document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2024-12-29 21:41:00 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'LCTT/master'

Browse Source
This commit is contained in:
Xingyu Wang 2019-07-03 16:29:58 +08:00
commit ccf25e835b
5 changed files with 871 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
translated/tech/20190619 Leading in the Python community.md → published/20190619 Leading in the Python community.md
View File

@ -1,43 +1,44 @@
[#]: collector: (lujun9972)
[#]: translator: (chen-ni)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: reviewer: (wxy)
[#]: publisher: (wxy)
[#]: url: (https://linux.cn/article-11049-1.html)
[#]: subject: (Leading in the Python community)
[#]: via: (https://opensource.com/article/19/6/naomi-ceder-python-software-foundation)
[#]: author: (Don Watkins https://opensource.com/users/don-watkins)
Python 社区的领袖
领导 Python 社区
======
对话现任 Python 软件基金会董事会主席 Naomi Ceder
![Hands together around the word trust][1]
> 对话现任 Python 软件基金会董事会主席 Naomi Ceder。
![](https://img.linux.net.cn/data/attachment/album/201907/03/155715vrhkvapiiia9i3zp.jpg)
和开源软件世界的很多其他领袖一样,[Python 软件基金会][3]PSF的董事会主席 [Naomi Ceder][2] 通过一种不同寻常的方式走进了 Python 世界。正如她在 2017 年 PyCon España 大会上的 [keynote][4] 的标题所说,她是因为这个编程语言而来,因为这个社区而留下的。在我们和她的一次近期的交流中,她分享了自己成为 Python 社区领袖的历程,并且就“是什么让 Python 如此特别”这个问题提供了一些独到的见解。
### 从授课到编程
Naomi 的职业生涯是从古典文学开始的。她取得了拉丁文和古希腊文的博士学位并且辅修了印欧语言学。在一家私立学校教授拉丁语的同时她开始接触了计算机学习如何编程、如何拆机进行升级或者维修。1995 年,她开始在 [Yggdrasil Linux][5] 系统上开发开源软件,并且帮助建立了印第安纳州韦恩堡的 [Linux 用户小组][6]
Naomi 的职业生涯是从古典文学开始的。她取得了拉丁文和古希腊文的博士学位并且辅修了印欧语言学。在一家私立学校教授拉丁语的同时她开始接触了计算机学习如何编程、如何拆机进行升级或者维修。1995 年,她开始在 [Yggdrasil Linux][5] 系统上开发开源软件,并且帮助建立了印第安纳州韦恩堡的 [Linux 用户小组][6]
作为一名教师Naomi 相信在中学教授编程课程是非常重要的,因为等到大多数人上大学的时候,他们已经认为编程和科技相关的职业已经不是自己可以从事的了。她表示,更早地教授相关课程有助于增加科技人才的供给,提高人才的多元化和经验的广度,从而更好地满足行业需求。
大约在 2001 年前后,她决定从学习人类语言转向研究计算机语言,并同时教授计算机课程和管理学校的 IT 系统。在 2001 年的 Linux World 大会上听了一整天 PSF 主席 Guido Van Rossum 关于 Python 的演讲之后,她对 Python 的热情被点燃了。在那个时候Python 还只是一门晦涩难懂的语言,但是她是如此喜欢 Python以至于在她的学校开始使用 Python 记录学生信息、进行系统管理。
大约在 2001 年前后,她决定从学习人类语言转向研究计算机语言,并同时教授计算机课程和管理学校的 IT 系统。在 2001 年的 Linux World 大会上听了一整天时任 PSF 主席 Guido Van Rossum LCTT 译注:也是 Python 创始人)关于 Python 的演讲之后,她对 Python 的热情被点燃了。在那个时候Python 还只是一门晦涩难懂的语言,但是她是如此喜欢 Python以至于在她的学校开始使用 Python 记录学生信息、进行系统管理。
### 领导 Python 社区
Naomi 表示,“社区是 Python 成功背后的关键因素。开源软件的核心思想是分享,很少有人真的喜欢一个人坐在那儿盯着屏幕写代码。真正的满足来源于和别人交流想法,并且共同创造一些东西。”
她在第一届 [PyCon][7] 大会上发表了演讲,并且从此之后一直是一名参与者和领导者。她组织了一些 birds-of-a-feather 讨论会LCTT 译注一种在大会参与者之间进行的基于兴趣的小规模讨论活动、PyCon 和 PyCon UK 大会的海报展示会、教育峰会,以及 PyCon 大会的西班牙语频道。
她在第一届 [PyCon][7] 大会上发表了演讲,并且从此之后一直是一名参与者和领导者。她组织了一些 <ruby>趣味相投<rt>birds-of-a-feather<rt></ruby> 讨论会LCTT 译注:birds-of-a-feather一种在大会参与者之间进行的基于兴趣的非正式小规模讨论活动、PyCon 和 PyCon UK 大会的海报展示会、教育峰会,以及 PyCon 大会的西班牙语频道。
她同时是 *[The Quick Python Book][9]* 一书的作者,并且联合创立了 [Trans\*Code][10]“英国唯一一个专注于变性者的问题和机遇的黑客节”LCTT 译注黑客节是一种让软件开发、设计、项目管理等相关人员相聚在一起针对软件项目进行高强度合作的活动。Naomi 表示,“随着科技能够提供越来越多的机遇,确保传统意义上的边缘化群体能够同等地享受到这些机遇成为了一件更为重要的事情。”
她同时是 《[The Quick Python Book][9]》一书的作者,并且联合创立了 [Trans*Code][10]“英国唯一一个专注于变性者的问题和机遇的黑客节”LCTT 译注:<ruby>黑客节<rt>hack event</rt></ruby>是一种让软件开发、设计、项目管理等相关人员相聚在一起针对软件项目进行高强度合作的活动。Naomi 表示,“随着科技能够提供越来越多的机遇,确保传统意义上的边缘化群体能够同等地享受到这些机遇成为了一件更为重要的事情。”
### 通过 PSF 进行贡献
作为 PSF 的董事会主席Naomi 积极地参与着该组织对 Python 语言和其使用者的支持工作。除了赞助 PyCon 大会的举办之外PSF 基金会还为世界各地的小型聚会、大型会议和研习会提供资助。2018 年,该组织发放的资助接近 335000 美元,其中大多数款项的金额都在 500 美元到 5000 美元之间。
PSF 的短期目标是成为一个由专业员维护的可持续的、稳定的、成熟的非盈利机构。它的长期目标包括发展可以提供对 Python 开发工作有效支持的各种资源,以及扩展该组织对全世界范围内 Python 教育工作的支持。
PSF 的短期目标是成为一个由专业员维护的可持续的、稳定的、成熟的非盈利机构。它的长期目标包括发展可以提供对 Python 开发工作有效支持的各种资源,以及扩展该组织对全世界范围内 Python 教育工作的支持。
这些工作都需要来自社区的经济上的支持。Naomi 表示PSF “最大的资金来源是 PyCon 大会。为了确保 PSF 的可持续性,我们同事也关注使用 Python 的企业的赞助,这是我们增长最快的部分。”会员价格是每年 99 美元,并且 [捐款和募捐人][12] 同样也在帮助维持该组织的工作。
这些工作都需要来自社区的经济上的支持。Naomi 表示PSF “最大的资金来源是 PyCon 大会。为了确保 PSF 的可持续性,我们同时也关注使用 Python 的企业的赞助,这是我们增长最快的部分。”会员费是每年 99 美元,并且 [捐款和募捐人][12] 同样也在帮助维持该组织的工作。
你可以在 PSF 的 [年度报告][13] 中了解该组织的更多工作情况。
@ -48,7 +49,7 @@ via: https://opensource.com/article/19/6/naomi-ceder-python-software-foundation
作者:[Don Watkins][a]
选题:[lujun9972][b]
译者:[chen-ni](https://github.com/chen-ni)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出

246
sources/tech/20190702 Jupyter and data science in Fedora.md Normal file
View File

@ -0,0 +1,246 @@
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Jupyter and data science in Fedora)
[#]: via: (https://fedoramagazine.org/jupyter-and-data-science-in-fedora/)
[#]: author: (Avi Alkalay https://fedoramagazine.org/author/aviram/)
Jupyter and data science in Fedora
======
![][1]
In the past, kings and leaders used oracles and magicians to help them predict the future — or at least get some good advice due to their supposed power to perceive hidden information. Nowadays, we live in a society obsessed with quantifying everything. So we have data scientists to do this job.
Data scientists use statistical models, numerical techniques and advanced algorithms that didnt come from statistical disciplines, along with the data that exist on databases, to find, to infer, to predict data that doesnt exist yet. Sometimes this data is about the future. That is why we do a lot of predictive analytics and prescriptive analytics.
Here are some questions to which data scientists help find answers:
1. Who are the students with high propensity to abandon the class? For each one, what are the reasons for leaving?
2. Which house has a price above or below the fair price? What is the fair price for a certain house?
3. What are the hidden groups that my clients classify themselves?
4. Which future problems this premature child will develop?
5. How many calls will I get in my call center tomorrow 11:43 AM?
6. My bank should or should not lend money to this customer?
Note how the answer to all these question is not sitting in any database waiting to be queried. These are all data that still doesnt exist and has to be calculated. That is part of the job we data scientists do.
Throughout this article youll learn how to prepare a Fedora system as a Data Scientists development environment and also a production system. Most of the basic software is RPM-packaged, but the most advanced parts can only be installed, nowadays, with Pythons _pip_ tool.
### Jupyter — the IDE
Most modern data scientists use Python. And an important part of their work is EDA (exploratory data analysis). EDA is a manual and interactive process that retrieves data, explores its features, searches for correlations, and uses plotted graphics to visualize and understand how data is shaped and prototypes predictive models.
Jupyter is a web application perfect for this task. Jupyter works with Notebooks, documents that mix rich text including beautifully rendered math formulas (thanks to [mathjax][2]), blocks of code and code output, including graphics.
Notebook files have extension _.ipynb_, which means Interactive Python Notebook.
#### Setting up and running Jupyter
First, install essential packages for Jupyter ([using][3] _[sudo][3]_):
```
$ sudo dnf install python3-notebook mathjax sscg
```
You might want to install additional and optional Python modules commonly used by data scientists:
```
$ sudo dnf install python3-seaborn python3-lxml python3-basemap python3-scikit-image python3-scikit-learn python3-sympy python3-dask+dataframe python3-nltk
```
Set a password to log into Notebook web interface and avoid those long tokens. Run the following command anywhere on your terminal:
```
$ mkdir -p $HOME/.jupyter
$ jupyter notebook password
```
Now, type a password for yourself. This will create the file _$HOME/.jupyter/jupyter_notebook_config.json_ with your encrypted password.
Next, prepare for SSLby generating a self-signed HTTPS certificate for Jupyters web server:
```
$ cd $HOME/.jupyter; sscg
```
Finish configuring Jupyter by editing your _$HOME/.jupyter/jupyter_notebook_config.json_ file. Make it look like this:
```
{
"NotebookApp": {
"password": "sha1:abf58...87b",
"ip": "*",
"allow_origin": "*",
"allow_remote_access": true,
"open_browser": false,
"websocket_compression_options": {},
"certfile": "/home/aviram/.jupyter/service.pem",
"keyfile": "/home/aviram/.jupyter/service-key.pem",
"notebook_dir": "/home/aviram/Notebooks"
}
}
```
The parts in red must be changed to match your folders. Parts in blue were already there after you created your password. Parts in green are the crypto-related files generated by _sscg_.
Create a folder for your notebook files, as configured in the _notebook_dir_ setting above:
```
$ mkdir $HOME/Notebooks
```
Now you are all set. Just run Jupyter Notebook from anywhere on your system by typing:
```
$ jupyter notebook
```
Or add this line to your _$HOME/.bashrc_ file to create a shortcut command called _jn_:
```
alias jn='jupyter notebook'
```
After running the command _jn_, access _<https://your-fedora-host.com:8888>_ from any browser on the network to see the Jupyter user interface. Youll need to use the password you set up earlier. Start typing some Python code and markup text. This is how it looks:
![Jupyter with a simple notebook][4]
In addition to the IPython environment, youll also get a web-based Unix terminal provided by _terminado_. Some people might find this useful, while others find this insecure. You can disable this feature in the config file.
### JupyterLab — the next generation of Jupyter
JupyterLab is the next generation of Jupyter, with a better interface and more control over your workspace. Its currently not RPM-packaged for Fedora at the time of writing, but you can use _pip_ to get it installed easily:
```
$ pip3 install jupyterlab --user
$ jupyter serverextension enable --py jupyterlab
```
Then run your regular _jupiter notebook_ command or _jn_ alias. JupyterLab will be accessible from _<http://your-linux-host.com:8888/**lab>_**.
### Tools used by data scientists
In this section you can get to know some of these tools, and how to install them. Unless noted otherwise, the module is already packaged for Fedora and was installed as prerequisites for previous components.
#### **Numpy**
_Numpy_ is an advanced and C-optimized math library designed to work with large in-memory datasets. It provides advanced multidimensional matrix support and operations, including math functions as log(), exp(), trigonometry etc.
#### Pandas
In this authors opinion, Python is THE platform for data science mostly because of Pandas. Built on top of numpy, Pandas makes easy the work of preparing and displaying data. You can think of it as a no-UI spreadsheet, but ready to work with much larger datasets. Pandas helps with data retrieval from a SQL database, CSV or other types of files, columns and rows manipulation, data filtering and, to some extent, data visualization with matplotlib.
#### Matplotlib
Matplotlib is a library to plot 2D and 3D data. It has great support for notations in graphics, labels and overlays
![matplotlib pair of graphics showing a cost function searching its optimal value through a gradient descent algorithm][5]
#### Seaborn
Built on top of matplotlib, Seaborns graphics are optimized for a more statistical comprehension of data. It automatically displays regression lines or Gauss curve approximations of plotted data.
![Linear regression visualised with SeaBorn][6]
#### [StatsModels][7]
StatsModels provides algorithms for statistical and econometrics data analysis such as linear and logistic regressions. Statsmodel is also home for the classical family of [time series algorithms][8] known as ARIMA.
![Normalized number of passengers across time \(blue\) and ARIMA-predicted number of passengers \(red\)][9]
#### Scikit-learn
The central piece of the machine-learning ecosystem, [scikit][10] provides predictor algorithms for [regression][11] (Elasticnet, Gradient Boosting, Random Forest etc) and [classification][11] and clustering (K-means, DBSCAN etc). It features a very well designed API. Scikit also has classes for advanced data manipulation, dataset split into train and test parts, dimensionality reduction and data pipeline preparation.
#### XGBoost
XGBoost is the most advanced regressor and classifier used nowadays. Its not part of scikit-learn, but it adheres to scikits API. [XGBoost][12] is not packaged for Fedora and should be installed with pip. [XGBoost can be accelerated with your nVidia GPU][13], but not through its _pip_ package. You can get this if you compile it yourself against CUDA. Get it with:
```
$ pip3 install xgboost --user
```
#### Imbalanced Learn
[imbalanced-learn][14] provides ways for under-sampling and over-sampling data. It is useful in fraud detection scenarios where known fraud data is very small when compared to non-fraud data. In these cases data augmentation is needed for the known fraud data, to make it more relevant to train predictors. Install it with _pip_:
```
$ pip3 install imblearn --user
```
#### NLTK
The [Natural Language toolkit][15], or NLTK, helps you work with human language data for the purpose of building chatbots (just to cite an example).
#### SHAP
Machine learning algorithms are very good on predicting, but arent good at explaining why they made a prediction. [SHAP][16] solves that, by analyzing trained models.
![Where SHAP fits into the data analysis process][17]
Install it with _pip_:
```
$ pip3 install shap --user
```
#### [Keras][18]
Keras is a library for deep learning and neural networks. Install it with _pip_:
```
$ sudo dnf install python3-h5py
$ pip3 install keras --user
```
#### [TensorFlow][19]
TensorFlow is a popular neural networks builder. Install it with _pip_:
```
$ pip3 install tensorflow --user
```
* * *
_Photo courtesy of [FolsomNatural][20] on [Flickr][21] (CC BY-SA 2.0)._
--------------------------------------------------------------------------------
via: https://fedoramagazine.org/jupyter-and-data-science-in-fedora/
作者:[Avi Alkalay][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://fedoramagazine.org/author/aviram/
[b]: https://github.com/lujun9972
[1]: https://fedoramagazine.org/wp-content/uploads/2019/06/jupyter-816x345.jpg
[2]: http://mathjax.org
[3]: https://fedoramagazine.org/howto-use-sudo/
[4]: https://avi.alkalay.net/articlefiles/2018/07/jupyter-fedora.png
[5]: https://fedoramagazine.org/wp-content/uploads/2019/06/gradient-descent-cost-function-optimization.png
[6]: https://seaborn.pydata.org/_images/regression_marginals.png
[7]: https://www.statsmodels.org/
[8]: https://www.statsmodels.org/stable/examples/index.html#stats
[9]: https://fedoramagazine.org/wp-content/uploads/2019/06/time-series.png
[10]: https://scikit-learn.org/stable/
[11]: https://scikit-learn.org/stable/supervised_learning.html#supervised-learning
[12]: https://xgboost.ai
[13]: https://xgboost.readthedocs.io/en/latest/gpu/index.html
[14]: https://imbalanced-learn.readthedocs.io
[15]: https://www.nltk.org
[16]: https://github.com/slundberg/shap
[17]: https://raw.githubusercontent.com/slundberg/shap/master/docs/artwork/shap_diagram.png
[18]: https://keras.io
[19]: https://www.tensorflow.org
[20]: https://www.flickr.com/photos/87249144@N08/
[21]: https://www.flickr.com/photos/87249144@N08/45871861611/

276
sources/tech/20190702 Make Linux stronger with firewalls.md Normal file
View File

@ -0,0 +1,276 @@
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Make Linux stronger with firewalls)
[#]: via: (https://opensource.com/article/19/7/make-linux-stronger-firewalls)
[#]: author: (Seth Kenlon https://opensource.com/users/seth)
Make Linux stronger with firewalls
======
Learn how firewalls work and which settings to tweak for better Linux
security.
![People working together to build ][1]
Everyone's heard of firewalls, even if only as a plot device in a TV cybercrime drama. Many people also know that their computer is (likely) running a firewall, but fewer people understand how to take control of their firewall when necessary.
Firewalls block unwanted network traffic, but different networks have different threat levels. For instance, if you're at home, you probably trust the other computers and devices on your network a lot more than when you're out at the local café using public WiFi. You can hope your computer differentiates between a trusted network and an untrusted one, or you can learn to manage, or at least verify, your security settings yourself.
### How firewalls work
Communication between devices on a network happens through gateways called _ports_. Port, in this context, doesn't mean a physical connection like a USB port or an HDMI port. In network lingo, a port is an entirely virtual concept representing pathways for a specific type of data to either arrive at or depart from a computer. This system could have been called anything, like "connections" or "doorways," but they were named ports at least [as early as 1981][2], and that's the name in use today. The point is, there's nothing special about any port; they're just a way to designate an address where data transference may happen.
Back in 1972, [a list of port numbers][3] (then called "sockets") was published, and this has since evolved into a set of well-known standard port numbers that help manage specific kinds of traffic. For instance, you access ports 80 and 443 on a daily basis when you visit a website, because most everyone on the internet has agreed, implicitly or explicitly, that data is transferred from web servers over those ports. You can test this theory by opening a web browser and navigating to a website with a nonstandard port appended to the URL. For instance, if you navigate to **example.com:42**, your request is denied because example.com does not serve a website at port 42.
![Navigating to a nonstandard port produces an error][4]
If you revisit the same website at port 80, you get a website, as expected. You can specify port 80 with **:80** at the end of the URL, but because port 80 is the standard port for HTTP traffic, your web browser assumes port 80 by default.
When a computer, like a web server, expects traffic at a specific port, it's acceptable (and necessary) to have the port open for traffic. The danger is leaving ports open that you have no reason to expect traffic on, and that's exactly what a firewall is for.
### Install firewalld
There are many interfaces for firewall configuration. This article covers [**firewalld**][5], which integrates with Network Manager on the desktop and **firewall-cmd** in the terminal. Many Linux distributions ship with these tools installed. If yours doesn't, you can either take this article as general advice for firewall management and apply it to what you use, or you can install **firewalld**.
On Ubuntu, for instance, you must enable the **universe** repository, deactivate the default **ufw** firewall, and then install **firewalld**:
```
$ sudo systemctl disable ufw
$ sudo add-apt-repository universe
$ sudo apt install firewalld
```
Fedora, CentOS, RHEL, OpenSUSE, and many others include **firewalld** by default.
Regardless of your distribution, for a firewall to be effective, it must be active and set to be loaded at boot. The less you have to think about firewall maintenance, the better.
```
`$ sudo systemctl enable --now firewalld`
```
### Choose your zone with Network Manager
You probably connect to many different networks every day. You're on one network at work, another at the café, and yet another at home. Your computer can detect which network you use more frequently than others, but it doesn't know which you trust.
A firewall _zone_ contains presets deciding what ports to open and close. Using zones, you can choose a policy that makes the most sense for the network you're currently on.
To see a list of available zones, open the Network Manager Connection Editor, found in your Applications menu, or with the **nm-connection-editor &amp;** command.
![Network Manager Connection Editor][6]
From the list of network connections, double-click on your current network.
In the network configuration window that appears, click the General tab.
In the General panel, click the drop-down menu next to Firewall Zone for a list of all available zones.
![Firewall zones][7]
You can get this same list with this terminal command:
```
`$ sudo firewall-cmd --get-zones`
```
The zone titles indicate what their designers had in mind when creating them, but you can get the specifics of any zone with this terminal command:
```
$ sudo firewall-cmd --zone work --list-all
work
  target: default
  icmp-block-inversion: no
  interfaces:
  sources:
  services: ssh dhcpv6-client
  ports:
  protocols:
  [...]
```
In this example, the **work** zone is configured to permit SSH and DHCPv6-client incoming traffic but drops any other incoming traffic not explicitly requested by the user. (In other words, the **work** zone doesn't block HTTP response traffic when you visit a website, but it _does_ deny an HTTP request on your port 80.)
View each zone to get familiar with the traffic each one allows. The most common ones are:
* **Work:** Use this one when on a network you mostly trust. SSH, DHCPv6, and mDNS are permitted, and you can add more as needed. This zone is meant to be a starting point for a custom work environment based on your daily office requirements.
* **Public:** For networks you do not trust. This zone is the same as the work zone, but presumably, you would not add the same exceptions as your work zone.
* **Drop:** All incoming connections are dropped with no response given. This is as close to a stealth mode as you can get without shutting off networking entirely because only outgoing network connections are possible (even a casual port scanner could detect your computer from outgoing traffic, though, so don't mistake this zone for a cloaking device). This is arguably the safest zone when on public WiFi, and definitely the best when you have reason to believe a network is hostile.
* **Block:** All incoming connections are rejected with a message declaring that the requested port is prohibited. Only network connections you initiate are possible. This is a "friendly" version of the drop zone because, even though no port is open for incoming traffic, a port verbosely declines an uninitiated connection.
* **Home:** Use this when you trust other computers on the network. Only selected incoming connections are accepted, and you can add more as needed.
* **Internal:** Similar to the work zone, this is intended for internal networks where you mostly trust the other computers. You can open more ports and services as needed but still maintain a different rule set than you have on your work zone.
* **Trusted:** All network connections are accepted. Good for troubleshooting or on networks you absolutely trust.
### Assigning a zone to a network
You can assign a zone to any network connection you make. Furthermore, you can assign a different zone to each network interface (Ethernet cable, WiFi, and so on) that attaches to each network.
Select the zone you want and click the Save button to commit the change.
![Setting a new zone][8]
The easiest way to get into the habit of assigning a zone to a network interface is to tend to the networks you use most often. Assign the home zone to your home network, the work zone to your work network, and the public network to your favorite library or café network.
Once you have assigned a zone to all your usual networks, make an effort to assign a zone to the next new network you join, whether it's a new café or your mate's home network. Assigning zones is the best way to reinforce your own awareness that networks are not all equal and that you're not any more secure than anybody else just because you run Linux.
### Default zone
Rather than prompting you for a zone every time you join a new network, firewalld assigns any unknown network a default zone. Open a terminal and type this command to get your default zone:
```
$ sudo firewall-cmd --get-default
public
```
In this example, the public zone is the default. It's expected that you will keep the public zone highly restrictive, so it's a pretty safe zone to assign unknown networks. However, you can set your own default instead.
For instance, if you're more paranoid than most, or if you know that you frequent networks you have reason to distrust, you can assign a highly restrictive zone as default:
```
$ sudo firewall-cmd --set-default-zone drop
success
$ sudo firewall-cmd --get-default
drop
```
Now any new network you join will be subject to the drop zone rules unless you manually change it to something less restrictive.
### Customizing zones by opening ports and services
Firewalld's developers don't intend for their zone definitions to satisfy the needs of all the different networks and levels of trust in existence. They're just starting points for you to use and customize.
You don't have to know much about firewalls to be able to open and close ports based on the kinds of network activity you know you generate.
#### Predefined services
The simplest way to add permissions to your firewall is to add a predefined service. Strictly speaking, there's no such thing as a "service" as far as your firewall knows, because firewalls understand port numbers and protocol types. However, firewalld provides collections of ports and protocols based on standards and conventions.
For example, if you're a web developer and want to open your computer up on your local network so your colleagues can see the website you're building, you would add the **http** and **https** services. If you're a gamer and you're running the open source [murmur][9] voice-chat server for your guild, then you'd add the **murmur** service. There are many other services available, which you can view with this command:
```
$ sudo firewall-cmd --get-services
amanda-client amanda-k5-client bacula bacula-client \
bgp bitcoin bitcoin-rpc ceph cfengine condor-collector \
ctdb dhcp dhcpv6 dhcpv6-client dns elasticsearch \
freeipa-ldap freeipa-ldaps ftp [...]
```
If you see a service you need, add it to your current firewall configuration, for example:
```
`$ sudo firewall-cmd --add-service murmur`
```
This command opens all the ports and protocols needed for a particular service _within your default zone_, but only until you reboot your computer or restart your firewall. To make your changes permanent, use the **\--permanent** flag:
```
`$ sudo firewall-cmd --add-service murmur --permanent`
```
You can also issue the command for a zone other than your default:
```
`$ sudo firewall-cmd --add-service murmur --permanent --zone home`
```
#### Ports
Sometimes you want to allow traffic for something that just isn't defined by firewalld's services. Maybe you're setting up a nonstandard port for a common service or you need to open an arbitrary port.
For example, maybe you're running the open source [virtual tabletop][10] software [MapTool][11]. Since you're running the MapTool server and there's no industry standard governing which port MapTool runs on, you can decide what port it uses and then "poke a hole" in your firewall to allow traffic on that port.
The process is basically the same as for services:
```
`$ sudo firewall-cmd --add-port 51234/tcp`
```
This command opens port 51234 to incoming TCP connections _in your default zone_, but only until you reboot your computer or restart your firewall. To make your changes permanent, use the **\--permanent** flag:
```
`$ sudo firewall-cmd --add-port 51234/tcp --permanent`
```
You can also issue the command for a zone other than your default:
```
`$ sudo firewall-cmd --add-port 51234/tcp --permanent --zone home`
```
Allowing traffic through your computer is different from letting traffic through your router"s firewall. Your router probably has a different interface for its own embeded firewall (though the principle is the same), which is outside the scope of this article.
### Removing ports and services
If you decide a service or a port is no longer needed, you can restart your firewall to clear your changes, unless you use the **\--permanent** flag.
If you made your changes permanent, use the **\--remove-port** or **\--remove-service** flag:
```
`$ sudo firewall-cmd --remove-port 51234/tcp --permanent`
```
You can remove ports and services from a zone other than your default zone by specifying a zone in your command:
```
`$ sudo firewall-cmd --remove-service murmur --permanent --zone home`
```
### Custom zones
You can use and abuse the default zones provided by firewalld, but you also have the freedom to create your own. For instance, if it makes sense for you to have a zone specific to gaming, then you can create one and switch over to it only while gaming.
To create a new, empty zone, create a new zone called **game** and reload the firewall rules so that your new zone becomes active:
```
$ sudo firewall-cmd --new-zone game --permanent
success
$ sudo firewall-cmd --reload
```
Once it's created and active, you can customize it with all the services and ports you need to have open for game night.
### Diligence
Start thinking about your firewall strategy today. Start slow, and build up some sane defaults that make sense for you. It may take time before you make it a habit to think about your firewall and understand which network services you use, but with a little exploration, you can strengthen your Linux workstation no matter what your environment.
--------------------------------------------------------------------------------
via: https://opensource.com/article/19/7/make-linux-stronger-firewalls
作者:[Seth Kenlon][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/seth
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/BUSINESS_buildtogether.png?itok=9Tvz64K5 (People working together to build )
[2]: https://tools.ietf.org/html/rfc793
[3]: https://tools.ietf.org/html/rfc433
[4]: https://opensource.com/sites/default/files/uploads/web-port-nonstandard.png (Navigating to a nonstandard port produces an error)
[5]: https://firewalld.org/
[6]: https://opensource.com/sites/default/files/uploads/nm-connection-editor.png (Network Manager Connection Editor)
[7]: https://opensource.com/sites/default/files/uploads/nm-zone.png (Firewall zones)
[8]: https://opensource.com/sites/default/files/uploads/nm-set.png (Setting a new zone)
[9]: https://www.mumble.com/
[10]: https://opensource.com/article/18/5/maptool
[11]: https://github.com/RPTools

84
sources/tech/20190702 What makes a good code review in DevOps.md Normal file
View File

@ -0,0 +1,84 @@
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (What makes a good code review in DevOps?)
[#]: via: (https://opensource.com/article/19/7/code-reviews-devops)
[#]: author: (Patrick Housley https://opensource.com/users/patrickhousley/users/juliegund/users/ghaff)
What makes a good code review in DevOps?
======
Well-run code reviews balance the freedom to innovate rapidly with code
quality and security.
![Pair programming][1]
Improving the software development lifecycle, the speed we deliver software to customers, and the quality of that software are all great premises of [DevOps][2]. They are goals that the tools and techniques prescribed by the DevOps movement attempt to achieve. As a developer, I feel freer to make changes rapidly, not just to source code, but also to infrastructure and configuration code. As a DevOps practitioner, my goal is to balance that freedom with quality and security. How? One tool we can use is code reviews.
Code reviews are not a new concept. They are often used as a manual gate-check for code changes before merging them to the trunk branch. This helps ensure quality and security by preventing developers from working in vacuums. It can also help ensure the entire team is aware of what's going on in their project. Much like anything in technology, there are many different ways to implement code reviews, and there can be some confusion around how to operate code reviews and what the goals of a code review are. Let's start by looking at who on the team should be doing the reviewing in code reviews.
### Who should be reviewing code?
It is easy to assume that the more senior developers on the team should be the ones reviewing code before it makes it to the trunk branch. That is only partly true. Everyone on the team should feel empowered and obligated to take time out of their day to review the code going into the repositories they work in most often. Why? It's all about perspective, and the more people we have engaging in code review, the more perspectives we can take advantage of.
A developer's perspective when reviewing code is derived from a culmination of their years of experience as well as their _unique_ experiences. Unique experiences help diversify the team and can be a source of new, innovative solutions. Having more years of experience does not necessarily equate to having a diverse set of unique experiences. How does this fit into the junior-senior developer dynamic as applied to code reviews? Before we get too deep into the title war, let's first define what we mean by "code review."
### Code review is a conversation
Take a moment and think about what a code review means to you. Is it a manual gate to ensure the quality of the code making it to your trunk branch? Is it a chance to have the more senior developers, or maybe the developers more familiar with the area of the code base, review the code? These would all be good answers, but there is a better one.
_Code reviews are a chance for you, the committer, and your peers to have a conversation about the changes being made before they are merged to the trunk branch._
Our goal should be simply to talk about the changes being made. It sounds simple, but, like any digital conversation, we simple humans always try to imply tone to the words we read. I have seen junior developers take seemingly innocuous questioning in a code review as a call to action. Instead of engaging in conversation, they immediately change the code. I think we all can say we have seen more senior developers use poor wording that implies improper tone in their code reviews and conversations around code changes. Many open source communities are trying to address this through Code of Conduct declarations. I have been privy to a solution for this issue that I still use today and recommend to all developers of every level: comment tagging.
#### Comment tagging
My previous example of a junior developer taking a question as a call to action doesn't come from thin air. I noticed this behavior some years ago when I would make comments or ask questions on pull requests as part of a code review. It really upset me at the time, because I was trying to have an honest conversation, not trying to imply the developer did anything wrong or needed to change the code. Luckily, I had great leadership that was able to help find the problem and come up with a solution. That solution was to start tagging our comments in the pull requests using the tags: _comment_, _question_, _blocker_, and _recommended_. It would look something like:
> [comment] I think you meant to use the forEach prototype method here instead of map.
> [blocker] This constructor is too large and should be broken up into individual, specialized methods.
> [question] Is this method needed in this class with the merging of feature X? Feature x makes this a global utility method.
> [recommended] You could add a test case here to check for negative outcomes. This would help ensure future code changes do not break our expectations.
It may seem simple, maybe even extreme, but it really helped spark conversations in our code reviews. Junior developers felt more empowered to have and stick to their opinions in the face of questioning from more senior developers. More importantly, they also felt empowered to question and comment in code reviews for changes made by more senior developers.
### Leave your title at the door
Through our discussion of who should be doing the reviewing in code reviews and what a code review is, one thing should be clear: the junior and senior titles mean very little. In fact, they can detract from the overall goal of code reviews, as was the case in the experience I described above. The concept is very simple: _No matter how senior you are, you can still make mistakes, and no matter how junior you are, you can still provide valuable and innovative solutions._
We will leave the comparison of what makes a junior and senior developer for another article. For now, let's get back to our code review conversation. We have covered the what and why of code reviews, but just as important is the when. When should you be doing code review? How often?
### Code-review continuously
I have seen code reviews performed in many ways over the past few years. Not long ago, I was on a team that did weekly, one-hour meetings for code review. Today, my team operates code reviews on an ongoing basis as part of our pull request process. In case you are not familiar with them, pull requests are a process commonly found in [Git][3] tooling like GitHub and GitLab where a developer makes a formal request to have the changes in their branch merged into another branch.
How you and your team operate may be different, and you should always strive to find what works best for your team and project. My team and those around me use code reviews for two purposes: to formalize the code review process and to block merges to trunk based on automated code-quality checks. While we are having our conversation about the code changes in the pull request, our continuous integration pipeline is operating in the background to perform a sanity build of the project, run tests, linting, and static code analysis. The results are provided back to the pull request and help influence our code review.
How often do we have these code reviews and pull requests? As often as possible. Complying with lean development practices indicates we make small commits and merges often. If that's the case, multiple pull requests happen daily, and many conversations happen continuously. This can become a little overwhelming but, if the changes being made are small, theoretically the conversations are also small, short, and sweet.
### Put it all together
Team dynamics will always play a substantial role in how practices like code reviews are performed. I typically like to start my day off by seeing what pull requests are open and what discussions are happening. It provides a nice, gradual start to my day, and I can catch up on what people are working on. I will typically go back throughout the day, as I take breaks from what I am working on, to check for more pull requests. This works great for me and might work well for you, so I encourage you to give it a try.
No matter how you decide to conduct your code reviews, I typically discourage the one hour a week meeting. First, it can work counter to the lean development practice of committing small and often. Developers may wait to do any merging or open pull requests until code review. By that time, the code is not fresh in their mind, and things in the project may have changed that affect the changes they are making. Second, if your team is more than two developers, an hour meeting will probably not be long enough to adequately review all the changes from all the team members that need to go in. This could lead to changes being merged without code review, and that could be detrimental to code quality and security.
Instead of using that one hour to dig through code changes, I find it better to talk higher-level. It's always good for a team to come together and discuss how they are architecting their code, how their features may affect or tie into each other, and what blockers they might be having. All in all, communication is key, and continuous code review should work to drive more communication.
Is DevOps fundamentally about changing culture in an IT organization? That seemingly simple...
--------------------------------------------------------------------------------
via: https://opensource.com/article/19/7/code-reviews-devops
作者:[Patrick Housley][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/patrickhousley/users/juliegund/users/ghaff
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/collab-team-pair-programming-code-keyboard.png?itok=kBeRTFL1 (Pair programming)
[2]: https://opensource.com/resources/devops
[3]: https://opensource.com/resources/what-is-git

251
sources/tech/20190703 How to Manually Install Security Updates on Debian-Ubuntu.md Normal file
View File

@ -0,0 +1,251 @@
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (How to Manually Install Security Updates on Debian/Ubuntu?)
[#]: via: (https://www.2daygeek.com/manually-install-security-updates-ubuntu-debian/)
[#]: author: (Magesh Maruthamuthu https://www.2daygeek.com/author/magesh/)
How to Manually Install Security Updates on Debian/Ubuntu?
======
Installing a package in Linux from command line is a simple task.
In a single command or combining of multiple commands could make you to complete your task easily.
The same can be done for security updates as well.
In this tutorial, we will show you how to check available security update and install them on Debian based systems such as Ubuntu, LinuxMint, etc,.
It can be done using three methods. All these methods are described in this article in details.
As a Linux administrator, you should keep your system up-to-date, that makes your system more secure. It protects your system against unwanted attack.
If you are not able to patch entire system with all updates due to some application dependency. At-least, you should install only security patches to make your system 100% compliance.
### How to Install unattended-upgrades package in Debian/Ubuntu?
By default `unattended-upgrades` package should be installed on your system. But in case if its not installed use the following command to install it.
Use **[APT-GET Command][1]** or **[APT Command][2]** to install unattended-upgrades package.
```
$ sudo apt-get install unattended-upgrades
or
$ sudo apt install unattended-upgrades
```
### Method-1: How to Check if any Security Updates are available in Debian/Ubuntu?
Its always a good practice to check list of available security updates before performing the patch installation. It will give you the list of packages that are going to be updated in your system.
**Whats dry run?** Most of the Linux commands have a dry run option, which stimulate the actual output but nothing will be downloaded or installed.
To do so, you need to add `--dry-run` option with unattended-upgrades command.
```
$ sudo unattended-upgrade --dry-run -d
Initial blacklisted packages:
Initial whitelisted packages:
Starting unattended upgrades script
Allowed origins are: o=Ubuntu,a=bionic, o=Ubuntu,a=bionic-security, o=UbuntuESM,a=bionic
Using (^linux-image-[0-9]+\.[0-9\.]+-.*|^linux-headers-[0-9]+\.[0-9\.]+-.*|^linux-image-extra-[0-9]+\.[0-9\.]+-.*|^linux-modules-[0-9]+\.[0-9\.]+-.*|^linux-modules-extra-[0-9]+\.[0-9\.]+-.*|^linux-signed-image-[0-9]+\.[0-9\.]+-.*|^kfreebsd-image-[0-9]+\.[0-9\.]+-.*|^kfreebsd-headers-[0-9]+\.[0-9\.]+-.*|^gnumach-image-[0-9]+\.[0-9\.]+-.*|^.*-modules-[0-9]+\.[0-9\.]+-.*|^.*-kernel-[0-9]+\.[0-9\.]+-.*|^linux-backports-modules-.*-[0-9]+\.[0-9\.]+-.*|^linux-modules-.*-[0-9]+\.[0-9\.]+-.*|^linux-tools-[0-9]+\.[0-9\.]+-.*|^linux-cloud-tools-[0-9]+\.[0-9\.]+-.*) regexp to find kernel packages
Using (^linux-image-4\.15\.0\-51\-generic$|^linux-headers-4\.15\.0\-51\-generic$|^linux-image-extra-4\.15\.0\-51\-generic$|^linux-modules-4\.15\.0\-51\-generic$|^linux-modules-extra-4\.15\.0\-51\-generic$|^linux-signed-image-4\.15\.0\-51\-generic$|^kfreebsd-image-4\.15\.0\-51\-generic$|^kfreebsd-headers-4\.15\.0\-51\-generic$|^gnumach-image-4\.15\.0\-51\-generic$|^.*-modules-4\.15\.0\-51\-generic$|^.*-kernel-4\.15\.0\-51\-generic$|^linux-backports-modules-.*-4\.15\.0\-51\-generic$|^linux-modules-.*-4\.15\.0\-51\-generic$|^linux-tools-4\.15\.0\-51\-generic$|^linux-cloud-tools-4\.15\.0\-51\-generic$) regexp to find running kernel packages
Checking: apt ([])
adjusting candidate version: apt=1.6.6ubuntu0.1
Checking: apt-utils ([])
adjusting candidate version: apt-utils=1.6.6ubuntu0.1
Checking: bash ([])
.
.
Checking: xxd ([, ])
pkgs that look like they should be upgraded: binutils
binutils-common
binutils-x86-64-linux-gnu
cpp
cpp-7
dbus
dbus-user-session
dbus-x11
firefox
firefox-locale-en
g++
g++-7
gcc
gcc-7
gcc-7-base
gcc-8-base
libasan4
libatomic1
libbinutils
libcc1-0
libcilkrts5
libdbus-1-3
libdbus-1-dev
libgcc-7-dev
libgcc1
libgfortran4
libgomp1
libitm1
liblsan0
libmpx2
libquadmath0
libstdc++-7-dev
libstdc++6
libtsan0
libubsan0
vim-common
vim-tiny
xxd
```
If the above command output says **“No packages found that can be upgraded unattended and no pending auto-removals”** in the Terminal, this implies your System is up-to-date.
### How to Install available Security Updates in Debian/Ubuntu?
If your got any package updates in the above command output. Then run the following command to install them.
```
$ sudo unattended-upgrade -d
```
Alternatively this can be done from apt-get command. Its bit tricky. However, i would suggest users to go with first option.
### Method-2: How to Check if any Security Updates are available in Debian/Ubuntu Using apt-get Command?
Run the following command to check list of available security updates in your Debian/Ubuntu system
```
$ sudo apt-get -s dist-upgrade | grep "^Inst" | grep -i securi
Inst libquadmath0 [8.2.0-1ubuntu2~18.04] (8.3.0-6ubuntu1~18.04.1 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [amd64]) []
Inst libitm1 [8.2.0-1ubuntu2~18.04] (8.3.0-6ubuntu1~18.04.1 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [amd64]) []
Inst gcc-8-base [8.2.0-1ubuntu2~18.04] (8.3.0-6ubuntu1~18.04.1 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [amd64]) [libmpx2:amd64 libgcc1:amd64 libtsan0:amd64 liblsan0:amd64 libgomp1:amd64 libatomic1:amd64 libcc1-0:amd64 libstdc++6:amd64 ]
Inst libgcc1 [1:8.2.0-1ubuntu2~18.04] (1:8.3.0-6ubuntu1~18.04.1 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [amd64]) [libmpx2:amd64 libtsan0:amd64 liblsan0:amd64 libgomp1:amd64 libatomic1:amd64 libcc1-0:amd64 libstdc++6:amd64 ]
Inst libmpx2 [8.2.0-1ubuntu2~18.04] (8.3.0-6ubuntu1~18.04.1 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [amd64]) [libtsan0:amd64 liblsan0:amd64 libgomp1:amd64 libatomic1:amd64 libcc1-0:amd64 libstdc++6:amd64 ]
Inst liblsan0 [8.2.0-1ubuntu2~18.04] (8.3.0-6ubuntu1~18.04.1 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [amd64]) [libtsan0:amd64 libgomp1:amd64 libatomic1:amd64 libcc1-0:amd64 libstdc++6:amd64 ]
Inst libtsan0 [8.2.0-1ubuntu2~18.04] (8.3.0-6ubuntu1~18.04.1 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [amd64]) [libgomp1:amd64 libatomic1:amd64 libcc1-0:amd64 libstdc++6:amd64 ]
Inst libcc1-0 [8.2.0-1ubuntu2~18.04] (8.3.0-6ubuntu1~18.04.1 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [amd64]) [libgomp1:amd64 libatomic1:amd64 libstdc++6:amd64 ]
Inst libatomic1 [8.2.0-1ubuntu2~18.04] (8.3.0-6ubuntu1~18.04.1 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [amd64]) [libgomp1:amd64 libstdc++6:amd64 ]
Inst libgomp1 [8.2.0-1ubuntu2~18.04] (8.3.0-6ubuntu1~18.04.1 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [amd64]) [libstdc++6:amd64 ]
Inst libstdc++6 [8.2.0-1ubuntu2~18.04] (8.3.0-6ubuntu1~18.04.1 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [amd64])
Inst libdbus-1-dev [1.12.2-1ubuntu1] (1.12.2-1ubuntu1.1 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [amd64]) []
Inst dbus-user-session [1.12.2-1ubuntu1] (1.12.2-1ubuntu1.1 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [amd64]) []
Inst dbus-x11 [1.12.2-1ubuntu1] (1.12.2-1ubuntu1.1 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [amd64]) []
Inst dbus [1.12.2-1ubuntu1] (1.12.2-1ubuntu1.1 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [amd64]) []
Inst libdbus-1-3 [1.12.2-1ubuntu1] (1.12.2-1ubuntu1.1 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [amd64])
Inst xxd [2:8.0.1453-1ubuntu1] (2:8.0.1453-1ubuntu1.1 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [amd64])
Inst vim-tiny [2:8.0.1453-1ubuntu1] (2:8.0.1453-1ubuntu1.1 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [amd64]) []
Inst vim-common [2:8.0.1453-1ubuntu1] (2:8.0.1453-1ubuntu1.1 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [all])
Inst binutils-x86-64-linux-gnu [2.30-21ubuntu1~18.04] (2.30-21ubuntu1~18.04.2 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [amd64]) [binutils:amd64 ]
Inst binutils-common [2.30-21ubuntu1~18.04] (2.30-21ubuntu1~18.04.2 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [amd64]) [binutils:amd64 libbinutils:amd64 ]
Inst binutils [2.30-21ubuntu1~18.04] (2.30-21ubuntu1~18.04.2 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [amd64]) [libbinutils:amd64 ]
Inst libbinutils [2.30-21ubuntu1~18.04] (2.30-21ubuntu1~18.04.2 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [amd64])
Inst libasan4 [7.3.0-27ubuntu1~18.04] (7.4.0-1ubuntu1~18.04.1 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [amd64]) []
Inst libubsan0 [7.3.0-27ubuntu1~18.04] (7.4.0-1ubuntu1~18.04.1 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [amd64]) []
Inst libcilkrts5 [7.3.0-27ubuntu1~18.04] (7.4.0-1ubuntu1~18.04.1 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [amd64]) []
Inst g++-7 [7.3.0-27ubuntu1~18.04] (7.4.0-1ubuntu1~18.04.1 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [amd64]) []
Inst gcc-7 [7.3.0-27ubuntu1~18.04] (7.4.0-1ubuntu1~18.04.1 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [amd64]) []
Inst libstdc++-7-dev [7.3.0-27ubuntu1~18.04] (7.4.0-1ubuntu1~18.04.1 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [amd64]) []
Inst libgcc-7-dev [7.3.0-27ubuntu1~18.04] (7.4.0-1ubuntu1~18.04.1 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [amd64]) []
Inst libgfortran4 [7.3.0-27ubuntu1~18.04] (7.4.0-1ubuntu1~18.04.1 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [amd64]) []
Inst cpp-7 [7.3.0-27ubuntu1~18.04] (7.4.0-1ubuntu1~18.04.1 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [amd64]) []
Inst gcc-7-base [7.3.0-27ubuntu1~18.04] (7.4.0-1ubuntu1~18.04.1 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [amd64])
Inst cpp [4:7.3.0-3ubuntu2.1] (4:7.4.0-1ubuntu2.3 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [amd64])
Inst firefox [67.0.1+build1-0ubuntu0.18.04.1] (67.0.2+build2-0ubuntu0.18.04.1 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [amd64])
Inst firefox-locale-en [67.0.1+build1-0ubuntu0.18.04.1] (67.0.2+build2-0ubuntu0.18.04.1 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [amd64])
Inst gcc [4:7.3.0-3ubuntu2.1] (4:7.4.0-1ubuntu2.3 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [amd64])
Inst g++ [4:7.3.0-3ubuntu2.1] (4:7.4.0-1ubuntu2.3 Ubuntu:18.04/bionic-updates, Ubuntu:18.04/bionic-security [amd64])
```
### How to Install available Security Updates in Debian/Ubuntu Using apt-get Command?
If you found any package updates in the above output. Finally run the following command to install them.
```
$ sudo apt-get -s dist-upgrade | grep "^Inst" | grep -i securi | awk -F " " {'print $2'} | xargs apt-get install
```
Alternatively this can be done from apt command. Its bit tricky. However, i would suggest users to go with first option.
### Method-3: How to Check if any Security Updates are available in Debian/Ubuntu Using apt Command?
Run the following command to check list of available security updates in your Debian/Ubuntu system
```
$ sudo apt list --upgradable | grep -e "-security"
binutils/bionic-updates,bionic-security 2.30-21ubuntu1~18.04.2 amd64 [upgradable from: 2.30-21ubuntu1~18.04]
binutils-common/bionic-updates,bionic-security 2.30-21ubuntu1~18.04.2 amd64 [upgradable from: 2.30-21ubuntu1~18.04]
binutils-x86-64-linux-gnu/bionic-updates,bionic-security 2.30-21ubuntu1~18.04.2 amd64 [upgradable from: 2.30-21ubuntu1~18.04]
cpp/bionic-updates,bionic-security 4:7.4.0-1ubuntu2.3 amd64 [upgradable from: 4:7.3.0-3ubuntu2.1]
cpp-7/bionic-updates,bionic-security 7.4.0-1ubuntu1~18.04.1 amd64 [upgradable from: 7.3.0-27ubuntu1~18.04]
dbus/bionic-updates,bionic-security 1.12.2-1ubuntu1.1 amd64 [upgradable from: 1.12.2-1ubuntu1]
dbus-user-session/bionic-updates,bionic-security 1.12.2-1ubuntu1.1 amd64 [upgradable from: 1.12.2-1ubuntu1]
dbus-x11/bionic-updates,bionic-security 1.12.2-1ubuntu1.1 amd64 [upgradable from: 1.12.2-1ubuntu1]
firefox/bionic-updates,bionic-security 67.0.2+build2-0ubuntu0.18.04.1 amd64 [upgradable from: 67.0.1+build1-0ubuntu0.18.04.1]
firefox-locale-en/bionic-updates,bionic-security 67.0.2+build2-0ubuntu0.18.04.1 amd64 [upgradable from: 67.0.1+build1-0ubuntu0.18.04.1]
g++/bionic-updates,bionic-security 4:7.4.0-1ubuntu2.3 amd64 [upgradable from: 4:7.3.0-3ubuntu2.1]
g++-7/bionic-updates,bionic-security 7.4.0-1ubuntu1~18.04.1 amd64 [upgradable from: 7.3.0-27ubuntu1~18.04]
gcc/bionic-updates,bionic-security 4:7.4.0-1ubuntu2.3 amd64 [upgradable from: 4:7.3.0-3ubuntu2.1]
gcc-7/bionic-updates,bionic-security 7.4.0-1ubuntu1~18.04.1 amd64 [upgradable from: 7.3.0-27ubuntu1~18.04]
gcc-7-base/bionic-updates,bionic-security 7.4.0-1ubuntu1~18.04.1 amd64 [upgradable from: 7.3.0-27ubuntu1~18.04]
gcc-8-base/bionic-updates,bionic-security 8.3.0-6ubuntu1~18.04.1 amd64 [upgradable from: 8.2.0-1ubuntu2~18.04]
libasan4/bionic-updates,bionic-security 7.4.0-1ubuntu1~18.04.1 amd64 [upgradable from: 7.3.0-27ubuntu1~18.04]
libatomic1/bionic-updates,bionic-security 8.3.0-6ubuntu1~18.04.1 amd64 [upgradable from: 8.2.0-1ubuntu2~18.04]
libbinutils/bionic-updates,bionic-security 2.30-21ubuntu1~18.04.2 amd64 [upgradable from: 2.30-21ubuntu1~18.04]
libcc1-0/bionic-updates,bionic-security 8.3.0-6ubuntu1~18.04.1 amd64 [upgradable from: 8.2.0-1ubuntu2~18.04]
libcilkrts5/bionic-updates,bionic-security 7.4.0-1ubuntu1~18.04.1 amd64 [upgradable from: 7.3.0-27ubuntu1~18.04]
libdbus-1-3/bionic-updates,bionic-security 1.12.2-1ubuntu1.1 amd64 [upgradable from: 1.12.2-1ubuntu1]
libdbus-1-dev/bionic-updates,bionic-security 1.12.2-1ubuntu1.1 amd64 [upgradable from: 1.12.2-1ubuntu1]
libgcc-7-dev/bionic-updates,bionic-security 7.4.0-1ubuntu1~18.04.1 amd64 [upgradable from: 7.3.0-27ubuntu1~18.04]
libgcc1/bionic-updates,bionic-security 1:8.3.0-6ubuntu1~18.04.1 amd64 [upgradable from: 1:8.2.0-1ubuntu2~18.04]
libgfortran4/bionic-updates,bionic-security 7.4.0-1ubuntu1~18.04.1 amd64 [upgradable from: 7.3.0-27ubuntu1~18.04]
libgomp1/bionic-updates,bionic-security 8.3.0-6ubuntu1~18.04.1 amd64 [upgradable from: 8.2.0-1ubuntu2~18.04]
libitm1/bionic-updates,bionic-security 8.3.0-6ubuntu1~18.04.1 amd64 [upgradable from: 8.2.0-1ubuntu2~18.04]
liblsan0/bionic-updates,bionic-security 8.3.0-6ubuntu1~18.04.1 amd64 [upgradable from: 8.2.0-1ubuntu2~18.04]
libmpx2/bionic-updates,bionic-security 8.3.0-6ubuntu1~18.04.1 amd64 [upgradable from: 8.2.0-1ubuntu2~18.04]
libquadmath0/bionic-updates,bionic-security 8.3.0-6ubuntu1~18.04.1 amd64 [upgradable from: 8.2.0-1ubuntu2~18.04]
libstdc++-7-dev/bionic-updates,bionic-security 7.4.0-1ubuntu1~18.04.1 amd64 [upgradable from: 7.3.0-27ubuntu1~18.04]
libstdc++6/bionic-updates,bionic-security 8.3.0-6ubuntu1~18.04.1 amd64 [upgradable from: 8.2.0-1ubuntu2~18.04]
libtsan0/bionic-updates,bionic-security 8.3.0-6ubuntu1~18.04.1 amd64 [upgradable from: 8.2.0-1ubuntu2~18.04]
libubsan0/bionic-updates,bionic-security 7.4.0-1ubuntu1~18.04.1 amd64 [upgradable from: 7.3.0-27ubuntu1~18.04]
vim-common/bionic-updates,bionic-updates,bionic-security,bionic-security 2:8.0.1453-1ubuntu1.1 all [upgradable from: 2:8.0.1453-1ubuntu1]
vim-tiny/bionic-updates,bionic-security 2:8.0.1453-1ubuntu1.1 amd64 [upgradable from: 2:8.0.1453-1ubuntu1]
xxd/bionic-updates,bionic-security 2:8.0.1453-1ubuntu1.1 amd64 [upgradable from: 2:8.0.1453-1ubuntu1]
```
### How to Install available Security Updates in Debian/Ubuntu Using apt Command?
If you found any package updates in the above output. Finally run the following command to install them.
```
$ sudo apt list --upgradable | grep -e "-security" | awk -F "/" '{print $1}' | xargs apt install
```
Also, the following file will give you the packages update count.
```
$ sudo cat /var/lib/update-notifier/updates-available
190 packages can be updated.
39 updates are security updates.
```
--------------------------------------------------------------------------------
via: https://www.2daygeek.com/manually-install-security-updates-ubuntu-debian/
作者:[Magesh Maruthamuthu][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://www.2daygeek.com/author/magesh/
[b]: https://github.com/lujun9972
[1]: https://www.2daygeek.com/apt-get-apt-cache-command-examples-manage-packages-debian-ubuntu-systems/
[2]: https://www.2daygeek.com/apt-command-examples-manage-packages-debian-ubuntu-systems/