document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2025-01-16 22:42:21 +08:00
Code Issues Packages Projects Releases Wiki Activity

merge master

Browse Source
This commit is contained in:
root 2017-12-06 09:34:42 +08:00
commit 718a3e88b9
21 changed files with 1863 additions and 642 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

80
published/20171012 Linux Networking Hardware for Beginners Think Software.md Normal file
View File

@ -0,0 +1,80 @@
面向初学者的 Linux 网络硬件:软件思维
===========================================================
![island network](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/soderskar-island.jpg?itok=wiMaF66b "island network")
> 没有路由和桥接,我们将会成为孤独的小岛,你将会在这个网络教程中学到更多知识。
[Commons Zero][3]Pixabay
上周,我们学习了本地网络硬件知识,本周,我们将学习网络互联技术和在移动网络中的一些很酷的黑客技术。
### 路由器
网络路由器就是计算机网络中的一切因为路由器连接着网络没有路由器我们就会成为孤岛。图一展示了一个简单的有线本地网络和一个无线接入点所有设备都接入到互联网上本地局域网的计算机连接到一个连接着防火墙或者路由器的以太网交换机上防火墙或者路由器连接到网络服务供应商ISP提供的电缆箱、调制调节器、卫星上行系统……好像一切都在计算中就像是一个带着不停闪烁的的小灯的盒子。当你的网络数据包离开你的局域网进入广阔的互联网它们穿过一个又一个路由器直到到达自己的目的地。
![simple LAN](https://www.linux.com/sites/lcom/files/styles/floated_images/public/fig-1_7.png?itok=lsazmf3- "simple LAN")
*图一:一个简单的有线局域网和一个无线接入点。*
路由器可以是各种样式:一个只专注于路由的小巧特殊的小盒子,一个将会提供路由、防火墙、域名服务,以及 VPN 网关功能的大点的盒子,一台重新设计的台式电脑或者笔记本,一个树莓派计算机或者一个 Arduino体积臃肿矮小的像 PC Engines 这样的单板计算机,除了苛刻的用途以外,普通的商品硬件都能良好的工作运行。高端的路由器使用特殊设计的硬件每秒能够传输最大量的数据包。它们有多路数据总线,多个中央处理器和极快的存储。(可以通过了解 Juniper 和思科的路由器来感受一下高端路由器书什么样子的,而且能看看里面是什么样的构造。)
接入你的局域网的无线接入点要么作为一个以太网网桥,要么作为一个路由器。桥接器扩展了这个网络,所以在这个桥接器上的任意一端口上的主机都连接在同一个网络中。一台路由器连接的是两个不同的网络。
### 网络拓扑
有多种设置你的局域网的方式,你可以把所有主机接入到一个单独的<ruby>平面网络<rt>flat network</rt></ruby>,也可以把它们划分为不同的子网。如果你的交换机支持 VLAN 的话,你也可以把它们分配到不同的 VLAN 中。
平面网络是最简单的网络,只需把每一台设备接入到同一个交换机上即可,如果一台交换上的端口不够使用,你可以将更多的交换机连接在一起。有些交换机有特殊的上行端口,有些是没有这种特殊限制的上行端口,你可以连接其中的任意端口,你可能需要使用交叉类型的以太网线,所以你要查阅你的交换机的说明文档来设置。
平面网络是最容易管理的,你不需要路由器也不需要计算子网,但它也有一些缺点。它们的伸缩性不好,所以当网络规模变得越来越大的时候就会被广播网络所阻塞。将你的局域网进行分段将会提升安全保障, 把局域网分成可管理的不同网段将有助于管理更大的网络。图二展示了一个分成两个子网的局域网络:内部的有线和无线主机,和一个托管公开服务的主机。包含面向公共的服务器的子网称作非军事区域 DMZ你有没有注意到那些都是主要在电脑上打字的男人们的术语因为它被阻挡了所有的内部网络的访问。
![LAN](https://www.linux.com/sites/lcom/files/styles/floated_images/public/fig-2_4.png?itok=LpXq7bLf "LAN")
*图二:一个分成两个子网的简单局域网。*
即使像图二那样的小型网络也可以有不同的配置方法。你可以将防火墙和路由器放置在一台单独的设备上。你可以为你的非军事区域设置一个专用的网络连接,把它完全从你的内部网络隔离,这将引导我们进入下一个主题:一切基于软件。
### 软件思维
你可能已经注意到在这个简短的系列中我们所讨论的硬件,只有网络接口、交换机,和线缆是特殊用途的硬件。
其它的都是通用的商用硬件而且都是软件来定义它的用途。Linux 是一个真实的网络操作系统,它支持大量的网络操作:网关、虚拟专用网关、以太网桥、网页、邮箱以及文件等等服务器、负载均衡、代理、服务质量、多种认证、中继、故障转移……你可以在运行着 Linux 系统的标准硬件上运行你的整个网络。你甚至可以使用 Linux 交换应用LISA和VDE2 协议来模拟以太网交换机。
有一些用于小型硬件的特殊发行版,如 DD-WRT、OpenWRT以及树莓派发行版也不要忘记 BSD 们和它们的特殊衍生用途如 pfSense 防火墙/路由器,和 FreeNAS 网络存储服务器。
你知道有些人坚持认为硬件防火墙和软件防火墙有区别?其实是没有区别的,就像说硬件计算机和软件计算机一样。
### 端口聚合和以太网绑定
聚合和绑定,也称链路聚合,是把两条以太网通道绑定在一起成为一条通道。一些交换机支持端口聚合,就是把两个交换机端口绑定在一起,成为一个是它们原来带宽之和的一条新的连接。对于一台承载很多业务的服务器来说这是一个增加通道带宽的有效的方式。
你也可以在以太网口进行同样的配置,而且绑定汇聚的驱动是内置在 Linux 内核中的,所以不需要任何其他的专门的硬件。
### 随心所欲选择你的移动宽带
我期望移动宽带能够迅速增长来替代 DSL 和有线网络。我居住在一个有 25 万人口的靠近一个城市的地方,但是在城市以外,要想接入互联网就要靠运气了,即使那里有很大的用户上网需求。我居住的小角落离城镇有 20 分钟的距离,但对于网络服务供应商来说他们几乎不会考虑到为这个地方提供网络。 我唯一的选择就是移动宽带;这里没有拨号网络、卫星网络(即使它很糟糕)或者是 DSL、电缆、光纤但却没有阻止网络供应商把那些我在这个区域从没看到过的 Xfinity 和其它高速网络服务的传单塞进我的邮箱。
我试用了 AT&T、Version 和 T-Mobile。Version 的信号覆盖范围最广,但是 Version 和 AT&T 是最昂贵的。
我居住的地方在 T-Mobile 信号覆盖的边缘,但迄今为止他们给了最大的优惠,为了能够能够有效的使用,我必须购买一个 WeBoost 信号放大器和一台中兴的移动热点设备。当然你也可以使用一部手机作为热点,但是专用的热点设备有着最强的信号。如果你正在考虑购买一台信号放大器,最好的选择就是 WeBoost因为他们的服务支持最棒而且他们会尽最大努力去帮助你。在一个小小的 APP [SignalCheck Pro][8] 的协助下设置将会精准的增强你的网络信号,他们有一个功能较少的免费的版本,但你将一点都不会后悔去花两美元使用专业版。
那个小巧的中兴热点设备能够支持 15 台主机,而且还有拥有基本的防火墙功能。 但你如果你使用像 Linksys WRT54GL这样的设备可以使用 Tomato、OpenWRT或者 DD-WRT 来替代普通的固件,这样你就能完全控制你的防护墙规则、路由配置,以及任何其它你想要设置的服务。
--------------------------------------------------------------------------------
via: https://www.linux.com/learn/intro-to-linux/2017/10/linux-networking-hardware-beginners-think-software
作者:[CARLA SCHRODER][a]
译者:[FelixYFZ](https://github.com/FelixYFZ)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://www.linux.com/users/cschroder
[1]:https://www.linux.com/licenses/category/used-permission
[2]:https://www.linux.com/licenses/category/used-permission
[3]:https://www.linux.com/licenses/category/creative-commons-zero
[4]:https://www.linux.com/files/images/fig-1png-7
[5]:https://www.linux.com/files/images/fig-2png-4
[6]:https://www.linux.com/files/images/soderskar-islandjpg
[7]:https://www.linux.com/learn/intro-to-linux/2017/10/linux-networking-hardware-beginners-lan-hardware
[8]:http://www.bluelinepc.com/signalcheck/

163
published/20171201 How to Manage Users with Groups in Linux.md Normal file
View File

@ -0,0 +1,163 @@
如何在 Linux 系统中通过用户组来管理用户
============================================================
![groups](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/group-of-people-1645356_1920.jpg?itok=rJlAxBSV)
> 本教程可以了解如何通过用户组和访问控制表ACL来管理用户。
当你需要管理一台容纳多个用户的 Linux 机器时,比起一些基本的用户管理工具所提供的方法,有时候你需要对这些用户采取更多的用户权限管理方式。特别是当你要管理某些用户的权限时,这个想法尤为重要。比如说,你有一个目录,某个用户组中的用户可以通过读和写的权限访问这个目录,而其他用户组中的用户对这个目录只有读的权限。在 Linux 中这是完全可以实现的。但前提是你必须先了解如何通过用户组和访问控制表ACL来管理用户。
我们将从简单的用户开始逐渐深入到复杂的访问控制表ACL。你可以在你所选择的 Linux 发行版完成你所需要做的一切。本文的重点是用户组,所以不会涉及到关于用户的基础知识。
为了达到演示的目的,我将假设:
你需要用下面两个用户名新建两个用户:
* olivia
* nathan
你需要新建以下两个用户组:
* readers
* editors
olivia 属于 editors 用户组,而 nathan 属于 readers 用户组。reader 用户组对 `/DATA` 目录只有读的权限,而 editors 用户组则对 `/DATA` 目录同时有读和写的权限。当然,这是个非常小的任务,但它会给你基本的信息,你可以扩展这个任务以适应你其他更大的需求。
我将在 Ubuntu 16.04 Server 平台上进行演示。这些命令都是通用的,唯一不同的是,要是在你的发行版中不使用 `sudo` 命令,你必须切换到 root 用户来执行这些命令。
### 创建用户
我们需要做的第一件事是为我们的实验创建两个用户。可以用 `useradd` 命令来创建用户,我们不只是简单地创建一个用户,而需要同时创建用户和属于他们的家目录,然后给他们设置密码。
```
sudo useradd -m olivia
sudo useradd -m nathan
```
我们现在创建了两个用户,如果你看看 `/home` 目录,你可以发现他们的家目录(因为我们用了 `-m` 选项,可以在创建用户的同时创建他们的家目录。
之后,我们可以用以下命令给他们设置密码:
```
sudo passwd olivia
sudo passwd nathan
```
就这样,我们创建了两个用户。
### 创建用户组并添加用户
现在我们将创建 readers 和 editors 用户组,然后给它们添加用户。创建用户组的命令是:
```
addgroup readers
addgroup editors
```
LCTT 译注:当你使用 CentOS 等一些 Linux 发行版时,可能系统没有 `addgroup` 这个命令,推荐使用 `groupadd` 命令来替换 `addgroup` 命令以达到同样的效果)
![groups](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/groups_1.jpg?itok=BKwL89BB)
*图一:我们可以使用刚创建的新用户组了。*
创建用户组后,我们需要添加我们的用户到这两个用户组。我们用以下命令来将 nathan 用户添加到 readers 用户组:
```
sudo usermod -a -G readers nathan
```
用以下命令将 olivia 添加到 editors 用户组:
```
sudo usermod -a -G editors olivia
```
现在我们可以通过用户组来管理用户了。
### 给用户组授予目录的权限
假设你有个目录 `/READERS` 且允许 readers 用户组的所有成员访问这个目录。首先,我们执行以下命令来更改目录所属用户组:
```
sudo chown -R :readers /READERS
```
接下来,执行以下命令收回目录所属用户组的写入权限:
```
sudo chmod -R g-w /READERS
```
然后我们执行下面的命令来收回其他用户对这个目录的访问权限(以防止任何不在 readers 组中的用户访问这个目录里的文件):
```
sudo chmod -R o-x /READERS
```
这时候只有目录的所有者root和用户组 reader 中的用户可以访问 `/READES` 中的文件。
假设你有个目录 `/EDITORS` ,你需要给用户组 editors 里的成员这个目录的读和写的权限。为了达到这个目的,执行下面的这些命令是必要的:
```
sudo chown -R :editors /EDITORS
sudo chmod -R g+w /EDITORS
sudo chmod -R o-x /EDITORS
```
此时 editors 用户组的所有成员都可以访问和修改其中的文件。除此之外其他用户(除了 root 之外)无法访问 `/EDITORS` 中的任何文件。
使用这个方法的问题在于你一次只能操作一个组和一个目录而已。这时候访问控制表ACL就可以派得上用场了。
### 使用访问控制表ACL
现在,让我们把这个问题变得棘手一点。假设你有一个目录 `/DATA` 并且你想给 readers 用户组的成员读取权限,并同时给 editors 用户组的成员读和写的权限。为此,你必须要用到 `setfacl` 命令。`setfacl` 命令可以为文件或文件夹设置一个访问控制表ACL
这个命令的结构如下:
```
setfacl OPTION X:NAME:Y /DIRECTORY
```
其中 OPTION 是可选选项X 可以是 `u`(用户)或者是 `g` 用户组NAME 是用户或者用户组的名字,/DIRECTORY 是要用到的目录。我们将使用 `-m` 选项进行修改。因此,我们给 readers 用户组添加读取权限的命令是:
```
sudo setfacl -m g:readers:rx -R /DATA
```
现在 readers 用户组里面的每一个用户都可以读取 `/DATA` 目录里的文件了,但是他们不能修改里面的内容。
为了给 editors 用户组里面的用户读写权限,我们执行了以下命令:
```
sudo setfacl -m g:editors:rwx -R /DATA
```
上述命令将赋予 editors 用户组中的任何成员读取权限,同时保留 readers 用户组的只读权限。
### 更多的权限控制
使用访问控制表ACL你可以实现你所需的权限控制。你可以添加用户到用户组并且灵活地控制这些用户组对每个目录的权限以达到你的需求。如果想了解上述工具的更多信息可以执行下列的命令
* `man usradd`
* `man addgroup`
* `man usermod`
* `man sefacl`
* `man chown`
* `man chmod`
--------------------------------------------------------------------------------
via: https://www.linux.com/learn/intro-to-linux/2017/12/how-manage-users-groups-linux
作者:[Jack Wallen]
译者:[imquanquan](https://github.com/imquanquan)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[1]:https://www.linux.com/files/images/group-people-16453561920jpg
[2]:https://www.linux.com/files/images/groups1jpg
[3]:https://training.linuxfoundation.org/linux-courses/system-administration-training/introduction-to-linux
[4]:https://www.linux.com/licenses/category/creative-commons-zero
[5]:https://www.linux.com/licenses/category/used-permission

233
sources/tech/20160922 A Linux users guide to Logical Volume Management.md
View File

@ -1,233 +0,0 @@
A Linux user's guide to Logical Volume Management
============================================================
![Logical Volume Management (LVM)](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/rh_003499_01_other11x_cc.png?itok=I_kCDYj0 "Logical Volume Management (LVM)")
Image by : opensource.com
Managing disk space has always been a significant task for sysadmins. Running out of disk space used to be the start of a long and complex series of tasks to increase the space available to a disk partition. It also required taking the system off-line. This usually involved installing a new hard drive, booting to recovery or single-user mode, creating a partition and a filesystem on the new hard drive, using temporary mount points to move the data from the too-small filesystem to the new, larger one, changing the content of the /etc/fstab file to reflect the correct device name for the new partition, and rebooting to remount the new filesystem on the correct mount point.
I have to tell you that, when LVM (Logical Volume Manager) first made its appearance in Fedora Linux, I resisted it rather strongly. My initial reaction was that I did not need this additional layer of abstraction between me and the hard drives. It turns out that I was wrong, and that logical volume management is very useful.
LVM allows for very flexible disk space management. It provides features like the ability to add disk space to a logical volume and its filesystem while that filesystem is mounted and active and it allows for the collection of multiple physical hard drives and partitions into a single volume group which can then be divided into logical volumes.
The volume manager also allows reducing the amount of disk space allocated to a logical volume, but there are a couple requirements. First, the volume must be unmounted. Second, the filesystem itself must be reduced in size before the volume on which it resides can be reduced.
It is important to note that the filesystem itself must allow resizing for this feature to work. The EXT2, 3, and 4 filesystems all allow both offline (unmounted) and online (mounted) resizing when increasing the size of a filesystem, and offline resizing when reducing the size. You should check the details of the filesystems you intend to use in order to verify whether they can be resized at all and especially whether they can be resized while online.
### Expanding a filesystem on the fly
I always like to run new distributions in a VirtualBox virtual machine for a few days or weeks to ensure that I will not run into any devastating problems when I start installing it on my production machines. One morning a couple years ago I started installing a newly released version of Fedora in a virtual machine on my primary workstation. I thought that I had enough disk space allocated to the host filesystem in which the VM was being installed. I did not. About a third of the way through the installation I ran out of space on that filesystem. Fortunately, VirtualBox detected the out-of-space condition and paused the virtual machine, and even displayed an error message indicating the exact cause of the problem.
Note that this problem was not due to the fact that the virtual disk was too small, it was rather the logical volume on the host computer that was running out of space so that the virtual disk belonging to the virtual machine did not have enough space to expand on the host's logical volume.
Since most modern distributions use Logical Volume Management by default, and I had some free space available on the volume group, I was able to assign additional disk space to the appropriate logical volume and then expand filesystem of the host on the fly. This means that I did not have to reformat the entire hard drive and reinstall the operating system or even reboot. I simply assigned some of the available space to the appropriate logical volume and resized the filesystem—all while the filesystem was on-line and the running program, The virtual machine was still using the host filesystem. After resizing the logical volume and the filesystem I resumed running the virtual machine and the installation continued as if no problems had occurred.
Although this type of problem may never have happened to you, running out of disk space while a critical program is running has happened to many people. And while many programs, especially Windows programs, are not as well written and resilient as VirtualBox, Linux Logical Volume Management made it possible to recover without losing any data and without having to restart the time-consuming installation.
### LVM Structure
The structure of a Logical Volume Manager disk environment is illustrated by Figure 1, below. Logical Volume Management enables the combining of multiple individual hard drives and/or disk partitions into a single volume group (VG). That volume group can then be subdivided into logical volumes (LV) or used as a single large volume. Regular file systems, such as EXT3 or EXT4, can then be created on a logical volume.
In Figure 1, two complete physical hard drives and one partition from a third hard drive have been combined into a single volume group. Two logical volumes have been created from the space in the volume group, and a filesystem, such as an EXT3 or EXT4 filesystem has been created on each of the two logical volumes.
![lvm.png](https://opensource.com/sites/default/files/resize/images/life-uploads/lvm-520x222.png)
_Figure 1: LVM allows combining partitions and entire hard drives into Volume Groups._
Adding disk space to a host is fairly straightforward but, in my experience, is done relatively infrequently. The basic steps needed are listed below. You can either create an entirely new volume group or you can add the new space to an existing volume group and either expand an existing logical volume or create a new one.
### Adding a new logical volume
There are times when it is necessary to add a new logical volume to a host. For example, after noticing that the directory containing virtual disks for my VirtualBox virtual machines was filling up the /home filesystem, I decided to create a new logical volume in which to store the virtual machine data, including the virtual disks. This would free up a great deal of space in my /home filesystem and also allow me to manage the disk space for the VMs independently.
The basic steps for adding a new logical volume are as follows.
1. If necessary, install a new hard drive.
2. Optional: Create a partition on the hard drive.
3. Create a physical volume (PV) of the complete hard drive or a partition on the hard drive.
4. Assign the new physical volume to an existing volume group (VG) or create a new volume group.
5. Create a new logical volumes (LV) from the space in the volume group.
6. Create a filesystem on the new logical volume.
7. Add appropriate entries to /etc/fstab for mounting the filesystem.
8. Mount the filesystem.
Now for the details. The following sequence is taken from an example I used as a lab project when teaching about Linux filesystems.
### Example
This example shows how to use the CLI to extend an existing volume group to add more space to it, create a new logical volume in that space, and create a filesystem on the logical volume. This procedure can be performed on a running, mounted filesystem.
WARNING: Only the EXT3 and EXT4 filesystems can be resized on the fly on a running, mounted filesystem. Many other filesystems including BTRFS and ZFS cannot be resized.
### Install hard drive
If there is not enough space in the volume group on the existing hard drive(s) in the system to add the desired amount of space it may be necessary to add a new hard drive and create the space to add to the Logical Volume. First, install the physical hard drive, and then perform the following steps.
### Create Physical Volume from hard drive
It is first necessary to create a new Physical Volume (PV). Use the command below, which assumes that the new hard drive is assigned as /dev/hdd.
```
pvcreate /dev/hdd
```
It is not necessary to create a partition of any kind on the new hard drive. This creation of the Physical Volume which will be recognized by the Logical Volume Manager can be performed on a newly installed raw disk or on a Linux partition of type 83\. If you are going to use the entire hard drive, creating a partition first does not offer any particular advantages and uses disk space for metadata that could otherwise be used as part of the PV.
### Extend the existing Volume Group
In this example we will extend an existing volume group rather than creating a new one; you can choose to do it either way. After the Physical Volume has been created, extend the existing Volume Group (VG) to include the space on the new PV. In this example the existing Volume Group is named MyVG01.
```
vgextend /dev/MyVG01 /dev/hdd
```
### Create the Logical Volume
First create the Logical Volume (LV) from existing free space within the Volume Group. The command below creates a LV with a size of 50GB. The Volume Group name is MyVG01 and the Logical Volume Name is Stuff.
```
lvcreate -L +50G --name Stuff MyVG01
```
### Create the filesystem
Creating the Logical Volume does not create the filesystem. That task must be performed separately. The command below creates an EXT4 filesystem that fits the newly created Logical Volume.
```
mkfs -t ext4 /dev/MyVG01/Stuff
```
### Add a filesystem label
Adding a filesystem label makes it easy to identify the filesystem later in case of a crash or other disk related problems.
```
e2label /dev/MyVG01/Stuff Stuff
```
### Mount the filesystem
At this point you can create a mount point, add an appropriate entry to the /etc/fstab file, and mount the filesystem.
You should also check to verify the volume has been created correctly. You can use the **df**, **lvs,** and **vgs** commands to do this.
### Resizing a logical volume in an LVM filesystem
The need to resize a filesystem has been around since the beginning of the first versions of Unix and has not gone away with Linux. It has gotten easier, however, with Logical Volume Management.
1. If necessary, install a new hard drive.
2. Optional: Create a partition on the hard drive.
3. Create a physical volume (PV) of the complete hard drive or a partition on the hard drive.
4. Assign the new physical volume to an existing volume group (VG) or create a new volume group.
5. Create one or more logical volumes (LV) from the space in the volume group, or expand an existing logical volume with some or all of the new space in the volume group.
6. If you created a new logical volume, create a filesystem on it. If adding space to an existing logical volume, use the resize2fs command to enlarge the filesystem to fill the space in the logical volume.
7. Add appropriate entries to /etc/fstab for mounting the filesystem.
8. Mount the filesystem.
### Example
This example describes how to resize an existing Logical Volume in an LVM environment using the CLI. It adds about 50GB of space to the /Stuff filesystem. This procedure can be used on a mounted, live filesystem only with the Linux 2.6 Kernel (and higher) and EXT3 and EXT4 filesystems. I do not recommend that you do so on any critical system, but it can be done and I have done so many times; even on the root (/) filesystem. Use your judgment.
WARNING: Only the EXT3 and EXT4 filesystems can be resized on the fly on a running, mounted filesystem. Many other filesystems including BTRFS and ZFS cannot be resized.
### Install the hard drive
If there is not enough space on the existing hard drive(s) in the system to add the desired amount of space it may be necessary to add a new hard drive and create the space to add to the Logical Volume. First, install the physical hard drive and then perform the following steps.
### Create a Physical Volume from the hard drive
It is first necessary to create a new Physical Volume (PV). Use the command below, which assumes that the new hard drive is assigned as /dev/hdd.
```
pvcreate /dev/hdd
```
It is not necessary to create a partition of any kind on the new hard drive. This creation of the Physical Volume which will be recognized by the Logical Volume Manager can be performed on a newly installed raw disk or on a Linux partition of type 83\. If you are going to use the entire hard drive, creating a partition first does not offer any particular advantages and uses disk space for metadata that could otherwise be used as part of the PV.
### Add PV to existing Volume Group
For this example, we will use the new PV to extend an existing Volume Group. After the Physical Volume has been created, extend the existing Volume Group (VG) to include the space on the new PV. In this example, the existing Volume Group is named MyVG01.
```
vgextend /dev/MyVG01 /dev/hdd
```
### Extend the Logical Volume
Extend the Logical Volume (LV) from existing free space within the Volume Group. The command below expands the LV by 50GB. The Volume Group name is MyVG01 and the Logical Volume Name is Stuff.
```
lvextend -L +50G /dev/MyVG01/Stuff
```
### Expand the filesystem
Extending the Logical Volume will also expand the filesystem if you use the -r option. If you do not use the -r option, that task must be performed separately. The command below resizes the filesystem to fit the newly resized Logical Volume.
```
resize2fs /dev/MyVG01/Stuff
```
You should check to verify the resizing has been performed correctly. You can use the **df**, **lvs,** and **vgs** commands to do this.
### Tips
Over the years I have learned a few things that can make logical volume management even easier than it already is. Hopefully these tips can prove of some value to you.
* Use the Extended file systems unless you have a clear reason to use another filesystem. Not all filesystems support resizing but EXT2, 3, and 4 do. The EXT filesystems are also very fast and efficient. In any event, they can be tuned by a knowledgeable sysadmin to meet the needs of most environments if the defaults tuning parameters do not.
* Use meaningful volume and volume group names.
* Use EXT filesystem labels.
I know that, like me, many sysadmins have resisted the change to Logical Volume Management. I hope that this article will encourage you to at least try LVM. I am really glad that I did; my disk management tasks are much easier since I made the switch.
### About the author
[![](https://opensource.com/sites/default/files/styles/profile_pictures/public/david-crop.jpg?itok=oePpOpyV)][10]
David Both - David Both is a Linux and Open Source advocate who resides in Raleigh, North Carolina. He has been in the IT industry for over forty years and taught OS/2 for IBM where he worked for over 20 years. While at IBM, he wrote the first training course for the original IBM PC in 1981\. He has taught RHCE classes for Red Hat and has worked at MCI Worldcom, Cisco, and the State of North Carolina. He has been working with Linux and Open Source Software for almost 20 years. David has written articles for... [more about David Both][7][More about me][8]
--------------------------------------------------------------------------------
via: https://opensource.com/business/16/9/linux-users-guide-lvm
作者:[ David Both][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://opensource.com/users/dboth
[1]:https://opensource.com/resources/what-is-linux?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent
[2]:https://opensource.com/resources/what-are-linux-containers?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent
[3]:https://developers.redhat.com/promotions/linux-cheatsheet/?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent
[4]:https://developers.redhat.com/cheat-sheet/advanced-linux-commands-cheatsheet?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent
[5]:https://opensource.com/tags/linux?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent
[6]:https://opensource.com/business/16/9/linux-users-guide-lvm?rate=79vf1js7A7rlp-I96YFneopUQqsa2SuB-g-og7eiF1U
[7]:https://opensource.com/users/dboth
[8]:https://opensource.com/users/dboth
[9]:https://opensource.com/user/14106/feed
[10]:https://opensource.com/users/dboth
[11]:https://opensource.com/users/dboth
[12]:https://opensource.com/users/dboth
[13]:https://opensource.com/business/16/9/linux-users-guide-lvm#comments
[14]:https://opensource.com/tags/business
[15]:https://opensource.com/tags/linux
[16]:https://opensource.com/tags/how-tos-and-tutorials
[17]:https://opensource.com/tags/sysadmin

2
sources/tech/20171005 How to manage Linux containers with Ansible Container.md
View File

@ -1,4 +1,4 @@
How to manage Linux containers with Ansible Container
Translating by qhwdw How to manage Linux containers with Ansible Container
============================================================
### Ansible Container addresses Dockerfile shortcomings and offers complete management for containerized projects.

60
sources/tech/20171118 Language engineering for great justice.md
View File

@ -1,60 +0,0 @@
Translating by ValoniaKim
Language engineering for great justice
============================================================
Whole-systems engineering, when you get good at it, goes beyond being entirely or even mostly about technical optimizations. Every artifact we make is situated in a context of human action that widens out to the economics of its use, the sociology of its users, and the entirety of what Austrian economists call “praxeology”, the science of purposeful human behavior in its widest scope.
This isnt just abstract theory for me. When I wrote my papers on open-source development, they were exactly praxeology they werent about any specific software technology or objective but about the context of human action within which technology is worked. An increase in praxeological understanding of technology can reframe it, leading to tremendous increases in human productivity and satisfaction, not so much because of changes in our tools but because of changes in the way we grasp them.
In this, the third of my unplanned series of posts about the twilight of C and the huge changes coming as we actually begin to see forward into a new era of systems programming, Im going to try to cash that general insight out into some more specific and generative ideas about the design of computer languages, why they succeed, and why they fail.
In my last post I noted that every computer language is an embodiment of a relative-value claim, an assertion about the optimal tradeoff between spending machine resources and spending programmer time, all of this in a context where the cost of computing power steadily falls over time while programmer-time costs remain relatively stable or may even rise. I also highlighted the additional role of transition costs in pinning old tradeoff assertions into place. I described what language designers do as seeking a new optimum for present and near-future conditions.
Now Im going to focus on that last concept. A language designer has lots of possible moves in language-design space from where the state of the art is now. What kind of type system? GC or manual allocation? What mix of imperative, functional, or OO approaches? But in praxeological terms his choice is, I think, usually much simpler: attack a near problem or a far problem?
“Near” and “far” are measured along the curves of falling hardware costs, rising software complexity, and increasing transition costs from existing languages. A near problem is one the designer can see right in front of him; a far problem is a set of conditions that can be seen coming but wont necessarily arrive for some time. A near solution can be deployed immediately, to great practical effect, but may age badly as conditions change. A far solution is a bold bet that may smother under the weight of its own overhead before its future arrives, or never be adopted at all because moving to it is too expensive.
Back at the dawn of computing, FORTRAN was a near-problem design, LISP a far-problem one. Assemblers are near solutions. Illustrating that the categories apply to non-general-purpose languages, also roff markup. Later in the game, PHP and Javascript. Far solutions? Oberon. Ocaml. ML. XML-Docbook. Academic languages tend to be far because the incentive structure around them rewards originality and intellectual boldness (note that this is a praxeological cause, not a technical one!). The failure mode of academic languages is predictable; high inward transition costs, nobody goes there, failure to achieve community critical mass sufficient for mainstream adoption, isolation, and stagnation. (Thats a potted history of LISP in one sentence, and I say that as an old LISP-head with a deep love for the language…)
The failure modes of near designs are uglier. The best outcome to hope for is a graceful death and transition to a newer design. If they hang on (most likely to happen when transition costs out are high) features often get piled on them to keep them relevant, increasing complexity until they become teetering piles of cruft. Yes, C++, Im looking at you. You too, Javascript. And (alas) Perl, though Larry Walls good taste mitigated the problem for many years but that same good taste eventually moved him to blow up the whole thing for Perl 6.
This way of thinking about language design encourages reframing the designers task in terms of two objectives. (1) Picking a sweet spot on the near-far axis away from you into the projected future; and (2) Minimizing inward transition costs from one or more existing languages so you co-opt their userbases. And now lets talk about about how C took over the world.
There is no more more breathtaking example than C than of nailing the near-far sweet spot in the entire history of computing. All I need to do to prove this is point at its extreme longevity as a practical, mainstream language that successfully saw off many competitors for its roles over much of its range. That timespan has now passed about 35 years (counting from when it swamped its early competitors) and is not yet with certainty ended.
OK, you can attribute some of Cs persistence to inertia if you want, but what are you really adding to the explanation if you use the word “inertia”? What it means is exactly that nobody made an offer that actually covered the transition costs out of the language!
Conversely, an underappreciated strength of the language was the low inward transition costs. C is an almost uniquely protean tool that, even at the beginning of its long reign, could readily accommodate programming habits acquired from languages as diverse as FORTRAN, Pascal, assemblers and LISP. I noticed back in the 1980s that I could often spot a new C programmers last language by his coding style, which was just the flip side of saying that C was damn good at gathering all those tribes unto itself.
C++ also benefited from having low transition costs in. Later, most new languages at least partly copied C syntax in order to minimize them.Notice what this does to the context of future language designs: it raises the value of being a C-like as possible in order to minimize inward transition costs from anywhere.
Another way to minimize inward transition costs is to simply be ridiculously easy to learn, even to people with no prior programming experience. This, however, is remarkably hard to pull off. I evaluate that only one language Python has made the major leagues by relying on this quality. I mention it only in passing because its not a strategy I expect to see a  _systems_  language execute successfully, though Id be delighted to be wrong about that.
So here we are in late 2017, and…the next part is going to sound to some easily-annoyed people like Go advocacy, but it isnt. Go, itself, could turn out to fail in several easily imaginable ways. Its troubling that the Go team is so impervious to some changes their user community is near-unanimously and rightly (I think) insisting it needs. Worst-case GC latency, or the throughput sacrifices made to lower it, could still turn out to drastically narrow the languages application range.
That said, there is a grand strategy expressed in the Go design that I think is right. To understand it, we need to review what the near problem for a C replacement is. As I noted in the prequels, it is rising defect rates as systems projects scale up and specifically memory-management bugs because that category so dominates crash bugs and security exploits.
Weve now identified two really powerful imperatives for a C replacement: (1) solve the memory-management problem, and (2) minimize inward-transition costs from C. And the history the praxeological context of programming languages tells us that if a C successor candidate dont address the transition-cost problem effectively enough, it almost doesnt matter how good a job it does on anything else. Conversely, a C successor that  _does_  address transition costs well buys itself a lot of slack for not being perfect in other ways.
This is what Go does. Its not a theoretical jewel; it has annoying limitations; GC latency presently limits how far down the stack it can be pushed. But what it is doing is replicating the Unix/C infective strategy of being easy-entry and  _good enough_  to propagate faster than alternatives that, if it didnt exist, would look like better far bets.
Of course, the proboscid in the room when I say that is Rust. Which is, in fact, positioning itself as the better far bet. Ive explained in previous installments why I dont think its really ready to compete yet. The TIOBE and PYPL indices agree; its never made the TIOBE top 20 and on both indices does quite poorly against Go.
Where Rust will be in five years is a different question, of course. My advice to the Rust community, if they care, is to pay some serious attention to the transition-cost problem. My personal experience says the C to Rust energy barrier is  _[nasty][2]_ . Code-lifting tools like Corrode wont solve it if all they do is map C to unsafe Rust, and if there were an easy way to automate ownership/lifetime annotations they wouldnt be needed at all the compiler would just do that for you. I dont know what a solution would look like, here, but I think they better find one.
I will finally note that Ken Thompson has a history of designs that look like minimal solutions to near problems but turn out to have an amazing quality of openness to the future, the capability to  _be improved_ . Unix is like this, of course. It makes me very cautious about supposing that any of the obvious annoyances in Go that look like future-blockers to me (like, say, the lack of generics) actually are. Because for that to be true, Id have to be smarter than Ken, which is not an easy thing to believe.
--------------------------------------------------------------------------------
via: http://esr.ibiblio.org/?p=7745
作者:[Eric Raymond ][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://esr.ibiblio.org/?author=2
[1]:http://esr.ibiblio.org/?author=2
[2]:http://esr.ibiblio.org/?p=7711&cpage=1#comment-1913931
[3]:http://esr.ibiblio.org/?p=7745

156
sources/tech/20171128 How To Tell If Your Linux Server Has Been Compromised.md
View File

@ -1,156 +0,0 @@
translating by lujun9972
How To Tell If Your Linux Server Has Been Compromised
--------------
A server being compromised or hacked for the purpose of this guide is an unauthorized person or bot logging into the server in order to use it for their own, usually negative ends.
Disclaimer: If your server has been compromised by a state organization like the NSA or a serious criminal group then you will not notice any problems and the following techniques will not register their presence.
However, the majority of compromised servers are carried out by bots i.e. automated attack programs, in-experienced attackers e.g. “script kiddies”, or dumb criminals.
These sorts of attackers will abuse the server for all its worth whilst they have access to it and take few precautions to hide what they are doing.
### Symptoms of a compromised server
When a server has been compromised by an in-experienced or automated attacker they will usually do something with it that consumes 100% of a resource. This resource will usually be either the CPU for something like crypt-currency mining or email spamming, or bandwidth for launching a DOS attack.
This means that the first indication that something is amiss is that the server is “going slow”. This could manifest in the website serving pages much slower than usual, or email taking many minutes to deliver or send.
So what should you look for?
### Check 1 - Whos currently logged in?
The first thing you should look for is who is currently logged into the server. It is not uncommon to find the attacker actually logged into the server and working on it.
The shell command to do this is w. Running w gives the following output:
```
08:32:55 up 98 days, 5:43, 2 users, load average: 0.05, 0.03, 0.00
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 113.174.161.1 08:26 0.00s 0.03s 0.02s ssh root@coopeaa12
root pts/1 78.31.109.1 08:26 0.00s 0.01s 0.00s w
```
One of those IPs is a UK IP and the second is Vietnamese. Thats probably not a good thing.
Stop and take a breath, dont panic and simply kill their SSH connection. Unless you can stop then re-entering the server they will do so quickly and quite likely kick you off and stop you getting back in.
Please see the What should I do if Ive been compromised section at the end of this guide no how to proceed if you do find evidence of compromise.
The whois command can be run on IP addresses and will tell you what all the information about the organization that the IP is registered to, including the country.
### Check 2 - Who has logged in?
Linux servers keep a record of which users logged in, from what IP, when and for how long. This information is accessed with the last command.
The output looks like this:
```
root pts/1 78.31.109.1 Thu Nov 30 08:26 still logged in
root pts/0 113.174.161.1 Thu Nov 30 08:26 still logged in
root pts/1 78.31.109.1 Thu Nov 30 08:24 - 08:26 (00:01)
root pts/0 113.174.161.1 Wed Nov 29 12:34 - 12:52 (00:18)
root pts/0 14.176.196.1 Mon Nov 27 13:32 - 13:53 (00:21)
```
There is a mix of my UK IPs and some Vietnamese ones, with the top two still logged in. If you see any IPs that are not authorized then refer to the final section.
The login history is contained in a text file at ~/.bash_history and is therefore easily removable. Often, attackers will simply delete this file to try to cover their tracks. Consequently, if you run last and only see your current login, this is a Bad Sign.
If there is no login history be very, very suspicious and continue looking for indications of compromise.
### Check 3 - Review the command history
This level of attacker will frequently take no precautions to leave no command history so running the history command will show you everything they have done. Be on the lookout for wget or curl commands to download out-of-repo software such as spam bots or crypto miners.
The command history is contained in the ~/.bash_history file so some attackers will delete this file to cover what they have done. Just as with the login history, if you run history and dont see anything then the history file has been deleted. Again this is a Bad Sign and you should review the server very carefully.
### Check 4 - Whats using all the CPU?
The sorts of attackers that you will encounter usually dont take too many precautions to hide what they are doing. So they will run processes that consume all the CPU. This generally makes it pretty easy to spot them. Simply run top and look at the highest process.
This will also show people exploiting your server without having logged in. This could be, for example, someone using an unprotected form-mail script to relay spam.
If you dont recognize the top process then either Google its name or investigate what its doing with losf or strace.
To use these tools first copy its PID from top and run:
```
strace -p PID
```
This will display all the system calls the process is making. Its a lot of information but looking through it will give you a good idea whats going on.
```
lsof -p PID
```
This program will list the open files that the process has. Again, this will give you a good idea what its doing by showing you what files it is accessing.
### Check 5 - Review the all the system processes
If an unauthorized process is not consuming enough CPU to get listed noticeably on top it will still get displayed in a full process listing with ps. My proffered command is ps auxf for providing the most information clearly.
You should be looking for any processes that you dont recognize. The more times you run ps on your servers (which is a good habit to get into) the more obvious an alien process will stand out.
### Check 6 - Review network usage by process
The command iftop functions like top to show a ranked list of processes that are sending and receiving network data along with their source and destination. A process like a DOS attack or spam bot will immediately show itself at the top of the list.
### Check 7 - What processes are listening for network connections?
Often an attacker will install a program that doesnt do anything except listen on the network port for instructions. This does not consume CPU or bandwidth whilst it is waiting so can get overlooked in the top type commands.
The commands lsof and netstat will both list all networked processes. I use them with the following options:
```
lsof -i
```
```
netstat -plunt
```
You should look for any process that is listed as in the LISTEN or ESTABLISHED status as these processes are either waiting for a connection (LISTEN) or have a connection open (ESTABLISHED). If you dont recognize these processes use strace or lsof to try to see what they are doing.
### What should I do if Ive been compromised?
The first thing to do is not to panic, especially if the attacker is currently logged in. You need to be able to take back control of the machine before the attacker is aware that you know about them. If they realize you know about them they may well lock you out of your server and start destroying any assets out of spite.
If you are not very technical then simply shut down the server. Either from the server itself with shutdown -h now or systemctl poweroff. Or log into your hosting providers control panel and shut down the server. Once its powered off you can work on the needed firewall rules and consult with your provider in your own time.
If youre feeling a bit more confident and your hosting provider has an upstream firewall then create and enable the following two rules in this order:
1. Allow SSH traffic from only your IP address.
2. Block everything else, not just SSH but every protocol on every port.
This will immediately kill their SSH session and give only you access to the server.
If you dont have access to an upstream firewall then you will have to create and enable these firewall rules on the server itself and then, when they are in place kill the attackers ssh session with the kill command.
A final method, where available, is to log into the server via an out-of-band connection such as the serial console and stop networking with systemctl stop network.service. This will completely stop any network access so you can now enable the firewall rules in your own time.
Once you have regained control of the server do not trust it.
Do not attempt to fix things up and continue using the server. You can never be sure what the attacker did and so you can never sure the server is secure.
The only sensible course of action is to copy off all the data that you need and start again from a fresh install.
--------------------------------------------------------------------------------
via: https://bash-prompt.net/guides/server-hacked/
作者:[Elliot Cooper][a]
译者:[lujun9972](https://github.com/lujun9972)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://bash-prompt.net

3
sources/tech/20171128 Why Python and Pygame are a great pair for beginning programmers.md
View File

@ -1,3 +1,4 @@
(translating by runningwater)
Why Python and Pygame are a great pair for beginning programmers
============================================================
@ -101,7 +102,7 @@ Despite my recommendation, I always suspect that kids soon move to JavaScript. A
via: https://opensource.com/article/17/11/pygame
作者:[Craig Oda ][a]
译者:[译者ID](https://github.com/译者ID)
译者:[runningwater](https://github.com/runningwater)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出

294
sources/tech/20171130 How to find all files with a specific text using Linux shell .md Normal file
View File

@ -0,0 +1,294 @@
translating by lujun9972
How to find all files with a specific text using Linux shell
------
### Objective
The following article provides some useful tips on how to find all files within any specific directory or entire file-system containing any specific word or string.
### Difficulty
EASY
### Conventions
* # - requires given command to be executed with root privileges either directly as a root user or by use of sudo command
* $ - given command to be executed as a regular non-privileged user
### Examples
### Find all files with a specific string non-recursively
The first command example will search for a string
`stretch`
in all files within
`/etc/`
directory while excluding any sub-directories:
```
# grep -s stretch /etc/*
/etc/os-release:PRETTY_NAME="Debian GNU/Linux 9 (stretch)"
/etc/os-release:VERSION="9 (stretch)"
```
`-s`
grep option will suppress error messages about nonexistent or unreadable files. The output shows filenames as well as prints the actual line containing requested string.
### Find all files with a specific string recursively
The above command omitted all sub-directories. To search recursively means to also traverse all sub-directories. The following command will search for a string
`stretch`
in all files within
`/etc/`
directory including all sub-directories:
```
# grep -R stretch /etc/*
/etc/apt/sources.list:# deb cdrom:[Debian GNU/Linux testing _Stretch_ - Official Snapshot amd64 NETINST Binary-1 20170109-05:56]/ stretch main
/etc/apt/sources.list:#deb cdrom:[Debian GNU/Linux testing _Stretch_ - Official Snapshot amd64 NETINST Binary-1 20170109-05:56]/ stretch main
/etc/apt/sources.list:deb http://ftp.au.debian.org/debian/ stretch main
/etc/apt/sources.list:deb-src http://ftp.au.debian.org/debian/ stretch main
/etc/apt/sources.list:deb http://security.debian.org/debian-security stretch/updates main
/etc/apt/sources.list:deb-src http://security.debian.org/debian-security stretch/updates main
/etc/dictionaries-common/words:backstretch
/etc/dictionaries-common/words:backstretch's
/etc/dictionaries-common/words:backstretches
/etc/dictionaries-common/words:homestretch
/etc/dictionaries-common/words:homestretch's
/etc/dictionaries-common/words:homestretches
/etc/dictionaries-common/words:outstretch
/etc/dictionaries-common/words:outstretched
/etc/dictionaries-common/words:outstretches
/etc/dictionaries-common/words:outstretching
/etc/dictionaries-common/words:stretch
/etc/dictionaries-common/words:stretch's
/etc/dictionaries-common/words:stretched
/etc/dictionaries-common/words:stretcher
/etc/dictionaries-common/words:stretcher's
/etc/dictionaries-common/words:stretchers
/etc/dictionaries-common/words:stretches
/etc/dictionaries-common/words:stretchier
/etc/dictionaries-common/words:stretchiest
/etc/dictionaries-common/words:stretching
/etc/dictionaries-common/words:stretchy
/etc/grub.d/00_header:background_image -m stretch `make_system_path_relative_to_its_root "$GRUB_BACKGROUND"`
/etc/os-release:PRETTY_NAME="Debian GNU/Linux 9 (stretch)"
/etc/os-release:VERSION="9 (stretch)"
```
The above
`grep`
command example lists all files containing string
`stretch`
. Meaning the lines with
`stretches`
,
`stretched`
etc. are also shown. Use grep's
`-w`
option to show only a specific word:
```
# grep -Rw stretch /etc/*
/etc/apt/sources.list:# deb cdrom:[Debian GNU/Linux testing _Stretch_ - Official Snapshot amd64 NETINST Binary-1 20170109-05:56]/ stretch main
/etc/apt/sources.list:#deb cdrom:[Debian GNU/Linux testing _Stretch_ - Official Snapshot amd64 NETINST Binary-1 20170109-05:56]/ stretch main
/etc/apt/sources.list:deb http://ftp.au.debian.org/debian/ stretch main
/etc/apt/sources.list:deb-src http://ftp.au.debian.org/debian/ stretch main
/etc/apt/sources.list:deb http://security.debian.org/debian-security stretch/updates main
/etc/apt/sources.list:deb-src http://security.debian.org/debian-security stretch/updates main
/etc/dictionaries-common/words:stretch
/etc/dictionaries-common/words:stretch's
/etc/grub.d/00_header:background_image -m stretch `make_system_path_relative_to_its_root "$GRUB_BACKGROUND"`
/etc/os-release:PRETTY_NAME="Debian GNU/Linux 9 (stretch)"
/etc/os-release:VERSION="9 (stretch)"
```
The above commands may produce an unnecessary output. The next example will only show all file names containing string
`stretch`
within
`/etc/`
directory recursively:
```
# grep -Rl stretch /etc/*
/etc/apt/sources.list
/etc/dictionaries-common/words
/etc/grub.d/00_header
/etc/os-release
```
All searches are by default case sensitive which means that any search for a string
`stretch`
will only show files containing the exact uppercase and lowercase match. By using grep's
`-i`
option the command will also list any lines containing
`Stretch`
,
`STRETCH`
,
`StReTcH`
etc., hence, to perform case-insensitive search.
```
# grep -Ril stretch /etc/*
/etc/apt/sources.list
/etc/dictionaries-common/default.hash
/etc/dictionaries-common/words
/etc/grub.d/00_header
/etc/os-release
```
Using
`grep`
command it is also possible to include only specific files as part of the search. For example we only would like to search for a specific text/string within configuration files with extension
`.conf`
. The next example will find all files with extension
`.conf`
within
`/etc`
directory containing string
`bash`
:
```
# grep -Ril bash /etc/*.conf
OR
# grep -Ril --include=\*.conf bash /etc/*
/etc/adduser.conf
```
`--exclude`
option we can exclude any specific filenames:
```
# grep -Ril --exclude=\*.conf bash /etc/*
/etc/alternatives/view
/etc/alternatives/vim
/etc/alternatives/vi
/etc/alternatives/vimdiff
/etc/alternatives/rvim
/etc/alternatives/ex
/etc/alternatives/rview
/etc/bash.bashrc
/etc/bash_completion.d/grub
/etc/cron.daily/apt-compat
/etc/cron.daily/exim4-base
/etc/dictionaries-common/default.hash
/etc/dictionaries-common/words
/etc/inputrc
/etc/passwd
/etc/passwd-
/etc/profile
/etc/shells
/etc/skel/.profile
/etc/skel/.bashrc
/etc/skel/.bash_logout
```
Same as with files grep can also exclude specific directories from the search. Use
`--exclude-dir`
option to exclude directory from search. The following search example will find all files containing string
`stretch`
within
`/etc`
directory and exclude
`/etc/grub.d`
from search:
```
# grep --exclude-dir=/etc/grub.d -Rwl stretch /etc/*
/etc/apt/sources.list
/etc/dictionaries-common/words
/etc/os-release
```
By using
`-n`
option grep will also provide an information regarding a line number where the specific string was found:
```
# grep -Rni bash /etc/*.conf
/etc/adduser.conf:6:DSHELL=/bin/bash
```
The last example will use
`-v`
option to list all files NOT containing a specific keyword. For example the following search will list all files within
`/etc/`
directory which do not contain string
`stretch`
:
```
# grep -Rlv stretch /etc/*
```
--------------------------------------------------------------------------------
via: https://linuxconfig.org/how-to-find-all-files-with-a-specific-text-using-linux-shell
作者:[Lubos Rendek][a]
译者:[lujun9972](https://github.com/lujun9972)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://linuxconfig.org

135
sources/tech/20171130 Wake up and Shut Down Linux Automatically.md
View File

@ -1,135 +0,0 @@
translating by HardworkFish
Wake up and Shut Down Linux Automatically
============================================================
### [banner.jpg][1]
![time keeper](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/banner.jpg?itok=zItspoSb)
Learn how to configure your Linux computers to watch the time for you, then wake up and shut down automatically.
[Creative Commons Attribution][6][The Observatory at Delhi][7]
Don't be a watt-waster. If your computers don't need to be on then shut them down. For convenience and nerd creds, you can configure your Linux computers to wake up and shut down automatically.
### Precious Uptimes
Some computers need to be on all the time, which is fine as long as it's not about satisfying an uptime compulsion. Some people are very proud of their lengthy uptimes, and now that we have kernel hot-patching that leaves only hardware failures requiring shutdowns. I think it's better to be practical. Save electricity as well as wear on your moving parts, and shut them down when they're not needed. For example, you can wake up a backup server at a scheduled time, run your backups, and then shut it down until it's time for the next backup. Or, you can configure your Internet gateway to be on only at certain times. Anything that doesn't need to be on all the time can be configured to turn on, do a job, and then shut down.
### Sleepies
For computers that don't need to be on all the time, good old cron will shut them down reliably. Use either root's cron, or /etc/crontab. This example creates a root cron job to shut down every night at 11:15 p.m.
```
# crontab -e -u root
# m h dom mon dow command
15 23 * * * /sbin/shutdown -h now
```
```
15 23 * * 1-5 /sbin/shutdown -h now
```
You may also use /etc/crontab, which is fast and easy, and everything is in one file. You have to specify the user:
```
15 23 * * 1-5 root shutdown -h now
```
Auto-wakeups are very cool; most of my SUSE colleagues are in Nuremberg, so I am crawling out of bed at 5 a.m. to have a few hours of overlap with their schedules. My work computer turns itself on at 5:30 a.m., and then all I have to do is drag my coffee and myself to my desk to start work. It might not seem like pressing a power button is a big deal, but at that time of day every little thing looms large.
Waking up your Linux PC can be less reliable than shutting it down, so you may want to try different methods. You can use wakeonlan, RTC wakeups, or your PC's BIOS to set scheduled wakeups. These all work because, when you power off your computer, it's not really all the way off; it is in an extremely low-power state and can receive and respond to signals. You need to use the power supply switch to turn it off completely.
### BIOS Wakeup
A BIOS wakeup is the most reliable. My system BIOS has an easy-to-use wakeup scheduler (Figure 1). Chances are yours does, too. Easy peasy.
### [fig-1.png][2]
![wake up](https://www.linux.com/sites/lcom/files/styles/floated_images/public/fig-1_11.png?itok=8qAeqo1I)
Figure 1: My system BIOS has an easy-to-use wakeup scheduler.
[Used with permission][8]
### wakeonlan
wakeonlan is the next most reliable method. This requires sending a signal from a second computer to the computer you want to power on. You could use an Arduino or Raspberry Pi to send the wakeup signal, a Linux-based router, or any Linux PC. First, look in your system BIOS to see if wakeonlan is supported -- which it should be -- and then enable it, as it should be disabled by default.
Then, you'll need an Ethernet network adapter that supports wakeonlan; wireless adapters won't work. You'll need to verify that your Ethernet card supports wakeonlan:
```
# ethtool eth0 | grep -i wake-on
Supports Wake-on: pumbg
Wake-on: g
```
* d -- all wake ups disabled
* p -- wake up on physical activity
* u -- wake up on unicast messages
* m -- wake up on multicast messages
* b -- wake up on broadcast messages
* a -- wake up on ARP messages
* g -- wake up on magic packet
* s -- set the Secure On password for the magic packet
man ethtool is not clear on what the p switch does; it suggests that any signal will cause a wake up. In my testing, however, it doesn't do that. The one that must be enabled is g -- wake up on magic packet, and the Wake-on line shows that it is already enabled. If it is not enabled, you can use ethtool to enable it, using your own device name, of course:
```
# ethtool -s eth0 wol g
```
```
@reboot /usr/bin/ethtool -s eth0 wol g
```
### [fig-2.png][3]
![wakeonlan](https://www.linux.com/sites/lcom/files/styles/floated_images/public/fig-2_7.png?itok=XQAwmHoQ)
Figure 2: Enable Wake on LAN.
[Used with permission][9]
Another option is recent Network Manager versions have a nice little checkbox to enable wakeonlan (Figure 2).
There is a field for setting a password, but if your network interface doesn't support the Secure On password, it won't work.
Now you need to configure a second PC to send the wakeup signal. You don't need root privileges, so create a cron job for your user. You need the MAC address of the network interface on the machine you're waking up:
```
30 08 * * * /usr/bin/wakeonlan D0:50:99:82:E7:2B
```
Using the real-time clock for wakeups is the least reliable method. Check out [Wake Up Linux With an RTC Alarm Clock][4]; this is a bit outdated as most distros use systemd now. Come back next week to learn more about updated ways to use RTC wakeups.
Learn more about Linux through the free ["Introduction to Linux" ][5]course from The Linux Foundation and edX.
--------------------------------------------------------------------------------
via: https://www.linux.com/learn/intro-to-linux/2017/11/wake-and-shut-down-linux-automatically
作者:[Carla Schroder]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[1]:https://www.linux.com/files/images/bannerjpg
[2]:https://www.linux.com/files/images/fig-1png-11
[3]:https://www.linux.com/files/images/fig-2png-7
[4]:https://www.linux.com/learn/wake-linux-rtc-alarm-clock
[5]:https://training.linuxfoundation.org/linux-courses/system-administration-training/introduction-to-linux
[6]:https://www.linux.com/licenses/category/creative-commons-attribution
[7]:http://www.columbia.edu/itc/mealac/pritchett/00routesdata/1700_1799/jaipur/delhijantarearly/delhijantarearly.html
[8]:https://www.linux.com/licenses/category/used-permission
[9]:https://www.linux.com/licenses/category/used-permission

2
sources/tech/20171201 How to find a publisher for your tech book.md
View File

@ -1,3 +1,5 @@
Translating by FelixYFZ
How to find a publisher for your tech book
============================================================

1
sources/tech/20171201 Randomize your WiFi MAC address on Ubuntu 16.04.md
View File

@ -1,3 +1,4 @@
translating by wenwensnow
Randomize your WiFi MAC address on Ubuntu 16.04
============================================================

188
sources/tech/20171203 Best Network Monitoring Tools For Linux.md Normal file
View File

@ -0,0 +1,188 @@
Best Network Monitoring Tools For Linux
===============================
Keeping control of our network is vital to prevent any program from overusing it and slows down the overall system operation. There are several
**network monitoring tools**
for different operating systems today. In this article, we will talk about
**10 network monitoring tools for Linux**
that will run from a terminal, ideal for users who do not use GUI or for those who want to keep a control of the network use of a server through from ssh.
### Iftop
[![iftop network monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/iftop_orig.png)][2]
Linux users are generally familiar with Top. This tool is a system monitor that allows us to know in real time all the processes that are running in our system and can manage them easily. Iftop is an application similar to Top but specialized in the monitoring of the network, being able to know a multitude of details regarding the network and all the processes that are making use of it.
We can obtain more information about this tool and download the necessary packages from the
[following link][3]
.
### Vnstat
[![vnstat network monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/editor/vnstat.png?1511885309)][4] **Vnstat**
is a network monitor that is included, by default, in most Linux distributions. It allows us to obtain a real-time control of the traffic sent and received in a period of time, chosen by the user.
We can obtain more information about this tool and download the necessary packages from the
[following link.][5]
### Iptraf
[![iptraf monitoring tool for linux](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/iptraf_orig.gif)][6] **IPTraf**
is a console-based, real-time network monitoring utility for Linux. (IP LAN) - Collects a wide variety of information as an IP traffic monitor that passes through the network, including TCP flags information, ICMP details, TCP / UDP traffic faults, TCP connection packet and Byne account. It also collects statistics information from the general and detailed interface of TCP, UDP,,, checksum errors IP not IP ICMP IP, interface activity, etc.
We can obtain more information about this tool and download the necessary packages from the
[following link.][7]
### Monitorix - System and Monitoring Network
[![monitorix system monitoring tool for linux](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/monitorix_orig.png)][8]
Monitorix is a lightweight free utility that is designed to run and monitor system and network resources with as many Linux / Unix servers as possible. An HTTP web server has been added that regularly collects system and network information and displays them in the graphs. It will track the average system load and its usage, memory allocation, disk health, system services, network ports, mail statistics (Sendmail, Postfix, Dovecot, etc.), MySQL statistics and many more. It is designed to control the overall performance of the system and helps in detecting faults, bottlenecks, abnormal activities, etc.
Download and more
[information here][9]
.
### Dstat
[![dstat network monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/dstat_orig.png)][10]
A monitor is somewhat less known than the previous ones but also usually comes by default in many distributions.
We can obtain more information about this tool and download the necessary packages from the
[following link][11]
.
### Bwm-ng
[![bwm-ng monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/bwm-ng_orig.png)][12]
One of the simplest tools. It allows you to get data from the connection interactively and, at the same time, export them to a certain format for easier reference on another device.
We can obtain more information about this tool and download the necessary packages from the
[following link][13]
.
### Ibmonitor
[![ibmonitor tool for linux](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/ibmonitor_orig.jpg)][14]
Similar to the above, it shows network traffic filtered by connection interface and clearly separates the traffic sent from the received traffic.
We can obtain more information about this tool and download the necessary packages from the
[following link][15]
.
### Htop - Linux Process Tracking
[![htop linux processes monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/htop_orig.png)][16]
Htop is a much more advanced, interactive and real-time Linux tool for tracking processes. It is similar to the top Linux command but has some advanced features such as an easy-to-use interface for process management, shortcut keys, vertical and horizontal view of processes and much more. Htop is a third-party tool and is not included on Linux systems, you must install it using
**YUM**
(or
**APT-GET)**
or whatever your package management tool. For more information on installation, read
[this article][17]
.
We can obtain more information about this tool and download the necessary packages from the
[following link.][18]
### Arpwatch - Ethernet Activity Monitor
[![arpwatch ethernet monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/arpwatch_orig.png)][19]
Arpwatch is a program that is designed to control the resolution of addresses (MAC and changes in the IP address) of Ethernet network traffic in a Linux network. It is continuously monitoring the Ethernet traffic and records the changes in the IP addresses and MAC addresses, the changes of pairs along with the timestamps in a network. It also has a function to send an e-mail notifying the administrator, when a couple is added or changes. It is very useful in detecting ARP impersonation in a network.
We can obtain more information about this tool and download the necessary packages from the
[following link.][20]
### Wireshark - Network Monitoring tool
[![wireshark network monitoring tool](http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/editor/how-to-use-wireshark_1.jpg?1512299583)][21] **[Wireshark][1]**
is a free application that enables you to catch and view the information going forward and backward on your system, giving the capacity to bore down and read the substance of every parcel separated to meet your particular needs. It is generally used to investigate arrange issues and additionally to create and test programming. This open-source convention analyzer is generally acknowledged as the business standard, prevailing upon what's coming to it's of honors the years.
Initially known as Ethereal, Wireshark highlights an easy to understand interface that can show information from many diverse conventions on all real system sorts.
### Conclusion
In this article, we have taken a gander at a few open source network monitoring tools. Because we concentrated on these instruments as the "best" does not really mean they are the best for your need. For instance, there are numerous other open source monitoring apparatuses that exist, for example, OpenNMS, Cacti, and Zennos and you need to consider the advantages of everyone from the point of view of your prerequisite.
Additionally, there are different apparatuses that might be more good for your need that is not open source.
What more network monitors do you use or know to use in Linux in terminal format?
--------------------------------------------------------------------------------
via: http://www.linuxandubuntu.com/home/best-network-monitoring-tools-for-linux
作者:[LinuxAndUbuntu][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://www.linuxandubuntu.com
[1]:https://www.wireshark.org/
[2]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/iftop_orig.png
[3]:http://www.ex-parrot.com/pdw/iftop/
[4]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/edited/vnstat.png
[5]:http://humdi.net/vnstat/
[6]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/iptraf_orig.gif
[7]:http://iptraf.seul.org/
[8]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/monitorix_orig.png
[9]:http://www.monitorix.org
[10]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/dstat_orig.png
[11]:http://dag.wiee.rs/home-made/dstat/
[12]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/bwm-ng_orig.png
[13]:http://sourceforge.net/projects/bwmng/
[14]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/ibmonitor_orig.jpg
[15]:http://ibmonitor.sourceforge.net/
[16]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/htop_orig.png
[17]:http://wesharethis.com/knowledgebase/htop-and-atop/
[18]:http://hisham.hm/htop/
[19]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/arpwatch_orig.png
[20]:http://linux.softpedia.com/get/System/Monitoring/arpwatch-NG-7612.shtml
[21]:http://www.linuxandubuntu.com/uploads/2/1/1/5/21152474/how-to-use-wireshark_1_orig.jpg

308
sources/tech/20171204 30 Best Linux Games On Steam You Should Play in 2017.md Normal file
View File

@ -0,0 +1,308 @@
yixunx translating
30 Best Linux Games On Steam You Should Play in 2017
============================================================
When it comes to Gaming, a system running on Windows platform is what anyone would recommend. It still is a superior choice for gamers with better graphics driver support and perfect hardware compatibility. But, what about the thought of [gaming on a Linux system][9]? Well, yes, of course it is possible maybe you thought of it at some point in time but the collection of Linux games on [Steam for Linux][10] platform wasnt appealing at all few years back.
However, thats not true at all for the current scene. The Steam store now has a lot of great games listed for Linux platform (including a lot of major titles). So, in this article, well be taking a look at the best Linux games on Steam.
But before we do that, let me tell you a money saving trick. If you are an avid gamer who spends plenty of time and money on gaming, you should subscribe to Humble Monthly. This monthly subscription program from [Humble Bundle][11] gives you $100 in games for just $12 each month.
Not all games might be available on Linux though but it is still a good deal because you get additional 10% discount on any games or books you buy from [Humble Bundle website][12].
The best thing here is that every purchase you make supports a charity organization. So, you are not just gaming, you are also making a difference to the world.
### Best Linux games on Steam
The list of best Linux games on steam is in no particular ranking order.
Additional Note: While theres a lot of games available on Steam for Linux, there are still a lot of problems you would face as a Linux gamer. You can refer to one of our articles to know about the [annoying experiences every Linux gamer encounters][14].
Jump Directly to your preferred genre of Games:
* [Action Games][3]
* [RPG Games][4]
* [Racing/Sports/Simulation Games][5]
* [Adventure Games][6]
* [Indie Games][7]
* [Strategy Games][8]
### Best Action Games for Linux On Steam
### 1\. Counter-Strike: Global Offensive (Multiplayer)
CS GO is definitely one of the best FPS games for Linux on Steam. I dont think this game needs an introduction but in case you are unaware of it I must mention that it is one of the most enjoyable FPS multiplayer game you would ever play. Youll observe CS GO is one of the games contributing a major part to the e-sports scene. To up your rank you need to play competitive matches. In either case, you can continue playing casual matches.
I could have listed Rainbow Six siege instead of Counter-Strike, but we still dont have it for Linux/Steam OS.
[CS: GO (Purchase)][15]
### 2\. Left 4 Dead 2 (Multiplayer/Singleplayer)
One of the most loved first-person zombie shooter multiplayer game. You may get it for as low as 1.3 USD on a Steam sale. It is an interesting game which gives you the chills and thrills youd expect from a zombie game. The game features swamps, cities, cemetries, and a lot more environments to keep things interesting and horrific. The guns arent super techy but definitely provides a realistic experience considering its an old game.
[Left 4 Dead 2 (Purchase)][16]
### 3\. Borderlands 2 (Singleplayer/Co-op)
Borderlands 2 is an interesting take on FPS games for PC. It isnt anything like you experienced before. The graphics look sketchy and cartoony but that does not let you miss the real action you always look for in a first-person shooter game. You can trust me on that!
If you are looking for one of the best Linux games with tons of DLC Borderlands 2 will definitely suffice.
[Borderlands 2 (Purchase)][17]
### 4\. Insurgency (Multiplayer)
Insurgency is yet another impressive FPS game available on Steam for Linux machines. It takes a different approach by eliminating the HUD or the ammo counter. As most of the reviewers mentioned pure shooting game focusing on the weapon and the tactics of your team. It may not be the best FPS game but it surely is one of them if you like Delta Force kinda shooters along with your squad.
[Insurgency (Purchase)][18]
### 5\. Bioshock: Infinite (Singleplayer)
Bioshock Infinite would definitely remain as one of the best singleplayer FPS games ever developed for PC. You get unrealistic powers to kill your enemies. And, so do your enemies have a lot of tricks up in the sleeves. It is a story-rich FPS game which you should not miss playing on your Linux system!
[BioShock: Infinite (Purchase)][19]
### 6\. HITMAN Game of the Year Edition (Singleplayer)
The Hitman series is obviously one of the most loved game series for a PC gamer. The recent iteration of HITMAN series saw an episodic release which wasnt appreciated much but now with Square Enix gone, the GOTY edition announced with a few more additions is back to the spotlight. Make sure to get creative with your assassinations in the game Agent 47!
[HITMAN (GOTY)][20]
### 7\. Portal 2
Portal 2 is the perfect blend of action and adventure. It is a puzzle game which lets you join co-op sessions and create interesting puzzles. The co-op mode features a completely different campaign when compared to the single player mode.
[Portal 2 (Purchase)][21]
### 8\. Deux Ex: Mankind Divided
If you are on the lookout for a shooter game focused on stealth skills Deux Ex would be the perfect addition to your Steam library. It is indeed a very beautiful game with some state-of-the-art weapons and crazy fighting mechanics.
[Deus Ex: Mankind Divided (Purchase)][22]
### 9\. Metro 2033 Redux / Metro Last Light Redux
Both Metro 2033 Redux and the Last Light are the definitive editions of the classic hit Metro 2033 and Last Light. The game has a post-apocalyptic setting. You need to eliminate all the mutants in order to ensure the survival of mankind. You should explore the rest when you get to play it!
[Metro 2033 Redux (Purchase)][23]
[Metro Last Light Redux (Purchase)][24]
### 10\. Tannenberg (Multiplayer)
Tannenberg is a brand new game announced a month before this article was published. The game is based on the Eastern Front (1914-1918) as a part of World War I. It is a multiplayer-only game. So, if you want to experience WWI gameplay experience, look no further!
[Tannenberg (Purchase)][25]
### Best RPG Games for Linux on Steam
### 11\. Shadow of Mordor
Shadow of Mordor is one of the most exciting open world RPG game you will find listed on Steam for Linux systems. You have to fight as a ranger (Talion) with the bright master (Celebrimbor) to defeat Saurons army (and then approach killing him). The fighting mechanics are very impressive. It is a must try game!
[SOM (Purchase)][26]
### 12\. Divinity: Original Sin Enhanced Edition
Divinity: Original is a kick-ass Indie-RPG game thats unique in itself and very much enjoyable. It is probably one of the highest rated RPG games with a mixture of Adventure & Strategy. The enhanced edition includes new game modes and a complete revamp of voice-overs, controller support, co-op sessions, and so much more.
[Divinity: Original Sin (Purchase)][27]
### 13\. Wasteland 2: Directors Cut
Wasteland 2 is an amazing CRPG game. If Fallout 4 was to be ported down as a CRPG as well this is what we would have expected it to be. The directors cut edition includes a complete visual overhaul with hundred new characters.
[Wasteland 2 (Purchase)][28]
### 14\. Darkwood
A horror-filled top-down view RPG game. You get to explore the world, scavenging materials, and craft weapons to survive.
[Darkwood (Purchase)][29]
### Best Racing/Sports/Simulation Games
### 15\. Rocket League
Rocket League is an action-packed soccer game conceptualized by rocket-powered battle cars. Not just driving the car and heading to the goal you can even make your opponents go kaboom!
A fantastic sports-action game every gamer must have installed!
[Rocket League (Purchase)][30]
### 16\. Road Redemption
Missing Road Rash? Well, Road Redemption will quench your thirst as a spiritual successor to Road Rash. Ofcourse, it is not officially “Road Rash II” but it is equally enjoyable. If you loved Road Rash, youll like it too.
[Road Redemption (Purchase)][31]
### 17\. Dirt Rally
Dirt Rally is for the gamers who want to experience off-road and on-road racing game. The visuals are breathtaking and the game is enjoyable with near to perfect driving mechanics.
[Dirt Rally (Purchase)][32]
### 18\. F1 2017
F1 2017 is yet another impressive car racing game from the developers of Dirt Rally (Codemasters & Feral Interactive). It features all of the iconic F1 racing cars that you need to experience.
[F1 2017 (Purchase)][33]
### 19. GRID Autosport
GRID is one of the most underrated car racing games available out there. GRID Autosport is the sequel to GRID 2\. The gameplay seems stunning to me. With even better cars than GRID 2, the GRID Autosport is a recommended racing game for every PC gamer out there. The game also supports a multiplayer mode where you can play with your friends representing as a team.
[GRID Autosport (Purchase)][34]
### Best Adventure Games
### 20\. ARK: Survival Evolved
ARK Survival Evolved is a quite decent survival game with exciting adventures following in the due course. You find yourself in the middle of nowhere (ARK Island) and have got no choice except training the dinosaurs, teaming up with other players, hunt someone to get the required resources, and craft items to maximize your chances to survive and escape the Island.
[ARK: Survival Evolved (Purchase)][35]
### 21\. This War of Mine
A unique game where you arent a soldier but a civilian facing the hardships of wartime. Youve to make your way through highly-skilled enemies and help out other survivors as well.
[This War of Mine (Purchase)][36]
### 22\. Mad Max
Mad Max is all about survival and brutality. It includes powerful cars, an open-world setting, weapons, and hand-to-hand combat. You need to keep exploring the place and also focus on upgrading your vehicle to prepare for the worst. You need to think carefully and have a strategy before you make a decision.
[Mad Max (Purchase)][37]
### Best Indie Games
### 23\. Terraria
It is a 2D game which has received overwhelmingly positive reviews on Steam. Dig, fight, explore, and build to keep your journey going. The environments are automatically generated. So, it isnt anything static. You might encounter something first and your friend might encounter the same after a while. Youll also get to experience creative 2D action-packed sequences.
[Terraria (Purchase)][38]
### 24\. Kingdoms and Castles
With Kingdoms and Castles, you get to build your own kingdom. You have to manage your kingdom by collecting tax (as funds necessary) from the people, take care of the forests, handle the city
design, and also make sure no one raids your kingdom by implementing proper defences.
It is a fairly new game but quite trending among the Indie genre of games.
[Kingdoms and Castles][39]
### Best Strategy Games on Steam For Linux Machines
### 25\. Sid Meiers Civilization V
Sid Meiers Civilization V is one of the best-rated strategy game available for PC. You could opt for Civilization VI if you want. But, the gamers still root for Sid Meiers Civilization V because of its originality and creative implementation.
[Civilization V (Purchase)][40]
### 26\. Total War: Warhammer
Total War: Warhammer is an incredible turn-based strategy game available for PC. Sadly, the Warhammer II isnt available for Linux as of yet. But 2016s Warhammer is still a great choice if you like real-time battles that involve building/destroying empires with flying creatures and magical powers.
[Warhammer I (Purchase)][41]
### 27\. Bomber Crew
Wanted a strategy simulation game thats equally fun to play? Bomber Crew is the answer to it. You need to choose the right crew and maintain it in order to win it all.
[Bomber Crew (Purchase)][42]
### 28\. Age of Wonders III
A very popular strategy title with a mixture of empire building, role playing, and warfare. A polished turn-based strategy game you must try!
[Age of Wonders III (Purchase)][43]
### 29\. Cities: Skylines
A pretty straightforward strategy game to build a city from scratch and manage everything in it. Youll experience the thrills and hardships of building and maintaining a city. I wouldnt expect every gamer to like this game it has a very specific userbase.
[Cities: Skylines (Purchase)][44]
### 30\. XCOM 2
XCOM 2 is one of the best turn-based strategy game available for PC. I wonder how crazy it could have been to have XCOM 2 as a first person shooter game. However, its still a masterpiece with an overwhelming response from almost everyone who bought the game. If you have the budget to spend more on this game, do get the “War of the Chosen” DLC.
[XCOM 2 (Purchase)][45]
### Wrapping Up
Among all the games available for Linux, we did include most of the major titles and some the latest games with an overwhelming response from the gamers.
Do you think we missed any of your favorite Linux game available on Steam? Also, what are the games that you would like to see on Steam for Linux platform?
Let us know your thoughts in the comments below.
--------------------------------------------------------------------------------
via: https://itsfoss.com/best-linux-games-steam/
作者:[Ankush Das][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://itsfoss.com/author/ankush/
[1]:https://itsfoss.com/author/ankush/
[2]:https://itsfoss.com/best-linux-games-steam/#comments
[3]:https://itsfoss.com/best-linux-games-steam/#action
[4]:https://itsfoss.com/best-linux-games-steam/#rpg
[5]:https://itsfoss.com/best-linux-games-steam/#racing
[6]:https://itsfoss.com/best-linux-games-steam/#adv
[7]:https://itsfoss.com/best-linux-games-steam/#indie
[8]:https://itsfoss.com/best-linux-games-steam/#strategy
[9]:https://itsfoss.com/linux-gaming-guide/
[10]:https://itsfoss.com/install-steam-ubuntu-linux/
[11]:https://www.humblebundle.com/?partner=itsfoss
[12]:https://www.humblebundle.com/store?partner=itsfoss
[13]:https://www.humblebundle.com/monthly?partner=itsfoss
[14]:https://itsfoss.com/linux-gaming-problems/
[15]:http://store.steampowered.com/app/730/CounterStrike_Global_Offensive/
[16]:http://store.steampowered.com/app/550/Left_4_Dead_2/
[17]:http://store.steampowered.com/app/49520/?snr=1_5_9__205
[18]:http://store.steampowered.com/app/222880/?snr=1_5_9__205
[19]:http://store.steampowered.com/agecheck/app/8870/
[20]:http://store.steampowered.com/app/236870/?snr=1_5_9__205
[21]:http://store.steampowered.com/app/620/?snr=1_5_9__205
[22]:http://store.steampowered.com/app/337000/?snr=1_5_9__205
[23]:http://store.steampowered.com/app/286690/?snr=1_5_9__205
[24]:http://store.steampowered.com/app/287390/?snr=1_5_9__205
[25]:http://store.steampowered.com/app/633460/?snr=1_5_9__205
[26]:http://store.steampowered.com/app/241930/?snr=1_5_9__205
[27]:http://store.steampowered.com/app/373420/?snr=1_5_9__205
[28]:http://store.steampowered.com/app/240760/?snr=1_5_9__205
[29]:http://store.steampowered.com/app/274520/?snr=1_5_9__205
[30]:http://store.steampowered.com/app/252950/?snr=1_5_9__205
[31]:http://store.steampowered.com/app/300380/?snr=1_5_9__205
[32]:http://store.steampowered.com/app/310560/?snr=1_5_9__205
[33]:http://store.steampowered.com/app/515220/?snr=1_5_9__205
[34]:http://store.steampowered.com/app/255220/?snr=1_5_9__205
[35]:http://store.steampowered.com/app/346110/?snr=1_5_9__205
[36]:http://store.steampowered.com/app/282070/?snr=1_5_9__205
[37]:http://store.steampowered.com/app/234140/?snr=1_5_9__205
[38]:http://store.steampowered.com/app/105600/?snr=1_5_9__205
[39]:http://store.steampowered.com/app/569480/?snr=1_5_9__205
[40]:http://store.steampowered.com/app/8930/?snr=1_5_9__205
[41]:http://store.steampowered.com/app/364360/?snr=1_5_9__205
[42]:http://store.steampowered.com/app/537800/?snr=1_5_9__205
[43]:http://store.steampowered.com/app/226840/?snr=1_5_9__205
[44]:http://store.steampowered.com/app/255710/?snr=1_5_9__205
[45]:http://store.steampowered.com/app/268500/?snr=1_5_9__205
[46]:https://www.facebook.com/share.php?u=https%3A%2F%2Fitsfoss.com%2Fbest-linux-games-steam%2F%3Futm_source%3Dfacebook%26utm_medium%3Dsocial%26utm_campaign%3DSocialWarfare
[47]:https://twitter.com/share?original_referer=/&text=30+Best+Linux+Games+On+Steam+You+Should+Play+in+2017&url=https://itsfoss.com/best-linux-games-steam/%3Futm_source%3Dtwitter%26utm_medium%3Dsocial%26utm_campaign%3DSocialWarfare&via=ankushdas9
[48]:https://plus.google.com/share?url=https%3A%2F%2Fitsfoss.com%2Fbest-linux-games-steam%2F%3Futm_source%3DgooglePlus%26utm_medium%3Dsocial%26utm_campaign%3DSocialWarfare
[49]:https://www.linkedin.com/cws/share?url=https%3A%2F%2Fitsfoss.com%2Fbest-linux-games-steam%2F%3Futm_source%3DlinkedIn%26utm_medium%3Dsocial%26utm_campaign%3DSocialWarfare
[50]:https://www.reddit.com/submit?url=https://itsfoss.com/best-linux-games-steam/&title=30+Best+Linux+Games+On+Steam+You+Should+Play+in+2017

167
translated/tech/20160922 A Linux users guide to Logical Volume Management.md Normal file
View File

@ -0,0 +1,167 @@
Linux 用户的逻辑卷管理指南
============================================================
![Logical Volume Management (LVM)](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/rh_003499_01_other11x_cc.png?itok=I_kCDYj0 "Logical Volume Management (LVM)")
Image by : opensource.com
管理磁盘空间对系统管理员来说是一件重要的日常工作。因为磁盘空间耗尽而去启动一系列的耗时而又复杂的任务,来提升磁盘分区中可用的磁盘空间。它会要求系统离线。通常会涉及到安装一个新的硬盘、引导至恢复模式或者单用户模式、在新硬盘上创建一个分区和一个文件系统、挂载到临时挂载点去从一个太小的文件系统中移动数据到较大的新位置、修改 /etc/fstab 文件内容去反映出新分区的正确设备名、以及重新引导去重新挂载新的文件系统到正确的挂载点。
我想告诉你的是,当 LVM (逻辑卷管理)首次出现在 Fedora Linux 中时,我是非常抗拒它的。我最初的反应是,我并不需要在我和我的设备之间有这种额外的抽象层。结果是我错了,逻辑卷管理是非常有用的。
LVM 让磁盘空间管理非常灵活。它提供的功能诸如在文件系统已挂载和活动时很可靠地增加磁盘空间到一个逻辑卷和它的文件系统中并且它允许你将多个物理磁盘和分区融合进一个可以分割成逻辑卷的单个卷组中。
卷管理也允许你去减少分配给一个逻辑卷的磁盘空间数量,但是,这里有两个要求,第一,卷必须是未挂载的。第二,在卷空间调整之前,文件系统本身的空间大小必须被减少。
有一个重要的提示是文件系统本身必须允许重新调整大小的操作。当重新提升文件系统大小的时候EXT2、3、和 4 文件系统都允许离线(未挂载状态)或者在线(挂载状态)重新调整大小。你应该去认真了解你打算去调整的文件系统的详细情况,去验证它们是否可以完全调整大小,尤其是否可以在线调整大小。
### 在使用中扩展一个文件系统
在我安装一个新的发行版到我的生产用机器中之前,我总是喜欢在一个 VirtualBox 虚拟机中运行这个新的发行版一段时间,以确保它没有任何的致命的问题存在。在几年前的一个早晨,我在我的主要使用的工作站上的虚拟机中安装一个新发行的 Fedora 版本。我认为我有足够的磁盘空间分配给安装虚拟机的主文件系统。但是我错了大约在第三个安装时我耗尽了我的文件系统的空间。幸运的是VirtualBox 检测到了磁盘空间不足的状态,并且暂停了虚拟机,然后显示了一个明确指出问题所在的错误信息。
请注意,这个问题并不是虚拟机磁盘太小造成的,而是由于宿主机上空间不足,导致虚拟机上的虚拟磁盘在宿主机上的逻辑卷中没有足够的空间去扩展。
因为许多现在的发行版都缺省使用了逻辑卷管理,并且在我的卷组中有一些可用的空余空间,我可以分配额外的磁盘空间到适当的逻辑卷,然后在使用中扩展宿主机的文件系统。这意味着我不需要去重新格式化整个硬盘,以及重新安装操作系统或者甚至是重启机器。我不过是分配了一些可用空间到适当的逻辑卷中,并且重新调整了文件系统的大小 — 所有的这些操作都在文件系统在线并且运行着程序的状态下进行的,虚拟机也一直使用着宿主机文件系统。在调整完逻辑卷和文件系统的大小之后,我恢复了虚拟机的运行,并且继续进行安装过程,就像什么问题都没有发生过一样。
虽然这种问题你可能从来也没有遇到过,但是,许多人都遇到过重要程序在运行过程中发生磁盘空间不足的问题。而且,虽然许多程序,尤其是 Windows 程序,并不像 VirtualBox 一样写的很好且富有弹性Linux 逻辑卷管理可以使它在不丢失数据的情况下去恢复,也不需要去进行耗时的安装过程。
### LVM 结构
逻辑卷管理的磁盘环境结构如下面的图 1 所示。逻辑卷管理允许多个单独的硬盘和/或磁盘分区组合成一个单个的卷组VG。卷组然后可以再划分为逻辑卷LV或者被用于分配成一个大的单一的卷。普通的文件系统如EXT3 或者 EXT4可以创建在一个逻辑卷上。
在图 1 中,两个完整的物理硬盘和一个第三块硬盘的一个分区组合成一个单个的卷组。在这个卷组中创建了两个逻辑卷,和一个文件系统,比如,可以在每个逻辑卷上创建一个 EXT3 或者 EXT4 的文件系统。
![lvm.png](https://opensource.com/sites/default/files/resize/images/life-uploads/lvm-520x222.png)
_图 1: LVM 允许组合分区和整个硬盘到卷组中_
在一个主机上增加磁盘空间是非常简单的,在我的经历中,这种事情是很少的。下面列出了基本的步骤。你也可以创建一个完整的新卷组或者增加新的空间到一个已存在的逻辑卷中,或者创建一个新的逻辑卷。
### 增加一个新的逻辑卷
有时候需要在主机上增加一个新的逻辑卷。例如,在被提示包含我的 VirtualBox 虚拟机的虚拟磁盘的 /home 文件系统被填满时,我决定去创建一个新的逻辑卷,用于去存储虚拟机数据,包含虚拟磁盘。这将在我的 /home 文件系统中释放大量的空间,并且也允许我去独立地管理虚拟机的磁盘空间。
增加一个新的逻辑卷的基本步骤如下:
1. 如有需要,安装一个新硬盘。
2. 可选 1 在硬盘上创建一个分区
3. 在硬盘上创建一个完整的物理卷PV或者一个分区。
4. 分配新的物理卷到一个已存在的卷组VG或者创建一个新的卷组。
5. 从卷空间中创建一个新的逻辑卷LV
6. 在新的逻辑卷中创建一个文件系统。
7. 在 /etc/fstab 中增加适当的条目以挂载文件系统。
8. 挂载文件系统。
为了更详细的介绍,接下来将使用一个示例作为一个实验去教授关于 Linux 文件系统的知识。
### 示例
这个示例展示了怎么用命令行去扩展一个已存在的卷组,并给它增加更多的空间,在那个空间上创建一个新的逻辑卷,然后在逻辑卷上创建一个文件系统。这个过程一直在运行和挂载的文件系统上执行。
警告:仅 EXT3 和 EXT4 文件系统可以在运行和挂载状态下调整大小。许多其它的文件系统,包括 BTRFS 和 ZFS 是不能这样做的。
### 安装硬盘
如果在系统中现有硬盘上的卷组中没有足够的空间去增加,那么可能需要去增加一块新的硬盘,然后去创建空间增加到逻辑卷中。首先,安装物理硬盘,然后,接着执行后面的步骤。
### 从硬盘上创建物理卷
首先需要去创建一个新的物理卷PV。使用下面的命令它假设新硬盘已经分配为 /dev/hdd。
```
pvcreate /dev/hdd
```
在新硬盘上创建一个任意分区并不是必需的。创建的物理卷将被逻辑卷管理器识别为一个新安装的未处理的磁盘或者一个类型为 83 的Linux 分区。如果你想去使用整个硬盘,创建一个分区并没有什么特别的好处,以及另外的物理卷部分的元数据所使用的磁盘空间。
### 扩展已存在的卷组
在这个示例中我将扩展一个已存在的卷组而不是创建一个新的你可以选择其它的方式。在物理磁盘已经创建之后扩展已存在的卷组VG去包含新 PV 的空间。在这个示例中已存在的卷组命名为MyVG01。
```
vgextend /dev/MyVG01 /dev/hdd
```
### 创建一个逻辑卷
首先,在卷组中从已存在的空余空间中创建逻辑卷。下面的命令创建了一个 50 GB 大小的 LV。这个卷组的名字为 MyVG01然后逻辑卷的名字为 Stuff。
```
lvcreate -L +50G --name Stuff MyVG01
```
### 创建文件系统
创建逻辑卷并不会创建文件系统。这个任务必须被单独执行。下面的命令在新创建的逻辑卷中创建了一个 EXT4 文件系统。
```
mkfs -t ext4 /dev/MyVG01/Stuff
```
### 增加一个文件系统卷标
增加一个文件系统卷标,更易于在文件系统以后出现问题时识别它。
```
e2label /dev/MyVG01/Stuff Stuff
```
### 挂载文件系统
在这个时候,你可以创建一个挂载点,并在 /etc/fstab 文件系统中添加合适的条目,以挂载文件系统。
你也可以去检查并校验创建的卷是否正确。你可以使用 **df**、**lvs**、和 **vgs** 命令去做这些工作。
### 提示
过去几年来,我学习了怎么去做让逻辑卷管理更加容易的一些知识,希望这些提示对你有价值。
* 除非你有一个明确的原因去使用其它的文件系统外,推荐使用可扩展的文件系统。除了 EXT2、3、和 4 外并不是所有的文件系统都支持调整大小。EXT 文件系统不但速度快,而且它很高效。在任何情况下,如果默认的参数不能满足你的需要,它们(指的是文件系统参数)可以通过一位知识丰富的系统管理员来调优它。
* 使用有意义的卷和卷组名字。
* 使用 EXT 文件系统标签
我知道,像我一样,大多数的系统管理员都抗拒逻辑卷管理。我希望这篇文章能够鼓励你至少去尝试一个 LVM。如果你能那样做我很高兴因为自从我使用它之后我的硬盘管理任务变得如此的简单。
### 关于作者
[![](https://opensource.com/sites/default/files/styles/profile_pictures/public/david-crop.jpg?itok=oePpOpyV)][10]
David Both - 是一位 Linux 和开源软件的倡导者,住在 Raleigh, North Carolina。他在 IT 行业工作了 40 多年,在 IBM 工作了 20 多年。在 IBM 期间,他在 1981 年为最初的 IBM PC 编写了第一个培训课程。他曾教授红帽的 RHCE 课程,并在 MCI Worldcom、Cisco和 North Carolina 工作。他已经使用 Linux 和开源软件工作了将近 20 年。... [more about David Both][7][More about me][8]
--------------------------------------------------------------------------------
via: https://opensource.com/business/16/9/linux-users-guide-lvm
作者:[David Both](a)
译者:[qhwdw](https://github.com/qhwdw)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://opensource.com/users/dboth
[1]:https://opensource.com/resources/what-is-linux?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent
[2]:https://opensource.com/resources/what-are-linux-containers?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent
[3]:https://developers.redhat.com/promotions/linux-cheatsheet/?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent
[4]:https://developers.redhat.com/cheat-sheet/advanced-linux-commands-cheatsheet?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent
[5]:https://opensource.com/tags/linux?intcmp=70160000000h1jYAAQ&utm_source=intcallout&utm_campaign=linuxcontent
[6]:https://opensource.com/business/16/9/linux-users-guide-lvm?rate=79vf1js7A7rlp-I96YFneopUQqsa2SuB-g-og7eiF1U
[7]:https://opensource.com/users/dboth
[8]:https://opensource.com/users/dboth
[9]:https://opensource.com/user/14106/feed
[10]:https://opensource.com/users/dboth
[11]:https://opensource.com/users/dboth
[12]:https://opensource.com/users/dboth
[13]:https://opensource.com/business/16/9/linux-users-guide-lvm#comments
[14]:https://opensource.com/tags/business
[15]:https://opensource.com/tags/linux
[16]:https://opensource.com/tags/how-tos-and-tutorials
[17]:https://opensource.com/tags/sysadmin

112
translated/tech/20170215 How to take screenshots on Linux using Scrot.md
View File

@ -1,41 +1,27 @@
如何在 Linux 系统里用 Scrot 截屏
============================================================
### 文章主要内容
1. [关于 Scrot][12]
2. [安装 Scrot][13]
3. [Scrot 的使用和特点][14]
1. [获取程序版本][1]
2. [抓取当前窗口][2]
3. [抓取选定窗口][3]
4. [在截屏时包含窗口边框][4]
5. [延时截屏][5]
6. [截屏前倒数][6]
7. [图片质量][7]
8. [生成缩略图][8]
9. [拼接多显示器截屏][9]
10. [在保存截图后执行操作][10]
11. [特殊字符串][11]
4. [结论][15]
最近,我们介绍过 [gnome-screenshot][17] 工具,这是一个很优秀的屏幕抓取工具。但如果你想找一个在命令行运行的更好用的截屏工具,你一定要试试 Scrot。这个工具有一些 gnome-screenshot 没有的独特功能。在这片文章里,我们会通过简单易懂的例子来详细介绍 Scrot。
最近,我们介绍过 [gnome-screenshot][17] 工具,这是一个很优秀的屏幕抓取工具。但如果你想找一个在命令行运行的更好用的截屏工具,你一定要试试 Scrot。这个工具有一些 gnome-screenshot 没有的独特功能。在这篇文章里,我们会通过简单易懂的例子来详细介绍 Scrot。
请注意一下,这篇文章里的所有例子都在 Ubuntu 16.04 LTS 上测试过,我们用的 scrot 版本是 0.8。
### 关于 Scrot
[Scrot][18] (**SCR**eensh**OT**) 是一个屏幕抓取工具,使用 imlib2 库来获取和保存图片。由 Tom Gilbert 用 C 语言开发完成,通过 BSD 协议授权。
[Scrot][18] **SCR**eensh**OT** 是一个屏幕抓取工具,使用 imlib2 库来获取和保存图片。由 Tom Gilbert 用 C 语言开发完成,通过 BSD 协议授权。
### 安装 Scrot
scort 工具可能在你的 Ubuntu 系统里预装了,不过如果没有的话,你可以用下面的命令安装:
```
sudo apt-get install scrot
```
安装完成后,你可以通过下面的命令来使用:
```
scrot [options] [filename]
```
**注意**:方括号里的参数是可选的。
@ -51,13 +37,17 @@ scrot [options] [filename]
默认情况下,抓取的截图会用带时间戳的文件名保存到当前目录下,不过你也可以在运行命令时指定截图文件名。比如:
```
scrot [image-name].png
```
### 获取程序版本
你想的话,可以用 -v 选项来查看 scrot 的版本。
你想的话,可以用 `-v` 选项来查看 scrot 的版本。
```
scrot -v
```
这是例子:
@ -67,10 +57,11 @@ scrot -v
### 抓取当前窗口
这个工具可以限制抓取当前的焦点窗口。这个功能可以通过 -u 选项打开。
这个工具可以限制抓取当前的焦点窗口。这个功能可以通过 `-u` 选项打开。
```
scrot -u
```
例如,这是我在命令行执行上边命令时的桌面:
[
@ -85,9 +76,11 @@ scrot -u
### 抓取选定窗口
这个工具还可以让你抓取任意用鼠标点击的窗口。这个功能可以用 -s 选项打开。
这个工具还可以让你抓取任意用鼠标点击的窗口。这个功能可以用 `-s` 选项打开。
```
scrot -s
```
例如,在下面的截图里你可以看到,我有两个互相重叠的终端窗口。我在上层的窗口里执行上面的命令。
@ -95,7 +88,7 @@ scrot -s
![选择窗口](https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/select1.png)
][23]
现在假如我想抓取下层的终端窗口。这样我只要在执行命令后点击窗口就可以了 - 在你用鼠标点击之前,命令的执行不会结束。
现在假如我想抓取下层的终端窗口。这样我只要在执行命令后点击窗口就可以了 —— 在你用鼠标点击之前,命令的执行不会结束。
这是我点击了下层终端窗口后的截图:
@ -107,9 +100,11 @@ scrot -s
### 在截屏时包含窗口边框
我们之前介绍的 -u 选项在截屏时不会包含窗口边框。不过,需要的话你也可以在截屏时包含窗口边框。这个功能可以通过 -b 选项打开(当然要和 -u 选项一起)。
我们之前介绍的 `-u` 选项在截屏时不会包含窗口边框。不过,需要的话你也可以在截屏时包含窗口边框。这个功能可以通过 `-b` 选项打开(当然要和 `-u` 选项一起)。
```
scrot -ub
```
下面是示例截图:
@ -121,11 +116,13 @@ scrot -ub
### 延时截屏
你可以在开始截屏时增加一点延时。需要在 --delay 或 -d 选项后设定一个时间值参数。
你可以在开始截屏时增加一点延时。需要在 `--delay``-d` 选项后设定一个时间值参数。
```
scrot --delay [NUM]
scrot --delay 5
```
例如:
@ -137,11 +134,13 @@ scrot --delay 5
### 截屏前倒数
这个工具也可以在你使用延时功能后显示一个倒计时。这个功能可以通过 -c 选项打开。
这个工具也可以在你使用延时功能后显示一个倒计时。这个功能可以通过 `-c` 选项打开。
```
scrot delay [NUM] -c
scrot -d 5 -c
```
下面是示例截图:
@ -153,11 +152,13 @@ scrot -d 5 -c
你可以使用这个工具来调整截图的图片质量,范围是 1-100 之间。较大的值意味着更大的文件大小以及更低的压缩率。默认值是 75不过最终效果根据选择的文件类型也会有一些差异。
这个功能可以通过 --quality 或 -q 选项打开,但是你必须提供一个 1-100 之间的数值作为参数。
这个功能可以通过 `--quality``-q` 选项打开,但是你必须提供一个 1 - 100 之间的数值作为参数。
```
scrot quality [NUM]
scrot quality 10
```
下面是示例截图:
@ -165,17 +166,19 @@ scrot quality 10
![截屏质量](https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/img-quality.jpg)
][28]
你可以看到,-q 选项的参数更靠近 1 让图片质量下降了很多。
你可以看到,`-q` 选项的参数更靠近 1 让图片质量下降了很多。
### 生成缩略图
scort 工具还可以生成截屏的缩略图。这个功能可以通过 --thumb 选项打开。这个选项也需要一个 NUM 数值作为参数,基本上是指定原图大小的百分比。
scort 工具还可以生成截屏的缩略图。这个功能可以通过 `--thumb` 选项打开。这个选项也需要一个 NUM 数值作为参数,基本上是指定原图大小的百分比。
```
scrot --thumb NUM
scrot --thumb 50
```
**注意**:加上 --thumb 选项也会同时保存原始截图文件。
**注意**:加上 `--thumb` 选项也会同时保存原始截图文件。
例如,下面是我测试的原始截图:
@ -191,9 +194,11 @@ scrot --thumb 50
### 拼接多显示器截屏
如果你的电脑接了多个显示设备,你可以用 scort 抓取并拼接这些显示设备的截图。这个功能可以通过 -m 选项打开。
如果你的电脑接了多个显示设备,你可以用 scort 抓取并拼接这些显示设备的截图。这个功能可以通过 `-m` 选项打开。
```
scrot -m
```
下面是示例截图:
@ -203,9 +208,11 @@ scrot -m
### 在保存截图后执行操作
使用这个工具,你可以在保存截图后执行各种操作 - 例如,用像 gThumb 这样的图片编辑器打开截图。这个功能可以通过 -e 选项打开。下面是例子:
使用这个工具,你可以在保存截图后执行各种操作 —— 例如,用像 gThumb 这样的图片编辑器打开截图。这个功能可以通过 `-e` 选项打开。下面是例子:
scrot abc.png -e gthumb abc.png
```
scrot abc.png -e 'gthumb abc.png'
```
这个命令里的 gthumb 是一个图片编辑器,上面的命令在执行后会自动打开。
@ -223,29 +230,33 @@ scrot abc.png -e gthumb abc.png
你可以看到 scrot 抓取了屏幕截图,然后再启动了 gThumb 图片编辑器打开刚才保存的截图图片。
如果你截图时没有指定文件名,截图将会用带有时间戳的文件名保存到当前目录 - 这是 scrot 的默认设定,我们前面已经说过。
如果你截图时没有指定文件名,截图将会用带有时间戳的文件名保存到当前目录 —— 这是 scrot 的默认设定,我们前面已经说过。
下面是一个使用默认名字并且加上 -e 选项来截图的例子:
下面是一个使用默认名字并且加上 `-e` 选项来截图的例子:
scrot -e gthumb $n
```
scrot -e 'gthumb $n'
```
[
![scrot 截屏后运行 gthumb](https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/exec3.png)
][34]
有个地方要注意的是 $n 是一个特殊字符串,用来获取当前截图的文件名。关于特殊字符串的更多细节,请继续看下个小节。
有个地方要注意的是 `$n` 是一个特殊字符串,用来获取当前截图的文件名。关于特殊字符串的更多细节,请继续看下个小节。
### 特殊字符串
scrot 的 -e或 --exec选项和文件名参数可以使用格式说明符。有两种类型格式。第一种是以 '%' 加字母组成,用来表示日期和时间,第二种以 '$' 开头scrot 内部使用。
scrot 的 `-e`(或 `--exec`)选项和文件名参数可以使用格式说明符。有两种类型格式。第一种是以 `%` 加字母组成,用来表示日期和时间,第二种以 `$` 开头scrot 内部使用。
下面介绍几个 --exec 和文件名参数接受的说明符。
下面介绍几个 `--exec` 和文件名参数接受的说明符。
**$f**  让你可以使用截图的全路径(包括文件名)。
`$f`  让你可以使用截图的全路径(包括文件名)。
例如
例如
```
scrot ashu.jpg -e mv $f ~/Pictures/Scrot/ashish/
```
下面是示例截图:
@ -253,17 +264,19 @@ scrot ashu.jpg -e mv $f ~/Pictures/Scrot/ashish/
![示例](https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/f.png)
][35]
如果你没有指定文件名scrot 默认会用日期格式的文件名保存截图。这个是 scrot 的默认文件名格式:%yy-%mm-%dd-%hhmmss_$wx$h_scrot.png。
如果你没有指定文件名scrot 默认会用日期格式的文件名保存截图。这个是 scrot 的默认文件名格式:`%yy-%mm-%dd-%hhmmss_$wx$h_scrot.png`
**$n**  提供截图文件名。下面是示例截图:
`$n`  提供截图文件名。下面是示例截图:
[
![scrot $n variable](https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/n.png)
][36]
**$s**  获取截图的文件大小。这个功能可以像下面这样使用。
`$s`  获取截图的文件大小。这个功能可以像下面这样使用。
```
scrot abc.jpg -e echo $s
```
下面是示例截图:
@ -271,22 +284,19 @@ scrot abc.jpg -e echo $s
![scrot $s 变量](https://www.howtoforge.com/images/how-to-take-screenshots-in-linux-with-scrot/s.png)
][37]
类似的,你也可以使用其他格式字符串 **$p**, **$w**, **$h**, **$t**, **$$** 以及 **\n** 来分别获取图片像素大小,图像宽度,图像高度,图像格式,输入 $ 字符,以及换行。你可以像上面介绍的 **$s** 格式那样使用这些字符串。
类似的,你也可以使用其他格式字符串 `$p`、`$w`、 `$h`、`$t`、`$$` 以及 `\n` 来分别获取图片像素大小、图像宽度、图像高度、图像格式、输入 `$` 字符、以及换行。你可以像上面介绍的 `$s` 格式那样使用这些字符串。
### 结论
这个应用能轻松地安装在 Ubuntu 系统上对初学者比较友好。scrot 也提供了一些高级功能,比如支持格式化字符串,方便专业用户用脚本处理。当然,如果你想用起来的话有一点轻微的学习曲线。
![](https://www.howtoforge.com/images/pdficon_small.png)
 [vie][16]
--------------------------------------------------------------------------------
via: https://www.howtoforge.com/tutorial/how-to-take-screenshots-in-linux-with-scrot/
作者:[Himanshu Arora][a]
译者:[zpl1025](https://github.com/zpl1025)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出

8
translated/tech/20170910 Cool vim feature sessions.md
View File

@ -1,5 +1,5 @@
vim 的酷功能:会话!
============================================================
============================================================
昨天我在编写我的[vimrc][5]的时候了解到一个很酷的 vim 功能!(主要为了添加 fzf 和 ripgrep 插件)。这是一个内置功能,不需要特别的插件。
@ -17,9 +17,7 @@ vim 的酷功能:会话!
一些 vim 插件给 vim 会话添加了额外的功能:
* [https://github.com/tpope/vim-obsession][1]
* [https://github.com/mhinz/vim-startify][2]
* [https://github.com/xolox/vim-session][3]
这是漫画:
@ -30,9 +28,9 @@ vim 的酷功能:会话!
via: https://jvns.ca/blog/2017/09/10/vim-sessions/
作者:[Julia Evans ][a]
作者:[Julia Evans][a]
译者:[geekpi](https://github.com/geekpi)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出

137
translated/tech/20171024 How to Encrypt and Decrypt Individual Files With GPG.md Normal file
View File

@ -0,0 +1,137 @@
如何使用 GPG 加解密文件
------
### 目标
使用 GPG 加密文件
### 发行版
适用于任何发行版
### 要求
安装了 GPG 的 Linux 或者拥有 root 权限来安装它。
### 难度
简单
### 约定
* # - 需要使用 root 权限来执行指定命令,可以直接使用 root 用户来执行也可以使用 sudo 命令
* $ - 可以使用普通用户来执行指定命令
### 介绍
加密非常重要。它对于保护敏感信息来说是必不可少的。
你的私人文件应该要被加密,而 GPG 提供了很好的解决方案。
### 安装 GPG
GPG 的使用非常广泛。你在几乎每个发行版的仓库中都能找到它。
如果你还没有安装它,那现在就来安装一下吧。
#### Debian/Ubuntu
```shell
$ sudo apt install gnupg
```
#### Fedora
```shell
# dnf install gnupg2
```
#### Arch
```shell
# pacman -S gnupg
```
#### Gentoo
```shell
# emerge --ask app-crypt/gnupg
```
### Create a Key
你需要一个密钥对来加解密文件。如果你为 SSH 已经生成过了密钥对,那么你可以直接使用它。
如果没有GPG 包含工具来生成密钥对。
```shell
$ gpg --full-generate-key
```
GPG 有一个命令行程序帮你一步一步的生成密钥。它还有一个简单得多的工具,但是这个工具不能让你设置密钥类型,密钥的长度以及过期时间,因此不推荐使用这个工具。
GPG 首先会询问你密钥的类型。没什么特别的话选择默认值就好。
下一步需要设置密钥长度。`4096` 是一个不错的选择。
之后,可以设置过期的日期。 如果希望密钥永不过期则设置为 `0`
然后,输入你的名称。
最后,输入电子邮件地址。
如果你需要的话,还能添加一个注释。
所有这些都完成后GPG 会让你校验一下这些信息。
GPG 还会问你是否需要为密钥设置密码。这一步是可选的, 但是会增加保护的程度。
若需要设置密码,则 GPG 会收集你的操作信息来增加密钥的健壮性。 所有这些都完成后, GPG 会显示密钥相关的信息。
### 加密的基本方法
现在你拥有了自己的密钥,加密文件非常简单。 使用虾米那命令在 `/tmp` 目录中创建一个空白文本文件。
```shell
$ touch /tmp/test.txt
```
然后用 GPG 来加密它。这里 `-e` 标志告诉 GPG 你想要加密文件, `-r` 标志指定接收者。
```shell
$ gpg -e -r "Your Name" /tmp/test.txt
```
GPG 需要知道这个文件的接收者和发送者。由于这个文件给是你的,因此无需指定发送者,而接收者就是你自己。
### 解密的基本方法
你收到加密文件后,就需要对它进行解密。 你无需指定解密用的密钥。 这个信息被编码在文件中。 GPG 会尝试用其中的密钥进行解密。
```shel
$ gpg -d /tmp/test.txt.gpg
```
### 发送文件
假设你需要发送文件给别人。你需要有接收者的公钥。 具体怎么获得密钥由你自己决定。 你可以让他们直接把公钥发送给你, 也可以通过密钥服务器来获取。
收到对方公钥后,导入公钥到 GPG 中。
```shell
$ gpg --import yourfriends.key
```
这些公钥与你自己创建的密钥一样,自带了名称和电子邮件地址的信息。
记住,为了让别人能解密你的文件,别人也需要你的公钥。 因此导出公钥并将之发送出去。
```shell
gpg --export -a "Your Name" > your.key
```
现在可以开始加密要发送的文件了。它跟之前的步骤差不多, 只是需要指定你自己为发送人。
```
$ gpg -e -u "Your Name" -r "Their Name" /tmp/test.txt
```
### 结语
就这样了。GPG 还有一些高级选项, 不过你在 99% 的时间内都不会用到这些高级选项。 GPG 就是这么易于使用。
你也可以使用创建的密钥对来发送和接受加密邮件,其步骤跟上面演示的差不多, 不过大多数的电子邮件客户端在拥有密钥的情况下会自动帮你做这个动作。
--------------------------------------------------------------------------------
via: https://linuxconfig.org/how-to-encrypt-and-decrypt-individual-files-with-gpg
作者:[Nick Congleton][a]
译者:[lujun9972](https://github.com/lujun9972)
校对:[校对者 ID](https://github.com/校对者 ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux 中国](https://linux.cn/) 荣誉推出
[a]:https://linuxconfig.org

59
translated/tech/20171118 Language engineering for great justice.md Normal file
View File

@ -0,0 +1,59 @@
ESR最合理的语言工程模式
============================================================
当你熟练掌握一体化工程技术时,你就会发现它逐渐超过了技术优化的层面。我们制作的每件手工艺品都在一个大环境背景下,在这个环境中,人类的行为逐渐突破了经济意义、社会学意义,达到了奥地利经济学家所称的“<ruby>人类行为学<rt>praxeology</rt></ruby>”,这是目的明确的人类行为所能达到的最大范围。
对我来说这并不只是抽象理论。当我在开源开发项目中编写论文时,我的行为就十分符合人类行为学的理论,这行为不是针对任何特定的软件技术或某个客观事物,它指的是在开发科技的过程中人类行为的背景环境。从人类行为学角度对科技进行的解读不断增加,大量的这种解读可以重塑科技框架,带来人类生产力和满足感的极大幅度增长,而这并不是由于我们换了工具,而是在于我们改变了掌握它们的方式。
在这个背景下,我的计划之外的文章系列的第三篇中谈到了 C 语言的衰退和正在到来的巨大改变,而我们也确实能够感受到系统编程的新时代的到来,在这个时刻,我决定把我之前有的大体的预感具象化为更加具体的、更实用的想法,它们主要是关于计算机语言设计的分析,例如为什么它们会成功,或为什么它们会失败。
在我最近的一篇文章中,我写道:所有计算机语言都是对机器资源的成本和程序员工作成本的相对权衡的结果,和对其相对价值的体现。这些都是在一个计算能力成本不断下降但程序员工作成本不减反增的背景下产生的。我还强调了转化成本在使原有交易主张适用于当下环境中的新增角色。在文中我将编程人员描述为一个寻找今后最适方案的探索者。
现在我要讲一讲最后一点。以现有水平为起点,一个语言工程师有极大可能通过多种方式推动语言设计的发展。通过什么系统呢? GC 还是人工分配?使用何种配置,命令式语言、函数程式语言或是面向对象语言?但是从人类行为学的角度来说,我认为它的形式会更简洁,也许只是选择解决长期问题还是短期问题?
所谓的“远”、“近”之分,是指硬件成本的逐渐降低,软件复杂程度的上升和由现有语言向其他语言转化的成本的增加,根据它们的变化曲线所做出的判断。短期问题指编程人员眼下发现的问题,长期问题指可预见的一系列情况,但它们一段时间内不会到来。针对近期问题所做出的部署需要非常及时且有效,但随着情况的变化,短期解决方案有可能很快就不适用了。而长期的解决方案可能因其过于超前而夭折,或因其代价过高无法被接受。
在计算机刚刚面世的时候, FORTRAN 是近期亟待解决的问题, LISP 是远期问题,汇编语言是短期解决方案。说明这种分类适用于非通用语言,还有 roff 标记语言。随着计算机技术的发展PHP 和 Javascript 逐渐参与到这场游戏中。至于长期的解决方案? Oberon、Ocaml、ML、XML-Docbook 都可以。 它们形成的激励机制带来了大量具有突破性和原创性的想法,事态蓬勃但未形成体系,那个时候距离专业语言的面世还很远,(值得注意的是这些想法的出现都是人类行为学中的因果,并非由于某种技术)。专业语言会失败,这是显而易见的,它的转入成本高昂,让大部分人望而却步,因此不能达到能够让主流群体接受的水平,被孤立,被搁置。这也是 LISP 不为人知的的过去,作为前 LISP 管理层人员,出于对它深深的爱,我为你们讲述了这段历史。
如果短期解决方案出现故障,它的后果更加惨不忍睹,最好的结果是期待一个相对体面的失败,好转换到另一个设计方案。(通常在转化成本较高时)如果他们执意继续,通常造成众多方案相互之间藕断丝连,形成一个不断扩张的复合体,一直维持到不能运转下去,变成一堆摇摇欲坠的杂物。是的,我说的就是 C++ 语言,还有 Java 描述语言,(唉)还有 Perl虽然 Larry Wall 的好品味成功地让他维持了很多年,问题一直没有爆发,但在 Perl 6 发行时,他的好品味最终引爆了整个问题。
这种思考角度激励了编程人员向着两个不同的目的重新塑造语言设计: 1以远近为轴在自身和预计的未来之间选取一个最适点然后2降低由一种或多种语言转化为自身语言的转入成本这样你就可以吸纳他们的用户群。接下来我会讲讲 C 语言是怎样占领全世界的。
在整个计算机发展史中,没有谁能比 C 语言完美地把握最适点的选取了,我要做的只是证明这一点,作为一种实用的主流语言, C 语言有着更长的寿命,它目睹了无数个竞争者的兴衰,但它的地位仍旧不可取代。从淘汰它的第一个竞争者到现在已经过了 35 年但看起来C语言的终结仍旧不会到来。
当然,如果你愿意的话,可以把 C 语言的持久存在归功于人类的文化惰性,但那是对“文化惰性”这个词的曲解, C 语言一直得以延续的真正原因是没有人提供足够的转化费用!
相反的, C 语言低廉的内部转化成本未得到应有的重视C 语言是如此的千变万化,从它漫长统治时期的初期开始,它就可以适用于多种语言如 FORTRAN、Pascal 、汇编语言和 LISP 的编程习惯。在二十世纪八十年代我就注意到我可以根据编程人员的编码风格判断出他的母语是什么这也从另一方面证明了C 语言的魅力能够吸引全世界的人使用它。
C++ 语言同样胜在它低廉的转化成本。很快,大部分新兴的语言为了降低自身转化成本,纷纷参考 C 语言语法。请注意这给未来的语言设计环境带来了什么影响:它尽可能地提高了类 C 语言的价值,以此来降低其他语言转化为 C 语言的转化成本。
另一种降低转入成本的方法十分简单,即使没接触过编程的人都能学会,但这种方法很难完成。我认为唯一使用了这种方法的 Python 就是靠这种方法进入了职业比赛。对这个方法我一带而过,是因为它并不是我希望看到的,顺利执行的系统语言战略,虽然我很希望它不是那样的。
今天我们在 2017 年底聚集在这里,下一项我们应该为某些暴躁的团体发声,如 Go 团队,但事实并非如此。 Go 这个项目漏洞百出我甚至可以想象出它失败的各种可能Go 团队太过固执独断,即使几乎整个用户群体都认为 Go 需要做出改变了Go 团队也无动于衷,这是个大问题。 一旦发生故障, GC 发生延迟或者用牺牲生产量来弥补延迟,但无论如何,它都会严重影响到这种语言的应用,大幅缩小这种语言的适用范围。
即便如此,在 Go 的设计中,还是有一个我颇为认同的远大战略目标,想要理解这个目标,我们需要回想一下如果想要取代 C 语言,要面临的短期问题是什么。同我之前提到的,随着项目计划的不断扩张,故障率也在持续上升,这其中内存管理方面的故障尤其多,而内存管理一直是崩溃漏洞和安全漏洞的高发领域。
我们现在已经知道了两件十分重要的紧急任务,要想取代 C 语言首先要先做到这两点1解决内存管理问题2降低由 C 语言向本语言转化时所需的转入成本。纵观编程语言的历史——从人类行为学的角度来看,作为 C 语言的准替代者,如果不能有效解决转入成本过高这个问题,那他们所做的其他部分做得再好都不算数。相反的,如果他们把转入成本过高这个问题解决地很好,即使他们其他部分做的不是最好的,人们也不会对他们吹毛求疵。
这正是 Go 的做法,但这个理论并不是完美无瑕的,它也有局限性。目前 GC 延迟限制了它的发展,但 Go 现在选择照搬 Unix 下 C 语言的传染战略,让自身语言变成易于转入,便于传播的语言,其繁殖速度甚至快于替代品。但从长远角度看,这并不是个好办法。
当然, Rust 语言的不足是个十分明显的问题我们不应当回避它。而它正将自己定位为适用于长远计划的选择。在之前的部分中我已经谈到了为什么我觉得它还不完美Rust 语言在 TIBOE 和PYPL 指数上的成就也证明了我的说法,在 TIBOE 上 Rust 从来没有进过前 20 名,在 PYPL 指数上它的成就也比 Go 差很多。
五年后 Rust 能发展的怎样还是个问题,如果他们愿意改变,我建议他们重视转入成本问题。以我个人经历来说,由 C 语言转入 Rust 语言的能量壁垒使人望而却步。如果编码提升工具比如 Corrode 只能把 C 语言映射为不稳定的 Rust 语言,但不能解决能量壁垒的问题;或者如果有更简单的方法能够自动注释所有权或试用期,人们也不再需要它们了——这些问题编译器就能够解决。目前我不知道怎样解决这个问题,但我觉得他们最好找出解决方案。
在最后我想强调一下,虽然在 Ken Thompson 的设计经历中,他看起来很少解决短期问题,但他对未来有着极大的包容性,并且这种包容性还在不断提升。当然 Unix 也是这样的, 它让我不禁暗自揣测,让我认为 Go 语言中令人不快的地方都其实是他们未来事业的基石(例如缺乏泛型)。如果要确认这件事是真假,我需要比 Ken 还要聪明,但这并不是一件容易让人相信的事情。
--------------------------------------------------------------------------------
via: http://esr.ibiblio.org/?p=7745
作者:[Eric Raymond][a]
译者:[Valoniakim](https://github.com/Valoniakim)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://esr.ibiblio.org/?author=2
[1]:http://esr.ibiblio.org/?author=2
[2]:http://esr.ibiblio.org/?p=7711&cpage=1#comment-1913931
[3]:http://esr.ibiblio.org/?p=7745

163
translated/tech/20171128 How To Tell If Your Linux Server Has Been Compromised.md Normal file
View File

@ -0,0 +1,163 @@
如何判断Linux服务器是否被入侵
--------------
本指南中所谓的服务器被入侵或者说被黑了的意思是指未经认证的人或程序为了自己的目的登录到服务器上去并使用其计算资源, 通常会产生不好的影响。
免责声明: 若你的服务器被类似NSA这样的国家机关或者某个犯罪集团如请那么你并不会发现有任何问题这些技术也无法发觉他们的存在。
然而, 大多数被攻破的服务器都是被类似自动攻击程序这样的程序或者类似“脚本小子”这样的廉价攻击者,以及蠢蛋犯罪所入侵的。
这类攻击者会在访问服务器的同时滥用服务器资源,并且不怎么会采取措施来隐藏他们正在做的事情。
### 入侵服务器的症状
当服务器被没有经验攻击者或者自动攻击程序入侵了的话他们往往会消耗100%的资源. 他们可能消耗CPU资源来进行数字货币的采矿或者发送垃圾邮件,也可能消耗带宽来发动 `DoS` 攻击。
因此出现问题的第一个表现就是服务器 “变慢了”. 这可能表现在网站的页面打开的很慢, 或者电子邮件要花很长时间才能发送出去。
那么你应该查看那些东西呢?
#### 检查 1 - 当前都有谁在登录?
你首先要查看当前都有谁登录在服务器上. 发现攻击者登录到服务器上进行操作并不罕见。
其对应的命令是 `w`. 运行 `w` 会输出如下结果:
```
08:32:55 up 98 days, 5:43, 2 users, load average: 0.05, 0.03, 0.00
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 113.174.161.1 08:26 0.00s 0.03s 0.02s ssh root@coopeaa12
root pts/1 78.31.109.1 08:26 0.00s 0.01s 0.00s w
```
第一个IP是英国IP而第二个IP是越南IP. 这个不是个好兆头。
停下来做个深呼吸, 不要紧只需要杀掉他们的SSH连接就好了. Unless you can stop then re-entering the server they will do so quickly and quite likely kick you off and stop you getting back in。
请参阅本文最后的 `入侵之后怎么办` 这一章节来看发现被入侵的证据后应该怎么办。
`whois` 命令可以接一个IP地址然后告诉你IP注册的组织的所有信息, 当然就包括所在国家的信息。
#### 检查 2 - 谁曾经登录过?
Linux 服务器会记录下哪些用户从哪个IP在什么时候登录的以及登陆了多长时间这些信息. 使用 `last` 命令可以查看这些信息。
输出类似这样:
```
root pts/1 78.31.109.1 Thu Nov 30 08:26 still logged in
root pts/0 113.174.161.1 Thu Nov 30 08:26 still logged in
root pts/1 78.31.109.1 Thu Nov 30 08:24 - 08:26 (00:01)
root pts/0 113.174.161.1 Wed Nov 29 12:34 - 12:52 (00:18)
root pts/0 14.176.196.1 Mon Nov 27 13:32 - 13:53 (00:21)
```
这里可以看到英国IP和越南IP交替出现, 而且最上面两个IP现在还处于登录状态. 如果你看到任何未经授权的IP那么请参阅最后章节。
登录历史记录会以文本格式记录到 `~/.bash_history`(注:这里作者应该写错了)中,因此很容易被删除。
通常攻击者会直接把这个文件删掉,以掩盖他们的攻击行为. 因此, 若你运行了 `last` 命令却只看得见你的当前登录,那么这就是个不妙的信号。
如果没有登录历史的话,请一定小心,继续留意入侵的其他线索。
#### 检查 3 - 回顾命令历史
这个层次的攻击者通常不会注意掩盖命令的历史记录,因此运行 `history` 命令会显示出他们曾经做过的所有事情。
一定留意有没有用 `wget``curl` 命令来下载类似垃圾邮件机器人或者挖矿程序之类的软件。
命令历史存储在 `~/.bash_history` 文件中,因此有些攻击者会删除该文件以掩盖他们的所作所为。
跟登录历史一样, 若你运行 `history` 命令却没有输出任何东西那就表示历史文件被删掉了. 这也是个不妙的信号,你需要很小心地检查一下服务器了。
#### 检查 4 - 哪些进程在消耗CPU?
你常遇到的这类攻击者通常不怎么会去掩盖他们做的事情. 他们会运行一些特别消耗CPU的进程. 这就很容易发着这些进程了. 只需要运行 `top` 然后看最前的那几个进程就行了。
这也能显示出那些未登录的攻击者来. 比如,可能有人在用未受保护的邮件脚本来发送垃圾邮件。
如果你最上面的进程对不了解那么你可以google一下进程名称,或者通过 `losf``strace` 来看看它做的事情是什么。
使用这些工具,第一步从 `top` 中拷贝出进程的 PID然后运行:
```shell
strace -p PID
```
这会显示出进程调用的所有系统调用. 它产生的内容会很多,但这些信息能告诉你这个进程在做什么。
```
lsof -p PID
```
这个程序会列出进程打开的文件. 通过查看它访问的文件可以很好的理解它在做的事情。
#### 检查 5 - 检查所有的系统进程
消耗CPU不严重的未认证进程可能不会在 `top` 中显露出来,不过它依然可以通过 `ps` 列出来. 命令 `ps auxf` 就能显示足够清晰的信息了。
你需要检查一下每个不认识的进程. 经常运行 `ps` (这是个好习惯) 能帮助你发现奇怪的进程。
#### 检查 6 - 检查进程的网络使用情况
`iftop` 的功能类似 `top`,他会显示一系列收发网络数据的进程以及他们的源地址和目的地址。
类似 `DoS` 攻击或垃圾制造器这样的进程很容易显示在列表的最顶端。
#### 检查 7 - 哪些进程在监听网络连接?
通常攻击者会安装一个后门程序专门监听网络端口接受指令. 该进程等待期间是不会消耗CPU和带宽的,因此也就不容易通过 `top` 之类的命令发现。
`lsof``netstat` 命令都会列出所有的联网进程. 我通常会让他们带上下面这些参数:
```
lsof -i
```
```
netstat -plunt
```
你需要留意那些处于 `LISTEN``ESTABLISHED` 状态的进程,这些进程要么正在等待连接(LISTEN),要么已经连接(ESTABLISHED)。
如果遇到不认识的进程,使用 `strace``lsof` 来看看它们在做什么东西。
### 被入侵之后该怎么办呢?
首先,不要紧张, 尤其当攻击者正处于登陆状态时更不能紧张. 你需要在攻击者警觉到你已经发现他之前夺回机器的控制权。
如果他发现你已经发觉到他了,那么他可能会锁死你不让你登陆服务器,然后开始毁尸灭迹。
如果你技术不太好那么就直接关机吧. 你可以在服务器上运行 `shutdown -h now` 或者 `systemctl poweroff` 这两条命令. 也可以登陆主机提供商的控制面板中关闭服务器。
关机后,你就可以开始配置防火墙或者咨询一下供应商的意见。
如果你对自己颇有自信,而你的主机提供商也有提供上游防火墙,那么你只需要以此创建并启用下面两条规则就行了:
1. 只允许从你的IP地址登陆SSH
2. 封禁除此之外的任何东西不仅仅是SSH还包括任何端口上的任何协议。
这样会立即关闭攻击者的SSH会话而只留下你访问服务器。
如果你无法访问上游防火墙,那么你就需要在服务器本身创建并启用这些防火墙策略,然后在防火墙规则起效后使用 `kill` 命令关闭攻击者的ssh会话。
最后还有一种方法, 就是通过诸如串行控制台之类的带外连接登陆服务器,然后通过 `systemctl stop network.service` 停止网络功能。
这会关闭所有服务器上的网络连接,这样你就可以慢慢的配置那些防火墙规则了。
重夺服务器的控制权后,也不要以为就万事大吉了。
不要试着修复这台服务器,让后接着用. 你永远不知道攻击者做过什么因此你也永远无法保证这台服务器还是安全的。
最好的方法就是拷贝出所有的资料,然后重装系统。
--------------------------------------------------------------------------------
via: https://bash-prompt.net/guides/server-hacked/
作者:[Elliot Cooper][a]
译者:[lujun9972](https://github.com/lujun9972)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://bash-prompt.net

92
translated/tech/20171129 5 best practices for getting started with DevOps.md Normal file
View File

@ -0,0 +1,92 @@
5 个最佳实践开始你的 DevOps 之旅
============================================================
### 想要实现 DevOps 但是不知道如何开始吗?试试这 5 个最佳实践吧。
![5 best practices for getting started with DevOps](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/devops-gears.png?itok=rUejbLQX "5 best practices for getting started with DevOps")
Image by : [Andrew Magill][8]. Modified by Opensource.com. [CC BY 4.0][9]
想要采用 DevOps 的人通常会过早的被它的歧义性给吓跑,更不要说更加深入的使用了。当一些人开始使用 DevOps 的时候都会问:“如何开始使用呢?”,”怎么才算使用了呢?“。这 5 个最佳实践是很好的路线图来指导你的 DevOps 之旅。
### 1\. 衡量所有的事情
除非你能量化输出结果,否则你并不能确认你的努力能否使事情变得更好。新功能能否快速的输出给客户?有更少的漏洞泄漏给他们吗?出错了能快速应对和恢复吗?
在你开始做任何修改之前,思考一下你切换到 DevOps 之后想要一些什么样的输出。随着你的 DevOps 之旅,将享受到服务的所有内容的丰富的实时报告,从这两个指标考虑一下:
* **上架时间** 衡量端到端,通常是面向客户的业务经验。这通常从一个功能被正式提出而开始,客户在产品中开始使用这个功能而结束。上架时间不是团队的主要指标;更加重要的是,当开发出一个有价值的新功能时,它表明了你完成业务的效率,为系统改进提供了一个机会。
* **时间周期** 衡量工程团队的进度。从开始开发一个新功能开始,到在产品中运行需要多久?这个指标对于你理解团队的效率是非常有用的,为团队等级的提升提供了一个机会。
### 2\. 放飞你的流程
DevOps 的成功需要团队布置一个定期流程并且持续提升它。这不总是有效的,但是必须是一个定期(希望有效)的流程。通常它有一些敏捷开发的味道,就像 Scrum 或者 Scrumban 一样;一些时候它也像精益开发。不论你用的什么方法,挑选一个正式的流程,开始使用它,并且做好这些基础。
定期检查和调整流程是 DevOps 成功的关键,抓住相关演示,团队回顾,每日会议的机会来提升你的流程。
DevOps 的成功取决于大家一起有效的工作。团队的成员需要在一个有权改进的公共流程中工作。他们也需要定期找机会分享从这个流程中上游或下游的其他人那里学到的东西。
随着你构建成功。好的流程规范能帮助你的团队以很快的速度体会到 DevOps 其他的好处
尽管更多面向开发的团队采用 Scrum 是常见的,但是以运营为中心的团队(或者其他中断驱动的团队)可能选用一个更短期的流程,例如 Kanban。
### 3\. 可视化工作流程
这是很强大的,能够看到哪个人在给定的时间做哪一部分工作,可视化你的工作流程能帮助大家知道接下来应该做什么,流程中有多少工作以及流程中的瓶颈在哪里。
在你看到和衡量之前你并不能有效的限制流程中的工作。同样的,你也不能有效的排除瓶颈直到你清楚的看到它。
全部工作可视化能帮助团队中的成员了解他们在整个工作中的贡献。这样可以促进跨组织边界的关系建设,帮助您的团队更有效地协作,实现共同的成就感。
### 4\. 持续化所有的事情
DevOps 应该是强制自动化的。然而罗马不是一日建成的。你应该注意的第一个事情应该是努力的持续集成CI但是不要停留到这里紧接着的是持续交付CD以及最终的持续部署。
持续部署的过程中是个注入自动测试的好时机。这个时候新代码刚被提交,你的持续部署应该运行测试代码来测试你的代码和构建成功的加工品。这个加工品经受流程的考验被产出直到最终被客户看到。
另一个“持续”是不太引人注意的持续改进。一个简单的场景是每天询问你旁边的同事:“今天做些什么能使工作变得更好?”,随着时间的推移,这些日常的小改进融合到一起会引起很大的结果,你将很惊喜!但是这也会让人一直思考着如何改进。
### 5\. Gherkinize
促进组织间更有效的沟通对于成功的 DevOps 的系统思想至关重要。在程序员和业务员之间直接使用共享语言来描述新功能的需求文档对于沟通是个好办法。一个好的产品经理能在一天内学会 [Gherkin][12] 然后使用它构造出明确的英语来描述需求文档,工程师会使用 Gherkin 描述的需求文档来写功能测试,之后开发功能代码直到代码通过测试。这是一个简化的 [验收测试驱动开发][13](ATDD),这样就开始了你的 DevOps 文化和开发实践。
### 开始你旅程
不要自馁哦。希望这五个想法给你坚实的入门方法。
### 关于作者
[![](https://opensource.com/sites/default/files/styles/profile_pictures/public/pictures/headshot_4.jpg?itok=jntfDCfX)][14]
Magnus Hedemark - Magnus 在IT行业已有20多年并且一直热衷于技术。他目前是 nitedHealth Group 的 DevOps 工程师。在业余时间Magnus 喜欢摄影和划独木舟。
--------------------------------------------------------------------------------
via: https://opensource.com/article/17/11/5-keys-get-started-devops
作者:[Magnus Hedemark ][a]
译者:[aiwhj](https://github.com/aiwhj)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://opensource.com/users/magnus919
[1]:https://opensource.com/tags/devops?src=devops_resource_menu1
[2]:https://opensource.com/resources/devops?src=devops_resource_menu2
[3]:https://www.openshift.com/promotions/devops-with-openshift.html?intcmp=7016000000127cYAAQ&src=devops_resource_menu3
[4]:https://enterprisersproject.com/article/2017/5/9-key-phrases-devops?intcmp=7016000000127cYAAQ&src=devops_resource_menu4
[5]:https://www.redhat.com/en/insights/devops?intcmp=7016000000127cYAAQ&src=devops_resource_menu5
[6]:https://opensource.com/article/17/11/5-keys-get-started-devops?rate=oEOzMXx1ghbkfl2a5ae6AnvO88iZ3wzkk53K2CzbDWI
[7]:https://opensource.com/user/25739/feed
[8]:https://ccsearch.creativecommons.org/image/detail/7qRx_yrcN5isTMS0u9iKMA==
[9]:https://creativecommons.org/licenses/by-sa/4.0/
[10]:https://martinfowler.com/articles/continuousIntegration.html
[11]:https://martinfowler.com/bliki/ContinuousDelivery.html
[12]:https://cucumber.io/docs/reference
[13]:https://en.wikipedia.org/wiki/Acceptance_test%E2%80%93driven_development
[14]:https://opensource.com/users/magnus919
[15]:https://opensource.com/users/magnus919
[16]:https://opensource.com/users/magnus919
[17]:https://opensource.com/tags/devops

142
translated/tech/20171130 Wake up and Shut Down Linux Automatically.md Normal file
View File

@ -0,0 +1,142 @@
自动唤醒和关闭 Linux
=====================
### [banner.jpg][1]
![timekeeper](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/banner.jpg?itok=zItspoSb)
了解如何通过配置 Linux 计算机来查看时间,并实现自动唤醒和关闭 Linux
[Creative Commons Attribution][6][The Observatory at Delhi][7]
不要成为一个电能浪费者。如果你的电脑不需要开机就请把它们关机。出于方便和计算机宅的考虑,你可以通过配置你的 Linux 计算机实现自动唤醒和关闭 Linux 。
### 系统运行时间
有时候有些电脑需要一直处在开机状态,在不超过电脑运行时间的限制下这种情况是被允许的。有些人为他们的计算机可以长时间的正常运行而感到自豪,且现在我们有内核热补丁能够实现只有在硬件发生故障时才允许机器关机。我认为比较实际可行的是能够在机器需要节省电能以及在移动硬件发生磨损的情况下,且在不需要机器运行的情况下将其关机。比如,你可以在规定的时间内唤醒备份服务器,执行备份,然后关闭它直到它要进行下一次备份。或者,你可以设置你的 Internet 网关只在特定的时间运行。任何不需要一直运行的东西都可以将其配置成在其需要工作的时候打开,待其完成工作后将其关闭。
### 系统休眠
对于不需要一直运行的电脑,使用 root 的 cron 定时任务或者 `/etc/crontab` 文件 可以可靠地关闭电脑。这个例子创建一个 root 定时任务实现每天下午 11点15分 定时关机。
```
# crontab -e -u root
# m h dom mon dow command
15 23 * * * /sbin/shutdown -h now
```
以下示例仅在周一至周五运行:
```
15 23 * * 1-5 /sbin/shutdown -h now
```
您可以为不同的日期和时间创建多个cron作业。 通过命令 ``man 5 crontab`` 可以了解所有时间和日期的字段。
一个快速、容易的方式是,使用 `/etc/crontab ` 文件。但这样你必须指定用户:
```
15 23 * * 1-5 root shutdown -h now
```
### 自动唤醒
实现自动唤醒是一件很酷的事情; 我大多数使用 SUSE SUSE Linux的同事都在纽伦堡因此因此为了跟同事能有几小时一起工作的时间我不得不需要在凌晨五点起床。我的计算机早上 5点半自动开始工作而我只需要将自己和咖啡拖到我的桌子上就可以开始工作了。按下电源按钮看起来好像并不是什么大事但是在每天的那个时候每件小事都会变得很大。
唤醒 Linux 计算机可能不比关闭它稳当因此你可能需要尝试不同的办法。你可以使用远程唤醒Wake-On-LAN、RTC 唤醒或者个人电脑的 BIOS 设置预定的唤醒这些方式。做这些工作的原因是,当你关闭电脑时,这并不是真正关闭了计算机;此时计算机处在极低功耗状态且还可以接受和响应信号。你需要拔掉电源开关将其彻底关闭。
### BIOS 唤醒
BIOS 唤醒是最可靠的。我的系统主板 BIOS 有一个易于使用的唤醒调度程序。(Figure 1). Chances are yours does, too. Easy peasy.
### [fig-1.png][2]
![wakeup](https://www.linux.com/sites/lcom/files/styles/floated_images/public/fig-1_11.png?itok=8qAeqo1I)
Figure 1: My system BIOS has an easy-to-use wakeup scheduler.
[Used with permission][8]
### 主机远程唤醒Wake-On-LAN
远程唤醒是仅次于 BIOS 唤醒的又一种可靠的唤醒方法。这需要你从第二台计算机发送信号到所要打开的计算机。可以使用 Arduino 或 树莓派Raspberry Pi 发送基于 Linux 的路由器或者任何 Linux 计算机的唤醒信号。首先,查看系统主板 BIOS 是否支持 Wake-On-LAN ,要是支持的话,必须先启动它,因为它被默认为禁用。
然后,需要一个支持 Wake-On-LAN 的网卡;无线网卡并不支持。你需要运行 `ethtool` 命令查看网卡是否支持 Wake-On-LAN
```
# ethtool eth0 | grep -i wake-on
Supports Wake-on: pumbg
Wake-on: g
```
这条命令输出的 Supports Wake-on 字段会告诉你你的网卡现在开启了哪些功能:
   
* d -- 禁用
* p -- 物理活动唤醒
* u -- 单播消息唤醒
* m -- 多播(组播)消息唤醒
* b -- 广播消息唤醒
* a -- ARP(Address Resolution Protocol) 唤醒
* g -- magic packet 唤醒
* s -- 设有密码的 magic packet 唤醒
man ethtool 命令并没说清楚 p 选项的作用;这表明任何信号都会导致唤醒。然而,在我的测试中它并没有这么做。想要实现远程唤醒主机,必须支持的功能是 `g -- magic packet` 唤醒,而且显示这个功能已经在启用了。如果它没有被启用,你可以通过 `ethtool` 命令来启用它。
```
# ethtool -s eth0 wol g
```
这条命令可能会在重启后失效,所以为了确保万无一失,你可以创建个 root 用户的定时任务cron在每次重启的时候来执行这条命令。
```
@reboot /usr/bin/ethtool -s eth0 wol g
```
### [fig-2.png][3]
![wakeonlan](https://www.linux.com/sites/lcom/files/styles/floated_images/public/fig-2_7.png?itok=XQAwmHoQ)
Figure 2: Enable Wake on LAN.
[Used with permission][9]
另一个选择是最近的网络管理器版本有一个很好的小复选框来启用 Wake-On-LAN图2
这里有一个可以用于设置密码的地方,但是如果你的网络接口不支持安全密码,它就不起作用。
现在你需要配置第二台计算机来发送唤醒信号。你并不需要 root 权限,所以你可以为你的用户创建 cron 任务。你需要用到的是想要唤醒的机器的网络接口和MAC地址信息。
```
30 08 * * * /usr/bin/wakeonlan D0:50:99:82:E7:2B
```
### RTC 唤醒RTC Alarm Clock
通过使用实时闹钟来唤醒计算机是最不可靠的方法。对于这个方法,可以参看 [Wake Up Linux With an RTC Alarm Clock][4] ;对于现在的大多数发行版来说这种方法已经有点过时了。
下周继续了解更多关于使用RTC唤醒的方法。
通过 Linux 基金会和 edX 可以学习更多关于 Linux 的免费 [ Linux 入门][5]教程。
--------------------------------------------------------------------------------
via:https://www.linux.com/learn/intro-to-linux/2017/11/wake-and-shut-down-linux-automatically
作者:[Carla Schroder]
译者:[译者ID](https://github.com/HardworkFish)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[1]:https://www.linux.com/files/images/bannerjpg
[2]:https://www.linux.com/files/images/fig-1png-11
[3]:https://www.linux.com/files/images/fig-2png-7
[4]:https://www.linux.com/learn/wake-linux-rtc-alarm-clock
[5]:https://training.linuxfoundation.org/linux-courses/system-administration-training/introduction-to-linux
[6]:https://www.linux.com/licenses/category/creative-commons-attribution
[7]:http://www.columbia.edu/itc/mealac/pritchett/00routesdata/1700_1799/jaipur/delhijantarearly/delhijantarearly.html
[8]:https://www.linux.com/licenses/category/used-permission
[9]:https://www.linux.com/licenses/category/used-permission