Merge pull request #16 from LCTT/master

Update Repo
This commit is contained in:
joeren 2015-06-17 08:00:04 +08:00
commit bc0f8a7d89
13 changed files with 987 additions and 247 deletions

View File

@ -1,14 +1,15 @@
在Apache中使用Mod_Security和Mod_evasive来抵御暴力破解和DDos攻击 在Apache中使用mod\_security和mod\_evasive来抵御暴力破解和DDos攻击
================================================================================ ================================================================================
对于那些托管主机或者需要将您的主机暴露在因特网中的人来说,保证您的系统在面对攻击时安全是一个重要的事情。
mod_security一个开源的可以无缝接入Web服务器的用于Web应用入侵检测和防护的引擎和mod_evasive是两个在服务器端对抗暴力破解和(D)Dos攻击的非常重要的工具 对于那些需要在因特网上提供服务或托管主机的人来说,保证您的系统在面对攻击时的安全是一个重要的事情
mod_evasive如它的名字一样在受攻击时提供避实就虚的功能它像一个雨伞一样保护Web服务器免受那些威胁。 mod\_security一个开源的用于Web应用入侵检测及防护的引擎可以无缝地集成到Web服务器和mod\_evasive是两个在服务器端对抗暴力破解和(D)Dos攻击的非常重要的工具。
mod\_evasive如它的名字一样在受攻击时提供避实就虚的功能它像一个雨伞一样保护Web服务器免受那些威胁。
![](http://www.tecmint.com/wp-content/uploads/2012/06/Install-Mod_Security-Mod_evasive-in-CentOS.jpg) ![](http://www.tecmint.com/wp-content/uploads/2012/06/Install-Mod_Security-Mod_evasive-in-CentOS.jpg)
安装Mod_Security和Mod_Evasive来保护Apache *安装mod\_security和mod\_evasive来保护Apache*
在这篇文章中我们将讨论如何安装、配置以及在RHEL/CentOS6、7和Fedora 21-15上将它们整合到Apache。另外我们会模拟攻击以便验证服务器做出了正确的反应。 在这篇文章中我们将讨论如何安装、配置以及在RHEL/CentOS6、7和Fedora 21-15上将它们整合到Apache。另外我们会模拟攻击以便验证服务器做出了正确的反应。
@ -16,91 +17,77 @@ mod_evasive如它的名字一样在受攻击时提供避实就虚的功能
- [在RHEL/CentOS 7中安装LAMP][1] - [在RHEL/CentOS 7中安装LAMP][1]
如果您在运行RHEL/CentOS 7或Fedora 21您还需要安装iptables作为默认[防火墙][2]前端以取代firewalld。这样做是为了在RHEL/CentOS 7或Fedora 21中使用同样的工具。 LCTT 译注本文有修改。原文为了在RHEL/CentOS 7或Fedora 21中使用同样的工具而删除了自带的 firewalld使用了旧式的iptables。译者以为这样并不恰当因此译文中做了相应删节并增加了firewalld的相应脚本。
### 步骤 1: 在RHEL/CentOS 7和Fedora 21上安装Iptables防火墙 ### ### 步骤 1: 安装mod\_security和mod\_evasive ###
用下面的命令停止和禁用firewalld
# systemctl stop firewalld
# systemctl disable firewalld
![](http://www.tecmint.com/wp-content/uploads/2012/06/Disable-Firewalld-Service.png)
禁用firewalld服务
接下来在使能iptables之前安装iptables-services包
# yum update && yum install iptables-services
# systemctl enable iptables
# systemctl start iptables
# systemctl status iptables
![](http://www.tecmint.com/wp-content/uploads/2012/06/Install-Iptables-Firewall.png)
安装Iptables防火墙
### 步骤 2: 安装Mod_Security和Mod_evasive ###
另外在安装LAMP后您还需要在RHEL/CentOS 7/6中[开启EPEL仓库][3]来安装这两个包。Fedora用户不需要开启这个仓库因为epel已经是Fedora项目的一部分了。 另外在安装LAMP后您还需要在RHEL/CentOS 7/6中[开启EPEL仓库][3]来安装这两个包。Fedora用户不需要开启这个仓库因为epel已经是Fedora项目的一部分了。
# yum update && yum install mod_security mod_evasive # yum update && yum install mod_security mod_evasive
当安装结束后,您会在/etc/httpd/conf.d下找到两个工具的配置文件。 当安装结束后,您会在/etc/httpd/conf.d下找到这两个工具的配置文件。
# ls -l /etc/httpd/conf.d # ls -l /etc/httpd/conf.d
![](http://www.tecmint.com/wp-content/uploads/2012/06/mod_security-mod_evasive-Configurations.png) ![](http://www.tecmint.com/wp-content/uploads/2012/06/mod_security-mod_evasive-Configurations.png)
mod_security + mod_evasive 配置文件
现在为了整合这两个模块到Apache并在启动时加载它们。请确保下面几行出现在mod_evasive.conf和mod_security.conf的顶层部分它们分别为 *mod\_security + mod\_evasive 配置文件*
现在为了整合这两个模块到Apache并在启动时加载它们。请确保下面几行出现在mod\_evasive.conf和mod\_security.conf的顶层部分它们分别为
LoadModule evasive20_module modules/mod_evasive24.so LoadModule evasive20_module modules/mod_evasive24.so
LoadModule security2_module modules/mod_security2.so LoadModule security2_module modules/mod_security2.so
请注意modules/mod_security2.so和modules/mod_evasive24.so都是从/etc/httpd到模块源文件的相对路径。您可以通过列出/etc/httpd/modules的内容来验证如果需要的话修改它 请注意modules/mod\_security2.so和modules/mod\_evasive24.so都是从/etc/httpd到模块源文件的相对路径。您可以通过列出/etc/httpd/modules的内容来验证如果需要的话修改它
# cd /etc/httpd/modules # cd /etc/httpd/modules
# pwd # pwd
# ls -l | grep -Ei '(evasive|security)' # ls -l | grep -Ei '(evasive|security)'
![](http://www.tecmint.com/wp-content/uploads/2012/06/Verify-mod_security-mod_evasive-Modules.png) ![](http://www.tecmint.com/wp-content/uploads/2012/06/Verify-mod_security-mod_evasive-Modules.png)
验证mod_security + mod_evasive模块
接下来重启Apache并且核实它已加载了mod_evasive和mod_security *验证mod\_security + mod\_evasive模块*
接下来重启Apache并且核实它已加载了mod\_evasive和mod\_security
# service httpd restart [在RHEL/CentOS 6和Fedora 20-18上] # service httpd restart [在RHEL/CentOS 6和Fedora 20-18上]
# systemctl restart httpd [在RHEL/CentOS 7和Fedora 21上] # systemctl restart httpd [在RHEL/CentOS 7和Fedora 21上]
---------- ----------
[输出已加载的静态模块和动态模块列表] # httpd -M | grep -Ei '(evasive|security)' [输出已加载的静态模块和动态模块列表]
# httpd -M | grep -Ei '(evasive|security)'
![](http://www.tecmint.com/wp-content/uploads/2012/06/Check-mod_security-mod_evasive-Loaded.png) ![](http://www.tecmint.com/wp-content/uploads/2012/06/Check-mod_security-mod_evasive-Loaded.png)
检查mod_security + mod_evasive模块已加载
### 步骤 3: 安装一个核心规则集并且配置Mod_Security ### *检查mod\_security + mod\_evasive模块已加载*
简单来说一个核心规则集即CRS为web服务器提供特定状况下如何反应的指令。mod_security的开发者们提供了一个免费的CRS叫做OWASP[开放Web应用安全项目]ModSecurity CRS可以从下面的地址下载和安装。 ### 步骤 2: 安装一个核心规则集并且配置mod\_security ###
1. 下载OWASP CRS到为之创建的目录 简单来说一个核心规则集即CRS为web服务器提供特定状况下如何反应的指令。mod\_security的开发者们提供了一个免费的CRS叫做OWASP[开放Web应用安全项目]ModSecurity CRS可以从下面的地址下载和安装。
# mkdir /etc/httpd/crs-tecmint ####下载OWASP CRS到为之创建的目录####
# cd /etc/httpd/crs-tecmint
# mkdir /etc/httpd/crs-tecmint
# cd /etc/httpd/crs-tecmint
# wget https://github.com/SpiderLabs/owasp-modsecurity-crs/tarball/master # wget https://github.com/SpiderLabs/owasp-modsecurity-crs/tarball/master
![](http://www.tecmint.com/wp-content/uploads/2012/06/Download-mod_security-Core-Rules.png) ![](http://www.tecmint.com/wp-content/uploads/2012/06/Download-mod_security-Core-Rules.png)
下载mod_security核心规则
2. 解压CRS文件并修改文件夹名称 *下载mod\_security核心规则*
#### 解压CRS文件并修改文件夹名称####
# tar xzf master # tar xzf master
# mv SpiderLabs-owasp-modsecurity-crs-ebe8790 owasp-modsecurity-crs # mv SpiderLabs-owasp-modsecurity-crs-ebe8790 owasp-modsecurity-crs
![](http://www.tecmint.com/wp-content/uploads/2012/06/Extract-mod_security-Core-Rules.png)
解压mod_security核心规则
3. 现在是时候配置mod_security了。将同样的规则文件owasp-modsecurity-crs/modsecurity_crs_10_setup.conf.example拷贝至另一个没有.example扩展的文件。 ![](http://www.tecmint.com/wp-content/uploads/2012/06/Extract-mod_security-Core-Rules.png)
*解压mod\_security核心规则*
####现在是时候配置mod\_security了####
将示例的规则文件owasp-modsecurity-crs/modsecurity_crs_10_setup.conf.example拷贝为同名的配置文件。
# cp modsecurity_crs_10_setup.conf.example modsecurity_crs_10_setup.conf # cp modsecurity_crs_10_setup.conf.example modsecurity_crs_10_setup.conf
@ -111,7 +98,7 @@ mod_security + mod_evasive 配置文件
Include crs-tecmint/owasp-modsecurity-crs/base_rules/*.conf Include crs-tecmint/owasp-modsecurity-crs/base_rules/*.conf
</IfModule> </IfModule>
最后,建议您在/etc/httpd/modsecurity.d目录下创建自己的配置文件在那里我们可以用我们自定义的文件夹接下来的示例中我们会将其命名为tecmint.conf而无需修改CRS文件的目录。这样做能够在CRSs发布新版本时更加容易的升级。 最后,建议您在/etc/httpd/modsecurity.d目录下创建自己的配置文件在那里我们可以用我们自定义的文件夹接下来的示例中我们会将其命名为tecmint.conf而无需修改CRS文件的目录。这样做能够在CRS发布新版本时更加容易的升级。
<IfModule mod_security2.c> <IfModule mod_security2.c>
SecRuleEngine On SecRuleEngine On
@ -121,13 +108,13 @@ mod_security + mod_evasive 配置文件
SecDataDir /tmp SecDataDir /tmp
</IfModule> </IfModule>
您可以在[SpiderLabs的ModSecurity GitHub][5]仓库中参考关于mod_security目录的更完整的解释。 您可以在[SpiderLabs的ModSecurity GitHub][5]仓库中参考关于mod\_security目录的更完整的解释。
### 步骤 4: 配置Mod_Evasive ### ### 步骤 3: 配置mod\_evasive ###
mod_evasive被配置为使用/etc/httpd/conf.d/mod_evasive.conf中的指令。与mod_security不同由于在包升级时没有规则来更新因此我们不需要独立的文件来添加自定义指令。 mod\_evasive被配置为使用/etc/httpd/conf.d/mod\_evasive.conf中的指令。与mod\_security不同由于在包升级时没有规则来更新因此我们不需要独立的文件来添加自定义指令。
默认的mod_evasive.conf开启了下列的目录注意这个文件被详细的注释了因此我们剔掉了注释以重点显示配置指令 默认的mod\_evasive.conf开启了下列的目录注意这个文件被详细的注释了因此我们剔掉了注释以重点显示配置指令
<IfModule mod_evasive24.c> <IfModule mod_evasive24.c>
DOSHashTableSize 3097 DOSHashTableSize 3097
@ -140,8 +127,8 @@ mod_evasive被配置为使用/etc/httpd/conf.d/mod_evasive.conf中的指令。
这些指令的解释: 这些指令的解释:
- DOSHashTableSize: 这个指令指明了哈希表的大小它用来追踪基于IP地址的活动。增加这个数字将使查询站点访问历史变得更快,但如果被设置的太高则会影响整体性能。 - DOSHashTableSize: 这个指令指明了哈希表的大小它用来追踪基于IP地址的活动。增加这个数字将使得站点访问历史的查询变得更快,但如果被设置的太大则会影响整体性能。
- DOSPageCount: 在DOSPageInterval间隔内可由一个用户发起的面向特定的URI例如一个Apache托管的文件)的同一个请求的数量。 - DOSPageCount: 在DOSPageInterval间隔内可由一个用户发起的针对特定的URI例如一个Apache 提供服务的文件)的同一个请求的数量。
- DOSSiteCount: 类似DOSPageCount但涉及到整个站点总共有多少的请求可以在DOSSiteInterval间隔内被发起。 - DOSSiteCount: 类似DOSPageCount但涉及到整个站点总共有多少的请求可以在DOSSiteInterval间隔内被发起。
- DOSBlockingPeriod: 如果一个用户超过了DOSSPageCount的限制或者DOSSiteCount他的源IP地址将会在DOSBlockingPeriod期间内被加入黑名单。在DOSBlockingPeriod期间任何从这个IP地址发起的请求将会遭遇一个403禁止错误。 - DOSBlockingPeriod: 如果一个用户超过了DOSSPageCount的限制或者DOSSiteCount他的源IP地址将会在DOSBlockingPeriod期间内被加入黑名单。在DOSBlockingPeriod期间任何从这个IP地址发起的请求将会遭遇一个403禁止错误。
@ -149,7 +136,7 @@ mod_evasive被配置为使用/etc/httpd/conf.d/mod_evasive.conf中的指令。
**一个小警告**: 如果这些值设置的不合适,则您会蒙受阻挡合法用户的风险。 **一个小警告**: 如果这些值设置的不合适,则您会蒙受阻挡合法用户的风险。
您也许想考虑下其他有用的指令: 您也许还会用到以下其它有用的指令:
#### DOSEmailNotify #### #### DOSEmailNotify ####
@ -157,11 +144,11 @@ mod_evasive被配置为使用/etc/httpd/conf.d/mod_evasive.conf中的指令。
# setsebool -P httpd_can_sendmail 1 # setsebool -P httpd_can_sendmail 1
接下来将这个指令和其他指令一起加入到mod_evasive.conf文件。 接下来将这个指令和其他指令一起加入到mod\_evasive.conf文件。
DOSEmailNotify you@yourdomain.com DOSEmailNotify you@yourdomain.com
如果这个值被合适的设置并且您的邮件服务器在正常的运行则当一个IP地址被加入黑名单时会有一封邮件被发送到相应的地址。 如果这个指令设置了合适的值,并且您的邮件服务器在正常的运行则当一个IP地址被加入黑名单时会有一封邮件被发送到相应的地址。
#### DOSSystemCommand #### #### DOSSystemCommand ####
@ -169,31 +156,47 @@ mod_evasive被配置为使用/etc/httpd/conf.d/mod_evasive.conf中的指令。
DOSSystemCommand </command> DOSSystemCommand </command>
这个指令指定当一个IP地址被加入黑名单时执行的命令。它通常结合shell脚本来使用在脚本中添加一条防火墙规则来阻挡某个IP进一步的连接。 这个指令指定当一个IP地址被加入黑名单时执行的命令。它通常结合shell脚本来使用比如在脚本中添加一条防火墙规则来阻挡某个IP进一步的连接。
**写一个shell脚本在防火墙阶段处理IP黑名单** #####写一个shell脚本在防火墙阶段处理IP黑名单#####
当一个IP地址被加入黑名单我们需要阻挡它进一步的连接。我们需要下面的shell脚本来执行这个任务。在/usr/local/bin下创建一个叫做scripts-tecmint的文件夹或其他的名字以及一个叫做ban_ip.sh的文件。 当一个IP地址被加入黑名单我们需要阻挡它进一步的连接。我们需要下面的shell脚本来执行这个任务。在/usr/local/bin下创建一个叫做scripts-tecmint的文件夹或其他的名字以及一个叫做ban_ip.sh的文件。
**用于iptables防火墙**
#!/bin/sh #!/bin/sh
# 由mod_evasive检测出将被阻挡的IP地址 # 由mod_evasive检测出将被阻挡的IP地址
IP=$1 IP=$1
# iptables的完整路径 # iptables的完整路径
IPTABLES="/sbin/iptables" IPTABLES="/sbin/iptables"
# mod_evasive锁文件夹 # mod_evasive锁文件夹
MOD_EVASIVE_LOGDIR=/var/log/mod_evasive mod_evasive_LOGDIR=/var/log/mod_evasive
# 添加下面的防火墙规则 (阻止所有从$IP流入的流量) # 添加下面的防火墙规则 (阻止所有从$IP流入的流量)
$IPTABLES -I INPUT -s $IP -j DROP $IPTABLES -I INPUT -s $IP -j DROP
# 为了未来的检测,移除锁文件 # 为了未来的检测,移除锁文件
rm -f "$MOD_EVASIVE_LOGDIR"/dos-"$IP" rm -f "$mod_evasive_LOGDIR"/dos-"$IP"
**用于firewalld防火墙**
#!/bin/sh
# 由mod_evasive检测出将被阻挡的IP地址
IP=$1
# firewalld-cmd的完整路径
FIREWALL_CMD="/usr/bin/firewall-cmd"
# mod_evasive锁文件夹
mod_evasive_LOGDIR=/var/log/mod_evasive
# 添加下面的防火墙规则 (阻止所有从$IP流入的流量)
$FIREWALL_CMD --zone=drop --add-source $IP
# 为了未来的检测,移除锁文件
rm -f "$mod_evasive_LOGDIR"/dos-"$IP"
我们的DOSSystemCommand指令应该是这样的 我们的DOSSystemCommand指令应该是这样的
DOSSystemCommand "sudo /usr/local/bin/scripts-tecmint/ban_ip.sh %s" DOSSystemCommand "sudo /usr/local/bin/scripts-tecmint/ban_ip.sh %s"
上面一行的%s代表了由mod_evasive检测到的攻击IP地址。 上面一行的%s代表了由mod\_evasive检测到的攻击IP地址。
**将apache用户添加到sudoers文件** #####将apache用户添加到sudoers文件#####
请注意如果您不给予apache用户以无需终端和密码的方式运行我们脚本关键就是这个脚本的权限则这一切都不起作用。通常您只需要以root权限键入visudo来存取/etc/sudoers文件接下来添加下面的两行即可 请注意如果您不给予apache用户以无需终端和密码的方式运行我们脚本关键就是这个脚本的权限则这一切都不起作用。通常您只需要以root权限键入visudo来存取/etc/sudoers文件接下来添加下面的两行即可
@ -201,14 +204,16 @@ mod_evasive被配置为使用/etc/httpd/conf.d/mod_evasive.conf中的指令。
Defaults:apache !requiretty Defaults:apache !requiretty
![](http://www.tecmint.com/wp-content/uploads/2012/06/Add-Apache-User-to-Sudoers.png) ![](http://www.tecmint.com/wp-content/uploads/2012/06/Add-Apache-User-to-Sudoers.png)
添加Apache用户到Sudoers
**重要**: 作为默认的安全策略您只能在终端中运行sudo。由于这个时候我们需要在没有tty的时候运行sudo我们像下面图片中那样必须注释掉下面这一行 *添加Apache用户到Sudoers*
**重要**: 在默认的安全策略下您只能在终端中运行sudo。由于这个时候我们需要在没有tty的时候运行sudo我们必须像下图中那样注释掉下面这一行
#Defaults requiretty #Defaults requiretty
![](http://www.tecmint.com/wp-content/uploads/2012/06/Disable-tty-for-Sudo.png) ![](http://www.tecmint.com/wp-content/uploads/2012/06/Disable-tty-for-Sudo.png)
为Sudo禁用tty
*为Sudo禁用tty*
最后重启web服务器 最后重启web服务器
@ -219,7 +224,7 @@ mod_evasive被配置为使用/etc/httpd/conf.d/mod_evasive.conf中的指令。
有许多工具可以在您的服务器上模拟外部的攻击。您可以google下“tools for simulating ddos attacks”来找一找相关的工具。 有许多工具可以在您的服务器上模拟外部的攻击。您可以google下“tools for simulating ddos attacks”来找一找相关的工具。
注意,您(也只有您)将负责您模拟所造成的结果。请不要考虑向不在您网络中的服务器发起模拟攻击。 注意,您(也只有您)将负责您模拟所造成的结果。请不要考虑向不在您自己网络中的服务器发起模拟攻击。
假如您想对一个由别人托管的VPS做这些事情您需要向您的托管商发送适当的警告或就那样的流量通过他们的网络获得允许。Tecmint.com不会为您的行为负责 假如您想对一个由别人托管的VPS做这些事情您需要向您的托管商发送适当的警告或就那样的流量通过他们的网络获得允许。Tecmint.com不会为您的行为负责
@ -228,21 +233,20 @@ mod_evasive被配置为使用/etc/httpd/conf.d/mod_evasive.conf中的指令。
我们的测试环境由一个CentOS 7服务器[IP 192.168.0.17]和一个Windows组成在Windows[IP 192.168.0.103]上我们发起攻击: 我们的测试环境由一个CentOS 7服务器[IP 192.168.0.17]和一个Windows组成在Windows[IP 192.168.0.103]上我们发起攻击:
![](http://www.tecmint.com/wp-content/uploads/2012/06/Confirm-Host-IPAddress.png) ![](http://www.tecmint.com/wp-content/uploads/2012/06/Confirm-Host-IPAddress.png)
确认主机IP地址
请播放下面的视频并跟从列出的步骤来模拟一个Dos攻击 *确认主机IP地址*
youtube视频发布的时候不行做个链接吧 请播放下面的视频YT 视频,请自备梯子: https://www.youtube.com/-U_mdet06Jk 并跟从列出的步骤来模拟一个Dos攻击
<iframe width="640" height="405" frameborder="0" allowfullscreen="allowfullscreen" src="https://www.youtube.com/embed/-U_mdet06Jk"></iframe>
然后攻击者的IP将被iptables阻挡: 然后攻击者的IP将被防火墙阻挡:
![](http://www.tecmint.com/wp-content/uploads/2012/06/Blocked-Attacker-IP.png) ![](http://www.tecmint.com/wp-content/uploads/2012/06/Blocked-Attacker-IP.png)
阻挡攻击者的IP地址
*阻挡攻击者的IP地址*
### 结论 ### ### 结论 ###
在开启mod_security和mod_evasive的情况下模拟攻击会导致CPU和RAM用量在源IP地址被加入黑名单之前出现短暂几秒的使用峰值。如果没有这些模块模拟攻击绝对会很快将服务器击溃并使服务器在攻击期间无法提供服务。 在开启mod\_security和mod\_evasive的情况下模拟攻击会导致CPU和RAM用量在源IP地址被加入黑名单之前出现短暂几秒的使用峰值。如果没有这些模块模拟攻击绝对会很快将服务器击溃并使服务器在攻击期间无法提供服务。
我们很高兴听见您打算使用(或已经使用过)这些工具。我们期望得到您的反馈,所以,请在留言处留下您的评价和问题,谢谢! 我们很高兴听见您打算使用(或已经使用过)这些工具。我们期望得到您的反馈,所以,请在留言处留下您的评价和问题,谢谢!
@ -253,18 +257,18 @@ mod_evasive被配置为使用/etc/httpd/conf.d/mod_evasive.conf中的指令。
-------------------------------------------------------------------------------- --------------------------------------------------------------------------------
via: http://www.tecmint.com/protect-apache-using-mod_security-and-mod_evasive-on-rhel-centos-fedora/ via: http://www.tecmint.com/protect-apache-using-mod\_security-and-mod\_evasive-on-rhel-centos-fedora/
作者:[Gabriel Cánepa][a] 作者:[Gabriel Cánepa][a]
译者:[wwy-hust](https://github.com/wwy-hust) 译者:[wwy-hust](https://github.com/wwy-hust)
校对:[校对者ID](https://github.com/校对者ID) 校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[a]:http://www.tecmint.com/author/gacanepa/ [a]:http://www.tecmint.com/author/gacanepa/
[1]:http://www.tecmint.com/install-lamp-in-centos-7/ [1]:http://www.tecmint.com/install-lamp-in-centos-7/
[2]:http://www.tecmint.com/configure-firewalld-in-centos-7/ [2]:https://linux.cn/article-4425-1.html
[3]:http://www.tecmint.com/how-to-enable-epel-repository-for-rhel-centos-6-5/ [3]:https://linux.cn/article-2324-1.html
[4]:https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project [4]:https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project
[5]:https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#Configuration_Directives [5]:https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#Configuration_Directives
[6]:https://www.modsecurity.org/ [6]:https://www.modsecurity.org/

View File

@ -1,16 +1,16 @@
为LUKS——加密的磁盘/分区做增量备份 为LUKS加密的磁盘/分区做增量备份
================================================================================ ================================================================================
我们中有些人出于安全原因,在家里或者[VPS][1]上通过[Linux统一密钥配置LUKS][2]为硬盘驱动器加密而这些驱动器的容量很快会增长到数十或数百GB。因此虽然我们享受着LUKS设备带来的安全感但是我们也该开始考虑一个可能的远程备份方案了。对于安全的非现场备份我们将需要在LUKS加密的设备上以块级别操作的东西。因此最后我们发现这么个状况我们每次都需要传输想要做备份的LUKS设备比如说200GB。很明显这是不可行的。我们该怎么来处理这个问题呢 我们中有些人出于安全原因,在家里或者[VPS][1]上通过[Linux统一密钥配置LUKS][2]为硬盘驱动器加密而这些驱动器的容量很快会增长到数十或数百GB。因此虽然我们享受着LUKS设备带来的安全感但是我们也该开始考虑一个可能的远程备份方案了。对于安全的非现场备份我们将需要在LUKS加密的设备上以块级别操作的东西。因此最后我们发现这么个状况我们每次都需要传输想要做备份的整个LUKS设备比如说200GB)。很明显,这是不可行的。我们该怎么来处理这个问题呢?
### 一个解决方案: Bdsync ### ### 一个解决方案: Bdsync ###
这时,一个卓越的开源工具来拯救我们了,它叫[Bdsync][3]多亏了Rolf Fokkens。顾名思义Bdsync可以通过网络同步“块设备”。对于快速同步Bdsync会生成并对比本地/远程块设备的块MD5校验和只同步差异部分。rsync在文件系统级别可以做的Bdsync可以在块设备级别完成。很自然对于LUKS加密的设备它也能工作得很好。相当地灵巧 这时,一个卓越的开源工具来拯救我们了,它叫[Bdsync][3]多亏了Rolf Fokkens。顾名思义Bdsync可以通过网络同步“块设备”。对于快速同步Bdsync会生成并对比本地/远程块设备的块MD5校验和只同步差异部分。rsync在文件系统级别可以做的Bdsync可以在块设备级别完成。很自然对于LUKS加密的设备它也能工作得很好。相当地灵巧
使用Bdsync首次备份将拷贝整个LUKS块设备到远程主机因而会花费大量时间来完成。然而在初始备份后如果我们在LUKS设备新建一些文件再次备份就会很快完成因为我们只需拷贝修改过的块。经典的增量备份在起作用了 使用Bdsync首次备份将拷贝整个LUKS块设备到远程主机因而会花费大量时间来完成。然而在初始备份后如果我们在LUKS设备新建一些文件再次备份就会很快完成因为我们只需拷贝修改过的块。经典的增量备份在起作用了
### 安装Bdsync到Linux ### ### 安装Bdsync到Linux ###
Bdsync并不包含在[Linux][4]发行版的标准仓库中因而你需要从源代码来构建它。使用以下针对特定版本的指令来安装Bdsync及其手册页到你的系统中。 Bdsync并不包含在Linux发行版的标准仓库中因而你需要从源代码来构建它。使用以下针对特定版本的指令来安装Bdsync及其手册页到你的系统中。
#### DebianUbuntu或Linux Mint #### #### DebianUbuntu或Linux Mint ####
@ -46,7 +46,7 @@ Bdsync并不包含在[Linux][4]发行版的标准仓库中,因而你需要从
你第一次运行上面的命令的时候,它会花费很长一段时间,这取决于你的互联网/局域网速度,以及/dev/LOCDEV的大小。记住你必须有两个大小相同的块设备/dev/LOCDEV和/dev/REMDEV 你第一次运行上面的命令的时候,它会花费很长一段时间,这取决于你的互联网/局域网速度,以及/dev/LOCDEV的大小。记住你必须有两个大小相同的块设备/dev/LOCDEV和/dev/REMDEV
下一步是要将补丁文件从本地主机拷贝到远程主机。一种可能是使用scp 下一步是要将补丁文件从本地主机拷贝到远程主机。一种方式是使用scp
# scp /some_local_path/DEV.bdsync.gz root@remote_host:/remote_path # scp /some_local_path/DEV.bdsync.gz root@remote_host:/remote_path
@ -58,7 +58,7 @@ Bdsync并不包含在[Linux][4]发行版的标准仓库中,因而你需要从
### 尾声 ### ### 尾声 ###
小结之我们演示了如何使用Bdsync来为LUKS设备实施增量备份。和rsync一样每次备份只有一小部分数据而不是整个LUKS设备需要被推送到非现场备份点这样会节省带宽和备份时间。剩下来需要保证所有数据传输通过SSH或SCP加固安全事实上设备自身是由LUKS加密的。也可以通过使用可以运行bdsync的专用用户而非root来改该配置。我们也可以将bdsync用于任何块设备如LVM卷或RAID磁盘也可以很轻易地设置Bdsync备份本地磁盘到USB驱动器上。如你所见它有着无限可能性 小结之我们演示了如何使用Bdsync来为LUKS设备实施增量备份。和rsync一样每次备份只有一小部分数据而不是整个LUKS设备需要被推送到非现场备份点这样会节省带宽和备份时间。剩下来需要通过SSH或SCP来保证所有数据传输的安全事实上设备自身是由LUKS加密的。也可以通过使用可以运行bdsync的专用用户而非root来改该配置。我们也可以将bdsync用于任何块设备如LVM卷或RAID磁盘也可以很轻易地设置Bdsync备份本地磁盘到USB驱动器上。如你所见它有着无限可能性
随时分享你的想法。 随时分享你的想法。
@ -68,7 +68,7 @@ via: http://xmodulo.com/remote-incremental-backup-luks-encrypted-disk-partition.
作者:[Iulian Murgulet][a] 作者:[Iulian Murgulet][a]
译者:[GOLinux](https://github.com/GOLinux) 译者:[GOLinux](https://github.com/GOLinux)
校对:[校对者ID](https://github.com/校对者ID) 校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
@ -77,4 +77,4 @@ via: http://xmodulo.com/remote-incremental-backup-luks-encrypted-disk-partition.
[2]:http://xmodulo.com/how-to-create-encrypted-disk-partition-on-linux.html [2]:http://xmodulo.com/how-to-create-encrypted-disk-partition-on-linux.html
[3]:http://bdsync.rolf-fokkens.nl/ [3]:http://bdsync.rolf-fokkens.nl/
[4]:http://xmodulo.com/recommend/linuxbook [4]:http://xmodulo.com/recommend/linuxbook
[5]:http://xmodulo.com/how-to-enable-ssh-login-without.html [5]:https://linux.cn/article-5444-1.html

View File

@ -0,0 +1,127 @@
Linux Humor on the Command-line
================================================================================
The desktop is full of eye candy. It enhances the visual experience and, in some cases, can also increase functionality of software. But it also makes software fun. Working on the command-line does not have to be always serious. If you want some fun on the command-line, there are lots of commands to raise a smile.
Linux is a fun operating system. Linux offers a vast collection of small open source utilities that perform functions ranging from the obvious to the bizarre. It is the quality and selection of these tools that help Linux stand out. Check out these 7 small utilities.
### lolcat ###
![lolcat](http://www.linuxlinks.com/portal/content/reviews/Misc/Screenshot-lolcat.png)
lolcat is a program that concatenates files, or standard input, to standard output (like the generic cat), and adds rainbow coloring to it.
lolcat is often combined with other tools such as toilet or figlet to generate text. This software should not be confused with a lolcat; an image macro of one or more cats.
lolcat was written by Moe.
Website: [github.com][1]
### cowsay ###
![cowsay](http://www.linuxlinks.com/portal/content/reviews/Misc/Screenshot-cowsay.png)
cowsay is a configurable open source program which generates ASCII pictures of a cow with a message in a speech bubble. cowsay is written in Perl.
cowsay is not limited to generating pictures of cows. It can generate pre-made images of other animals including a duck, elephant, koala, moose, pony, sheep, stegosaurus, and turkey, as well as cheese, snowman, and a skeleton.
There is a related program called cowthink, which generates cows with thought bubbles, as opposed to speech bubbles.
Features include:
- Make scripts more interesting
- Borg mode
- Ways to alter the way the cow looks, for example making the cow look greedy, paranoid, stoned, tired, wired, youthful and more
- xcowsay variant available
Website: [nog.net][2]
### doge ###
![doge](http://www.linuxlinks.com/portal/content/reviews/Misc/Screenshot-doge.png)
doge is a simple motd script based on the slightly stupid but very funny doge meme. It prints random grammatically incorrect statements that are sometimes based on things from your computer.
Doge is an Internet meme that became popular in 2013. The meme typically consists of a picture of a Shiba Inu accompanied by multicolored text in Comic Sans font in the foreground. The text, representing a kind of internal monologue, is deliberately written in a form of broken English.
- Randomly placed and colored random strings, complete with broken english
- Awesome Shibe in the terminal
- Fetching of system data, such as hostname, running processes, current user and $EDITOR
- If you have lolcat, you can do this gem: while true; do doge | lolcat -a -d 100 -s 100 -p 1; done
- stdin support: ls /usr/bin | doge will doge-print some of the executables found in /usr/bin. wow. There are also multiple command line switches that control filtering and statistical frequency of words
Website: [github.com/thiderman/doge][3]
### ASCIIQuarium ###
![Asciiquarium](http://www.linuxlinks.com/portal/content/reviews/Misc/Screenshot-Asciiquarium.png)
ASCIIQuarium is an aquarium/sea animation in ASCII art. Enjoy the fascinating creatures that live in the water from your computer.
To run ASCIIQuarium you need to have installed Perl's curses package, and the Term::Animation module. To install the former, type sudo apt-get install libcurses-perl. To install the latter, type sudo cpan Term::Animation, both at the command line.
Features include:
- Multicolored fish
- Amusing animations, including a fish hook
- There are swans, ducks, dolphins, and ships too
Website: [www.robobunny.com][4]
### sl - Steam Locomotive ###
![sl](http://www.linuxlinks.com/portal/content/reviews/Misc/Screenshot-sl.png)
sl is an amusing command line tool that displays animations to correct users who accidentally type sl instead of ls.
I'm rather sloppy at typing, preferring speed to accuracy. But typos can be a tad dangerous on the command line. So sl can serve as a practical reminder of curing a bad habit of mistyping. It always raises a chuckle too.
Features include:
- With -F, train flies
- With -l, it shows a small train
- With -a, an accident seems to happen
Website: [github.com/mtoyoda/sl][5]
### aafire ###
![aafire](http://www.linuxlinks.com/portal/content/reviews/Misc/Screenshot-aafire.png)
aafire displays burning ASCII art flames in the terminal. It demonstrates the the capabilities of the aalib library, an ascii art library.
Website: [aa-project.sourceforge.net/aalib][6]
### CMatrix ###
![CMatrix](http://www.linuxlinks.com/portal/content/reviews/Misc/Screenshot-CMatrix.png)
CMatrix is an ncurses program that simulates the display from "The Matrix". If you have been living in a cave for the past 15 years, you might not know The Matrix is a 1999 American science fiction acting film starring Keanu Reeves, Laurence Fishburne, Carrie-Anne Moss, Hugo Weaving, and Joe Pantoliano.
It works with terminal settings up to 132x300 and can scroll lines all at the same rate or asynchronously and at a user-defined speed.
Features include:
- Change the text colour
- Turn on bold characters
- Asynchronous scroll
- Use old-style scrolling
- "Screensaver" mode
Website: [www.asty.org/cmatrix][7]
--------------------------------------------------------------------------------
via: http://www.linuxlinks.com/article/20150614112018846/Humor.html
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出
[1]:https://github.com/busyloop/lolcat
[2]:https://web.archive.org/web/20120225123719/http://www.nog.net/%7Etony/warez/cowsay.shtml
[3]:https://github.com/thiderman/doge
[4]:http://www.robobunny.com/projects/asciiquarium/html/
[5]:https://github.com/mtoyoda/sl
[6]:http://aa-project.sourceforge.net/aalib/
[7]:http://www.asty.org/cmatrix/

View File

@ -1,3 +1,4 @@
sevenot translating
The top 10 rookie open source projects The top 10 rookie open source projects
================================================================================ ================================================================================
Black Duck presents its Open Source Rookies of the Year -- the 10 most exciting, active new projects germinated by the global open source community Black Duck presents its Open Source Rookies of the Year -- the 10 most exciting, active new projects germinated by the global open source community
@ -150,4 +151,4 @@ via: http://www.infoworld.com/article/2875439/open-source-software/the-top-10-ro
[20]:https://www.blackducksoftware.com/open-source-rookies [20]:https://www.blackducksoftware.com/open-source-rookies
[21]:http://www.infoworld.com/article/2871935/application-development/infoworlds-2015-technology-of-the-year-award-winners.html [21]:http://www.infoworld.com/article/2871935/application-development/infoworlds-2015-technology-of-the-year-award-winners.html
[22]:http://www.infoworld.com/article/2688104/open-source-software/article.html [22]:http://www.infoworld.com/article/2688104/open-source-software/article.html
[23]:http://www.infoworld.com/article/2854954/microsoft-windows/15-essential-open-source-tools-for-windows-admins.html [23]:http://www.infoworld.com/article/2854954/microsoft-windows/15-essential-open-source-tools-for-windows-admins.html

View File

@ -1,59 +0,0 @@
translating wi-cuckoo
No reboot patching comes to Linux 4.0
================================================================================
> **Summary**:With the new Linux 4.0 kernel, you'll need to reboot Linux less often than ever.
With [Linux 4.0][1], you may never need to reboot your operating system again.
![Using Linux means never having to reboot. -- SUSE ](http://zdnet4.cbsistatic.com/hub/i/r/2015/03/02/5e766833-454b-45b5-a8f7-a55d21e9d26a/resize/270x270/4d0774552c342a1507784ef802619b71/livepatching.jpg)
Using Linux means never having to reboot. -- SUSE
One reason to love Linux on your servers or in your data-center is that you so seldom needed to reboot it. True, critical patches require a reboot, but you could go months without rebooting. Now, with the latest changes to the Linux kernel you may be able to go years between reboots.
This is actually a feature that was available in Linux in 2009 thanks to a program called [Ksplice][2]. This program compares the original and patched kernels and then uses a customized kernel module to patch the new code into the running kernel. Each Ksplice-enabled kernel comes with a special set of flags for each function that will be patched. The [Ksplice process][3] then watches for a moment when the code for the function being patched isn't in use, and ta-da, the patch is made and your server runs on.
[Oracle acquired Ksplice][4] in 2011, and kept it just for its own [Oracle Linux][5], a [Red Hat Enterprise Linux (RHEL)][6] clone, and as a RHEL subscription service. That left all the other enterprise and server Linux back where they started.
Then [KernelCare released a service that could provide bootless patches][7] for most enterprise Linux distros. This program use proprietary software and is only available as a service with a monthly fee. That was a long way from satisfying many Linux system administrators.
So, [Red Hat][8] and [SUSE][9] both started working on their own purely open-source means of giving Linux the ability to keep running even while critical patches were being installed. Red Hat's program was named [kpatch][10], while SUSE' is named [kGraft][11].
The two companies took different approaches. Kpatch issues a stop_machine() command. After that it looks at the stack of existing processes using [ftrace][12] and, if the patch can be made safely, it redirects the running code to the patched functions and then removes the now outdated code.
Kgraft also uses ftrace, but it works on the thread level. When an old function is called it makes sure the thread reaches a point that it can switch to the new function.
While the end result is the same, the operating system keeps running while patches are made, there are significant differences in performance. Kpatch takes from one to forty milliseconds, while kGraft might take several minutes but there's never even a millisecond of down time.
At the Linux Plumbers Conference in October 2014, the two groups got together and started work on a way to [patch Linux without rebooting that combines the best of both programs][13]. Essentially, what they ended up doing was putting both kpatch and kGraft in the 4.0 Linux kernel.
Jiri Kosina, a SUSE software engineer and Linux kernel developer, explained, that live-patching in the Linux kernel will "provides a basic infrastructure for function "live patching" (i.e. code redirection), including API [application programming interface] for kernel modules containing the actual patches, and API/ABI [application binary interface] for userspace to be able to operate on the patches. This is "relatively simple and minimalistic, as it's making use of existing kernel infrastructure (namely ftrace) as much as possible. It's also self-contained, in a sense that it doesn't hook itself in any other kernel subsystem (it doesn't even touch any other code)."
The release candidate for Linux 4.0 is now out. Kosina stated that "It's now implemented for x86 only as a reference architecture, but support for powerpc, s390 and arm is already in the works." And, indeed, the source code for these architectures is already in the [Live Patching Git code][14].
Simply having the code in there is just the start. Your Linux distribution will have to support it with patches that can make use of it. With both Red Hat and SUSE behind it, live patching will soon be the default in all serious business Linux distributions.
--------------------------------------------------------------------------------
via: http://www.zdnet.com/article/no-reboot-patching-comes-to-linux-4-0/#ftag=RSSbaffb68
作者:[Steven J. Vaughan-Nichols][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[a]:http://www.zdnet.com/meet-the-team/us/sjvn/
[1]:http://www.zdnet.com/article/linux-kernel-turns-over-release-odometer-to-4-0/
[2]:http://www.computerworld.com/article/2466389/open-source-tools/never-reboot-again-with-linux-and-ksplice.html
[3]:http://www.ksplice.com/
[4]:http://www.zdnet.com/article/oracle-acquires-zero-downtime-linux-upgrade-software/
[5]:http://www.oracle.com/us/technologies/linux/overview/index.html
[6]:http://www.redhat.com/en/technologies/linux-platforms/enterprise-linux
[7]:http://www.zdnet.com/article/kernelcare-new-no-reboot-linux-patching-system/
[8]:http://www.redhat.com/
[9]:http://www.suse.com/
[10]:http://rhelblog.redhat.com/2014/02/26/kpatch/
[11]:http://www.zdnet.com/article/suse-gets-live-patching/
[12]:http://elinux.org/Ftrace
[13]:http://linuxplumbersconf.org/2014/wp-content/uploads/2014/10/LPC2014_LivePatching.txt
[14]:https://kernel.googlesource.com/pub/scm/linux/kernel/git/jikos/livepatching/+/9ec0de0ee0c9f0ffe4f72da9158194121cc22807

View File

@ -1,3 +1,4 @@
translating wi-cuckoo
PHP at 20: From pet project to powerhouse PHP at 20: From pet project to powerhouse
================================================================================ ================================================================================
![](http://images.techhive.com/images/article/2015/06/13049862325_8c97a11878_z-100590275-primary.idge.jpg) ![](http://images.techhive.com/images/article/2015/06/13049862325_8c97a11878_z-100590275-primary.idge.jpg)
@ -79,4 +80,4 @@ via: http://www.infoworld.com/article/2933858/php/php-at-20-from-pet-project-to-
[8]:https://wiki.php.net/todo/php70#timetable [8]:https://wiki.php.net/todo/php70#timetable
[9]:http://talks.php.net/velocity15 [9]:http://talks.php.net/velocity15
[10]:http://www.php-fig.org/psr/psr-7/ [10]:http://www.php-fig.org/psr/psr-7/
[11]:http://phpmentoring.org/ [11]:http://phpmentoring.org/

View File

@ -1,3 +1,5 @@
translating by wwy-hust
What is good audio editing software on Linux What is good audio editing software on Linux
================================================================================ ================================================================================

View File

@ -1,73 +0,0 @@
Extend Swap Space using Swap file in Linux
================================================================================
There are some scenarios where our Linux box is running out of swap space so in that case we can extend the swap space using swap partition but due to unavailability of free partitions on the disk, we are unable to extend it.
So in such cases we can extend or increase swap space using a swap file
### Below are the Steps to extend Swap Space using Swap File in Linux ###
Lets first check the size of existing swap space / partition using the command like **free -m** and **swapon -s**
![](http://www.linuxtechi.com/wp-content/uploads/2015/06/free-output-with-swap.jpg)
free-output-with-swap
In my case size of swap partition is 2 GB. So we will be extending swap space by 1 GB.
#### Step:1 Create a swap file of size 1 GB using below dd Command ####
[root@linuxtechi ~]# dd if=/dev/zero of=/swap_file bs=1G count=1
1+0 records in
1+0 records out
1073741824 bytes (1.1 GB) copied, 414.898 s, 2.6 MB/s
[root@linuxtechi ~]#
Replace the value of **bs** and **count** according your requirement.
#### Step:2 Secure the swap file with permissions 644. ####
[root@linuxtechi ~]# chmod 600 /swap_file
#### Step:3 Enable the Swap Area on the file (swap_file) ####
Use mkswap command to enable swap area
[root@linuxtechi ~]# mkswap /swap_file
Setting up swapspace version 1, size = 1048572 KiB
no label, UUID=f7b3ae59-c09a-4dc2-ba4d-c02abb7db33b
[root@linuxtechi ~]#
#### Step:4 Add the swap file entry in the fstab file ####
Add the below entry in the fstab file so that swap file become persistent across every reboot.
/swap_file swap swap defaults 0 0
![swap-file-fstab-entry](http://www.linuxtechi.com/wp-content/uploads/2015/06/swap-file-fstab-entry.jpg)
#### Step:5 Enable the swap file using mkswap on command. ####
[root@linuxtechi ~]# swapon /swap_file
[root@linuxtechi ~]#
#### Step:6 Now verify the swap space ####
![swap-space-after-extension](http://www.linuxtechi.com/wp-content/uploads/2015/06/swap-space-after-extension.jpg)
**Note**: To disable the swap file for any troubleshooting point of view, use swapoff command as shown below and to re-enable swap file then use swapon command as shown in step5.
[root@linuxtechi ~]# swapoff /swap_file
[root@linuxtechi ~]#
Please share your valuable inputs and comments of this article.
--------------------------------------------------------------------------------
via: http://www.linuxtechi.com/extend-swap-space-using-swap-file-in-linux/
作者:[Pradeep Kumar][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://www.linuxtechi.com/author/pradeep/

View File

@ -0,0 +1,238 @@
Installing LAMP (Linux, Apache, MariaDB, PHP/PhpMyAdmin) in RHEL/CentOS 7.0
================================================================================
Skipping the LAMP introduction, as Im sure that most of you know what is all about. This tutorial will concentrate on how to install and configure famous LAMP stack Linux Apache, MariaDB, PHP, PhpMyAdmin on the last release of Red Hat Enterprise Linux 7.0 and CentOS 7.0, with the mention that both distributions have upgraded httpd daemon to Apache HTTP 2.4.
![Install LAMP in CentOS 7](http://www.tecmint.com/wp-content/uploads/2014/07/Install-LAMP-in-CentOS-7.jpg)
Install LAMP in RHEL/CentOS 7.0
#### Requirements ####
Depending on the used distribution, RHEL or CentOS 7.0, use the following links to perform a minimal system installation, using a static IP Address for network configuration.
**For RHEL 7.0**
- [RHEL 7.0 Installation Procedure][1]
- [Register and Enable Subscriptions/Repositories on RHEL 7.0][2]
**For CentOS 7.0**
- [CentOS 7.0 Installation Procedure][3]
### Step 1: Install Apache Server with Basic Configurations ###
**1. After performing a minimal system installation and configure your server network interface with a [Static IP Address on RHEL/CentOS 7.0][4], go ahead and install Apache 2.4 httpd service binary package provided form official repositories using the following command.**
# yum install httpd
![Install Apache in CentOS 7](http://www.tecmint.com/wp-content/uploads/2014/07/Install-Apache-in-CentOS-7.png)
Install Apache Web Server
**2. After yum manager finish installation, use the following commands to manage Apache daemon, since RHEL and CentOS 7.0 both migrated their init scripts from SysV to systemd you can also use SysV and Apache scripts the same time to manage the service.**
# systemctl status|start|stop|restart|reload httpd
OR
# service httpd status|start|stop|restart|reload
OR
# apachectl configtest| graceful
![Start Apache in CentOS 7](http://www.tecmint.com/wp-content/uploads/2014/07/Start-Apache-in-CentOS-7.png)
Start Apache Web Server
**3. On the next step start Apache service using systemd init script and open RHEL/CentOS 7.0 Firewall rules using firewall-cmd, which is the default command to manage iptables through firewalld daemon.**
# firewall-cmd --add-service=http
**NOTE**: Make notice that using this rule will lose its effect after a system reboot or firewalld service restart, because it opens on-fly rules, which are not applied permanently. To apply consistency iptables rules on firewall use permanent option and restart firewalld service to take effect.
# firewall-cmd --permanent --add-service=http
# systemctl restart firewalld
![Enable Firewall in CentOS 7](http://www.tecmint.com/wp-content/uploads/2014/07/Enable-Firewall-in-CentOS-7.png)
Enable Firewall in CentOS 7
Other important Firewalld options are presented below:
# firewall-cmd --state
# firewall-cmd --list-all
# firewall-cmd --list-interfaces
# firewall-cmd --get-service
# firewall-cmd --query-service service_name
# firewall-cmd --add-port=8080/tcp
**4. To verify Apache functionality open a remote browser and type your server IP Address using HTTP protocol on URL (http://server_IP), and a default page should appear like in the screenshot below.**
![Apache Default Page](http://www.tecmint.com/wp-content/uploads/2014/07/Apache-Default-Page.png)
Apache Default Page
**5. For now, Apache DocumentRoot path its set to /var/www/html system path, which by default doesnt provide any index file. If you want to see a directory list of your DocumentRoot path open Apache welcome configuration file and set Indexes statement from to + on <LocationMach> directive, using the below screenshot as an example.**
# nano /etc/httpd/conf.d/welcome.conf
![Apache Directory Listing](http://www.tecmint.com/wp-content/uploads/2014/07/Apache-Directory-Listing.png)
Apache Directory Listing
**6. Close the file, restart Apache service to reflect changes and reload your browser page to see the final result.**
# systemctl restart httpd
![Apache Index File](http://www.tecmint.com/wp-content/uploads/2014/07/Apache-Index-File.png)
Apache Index File
### Step 2: Install PHP5 Support for Apache ###
**7. Before installing PHP5 dynamic language support for Apache, get a full list of available PHP modules and extensions using the following command.**
# yum search php
![Install PHP in CentOS 7](http://www.tecmint.com/wp-content/uploads/2014/07/Install-PHP-in-CentOS-7.png)
Install PHP in CentOS 7
**8. Depending on what type of applications you want to use, install the required PHP modules from the above list, but for a basic MariaDB support in PHP and PhpMyAdmin you need to install the following modules.**
# yum install php php-mysql php-pdo php-gd php-mbstring
![Install PHP Modules in CentOS 7](http://www.tecmint.com/wp-content/uploads/2014/07/Install-PHP-Modules-in-CentOS-7.png)
Install PHP Modules
![Install PHP mbstring Module](http://www.tecmint.com/wp-content/uploads/2014/07/Install-PHP-mbstring-in-CentOs-7.png)
Install PHP mbstring Module
**9. To get a full information list on PHP from your browser, create a info.php file on Apache Document Root using the following command from root account, restart httpd service and direct your browser to the http://server_IP/info.php address.**
# echo "<?php phpinfo(); ?>" > /var/www/html/info.php
# systemctl restart httpd
![Check PHP Info in CentOS 7](http://www.tecmint.com/wp-content/uploads/2014/07/Check-PHP-Info-in-CentOS-7.png)
Check PHP Info in CentOS 7
**10. If you get an error on PHP Date and Timezone, open php.ini configuration file, search and uncomment date.timezone statement, append your physical location and restart Apache daemon.**
# nano /etc/php.ini
Locate and change date.timezone line to look like this, using [PHP Supported Timezones list][5].
date.timezone = Continent/City
![Set Timezone in PHP](http://www.tecmint.com/wp-content/uploads/2014/07/Set-Time-Zone-in-CentOS.png)
Set Timezone in PHP
### Step 3: Install and Configure MariaDB Database ###
**11. Red Hat Enterprise Linux/CentOS 7.0 switched from MySQL to MariaDB for its default database management system. To install MariaDB database use the following command.**
# yum install mariadb-server mariadb
![Install MariaDB in CentOS 7](http://www.tecmint.com/wp-content/uploads/2014/07/Install-MariaDB-in-CentOs-7.png)
Install MariaDB in CentOS 7
**12. After MariaDB package is installed, start database daemon and use mysql_secure_installation script to secure database (set root password, disable remotely logon from root, remove test database and remove anonymous users).**
# systemctl start mariadb
# mysql_secure_installation
![Start MariaDB Database](http://www.tecmint.com/wp-content/uploads/2014/07/Start-MariaDB-in-CentOS-7.png)
Start MariaDB Database
![Secure MySQL Installation](http://www.tecmint.com/wp-content/uploads/2014/07/Secure-MySQL-Installation.png)
Secure MySQL Installation
**13. To test database functionality login to MariaDB using its root account and exit using quit statement.**
mysql -u root -p
MariaDB > SHOW VARIABLES;
MariaDB > quit
![Connect MySQL Database in CentOS](http://www.tecmint.com/wp-content/uploads/2014/07/Connect-MySQL-Installation.png)
Connect MySQL Database
### Step 4: Install PhpMyAdmin ###
**14. By default official RHEL 7.0 or CentOS 7.0 repositories doesnt provide any binary package for PhpMyAdmin Web Interface. If you are uncomfortable using MySQL command line to manage your database you can install PhpMyAdmin package by enabling CentOS 7.0 rpmforge repositories using the following command.**
# yum install http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el7.rf.x86_64.rpm
After enabling rpmforge repository, next install PhpMyAdmin.
# yum install phpmyadmin
![Enable RPMForge in CentOS 7](http://www.tecmint.com/wp-content/uploads/2014/07/Enable-RPMForge-in-CentOS-7.png)
Enable RPMForge Repository
**15. Next configure PhpMyAdmin to allow connections from remote hosts by editing phpmyadmin.conf file, located on Apache conf.d directory, commenting the following lines.**
# nano /etc/httpd/conf.d/phpmyadmin.conf
Use a # and comment this lines.
# Order Deny,Allow
# Deny from all
# Allow from 127.0.0.1
![Allow Remote PhpMyAdmin Access](http://www.tecmint.com/wp-content/uploads/2014/07/Allow-Remote-PhpMyAdmin-Access.png)
Allow Remote PhpMyAdmin Access
**16. To be able to login to PhpMyAdmin Web interface using cookie authentication method add a blowfish string to phpmyadmin config.inc.php file like in the screenshot below using the [generate a secret string][6], restart Apache Web service and direct your browser to the URL address http://server_IP/phpmyadmin/.**
# nano /etc/httpd/conf.d/phpmyadmin.conf
# systemctl restart httpd
![Add Blowfish in PhpMyAdmin](http://www.tecmint.com/wp-content/uploads/2014/07/Add-Blowfish-PhpMyAdmin.png)
Add Blowfish in PhpMyAdmin
![PhpMyAdmin Dashboard](http://www.tecmint.com/wp-content/uploads/2014/07/Login-to-PhpMyAdmin.png)
PhpMyAdmin Dashboard
### Step 5: Enable LAMP System-wide ###
**17. If you need MariaDB and Apache services to be automatically started after reboot issue the following commands to enable them system-wide.**
# systemctl enable mariadb
# systemctl enable httpd
![Enable Services System Wide](http://www.tecmint.com/wp-content/uploads/2014/07/Enable-Services-System-Wide.png)
Enable Services System Wide
Thats all it takes for a basic LAMP installation on Red Hat Enterprise 7.0 or CentOS 7.0. The next series of articles related to LAMP stack on CentOS/RHEL 7.0 will discuss how to create Virtual Hosts, generate SSL Certificates and Keys and add SSL transaction support for Apache HTTP Server.
--------------------------------------------------------------------------------
via: http://www.tecmint.com/install-lamp-in-centos-7/
作者:[Matei Cezar][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://www.tecmint.com/author/cezarmatei/
[1]:http://www.tecmint.com/redhat-enterprise-linux-7-installation/
[2]:http://www.tecmint.com/enable-redhat-subscription-reposiories-and-updates-for-rhel-7/
[3]:http://www.tecmint.com/centos-7-installation/
[4]:http://www.tecmint.com/configure-network-interface-in-rhel-centos-7-0/
[5]:http://php.net/manual/en/timezones.php
[6]:http://www.question-defense.com/tools/phpmyadmin-blowfish-secret-generator

View File

@ -0,0 +1,177 @@
LINUX 101: POWER UP YOUR SHELL
================================================================================
> Get a more versatile,featureful and colourful command line interface with our guide to shell basics.
**WHY DO THIS?**
- Make life at the shell prompt easier and faster.
- Resume sessions after losing a connection.
- Stop pushing around that fiddly rodent!
![bash1](http://www.linuxvoice.com/wp-content/uploads/2015/02/bash1-large15.png)
Heres our souped-up prompt on steroids. Its a bit long for this small terminal window, but you can tweak it to your liking.
As a Linux user, youre probably familiar with the shell (aka command line). You may pop up the occasional terminal now and then for some essential jobs that you cant do at the GUI, or perhaps you live in a tiling window manager environment and the shell is your main way of interacting with your Linux box.
In either case, youre probably using the stock Bash configuration that came with your distro and while its powerful enough for most jobs, it could still be a lot better. In this tutorial well show you how to pimp up your shell to make it more informative, useful and pleasant to work in. Well customise the prompt to make it provide better feedback than the defaults, and well show you how to manage sessions and run multiple programs together with the incredibly cool tmux tool. And for a bit of eye candy, well look at colour schemes as well. So, onwards!
### Make your prompt sing ###
Most distributions ship with very plain prompts they show a bit of information, and generally get you by, but the prompt can do so much more. Take the default prompt on a Debian 7 installation, for instance:
mike@somebox:~$
This shows the user, hostname, current directory and account type symbol (if you switch to root, the **$** changes to #). But where is this information stored? The answer is in the **PS1** environment variable. If you enter **echo $PS1** youll see this at the end of the text string that appears:
u@h:w$
This looks a bit ugly, and at first glance you might start screaming, assuming it to be a dreaded regular expression, but were not going to fry our brains with the complexity of those. No, the slashes here are escape sequences, telling the prompt to do special things. The **u** part, for instance, tells the prompt to show the username, while w means the working directory.
Heres a list of things you can use in the prompt:
- d The current date.
- h The hostname.
- n A newline character.
- A The current time (HH:MM).
- u The current user.
- w (lowercase) The whole working directory.
- W (uppercase) The basename of the working directory.
- $ A prompt symbol that changes to # for root.
- ! The shell history number of this command.
To clarify the difference in the **w** and **W** options: with the former, youll see the whole path for the directory in which youre working (eg **/usr/local/bin**), whereas for the latter it will just show the **bin** part.
Now, how do you go about changing the prompt? You need to modify the contents of the **PS1** environment variable. Try this:
export PS1=”I am u and it is A $”
Now your prompt will look something like:
I am mike and it is 11:26 $
From here you can experiment with the other escape sequences shown above to create the prompt of your dreams. But wait a second when you log out, all of your hard work will be lost, because the value of the **PS1** environment variable is reset each time you start a terminal. The simplest way to fix this is to open the **.bashrc** configuration file (in your home directory) and add the complete export command to the bottom. This **.bashrc** file will be read by Bash every time you start a new shell session, so your beefed-up prompt will always appear. You can also spruce up your prompt with extra colour. This is a bit tricky at first, as you have to use some rather odd-looking escape sequences, but the results can be great. Add this to a point in your **PS1** string and it will change the text to red:
[e[31m]
You can change 31 here to other numbers for different colours:
- 30 Black
- 32 Green
- 33 Yellow
- 34 Blue
- 35 Magenta
- 36 Cyan
- 37 White
So, lets finish off this section by creating the mother of all prompts, using the escape sequences and colours weve already looked at. Take a deep breath, flex your fingers, and then type this beast:
export PS1=”(!) [e[31m][A] [e[32m]u@h [e[34m]w [e[30m]$ “
This provides a Bash command history number, current time, and colours for the user/hostname combination and working directory. If youre feeling especially ambitious, you can change the background colours as well as the foreground ones, for really striking combinations. The ever useful Arch wiki has a full list of colour codes: [http://tinyurl.com/3gvz4ec][1].
> ### Shell essentials ###
>
> If youre totally new to Linux and have just picked up this magazine for the first time, you might find the tutorial a bit heavy going. So here are the basics to get you familiar with the shell. Its usually found as Terminal, XTerm or Konsole in your menus, and when you start it the most useful commands are:
>
> **ls** (list files); **cp one.txt two.txt** (copy file); **rm file.txt** (remove file); **mv old.txt new.txt** (move or rename);
>
> **cd /some/directory** (change directory); **cd ..** (change to directory above); **./program** (run program in current directory); **ls > list.txt** (redirect output to a file).
>
> Almost every command has a manual page explaining options (eg **man ls** press Q to quit the viewer). There you can learn about command options, so you can see that **ls -la** shows a detailed list including hidden files. Use the up and down cursor keys to cycle through previous commands, and use Tab after entering part of a file or directory name to auto-complete it.
### Tmux: A window manager for your shell ###
A window manager inside a text mode environment it sounds crazy, right? Well, do you remember when web browsers first implemented tabbed browsing? It was a major step forward in usability at the time, and reduced clutter in desktop taskbars and window lists enormously. Instead of having taskbar or pager icons for every single site you had open, you just had the one button for your browser, and then the ability to switch sites inside the browser itself. It made an awful lot of sense.
If you end up running several terminals at the same time, a similar situation occurs; you might find it annoying to keep jumping between them, and finding the right one in your taskbar or window list each time. With a text-mode window manager you can not only run multiple shell sessions simultaneously inside the same terminal window, but you can even arrange them side-by-side.
And theres another benefit too: detaching and reattaching. The best way to see how this works is to try it yourself. In a terminal window, enter **screen** (its installed by default on most distros, or will be available in your package repositories). Some welcome text appears just hit Enter to dismiss it. Now run an interactive text mode program, such as **nano**, and close the terminal window.
In a normal shell session, the act of closing the window would terminate every process running inside it so your Nano editing session would be a goner. But not with screen. Open a new terminal and enter:
screen -r
And voilà: the Nano session you started before is back!
When you originally ran **screen**, it created a new shell session that was independent and not tied to a specific terminal window, so it could be detached and reattached (hence the **-r** option) later.
This is especially useful if youre using SSH to connect to another machine, doing some work, and dont want a flaky connection to ruin all your progress. If you do your work inside a **screen** session and your connection goes down (or your laptop battery dies, or your computer explodes), you can simply reconnect/recharge/buy a new computer, then SSH back in to the remote box, run **screen -r** to reattach and carry on from where you left off.
Now, weve been talking about GNU **screen** here, but the title of this section mentions tmux. Essentially, **tmux** (terminal multiplexer) is like a beefed up version of **screen** with lots of useful extra features, so were going to focus on it here. Some distros include **tmux** by default; in others its usually just an **apt-get, yum install** or **pacman -S** command away.
Once you have it installed, enter **tmux** to start it. Youll notice right away that theres a green line of information along the bottom. This is very much like a taskbar from a traditional window manager: theres a list of running programs, the hostname of the machine, a clock and the date. Now run a program, eg Nano again, and hit Ctrl+B followed by C. This creates a new window inside the tmux session, and you can see this in the taskbar at the bottom:
0:nano- 1:bash*
Each window has a number, and the currently displayed program is marked with an asterisk symbol. Ctrl+B is the standard way of interacting with tmux, so if you hit that key combo followed by a window number, youll switch to that window. You can also use Ctrl+B followed by N and P to switch to the next and previous windows respectively or use Ctrl+B followed by L to switch between the two most recently used windows (a bit like the classic Alt+Tab behaviour on the desktop). To get a window list, use Ctrl+B followed by W.
So far, so good: you can now have multiple programs running inside a single terminal window, reducing clutter (especially if you often have multiple SSH logins active on the same remote machine). But what about seeing two programs at the same time?
For this, tmux uses “panes”. Hit Ctrl+B followed by % and the current window will be split into two sections, one on the left and one on the right. You can switch between them Using Ctrl+B followed by O. This is especially useful if you want to see two things at the same time eg a manual page in one pane, and an editor with a configuration file in another.
Sometimes youll want to resize the individual panes, and this is a bit trickier. First you have to hit Ctrl+B followed by : (colon), which turns the tmux bar along the bottom into a dark orange colour. Youre now in command mode, where you can type in commands to operate tmux. Enter **resize-pane -R** to resize the current pane one character to the right, or use **-L** to resize in a leftward direction. These may seem like long commands for a relatively simple operation, but note that the tmux command mode (started with the aforementioned colon) has tab completion. So you dont have to type the whole command just enter “**resi**” and hit Tab to complete. Also note that the **tmux** command mode also has a history, so if you want to repeat the resize operation, hit Ctrl+B followed by colon and then use the up cursor key to retrieve the command that you entered previously.
Finally, lets look at detaching and reattaching the awesome feature of screen we demonstrated earlier. Inside tmux, hit Ctrl+B followed by D to detach the current tmux session from the terminal window, which leaves everything running in the background. To reattach to the session use **tmux a**. But what happens if you have multiple tmux sessions running? Use this command to list them:
tmux ls
This shows a number for each session; if you want to reattach to session 1, use tmux a -t 1. tmux is hugely configurable, with the ability to add custom keybindings and change colour schemes, so once youre comfortable with the main features, delve into the manual page to learn more.
tmux: a window manager for your shell
![tmux](http://www.linuxvoice.com/wp-content/uploads/2015/02/tmux-large13.jpg)
Heres tmux with two panes open: the left has Vim editing a configuration file, while the right shows a manual page
> ### Zsh: an alternative shell ###
>
> Choice is good, but standardisation is also important as well. So it makes sense that almost every mainstream Linux distribution uses the Bash shell by default although there are others. Bash provides pretty much everything you need from a shell, including command history, filename completion and lots of scripting ability. Its mature, reliable and well documented but its not the only shell in town.
>
> Many advanced users swear by Zsh, the Z Shell. This is a replacement for Bash that offers almost all of the same functionality, with some extra features on top. For instance, in Zsh you can enter **ls** - and hit Tab to get quick descriptions of the various options available for **ls**. No need to open the manual page!
>
> Zsh sports other great auto-completion features: type **cd /u/lo/bi** and hit Tab, for instance, and the full path of **/usr/local/bin** will appear (providing there arent other paths containing **u**, **lo** and **bi**). Or try **cd** on its own followed by Tab, and youll see nicely coloured directory listings much better than the plain ones used by Bash.
>
> Zsh is available in the package repositories of all major distros; install it and enter **zsh** to start it. To change your default shell from Bash to Zsh, use the **chsh** command. And for more information visit [www.zsh.org][2].
### The terminals of the Future ###
You might be wondering why the application that contains your command prompt is called a terminal. Back in the early days of Unix, people tended to work on multi-user machines, with a giant mainframe computer occupying a room somewhere in a building, and people connected to it using screen and keyboard combinations at the end of some wires. These terminal machines were often called “dumb”, because they didnt do any important processing themselves they just displayed whatever was sent down the wire from the mainframe, and sent keyboard presses back to it.
Today, almost all of us do the actual processing on our own machines, so our computers are not terminals in a traditional sense. This is why programs like **XTerm**, Gnome Terminal, Konsole etc. are called “terminal emulators” they provide the same facilities as the physical terminals of yesteryear. And indeed, in many respects they havent moved on much. Sure, we have anti-aliased fonts now, better colours and the ability to click on URLs, but by and large theyve been working in the same way for decades.
Some programmers are trying to change this though. **Terminology** ([http://tinyurl.com/osopjv9][3]), from the team behind the ultra-snazzy Enlightenment window manager, aims to bring terminals into the 21st century with features such as inline media display. You can enter **ls** in a directory full of images and see thumbnails, or even play videos from directly inside your terminal. This makes the terminal work a bit more like a file manager, and means that you can quickly check the contents of media files without having to open them in a separate application.
Then theres Xiki ([www.xiki.org][4]), which describes itself as “the command revolution”. Its like a cross between a traditional shell, a GUI and a wiki; you can type commands anywhere, store their output as notes for reference later, and create very powerful custom commands. Its hard to describe it in mere words, so the authors have made a video (see the Screencasts section of the **Xiki** site) which shows how much potential it has.
And Xiki is definitely not a flash in the pan project that will die of bitrot in a few months. The authors ran a successful Kickstarter campaign to fund its development, netting over $84,000 at the end of July. Yes, you read that correctly $84K for a terminal emulator. It might be the most unusual crowdfunding campaign since some crazy guys decided to start their own Linux magazine…
### Next-gen terminals ###
Many command line and text-based programs match their GUI equivalents for feature parity, and are often much faster and more efficient to use. Our recommendations: **Irssi** (IRC client); **Mutt** (mail client); **rTorrent** (BitTorrent); **Ranger** (file manager); **htop** (process monitor). ELinks does a decent job for web browsing, given the limitations of the terminal, and its useful for reading text-heavy websites such as Wikipedia.
> ### Fine-tune your colour scheme ###
>
> Were not obsessed with eye-candy at Linux Voice, but we do recognise the importance of aesthetics when youre staring at something for several hours every day. Many of us love to tweak our desktops and window managers to perfection, crafting pixel-perfect drop shadows and fiddling with colour schemes until were 100% happy. (And then fiddling some more out of habit.)
>
> But then we tend to ignore the terminal window. Well, that deserves some love too, and at [http://ciembor.github.io/4bit][5] youll find a highly awesome colour scheme designer that can export settings for all of the popular terminal emulators (**XTerm, Gnome Terminal, Konsole and Xfce4 Terminal are among the apps supported.**) Move the sliders until you attain colour scheme nirvana, then click on the Get Scheme button at the top-right of the page.
>
> Similarly, if you spend a lot of time in a text editor such as Vim or Emacs, its worth using a well-crafted palette there as well. **Solarized at** [http://ethanschoonover.com/solarized][6] is an excellent scheme thats not just pretty, but designed for maximum usability, with plenty of research and testing behind it.
--------------------------------------------------------------------------------
via: http://www.linuxvoice.com/linux-101-power-up-your-shell-8/
作者:[Ben Everard][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://www.linuxvoice.com/author/ben_everard/
[1]:http://tinyurl.com/3gvz4ec
[2]:http://www.zsh.org/
[3]:http://tinyurl.com/osopjv9
[4]:http://www.xiki.org/
[5]:http://ciembor.github.io/4bit
[6]:http://ethanschoonover.com/solarized

View File

@ -0,0 +1,264 @@
XBMC: build a remote control
================================================================================
**Take control of your home media player with a custom remote control running on your Android phone.**
**XBMC** is a great piece of software, and can turn almost can computer into a media centre. It can play music and videos, display pictures, and even fetch a weather forecast. To make it easy to use in a home theatre setup, you can control it via mobile phone apps that access a server running on the XBMC machine via Wi-Fi. There are loads of these available for almost all smartphone systems.
> ### Kodi ###
>
> By the time you read this, **XBMC** may be no more. The project team have decided to rename it **Kodi** for legal reasons (and because **XBMC**, or X**-Box Media Centre**, refers to older hardware that is no longer supported). Other than the name, though, nothing has changed. Or at least nothing other than the usual raft of improvements youd expect from a new release. This shouldnt affect the remote software though, and it should work on both existing **XBMC** systems, and newer Kodi systems.
Weve recently set up an **XBMC** system for playing music, and none of the XBMC remotes we found really excel at this task, especially when the TV attached to the media centre is turned off. They were all a bit too complex, as they packed too much functionality into small screens. We wanted a system designed from the ground up to just access a music library and a radio addon, so we decided to build one ourselves. It didnt need to be able to access the full capabilities of XBMC, because for tasks other than music, wed simply switch back to a general-purpose XBMC remote control. Our test system was a Raspberry Pi running the RaspBMC distribution, but nothing here is specific to either the Pi or that distro, and it should work on any Linux-based XBMC system provided the appropriate packages are available.
The first thing a remote control needs is a user interface. Many XBMC remote controls are written as standalone apps. However, this is just for our music, and we want to be accessible to guests without them having to install anything. The obvious solution is to make a web interface. XBMC does have a built-in web server, but to give us more control, we decided to use a separate web framework. Theres no problem running more than one web server on a computer at a time, but they cant run on the same port.
There are quite a few web frameworks available. Weve used Bottle because its a simple, fast framework, and we dont need any complex functions. Bottle is a Python module, so thats the language in which well write the server.
Youll probably find Bottle in your package manager. In Debian-based systems (including Raspbmc), you can grab it with:
sudo apt-get install python-bottle
A remote control is really just a layer that connects the user to a system. Bottle provides what we need to interact with the user, and well interact with **XBMC** using its JSON API. This enables us to control the media player by sending JSON-encoded information.
Were going to use a simple wrapper around the XBMC JSON API called xbmcjson. Its just enough to allow you send requests without having to worry about the actual JSON formatting or any of the banalities of communicating with a server. Its not included in the PIP package manager, so you need to install it straight from **GitHub**:
git clone https://github.com/jcsaaddupuy/python-xbmc.git
cd python-xbmc
sudo python setup.py install
This is everything you need, so lets get coding.
#### Get started with Bottle ####
The basic structure of our program is:
from xbmcjson import XBMC
from bottle import route, run, template, redirect, static_file, request
import os
xbmc = XBMC(“http://192.168.0.5/jsonrpc”, “xbmc”, “xbmc”)
@route(/hello/<name>)
def index(name):
return template(<h1>Hello {{name}}!</h1>, name=name)
run(host=”0.0.0.0”, port=8000)
This connects to **XBMC** (though doesnt actually use it); then Bottle starts serving up the website. In this case, it listens on host 0.0.0.0 (which is every hostname), and port 8000. It only has one site, which is /hello/XXXX where XXXX can be anything. Whatever XXXX is gets passed to index() as the parameter name. This then passes it to the template, which substitutes it into the HTML.
You can try this out by entering the above into a file (weve called it remote.py), and starting it with:
python remote.py
You can then point your browser to localhost:8000/hello/world to see the template in action.
@route() sets up a path in the web server, and the function index() returns the data for that path. Usually, this means returning HTML thats generated via a template, but it doesnt have to be (as well see later).
As we go on, well add more routes to the application to make it a fully-featured XBMC remote control, but it will still be structured in the same way.
The XBMC JSON API can be accessed by any computer on the same network as the XBMC machine. This means that you can develop it on your desktop, then deploy it to your media centre rather than fiddle round uploading every change to your home theatre PC.
Templates like the simple one in the previous example are a way of combining Python and HTML to control the output. In principal, they can do quite a bit of processing, but they can get messy. Well use them just to format the data correctly. Before we can do that, though, we have to have some data.
> ### Paste ###
>
> Bottle includes its own web server, which is what weve been using for testing the remote control. However, we found that it didnt always perform well. When we put the remote into action, we wanted something that could deliver pages a bit quicker. Bottle can work with quite a few different web servers, and we found Paste worked quite well. In order to use this, just install it (in the package python-paste on Debian), and change the run call to:
>
> run(host=hostname, port=hostport, server=”paste”)
>
> You can see details of how to use other servers at [http://bottlepy.org/docs/dev/deployment.html][1].
#### Getting data from XBMC ####
The XBMC JSON API is split up into 14 namespaces: JSONRPC, Player, Playlist, Files, AudioLibrary, VideoLibrary, Input, Application, System, Favourites, Profiles, Settings, Textures and XBMC. Each of these is available from an XBMC object in Python (apart from Favourites, in an apparent oversight). In each of these namespaces there are methods that you can use to control the application. For example, Playlist.GetItems() can be used to get the items on a particular playlist. The server returns data to us in JSON, but the xbmcjson module converts it to a Python dictionary for us.
There are two items in XBMC that we need to use to control playback: players and playlists. Players hold a playlist and move through it item by item as each song finishes. In order to see whats currently playing, we need to get the ID of the active player, and through that find out the ID of the current playlist. Weve done this with the following function:
def get_playlistid():
player = xbmc.Player.GetActivePlayers()
if len(player[result]) > 0:
playlist_data = xbmc.Player.GetProperties({“playerid”:0, “properties”:[“playlistid”]})
if len(playlist_data[result]) > 0 and “playlistid” in playlist_data[result].keys():
return playlist_data[result][playlistid]
return -1
If there isnt a currently active player (that is, if the length of the results section in the returned data is 0), or if the current player has no playlist, this will return -1. Otherwise, it will return the numeric ID of the current playlist.
Once weve got the ID of the current playlist, we can get the details of it. For our purposes, two things are important: the list of items in the playlist, and the position we are in the playlist (items arent removed from the playlist after theyve been played; the current position just marches on).
def get_playlist():
playlistid = get_playlistid()
if playlistid >= 0:
data = xbmc.Playlist.GetItems({“playlistid”:playlistid, “properties”: [“title”, “album”, “artist”, “file”]})
position_data = xbmc.Player.GetProperties({“playerid”:0, properties:[“position”]})
position = int(position_data[result][position])
return data[result][items][position:], position
return [], -1
This returns the current playlist starting with the item thats currently playing (since we dont care about stuff thats finished), and it also includes the position as this is needed for removing items from the playlist.
![Image](http://www.linuxvoice.com/wp-content/uploads/2015/04/xbmc2-large.jpg)
The API is documented at [http://wiki.xbmc.org/?title=JSON-RPC_API/v6][2]. It lists all the available functions, but it a little short on details of how to use them.
> ### JSON ###
>
> JSON stands for JavaScript Object Notation, and was originally designed as a way of serialising JavaScript Objects. It still is used for that, but its also a useful way of encoding all sorts of data.
>
> JSON objects always have the form:
>
> {property1:value1, property2:value2, property3:value3}
>
> For an arbitrary number of property/value pairs. To Python programmers, this all looks suspiciously similar to dictionaries, and the two are very similar.
>
> As with dictionaries, the value can itself be another JSON object, or a list, so the following is perfectly valid:
>
> {“name”:“Ben”, “jobs”:[“cook”, “bottle-washer”], “appearance”: {“height”:195, “skin”:“fair”}}
>
> JSON is often used in web services to send data back and fourth, and its well supported by most programming languages, so if Pythons not your thing, you should easily be able to use the same functions to control XBMC from software written in the language of your choice.
#### Bringing them together ####
The code to link the previous functions to a HTML page is simply:
@route(/juke)
def index():
current_playlist, position = get_playlist()
return template(list, playlist=current_playlist, offset = position)
This only has to grab the playlist (using the function we defined above), and pass it to a template that handles the display.
The main part of the template that handles the display of this data is:
<h2>Currently Playing:</h2>
% if playlist is not None:
% position = offset
% for song in playlist:
<strong> {{song[title]}} </strong>
% if song[type] == unknown:
Radio
% else:
{{song[artist][0]}}
% end
% if position != offset:
<a href=”/remove/{{position}}”>remove</a>
% else:
<a href=”/skip/{{position}}”>skip</a>
% end
<br>
% position += 1
% end
As you can see, templates are mostly written in HTML, but with a few extra bits to control output. Variables enclosed by double parenthesise are output in place (as we saw in the first hello world example). You can also include Python code on lines starting with a percentage sign. Since indents arent used, you need a % end to close any code block (such as a loop or if statement).
This template first checks that the playlist isnt empty, then loops through every item on the playlist. Each item is displayed as the song title in bold, then the name of the artist, then a link to either skip it (if its the currently playing song), or remove it from the playlist. All songs have a type of song, so if the type is unknown, then it isnt a song, but a radio station.
The /remove/ and /skip/ routes are simple wrappers around XBMC controls that reload /juke after the change has taken effect:
@route(/skip/<position>)
def index(position):
print xbmc.Player.GoTo({playerid:0, to:next})
redirect(“/juke”)
@route(/remove/<position>)
def index(position):
playlistid = get_playlistid()
if playlistid >= 0:
xbmc.Playlist.Remove({playlistid:int(playlistid), position:int(position)})
redirect(“/juke”)
Of course, its no good being able to manage your playlist if you cant add music to it.
This is complicated slightly by the fact that once a playlist finishes, it disappears, so you need to create a new one. Rather confusingly, playlists are created by calling the Playlist.Clear() method. This can also be used to kill a playlist that is currently playing a radio station (where the type is unknown). The other complication is that radio streams sit in the playlist and never leave, so if theres currently a radio station playing, we need to clear the playlist as well.
These pages include a link to play the songs, which points to /play/<songid>. This page is handled by:
@route(/play/<id>)
def index(id):
playlistid = get_playlistid()
playlist, not_needed= get_playlist()
if playlistid < 0 or playlist[0][type] == unknown:
xbmc.Playlist.Clear({“playlistid”:0})
xbmc.Playlist.Add({“playlistid”:0, “item”:{“songid”:int(id)}})
xbmc.Player.open({“item”:{“playlistid”:0}})
playlistid = 0
else:
xbmc.Playlist.Add({“playlistid”:playlistid, “item”:{“songid”:int(id)}})
remove_duplicates(playlistid)
redirect(“/juke”)
The final thing here is a call to remove_duplicates. This isnt essential and some people may not like it but it makes sure that no song appears in the playlist more than once.
We also have pages that list all the artists in the collection, and list the songs and albums by particular artists. These are quite straightforward, and work in the same basic way as /juke.
![Image](http://www.linuxvoice.com/wp-content/uploads/2015/04/xbmc1-large.jpg)
The UI still needs a bit of attention, but its working.
> ### Logging ###
>
> Its not always clear how to do something using the XBMC JSON API, and the documentation is sometimes a little opaque. One way of finding out how to do something is seeing how other remote controls do it. If you turn on logging, you can see what API calls are being performed as you use another remote control, then incorporate these into your code.
>
> To turn on logging, hook your XBMC media centre up to a display and go to Settings > System > Debugging, and turn on Enable Debug Logging. With logging turned on, you need to access the XBMC machine (eg via SSH), then you can view the log. Its location should be displayed in the top-left corner of the XBMC display. In RaspBMC, its at /home/pi/.xbmc/temp/xbmc.log. You can then keep an eye on what API calls are being performed in real time using:
>
> cd /home/pi/.xbmc/temp
> tail -f xbmc.log | grep “JSON”
#### Adding functionality ####
The above code all works with songs in the XBMC library, but we also wanted to be able to play radio stations. Addons each have their own plugin URL that can be used to pull information out of them using the usual XBMC JSON commands. For example, to get the selected stations from the radio plugin, we use:
@route(/radio/)
def index():
my_stations = xbmc.Files.GetDirectory({“directory”:”plugin://plugin.audio.radio_de/stations/my/”, “properties”:
[“title”,”thumbnail”,”playcount”,”artist”,”album”,”episode”,”season”,”showtitle”]})
if result in my_stations.keys():
return template(radio, stations=my_stations[result][files])
else:
return template(error, error=radio)
This includes a file that can be added to a playlist just as any song can be. However, these files never finish playing, so (as we saw before) you need to recreate the playlist before adding any songs to it.
#### Sharing songs ####
As well as serving up templates, Bottle can serve static files. These are useful whenever you need things that dont change based on the user input. That could be a CSS file, an image or an MP3. In our simple controller theres not (yet) any CSS or images to make things look pretty, but we have added a way to download the songs. This lets the media centre act as a sort of NAS box for songs. If youre transferring large amounts of data, its probably best to use something like Samba, but serving static files is a good way of grabbing a couple of tunes on your phone.
The Bottle code to download a song by its ID is :
@route(/download/<id>)
def index(id):
data = xbmc.AudioLibrary.GetSongDetails({“songid”:int(id), “properties”:[“file”]})
full_filename = data[result][songdetails][file]
path, filename = os.path.split(full_filename)
return static_file(filename, root=path, download=True)
To use this, we just put a link to the appropriate ID in the /songsby/ page.
Weve gone through all the mechanics of the code, but there are a few more bits that just tie it all together. You can see for yourself at the GitHub page:[https://github.com/ben-ev/xbmc-remote][3].
> ### Setting up ###
>
> Once youve developed your remote control, youll need a way of ensuring that it starts every time you turn on your media centre. There are a few ways of doing this, but the easiest is just to add a command launching it to /etc/rc.local. We installed our file to /opt/xbmc-remote/remote.py with all the other files alongside it. We then added the following line to /etc/rc.local before the final exit 0 line.
>
> cd /opt/xbmc-remote && python remote.py &
> ### GitHub ###
>
> This project is quite bare-bones at the moment, but the business of running a magazine means we dont have as much time as wed like to program. However, weve set up a GitHub project where we hope to keep working on it, and if you think youd benefit from the project as well, wed love your input.
>
> To see whats going on, head over to [https://github.com/ben-ev/xbmc-remote][4] and take a look at what state its in. You can get a copy of the latest code from that web page, or clone it from the command line.
>
> If you want to improve it, you can fork the project to develop in your own branch, and then send a pull request when your features are working. For more information on working with GitHub, head to [https://github.com/features][5].
--------------------------------------------------------------------------------
via: http://www.linuxvoice.com/xbmc-build-a-remote-control/
作者:[Ben Everard][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://www.linuxvoice.com/author/ben_everard/
[1]:http://bottlepy.org/docs/dev/deployment.html
[2]:http://wiki.xbmc.org/?title=JSON-RPC_API/v6
[3]:https://github.com/ben-ev/xbmc-remote
[4]:https://github.com/ben-ev/xbmc-remote
[5]:https://github.com/features

View File

@ -1,18 +1,18 @@
如何在Linux中安装漂亮的扁平化Arc GTK+主题 如何在Linux中安装漂亮的扁平化Arc GTK+主题
================================================================================ ================================================================================
> 易于看懂的每步都有的教程 > 易于理解的分步教程
**今天我们将向你介绍最新发布的GTK+主题它拥有透明和扁平元素并且与多个桌面环境和Linux发行版见荣发。[这个主题叫Arc][1]。** **今天我们将向你介绍最新发布的GTK+主题它拥有透明和扁平元素并且与多个桌面环境和Linux发行版兼容。[这个主题叫Arc][1]。**
开始讲细节之前,我建议你快速地看一下下面的图,这样你有会对这个主题就会有一个基本的概念了。同样你应该意识到它目前可以工作在GTK+ 2.x、GTK+ 3.x、GNOME-Shell、 Budgie、 Unity和Pantheon用户界面它们都使用了GNOME栈。 开始讲细节之前,我建议你快速浏览一下下面的图,这样你有会对这个主题就会有一个基本的概念了。同样你应该知道它目前可以工作在GTK+ 2.x、GTK+ 3.x、GNOME-Shell、 Budgie、 Unity和Pantheon用户界面它们都使用了GNOME栈。
同样、Arc主题的开发者提醒我们它已经成功地在Ubuntu 15.04Vivid Vervet、 Arch Linux、 elementary OS 0.3 Freya、 Fedora 21、 Fedora 22、 Debian GNU/Linux 8.0 (Jessie)、 Debian Testing、 Debian Unstable、 openSUSE 13.2、 openSUSE Tumbleweed和Gentoo测试过了。 同样、Arc主题的开发者告诉我们它已经成功地在Ubuntu 15.04Vivid Vervet、 Arch Linux、 elementary OS 0.3 Freya、 Fedora 21、 Fedora 22、 Debian GNU/Linux 8.0 (Jessie)、 Debian Testing、 Debian Unstable、 openSUSE 13.2、 openSUSE Tumbleweed和Gentoo测试过了。
### 要求和安装指导 ### ### 要求和安装指导 ###
要构建Arc主题你需要先安装一些包比如autoconf、 automake、 pkg-config (对Fedora的pkgconfig)、基于Debian/Ubuntu-based发行版的libgtk-3-dev或者基于RPM的gtk3-devel、 git、 gtk2-engines-pixbuf和gtk-engine-murrine (对Fedora的gtk-murrine-engine)。 要构建Arc主题你需要先安装一些包比如autoconf、 automake、 pkg-config (对于Fedora则是pkgconfig)、基于Debian/Ubuntu-based发行版的libgtk-3-dev或者基于RPM的gtk3-devel、 git、 gtk2-engines-pixbuf和gtk-engine-murrine (对于Fedora则是gtk-murrine-engine)。
Arc主题还没有二进制包因此你需要从git仓库中取下最新的源码并编译。这样打开终端并运行下面的命令一行行地并在每行的末尾按下回车键并等待上一步完成来继续一步。 Arc主题还没有二进制包因此你需要从git仓库中取下最新的源码并编译。这样打开终端并运行下面的命令一行行地并在每行的末尾按下回车键并等待上一步完成来继续一步。
git clone https://github.com/horst3180/arc-theme --depth 1 && cd arc-theme git clone https://github.com/horst3180/arc-theme --depth 1 && cd arc-theme
git fetch --tags git fetch --tags
@ -20,7 +20,7 @@ Arc主题还没有二进制包因此你需要从git仓库中取下最新的
./autogen.sh --prefix=/usr ./autogen.sh --prefix=/usr
sudo make install sudo make install
就是这样此时你已经在你的GNU/Linux发行版中安装了Arc主题如果你使用GNOME可以使用GONME Tweak工具或者如果你使用Unity可以使用Unity Tweak工具来激活主题。玩得开心也不要忘了在下面的评论栏里留下你的截图。 就是这样此时你已经在你的GNU/Linux发行版中安装了Arc主题如果你使用GNOME可以使用GONME Tweak工具如果你使用Ubuntu的Unity可以使用Unity Tweak工具来激活主题。玩得开心但不要忘了在下面的评论栏里留下你的截图。
![](http://i1-news.softpedia-static.com/images/news2/Here-s-How-to-Install-the-Beautiful-Arc-GTK-plus-Flat-Theme-on-Linux-483143-2.jpg) ![](http://i1-news.softpedia-static.com/images/news2/Here-s-How-to-Install-the-Beautiful-Arc-GTK-plus-Flat-Theme-on-Linux-483143-2.jpg)
@ -34,28 +34,9 @@ via: http://news.softpedia.com/news/Here-s-How-to-Install-the-Beautiful-Arc-GTK-
作者:[Marius Nestor][a] 作者:[Marius Nestor][a]
译者:[geekpi](https://github.com/geekpi) 译者:[geekpi](https://github.com/geekpi)
校对:[校对者ID](https://github.com/校对者ID) 校对:[caroline](https://github.com/carolinewuyan)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://news.softpedia.com/editors/browse/marius-nestor [a]:http://news.softpedia.com/editors/browse/marius-nestor
[1]:https://github.com/horst3180/Arc-theme [1]:https://github.com/horst3180/Arc-theme
[2]:
[3]:
[4]:
[5]:
[6]:
[7]:
[8]:
[9]:
[10]:
[11]:
[12]:
[13]:
[14]:
[15]:
[16]:
[17]:
[18]:
[19]:
[20]:

View File

@ -0,0 +1,77 @@
translated by strugglingyouth
在linux上使用交换文件扩展交换空间
================================================================================
想像一种情景当我们的Linux系统用尽交换空间时在这种情况下
我们想要使用swap分区扩展交换空间但在某些情况下磁盘上的空闲分区是不可用的
致使我们不能把它扩大。
因此在这种情况下我们可以使用交换文件增加swap空间。
### 以下是使用交换文件在Linux上扩展swap空间的方法 ###
让我们首先检查现有的交换空间/分区的大小,使用命令 **free -m** 或者 **swapon -s**
![](http://www.linuxtechi.com/wp-content/uploads/2015/06/free-output-with-swap.jpg)
free-output-with-swap
我的交换分区大小是2 GB我们将把交换空间扩展1GB。
#### 第一步使用下面的dd命令创建大小为1GB交换文件d ####
[root@linuxtechi ~]# dd if=/dev/zero of=/swap_file bs=1G count=1
1+0 records in
1+0 records out
1073741824 bytes (1.1 GB) copied, 414.898 s, 2.6 MB/s
[root@linuxtechi ~]#
根据你的需要替换 **bs****count** 的大小.
####第二步设置交换文件权限为644. ####
[root@linuxtechi ~]# chmod 600 /swap_file
#### 第三步用文件开启交换区swap_file####
用mkswap命令开启交换区
[root@linuxtechi ~]# mkswap /swap_file
Setting up swapspace version 1, size = 1048572 KiB
no label, UUID=f7b3ae59-c09a-4dc2-ba4d-c02abb7db33b
[root@linuxtechi ~]#
#### 第四步在fstab文件中添加交换文件条目 ####
在fstab文件中添加以下条目以便交换文件每次重启后互能继续使用.
/swap_file swap swap defaults 0 0
![swap-file-fstab-entry](http://www.linuxtechi.com/wp-content/uploads/2015/06/swap-file-fstab-entry.jpg)
#### 第五步:用命令 mkswap on 启用交换文件. ####
[root@linuxtechi ~]# swapon /swap_file
[root@linuxtechi ~]#
#### 第六步:现在查看交换空间 ####
![swap-space-after-extension](http://www.linuxtechi.com/wp-content/uploads/2015/06/swap-space-after-extension.jpg)
**Note**: 为了避免出现意外的情况如下所示使用swapoff命令关闭它
仅在需要使用时使用步骤5所示的swapon命令重新启用交换文件。.
[root@linuxtechi ~]# swapoff /swap_file
[root@linuxtechi ~]#
请分享您的宝贵意见或者评论此文章.
--------------------------------------------------------------------------------
via: http://www.linuxtechi.com/extend-swap-space-using-swap-file-in-linux/
作者:[Pradeep Kumar][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://www.linuxtechi.com/author/pradeep/