20150906-3 选题

This commit is contained in:
DeadFire 2015-09-06 15:05:37 +08:00
parent 0985333bb0
commit c3481798ef
3 changed files with 352 additions and 0 deletions

View File

@ -0,0 +1,53 @@
Do Simple Math In Ubuntu And elementary OS With NaSC
================================================================================
![](http://itsfoss.itsfoss.netdna-cdn.com/wp-content/uploads/2015/09/Make-Math-Simpler-with-NaSC.jpg)
[NaSC][1], abbreviation Not a Soulver Clone, is a third party app developed for elementary OS. Whatever the name suggests, NaSC is heavily inspired by [Soulver][2], an OS X app for doing maths like a normal person.
elementary OS itself draws from OS X and it is not a surprise that a number of the third party apps it has got, are also inspired by OS X apps.
Coming back to NaSC, what exactly it means by “maths like a normal person “? Well, it means to write like how you think in your mind. As per the description of the app:
> “Its an app where you do maths like a normal person. It lets you type whatever you want and smartly figures out what is math and spits out an answer on the right pane. Then you can plug those answers in to future equations and if that answer changes, so does the equations its used in.”
Still not convinced? Here, take a look at this screenshot.
![](http://itsfoss.itsfoss.netdna-cdn.com/wp-content/uploads/2015/09/NaSC.png)
Now, you see what is math for normal person? Honestly, I am not a fan of such apps but it might be useful for some of you perhaps. Lets see how can you install NaSC in elementary OS, Ubuntu and Linux Mint.
### Install NaSC in Ubuntu, elementary OS and Mint ###
There is a PPA available for installing NaSC. The PPA says daily which could mean daily build (i.e. unstable) but in my quick test, it worked just fine.
Open a terminal and use the following commands:
sudo apt-add-repository ppa:nasc-team/daily
sudo apt-get update
sudo apt-get install nasc
Here is a screenshot of NaSC in Ubuntu 15.04:
![](http://itsfoss.itsfoss.netdna-cdn.com/wp-content/uploads/2015/09/NaSC-Ubuntu.png)
If you want to remove it, you can use the following commands:
sudo apt-get remove nasc
sudo apt-add-repository --remove ppa:nasc-team/daily
If you try it, do share your experience with it. In addition to this, you can also try [Vocal podcast app for Linux][3] from third party elementary OS apps.
--------------------------------------------------------------------------------
via: http://itsfoss.com/math-ubuntu-nasc/
作者:[Abhishek][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://itsfoss.com/author/abhishek/
[1]:http://parnold-x.github.io/nasc/
[2]:http://www.acqualia.com/soulver/
[3]:http://itsfoss.com/podcast-app-vocal-linux/

View File

@ -0,0 +1,102 @@
How To Set Up Your FTP Server In Linux
================================================================================
![](http://itsfoss.itsfoss.netdna-cdn.com/wp-content/uploads/2015/09/Setup-FTP-Server-in-Linux.jpg)
In this lesson, I will explain to you how to Set up your FTP server. But first, let me quickly tell you what is FTP.
### What is FTP? ###
[FTP][1] is an acronym for File Transfer Protocol. As the name suggests, FTP is used to transfer files between computers on a network. You can use FTP to exchange files between computer accounts, transfer files between an account and a desktop computer, or access online software archives. Keep in mind, however, that many FTP sites are heavily used and require several attempts before connecting.
An FTP address looks a lot like an HTTP or website address except it uses the prefix ftp:// instead of http://.
### What is an FTP Server? ###
Typically, a computer with an FTP address is dedicated to receive an FTP connection. A computer dedicated to receiving an FTP connection is referred to as an FTP server or FTP site.
Now, lets begin a special adventure. We will make FTP server to share files with friends and family. I will use [vsftpd][2] for this purpose.
VSFTPD is an FTP server software which claims to be the most secure FTP software. In fact, the first two letters in VSFTPD, stand for “very secure”. The software was built around the vulnerabilities of the FTP protocol.
Nevertheless, you should always remember that there are better solutions for secure transfer and management of files such as SFTP (uses [OpenSSH][3]). The FTP protocol is particularly useful for sharing non-sensitive data and is very reliable at that.
#### Installing VSFTPD in rpm distributions: ####
You can quickly install VSFTPD on your server through the command line interface with:
dnf -y install vsftpd
#### Installing VSFTPD in deb distributions: ####
You can quickly install VSFTPD on your server through the command line interface with:
sudo apt-get install vsftpd
#### Installing VSFTPD in Arch distribution: ####
You can quickly install VSFTPD on your server through the command line interface with:
sudo pacman -S vsftpd
#### Configuring FTP server ####
Most VSFTPDs configuration takes place in /etc/vsftpd.conf. The file itself is well-documented, so this section only highlights some important changes you may want to make. For all available options and basic documentation see the man pages:
man vsftpd.conf
Files are served by default from /srv/ftp as per the Filesystem Hierarchy Standard.
**Enable Uploading:**
The “write_enable” flag must be set to YES in order to allow changes to the filesystem, such as uploading:
write_enable=YES
**Allow Local Users to Login:**
In order to allow users in /etc/passwd to login, the “local_enable” directive must look like this:
local_enable=YES
**Anonymous Login**
The following lines control whether anonymous users can login:
# Allow anonymous login
anonymous_enable=YES
# No password is required for an anonymous login (Optional)
no_anon_password=YES
# Maximum transfer rate for an anonymous client in Bytes/second (Optional)
anon_max_rate=30000
# Directory to be used for an anonymous login (Optional)
anon_root=/example/directory/
**Chroot Jail**
It is possible to set up a chroot environment, which prevents the user from leaving his home directory. To enable this, add/change the following lines in the configuration file:
chroot_list_enable=YES chroot_list_file=/etc/vsftpd.chroot_list
The “chroot_list_file” variable specifies the file in which the jailed users are contained to.
In the end you must restart your ftp server. Type in your command line
sudo systemctl restart vsftpd
Thats it. Your FTP server is up and running.
--------------------------------------------------------------------------------
via: http://itsfoss.com/set-ftp-server-linux/
作者:[alimiracle][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://itsfoss.com/author/ali/
[1]:https://en.wikipedia.org/wiki/File_Transfer_Protocol
[2]:https://security.appspot.com/vsftpd.html
[3]:http://www.openssh.com/

View File

@ -0,0 +1,197 @@
How to install Suricata intrusion detection system on Linux
================================================================================
With incessant security threats, intrusion detection system (IDS) has become one of the most critical requirements in today's data center environments. However, as more and more servers upgrade their NICs to 10GB/40GB Ethernet, it is increasingly difficult to implement compute-intensive intrusion detection on commodity hardware at line rates. One approach to scaling IDS performance is **multi-threaded IDS**, where CPU-intensive deep packet inspection workload is parallelized into multiple concurrent tasks. Such parallelized inspection can exploit multi-core hardware to scale up IDS throughput easily. Two well-known open-source efforts in this area are [Suricata][1] and [Bro][2].
In this tutorial, I am going to demonstrate **how to install and configure Suricata IDS on Linux server**.
### Install Suricata IDS on Linux ###
Let's build Suricata from the source. You first need to install several required dependencies as follows.
#### Install Dependencies on Debian, Ubuntu or Linux Mint ####
$ sudo apt-get install wget build-essential libpcre3-dev libpcre3-dbg automake autoconf libtool libpcap-dev libnet1-dev libyaml-dev zlib1g-dev libcap-ng-dev libjansson-dev
#### Install Dependencies on CentOS, Fedora or RHEL ####
$ sudo yum install wget libpcap-devel libnet-devel pcre-devel gcc-c++ automake autoconf libtool make libyaml-devel zlib-devel file-devel jansson-devel nss-devel
Once you install all required packages, go ahead and install Suricata as follows.
First, download the latest Suricata source code from [http://suricata-ids.org/download/][3], and build it. As of this writing, the latest version is 2.0.8.
$ wget http://www.openinfosecfoundation.org/download/suricata-2.0.8.tar.gz
$ tar -xvf suricata-2.0.8.tar.gz
$ cd suricata-2.0.8
$ ./configure --sysconfdir=/etc --localstatedir=/var
Here is the example output of configuration.
Suricata Configuration:
AF_PACKET support: yes
PF_RING support: no
NFQueue support: no
NFLOG support: no
IPFW support: no
DAG enabled: no
Napatech enabled: no
Unix socket enabled: yes
Detection enabled: yes
libnss support: yes
libnspr support: yes
libjansson support: yes
Prelude support: no
PCRE jit: yes
LUA support: no
libluajit: no
libgeoip: no
Non-bundled htp: no
Old barnyard2 support: no
CUDA enabled: no
Now compile and install it.
$ make
$ sudo make install
Suricata source code comes with default configuration files. Let's install these default configuration files as follows.
$ sudo make install-conf
As you know, Suricata is useless without IDS rule sets. Conveniently, the Makefile comes with IDS rule installation option. To install IDS rules, run the following command.
$ sudo make install-rules
The above rule installation command will download the current snapshot of community rulesets available from [EmergingThreats.net][4], and store them under /etc/suricata/rules.
![](https://farm1.staticflickr.com/691/20482669553_8b67632277_c.jpg)
### Configure Suricata IDS the First Time ###
Now it's time to configure Suricata. The configuration file is located at **/etc/suricata/suricata.yaml**. Open the file with a text editor for editing.
$ sudo vi /etc/suricata/suricata.yaml
Here are some basic setup for you to get started.
The "default-log-dir" keyword should point to the location of Suricata log files.
default-log-dir: /var/log/suricata/
Under "vars" section, you will find several important variables used by Suricata. "HOME_NET" should point to the local network to be inspected by Suricata. "!$HOME_NET" (assigned to EXTERNAL_NET) refers to any other networks than the local network. "XXX_PORTS" indicates the port number(s) use by different services. Note that Suricata can automatically detect HTTP traffic regardless of the port it uses. So it is not critical to specify the HTTP_PORTS variable correctly.
vars:
HOME_NET: "[192.168.122.0/24]"
EXTERNAL_NET: "!$HOME_NET"
HTTP_PORTS: "80"
SHELLCODE_PORTS: "!80"
SSH_PORTS: 22
The "host-os-policy" section is used to defend against some well-known attacks which exploit the behavior of an operating system's network stack (e.g., TCP reassembly) to evade detection. As a counter measure, modern IDS came up with so-called "target-based" inspection, where inspection engine fine-tunes its detection algorithm based on a target operating system of the traffic. Thus, if you know what OS individual local hosts are running, you can feed that information to Suricata to potentially enhance its detection rate. This is when "host-os-policy" section is used. In this example, the default IDS policy is Linux; if no OS information is known for a particular IP address, Suricata will apply Linux-based inspection. When traffic for 192.168.122.0/28 and 192.168.122.155 is captured, Suricata will apply Windows-based inspection policy.
host-os-policy:
# These are Windows machines.
windows: [192.168.122.0/28, 192.168.122.155]
bsd: []
bsd-right: []
old-linux: []
# Make the default policy Linux.
linux: [0.0.0.0/0]
old-solaris: []
solaris: ["::1"]
hpux10: []
hpux11: []
irix: []
macos: []
vista: []
windows2k3: []
Under "threading" section, you can specify CPU affinity for different Suricata threads. By default, [CPU affinity][5] is disabled ("set-cpu-affinity: no"), meaning that Suricata threads will be scheduled on any available CPU cores. By default, Suricata will create one "detect" thread for each CPU core. You can adjust this behavior by specifying "detect-thread-ratio: N". This will create N*M detect threads, where M is the total number of CPU cores on the host.
threading:
set-cpu-affinity: no
detect-thread-ratio: 1.5
With the above threading settings, Suricata will create 1.5*M detection threads, where M is the total number of CPU cores on the system.
For more information about Suricata configuration, you can read the default configuration file itself, which is heavily commented for clarity.
### Perform Intrusion Detection with Suricata ###
Now it's time to test-run Suricata. Before launching it, there's one more step to do.
When you are using pcap capture mode, it is highly recommended to turn off any packet offloead features (e.g., LRO/GRO) on the NIC which Suricata is listening on, as those features may interfere with live packet capture.
Here is how to turn off LRO/GRO on the network interface eth0:
$ sudo ethtool -K eth0 gro off lro off
Note that depending on your NIC, you may see the following warning, which you can ignore. It simply means that your NIC does not support LRO.
Cannot change large-receive-offload
Suricata supports a number of running modes. A runmode determines how different threads are used for IDS. The following command lists all [available runmodes][6].
$ sudo /usr/local/bin/suricata --list-runmodes
![](https://farm6.staticflickr.com/5730/20481140934_25080d04d7_c.jpg)
The default runmode used by Suricata is autofp (which stands for "auto flow pinned load balancing"). In this mode, packets from each distinct flow are assigned to a single detect thread. Flows are assigned to threads with the lowest number of unprocessed packets.
Finally, let's start Suricata, and see it in action.
$ sudo /usr/local/bin/suricata -c /etc/suricata/suricata.yaml -i eth0 --init-errors-fatal
![](https://farm1.staticflickr.com/701/21077552366_c577746e36_c.jpg)
In this example, we are monitoring a network interface eth0 on a 8-core system. As shown above, Suricata creates 13 packet processing threads and 3 management threads. The packet processing threads consist of one PCAP packet capture thread, and 12 detect threads (equal to 8*1.5). This means that the packets captured by one capture thread are load-balanced to 12 detect threads for IDS. The management threads are one flow manager and two counter/stats related threads.
Here is a thread-view of Suricata process (plotted by [htop][7]).
![](https://farm6.staticflickr.com/5775/20482669593_174f8f41cb_c.jpg)
Suricata detection logs are stored in /var/log/suricata directory.
$ tail -f /var/log/suricata/fast.log
----------
04/01/2015-15:47:12.559075 [**] [1:2200074:1] SURICATA TCPv4 invalid checksum [**] [Classification: (null)] [Priority: 3] {TCP} 172.16.253.158:22 -> 172.16.253.1:46997
04/01/2015-15:49:06.565901 [**] [1:2200074:1] SURICATA TCPv4 invalid checksum [**] [Classification: (null)] [Priority: 3] {TCP} 172.16.253.158:22 -> 172.16.253.1:46317
04/01/2015-15:49:06.566759 [**] [1:2200074:1] SURICATA TCPv4 invalid checksum [**] [Classification: (null)] [Priority: 3] {TCP} 172.16.253.158:22 -> 172.16.253.1:46317
For ease of import, the log is also available in JSON format:
$ tail -f /var/log/suricata/eve.json
----------
{"timestamp":"2015-04-01T15:49:06.565901","event_type":"alert","src_ip":"172.16.253.158","src_port":22,"dest_ip":"172.16.253.1","dest_port":46317,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2200074,"rev":1,"signature":"SURICATA TCPv4 invalid checksum","category":"","severity":3}}
{"timestamp":"2015-04-01T15:49:06.566759","event_type":"alert","src_ip":"172.16.253.158","src_port":22,"dest_ip":"172.16.253.1","dest_port":46317,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2200074,"rev":1,"signature":"SURICATA TCPv4 invalid checksum","category":"","severity":3}}
### Conclusion ###
In this tutorial, I demonstrated how you can set up Suricata IDS on a multi-core Linux server. Unlike single-threaded [Snort IDS][8], Suricata can easily benefit from multi-core/many-core hardware with multi-threading. There is great deal of customization in Suricata to maximize its performance and detection coverage. Suricata folks maintain [online Wiki][9] quite well, so I strongly recommend you check it out if you want to deploy Suricata in your environment.
Are you currently using Suricata? If so, feel free to share your experience.
--------------------------------------------------------------------------------
via: http://xmodulo.com/install-suricata-intrusion-detection-system-linux.html
作者:[Dan Nanni][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:http://xmodulo.com/author/nanni
[1]:http://suricata-ids.org/
[2]:https://www.bro.org/
[3]:http://suricata-ids.org/download/
[4]:http://rules.emergingthreats.net/
[5]:http://xmodulo.com/run-program-process-specific-cpu-cores-linux.html
[6]:https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Runmodes
[7]:http://ask.xmodulo.com/view-threads-process-linux.html
[8]:http://xmodulo.com/how-to-compile-and-install-snort-from-source-code-on-ubuntu.html
[9]:https://redmine.openinfosecfoundation.org/projects/suricata/wiki