partitions like this.
- sda1 mount on /boot, 200MB
- sda2 /, 20GB, Ubuntu uses 4GB
- sda3 swap, 6GB (4GB of memory x 1.5 = 6)
- sda4 reserved for LVM, not mounted, all the rest of the disk space
### Install the base system ###
It's a good idea to make the install as simple and short as possible. A basic working system can always be added to later. Debian's APT (Advanced Package Tool) makes adding software easy. Installing Debian on a workstation can cause pretty obscure time-wasting issues. Perhaps a graphics driver does not agree with the kernel or maybe the old CD-ROM drive only works intermittently.
When it comes to choosing what to install, do install an SSH server and don't install a desktop like Gnome.
![](https://farm9.staticflickr.com/8541/15176520633_5d31beda9c_z.jpg)
A graphical desktop requires hundreds of package installs - it's a lot of extra work that can be done later. If you run into problems, waiting for that desktop install is a waste of time. Also, without desktop component, the system boot will be much quicker - seconds rather than minutes. This procedure requires a few reboots, so that's a handy time-saver.
An SSH server lets you configure the workstation from another computer. This allows you to avoid some of the problems with old hardware - perhaps the old machine's keyboard is missing keys, the LCD screen has dead pixels or the trackpad is unresponsive etc.
### Add LVM (Logical Volume Manager) ###
Install the LVM tools as the root.
# apt-get update
# apt-get install lvm2
Pick a physical volume to work with.
# pvcreate /dev/sda4
Create a volume group.
# vgcreate vg0 /dev/sda4
You don't need to create a logical volume. If you want to test LVM works, create a volume then delete it.
# lvcreate -nmytempvol -L10G vg0
# lvremove /dev/vg0/mytempvol
Check LVM status.
# pvs (to view information about physical volumes)
# vgs (to view information about volume groups)
# lvs (to view information about logical volumes)
### Add a Linux Ethernet bridge ###
We are going to set up a Linux bridge so that all Xen's guest domains can be connected to, and communicate through the bridge.
Install the bridge tools.
# apt-get install bridge-utils
See what interfaces are configured.
# ip addr
![](https://farm8.staticflickr.com/7512/15610553338_2f9cf1d3a2_z.jpg)
In this example, we have one primary interface assigned eth0. We are going to add eth0 to the Linux bridge by editing the network configuration file (/etc/network/interfaces).
Before making any change, back up the network configuration file to keep the original working configuration safe.
# cd /etc/network/
# cp interfaces interfaces.backup
# vi /etc/network/interfaces
The file contents look something like this.
auto lo
iface lo inet loopback
allow-hotplug eth0
iface eth0 inet dhcp
Change the file to this.
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet manual
auto xenbr0
iface xenbr0 inet dhcp
bridge_ports eth0
Activate the network configuration change:
# systemctl restart networking
### Verify networking settings ###
Verify that a Linux bridge xenbr0 is created successfully.
# ip addr show xenbr0
Also check that the primary interface eth0 is successfully added to the bridge.
# brctl show
![](https://farm6.staticflickr.com/5609/15795960355_673c71ab5c_z.jpg)
You now have a working machine with Jessie installed. Xen is not yet installed at this point. Let's proceed to install Xen next.
### Install the Xen hypervisor ###
Install Xen and QEMU packages, and update the GRUB bootloader.
# apt-get install xen-linux-system
Reboot.
When the GRUB screen appears, you can see extra booting options listed.
![](https://farm8.staticflickr.com/7535/15794086091_bf1bce6b4b_z.jpg)
The first option will boot automatically in five seconds (see the GRUB_TIMEOUT line in /etc/default/grub), so this is not the time to get a coffee.
Press the down arrow to highlight the option "Debian GNU/Linux, with Xen hypervisor", and press RETURN. Many lines of information appear, followed by the usual login screen.
### Check Xen works ###
Xen hypervisor comes with Xen management command-line tool called xl, which can be used to create and manage Xen guest domains. Let's use xl command to check if Xen is successfully installed.
Log in as root, and run:
# xl info
which will display various information about Xen host.
![](https://farm9.staticflickr.com/8404/15610553388_db3b134a9d_z.jpg)
To see a list of existing Xen domains:
# xl list
![](https://farm9.staticflickr.com/8393/15610135189_ffd8bd24e8_z.jpg)
A little table of domains appears. Without any Xen guest domain created, the only entry should be Domain-0, your Debian installation.
### Change the boot order ###
When you reach this point, the Xen install is complete. There is one more thing to fix - the default boot will not load Xen. GRUB chooses the first item in the boot menu (Debian GNU/Linux), not the third (Debian GNU/Linux, with Xen hypervisor).
The default option in the boot menu is defined in the grub configuration file /boot/grub/grub.cfg. To change the default option, don't edit that file, but edit /etc/default/grub instead. A little helper program called grub-mkconfig reads in this default configuration file and all the templates in /etc/grub.d/, then writes the grub.cfg file.
Edit Debian's configuration file for grub-mkconfig.
# vi /etc/default/grub
Change the line:
GRUB_DEFAULT=0
to
GRUB_DEFAULT='Debian GNU/Linux, with Xen hypervisor'
Then update the grub configuration file.
# grub-mkconfig -o /boot/grub/grub.cfg
Finally reboot. After a few seconds, the grub boot menu appears. Check that the third option "Debian GNU/Linux, with Xen hypervisor" is highlighted automatically.
### Final note ###
If you use this machine as your hands-on workstation, install a graphical desktop. The Debian library includes a few [desktop environments][6]. If you want a graphical desktop that includes everything and the kitchen sink, go for Gnome. If graphics just get in your way, try Awesome.
Note that the Debian Jessie default environment Gnome comes with a huge amount of extra applications including the productivity suite LibreOffice, the Iceweasel web browser and the Rhythmbox music player. The install command "apt-get install gnome" adds 1,000 packages and takes up nearly 2GB of disk space. Running this heavyweight desktop takes up 1GB of memory.
--------------------------------------------------------------------------------
via: http://xmodulo.com/install-xen-hypervisor.html
作者:[Nick Hardiman][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[a]:http://xmodulo.com/author/nick
[1]:http://wiki.xen.org/wiki/Dom0
[2]:http://wiki.xen.org/wiki/Dom0_Kernels_for_Xen
[3]:https://www.debian.org/devel/debian-installer/
[4]:http://ask.xmodulo.com/detect-dvd-writer-device-name-writing-speed-command-line-linux.html
[5]:http://ask.xmodulo.com/find-device-name-usb-drive-linux.html
[6]:https://wiki.debian.org/DesktopEnvironment

87
sources/tech/20141120 How to visualize memory usage on Linux.md Normal file
View File

@ -0,0 +1,87 @@
How to visualize memory usage on Linux
================================================================================
Lack of sufficient physical memory can significantly hamper the performance of Linux desktop and server environments. When your desktop is sluggish, one of the first things to do is to free up RAMs. Memory usage is even more critical in multi-user shared hosting or mission-critical server environments, where different users or application threads constantly compete for more memory.
When it comes to monitoring any type of system resources such as memory or CPUs, visualization is an effective means to help understand quickly how they are consumed by different processes and users. In this tutorial, I describe **how to visualize memory usage in Linux environment** using a command-line tool called [smem][1].
### Physical Memory Usage: RSS vs. PSS vs. USS ###
In the presence of virtual memory abstraction, accurately quantifying physical memory usage of a process is actually not straightforward. The virtual memory size of a process is not meaningful because it does not tell how much of it is actually allocated physical memory.
**Resident set size (RSS)**, reported by top command, is one popular metric which captures what portion of a process' reported memory is residing in RAM. However, aggregating RSS of existing processes can easily overestimate the overall physical memory usage of the Linux system because the same physical memory page can be shared by different processes. **Proportional set size (PSS)** is a more accurate measurement of effective memory usage of Linux processes since PSS properly discounts the memory page shared by more than one process. **Unique set size (USS)** of a process is a subset of the process' PSS, which is not shared by any other processes.
### Install Smem on Linux ###
The command-line tool smem can generate a variety of reports related to memory PSS/USS usage by pulling information from /proc. It comes with built-in graphical chart generation capabilities, so one can easily visualize overall memory consumption status.
#### Install Smem on Debian, Ubuntu or Linux Mint ####
$ sudo apt-get install smem
#### Install Smem on Fedora or CentOS/RHEL ####
On CentOS/RHEL, you need to [enable][2] EPEL repository first.
$ sudo yum install smem python-matplotlib
### Check Memory Usage with Smem ###
When you run smem as a unprivileged user, it will report physical memory usage of every process launched by the current user, in an increasing order of PSS.
$ smem
![](https://farm8.staticflickr.com/7498/15801819892_d017280595_z.jpg)
If you want to check the overall system memory usage for all users, run smem as the root.
$ sudo smem
![](https://farm9.staticflickr.com/8635/15776587626_1de74c4bcd_z.jpg)
To view per-user memory usage:
$ sudo smem -u
![](https://farm9.staticflickr.com/8543/15798375491_510698d98f_z.jpg)
smem allows you to filter memory usage results based on mapping, processes or users in the following format:
- -M <mapping-filtering-regular-expression>
- -P <process-filtering-regular-expression>
- -U <user-filtering-regular-expression>
For a complete usage of smem, refer to its man page.
### Visualize Memory Usage with Smem ###
Visualized reports are often easier to read to identify the memory hogs of your system quickly. smem supports two kinds of graphical reports for memory usage visualization: bar and pie graphs.
Here are examples of memory usage visualization.
The following command will generate a bar graph that visualizes the PSS/USS memory usage of a user alice.
$ sudo smem --bar name -c "pss uss" -U alice
![](https://farm6.staticflickr.com/5616/15614838448_640e850cd8_z.jpg)
The next command will plot a pie graph of the overall PSS memory usage of different processes.
$ sudo smem --pie name -c "pss"
![](https://farm8.staticflickr.com/7466/15614838428_eed7426cfe_z.jpg)
As a summary, smem is a simple and effective memory analysis tool that comes in handy in various circumstances. Using its formatted output, you can run smem to identify any memory issues and take an action in an automatic fashion. If you know of any good memory monitoring tool, share it in the comment.
--------------------------------------------------------------------------------
via: http://xmodulo.com/visualize-memory-usage-linux.html
作者:[Dan Nanni][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[a]:http://xmodulo.com/author/nanni
[1]:http://www.selenic.com/smem/
[2]:http://xmodulo.com/how-to-set-up-epel-repository-on-centos.html

57
translated/news/20141115 LibreOffice 4.3.4 Released With 60 Bug Fixes v4.4 Shaping Up Nicely.md Normal file
View File

@ -0,0 +1,57 @@
修复了60个bug的LibreOffice 4.3.4正式发布4.4版本开发工作有序进行中
================================================================================
![](http://www.omgubuntu.co.uk/wp-content/uploads/2010/12/libreoffice.png)
**[上两周][1], 文档基金会带着它的开源LibreOffice生产力套件的又一个次版本回来了。**
LibreOffice 4.3.4新系列中的第四个次版本是单独由修复好的bug构成的一个版本不出乎意料地以点版本形式发行。
除了增加了即视感基金会所说的在developers butterfly net上被揪出来并且修复的bug数量大概有60个左右。
- 排序操作现在还是默认为旧的样式(Calc)
- 在预览后恢复焦点窗口(Impress)
- 图表向导对话框不再是‘切除’式
- 修复了记录改变时的字数统计问题 (Writer)
- 各种各样的RTF修复包括图像边框导入(Writer)
完整列表可以在 [LibreOffice Wiki 页面][2]查看。
### 下载 ###
许多家伙有完整的LibreOffice安装程序但是从来没用过它。如果你是其中一份子你就当做没看到。
如果你喜欢升级,你可以在官方网站上找到所有相关的下载链接。
- [下载LibreOffice 4.3.4][3]
### 预测一下LibreOffice 4.4 ###
![Info bar coming in LibreOffice 4.4](http://www.omgubuntu.co.uk/wp-content/uploads/2014/11/libreoffice-infobar.jpg)
来自LibreOffice 4.4的信息栏
LibreOffice 4.4应该给予大家多一点希望。
[维基上讲述了][4]正在进行中的不间断大范围GUI调整包括一个新的颜色选择器重新设计的段落行距选择器和一个在凸显部位表示该文件是否为只读模式的信息栏。
虽然以上大规模的界面变动我知道一些桌面社区的抗议声不断,但是他们还是朝着正确的方向稳步前进。
要记住在一些必要情况下LibreOffice对于企业和机构来说是一款非常重要的软件。在外观和布局上有任何引人注目的修改都会引发一串连锁效应。
感谢Tim W
--------------------------------------------------------------------------------
via: http://www.omgubuntu.co.uk/2014/11/libreoffice-4-3-4-arrives-bundle-bug-fixes
作者:[Joey-Elijah Sneddon][a]
译者:[ZTinoZ](https://github.com/ZTinoZ)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[a]:https://plus.google.com/117485690627814051450/?rel=author
[1]:http://www.omgubuntu.co.uk/2014/10/libreoffice-4-3-3-released-62-bug-fixes
[2]:https://wiki.documentfoundation.org/Releases/4.3.4/RC1
[3]:http://www.libreoffice.org/download/libreoffice-fresh/
[4]:https://wiki.documentfoundation.org/ReleaseNotes/4.4#GUI

79
translated/talk/The history of Android/02 - The history of Android.md
View File

@ -1,79 +0,0 @@
安卓编年史 02
=============================================================================
![Left: the Milestone 5 home screen showing the “all" button, two dock icons, and four recent apps. Center: the home screen with the app list open. Right: the power menu.](http://cdn.arstechnica.net/wp-content/uploads/2013/12/homescree052n.jpg)
Milestone 5主屏幕展示了“All”按钮两个dock图标以及四个最近使用的应用。中主屏幕与打开的应用程序列表。右边电源菜单。
Ron Amadeo供图
### 安卓0.5, Milestone 5——如今已经是报废接口的领地了 ###
“M5-RC14”版本发布后——也就是第一个安卓模拟器发布三个月之后安卓迎来了它的首次重大革新。 2008年2月发布的“Milestone5”甩掉了延伸自黑莓的界面走向一个完全革新的设计——谷歌在触控友好界面上的第一次尝试。
在浏览器的用户代理字符串的中此版本仍然被识别为“Android 0.5”但Milestone 5与安卓的第一个版本相比已经完全不一样了。几个核心的Android功能直接追踪他们的血统并最终回到这个版本。通知面板的布局和功能几乎已经整装待发并且除了样式变化外菜单也最终成型。距离安卓1.0项目发布的时间仅仅只剩八个月,一个操作系统的基础已经开始成型了。
有一件东西目前绝对不是它的最终模样那就是是主屏幕。这是一个不可配置的单屏壁纸的应用程序的抽屉和dock。应用程序图标是气泡状的三种颜色的组合由一个圆角矩形的白色背景包围着。应用程序抽屉在右下角有一个“所有”按钮轻按它打开的应用程序列表显示在了左边。这个“所有”按钮正上面的是两个dock图标“联系人”和“拨号盘”分别获得了永久的专属主屏幕位置。然后上边有四个模块它们是最近应用程序的早期版本展示了最后访问的应用程序。没有了左侧屏幕和右侧屏幕要是没有dock和最近的应用程序占用的一整列这种布局下只能放下21个应用程序图标。模拟器仍然只选择同等最少的应用程序但在实际的设备中这样的设计看起来并不会很好的工作效果。
按住“挂断”按钮会出现一个十分早期版本的电源菜单就像你最右侧的图片中看到的。谷歌迄今为止没有标准的智能手机命名术语对于“Turn Off Screen”关闭屏幕最好的形容也许是“Lock screen”锁定屏幕——虽然当时没有锁屏和“Turn Off Radio”关闭射频在今天被叫做“Airplane Mode”飞行模式
![From left to right: the surprisingly modern notification panel, the menu open in Google Maps (Maps doesn't work anymore), and the new finger-friendly list view.](http://cdn.arstechnica.net/wp-content/uploads/2013/12/noti2.png)
从左至右依次为:令人惊喜的现代通知面板,谷歌地图的菜单在打开着(地图已经不可用了),和新的触控友好列表视图。
Ron Amadeo供图
回溯到Milestone 5谷歌在那时对通知面板有着明确的认识。就像在任何现代的智能手机里一样通知中心从屏幕顶部下拉下来来唤出。目前的通知都以列表的形式显示。通知面板的第一个版本是不透明的白色薄片以及底部中心有个橙色圆点的带着棱纹的的“把手”。通知是可点击的通过点击可以打开该通知关联的应用程序。没有人为此列表中垂直对齐应用程序图标而感到困扰不过也没关系随着接下来的更新它已经是过去式了。
置顶通知能够进入一个在面板顶部的“正在进行”的部分。在这个版本中这里似乎只包含通话。在“最近事件”里的通知只有打开相应的应用程序后才清楚。用户惊喜地发现可以通过内置的XMPP连接成功登录到谷歌talk。不过虽然通知面板中显示“新会话信息”这里实际上并不是一个即时消息应用程序。
Milestone 5里是全新的艺术设计。应用程序图标被重新绘制并且菜单从一个无聊的黑莓风格的文本列表转变为一个全彩、卡通的大图标方阵。通知面板图标也从简单的、突兀的、白色的图标切换到一个绿色的气泡设计。当时信号指示下边有一条奇怪的黑线没有明显的作用。早期开发版本的微小列表视图不适合手指使用所以Milestone 5带来了更加强大的整体布局。
![The dialer, recent calls, and an incoming call.](http://cdn.arstechnica.net/wp-content/uploads/2013/12/phonestuff.png)
拨号盘,最近通话,和来电。
Ron Amadeo供图
M5是第一个有一个拨号盘的版本即使她是一个相当难看的版本。数字被显示在包含一个奇怪的聊天气泡风格退格键的渐变填充条里看上去就像是从其他界面回收回来的。对齐问题随处可见。按钮上的数字没有正确的垂直排列而且退格键的“X”也没有与对话框对齐。由于屏幕上没有的“拨号”按钮你甚至不能从拨号盘打个电话它强制要求有个拨号的硬件实体按钮。
Milestone 5 有几个选项卡式界面,所有这些都演示了一个关于标签应该如何工作的奇怪的想法。活跃的标签是白色的,而背景标签是底部拥有一小条白色条带的黑色标签。后台标签应该是向下下沉的吗?切换标签时,是没有动画效果的。直到目前还不清楚这个设计试图想表达什么。
在第二张图片中显示的最近通话记录项是从单独的应用程序降级到拨号盘选项卡的。它抛弃了早期版本疯狂的十字UI多亏了大块列表视图现在所有必要的信息都是显示在一个正常的列表中。
不同于拨号盘来电画面有显示在屏幕上的按钮来接听和结束通话。奇怪的是来电屏幕贴在屏幕的底部而不是顶部或中心。它可能是从旧的黑莓4:3屏幕遗留下来的问题。
![An active call, the disabled touchscreen error message, and the call screen with a second call on hold.](http://cdn.arstechnica.net/wp-content/uploads/2013/12/callsstuff.png)
通话中,触摸屏不可用的显示错误信息,和显示第二通话暂停的通话界面。
Ron Amadeo供图
通话中界面看起来正常但在实际中毫无意义。今天在通话中为了阻止你的脸按到按钮手机近距离传感器一旦检测到物体会关闭屏幕。尽管Milestone 5不支持近距离传感器。谷歌的随意的解决方案是在通话过程中禁用整个触摸屏。与此同时通话中的屏幕显然会检测触摸。这时候是有大的可触摸的按钮; *就是不让你摸*
M5在这里让Milestone 3版本的几个功能回归了。许多旧的界面里体面的图标被替换成了文本。像“静音”按钮在激活的时候不再提供屏幕上的反馈。合并通话被完全去除了。
![The browsers primary menu, the browsers secondary menu, the crazy zoom control, and the window interface.](http://cdn.arstechnica.net/wp-content/uploads/2013/12/browser4.png)
浏览器的主要菜单,浏览器的二级菜单,疯狂的变焦控制和窗口界面。
Ron Amadeo供图
浏览器菜单中得到了常规的触摸功能大整修,并且“更多”按钮第一次出现。它充当一个[你菜单的额外菜单] [1]。相对于将3x2的网格变成3x4的网格Milestone 5以及Android的许多后续版本一样中使用很长的、滚动的列表来引出其他选项。不支持双指缩放据说是[向苹果让步] [2]因此Android运行荒谬的控件就像上边第三张图片一样。谷歌将它显示在屏幕的中间而不是明智地设置成比如一个水平的、底部对齐的缩放控件。最后一张图片显示浏览器的“窗口”界面允许你打开多个网页并在它们之间更轻松地切换。
![Google Maps layers section screen, search interface, and directions screen.](http://cdn.arstechnica.net/wp-content/uploads/2013/12/amps.png)
谷歌地图的图层选择,搜索界面,以及路线界面。
Ron Amadeo供图
谷歌地图仍然不能使用但我们接触的小小UI却有了显著更新。你可以选择地图图层虽然只有两种可以选择卫星和交通。顶部对齐的搜索界面奇怪地隐藏了状态栏而底部对齐的路线没有隐藏状态栏。路线的输入按钮被标有“Go”而且搜索的输入按钮被标有一个奇怪的弯曲的箭头。这样的例子不胜枚举并演示了保守的安卓在最坏时候的情况在同一个应用程序外观和工作方式*应该*类似的两个功能,在实现上却完全相反。
----------
![Ron Amadeo](http://cdn.arstechnica.net/wp-content//uploads/authors/ron-amadeo-sq.jpg)
[Ron Amadeo][a] / Ron是Ars Technica的评论编缉专注于安卓系统和谷歌产品。他总是在追寻新鲜事物还喜欢拆解事物看看它们到底是怎么运作的。
[@RonAmadeo][t]
--------------------------------------------------------------------------------
via: http://arstechnica.com/gadgets/2014/06/building-android-a-40000-word-history-of-googles-mobile-os/2/
译者:[cereuz](https://github.com/cereuz)邮箱:[cereuz](mailto:sunedo@qq.com)
校对:[alim0x](https://github.com/alim0x)/[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[1]:http://i.imgur.com/GIYGTnb.jpg
[2]:http://www.businessinsider.com/steve-jobs-on-android-founder-andy-rubin-big-arrogant-f-2013-11
[a]:http://arstechnica.com/author/ronamadeo
[t]:https://twitter.com/RonAmadeo

185
translated/tech/20140818 What are useful CLI tools for Linux system admins.md Normal file
View File

@ -0,0 +1,185 @@
对Linux系统管理员有帮助的命令行工具
================================================================================
系统管理员sysadmins负责日常维护生产系统和服务。其中一个关键任务就是保证功能性服务能24小时工作。为了这个他们得很小心地计划备份方式灾难管理策略定时维护安全审查等等。和任意其他管理一样系统管理员也有他们的必备工具。在正确的时间正确的情况下使用合适的工具可以帮助维护操作系统的健壮达到最小的服务中断时间和最大的运行时间。
这篇文章会介绍一些系统管理员日常活动中最常用和有效的命令行工具。如果你想推荐其他没在这里列出来的好用的工具,别忘了在评论区里分享一下。
### 网络工具 ###
1. **ping**通过ICMP回应/回复报文来检查远端主机的端到端连接性RTT延时抖动丢包。用来检查系统状态和可连接性很不错。
2. **[phping][1]**网络扫描和检测工具可以产生ICMP/TCP/UDP ping数据包。常常用于高级端口扫描防火墙测试手动MTU路径发现和碎片测试。
3. **traceroute**通过TTL限定的ICMP/UDP/TCP侦测包来发现从本地主机到远端目标主机之间的第三层转发路径。用来调试网络连接性和路由问题。
4. **mtr**traceroute的一个变种能根据运行时统计数据整理出每一跳的包丢失/抖动。用来评估路由路径延时很不错。
5. **[netcat][2]/[socat][3]**TCP/IP网络里的瑞士军刀可以读/写TCP/UDP协议字节流。用来调试防火墙策略和服务可用性很不错。
6. **dig**DNS调试工具可以生成正向查询反向查询搜索域名服务器检查CNAMEMX和其他DNS记录。可以在侦错的时候查询特定的DNS服务器。
7. **nslookup**另外一个DNS检查/调试工具。支持所有DNS查询和记录。可以查询特定DNS服务器。
8. **dnsyo**一个DNS测试工具通过对全世界1500个不同网络中的大量开放解析器执行DNS查询来测试DNS传输。
9. **lsof**:显示进程打开的文件信息(例如,普通文件,管道或套接字)。用来监视网络连接很不错。
10. **iftop**一个基于ncurses的命令行界面应用可以实时监视各个网络物理接口上的网络连接和带宽占用。用来记录霸占带宽的应用、用户、目的地和端口等很不错。
11. **netstat**一个网络统计工具可以显示状态以及统计信息当前网络连接TCP/UDP端口IP地址、路由表、TX/RX traffic以及网络协议。用来做网络相关诊断和性能调试很不错。
12. **[tcpdump][4]**一个常用的基于libpcap抓包库的包侦测工具。可以按伯克利包过滤器格式定义抓包条件。
13. **[tshark][5]**另一个命令行抓包工具和它的GUI版本Wireshark完全兼容。支持[1000种协议][6]而且这个列表还在增加。用来调试、分析和保存实时网络封包信息很不错。
14. **ip**一个多功能的命令行网络工具是iproute2包的一部分。可以检查和修改路由表、网络设备状态以及IP隧道设置。用来查看路由表、增加/删除静态路由、配置网络接口、以及调试路由问题很有用。
15. **ifup/ifdown**:用来激活和关闭特定的网络接口。经常用于重启整个网络服务。
16. **[autossh][7]**一个能建立SSH连接并在断线后自动重新连接的程序。用来创建长时间保持的穿越严格企业网络的SSH隧道很有用。
17. **iperf**一个网络测试工具通过在发送自定义TCP/UDP数据流来衡量主机间双向最大吞吐量。
18. **[elinks][8]/[lynx][9]**:为基于命令行的服务器环境下使用的基于文字的网页浏览器。
### 安全工具 ###
19. **[iptables][10]**一个用户空间下的命令行工具用于配置Linux内核防火墙。可以创建和修改Linux内核空间的网络包接收、转发和发送规则。
20. **[nmap][11]**:一个常用的为了安全审查目的的端口扫描和网络发现工具。用来在本地网络中找出哪些主机开机并运行起来了以及某台特定主机打开了哪些端口很有用。
21. **[TCP Wrappers][12]**:一个主机端的网络访问控制列表工具,可以过滤进入/出去的网络请求/回复。经常配合iptables一起使用作为额外一层安全保护。
22. **getfacl/setfacl**:查看和定制文件和目录的访问控制列表,作为传统文件权限的扩展。
23. **cryptsetup**用于创建和管理LUKS加密磁盘分区。
24. **lynis**一个命令行的漏洞扫描工具。可以扫描整个Linux系统并汇报潜在的漏洞以及相关可能解决方案。
25. **maldet**:一个恶意软件扫描命令行工具,可以检测和隔离潜在的感染文件。可以在后台运行长期监视。
26. **[rkhunter][13]/[chkrootkit][14]**:一个命令行工具,可以扫描本地系统里的潜在木马、隐藏后门和可疑利用,并禁用它们。
### 存储工具 ###
27. **fdisk**:一个磁盘分区编辑工具。用于查看、创建和修改本地磁盘或可移动磁盘的分区。
28. **sfdisk**fdisk的一个变种能用一种非交互的方式访问或更新磁盘分区表。用来自动化备份和恢复过程中的磁盘分区很有用。
29. **[parted][15]**另一个磁盘分区编辑器支持超过2TB的磁盘的GPTGUID分区表格式。gparted是parted的一个前端GTK+图形界面。
30. **df**:用来查看不同分区或文件路径的已用/可用存储空间和挂载点。存在一个用户友好的变种dfc。
31. **du**用来查看不同文件和目录的当前磁盘占用情况例如du -sh *)。
32. **mkfs**一个磁盘格式化命令用来在独立磁盘分区上建立文件系统。有多个文件系统相关的版本ext2、ext3、ext4、bfs、ntfs、vfat/fat。
33. **fsck**:一个命令行工具,用来检查文件系统错误并尝试可能的修复。通常在启动时自动运行,但是在卸载一个分区后也可以根据需要手动运行。
34. **mount**:用来映射一个物理磁盘分区、网络共享或远程存储到一个本地挂载点。任何对挂载点里的读/写操作都是对应实际存储的实际数据读/写。
35. **mdadm**一个命令行工具用来管理物理块设备上的软件RAID设备。可以创建、构造、增长或监视RAID阵列。
36. **lvm**:一套命令行工具集,用来管理卷分组和物理/逻辑卷,可以用最小的停机时间在多个物理磁盘上创建、调整大小、拆分和合并卷。
### 日志访问工具 ###
37. **tail**用来查看一个增长中的日志文件的尾部。有几个变种包括multitail多窗口查看和[ztail][16]支持inotify和正则表达式过滤以及颜色
38. **logrotate**:一个命令行工具,可以在根据设定的时间段拆分、压缩并邮寄旧的/大的日志文件。用来管理可能产生大量日志文件的繁忙主机很有用。
39. **grep/egrep**可以通过特定的模式或正则表达式过滤日志内容。变种包括用户更友好的ack和速度更快的ag。
40. **awk**:一个多功能的文本扫描和处理工具。常用于从文本/日志文件中找出特定的列或内容,并输出给其他工具。
41. **sed**:一个文本流编辑工具,可以过滤和改变(例如,删除行/空格、替换/转换单词、增加计数文本流并通过管道连接到stdout/stderr或者其他工具。
### 备份工具 ###
42. **[rsync][17]**一个快速的单向增量备份和镜像工具。常用于复制一个数据仓库到线下存储可以选择通过SSH或stunnel的加密连接。
43. **[rdiff-backup][18]**:另一个有效利用带宽的增量备份工具。管理两个连续快照之间的差分。
44. **duplicity**一个加密的增量备份工具。使用GnuPG加密备份并通过SSH上传到远程服务器。
### 性能监视工具 ###
45. **top**一个命令行的进程查看程序。可以监视系统负载、进程状态、CPU和内存占用。有一个更用户友好的变种htop。
46. **ps**显示系统所有运行中进程的一个快照。输出可以定制成显示PID、PPID、用户、负载、内存、积累的用户/系统时间、启动时间、以及更多。有一个变种是pstree可以用树结构显示进程。
47. **[nethogs][19]**:一个带宽监视工具,按进程来分组显示活动网络连接,实时汇报每个进程占用的(上传/下载)带宽。
48. **ngxtop**一个网页服务器访问日志解析和监视工具界面是受top命令启发。它可以实时汇报整理过的页面请求列表包括频率、大小、HTTP返回值、IP地址等等。
49. **vmstat**一个简单的命令行工具可以显示多个实时系统特征例如进程数、剩余内存、分页状态、CPU占用、块设备I/O活动、中断/上下文切换统计、等等。
50. **iotop**一个基于ncurses的I/O监视工具可以实时排序显示所有运行中进程的磁盘I/O活动。
51. **iostat**一个命令行工具可以汇报当前CPU使用情况以及设备I/O使用情况这里的I/O使用情况例如块传输速度、字节读/写速度)是按设备或分区来汇报的。
### 效率工具 ###
52. **screen**用来把一个单一的终端拆分成多个持久的虚拟终端也支持远程用户访问类似teamviewer的屏幕分享功能。
53. **tmux**:另一个终端复用工具,可以支持多个长期会话,还可以横向/纵向拆分终端。
54. **cheat**一个简单的命令行工具可以让你查看多个常用Linux命令的备忘录就在手边非常方便。内建的备忘录也可以完全定制。
55. **apropos**:用来在帮助手册里查找描述或关键字很有用。
### 包管理工具 ###
56. **apt**基于Debian系统的事实上的包管理工具例如Debian、Ubuntu或Backtrack。一个救生圈。
57. **apt-fast**apt-get的一个支撑应用可以通过多个并行连接明显提高apt-get的下载速度。
58. **apt-file**:用来查看某个特定文件属于哪个.deb包或者显示一个特定.deb包里的所有文件。已安装和未安装的包都能支持。
59. **dpkg**:一个用来手动安装.deb包的命令行工具。强烈建议尽可能的使用apt。
60. **yum**基于红帽的系统的事实上的自动包管理工具比如RHEL、CentOS或Fedora。另一个救生圈。
61. **rpm**通常我都是rpmyum一下。有很多有用的参数比如-q、-f、-l可以分别用来查询、指定文件和路径。
### 硬件工具 ###
62. **lspci**一个命令行工具可以显示已安装的PCI设备的各种信息比如型号名称、设备驱动、设备功能、内存地址、PCI总线地址。
63. **lshw**一个命令行工具可以查询和显示不同分类下的硬件配置的详细信息例如处理器、内存、主板、网络、存储。支持多重输出格式html、xml、json、text。
64. **[inxi][20]**一个综合硬件查看工具可以提供不同硬件模块的总览例如CPU显卡声卡网卡温度/风扇传感器,等等。
如果你希望推荐没有列在这里的好用的工具,不要客气,在评论区里分享一下。
--------------------------------------------------------------------------------
via: http://xmodulo.com/2014/08/useful-cli-tools-linux-system-admins.html
作者:[Sarmed Rahman][a]
译者:[zpl1025](https://github.com/zpl1025)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[a]:http://xmodulo.com/author/sarmed
[1]:http://www.hping.org/
[2]:http://netcat.sourceforge.net/
[3]:http://www.dest-unreach.org/socat/
[4]:http://www.tcpdump.org/
[5]:https://www.wireshark.org/docs/man-pages/tshark.html
[6]:https://www.wireshark.org/docs/dfref/
[7]:http://www.harding.motd.ca/autossh/
[8]:http://elinks.or.cz/
[9]:http://lynx.isc.org/
[10]:http://www.netfilter.org/projects/iptables/
[11]:http://nmap.org/
[12]:http://en.wikipedia.org/wiki/TCP_Wrapper
[13]:http://rkhunter.sourceforge.net/
[14]:http://www.chkrootkit.org/
[15]:http://www.gnu.org/software/parted/
[16]:https://hackage.haskell.org/package/ztail
[17]:http://rsync.samba.org/
[18]:http://www.nongnu.org/rdiff-backup/
[19]:http://nethogs.sourceforge.net/
[20]:http://code.google.com/p/inxi/

234
translated/tech/20140905 Linux TCP or IP networking--net-tools vs. iproute2.md Normal file
View File

@ -0,0 +1,234 @@
Linux 中的TCP/IP网络配置net-tools vs. iproute2
================================================================================
如今很多系统管理员依然通过组合使用诸如ifconfig、route、arp和netstat等命令行工具统称为net-tools来配置网络功能解决网络故障。net-tools起源于BSD的TCP/IP工具箱后来成为老版本Linux内核中配置网络功能的工具。但自2001年起Linux社区已经对其停止维护。同时一些比如Arch Linux和CentOS/RHEL 7的Linux发行版则已经完全抛弃了net-tools以支持iproute2。
作为网络配置工具的一份子iproute2的出现旨在在功能上取代net-tools。net-tools通过procfs(/proc)和ioctl系统调用去访问和改变内核网络配置而iproute2则通过netlink套接字接口与内核通讯。抛开性能而言iproute2的用户接口比net-tools显得更加直观。比如各种网络资源如link、IP地址、路由和隧道等均使用合适的对象抽象去定义使得用户可使用一致的语法去管理不同的对象。更重要的是到目前为止iproute2仍处在[持续开发][1]中。
如果你仍在使用net-tools而且尤其需要跟上新版Linux内核中的最新最重要的网络特性的话那么是时候转到iproute2的阵营了。原因就在于使用iproute2可以做很多net-tools无法做到的事情。
对于那些想要转到使用iproute2的用户有必要了解下面有关net-tools和iproute2的众多对比。
### 显示所有已连接的网络接口 ###
下面的命令显示出所有可用网络接口的列表(无论接口是否激活)。
使用**net-tools**
$ ifconfig -a
使用**iproute2**
$ ip link show
![](https://farm4.staticflickr.com/3852/15134851045_53a5135283_z.jpg)
### 激活或停用网络接口 ###
使用这些命令来激活或停用某个指定的网络接口。
使用**net-tools**
$ sudo ifconfig eth1 up
$ sudo ifconfig eth1 down
使用**iproute2**
$ sudo ip link set down eth1
$ sudo ip link set up eth1
### 为网络接口分配IPv4地址 ###
使用这些命令配置网络接口的IPv4地址。
使用**net-tools**
$ sudo ifconfig eth1 10.0.0.1/24
使用**iproute2**
$ sudo ip addr add 10.0.0.1/24 dev eth1
值得注意的是可以使用iproute2给同一个接口分配多个IP地址ifconfig则无法这么做。使用ifconfig的变通方案是使用[IP别名][2]。
$ sudo ip addr add 10.0.0.1/24 broadcast 10.0.0.255 dev eth1
$ sudo ip addr add 10.0.0.2/24 broadcast 10.0.0.255 dev eth1
$ sudo ip addr add 10.0.0.3/24 broadcast 10.0.0.255 dev eth1
### 移除网络接口的IPv4地址 ###
就IP地址的移除而言除了给接口分配全0地址外net-tools没有提供任何合适的方法来移除网络接口的IPv4地址。相反iproute2则能很好地完全。
使用**net-tools**
$ sudo ifconfig eth1 0
使用**iproute2**
$ sudo ip addr del 10.0.0.1/24 dev eth1
### 显示网络接口的IPv4地址 ###
按照如下操作可查看某个指定网络接口的IPv4地址。
使用**net-tools**
$ ifconfig eth1
使用**iproute2**
$ ip addr show dev eth1
同样如果接口分配了多个IP地址iproute2会显示出所有地址而net-tools只能显示一个IP地址。
![](https://farm6.staticflickr.com/5552/15134470952_f478190693_z.jpg)
### 为网络接口分配IPv6地址 ###
使用这些命令为网络接口添加IPv6地址。net-tools和iproute2都允许用户为一个接口添加多个IPv6地址。
使用**net-tools**
$ sudo ifconfig eth1 inet6 add 2002:0db5:0:f102::1/64
$ sudo ifconfig eth1 inet6 add 2003:0db5:0:f102::1/64
使用**iproute2**
$ sudo ip -6 addr add 2002:0db5:0:f102::1/64 dev eth1
$ sudo ip -6 addr add 2003:0db5:0:f102::1/64 dev eth1
### 显示网络接口的IPv6地址 ###
按照如下操作可显示某个指定网络接口的IPv6地。net-tools和iproute2都可以显示出所有已分配的IPv6地址。
使用**net-tools**
$ ifconfig eth1
使用**iproute2**
$ ip -6 addr show dev eth1
![](https://farm4.staticflickr.com/3906/15111848536_f6cb7ddb4f_z.jpg)
### 移除网络设备的IPv6地址 ###
使用这些命令可移除接口中不必要的IPv6地址。
使用**net-tools**
$ sudo ifconfig eth1 inet6 del 2002:0db5:0:f102::1/64
使用**iproute2**
$ sudo ip -6 addr del 2002:0db5:0:f102::1/64 dev eth1
### 改变网络接口的MAC地址 ###
使用下面的命令可[篡改网络接口的MAC地址][3]请注意在更改MAC地址前需要停用接口。
使用**net-tools**
$ sudo ifconfig eth1 hw ether 08:00:27:75:2a:66
使用**iproute2**
$ sudo ip link set dev eth1 address 08:00:27:75:2a:67
### 查看IP路由表 ###
net-tools中有两个选择来显示内核的IP路由表route和netstat。在iproute2中使用命令ip route。
使用**net-tools**
$ route -n
----------
$ netstat -rn
使用**iproute2**
$ ip route show
![](https://farm6.staticflickr.com/5585/14948293867_c018df8efd_z.jpg)
### 添加和修改默认路由 ###
这里的命令用来添加或修改内核IP路由表中的默认路由规则。请注意在net-tools中可通过添加新的默认路由、删除旧的默认路由来实现修改默认路由。在iproute2使用ip route命令来代替。
使用**net-tools**
$ sudo route add default gw 192.168.1.2 eth0
$ sudo route del default gw 192.168.1.1 eth0
使用**iproute2**:
$ sudo ip route add default via 192.168.1.2 dev eth0
$ sudo ip route replace default via 192.168.1.2 dev eth0
### 添加和移除静态路由 ###
使用下面命令添加或移除一个静态路由。
使用**net-tools**
$ sudo route add -net 172.16.32.0/24 gw 192.168.1.1 dev eth0
$ sudo route del -net 172.16.32.0/24
使用**iproute2**
$ sudo ip route add 172.16.32.0/24 via 192.168.1.1 dev eth0
$ sudo ip route del 172.16.32.0/24
### 查看套接字统计信息 ###
这里的命令用来查看套接字统计信息比如活跃或监听状态的TCP/UDP套接字
使用**net-tools**
$ netstat
$ netstat -l
使用**iproute2**
$ ss
$ ss -l
![](https://farm4.staticflickr.com/3843/14948157419_564982b0e6_z.jpg)
### 查看ARP表 ###
使用这些命令显示内核的ARP表。
使用**net-tools**:
$ arp -an
使用**iproute2**:
$ ip neigh
![](https://farm4.staticflickr.com/3908/14948193370_1c5256e8e1_z.jpg)
### 添加或删除静态ARP项 ###
按照如下操作在本地ARP表中添加或删除一个[静态ARP项][4]。
使用**net-tools**
$ sudo arp -s 192.168.1.100 00:0c:29:c0:5a:ef
$ sudo arp -d 192.168.1.100
使用**iproute2**
$ sudo ip neigh add 192.168.1.100 lladdr 00:0c:29:c0:5a:ef dev eth0
$ sudo ip neigh del 192.168.1.100 dev eth0
### 添加、删除或查看多播地址 ###
使用下面的命令配置或查看网络接口上的多播地址。
使用**net-tools**:
$ sudo ipmaddr add 33:44:00:00:00:01 dev eth0
$ sudo ipmaddr del 33:44:00:00:00:01 dev eth0
$ ipmaddr show dev eth0
$ netstat -g
使用**iproute2**
$ sudo ip maddr add 33:44:00:00:00:01 dev eth0
$ sudo ip maddr del 33:44:00:00:00:01 dev eth0
$ ip maddr list dev eth0
--------------------------------------------------------------------------------
via: http://xmodulo.com/2014/09/linux-tcpip-networking-net-tools-iproute2.html
作者:[Dan Nanni][a]
译者:[KayGuoWhu](https://github.com/KayGuoWhu)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[a]:http://xmodulo.com/author/nanni
[1]:https://www.kernel.org/pub/linux/utils/net/iproute2/
[2]:http://xmodulo.com/2013/02/how-to-assign-multiple-ip-addresses-to-one-network-interface-on-centos.html
[3]:http://xmodulo.com/2014/02/spoof-mac-address-network-interface-linux.html
[4]:http://xmodulo.com/2013/02/how-to-add-or-remove-static-arp-entry-on-linux.html

248
translated/tech/20141029 How to install LEMP stack nginx MariaDB or MySQL and php on CentOS.md Normal file
View File

@ -0,0 +1,248 @@
CentOS 下安装 LEMP 包(nginx、MariaDB/MySQL 和 php)
================================================================================
LEMP 组合包是一款日益流行的网站服务组合软件包,在许多生产环境中的核心网站服务上起着强有力的作用。正如其名称所暗示的, LEMP 包是由 Linux、ngix、MariaDB/MySQL 和 PHP 组成的。在传统的 LAMP 包中使用的 Apache HTTP 协议服务器性能低下而且难于大规模集群,相比来说 ngix 的高性能及轻量级等特性,正是其的替代方案。 MariaDB 是一款社区支持驱动的 MySQL 数据库的分支其功能更多性能更佳。PHP服务端编程语言具体是由 PHP FastCGI 的增强版 PHP-FPM 组件来处理,生成网页动态内容。
这篇文章里,我们示范**如何在 CentOS 操作平台上安装 LEMP 包**。我们安装的目标是 CentOS 6 和 CentOS 7 两个操作平台,如有必要会指出它们的不同。
### 第一步: Nginx ###
让我们在 CentOS 上安装 nginx 作为第一步,然后对它作些基本的配置,比如使其能自启动和[对防火墙做个性化设置][1]。
#### 安装 Nginx ####
让我们从它的官方的 RPM 源来安装一个预构建的稳定版本的 nginx 包。
在 CentOS 7 系统上:
$ sudo rpm --import http://nginx.org/keys/nginx_signing.key
$ sudo rpm -ivh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
$ sudo yum install nginx
在 CentOS 6 系统上:
$ sudo rpm --import http://nginx.org/keys/nginx_signing.key
$ sudo rpm -ivh http://nginx.org/packages/centos/6/noarch/RPMS/nginx-release-centos-6-0.el6.ngx.noarch.rpm
$ sudo yum install nginx
注意在安装 nginx RPM 包之前,如果您没有导入 nginx 的官方 GPG 密钥的话,会出一如下所示的警告:
warning: /var/tmp/rpm-tmp.KttVHD: Header V4 RSA/SHA1 Signature, key ID 7bd9bf62: NOKEY
#### 启动 Nginx ####
安装完成后nginx 是不会自动启动的。现在让我们来启动它吧,还要做些配置让其可以随着操作系统启动而启动。我们也需要在防火墙里打开 TCP/80 端口,以使得可以远程访问 nginx 的 web 服务。所有这些操作、设置都只需要输入如下命令就可实现。
在 CentOS 7 系统上:
$ sudo systemctl start nginx
$ sudo systemctl enable nginx
$ sudo firewall-cmd --zone=public --add-port=80/tcp --permanent
$ sudo firewall-cmd --reload
在 CentOS 6 系统上:
$ sudo service nginx start
$ sudo chkconfig nginx on
$ sudo iptables -I INPUT -p tcp -m tcp --dport 80 -j ACCEPT
$ sudo service iptables save
#### 测试 Nginx ####
nginx 的默认文档要目录是 /usr/share/nginx/html。默认的 index.html 文件一定已经在这目录下了。让我们检测下是否可以访问到这个测试 web 页,输入 http://<nginx-ip-address>/ 访问。
![](https://farm4.staticflickr.com/3940/15461279287_8573948074_b.jpg)
如果您看到的是如上所示的页面的话,说明 nginx 已经正常启动。继续往下。
### 第二步: MariaDB/MySQL ###
下一步就是安装 LEMP 包的数据库组件。CentOS/RHEL 6 或早期的版本中提供的是 MySQL 的服务/客户端安装包,但 CentOS/RHEL 7 已使用了 MySQL 默认实现的版本 MariaDB。作为 MySQL 的简单替代品MariaDB 保证了与 MySQL 的 API 和命令行用法方面最大的兼容性。下面是关于怎么在 CentOS 上安装和配置 MaraDB/MySQL 的操作示例。
在 CentOS 7 系统上:
如下所示操作来安装 MariaDB 服务/客户端包以及启动 MariaDB 服务。
$ sudo yum install mariadb-server
$ sudo systemctl start mariadb
$ sudo systemctl enable mariadb
在 CentOS 6 系统上:
如下示,安装 MySQL 服务/客户端包并且启动 MySQL 服务。
$ sudo yum install mysql-server
$ sudo service mysqld start
$ sudo chkconfig mysqld on
在成功启动 MariaDB/MySQL 服务后,执行在 MariaDB/MySQL 服务包中的脚本。这一次的运行会为为数据库服务器进行一些安全强化措施,如设置(非空)的 root 密码、删除匿名用户、锁定远程访问。
$ sudo mysql_secure_installation
![](https://farm8.staticflickr.com/7545/15644566071_8c39875512_z.jpg)
这就是数据库的设置。现在进行下一步。
### 第三步: PHP ###
PHP 是 LEMP 包中一个重要的组件,它负责把存储在 MariaDB/MySQL 服务器的数据取出生成动态内容。为了 LEMP 可用,您至少需要安装上 PHP-FPM 和 PHP-MySQL 两个模块。PHP-FPMFastCGI 进程管理器)实现的是 nginx 服务器和生成动态内容的 PHP 应用程序的访问接口。PHP-MySQL 模块使 PHP 程序能访问 MariaDB/MySQL 数据库。
#### 安装 PHP 模块 ####
在 CentOS 7 系统上:
$ sudo yum php php-fpm php-mysql
在 CentOS 6 系统上:
首先,您需要从仓库中安装 REMI 库(参见[本指南][2]),并安装软件包。
$ sudo yum --enablerepo=remi install php php-fpm php-mysql
![](https://farm4.staticflickr.com/3934/15644566121_60cbaab8b7_z.jpg)
在安装 PHP 时,得注意两个地方:
在 CentOS 6 系统中,安装 REMI仓库中最新的 php-mysql 模块时MySQL 的服务端包和客户端包会被当做一部分依赖包而自动的更新。
在 CentOS 6 和 CentOS 7 中,在安装 PHP 包的同时会把 Apache web 服务器(即 httpd当做它的依赖包一起安装。这会跟 nginx web 服务器起冲突。这个问题会在下一节来讨论。
取决于您的使用情况,可以使用 yum 命令来定制您的 PHP 引擎,也许会想安装下面的任意一个扩展 PHP 模块包。
- **php-cli**: PHP 的命令行界面。从命令行里测试 PHP 时非常有用。
- **php-gd**: PHP 的图像处理支持。
- **php-bcmath**: PHP 的数学支持。
- **php-mcrypt**: PHP 的加密算法支持 (例如 DES、Blowfish、CBC、 CFB、ECB ciphers 等)。
- **php-xml**: PHP 的 XML 解析和处理支持。
- **php-dba**: PHP 的数据抽象层支持。
- **php-pecl-apc**: PHP 加速器/缓存支持。
安装时,要查看可用的 PHP 模块的完整列表的话,可以运行:
$ sudo yum search php- (CentOS 7)
$ sudo yum --enablerepo=remi search php- (CentOS 6)
#### 启动 PHP-FPM ####
您需要启动 PHP-FPM ,然后把它加放自动启动服务列表。
在 CentOS 7 系统上:
$ sudo systemctl start php-fpm
$ sudo systemctl enable php-fpm
在 CentOS 6 系统上:
$ sudo chkconfig php-fpm on
$ sudo service php-fpm start
### 第四步: 配置 LEMP 组合包 ###
本教程的最后一步是调整 LEMP 组合包的配置。
#### 使 Httpd 不可用 ####
首先,让我们把早先随 PHP 包安装的 httpd 服务给禁用掉。
在 CentOS 7 系统上:
$ sudo systemctl disable httpd
在 CentOS 6 系统上:
$ sudo chkconfig httpd off
#### 配置 Nginx ####
接下来,让我们配置 nginx 虚拟主机,使得 nginx 可以通过 PHP-FPM 来处理 PHP 的任务。用文本编辑器打开 /etc/nginx/conf.d/default.conf ,然后按如下所示修改。
$ sudo vi /etc/nginx/conf.d/default.conf
----------
server {
listen 80;
server_name www.server_domain.com;
root /usr/share/nginx/html;
index index.php index.html index.htm;
location / {
}
# redirect server error pages to the static page /50x.html
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
# nginx passes PHP scripts to FastCGI server via a TCP/9000 socket
# this setting much be consistent with /etc/php-fpm.d/www.conf
# try_files prevents nginx from passing bad scripts to FastCGI server
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
nginx 的默认工作线程(在 /etc/nginx/nginx.conf 文件中指定的)数是一个,让我们也来调整一下这个数字。通常来说我们创建的工作线程数应该和 CPU 核数相同。要确信您的 CPU 的核数,请运行下面这命令:
$ grep processor /proc/cpuinfo | wc -l
如果您的 CPU 是 4 核的,就如下所示修改 /etc/nginx/nginx.conf 文件。
$ sudo vi /etc/nginx/nginx.conf
----------
worker_processes 4;
#### 配置 PHP ####
接下来,让我们对 PHP 的配置文件 /etc/php.ini 做自定义设置。更具体的就是在 /etc/php.ini 文件中增加以下两行。
cgi.fix_pathinfo=0
date.timezone = "America/New York"
为了安全起见,我们希望的是 PHP 解释器只是处理指定文件路径的文件任务,而不是预测搜索一些并不存在的文件任务。上面的第一行起的就是这个作用。
第二行定义的是 PHP 中 日期/时间相关函数使用相关的默认时区。使用[本指南] [3],找出您所在的时区,并设置相应 **date.timezone 的值**
#### 测试 PHP ####
最后,让我们来测试下 nginx 是否能处理 PHP 页面。在测试之前,请确保重启 nginx 和 PHP-FPM。
在 CentOS 7 系统上:
$ sudo systemctl restart nginx
$ sudo systemctl restart php-fpm
在 CentOS 6 系统上:
$ sudo service nginx restart
$ sudo service php-fpm restart
创建一个叫名叫 test.php 的文件,然后写入如下内容,并放入 /var/www/html/ 目录。
<?php phpinfo(); ?>
打开浏览器,输入 http://<nginx-ip-address>/test.php 。
![](https://farm6.staticflickr.com/5608/15647258715_9d7bcd8c73_z.jpg)
如果您能看到如上所示的页面,说明设置的 LEMP 完全成功!
--------------------------------------------------------------------------------
via: http://xmodulo.com/install-lemp-stack-centos.html
作者:[Dan Nanni][a]
译者:[runningwater](https://github.com/runningwater)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[a]:http://xmodulo.com/author/nanni
[1]:http://ask.xmodulo.com/open-port-firewall-centos-rhel.html
[2]:http://ask.xmodulo.com/install-remi-repository-centos-rhel.html
[3]:http://ask.xmodulo.com/set-default-timezone-php.html

154
translated/tech/20141115 How to perform system backup with backup-manager on Linux.md Normal file
View File

@ -0,0 +1,154 @@
Linux上使用备份管理器进行系统备份
================================================================================
无论简单与否,我们都有机会去了解这么一件事,那就是备份的重要性从来都不可以被低估。考虑到备份的方法真的多如牛毛,你可能想要知道怎样来有效地为你的系统选择正确的工具和和合适的策略。
在本文中,我将为你介绍[备份管理器][1]一个简单易用的命令行备份工具在大多数的Linux发行版的标准软件库中都能见到它的身影。
是什么让备份管理器在众多的备份工具或备份策略中脱颖而出呢?让我来简单介绍一些它的与众不同的特性吧:
- **简单的设计与管理**:配置文件易于读懂和编辑,即便是初学者也很容易上手。
- **一劳永逸**它在配置好后就可以通过cron周期性运作。
- **支持多种协议远程备份**无缝整合多种传输协议、应用和云后端FTPSCPSSH-GPGrsyncAWS S3等等来传输生成的归档包到一组远程主机。
- **支持数据库备份**包括支持开箱即用备份MySQL/MariaDB和PostgreSQL数据库。
- **支持加密**备份过程中支持基于GPG文件的加密。
### 在Linux上安装备份管理器 ###
备份管理器的安装是快速而无痛的因为它就包含在大多数Linux发行版的基础软件库中。
#### DebianUbuntu及其衍生版 ####
# aptitude install backup-manager
在基于Debian的系统中安装时会提示你输入要存放备份归档文件的目录。如果选择的目录不存在那么当你首次运行备份管理器时它会自动创建。
选择OK并按回车键。
![](https://farm6.staticflickr.com/5614/15600105060_8cf4491e3b_z.jpg)
在下一步中,会询问你要备份的所有目录(用空格分隔)。建议,但不是严格要求,列出同一父目录中的几个子目录,而不要仅仅输入父目录。
你可以跳过该步骤并在以后对配置文件中BM_TARBALL_DIRECTORIESb变量进行设置。否则的话就请尽可能多地添加你想要的目录然后选择OK
![](https://farm6.staticflickr.com/5610/15761238616_c9651fea1c_z.jpg)
#### Fedora或CentOS/RHEL ####
# yum install backup-manager
在CentOS/RHEL上在运行以上yum命令前你将需要先启用[EPEL仓库][2]。
### 配置备份管理器 ###
备份管理器的主配置文件是/etc/backup-manager.conf。该文件被划分为几个章节里面定义了备份方法和相关的变量或“键值”这些配置让备份管理器成为一个多样化的工具可以广泛地应付各种状况。
出于演示目的,我们将考虑以下环境:
- 每周对/etc/home以及/var/log目录进行一次完整备份我们将在下面通过cron设置备份的频率
- 通过SSH传输.tar.gz备份归档文件到两台不同主机dev1和dev3上指定的目标目录。
- 通过SSH备份本地MySQL数据库到相同目标主机。
用你喜爱的文本编辑器打开/etc/backup-manager.conf文件并编辑以下变量。如果你愿意你大可不必理会那些#开头的行。在本文中,它只是用作说明的注释:
# Specify the backup method(s) that will be used.
# tarball: takes a list of directories and builds the corresponding tarballs.
# mysql: archives MySQL databases using mysqldump. To restore the database, you # need to use the same tool manually.
export BM_ARCHIVE_METHOD="tarball mysql"
# Where to store the backups.
export BM_REPOSITORY_ROOT="/var/archives"
# The following directive indicates backup-manager to name
# the generated files after the directory that was backed up.
export BM_TARBALL_NAMEFORMAT="long"
# Define the compression type for the generated files.
export BM_TARBALL_FILETYPE="tar.gz"
# List the directories that you want to backup.
export BM_TARBALL_DIRECTORIES="/etc /home /var/log"
# Exclude some subdirectories or file extensions.
export BM_TARBALL_BLACKLIST="/var/log/myotherapp.log *.mp3 *.mp4"
# List the database(s) that you want to backup, separated by spaces.
export BM_MYSQL_DATABASES="mysql mybase wordpress dotclear phpbb2"
# MySQL username.
export BM_MYSQL_ADMINLOGIN="root"
# MySQL password for username.
export BM_MYSQL_ADMINPASS="mypassword"
# Add support for DROP statements (optional).
export BM_MYSQL_SAFEDUMPS="true"
# The hostname or IP address where the database(s) reside.
export BM_MYSQL_HOST="localhost"
# Port where MySQL server is listening.
export BM_MYSQL_PORT="3306"
# Compression type (optional).
export BM_MYSQL_FILETYPE="gzip"
# Do not archive remote hosts, but only localhost.
BM_TARBALL_OVER_SSH="false"
# User account for SSH upload.
export BM_UPLOAD_SSH_USER="root"
# Absolute path of the user's private key for passwordless SSH login.
export BM_UPLOAD_SSH_KEY="/root/.ssh/id_rsa"
# Remote hosts (make sure you have exported your public key to them):
export BM_UPLOAD_SSH_HOSTS="dev1 dev3"
# Remote destination for uploading backups. If it doesn't exist,
# this directory will be created automatically the first time
# backup-manager runs.
export BM_UPLOAD_SSH_DESTINATION="/var/archives/backups/$HOSTNAME"
### 运行备份管理器 ###
要手动运行备份管理器,请输入以下命令。你也可以选择添加‘-v标识以便一步一步详细检查运行过程。
# backup-manager
BM_TARBALL_DIRECTORIES列出的目录将作为tarball备份到BM_REPOSITORY_ROOT目录然后通过SSH传输到BM_UPLOAD_SSH_DESTINATION指定的主机dev1和dev3。
![](https://farm8.staticflickr.com/7497/15761238646_945620d8b7_z.jpg)
正如你在上面图片中看到的那样,备份管理器在运行的时候创建了一个名为/root/.back-manager_my.cnf的文件MySQL密码通过BM_MYSQL_ ADMINPASS指定。那样mysqldump可以验证到MySQL服务器而不必在命令行以明文格式接受密码那样会有安全风险。
### 通过cron运行备份管理器 ###
一旦决定哪一天是进行每周备份的最佳日子最佳时间你可以让cron来为你运行备份管理器。
打开root的crontab文件注意你必须以root登录
# crontab -e
假定你想要在星期天的上午5:15分运行备份管理器那么就添加下面这行。
15 05 * * 0 /usr/sbin/backup-manager > /dev/null 2>&1
### 小结 ###
在本文中,我已经展示了备份管理器这个备份工具是怎样的简单而强大,并且易于使用。在你的备份策略中,你可能还有其它几个选项需要考虑,请参阅手册页或用户手册,里面也包含了几个部署实例和建议。
希望此文对你有所帮助,请在下面随意提问和评论。
--------------------------------------------------------------------------------
via: http://xmodulo.com/linux-backup-manager.html
作者:[Gabriel Cánepa][a]
译者:[GOLinux](https://github.com/GOLinux)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[a]:http://xmodulo.com/author/gabriel
[1]:https://github.com/sukria/Backup-Manager
[2]:http://xmodulo.com/how-to-set-up-epel-repository-on-centos.html

214
translated/tech/20141115 What are some obscure but useful Vim commands.md Normal file
View File

@ -0,0 +1,214 @@
一些不起眼但非常有用的 Vim 命令
================================================================================
如果我的[关于这个话题的最新帖子][1]没有提醒到你的话,那我明确地说,我是一个 Vim 的粉丝。所以在你们中的某些人向我扔石头之前,我先向你们展示一系列“鲜为人知的 Vim 命令”。我的意思是,一些你可能以前没有碰到过的命令,但可能对你来说很有用。作为第二免责声明,我不知道哪些命令是你可能知道的,以及哪些是对你来说有用的。因此这些命令实际上是一些相对少见,但很可能很有用的 Vim 命令。
### 保存文件并退出 ###
说起来有些惭愧,我也是最近才学到这个命令
:x
和下面的命令是等价的:
:wq
都是保存当前文件并退出。
(译者注:这两个命令实际上并不完全等价,当文件被修改时两个命令时相同的。但如果未被修改,使用 `:x` 不会更改文件的修改时间,而使用 `:wq` 会改变文件的修改时间。)
### 基本计算器 ###
在插入模式下,你可以使用 Ctrl+r 键然后输入 `=`,再输入一个简单的算式。按 Enter 键,计算结果就会插入到文件中。例如,尝试输入:
Ctrl+r '=2+2' ENTER
![](https://farm8.staticflickr.com/7486/15543918097_fbcf33ee6b.jpg)
然后 4 会被插入到文件中。
### 查找重复的连续的单词 ###
当你很快地打字时,很有可能会连续输入同一个单词两次,就像 this this。这种错误可能骗过任何一个人即使是你自己重新阅读一边也不可避免。幸运的是有一个简单的正则表达式可以用来预防这个错误。使用搜索命令默认时 `/`)然后输入:
\(\<\w\+\>\)\_s*\1
这会显示所有重复的单词。要达到最好的效果,不要忘记把下面的命令:
set hlsearch
放到你的 .vimrc 文件中高亮所有的匹配。
![](https://farm8.staticflickr.com/7531/15730650082_c2764857e2.jpg)
### 缩写 ###
一个很可能是最令人印象深刻的窍门是你可以在 Vim 中定义缩写,它可以实时地把你输入的东西替换为另外的东西。语法格式如下:
:ab [缩写] [要替换的文字]
一个通用的例子是:
:ab asap as soon as possible
会把你输入的 “asap” 替换为 “as soon as possible”。
### 在你忘记用 root 方式打开文件时的文件保存 ###
这可能是一个在论坛中一直受欢迎的命令。每当你打开一个你没有写入权限的文件比如系统配置文件并做了一些修改Vim 无法通过普通的 “:w” 命令来保存。
你不需要重新以 root 方式打开文件再进行修改,只需要运行:
:w !sudo tee %
这会直接以 root 方式保存。
### 实时加密文本 ###
如果你不想让别人看懂你的屏幕上的内容,你可以使用一个内置的选项,通过下面的命令使用 [ROT13][2] 来对文本进行编码:
ggVGg?
![](https://farm8.staticflickr.com/7487/15727174681_7773a97ea2.jpg)
`gg` 把光标移动到 Vim 缓冲区的第一行,`V` 进入可视模式,`G` 把光标移动到缓冲区的最后一行。因此,`ggVG` 使可视模式覆盖这个当前缓冲区。最后 `g?` 使用 ROT13 对整个区域进行编码。
注意它应该被映射到一个最长使用的键。它对字母符号也可以很好地工作。要对它进行撤销,最好的方法就是使用撤销命令:`u`。
###自动补全 ###
这是另外一个令我感到惭愧的功能但我发现周围很多人并不知道。Vim 默认有自动补全的功能。的确这个功能是很基本的并且可以通过插件来增强但它也很有帮助。方法很简单。Vim 尝试通过已经输入的单词来预测单词的结尾。比如当你在同一个文件中第二次输入 “compiler” 时,仅仅输入 “com” 然后保持在插入模式,按 Ctrl+n 键就可以看到 Vim 为你补全了单词。很简单,但也很有用。
### 比较两个文件的不同 ###
你们中的大多数很可能都知道 vimdiff 命令,它可以使用分离模式打开 Vim 并比较两个文件的不同。语法如下:
$ vimdiff [文件1] [文件2]
但同样的结果也可以通过下面的 Vim 命令来获得:
:diffthis
首先在 Vim 中打开原始文件。然后使用分离模式带来第二个文件:
:vsp [文件2]
最后在第一个缓冲区里输入:
:diffthis
通过 Ctrl+w 来切换缓冲区并再次输入:
:diffthis
这样两个文件中不同的部分就会被高亮。
(译者注:可以直接在一个缓冲区里使用命令 `:windo diffthis`,而不用输入 `:diffthis` 两次)
要停止比较,使用:
:diffoff
### 按时间回退文件 ###
Vim 会记录文件的更改,你很容易可以回退到之前某个时间。该命令时相当直观的。比如:
:earlier 1m
会把文件回退到 1 分钟以前的状态。
注意,你可以使用下面的命令进行相反的转换:
:later
### 删除标记内部的文字 ###
当我开始使用 Vim 时一件我总是想很方便做的事情是如何轻松的删除方括号或圆括号里的内容。转到开始的标记,然后使用下面的语法:
di[标记]
比如,把光标放在开始的圆括号上,使用下面的命令来删除圆括号内的文字:
di(
如果是方括号或者是引号,则使用:
di{
和:
di"
### 删除指定标记前的内容 ###
和删除标记内部有些相似,但目的不同。命令如下:
dt[标记]
会删除所有光标和标记之间的内容(保持标记不动),如果在同一行有这个标记的话。例如
dt.
会删除至句子的末尾,但保持 . 不动。
### 把 Vim 变为十六进制编辑器 ###
这不是我最喜欢的窍门,但有时会很有趣。你可以把 Vim 和 xxd 功能连起来来把文件转换为十六进制模式。命令如下:
:%!xxd
![](https://farm6.staticflickr.com/5607/15109142674_e99466f2db_z.jpg)
类似的,你可以通过下面的命令恢复原来的状态:
:%!xxd -r
### 把光标下的文字置于屏幕中央 ###
所有要做的事情都包含在标题中。如果你想强制滚动屏幕来把光标下的文字置于屏幕的中央,在可视模式中使用命令(译者注:在普通模式中也可以):
zz
### 跳到上一个/下一个 位置 ###
当你编辑一个很大的文件时,经常要做的事是在某处进行修改,然后跳到另外一处。如果你想跳回之前修改的地方,使用命令:
Ctrl+o
来回到之前修改的地方
类似的:
Ctrl+i
会回退上面的跳动。
### 把当前文件转化为网页 ###
这会生成一个 HTML 文件来显示文本,并在分开的窗口显示源代码:
:%TOhtml
(译者注:原文是 `:%Tohtml`,但在我的电脑上是 `:%TOhtml`
![](https://farm8.staticflickr.com/7550/15727174701_c405f85a84_z.jpg)
很基本但很不错。
总的来说,这一系列命令是在我读了许多论坛主题和 [Vim Tips wiki][3](如果你想学习更多关于编辑器的知识,我非常推荐这篇文章) 之后收集起来的。
如果你还知道哪些非常有用但你认为大多数人并不知道的命令,可以随意在评论中分享出来。就像引言中所说的,一个“鲜为人知但很有用的”命令是很主观的,但分享出来总是好的。
--------------------------------------------------------------------------------
via: http://xmodulo.com/useful-vim-commands.html
作者:[Adrien Brochard][a]
译者:[wangjiezhe](https://github.com/wangjiezhe)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[a]:http://xmodulo.com/author/adrien
[1]:http://xmodulo.com/turn-vim-full-fledged-ide.html
[2]:https://en.wikipedia.org/wiki/ROT13
[3]:http://vim.wikia.com/wiki/Vim_Tips_Wiki

111
translated/tech/20141118 How to boot on an ISO image from Grub.md Normal file
View File

@ -0,0 +1,111 @@
用Grub启动ISO镜像
================================================================================
如果你需要使用多个Linux发行版你没有那么多的选项。你可以安装到你的物理机或虚拟机中也可以以live模式从ISO文件启动。第二个选择如果对硬盘空间需求更少就有点麻烦因为你需要将ISO文件写入到USB棒或CD来启动。但是这里有另外一个可选的折中方案把ISO镜像放在硬盘中然后以live模式来启动。该方案比完全安装更省空间但是功能完备这对于缓慢的虚拟机而言是个不错的替代方案。下面我将介绍怎样使用流行的Grub启动加载器来实现该方案。
很明显你将需要使用到Grub这是几乎所有现代Linux发行版都使用的。你也需要你所想用的Linux版本的ISO文件将它下载到本地磁盘。最后你需要知道启动分区在哪里并怎样在Grub中描述。对于此请使用以下命令
# fdisk -l
带有‘*’的就是启动分区。对于我,就是/dev/sda1用Grub语言描述就是hd0,1)。
![](https://farm6.staticflickr.com/5606/15174383814_a92a4eda3e_z.jpg)
作为参考sda2就是(hd0,2)sdb1就是(hd1,1),以此类推。(你明白了吧。)
### 我们需要编辑什么? ###
首先,打开/etc/default/grub并检查以下行
#GRUB_HIDDEN_TIMEOUT=0
需要在此行前添加‘#’进行注释。
保存,然后打开/etc/grub.d/40_custom。
在该文件中你将添加启动到ISO的参数。结构如下
menuentry "[Entry's title in the grub screen]" {
set isofile="[path to ISO file]"
loopback loop [boot partition in Grub language]$isofile
[some specific] arguments
}
例如如果你想要从ISO文件启动Ubuntu那么你就是想要添加该行到40_custom文件
menuentry "Ubuntu 14.04 (LTS) Live Desktop amd64" {
set isofile="/boot/ubuntu-14.04-desktop-amd64.iso"
loopback loop (hd0,1)$isofile
linux (loop)/casper/vmlinuz.efi boot=casper iso-scan/filename=${isofile} quiet splash
initrd (loop)/casper/initrd.lz
}
![](https://farm8.staticflickr.com/7480/15608510369_ff50b28f5e_z.jpg)
如果你想要启动Gparted
menuentry "GParted Live amd64" {
set isofile="/boot/gparted-live-0.18.0-2-amd64.iso"
loopback loop (hd0,1)$isofile
loopback loop $isofile
linux (loop)/live/vmlinuz boot=live config union=aufs noswap noprompt ip=frommedia toram=filesystem.squashfs findiso=${isofile}
initrd (loop)/live/initrd.img
}
或者甚至是Fedora
menuentry "Fedora 20 Live Desktop x86_64" {
set isofile="/boot/Fedora-Live-Desktop-x86_64-20-1.iso"
loopback loop (hd0,1)$isofile
loopback loop $isofile
linux (loop)/isolinux/vmlinuz0 root=live:CDLABEL=Fedora-Live-Desktop-x86_64-20-1 rootfstype=auto ro rd.live.image quiet rhgb rd.luks=0 rd.md=0 rd.dm=0 iso-scan/filename=${isofile}
initrd (loop)/isolinux/initrd0.img
}
注意参数可根据发行版进行修改。有幸的是有许多地方你可以查阅。我喜欢这一个但是还有很多其它的。同时请考虑你放置ISO文件的地方。如果你的家目录被加密或者无法被访问到你可能更喜欢将这些文件放到像例子中的启动分区。但是请首先确保有足够的空间。
最后不要忘了保存40_custom文件并使用以下命令来更新grub
# sudo update-grub
以便在下次启动时看到修改。
![](https://farm8.staticflickr.com/7480/15795905012_47968033f7_z.jpg)
### 接下来做什么? ###
想要更多东西好吧那就修改下参数来玩玩。你可以启动一个ISO文件并让它持续做一些事情。例如如果你是个彻头彻尾的妄想症患者想要有个可以快速清除硬盘的选项那么可以使用[DBAN][1]来进行一些设置。现在,真的要当心啊,因为此设置会清除你的硬盘,而且在启动时也没有恢复选项:
menuentry "Darik's Boot and Nuke" {
set isofile="/boot/dban.iso"
loopback loop (hd0,1)$isofile
linux (loop)/dban.bzi nuke="dwipe" silent
}
另外一个选择
menuentry "Darik's Boot and Nuke" {
set isofile="/boot/dban.iso"
loopback loop (hd0,1)$isofile
linux (loop)/dban.bzi
}
可以显示DBAN选项让你选择清除驱动器。**当心,因为它仍然十分危险**。
小结一下对于ISO文件和Grub有很多事情可做从快速live会话到用你的指尖来破坏一切都可以满足你。下一步是启动一些关注隐私的发行版如[Tails][2]。
你认为从Grub启动一个ISO这个主意怎样这是不是你想要做的呢为什么呢请在下面留言。
--------------------------------------------------------------------------------
via: http://xmodulo.com/boot-iso-image-from-grub.html
作者:[Adrien Brochard][a]
译者:[GOLinux](https://github.com/GOLinux)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[a]:http://xmodulo.com/author/adrien
[1]:http://www.dban.org/
[2]:https://tails.boum.org/

45
translated/tech/20141118 Linux FAQs with Answers--How to convert a text file to PDF format on Linux.md Normal file
View File

@ -0,0 +1,45 @@
Linux FAQs with Answers--How to convert a text file to PDF format on Linux
Linux 有问必答 --如何在Linux上将文本文件转换成PDF格式
================================================================================
> **提问** 我想要将一个纯文本文件转换成PDF文档。是否有一个简单的方法在Linux命令行下将文本文件转换成PDF文件
当你有一打文本文件要维护的时候把它们转换成PDF文档有一些好处。比如PDF对打印更友好因为PDF文档有预定义布局。除此之外还可以减少文档被意外修改的风险。
要将文本文件转换成PDF格式你要按照下面的两步。
### 准备工作 ###
首先你要安装两个需要的包。
在 Debian、Ubuntu 或者 Linux Mint上
$ sudo apt-get install enscript ghostscript
在 Fedora、CentOS/RHEL上
$ sudo yum install enscript ghostscript
在 Arch Linux上
$ sudo pacman -S enscript ghostscript
### 将文本文件转换成PDF格式 ###
准备工作完成之后按照下面的两步从文本文件生成一个PDF文件
首先将文本文件使用enscript命令行工具转换成postscript格式。
$ enscript -p output.ps input.txt
最后将postscript格式文件转换成PDF文件。
$ ps2pdf output.ps output.pdf
--------------------------------------------------------------------------------
via: http://ask.xmodulo.com/convert-text-to-pdf-linux.html
译者:[geekpi](https://github.com/geekpi)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出

226
translated/tech/20141119 Smartctl--Monitoring & Analysis tool for Hard drive.md Normal file
View File

@ -0,0 +1,226 @@
硬盘监控和分析神器——Smartctl
================================================================================
**Smartctl**自监控分析和报告技术是类Unix系统下实施SMART任务命令行套件或工具它用于打印SMART**自检**和**错误日志**启用并禁用SMRAT**自动检测**,以及初始化设备自检。
Smartctl对于Linux物理服务器十分有用在这些服务器上可以对智能磁盘进行错误检查并将与**硬件RAID**上相关的磁盘信息摘录下来。
在本帖中我们将讨论smartctl命令的一些实用样例。如果你的Linux上海没有安装smartctl请按以下步骤来安装。
### Ubuntu中smartctl的安装 ###
$ sudo apt-get install smartmontools
### Redhat / CentOS中smartctl的安装 ###
# yum install smartmontools
**启动Smartctl服务**
**对于Ubuntu**
$ sudo /etc/init.d/smartmontools start
**对于CentOS & RHEL**
# service smartd start ; chkconfig smartd on
**样例1 检查针对磁盘的Smart负载量**
root@linuxtechi:~# smartctl -i /dev/sdb
smartctl 6.2 2013-07-26 r3841 [x86_64-linux-3.13.0-32-generic] (local build)
Copyright (C) 2002-13, Bruce Allen, Christian Franke, www.smartmontools.org
=== START OF INFORMATION SECTION ===
Model Family: Seagate Momentus 5400.6
Device Model: ST9320325AS
Serial Number: 5VD2V59T
LU WWN Device Id: 5 000c50 020a37ec4
Firmware Version: 0002BSM1
User Capacity: 320,072,933,376 bytes [320 GB]
Sector Size: 512 bytes logical/physical
Rotation Rate: 5400 rpm
Device is: In smartctl database [for details use: -P show]
ATA Version is: ATA8-ACS T13/1699-D revision 4
SATA Version is: SATA 2.6, 1.5 Gb/s
Local Time is: Sun Nov 16 12:32:09 2014 IST
SMART support is: Available - device has SMART capability.
SMART support is: Enabled
这里‘/dev/sdb是你的硬盘。上面输出中的最后两行显示了SMART负载量已启用。
**样例2 为磁盘启用Smart负载量**
root@linuxtechi:~# smartctl -s on /dev/sdb
smartctl 6.2 2013-07-26 r3841 [x86_64-linux-3.13.0-32-generic] (local build)
Copyright (C) 2002-13, Bruce Allen, Christian Franke, www.smartmontools.org
=== START OF ENABLE/DISABLE COMMANDS SECTION ===
SMART Enabled.
**样例3 为磁盘禁用Smart负载量**
root@linuxtechi:~# smartctl -s off /dev/sdb
smartctl 6.2 2013-07-26 r3841 [x86_64-linux-3.13.0-32-generic] (local build)
Copyright (C) 2002-13, Bruce Allen, Christian Franke, www.smartmontools.org
=== START OF ENABLE/DISABLE COMMANDS SECTION ===
SMART Disabled. Use option -s with argument 'on' to enable it.
**样例4 为磁盘显示详细Smart信息**
root@linuxtechi:~# smartctl -a /dev/sdb // For IDE drive
root@linuxtechi:~# smartctl -a -d ata /dev/sdb // For SATA drive
**样例5 显示磁盘总体健康状况**
root@linuxtechi:~# smartctl -H /dev/sdb
smartctl 6.2 2013-07-26 r3841 [x86_64-linux-3.13.0-32-generic] (local build)
Copyright (C) 2002-13, Bruce Allen, Christian Franke, www.smartmontools.org
=== START OF READ SMART DATA SECTION ===
SMART overall-health self-assessment test result: PASSED
Warning: This result is based on an Attribute check.
Please note the following marginal Attributes:
ID# ATTRIBUTE_NAME FLAG VALUE WORST THRESH TYPE UPDATED WHEN_FAILED RAW_VALUE
190 Airflow_Temperature_Cel 0x0022 067 045 045 Old_age Always In_the_past 33 (Min/Max 25/33)
**样例6 使用long和short选项测试硬盘**
**Long测试**
root@linuxtechi:~# smartctl --test=long /dev/sdb
smartctl 6.2 2013-07-26 r3841 [x86_64-linux-3.13.0-32-generic] (local build)
Copyright (C) 2002-13, Bruce Allen, Christian Franke, www.smartmontools.org
=== START OF OFFLINE IMMEDIATE AND SELF-TEST SECTION ===
Sending command: "Execute SMART Extended self-test routine immediately in off-line mode".
Drive command "Execute SMART Extended self-test routine immediately in off-line mode" successful.
Testing has begun.
Please wait 102 minutes for test to complete.
Test will complete after Sun Nov 16 14:29:43 2014
Use smartctl -X to abort test.
或者,我们可以重定向测试输出到日志文件,就像下面这样
root@linuxtechi:~# smartctl --test=long /dev/sdb > /var/log/long.text
**Short测试**
root@linuxtechi:~# smartctl --test=short /dev/sdb
smartctl 6.2 2013-07-26 r3841 [x86_64-linux-3.13.0-32-generic] (local build)
Copyright (C) 2002-13, Bruce Allen, Christian Franke, www.smartmontools.org
=== START OF OFFLINE IMMEDIATE AND SELF-TEST SECTION ===
Sending command: "Execute SMART Short self-test routine immediately in off-line mode".
Drive command "Execute SMART Short self-test routine immediately in off-line mode" successful.
Testing has begun.
Please wait 1 minutes for test to complete.
Test will complete after Sun Nov 16 12:51:45 2014
Use smartctl -X to abort test.
root@linuxtechi:~# smartctl --test=short /dev/sdb > /var/log/short.text
**注意**short测试将花费最多2分钟而在long测试中没有时间限制因为它会读取并验证磁盘的每个段。
**样例7 查看驱动器的自检结果**
root@linuxtechi:~# smartctl -l selftest /dev/sdb
smartctl 6.2 2013-07-26 r3841 [x86_64-linux-3.13.0-32-generic] (local build)
Copyright (C) 2002-13, Bruce Allen, Christian Franke, www.smartmontools.org
=== START OF READ SMART DATA SECTION ===
SMART Self-test log structure revision number 1
Num Test_Description Status Remaining LifeTime(hours) LBA_of_first_error
# 1 Short offline Completed: read failure 90% 492 210841222
# 2 Extended offline Completed: read failure 90% 492 210841222
**样例8 计算测试时间估值**
root@linuxtechi:~# smartctl -c /dev/sdb
smartctl 6.2 2013-07-26 r3841 [x86_64-linux-3.13.0-32-generic] (local build)
Copyright (C) 2002-13, Bruce Allen, Christian Franke, www.smartmontools.org
=== START OF READ SMART DATA SECTION ===
General SMART Values:
Offline data collection status: (0x00) Offline data collection activity
was never started.
Auto Offline Data Collection: Disabled.
Self-test execution status: ( 121) The previous self-test completed having
the read element of the test failed.
Total time to complete Offline
data collection: ( 0) seconds.
Offline data collection
capabilities: (0x73) SMART execute Offline immediate.
Auto Offline data collection on/off support.
Suspend Offline collection upon new
command.
No Offline surface scan supported.
Self-test supported.
Conveyance Self-test supported.
Selective Self-test supported.
SMART capabilities: (0x0003) Saves SMART data before entering
power-saving mode.
Supports SMART auto save timer.
Error logging capability: (0x01) Error logging supported.
General Purpose Logging supported.
Short self-test routine
recommended polling time: ( 1) minutes.
Extended self-test routine
recommended polling time: ( 102) minutes.
Conveyance self-test routine
recommended polling time: ( 2) minutes.
SCT capabilities: (0x103b) SCT Status supported.
SCT Error Recovery Control supported.
SCT Feature Control supported.
SCT Data Table supported.
**样例9 显示磁盘错误日志**
root@linuxtechi:~# smartctl -l error /dev/sdb
Sample Output
smartctl 6.2 2013-07-26 r3841 [x86_64-linux-3.13.0-32-generic] (local build)
Copyright (C) 2002-13, Bruce Allen, Christian Franke, www.smartmontools.org
=== START OF READ SMART DATA SECTION ===
SMART Error Log Version: 1
ATA Error Count: 5
CR = Command Register [HEX]
FR = Features Register [HEX]
SC = Sector Count Register [HEX]
SN = Sector Number Register [HEX]
CL = Cylinder Low Register [HEX]
CH = Cylinder High Register [HEX]
DH = Device/Head Register [HEX]
DC = Device Command Register [HEX]
ER = Error register [HEX]
ST = Status register [HEX]
Powered_Up_Time is measured from power on, and printed as
DDd+hh:mm:SS.sss where DD=days, hh=hours, mm=minutes,
SS=sec, and sss=millisec. It "wraps" after 49.710 days.
Commands leading to the command that caused the error were:
CR FR SC SN CL CH DH DC Powered_Up_Time Command/Feature_Name
-- -- -- -- -- -- -- -- ---------------- --------------------
25 da 08 e7 e5 a5 4c 00 00:30:44.515 READ DMA EXT
25 da 08 df e5 a5 4c 00 00:30:44.514 READ DMA EXT
25 da 80 5f e5 a5 4c 00 00:30:44.502 READ DMA EXT
25 da f0 5f e6 a5 4c 00 00:30:44.496 READ DMA EXT
25 da 10 4f e6 a5 4c 00 00:30:44.383 READ DMA EXT
--------------------------------------------------------------------------------
via: http://www.linuxtechi.com/smartctl-monitoring-analysis-tool-hard-drive/
作者:[Pradeep Kumar][a]
译者:[GOLinux](https://github.com/GOLinux)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[a]:http://www.linuxtechi.com/author/pradeep/

141
translated/tech/20141120 How to configure and secure your Postfix email server.md Normal file
View File

@ -0,0 +1,141 @@
Postfix邮件服务器的配置与安全加固
================================================================================
![](http://techarena51.com/wp-content/uploads/2014/08/postfix.png)
当你启动并运行应用服务器后你就需要一台好的邮件服务器来为你传递邮件。我为我所有的服务器开通了postfix邮件服务下面就是我常用的配置。
### CentOS 6上安装Postfix ###
yum install postfix
默认安装了Sendmail所以最好将它停掉并移除。
service sendmail stop
yum remove sendmail
Postfix包含了**两个配置文件main.cf和master.cf**对于基本的配置你需要修改main.cf。同时postfix可以像shell变量一样定义参数并通过美元符号来调用。这些参数不需要再使用前定义Postfix只在运行中需要时才会查询某个参数。
### 配置postfix ###
vim /etc/postfix/main.cf
去掉以下行的注释
#Add the hostname of your machine
myhostname = yourhostname.com
#From Domain to be used when mail is sent from this linux machine
myorigin = $myhostname
#The network interface to receive mail on, I prefer localhost as I only want emails from this system to be delivered
inet_interfaces = localhost
# The protocol to use when postfix will make or accept a connection. You can use “all” if you want to enable IPv6 support
inet_protocols = ipv4
#Domains to receive email for
mydestination = $myhostname, localhost.$mydomain, localhost
#Only forward emails for the local machine and not machines on the network.
mynetworks_style = host
启动postfix
service postfix start
这些基本的postfix配置可以让你的机器发送邮件你可以通过发送邮件并检查“maillog”日志文件来验证。
echo test mail | mail -s "test" leo@techarena51.com && sudo tail -f /var/log/maillog
#Logs should output the following
Aug 25 14:16:21 vps postfix/smtp[32622]: E6A372DC065D: to=, relay=smtp.mailserver.org[50.56.21.176], delay=0.8, delays=0.1/0/0.43/0.27, dsn=2.0.0, status=sent (250 Great success)
Aug 25 14:16:21 vps postfix/qmgr[5355]: E6A372DC065D: removed
但是上述配置并不够因为邮件服务大多数时候都会被垃圾邮件挤满你需要添加SPF、PTR和DKIM记录。你的邮件仍然可能被当作垃圾邮件来投递因为你的IP地址被列入了黑名单大多数时候是因为你的vps先前被入侵了。
另外一种选择或者说是更好的方式是使用第三方邮件提供商提供的邮件服务如Gmail或者甚至是Mailgun。我使用Mailgun因为它们提供了每个月10000封免费电子邮件而Gmail则提供了每天100封左右的邮件。
在“/etc/postfix/main.cf”中你需要添加“smtp.mailgun.com”作为你的“转发主机”并启用“SASL”验证这样postfix就可以连接并验证到远程Mailgun服务器。
添加或取消以下行的注释。
relayhost = [smtp.mailgun.org]
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps=static:your_username:your_password
smtp_sasl_security_options=noanonymous
Postfix本身不会实施“SASL”验证因此你需要安装“cyrus-sasl-plain”。
sudo yum install cyrus-sasl-plain
如果你不安装此包那么你就会收到这条错误信息“SASL authentication failed; cannot authenticate to server smtp.mailgun.org[50.56.21.176]: no mechanism available)”
重启postfix
sudo service postfix restart
### 使用TLS加固Postfix安全 ###
Postfix支持TLS它是SSL的后继者允许你使用基于密钥的验证来加密数据。我推荐你阅读http://www.postfix.org/TLS_README.html以了解tls是怎么和postfix一起工作的。
为了使用TLS你需要生成一个私钥和一个由证书授权机构颁发的证书。在本例中我将使用自颁发的证书。
sudo yum install mod_ssl openssl
# Generate private key
openssl genrsa -out smtp.key 2048
# Generate CSR
openssl req -new -key smtp.key -out smtp.csr
# Generate Self Signed Key
openssl x509 -req -days 365 -in smtp.csr -signkey smtp.key -out smtp.crt
# Copy the files to the correct locations
cp smtp.crt /etc/pki/tls/certs
cp smtp.key /etc/pki/tls/private/smtp.key
cp smtp.csr /etc/pki/tls/private/smtp.csr
打开postfix配置文件然后添加以下参数。
sudo vim /etc/postfix/main.cf
smtp_tls_security_level = may
smtpd_tls_security_level = may
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/pki/tls/private/smtp.key
smtpd_tls_cert_file = /etc/pki/tls/certs
smtp_tls_CAfile = /etc/ssl/certs/ca.crt
smtp_tls_loglevel = 1
安全级别“may”意味着宣告对远程SMTP客户端上的STARTTLS的支持但是客户端不需要使用加密。我在这里用它作为每个[mailgun文档][1]但是如果你想要强制使用TLS加密可以使用“encrypt”。
service postfix restart
#Send a test email
echo test mail | mail -s "test" test@yourdomain.com && sudo tail -f /var/log/maillog
你应该会看到以下信息
Aug 21 00:00:06 vps postfix/smtp[4997]: setting up TLS connection to smtp.mailgun.org[50.56.21.176]:587
Aug 21 00:00:06 vps postfix/smtp[4997]: Trusted TLS connection established to smtp.mailgun.org[50.56.21.176]:587: TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)
如果一切正常,你可以注释掉以下参数。
“smtp_tls_loglevel = 1”
对于故障排除,我推荐你阅读[Postfix小建议和排障命令][2]
--------------------------------------------------------------------------------
via: http://techarena51.com/index.php/configure-secure-postfix-email-server/
作者:[Leo G][a]
译者:[GOLinux](https://github.com/GOLinux)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[a]:http://techarena51.com/
[1]:http://documentation.mailgun.com/user_manual.html#smtp-relay
[2]:http://techarena51.com/index.php/postfix-configuration-and-explanation-of-parameters/

71
translated/tech/20141120 How to install an Opensource VPN Server on Linux.md Normal file
View File

@ -0,0 +1,71 @@
如何在Linux上安装一个开源VPN服务器
================================================================================
![](http://techarena51.com/wp-content/uploads/2014/10/open-vpn.png)
我上网时最担心的一件事情是,我该如何确保我的数据安全和隐私。在搜索答案的过程中,我找到了很多保持匿名的方法,比如使用代理网站。但是使用第三方的服务不能完全保证。我需要的是有一款软件可以我自己安装并运行,那样我就能确保只有我才能访问数据。
这款软件叫什么呢?
它叫VPN服务就是虚拟隐私网络的简称。它允许访问时通过SSL加密你的数据。因为是加密的连接所以你的ISP不能看到你的浏览信息。
在本篇Linux教程中我会在CentOS 7上安装一个OpenVPN服务。OpenVPN很容易使用开源且拥有基于社区的支持。它的客户端有Windows、Android和Mac。
### 第一步: 在你的Linux机器或者 [VPS][1]上安装OpenVPN服务 ###
从https://openvpn.net/index.php/access-server/download-openvpn-as-sw.html下载安装包Ubuntu用户也可以找到合适的安装包并安装。
[leo@vps ]$ cd /tmp
[leo@vps tmp]$ wget http://swupdate.openvpn.org/as/openvpn-as-2.0.10-CentOS7.x86_64.rpm
[leo@vps tmp]$ sudo rpm -Uvh openvpn-as-2.0.10-CentOS7.x86_64.rpm
Preparing... ################################# [100%]
Updating / installing...
1:openvpn-as-0:2.0.10-CentOSrelease################################# [100%]
The Access Server has been successfully installed in /usr/local/openvpn_as
Configuration log file has been written to /usr/local/openvpn_as/init.log
Please enter "passwd openvpn" to set the initial
administrative password, then login as "openvpn" to continue
configuration here: https://yourhostIP:943/admin
To reconfigure manually, use the /usr/local/openvpn_as/bin/ovpn-init tool.
Access Server web UIs are available here:
Admin UI: https://yourhostIP:943/admin
Client UI: https://yourhostIP:943/
### 第二步: 为 OpenVPN 客户端设置密码 ###
[leo_g@vps ]$passwd openvpn
### 第三步: 通过管理URL https://yourhostIP:943/admin 登录并启动服务 ###
![](http://techarena51.com/wp-content/uploads/2014/10/open-vpn.png)
输入用户名 “openvpn” 和你先前设置的密码
![](http://techarena51.com/wp-content/uploads/2014/10/open-vpn-1.png)
### 第四步: 从客户端URL安装客户端 (它会给你一个选项下载安装程序) ###
![](http://techarena51.com/wp-content/uploads/2014/10/open-vpn-client-url.png)
你可以在[这里][3]看指导来了解如何在你的操作系统上安装。
### 第五步: 用你先前创建的用户名和密码连接你的服务器 ###
![](http://openvpn.net/images/howto/connecting/OpenVPN_Client_Connect_2.png)
就是这样你可以访问whatismyip.com来查看你的IP应该已经是你的CentOS 7上的OpenVPN的地址了。
--------------------------------------------------------------------------------
via: http://techarena51.com/index.php/how-to-install-an-opensource-vpn-server-on-linux/
作者:[Leo G][a]
译者:[geekpi](https://github.com/geekpi)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[a]:http://techarena51.com/
[1]:https://play.google.com/store/apps/details?id=net.openvpn.openvpn&hl=en
[2]:http://supportinc.net/vps-hosting.php
[3]:https://openvpn.net/index.php/access-server/docs/admin-guides-sp-859543150/howto-connect-client-configuration.html

55
translated/tech/20141120 Postfix tips and Troubleshooting Commands.md Normal file
View File

@ -0,0 +1,55 @@
Postfix提示和故障排除命令
================================================================================
这里是一些我每天用的命令当然其他的email管理员也会使用因此我写下来以防我忘记。
列出/打印当前邮件队列
# postqueue p
# mailq
如果队列太长可以使用tail管道读取。
# mailq | tail
清理队列
# postqueue -f
立即交付所有某domain.com域名的所有邮件
# postqueue -s domain.com
删除所有队列
# postsuper -d ALL
删除指定的消息
# postsuper -d messageid
重新排队邮件或者重新发送指定邮件
#postfix -r msgid
查找邮件版本
#postconf -d mail_version
mail_version = 2.6.6
你也可以查看下面的连接这个连接有很多例子和不错的可用的解释文档可以用来配置postfix.
[Postfix Configuration - ][1]
--------------------------------------------------------------------------------
via: http://techarena51.com/index.php/postfix-configuration-and-explanation-of-parameters/
作者:[Leo G][a]
译者:[Vic020](http://www.vicyu.net)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[a]:http://techarena51.com/
[1]:http://www.apricot.net/apricot2004/doc/cd_content/24th%20February%202004/04%20-%20TTF%20Anti%20Spam%20&%20Anti%20Net%20Abuse%20-%20Suresh%20Ramasubramaniam/Devdas%20Bhagat.pdf