From 5e69e834f682a12b4421c0b6a0a20b84028aff7e Mon Sep 17 00:00:00 2001 From: Wuod3n <33994335+Wuod3n@users.noreply.github.com> Date: Fri, 26 Jan 2018 08:04:28 +0800 Subject: [PATCH 1/7] Deep learning wars: Facebook-backed PyTorch vs Google's TensorFlow --- ...rning wars- Facebook-backed PyTorch vs Google-s TensorFlow.md | 1 + 1 file changed, 1 insertion(+) diff --git a/sources/talk/20170915 Deep learning wars- Facebook-backed PyTorch vs Google-s TensorFlow.md b/sources/talk/20170915 Deep learning wars- Facebook-backed PyTorch vs Google-s TensorFlow.md index 5b0014246c..31dbeb394b 100644 --- a/sources/talk/20170915 Deep learning wars- Facebook-backed PyTorch vs Google-s TensorFlow.md +++ b/sources/talk/20170915 Deep learning wars- Facebook-backed PyTorch vs Google-s TensorFlow.md @@ -1,3 +1,4 @@ +Translating by Wuod3n Deep learning wars: Facebook-backed PyTorch vs Google's TensorFlow ====== The rapid rise of tools and techniques in Artificial Intelligence and Machine learning of late has been astounding. Deep Learning, or "Machine learning on steroids" as some say, is one area where data scientists and machine learning experts are spoilt for choice in terms of the libraries and frameworks available. A lot of these frameworks are Python-based, as Python is a more general-purpose and a relatively easier language to work with. [Theano][1], [Keras][2] [TensorFlow][3] are a few of the popular deep learning libraries built on Python, developed with an aim to make the life of machine learning experts easier. From ae6778ea472ba6e3baa5dcf962876ccc3223b381 Mon Sep 17 00:00:00 2001 From: darksun Date: Fri, 26 Jan 2018 10:29:32 +0800 Subject: [PATCH 2/7] =?UTF-8?q?=E9=80=89=E9=A2=98:=20A=20step-by-step=20gu?= =?UTF-8?q?ide=20to=20Git?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../20180125 A step-by-step guide to Git.md | 130 ++++++++++++++++++ 1 file changed, 130 insertions(+) create mode 100644 sources/tech/20180125 A step-by-step guide to Git.md diff --git a/sources/tech/20180125 A step-by-step guide to Git.md b/sources/tech/20180125 A step-by-step guide to Git.md new file mode 100644 index 0000000000..cf43f625ce --- /dev/null +++ b/sources/tech/20180125 A step-by-step guide to Git.md @@ -0,0 +1,130 @@ +A step-by-step guide to Git +====== + +![](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/lightbulb-idea-think-yearbook-lead.png?itok=5ZpCm0Jh) + +If you've never used [Git][1], you may be nervous about it. There's nothing to worry about--just follow along with this step-by-step getting-started guide, and you will soon have a new Git repository hosted on [GitHub][2]. + +Before we dive in, let's clear up a common misconception: Git isn't the same thing as GitHub. Git is a version-control system (i.e., a piece of software) that helps you keep track of your computer programs and files and the changes that are made to them over time. It also allows you to collaborate with your peers on a program, code, or file. GitHub and similar services (including GitLab and BitBucket) are websites that host a Git server program to hold your code. + +### Step 1: Create a GitHub account + +The easiest way to get started is to create an account on [GitHub.com][3] (it's free). + +![](https://opensource.com/sites/default/files/u128651/git_guide1.png) + +Pick a username (e.g., octocat123), enter your email address and a password, and click **Sign up for GitHub**. Once you are in, it will look something like this: + +![](https://opensource.com/sites/default/files/u128651/git_guide2.png) + +### Step 2: Create a new repository + +A repository is like a place or a container where something is stored; in this case we're creating a Git repository to store code. To create a new repository, select **New Repository** from the `+` sign dropdown menu (you can see I've selected it in the upper-right corner in the image above). + +![](https://opensource.com/sites/default/files/u128651/git_guide3.png) + +Enter a name for your repository (e.g, "Demo") and click **Create Repository**. Don't worry about changing any other options on this page. + +Congratulations! You have set up your first repo on GitHub.com. + +### Step 3: Create a file + +Once your repo is created, it will look like this: + +![](https://opensource.com/sites/default/files/u128651/git_guide4.png) + +Don't panic, it's simpler than it looks. Stay with me. Look at the section that starts "...or create a new repository on the command line," and ignore the rest for now. + +Open the Terminal program on your computer. + +![](https://opensource.com/sites/default/files/u128651/git_guide5.png) + +Type `git` and hit **Enter**. If it says command `bash: git: command not found`, then [install Git][4] with the command for your Linux operating system or distribution. Check the installation by typing `git` and hitting **Enter** ; if it's installed, you should see a bunch of information about how you can use the command. + +In the terminal, type: +``` +mkdir Demo +``` + +This command will create a directory (or folder) named Demo. + +Change your terminal to the Demo directory with the command: +``` +cd Demo +``` + +Then enter: +``` +echo "#Demo" >> README.md +``` + +This creates a file named `README.md` and writes `#Demo` in it. To check that the file was created successfully, enter: +``` +cat README.md +``` + +This will show you what is inside the `README.md` file, if the file was created correctly. Your terminal will look like this: + +![](https://opensource.com/sites/default/files/u128651/git_guide7.png) + +To tell your computer that Demo is a directory managed by the Git program, enter: +``` +git init +``` + +Then, to tell the Git program you care about this file and want to track any changes from this point forward, enter: +``` +git add README.md +``` + +### Step 4: Make a commit + +So far you've created a file and told Git about it, and now it's time to create a commit. Commit can be thought of as a milestone. Every time you accomplish some work, you can write a Git commit to store that version of your file, so you can go back later and see what it looked like at that point in time. Whenever you make a change to your file, you create a new version of that file, different from the previous one. + +To make a commit, enter: +``` +git commit -m "first commit" +``` + +That's it! You just created a Git commit and included a message that says first commit. You must always write a message in commit; it not only helps you identify a commit, but it also enables you to understand what you did with the file at that point. So tomorrow, if you add a new piece of code in your file, you can write a commit message that says, Added new code, and when you come back in a month to look at your commit history or Git log (the list of commits), you will know what you changed in the files. + +### Step 5: Connect your GitHub repo with your computer + +Now, it's time to connect your computer to GitHub with the command: +``` +git remote add origin https://github.com//Demo.git +``` + +Let's look at this command step by step. We are telling Git to add a `remote` called `origin` with the address `https://github.com//Demo.git` (i.e., the URL of your Git repo on GitHub.com). This allows you to interact with your Git repository on GitHub.com by typing `origin` instead of the full URL and Git will know where to send your code. Why `origin`? Well, you can name it anything else if you'd like. + +Now we have connected our local copy of the Demo repository to its remote counterpart on GitHub.com. Your terminal looks like this: + +![](https://opensource.com/sites/default/files/u128651/git_guide8.png) + +Now that we have added the remote, we can push our code (i.e., upload our `README.md` file) to GitHub.com. + +Once you are done, your terminal will look like this: + +![](https://opensource.com/sites/default/files/u128651/git_guide9.png) + +And if you go to `https://github.com//Demo` you will see something like this: + +![](https://opensource.com/sites/default/files/u128651/git_guide10.png) + +That's it! You have created your first GitHub repo, connected it to your computer, and pushed (or uploaded) a file from your computer to your repository called Demo on GitHub.com. Next time, I will write about Git cloning (downloading your code from GitHub to your computer), adding new files, modifying existing files, and pushing (uploading) files to GitHub. + +-------------------------------------------------------------------------------- + +via: https://opensource.com/article/18/1/step-step-guide-git + +作者:[Kedar Vijay Kulkarni][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://opensource.com/users/kkulkarn +[1]:https://opensource.com/resources/what-is-git +[2]:https://opensource.com/life/15/11/short-introduction-github +[3]:https://github.com/ +[4]:https://www.linuxbabe.com/linux-server/install-git-verion-control-on-linux-debianubuntufedoraarchlinux#crt-2 From 91fab46fa4ecb355f3803c5f3c6f49c8c74e92ea Mon Sep 17 00:00:00 2001 From: darksun Date: Fri, 26 Jan 2018 10:38:49 +0800 Subject: [PATCH 3/7] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Security=20Chaos=20En?= =?UTF-8?q?gineering:=20A=20new=20paradigm=20for=20cybersecurity?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...ering- A new paradigm for cybersecurity.md | 87 +++++++++++++++++++ 1 file changed, 87 insertions(+) create mode 100644 sources/talk/20180124 Security Chaos Engineering- A new paradigm for cybersecurity.md diff --git a/sources/talk/20180124 Security Chaos Engineering- A new paradigm for cybersecurity.md b/sources/talk/20180124 Security Chaos Engineering- A new paradigm for cybersecurity.md new file mode 100644 index 0000000000..35c89150c8 --- /dev/null +++ b/sources/talk/20180124 Security Chaos Engineering- A new paradigm for cybersecurity.md @@ -0,0 +1,87 @@ +Security Chaos Engineering: A new paradigm for cybersecurity +====== +![](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/life_bank_vault_secure_safe.png?itok=YoW93h7C) + +Security is always changing and failure always exists. + +This toxic scenario requires a fresh perspective on how we think about operational security. We must understand that we are often the primary cause of our own security flaws. The industry typically looks at cybersecurity and failure in isolation or as separate matters. We believe that our lack of insight and operational intelligence into our own security control failures is one of the most common causes of security incidents and, subsequently, data breaches. + +> Fall seven times, stand up eight." --Japanese proverb + +The simple fact is that "to err is human," and humans derive their success as a direct result of the failures they encounter. Their rate of failure, how they fail, and their ability to understand that they failed in the first place are important building blocks to success. Our ability to learn through failure is inherent in the systems we build, the way we operate them, and the security we use to protect them. Yet there has been a lack of focus when it comes to how we approach preventative security measures, and the spotlight has trended toward the evolving attack landscape and the need to buy or build new solutions. + +### Security spending is continually rising and so are security incidents + +We spend billions on new information security technologies, however, we rarely take a proactive look at whether those security investments perform as expected. This has resulted in a continual increase in security spending on new solutions to keep up with the evolving attacks. + +Despite spending more on security, data breaches are continuously getting bigger and more frequent across all industries. We have marched so fast down this path of the "get-ahead-of-the-attacker" strategy that we haven't considered that we may be a primary cause of our own demise. How is it that we are building more and more security measures, but the problem seems to be getting worse? Furthermore, many of the notable data breaches over the past year were not the result of an advanced nation-state or spy-vs.-spy malicious advanced persistent threats (APTs); rather the principal causes of those events were incomplete implementation, misconfiguration, design flaws, and lack of oversight. + +The 2017 Ponemon Cost of a Data Breach Study breaks down the [root causes of data breaches][1] into three areas: malicious or criminal attacks, human factors or errors, and system glitches, including both IT and business-process failure. Of the three categories, malicious or criminal attacks comprises the largest distribution (47%), followed by human error (28%), and system glitches (25%). Cybersecurity vendors have historically focused on malicious root causes of data breaches, as it is the largest sole cause, but together human error and system glitches total 53%, a larger share of the overall problem. + +What is not often understood, whether due to lack of insight, reporting, or analysis, is that malicious or criminal attacks are often successful due to human error and system glitches. Both human error and system glitches are, at their root, primary markers of the existence of failure. Whether it's IT system failures, failures in process, or failures resulting from humans, it begs the question: "Should we be focusing on finding a method to identify, understand, and address our failures?" After all, it can be an arduous task to predict the next malicious attack, which often requires investment of time to sift threat intelligence, dig through forensic data, or churn threat feeds full of unknown factors and undetermined motives. Failure instrumentation, identification, and remediation are mostly comprised of things that we know, have the ability to test, and can measure. + +Failures we can analyze consist not only of IT, business, and general human factors but also the way we design, build, implement, configure, operate, observe, and manage security controls. People are the ones designing, building, monitoring, and managing the security controls we put in place to defend against malicious attackers. How often do we proactively instrument what we designed, built, and are operationally managing to determine if the controls are failing? Most organizations do not discover that their security controls were failing until a security incident results from that failure. The worst time to find out your security investment failed is during a security incident at 3 a.m. + +> Security incidents are not detective measures and hope is not a strategy when it comes to operating effective security controls. + +We hypothesize that a large portion of data breaches are caused not by sophisticated nation-state actors or hacktivists, but rather simple things rooted in human error and system glitches. Failure in security controls can arise from poor control placement, technical misconfiguration, gaps in coverage, inadequate testing practices, human error, and numerous other things. + +### The journey into Security Chaos Testing + +Our venture into this new territory of Security Chaos Testing has shifted our thinking about the root cause of many of our notable security incidents and data breaches. + +We were brought together by [Bruce Wong][2], who now works at Stitch Fix with Charles, one of the authors of this article. Prior to Stitch Fix, Bruce was a founder of the Chaos Engineering and System Reliability Engineering (SRE) practices at Netflix, the company commonly credited with establishing the field. Bruce learned about this article's other author, Aaron, through the open source [ChaoSlingr][3] Security Chaos Testing tool project, on which Aaron was a contributor. Aaron was interested in Bruce's perspective on the idea of applying Chaos Engineering to cybersecurity, which led Bruce to connect us to share what we had been working on. As security practitioners, we were both intrigued by the idea of Chaos Engineering and had each begun thinking about how this new method of instrumentation might have a role in cybersecurity. + +Within a short timeframe, we began finishing each other's thoughts around testing and validating security capabilities, which we collectively call "Security Chaos Engineering." We directly challenged many of the concepts we had come to depend on in our careers, such as compensating security controls, defense-in-depth, and how to design preventative security. Quickly we realized that we needed to challenge the status quo "set-it-and-forget-it" model and instead execute on continuous instrumentation and validation of security capabilities. + +Businesses often don't fully understand whether their security capabilities and controls are operating as expected until they are not. We had both struggled throughout our careers to provide measurements on security controls that go beyond simple uptime metrics. Our journey has shown us there is a need for a more pragmatic approach that emphasizes proactive instrumentation and experimentation over blind faith. + +### Defining new terms + +In the security industry, we have a habit of not explaining terms and assuming we are speaking the same language. To correct that, here are a few key terms in this new approach: + + * **(Security) Chaos Experiments** are foundationally rooted in the scientific method, in that they seek not to validate what is already known to be true or already known to be false, rather they are focused on deriving new insights about the current state. + * **Security Chaos Engineering** is the discipline of instrumentation, identification, and remediation of failure within security controls through proactive experimentation to build confidence in the system's ability to defend against malicious conditions in production. + + + +### Security and distributed systems + +Consider the evolving nature of modern application design where systems are becoming more and more distributed, ephemeral, and immutable in how they operate. In this shifting paradigm, it is becoming difficult to comprehend the operational state and health of our systems' security. Moreover, how are we ensuring that it remains effective and vigilant as the surrounding environment is changing its parameters, components, and methodologies? + +What does it mean to be effective in terms of security controls? After all, a single security capability could easily be implemented in a wide variety of diverse scenarios in which failure may arise from many possible sources. For example, a standard firewall technology may be implemented, placed, managed, and configured differently depending on complexities in the business, web, and data logic. + +It is imperative that we not operate our business products and services on the assumption that something works. We must constantly, consistently, and proactively instrument our security controls to ensure they cut the mustard when it matters. This is why Security Chaos Testing is so important. What Security Chaos Engineering does is it provides a methodology for the experimentation of the security of distributed systems in order to build confidence in the ability to withstand malicious conditions. + +In Security Chaos Engineering: + + * Security capabilities must be end-to-end instrumented. + * Security must be continuously instrumented to build confidence in the system's ability to withstand malicious conditions. + * Readiness of a system's security defenses must be proactively assessed to ensure they are battle-ready and operating as intended. + * The security capability toolchain must be instrumented from end to end to drive new insights into not only the effectiveness of the functionality within the toolchain but also to discover where added value and improvement can be injected. + * Practiced instrumentation seeks to identify, detect, and remediate failures in security controls. + * The focus is on vulnerability and failure identification, not failure management. + * The operational effectiveness of incident management is sharpened. + + + +As Henry Ford said, "Failure is only the opportunity to begin again, this time more intelligently." Security Chaos Engineering and Security Chaos Testing give us that opportunity. + +Would you like to learn more? Join the discussion by following [@aaronrinehart][4] and [@charles_nwatu][5] on Twitter. + +-------------------------------------------------------------------------------- + +via: https://opensource.com/article/18/1/new-paradigm-cybersecurity + +作者:[Aaron Rinehart][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://opensource.com/users/aaronrinehart +[1]:https://www.ibm.com/security/data-breach +[2]:https://twitter.com/bruce_m_wong?lang=en +[3]:https://github.com/Optum/ChaoSlingr +[4]:https://twitter.com/aaronrinehart +[5]:https://twitter.com/charles_nwatu From b0763d480d614fe24569870961c6e8266e48e783 Mon Sep 17 00:00:00 2001 From: jessie-pang <35220454+jessie-pang@users.noreply.github.com> Date: Fri, 26 Jan 2018 11:33:19 +0800 Subject: [PATCH 4/7] Update 20090627 30 Linux System Monitoring Tools Every SysAdmin Should Know.md --- ... Linux System Monitoring Tools Every SysAdmin Should Know.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sources/tech/20090627 30 Linux System Monitoring Tools Every SysAdmin Should Know.md b/sources/tech/20090627 30 Linux System Monitoring Tools Every SysAdmin Should Know.md index bb527d5519..7e3f5708dd 100644 --- a/sources/tech/20090627 30 Linux System Monitoring Tools Every SysAdmin Should Know.md +++ b/sources/tech/20090627 30 Linux System Monitoring Tools Every SysAdmin Should Know.md @@ -1,3 +1,5 @@ +Translating by jessie-pang + 30 Linux System Monitoring Tools Every SysAdmin Should Know ====== From 8bb2829972857852b9ca238422f89522396b78c2 Mon Sep 17 00:00:00 2001 From: darksun Date: Fri, 26 Jan 2018 11:36:02 +0800 Subject: [PATCH 5/7] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Keep=20Accurate=20Tim?= =?UTF-8?q?e=20on=20Linux=20with=20NTP?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...25 Keep Accurate Time on Linux with NTP.md | 146 ++++++++++++++++++ 1 file changed, 146 insertions(+) create mode 100644 sources/tech/20180125 Keep Accurate Time on Linux with NTP.md diff --git a/sources/tech/20180125 Keep Accurate Time on Linux with NTP.md b/sources/tech/20180125 Keep Accurate Time on Linux with NTP.md new file mode 100644 index 0000000000..817931c2a4 --- /dev/null +++ b/sources/tech/20180125 Keep Accurate Time on Linux with NTP.md @@ -0,0 +1,146 @@ +Keep Accurate Time on Linux with NTP +====== + +![](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/usno-amc.jpg?itok=KA8HwI02) + +How to keep the correct time and keep your computers synchronized without abusing time servers, using NTP and systemd. + +### What Time is It? + +Linux is funky when it comes to telling the time. You might think that the `time` tells the time, but it doesn't because it is a timer that measures how long a process runs. To get the time, you run the `date` command, and to view more than one date, you use `cal`. Timestamps on files are also a source of confusion as they are typically displayed in two different ways, depending on your distro defaults. This example is from Ubuntu 16.04 LTS: +``` +$ ls -l +drwxrwxr-x 5 carla carla 4096 Mar 27 2017 stuff +drwxrwxr-x 2 carla carla 4096 Dec 8 11:32 things +-rw-rw-r-- 1 carla carla 626052 Nov 21 12:07 fatpdf.pdf +-rw-rw-r-- 1 carla carla 2781 Apr 18 2017 oddlots.txt + +``` + +Some display the year, some display the time, which makes ordering your files rather a mess. The GNU default is files dated within the last six months display the time instead of the year. I suppose there is a reason for this. If your Linux does this, try `ls -l --time-style=long-iso` to display the timestamps all the same way, sorted alphabetically. See [How to Change the Linux Date and Time: Simple Commands][1] to learn all manner of fascinating ways to manage the time on Linux. + +### Check Current Settings + +NTP, the network time protocol, is the old-fashioned way of keeping correct time on computers. `ntpd`, the NTP daemon, periodically queries a public time server and adjusts your system time as needed. It's a simple lightweight protocol that is easy to set up for basic use. Systemd has barged into NTP territory with the `systemd-timesyncd.service`, which acts as a client to `ntpd`. + +Before messing with NTP, let's take a minute to check that current time settings are correct. + +There are (at least) two timekeepers on your system: system time, which is managed by the Linux kernel, and the hardware clock on your motherboard, which is also called the real-time clock (RTC). When you enter your system BIOS, you see the hardware clock time and you can change its settings. When you install a new Linux, and in some graphical time managers, you are asked if you want your RTC set to the UTC (Coordinated Universal Time) zone. It should be set to UTC, because all time zone and daylight savings time calculations are based on UTC. Use the `hwclock` command to check: +``` +$ sudo hwclock --debug +hwclock from util-linux 2.27.1 +Using the /dev interface to the clock. +Hardware clock is on UTC time +Assuming hardware clock is kept in UTC time. +Waiting for clock tick... +...got clock tick +Time read from Hardware Clock: 2018/01/22 22:14:31 +Hw clock time : 2018/01/22 22:14:31 = 1516659271 seconds since 1969 +Time since last adjustment is 1516659271 seconds +Calculated Hardware Clock drift is 0.000000 seconds +Mon 22 Jan 2018 02:14:30 PM PST .202760 seconds + +``` + +"Hardware clock is kept in UTC time" confirms that your RTC is on UTC, even though it translates the time to your local time. If it were set to local time it would report "Hardware clock is kept in local time." + +You should have a `/etc/adjtime` file. If you don't, sync your RTC to system time: +``` +$ sudo hwclock -w + +``` + +This should generate the file, and the contents should look like this example: +``` +$ cat /etc/adjtime +0.000000 1516661953 0.000000 +1516661953 +UTC + +``` + +The new-fangled systemd way is to run `timedatectl`, which does not need root permissions: +``` +$ timedatectl + Local time: Mon 2018-01-22 14:17:51 PST + Universal time: Mon 2018-01-22 22:17:51 UTC + RTC time: Mon 2018-01-22 22:17:51 + Time zone: America/Los_Angeles (PST, -0800) + Network time on: yes +NTP synchronized: yes + RTC in local TZ: no + +``` + +"RTC in local TZ: no" confirms that it is on UTC time. What if it is on local time? There are, as always, multiple ways to change it. The easy way is with a nice graphical configuration tool, like YaST in openSUSE. You can use `timedatectl`: +``` +$ timedatectl set-local-rtc 0 +``` + +Or edit `/etc/adjtime`, replacing UTC with LOCAL. + +### systemd-timesyncd Client + +Now I'm tired, and we've just gotten to the good part. Who knew timekeeping was so complex? We haven't even scratched the surface; read `man 8 hwclock` to get an idea of how time is kept on computers. + +Systemd provides the `systemd-timesyncd.service` client, which queries remote time servers and adjusts your system time. Configure your servers in `/etc/systemd/timesyncd.conf`. Most Linux distributions provide a default configuration that points to time servers that they maintain, like Fedora: +``` +[Time] +#NTP= +#FallbackNTP=0.fedora.pool.ntp.org 1.fedora.pool.ntp.org + +``` + +You may enter any other servers you desire, such as your own local NTP server, on the `NTP=` line in a space-delimited list. (Remember to uncomment this line.) Anything you put on the `NTP=` line overrides the fallback. + +What if you are not using systemd? Then you need only NTP. + +### Setting up NTP Server and Client + +It is a good practice to set up your own LAN NTP server, so that you are not pummeling public NTP servers from all of your computers. On most Linuxes NTP comes in the `ntp` package, and most of them provide `/etc/ntp.conf` to configure the service. Consult [NTP Pool Time Servers][2] to find the NTP server pool that is appropriate for your region. Then enter 4-5 servers in your `/etc/ntp.conf` file, with each server on its own line: +``` +driftfile /var/ntp.drift +logfile /var/log/ntp.log +server 0.europe.pool.ntp.org +server 1.europe.pool.ntp.org +server 2.europe.pool.ntp.org +server 3.europe.pool.ntp.org + +``` + +The `driftfile` tells `ntpd` where to store the information it needs to quickly synchronize your system clock with the time servers at startup, and your logs should have their own home instead of getting dumped into the syslog. Use your Linux distribution defaults for these files if it provides them. + +Now start the daemon; on most Linuxes this is `sudo systemctl start ntpd`. Let it run for a few minutes, then check its status: +``` +$ ntpq -p + remote refid st t when poll reach delay offset jitter +============================================================== ++dev.smatwebdesi 192.168.194.89 3 u 25 64 37 92.456 -6.395 18.530 +*chl.la 127.67.113.92 2 u 23 64 37 75.175 8.820 8.230 ++four0.fairy.mat 35.73.197.144 2 u 22 64 37 116.272 -10.033 40.151 +-195.21.152.161 195.66.241.2 2 u 27 64 37 107.559 1.822 27.346 + +``` + +I have no idea what any of that means, other than your daemon is talking to the remote time servers, and that is what you want. To permanently enable it, run `sudo systemctl enable ntpd`. If your Linux doesn't use systemd then it is your homework to figure out how to run `ntpd`. + +Now you can set up `systemd-timesyncd` on your other LAN hosts to use your local NTP server, or install NTP on them and enter your local server in their `/etc/ntp.conf` files. + +NTP servers take a beating, and demand continually increases. You can help by running your own public NTP server. Come back next week to learn how. + +Learn more about Linux through the free ["Introduction to Linux" ][3]course from The Linux Foundation and edX. + +-------------------------------------------------------------------------------- + +via: https://www.linux.com/learn/intro-to-linux/2018/1/keep-accurate-time-linux-ntp + +作者:[CARLA SCHRODER][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.linux.com/users/cschroder +[1]:https://www.linux.com/learn/how-change-linux-date-and-time-simple-commands +[2]:http://support.ntp.org/bin/view/Servers/NTPPoolServers +[3]:https://training.linuxfoundation.org/linux-courses/system-administration-training/introduction-to-linux From e9e54f2f20030380468f2549ac04ad828c13ba9b Mon Sep 17 00:00:00 2001 From: darksun Date: Fri, 26 Jan 2018 11:43:05 +0800 Subject: [PATCH 6/7] =?UTF-8?q?=E9=80=89=E9=A2=98:=208=20ways=20to=20gener?= =?UTF-8?q?ate=20random=20password=20in=20Linux?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...ys to generate random password in Linux.md | 272 ++++++++++++++++++ 1 file changed, 272 insertions(+) create mode 100644 sources/tech/20180124 8 ways to generate random password in Linux.md diff --git a/sources/tech/20180124 8 ways to generate random password in Linux.md b/sources/tech/20180124 8 ways to generate random password in Linux.md new file mode 100644 index 0000000000..ee60df826b --- /dev/null +++ b/sources/tech/20180124 8 ways to generate random password in Linux.md @@ -0,0 +1,272 @@ +8 ways to generate random password in Linux +====== +Learn 8 different ways to generate random password in Linux using Linux native commands or third party utilities. + +![][1] + +In this article, we will walk you through various different ways to generate random password in Linux terminal. Few of them are using native Linux commands and others are using third party tools or utilities which can easily be installed on Linux machine. Here we are looking at native commands like `openssl`, [dd][2], `md5sum`, `tr`, `urandom` and third party tools like mkpasswd, randpw, pwgen, spw, gpg, xkcdpass, diceware, revelation, keepaasx, passwordmaker. + +These are actually ways to get some random alphanumeric string which can be utilized as password. Random passwords can be used for new users so that there will be uniqueness no matter how large your user base is. Without any further delay lets jump into those 15 different ways to generate random password in Linux. + +##### Generate password using mkpasswd utility + +`mkpasswd` comes with install of `expect` package on RHEL based systems. On Debian based systems `mkpasswd` comes with package `whois`. Trying to install `mkpasswd` package will results in error - + +No package mkpasswd available. on RHEL system and E: Unable to locate package mkpasswd in Debian based. + +So install their parent packages as mentioned above and you are good to go. + +Run `mkpasswd` to get passwords + +``` +root@kerneltalks# mkpasswd << on RHEL +zt*hGW65c + +root@kerneltalks# mkpas +``` + +Command behaves differently on different systems so work accordingly. There are many switches which can be used to control length etc parameters. You can explore them from man pages. + +##### Generate password using openssl + +Openssl comes in build with almost all the Linux distributions. We can use its random function to get alphanumeric string generated which can be used as password. + +``` +root@kerneltalks # openssl rand -base64 10 +nU9LlHO5nsuUvw== +``` + +Here, we are using `base64` encoding with random function and last digit for argument to `base64` encoding. + +##### Generate password using urandom + +Device file `/dev/urandom` is another source of getting random characters. We are using `tr` function and trimming output to get random string to use as password. + +``` +root@kerneltalks # strings /dev/urandom |tr -dc A-Za-z0-9 | head -c20; echo +UiXtr0NAOSIkqtjK4c0X +``` + +##### dd command to generate password + +We can even use /dev/urandom device along with [dd command ][2]to get string of random characters. + +``` +oot@kerneltalks# dd if=/dev/urandom bs=1 count=15|base64 -w 0 +15+0 records in +15+0 records out +15 bytes (15 B) copied, 5.5484e-05 s, 270 kB/s +QMsbe2XbrqAc2NmXp8D0 +``` + +We need to pass output through `base64` encoding to make it human readable. You can play with count value to get desired length. For much cleaner output, redirect std2 to `/dev/null`. Clean command will be - + +``` +oot@kerneltalks # dd if=/dev/urandom bs=1 count=15 2>/dev/null|base64 -w 0 +F8c3a4joS+a3BdPN9C++ +``` + +##### Using md5sum to generate password + +Another way to get array of random characters which can be used as password is to calculate MD5 checksum! s you know checksum value is indeed looks like random characters grouped together we can use it as password. Make sure you use source as something variable so that you get different checksum every time you run command. For example `date` ! [date command][3] always yields changing output. + +``` +root@kerneltalks # date |md5sum +4d8ce5c42073c7e9ca4aeffd3d157102 - +``` + +Here we passed `date` command output to `md5sum` and get the checksum hash! You can use [cut command][4] to get desired length of output. + +##### Generate password using pwgen + +`pwgen` package comes with [repositories like EPEL][5]. `pwgen` is more focused on generating passwords which are pronounceable but not a dictionary word or not in plain English. You may not find it in standard distribution repo. Install the package and run `pwgen` command. Boom ! + +``` +root@kerneltalks # pwgen +thu8Iox7 ahDeeQu8 Eexoh0ai oD8oozie ooPaeD9t meeNeiW2 Eip6ieph Ooh1tiet +cootad7O Gohci0vo wah9Thoh Ohh3Ziur Ao1thoma ojoo6aeW Oochai4v ialaiLo5 +aic2OaDa iexieQu8 Aesoh4Ie Eixou9ph ShiKoh0i uThohth7 taaN3fuu Iege0aeZ +cah3zaiW Eephei0m AhTh8guo xah1Shoo uh8Iengo aifeev4E zoo4ohHa fieDei6c +aorieP7k ahna9AKe uveeX7Hi Ohji5pho AigheV7u Akee9fae aeWeiW4a tiex8Oht +``` +You will be presented with list of passwords at your terminal! What else you want? Ok. You still want to explore, `pwgen` comes with many custom options which can be referred for man page. + +##### Generate password using gpg tool + +GPG is a OpenPGP encryption and signing tool. Mostly gpg tool comes pre-installed (at least it is on my RHEL7). But if not you can look for `gpg` or `gpg2` package and [install][6] it. + +Use below command to generate password from gpg tool. + +``` +root@kerneltalks # gpg --gen-random --armor 1 12 +mL8i+PKZ3IuN6a7a +``` + +Here we are passing generate random byte sequence switch (`--gen-random`) of quality 1 (first argument) with count of 12 (second argument). Switch `--armor` ensures output is `base64` encoded. + +##### Generate password using xkcdpass + +Famous geek humor website [xkcd][7], published a very interesting post about memorable but still complex passwords. You can view it [here][8]. So `xkcdpass` tool took inspiration from this post and did its work! Its a python package and available on python's official website [here][9] + +All installation and usage instructions are mentioned on that page. Here is install steps and outputs from my test RHEL server for your reference. + +``` +root@kerneltalks # wget https://pypi.python.org/packages/b4/d7/3253bd2964390e034cf0bba227db96d94de361454530dc056d8c1c096abc/xkcdpass-1.14.3.tar.gz#md5=5f15d52f1d36207b07391f7a25c7965f +--2018-01-23 19:09:17-- https://pypi.python.org/packages/b4/d7/3253bd2964390e034cf0bba227db96d94de361454530dc056d8c1c096abc/xkcdpass-1.14.3.tar.gz +Resolving pypi.python.org (pypi.python.org)... 151.101.32.223, 2a04:4e42:8::223 +Connecting to pypi.python.org (pypi.python.org)|151.101.32.223|:443... connected. +HTTP request sent, awaiting response... 200 OK +Length: 871848 (851K) [binary/octet-stream] +Saving to: ‘xkcdpass-1.14.3.tar.gz’ + +100%[==============================================================================================================================>] 871,848 --.-K/s in 0.01s + +2018-01-23 19:09:17 (63.9 MB/s) - ‘xkcdpass-1.14.3.tar.gz’ saved [871848/871848] + + +root@kerneltalks # tar -xvf xkcdpass-1.14.3.tar.gz +xkcdpass-1.14.3/ +xkcdpass-1.14.3/examples/ +xkcdpass-1.14.3/examples/example_import.py +xkcdpass-1.14.3/examples/example_json.py +xkcdpass-1.14.3/examples/example_postprocess.py +xkcdpass-1.14.3/LICENSE.BSD +xkcdpass-1.14.3/MANIFEST.in +xkcdpass-1.14.3/PKG-INFO +xkcdpass-1.14.3/README.rst +xkcdpass-1.14.3/setup.cfg +xkcdpass-1.14.3/setup.py +xkcdpass-1.14.3/tests/ +xkcdpass-1.14.3/tests/test_list.txt +xkcdpass-1.14.3/tests/test_xkcdpass.py +xkcdpass-1.14.3/tests/__init__.py +xkcdpass-1.14.3/xkcdpass/ +xkcdpass-1.14.3/xkcdpass/static/ +xkcdpass-1.14.3/xkcdpass/static/eff-long +xkcdpass-1.14.3/xkcdpass/static/eff-short +xkcdpass-1.14.3/xkcdpass/static/eff-special +xkcdpass-1.14.3/xkcdpass/static/fin-kotus +xkcdpass-1.14.3/xkcdpass/static/ita-wiki +xkcdpass-1.14.3/xkcdpass/static/legacy +xkcdpass-1.14.3/xkcdpass/static/spa-mich +xkcdpass-1.14.3/xkcdpass/xkcd_password.py +xkcdpass-1.14.3/xkcdpass/__init__.py +xkcdpass-1.14.3/xkcdpass.1 +xkcdpass-1.14.3/xkcdpass.egg-info/ +xkcdpass-1.14.3/xkcdpass.egg-info/dependency_links.txt +xkcdpass-1.14.3/xkcdpass.egg-info/entry_points.txt +xkcdpass-1.14.3/xkcdpass.egg-info/not-zip-safe +xkcdpass-1.14.3/xkcdpass.egg-info/PKG-INFO +xkcdpass-1.14.3/xkcdpass.egg-info/SOURCES.txt +xkcdpass-1.14.3/xkcdpass.egg-info/top_level.txt + + +root@kerneltalks # cd xkcdpass-1.14.3 + +root@kerneltalks # python setup.py install +running install +running bdist_egg +running egg_info +writing xkcdpass.egg-info/PKG-INFO +writing top-level names to xkcdpass.egg-info/top_level.txt +writing dependency_links to xkcdpass.egg-info/dependency_links.txt +writing entry points to xkcdpass.egg-info/entry_points.txt +reading manifest file 'xkcdpass.egg-info/SOURCES.txt' +reading manifest template 'MANIFEST.in' +writing manifest file 'xkcdpass.egg-info/SOURCES.txt' +installing library code to build/bdist.linux-x86_64/egg +running install_lib +running build_py +creating build +creating build/lib +creating build/lib/xkcdpass +copying xkcdpass/xkcd_password.py -> build/lib/xkcdpass +copying xkcdpass/__init__.py -> build/lib/xkcdpass +creating build/lib/xkcdpass/static +copying xkcdpass/static/eff-long -> build/lib/xkcdpass/static +copying xkcdpass/static/eff-short -> build/lib/xkcdpass/static +copying xkcdpass/static/eff-special -> build/lib/xkcdpass/static +copying xkcdpass/static/fin-kotus -> build/lib/xkcdpass/static +copying xkcdpass/static/ita-wiki -> build/lib/xkcdpass/static +copying xkcdpass/static/legacy -> build/lib/xkcdpass/static +copying xkcdpass/static/spa-mich -> build/lib/xkcdpass/static +creating build/bdist.linux-x86_64 +creating build/bdist.linux-x86_64/egg +creating build/bdist.linux-x86_64/egg/xkcdpass +copying build/lib/xkcdpass/xkcd_password.py -> build/bdist.linux-x86_64/egg/xkcdpass +copying build/lib/xkcdpass/__init__.py -> build/bdist.linux-x86_64/egg/xkcdpass +creating build/bdist.linux-x86_64/egg/xkcdpass/static +copying build/lib/xkcdpass/static/eff-long -> build/bdist.linux-x86_64/egg/xkcdpass/static +copying build/lib/xkcdpass/static/eff-short -> build/bdist.linux-x86_64/egg/xkcdpass/static +copying build/lib/xkcdpass/static/eff-special -> build/bdist.linux-x86_64/egg/xkcdpass/static +copying build/lib/xkcdpass/static/fin-kotus -> build/bdist.linux-x86_64/egg/xkcdpass/static +copying build/lib/xkcdpass/static/ita-wiki -> build/bdist.linux-x86_64/egg/xkcdpass/static +copying build/lib/xkcdpass/static/legacy -> build/bdist.linux-x86_64/egg/xkcdpass/static +copying build/lib/xkcdpass/static/spa-mich -> build/bdist.linux-x86_64/egg/xkcdpass/static +byte-compiling build/bdist.linux-x86_64/egg/xkcdpass/xkcd_password.py to xkcd_password.pyc +byte-compiling build/bdist.linux-x86_64/egg/xkcdpass/__init__.py to __init__.pyc +creating build/bdist.linux-x86_64/egg/EGG-INFO +copying xkcdpass.egg-info/PKG-INFO -> build/bdist.linux-x86_64/egg/EGG-INFO +copying xkcdpass.egg-info/SOURCES.txt -> build/bdist.linux-x86_64/egg/EGG-INFO +copying xkcdpass.egg-info/dependency_links.txt -> build/bdist.linux-x86_64/egg/EGG-INFO +copying xkcdpass.egg-info/entry_points.txt -> build/bdist.linux-x86_64/egg/EGG-INFO +copying xkcdpass.egg-info/not-zip-safe -> build/bdist.linux-x86_64/egg/EGG-INFO +copying xkcdpass.egg-info/top_level.txt -> build/bdist.linux-x86_64/egg/EGG-INFO +creating dist +creating 'dist/xkcdpass-1.14.3-py2.7.egg' and adding 'build/bdist.linux-x86_64/egg' to it +removing 'build/bdist.linux-x86_64/egg' (and everything under it) +Processing xkcdpass-1.14.3-py2.7.egg +creating /usr/lib/python2.7/site-packages/xkcdpass-1.14.3-py2.7.egg +Extracting xkcdpass-1.14.3-py2.7.egg to /usr/lib/python2.7/site-packages +Adding xkcdpass 1.14.3 to easy-install.pth file +Installing xkcdpass script to /usr/bin + +Installed /usr/lib/python2.7/site-packages/xkcdpass-1.14.3-py2.7.egg +Processing dependencies for xkcdpass==1.14.3 +Finished processing dependencies for xkcdpass==1.14.3 +``` + +Now running xkcdpass command will give you random set of dictionary words like below - + +``` +root@kerneltalks # xkcdpass +broadside unpadded osmosis statistic cosmetics lugged +``` + +You can use these words as input to other commands like `md5sum` to get random password (like below) or you can even use Nth letter of each words to form your password! + +``` +oot@kerneltalks # xkcdpass |md5sum +45f2ec9b3ca980c7afbd100268c74819 - + +root@kerneltalks # xkcdpass |md5sum +ad79546e8350744845c001d8836f2ff2 - +``` +Or even you can use all those words together as such a long password which is easy to remember for a user and very hard to crack using computer program. + +There are tools like [Diceware][10], [KeePassX][11], [Revelation][12], [PasswordMaker][13] for Linux which can be considered for making strong random passwords. + +-------------------------------------------------------------------------------- + +via: https://kerneltalks.com/tips-tricks/8-ways-to-generate-random-password-in-linux/ + +作者:[kerneltalks][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://kerneltalks.com +[1]:https://a1.kerneltalks.com/wp-content/uploads/2018/01/different-ways-to-generate-password-in-linux.png +[2]:https://kerneltalks.com/commands/learn-dd-command-with-examples/ +[3]:https://kerneltalks.com/commands/date-time-management-using-timedatectl-command/ +[4]:https://kerneltalks.com/linux/cut-command-examples/ +[5]:https://kerneltalks.com/package/how-to-install-epel-repository/ +[6]:https://kerneltalks.com/tools/package-installation-linux-yum-apt/ +[7]:https://xkcd.com/ +[8]:https://xkcd.com/936/ +[9]:https://pypi.python.org/pypi/xkcdpass/ +[10]:http://world.std.com/~reinhold/diceware.html +[11]:https://www.keepassx.org/ +[12]:https://packages.debian.org/sid/gnome/revelation +[13]:https://passwordmaker.org/ From f8a212268d51bcbc8533b334ebb6e0597e77f6ba Mon Sep 17 00:00:00 2001 From: darksun Date: Fri, 26 Jan 2018 11:46:51 +0800 Subject: [PATCH 7/7] =?UTF-8?q?=E9=80=89=E9=A2=98:=20Linux=20whereis=20Com?= =?UTF-8?q?mand=20Explained=20for=20Beginners=20(5=20Examples)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...nd Explained for Beginners (5 Examples).md | 108 ++++++++++++++++++ 1 file changed, 108 insertions(+) create mode 100644 sources/tech/20180125 Linux whereis Command Explained for Beginners (5 Examples).md diff --git a/sources/tech/20180125 Linux whereis Command Explained for Beginners (5 Examples).md b/sources/tech/20180125 Linux whereis Command Explained for Beginners (5 Examples).md new file mode 100644 index 0000000000..45107b050c --- /dev/null +++ b/sources/tech/20180125 Linux whereis Command Explained for Beginners (5 Examples).md @@ -0,0 +1,108 @@ +Linux whereis Command Explained for Beginners (5 Examples) +====== + +Sometimes, while working on the command line, we just need to quickly find out the location of the binary file for a command. Yes, the [find][1] command is an option in this case, but it's a bit time consuming and will likely produce some non-desired results as well. There's a specific command that's designed for this purpose: **whereis**. + +In this article, we will discuss the basics of this command using some easy to understand examples. But before we do that, it's worth mentioning that all examples in this tutorial have been tested on Ubuntu 16.04LTS. + +### Linux whereis command + +The whereis command lets users locate binary, source, and manual page files for a command. Following is its syntax: + +``` +whereis [options] [-BMS directory... -f] name... +``` + +And here's how the tool's man page explains it: +``` +whereis locates the binary, source and manual files for the specified command names. The supplied +names are first stripped of leading pathname components and any (single) trailing extension of the +form .ext (for example: .c) Prefixes of s. resulting from use of source code control are also dealt +with. whereis then attempts to locate the desired program in the standard Linux places, and in the +places specified by $PATH and $MANPATH. +``` + +The following Q&A-styled examples should give you a good idea on how the whereis command works. + +### Q1. How to find location of binary file using whereis? + +Suppose you want to find the location for, let's say, the whereis command itself. Then here's how you can do that: + +``` +whereis whereis +``` + +[![How to find location of binary file using whereis][2]][3] + +Note that the first path in the output is what you are looking for. The whereis command also produces paths for manual pages and source code (if available, which isn't in this case). So the second path you see in the output above is the path to the whereis manual file(s). + +### Q2. How to specifically search for binaries, manuals, or source code? + +If you want to search specifically for, say binary, then you can use the **-b** command line option. For example: + +``` +whereis -b cp +``` + +[![How to specifically search for binaries, manuals, or source code][4]][5] + +Similarly, the **-m** and **-s** options are used in case you want to find manuals and sources. + +### Q3. How to limit whereis search as per requirement? + +By default whereis tries to find files from hard-coded paths, which are defined with glob patterns. However, if you want, you can limit the search using specific command line options. For example, if you want whereis to only search for binary files in /usr/bin, then you can do this using the **-B** command line option. + +``` +whereis -B /usr/bin/ -f cp +``` + +**Note** : Since you can pass multiple paths this way, the **-f** command line option terminates the directory list and signals the start of file names. + +Similarly, if you want to limit manual or source searches, you can use the **-M** and **-S** command line options. + +### Q4. How to see paths that whereis uses for search? + +There's an option for this as well. Just run the command with **-l**. + +``` +whereis -l +``` + +Here is the list (partial) it produced for us: + +[![How to see paths that whereis uses for search][6]][7] + +### Q5. How to find command names with unusual entries? + +For whereis, a command becomes unusual if it does not have just one entry of each explicitly requested type. For example, commands with no documentation available, or those with documentation in multiple places are considered unusual. The **-u** command line option, when used, makes whereis show the command names that have unusual entries. + +For example, the following command should display files in the current directory which have no documentation file, or more than one. + +``` +whereis -m -u * +``` + +### Conclusion + +Agreed, whereis is not the kind of command line tool that you'll require very frequently. But when the situation arises, it definitely makes your life easy. We've covered some of the important command line options the tool offers, so do practice them. For more info, head to its [man page][8]. + + +-------------------------------------------------------------------------------- + +via: https://www.howtoforge.com/linux-whereis-command/ + +作者:[Himanshu Arora][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.howtoforge.com +[1]:https://www.howtoforge.com/tutorial/linux-find-command/ +[2]:https://www.howtoforge.com/images/command-tutorial/whereis-basic-usage.png +[3]:https://www.howtoforge.com/images/command-tutorial/big/whereis-basic-usage.png +[4]:https://www.howtoforge.com/images/command-tutorial/whereis-b-option.png +[5]:https://www.howtoforge.com/images/command-tutorial/big/whereis-b-option.png +[6]:https://www.howtoforge.com/images/command-tutorial/whereis-l.png +[7]:https://www.howtoforge.com/images/command-tutorial/big/whereis-l.png +[8]:https://linux.die.net/man/1/whereis