diff --git a/translated/tech/20150225 How to set up IPv6 BGP peering and filtering in Quagga BGP router.md b/published/20150225 How to set up IPv6 BGP peering and filtering in Quagga BGP router.md similarity index 97% rename from translated/tech/20150225 How to set up IPv6 BGP peering and filtering in Quagga BGP router.md rename to published/20150225 How to set up IPv6 BGP peering and filtering in Quagga BGP router.md index 23e2314576..1e17c7c6d3 100644 --- a/translated/tech/20150225 How to set up IPv6 BGP peering and filtering in Quagga BGP router.md +++ b/published/20150225 How to set up IPv6 BGP peering and filtering in Quagga BGP router.md @@ -1,5 +1,6 @@ -如何设置在Quagga BGP路由器中设置IPv6的BGP对等体和过滤 +如何设置在 Quagga BGP 路由器中设置 IPv6 的 BGP 对等体和过滤 ================================================================================ + 在之前的教程中,我们演示了如何使用Quagga建立一个[完备的BGP路由器][1]和配置[前缀过滤][2]。在本教程中,我们会向你演示如何创建IPv6 BGP对等体并通过BGP通告IPv6前缀。同时我们也将演示如何使用前缀列表和路由映射特性来过滤通告的或者获取到的IPv6前缀。 ### 拓扑 ### @@ -47,7 +48,7 @@ Quagga内部提供一个叫作vtysh的shell,其界面与那些主流路由厂 # vtysh -提示将改为: +提示符将改为: router-a# @@ -65,7 +66,7 @@ Quagga内部提供一个叫作vtysh的shell,其界面与那些主流路由厂 router-a# configure terminal -提示将变更成: +提示符将变更成: router-a(config)# @@ -246,13 +247,13 @@ Quagga内部提供一个叫作vtysh的shell,其界面与那些主流路由厂 via: http://xmodulo.com/ipv6-bgp-peering-filtering-quagga-bgp-router.html 作者:[Sarmed Rahman][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) +译者:[martin2011qi](https://github.com/martin2011qi) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出 [a]:http://xmodulo.com/author/sarmed -[1]:http://xmodulo.com/centos-bgp-router-quagga.html +[1]:https://linux.cn/article-4232-1.html [2]:http://xmodulo.com/filter-bgp-routes-quagga-bgp-router.html [3]:http://ask.xmodulo.com/open-port-firewall-centos-rhel.html [4]:http://xmodulo.com/filter-bgp-routes-quagga-bgp-router.html diff --git a/translated/tech/20150722 Howto Interactively Perform Tasks with Docker using Kitematic.md b/published/20150722 Howto Interactively Perform Tasks with Docker using Kitematic.md similarity index 60% rename from translated/tech/20150722 Howto Interactively Perform Tasks with Docker using Kitematic.md rename to published/20150722 Howto Interactively Perform Tasks with Docker using Kitematic.md index 8ad03dd06c..ac93dceb50 100644 --- a/translated/tech/20150722 Howto Interactively Perform Tasks with Docker using Kitematic.md +++ b/published/20150722 Howto Interactively Perform Tasks with Docker using Kitematic.md @@ -1,8 +1,9 @@ -如何在 Docker 中通过 Kitematic 交互式执行任务 +如何在 Windows 上通过 Kitematic 使用 Docker ================================================================================ -在本篇文章中,我们会学习如何在 Windows 操作系统上安装 Kitematic 以及部署一个 Hello World Nginx Web 服务器。Kitematic 是一个自由开源软件,它有现代化的界面设计使得允许我们在 Docker 中交互式执行任务。Kitematic 设计非常漂亮、界面也很不错。我们可以简单快速地开箱搭建我们的容器而不需要输入命令,我们可以在图形用户界面中通过简单的点击从而在容器上部署我们的应用。Kitematic 集成了 Docker Hub,允许我们搜索、拉取任何需要的镜像,并在上面部署应用。它同时也能很好地切换到命令行用户接口模式。目前,它包括了自动映射端口、可视化更改环境变量、配置卷、精简日志以及其它功能。 -下面是在 Windows 上安装 Kitematic 并部署 Hello World Nginx Web 服务器的 3 个简单步骤。 +在本篇文章中,我们会学习如何在 Windows 操作系统上安装 Kitematic 以及部署一个测试性的 Nginx Web 服务器。Kitematic 是一个具有现代化的界面设计的自由开源软件,它可以让我们在 Docker 中交互式执行任务。Kitematic 设计的非常漂亮、界面美观。使用它,我们可以简单快速地开箱搭建我们的容器而不需要输入命令,可以在图形用户界面中通过简单的点击从而在容器上部署我们的应用。Kitematic 集成了 Docker Hub,允许我们搜索、拉取任何需要的镜像,并在上面部署应用。它同时也能很好地切换到命令行用户接口模式。目前,它包括了自动映射端口、可视化更改环境变量、配置卷、流式日志以及其它功能。 + +下面是在 Windows 上安装 Kitematic 并部署测试性 Nginx Web 服务器的 3 个简单步骤。 ### 1. 下载 Kitematic ### @@ -16,15 +17,15 @@ ### 2. 安装 Kitematic ### -下载好可执行安装程序之后,我们现在打算在我们的 Windows 操作系统上安装 Kitematic。安装程序现在会开始下载并安装运行 Kitematic 需要的依赖,包括 Virtual Box 和 Docker。如果已经在系统上安装了 Virtual Box,它会把它升级到最新版本。安装程序会在几分钟内完成,但取决于你网络和系统的速度。如果你还没有安装 Virtual Box,它会问你是否安装 Virtual Box 网络驱动。建议安装它,因为它有助于 Virtual Box 的网络。 +下载好可执行安装程序之后,我们现在就可以在我们的 Windows 操作系统上安装 Kitematic了。安装程序现在会开始下载并安装运行 Kitematic 需要的依赖软件,包括 Virtual Box 和 Docker。如果已经在系统上安装了 Virtual Box,它会把它升级到最新版本。安装程序会在几分钟内完成,但取决于你网络和系统的速度。如果你还没有安装 Virtual Box,它会问你是否安装 Virtual Box 网络驱动。建议安装它,因为它用于 Virtual Box 的网络功能。 ![安装 Kitematic](http://blog.linoxide.com/wp-content/uploads/2015/06/installing-kitematic.png) -需要的依赖 Docker 和 Virtual Box 安装完成并运行后,会让我们登录到 Docker Hub。如果我们还没有账户或者还不想登录,可以点击 **SKIP FOR NOW** 继续后面的步骤。 +所需的依赖 Docker 和 Virtual Box 安装完成并运行后,会让我们登录到 Docker Hub。如果我们还没有账户或者还不想登录,可以点击 **SKIP FOR NOW** 继续后面的步骤。 ![登录 Docker Hub](http://blog.linoxide.com/wp-content/uploads/2015/06/login-docker-hub.jpg) -如果你还没有账户,你可以在应用程序上点击注册链接并在 Docker Hub 上创建账户。 +如果你还没有账户,你可以在应用程序上点击注册(Sign Up)链接并在 Docker Hub 上创建账户。 完成之后,就会出现 Kitematic 应用程序的第一个界面。正如下面看到的这样。我们可以搜索可用的 docker 镜像。 @@ -50,7 +51,11 @@ ### 总结 ### -我们终于成功在 Windows 操作系统上安装了 Kitematic 并部署了一个 Hello World Ngnix 服务器。总是推荐下载安装 Kitematic 最新的发行版,因为会增加很多新的高级功能。由于 Docker 运行在 64 位平台,当前 Kitematic 也是为 64 位操作系统构建。它只能在 Windows 7 以及更高版本上运行。在这篇教程中,我们部署了一个 Nginx Web 服务器,类似地我们可以在 Kitematic 中简单的点击就能通过镜像部署任何 docker 容器。Kitematic 已经有可用的 Mac OS X 和 Windows 版本,Linux 版本也在开发中很快就会发布。如果你有任何疑问、建议或者反馈,请在下面的评论框中写下来以便我们更改地改进或更新我们的内容。非常感谢!Enjoy :-) +我们终于成功在 Windows 操作系统上安装了 Kitematic 并部署了一个 Hello World Ngnix 服务器。推荐下载安装 Kitematic 最新的发行版,因为会增加很多新的高级功能。由于 Docker 运行在 64 位平台,当前 Kitematic 也是为 64 位操作系统构建。它只能在 Windows 7 以及更高版本上运行。 + +在这篇教程中,我们部署了一个 Nginx Web 服务器,类似地我们可以在 Kitematic 中简单的点击就能通过镜像部署任何 docker 容器。Kitematic 已经有可用的 Mac OS X 和 Windows 版本,Linux 版本也在开发中很快就会发布。 + +如果你有任何疑问、建议或者反馈,请在下面的评论框中写下来以便我们更改地改进或更新我们的内容。非常感谢!Enjoy :-) -------------------------------------------------------------------------------- @@ -58,7 +63,7 @@ via: http://linoxide.com/linux-how-to/interactively-docker-kitematic/ 作者:[Arun Pyasi][a] 译者:[ictlyh](https://github.com/ictlyh) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出 diff --git a/published/20150730 Howto Configure Nginx as Rreverse Proxy or Load Balancer with Weave and Docker.md b/published/20150730 Howto Configure Nginx as Rreverse Proxy or Load Balancer with Weave and Docker.md new file mode 100644 index 0000000000..0f08cf12fa --- /dev/null +++ b/published/20150730 Howto Configure Nginx as Rreverse Proxy or Load Balancer with Weave and Docker.md @@ -0,0 +1,129 @@ +如何使用 Weave 以及 Docker 搭建 Nginx 反向代理/负载均衡服务器 +================================================================================ + +Hi, 今天我们将会学习如何使用 Weave 和 Docker 搭建 Nginx 的反向代理/负载均衡服务器。Weave 可以创建一个虚拟网络将 Docker 容器彼此连接在一起,支持跨主机部署及自动发现。它可以让我们更加专注于应用的开发,而不是基础架构。Weave 提供了一个如此棒的环境,仿佛它的所有容器都属于同个网络,不需要端口/映射/连接等的配置。容器中的应用提供的服务在 weave 网络中可以轻易地被外部世界访问,不论你的容器运行在哪里。在这个教程里我们将会使用 weave 快速并且简单地将 nginx web 服务器部署为一个负载均衡器,反向代理一个运行在 Amazon Web Services 里面多个节点上的 docker 容器中的简单 php 应用。这里我们将会介绍 WeaveDNS,它提供一个不需要改变代码就可以让容器利用主机名找到的简单方式,并且能够让其他容器通过主机名连接彼此。 + +在这篇教程里,我们将使用 nginx 来将负载均衡分配到一个运行 Apache 的容器集合。最简单轻松的方法就是使用 Weave 来把运行在 ubuntu 上的 docker 容器中的 nginx 配置成负载均衡服务器。 + +### 1. 搭建 AWS 实例 ### + +首先,我们需要搭建 Amzaon Web Service 实例,这样才能在 ubuntu 下用 weave 跑 docker 容器。我们将会使用[AWS 命令行][1] 来搭建和配置两个 AWS EC2 实例。在这里,我们使用最小的可用实例,t1.micro。我们需要一个有效的**Amazon Web Services 账户**使用 AWS 命令行界面来搭建和配置。我们先在 AWS 命令行界面下使用下面的命令将 github 上的 weave 仓库克隆下来。 + + $ git clone http://github.com/fintanr/weave-gs + $ cd weave-gs/aws-nginx-ubuntu-simple + +在克隆完仓库之后,我们执行下面的脚本,这个脚本将会部署两个 t1.micro 实例,每个实例中都是 ubuntu 作为操作系统并用 weave 跑着 docker 容器。 + + $ sudo ./demo-aws-setup.sh + +在这里,我们将会在以后用到这些实例的 IP 地址。这些地址储存在一个 weavedemo.env 文件中,这个文件创建于执行 demo-aws-setup.sh 脚本期间。为了获取这些 IP 地址,我们需要执行下面的命令,命令输出类似下面的信息。 + + $ cat weavedemo.env + + export WEAVE_AWS_DEMO_HOST1=52.26.175.175 + export WEAVE_AWS_DEMO_HOST2=52.26.83.141 + export WEAVE_AWS_DEMO_HOSTCOUNT=2 + export WEAVE_AWS_DEMO_HOSTS=(52.26.175.175 52.26.83.141) + +请注意这些不是固定的 IP 地址,AWS 会为我们的实例动态地分配 IP 地址。 + +我们在 bash 下执行下面的命令使环境变量生效。 + + . ./weavedemo.env + +### 2. 启动 Weave 和 WeaveDNS ### + +在安装完实例之后,我们将会在每台主机上启动 weave 以及 weavedns。Weave 以及 weavedns 使得我们能够轻易地将容器部署到一个全新的基础架构以及配置中, 不需要改变代码,也不需要去理解像 Ambassador 容器以及 Link 机制之类的概念。下面是在第一台主机上启动 weave 以及 weavedns 的命令。 + + ssh -i weavedemo-key.pem ubuntu@$WEAVE_AWS_DEMO_HOST1 + $ sudo weave launch + $ sudo weave launch-dns 10.2.1.1/24 + +下一步,我也准备在第二台主机上启动 weave 以及 weavedns。 + + ssh -i weavedemo-key.pem ubuntu@$WEAVE_AWS_DEMO_HOST2 + $ sudo weave launch $WEAVE_AWS_DEMO_HOST1 + $ sudo weave launch-dns 10.2.1.2/24 + +### 3. 启动应用容器 ### + +现在,我们准备跨两台主机启动六个容器,这两台主机都用 Apache2 Web 服务实例跑着简单的 php 网站。为了在第一个 Apache2 Web 服务器实例跑三个容器, 我们将会使用下面的命令。 + + ssh -i weavedemo-key.pem ubuntu@$WEAVE_AWS_DEMO_HOST1 + $ sudo weave run --with-dns 10.3.1.1/24 -h ws1.weave.local fintanr/weave-gs-nginx-apache + $ sudo weave run --with-dns 10.3.1.2/24 -h ws2.weave.local fintanr/weave-gs-nginx-apache + $ sudo weave run --with-dns 10.3.1.3/24 -h ws3.weave.local fintanr/weave-gs-nginx-apache + +在那之后,我们将会在第二个实例上启动另外三个容器,请使用下面的命令。 + + ssh -i weavedemo-key.pem ubuntu@$WEAVE_AWS_DEMO_HOST2 + $ sudo weave run --with-dns 10.3.1.4/24 -h ws4.weave.local fintanr/weave-gs-nginx-apache + $ sudo weave run --with-dns 10.3.1.5/24 -h ws5.weave.local fintanr/weave-gs-nginx-apache + $ sudo weave run --with-dns 10.3.1.6/24 -h ws6.weave.local fintanr/weave-gs-nginx-apache + +注意: 在这里,--with-dns 选项告诉容器使用 weavedns 来解析主机名,-h x.weave.local 则使得 weavedns 能够解析该主机。 + +### 4. 启动 Nginx 容器 ### + +在应用容器如预期的运行后,我们将会启动 nginx 容器,它将会在六个应用容器服务之间轮询并提供反向代理或者负载均衡。 为了启动 nginx 容器,请使用下面的命令。 + + ssh -i weavedemo-key.pem ubuntu@$WEAVE_AWS_DEMO_HOST1 + $ sudo weave run --with-dns 10.3.1.7/24 -ti -h nginx.weave.local -d -p 80:80 fintanr/weave-gs-nginx-simple + +因此,我们的 nginx 容器在 $WEAVE_AWS_DEMO_HOST1 上公开地暴露成为一个 http 服务器。 + +### 5. 测试负载均衡服务器 ### + +为了测试我们的负载均衡服务器是否可以工作,我们执行一段可以发送 http 请求给 nginx 容器的脚本。我们将会发送6个请求,这样我们就能看到 nginx 在一次的轮询中服务于每台 web 服务器之间。 + + $ ./access-aws-hosts.sh + + { + "message" : "Hello Weave - nginx example", + "hostname" : "ws1.weave.local", + "date" : "2015-06-26 12:24:23" + } + { + "message" : "Hello Weave - nginx example", + "hostname" : "ws2.weave.local", + "date" : "2015-06-26 12:24:23" + } + { + "message" : "Hello Weave - nginx example", + "hostname" : "ws3.weave.local", + "date" : "2015-06-26 12:24:23" + } + { + "message" : "Hello Weave - nginx example", + "hostname" : "ws4.weave.local", + "date" : "2015-06-26 12:24:23" + } + { + "message" : "Hello Weave - nginx example", + "hostname" : "ws5.weave.local", + "date" : "2015-06-26 12:24:23" + } + { + "message" : "Hello Weave - nginx example", + "hostname" : "ws6.weave.local", + "date" : "2015-06-26 12:24:23" + } + +### 结束语 ### + +我们最终成功地将 nginx 配置成一个反向代理/负载均衡服务器,通过使用 weave 以及运行在 AWS(Amazon Web Service)EC2 里面的 ubuntu 服务器中的 docker。从上面的步骤输出可以清楚的看到我们已经成功地配置了 nginx。我们可以看到请求在一次轮询中被发送到6个应用容器,这些容器在 Apache2 Web 服务器中跑着 PHP 应用。在这里,我们部署了一个容器化的 PHP 应用,使用 nginx 横跨多台在 AWS EC2 上的主机而不需要改变代码,利用 weavedns 使得每个容器连接在一起,只需要主机名就够了,眼前的这些便捷, 都要归功于 weave 以及 weavedns。 + +如果你有任何的问题、建议、反馈,请在评论中注明,这样我们才能够做得更好,谢谢:-) + +-------------------------------------------------------------------------------- + +via: http://linoxide.com/linux-how-to/nginx-load-balancer-weave-docker/ + +作者:[Arun Pyasi][a] +译者:[dingdongnigetou](https://github.com/dingdongnigetou) +校对:[wxy](https://github.com/wxy) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://linoxide.com/author/arunp/ +[1]:http://console.aws.amazon.com/ diff --git a/published/20141211 Open source all over the world.md b/published/201508/20141211 Open source all over the world.md similarity index 100% rename from published/20141211 Open source all over the world.md rename to published/201508/20141211 Open source all over the world.md diff --git a/published/20150128 7 communities driving open source development.md b/published/201508/20150128 7 communities driving open source development.md similarity index 100% rename from published/20150128 7 communities driving open source development.md rename to published/201508/20150128 7 communities driving open source development.md diff --git a/translated/tech/20150205 Install Strongswan - A Tool to Setup IPsec Based VPN in Linux.md b/published/201508/20150205 Install Strongswan - A Tool to Setup IPsec Based VPN in Linux.md similarity index 60% rename from translated/tech/20150205 Install Strongswan - A Tool to Setup IPsec Based VPN in Linux.md rename to published/201508/20150205 Install Strongswan - A Tool to Setup IPsec Based VPN in Linux.md index 3c16463951..22e50e355d 100644 --- a/translated/tech/20150205 Install Strongswan - A Tool to Setup IPsec Based VPN in Linux.md +++ b/published/201508/20150205 Install Strongswan - A Tool to Setup IPsec Based VPN in Linux.md @@ -1,5 +1,6 @@ -安装Strongswan - Linux上一个基于IPsec的vpn工具 +安装 Strongswan :Linux 上一个基于 IPsec 的 VPN 工具 ================================================================================ + IPsec是一个提供网络层安全的标准。它包含认证头(AH)和安全负载封装(ESP)组件。AH提供包的完整性,ESP组件提供包的保密性。IPsec确保了在网络层的安全特性。 - 保密性 @@ -7,27 +8,27 @@ IPsec是一个提供网络层安全的标准。它包含认证头(AH)和安全 - 来源不可抵赖性 - 重放攻击防护 -[Strongswan][1]是一个IPsec协议实现的开源代码,Strongswan代表强壮开源广域网(StrongS/WAN)。它支持IPsec的VPN两个版本的密钥自动交换(网络密钥交换(IKE)V1和V2)。 +[Strongswan][1]是一个IPsec协议的开源代码实现,Strongswan的意思是强安全广域网(StrongS/WAN)。它支持IPsec的VPN中的两个版本的密钥自动交换(网络密钥交换(IKE)V1和V2)。 -Strongswan基本上提供了自动交换密钥共享VPN两个节点或网络,然后它使用Linux内核的IPsec(AH和ESP)实现。密钥共享使用了IKE机制的特性使用ESP编码数据。在IKE阶段,strongswan使用OpenSSL加密算法(AES,SHA等等)和其他加密类库。无论如何,ESP组成IPsec使用的安全算法,它是Linux内核实现的。Strongswan的主要特性是下面这些。 +Strongswan基本上提供了在VPN的两个节点/网关之间自动交换密钥的共享,然后它使用了Linux内核的IPsec(AH和ESP)实现。密钥共享使用了之后用于ESP数据加密的IKE 机制。在IKE阶段,strongswan使用OpenSSL的加密算法(AES,SHA等等)和其他加密类库。无论如何,IPsec中的ESP组件使用的安全算法是由Linux内核实现的。Strongswan的主要特性如下: - x.509证书或基于预共享密钥认证 - 支持IKEv1和IKEv2密钥交换协议 -- 可选内置插件和库的完整性和加密测试 -- 支持椭圆曲线DH群体和ECDSA证书 +- 可选的,对于插件和库的内置完整性和加密测试 +- 支持椭圆曲线DH群和ECDSA证书 - 在智能卡上存储RSA私钥和证书 -它能被使用在客户端或服务器(road warrior模式)和网关到网关的情景。 +它能被使用在客户端/服务器(road warrior模式)和网关到网关的情景。 ### 如何安装 ### -几乎所有的Linux发行版都支持Strongswan的二进制包。在这个教程,我们将从二进制包安装strongswan也编译strongswan合适的特性的源代码。 +几乎所有的Linux发行版都支持Strongswan的二进制包。在这个教程,我们会从二进制包安装strongswan,也会从源代码编译带有合适的特性的strongswan。 ### 使用二进制包 ### 可以使用以下命令安装Strongswan到Ubuntu 14.04 LTS - $sudo aptitude install strongswan + $ sudo aptitude install strongswan ![安装strongswan](http://blog.linoxide.com/wp-content/uploads/2014/12/strongswan-binary.png) @@ -35,35 +36,35 @@ strongswan的全局配置(strongswan.conf)文件和ipsec配置(ipsec.conf/ ### strongswan源码编译安装的依赖包 ### -- GMP(strongswan使用的Mathematical/Precision 库) -- OpenSSL(加密算法在这个库里) -- PKCS(1,7,8,11,12)(证书编码和智能卡与Strongswan集成) +- GMP(strongswan使用的高精度数学库) +- OpenSSL(加密算法来自这个库) +- PKCS(1,7,8,11,12)(证书编码和智能卡集成) #### 步骤 #### **1)** 在终端使用下面命令到/usr/src/目录 - $cd /usr/src + $ cd /usr/src **2)** 用下面命令从strongswan网站下载源代码 - $sudo wget http://download.strongswan.org/strongswan-5.2.1.tar.gz + $ sudo wget http://download.strongswan.org/strongswan-5.2.1.tar.gz -(strongswan-5.2.1.tar.gz 是最新版。) +(strongswan-5.2.1.tar.gz 是当前最新版。) ![下载软件](http://blog.linoxide.com/wp-content/uploads/2014/12/download_strongswan.png) -**3)** 用下面命令提取下载软件,然后进入目录。 +**3)** 用下面命令提取下载的软件,然后进入目录。 - $sudo tar –xvzf strongswan-5.2.1.tar.gz; cd strongswan-5.2.1 + $ sudo tar –xvzf strongswan-5.2.1.tar.gz; cd strongswan-5.2.1 **4)** 使用configure命令配置strongswan每个想要的选项。 - ./configure --prefix=/usr/local -–enable-pkcs11 -–enable-openssl + $ ./configure --prefix=/usr/local -–enable-pkcs11 -–enable-openssl ![检查strongswan包](http://blog.linoxide.com/wp-content/uploads/2014/12/strongswan-configure.png) -如果GMP库没有安装,然后配置脚本将会发生下面的错误。 +如果GMP库没有安装,配置脚本将会发生下面的错误。 ![GMP library error](http://blog.linoxide.com/wp-content/uploads/2014/12/gmp-error.png) @@ -71,19 +72,19 @@ strongswan的全局配置(strongswan.conf)文件和ipsec配置(ipsec.conf/ ![gmp installation](http://blog.linoxide.com/wp-content/uploads/2014/12/gmp-installation1.png) -无论如何,如果GMP已经安装而且还一致报错,然后在Ubuntu上使用下面命令创建libgmp.so库的软连到/usr/lib,/lib/,/usr/lib/x86_64-linux-gnu/路径下。 +不过,如果GMP已经安装还报上述错误的话,在Ubuntu上使用如下命令,给在路径 /usr/lib,/lib/,/usr/lib/x86_64-linux-gnu/ 下的libgmp.so库创建软连接。 $ sudo ln -s /usr/lib/x86_64-linux-gnu/libgmp.so.10.1.3 /usr/lib/x86_64-linux-gnu/libgmp.so ![softlink of libgmp.so library](http://blog.linoxide.com/wp-content/uploads/2014/12/softlink.png) -创建libgmp.so软连后,再执行./configure脚本也许就找到gmp库了。无论如何,gmp头文件也许发生其他错误,像下面这样。 +创建libgmp.so软连接后,再执行./configure脚本也许就找到gmp库了。然而,如果gmp头文件发生其他错误,像下面这样。 ![GMP header file issu](http://blog.linoxide.com/wp-content/uploads/2014/12/gmp-header.png) 为解决上面的错误,使用下面命令安装libgmp-dev包 - $sudo aptitude install libgmp-dev + $ sudo aptitude install libgmp-dev ![Installation of Development library of GMP](http://blog.linoxide.com/wp-content/uploads/2014/12/gmp-dev.png) @@ -105,7 +106,7 @@ via: http://linoxide.com/security/install-strongswan/ 作者:[nido][a] 译者:[wyangsun](https://github.com/wyangsun) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出 diff --git a/published/20150209 Install OpenQRM Cloud Computing Platform In Debian.md b/published/201508/20150209 Install OpenQRM Cloud Computing Platform In Debian.md similarity index 100% rename from published/20150209 Install OpenQRM Cloud Computing Platform In Debian.md rename to published/201508/20150209 Install OpenQRM Cloud Computing Platform In Debian.md diff --git a/published/20150318 How to Manage and Use LVM (Logical Volume Management) in Ubuntu.md b/published/201508/20150318 How to Manage and Use LVM (Logical Volume Management) in Ubuntu.md similarity index 100% rename from published/20150318 How to Manage and Use LVM (Logical Volume Management) in Ubuntu.md rename to published/201508/20150318 How to Manage and Use LVM (Logical Volume Management) in Ubuntu.md diff --git a/translated/tech/20150318 How to Use LVM on Ubuntu for Easy Partition Resizing and Snapshots.md b/published/201508/20150318 How to Use LVM on Ubuntu for Easy Partition Resizing and Snapshots.md similarity index 75% rename from translated/tech/20150318 How to Use LVM on Ubuntu for Easy Partition Resizing and Snapshots.md rename to published/201508/20150318 How to Use LVM on Ubuntu for Easy Partition Resizing and Snapshots.md index 2e66e27f31..adf9abd11c 100644 --- a/translated/tech/20150318 How to Use LVM on Ubuntu for Easy Partition Resizing and Snapshots.md +++ b/published/201508/20150318 How to Use LVM on Ubuntu for Easy Partition Resizing and Snapshots.md @@ -1,14 +1,14 @@ -Ubuntu上使用LVM轻松调整分区并制作快照 +Ubuntu 上使用 LVM 轻松调整分区并制作快照 ================================================================================ ![](http://cdn5.howtogeek.com/wp-content/uploads/2015/03/ximg_55035707bbd74.png.pagespeed.ic.9_yebxUF1C.png) -Ubuntu的安装器提供了一个轻松“使用LVM”的复选框。说明中说,它启用了逻辑卷管理,因此你可以制作快照,并更容易地调整硬盘分区大小——这里将为大家讲述如何完成这些操作。 +Ubuntu的安装器提供了一个轻松“使用LVM”的复选框。它的描述中说,启用逻辑卷管理可以让你制作快照,并更容易地调整硬盘分区大小——这里将为大家讲述如何完成这些操作。 -LVM是一种技术,某种程度上和[RAID阵列][1]或[Windows上的存储空间][2]类似。虽然该技术在服务器上更为有用,但是它也可以在桌面端PC上使用。 +LVM是一种技术,某种程度上和[RAID阵列][1]或[Windows上的“存储空间”][2]类似。虽然该技术在服务器上更为有用,但是它也可以在桌面端PC上使用。 ### 你应该在新安装Ubuntu时使用LVM吗? ### -第一个问题是,你是否想要在安装Ubuntu时使用LVM?如果是,那么Ubuntu让这一切变得很简单,只需要轻点鼠标就可以完成,但是该选项默认是不启用的。正如安装器所说的,它允许你调整分区、创建快照、合并多个磁盘到一个逻辑卷等等——所有这一切都可以在系统运行时完成。不同于传统分区,你不需要关掉你的系统,从Live CD或USB驱动,然后[调整这些不使用的分区][3]。 +第一个问题是,你是否想要在安装Ubuntu时使用LVM?如果是,那么Ubuntu让这一切变得很简单,只需要轻点鼠标就可以完成,但是该选项默认是不启用的。正如安装器所说的,它允许你调整分区、创建快照、将多个磁盘合并到一个逻辑卷等等——所有这一切都可以在系统运行时完成。不同于传统分区,你不需要关掉你的系统,从Live CD或USB驱动,然后[当这些分区不使用时才能调整][3]。 完全坦率地说,普通Ubuntu桌面用户可能不会意识到他们是否正在使用LVM。但是,如果你想要在今后做一些更高深的事情,那么LVM就会有所帮助了。LVM可能更复杂,可能会在你今后恢复数据时会导致问题——尤其是在你经验不足时。这里不会有显著的性能损失——LVM是彻底地在Linux内核中实现的。 @@ -18,7 +18,7 @@ LVM是一种技术,某种程度上和[RAID阵列][1]或[Windows上的存储空 前面,我们已经[说明了何谓LVM][4]。概括来讲,它在你的物理磁盘和呈现在你系统中的分区之间提供了一个抽象层。例如,你的计算机可能装有两个硬盘驱动器,它们的大小都是 1 TB。你必须得在这些磁盘上至少分两个区,每个区大小 1 TB。 -LVM就在这些分区上提供了一个抽象层。用于取代磁盘上的传统分区,LVM将在你对这些磁盘初始化后,将它们当作独立的“物理卷”来对待。然后,你就可以基于这些物理卷创建“逻辑卷”。例如,你可以将这两个 1 TB 的磁盘组合成一个 2 TB 的分区,你的系统将只看到一个 2 TB 的卷,而LVM将会在后台处理这一切。一组物理卷以及一组逻辑卷被称之为“卷组”,一个标准的系统只会有一个卷组。 +LVM就在这些分区上提供了一个抽象层。用于取代磁盘上的传统分区,LVM将在你对这些磁盘初始化后,将它们当作独立的“物理卷”来对待。然后,你就可以基于这些物理卷创建“逻辑卷”。例如,你可以将这两个 1 TB 的磁盘组合成一个 2 TB 的分区,你的系统将只看到一个 2 TB 的卷,而LVM将会在后台处理这一切。一组物理卷以及一组逻辑卷被称之为“卷组”,一个典型的系统只会有一个卷组。 该抽象层使得调整分区、将多个磁盘组合成单个卷、甚至为一个运行着的分区的文件系统创建“快照”变得十分简单,而完成所有这一切都无需先卸载分区。 @@ -28,11 +28,11 @@ LVM就在这些分区上提供了一个抽象层。用于取代磁盘上的传 通常,[LVM通过Linux终端命令来管理][5]。这在Ubuntu上也行得通,但是有个更简单的图形化方法可供大家采用。如果你是一个Linux用户,对GParted或者与其类似的分区管理器熟悉,算了,别瞎掰了——GParted根本不支持LVM磁盘。 -然而,你可以使用Ubuntu附带的磁盘工具。该工具也被称之为GNOME磁盘工具,或者叫Palimpsest。点击停靠盘上的图标来开启它吧,搜索磁盘然后敲击回车。不像GParted,该磁盘工具将会在“其它设备”下显示LVM分区,因此你可以根据需要格式化这些分区,也可以调整其它选项。该工具在Live CD或USB 驱动下也可以使用。 +然而,你可以使用Ubuntu附带的磁盘工具。该工具也被称之为GNOME磁盘工具,或者叫Palimpsest。点击dash中的图标来开启它吧,搜索“磁盘”然后敲击回车。不像GParted,该磁盘工具将会在“其它设备”下显示LVM分区,因此你可以根据需要格式化这些分区,也可以调整其它选项。该工具在Live CD或USB 驱动下也可以使用。 ![](http://cdn5.howtogeek.com/wp-content/uploads/2015/03/ximg_550361b3772f7.png.pagespeed.ic.nZWwLJUywR.png) -不幸的是,该磁盘工具不支持LVM的大多数强大的特性,没有管理卷组、扩展分区,或者创建快照等选项。对于这些操作,你可以通过终端来实现,但是你没有那个必要。相反,你可以打开Ubuntu软件中心,搜索关键字LVM,然后安装逻辑卷管理工具,你可以在终端窗口中运行**sudo apt-get install system-config-lvm**命令来安装它。安装完之后,你就可以从停靠盘上打开逻辑卷管理工具了。 +不幸的是,该磁盘工具不支持LVM的大多数强大的特性,没有管理卷组、扩展分区,或者创建快照等选项。对于这些操作,你可以通过终端来实现,但是没有那个必要。相反,你可以打开Ubuntu软件中心,搜索关键字LVM,然后安装逻辑卷管理工具,你可以在终端窗口中运行**sudo apt-get install system-config-lvm**命令来安装它。安装完之后,你就可以从dash上打开逻辑卷管理工具了。 这个图形化配置工具是由红帽公司开发的,虽然有点陈旧了,但却是唯一的图形化方式,你可以通过它来完成上述操作,将那些终端命令抛诸脑后了。 @@ -40,11 +40,11 @@ LVM就在这些分区上提供了一个抽象层。用于取代磁盘上的传 ![](http://cdn5.howtogeek.com/wp-content/uploads/2015/03/ximg_550363106789c.png.pagespeed.ic.drVInt3Weq.png) -卷组视图会列出你所有物理卷和逻辑卷的总览。这里,我们有两个横跨两个独立硬盘驱动器的物理分区,我们有一个交换分区和一个根分区,就像Ubuntu默认设置的分区图表。由于我们从另一个驱动器添加了第二个物理分区,现在那里有大量未使用空间。 +卷组视图会列出你所有的物理卷和逻辑卷的总览。这里,我们有两个横跨两个独立硬盘驱动器的物理分区,我们有一个交换分区和一个根分区,这是Ubuntu默认设置的分区图表。由于我们从另一个驱动器添加了第二个物理分区,现在那里有大量未使用空间。 ![](http://cdn5.howtogeek.com/wp-content/uploads/2015/03/ximg_550363f631c19.png.pagespeed.ic.54E_Owcq8y.png) -要扩展逻辑分区到物理空间,你可以在逻辑视图下选择它,点击编辑属性,然后修改大小来扩大分区。你也可以在这里缩减分区。 +要扩展逻辑分区到物理空间,你可以在逻辑视图下选择它,点击编辑属性,然后修改大小来扩大分区。你也可以在这里缩小分区。 ![](http://cdn5.howtogeek.com/wp-content/uploads/2015/03/ximg_55036893712d3.png.pagespeed.ic.ce7y_Mt0uF.png) @@ -55,7 +55,7 @@ system-config-lvm的其它选项允许你设置快照和镜像。对于传统桌 via: http://www.howtogeek.com/211937/how-to-use-lvm-on-ubuntu-for-easy-partition-resizing-and-snapshots/ 译者:[GOLinux](https://github.com/GOLinux) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出 diff --git a/published/201508/20150410 How to run Ubuntu Snappy Core on Raspberry Pi 2.md b/published/201508/20150410 How to run Ubuntu Snappy Core on Raspberry Pi 2.md new file mode 100644 index 0000000000..c36ae7adb7 --- /dev/null +++ b/published/201508/20150410 How to run Ubuntu Snappy Core on Raspberry Pi 2.md @@ -0,0 +1,89 @@ +如何在树莓派 2 运行 ubuntu Snappy Core +================================================================================ +物联网(Internet of Things, IoT) 时代即将来临。很快,过不了几年,我们就会问自己当初是怎么在没有物联网的情况下生存的,就像我们现在怀疑过去没有手机的年代。Canonical 就是一个物联网快速发展却还是开放市场下的竞争者。这家公司宣称自己把赌注压到了IoT 上,就像他们已经在“云”上做过的一样。在今年一月底,Canonical 启动了一个基于Ubuntu Core 的小型操作系统,名字叫做 [Ubuntu Snappy Core][1] 。 + +Snappy 代表了两种意思,它是一种用来替代 deb 的新的打包格式;也是一个用来更新系统的前端,从CoreOS、红帽子和其他系统借鉴了**原子更新**这个想法。自从树莓派 2 投入市场,Canonical 很快就发布了用于树莓派的Snappy Core 版本。而第一代树莓派因为是基于ARMv6 ,Ubuntu 的ARM 镜像是基于ARMv7 ,所以不能运行ubuntu 。不过这种状况现在改变了,Canonical 通过发布 Snappy Core 的RPI2 镜像,抓住机会证明了Snappy 就是一个用于云计算,特别是用于物联网的系统。 + +Snappy 同样可以运行在其它像Amazon EC2, Microsofts Azure, Google的 Compute Engine 这样的云端上,也可以虚拟化在 KVM、Virtuabox 和vagrant 上。Canonical Ubuntu 已经拥抱了微软、谷歌、Docker、OpenStack 这些重量级选手,同时也与一些小项目达成合作关系。除了一些创业公司,比如 Ninja Sphere、Erle Robotics,还有一些开发板生产商,比如 Odroid、Banana Pro, Udoo, PCDuino 和 Parallella 、全志,Snappy 也提供了支持。Snappy Core 同时也希望尽快运行到路由器上来帮助改进路由器生产商目前很少更新固件的策略。 + +接下来,让我们看看怎么样在树莓派 2 上运行 Ubuntu Snappy Core。 + +用于树莓派2 的Snappy 镜像可以从 [Raspberry Pi 网站][2] 上下载。解压缩出来的镜像必须[写到一个至少8GB 大小的SD 卡][3]。尽管原始系统很小,但是原子升级和回滚功能会占用不小的空间。使用 Snappy 启动树莓派 2 后你就可以使用默认用户名和密码(都是ubuntu)登录系统。 + +![](https://farm8.staticflickr.com/7639/16428527263_f7bdd56a0d_c.jpg) + +sudo 已经配置好了可以直接用,安全起见,你应该使用以下命令来修改你的用户名 + + $ sudo usermod -l + +或者也可以使用`adduser` 为你添加一个新用户。 + +因为RPI缺少硬件时钟,而 Snappy Core 镜像并不知道这一点,所以系统会有一个小 bug:处理某些命令时会报很多错。不过这个很容易解决: + +使用这个命令来确认这个bug 是否影响: + + $ date + +如果输出类似 "Thu Jan 1 01:56:44 UTC 1970", 你可以这样做来改正: + + $ sudo date --set="Sun Apr 04 17:43:26 UTC 2015" + +改成你的实际时间。 + +![](https://farm9.staticflickr.com/8735/16426231744_c54d9b8877_b.jpg) + +现在你可能打算检查一下,看看有没有可用的更新。注意通常使用的命令是不行的: + + $ sudo apt-get update && sudo apt-get distupgrade + +这时系统不会让你通过,因为 Snappy 使用它自己精简过的、基于dpkg 的包管理系统。这么做的原因是 Snappy 会运行很多嵌入式程序,而同时你也会试图所有事情尽可能的简化。 + +让我们来看看最关键的部分,理解一下程序是如何与 Snappy 工作的。运行 Snappy 的SD 卡上除了 boot 分区外还有3个分区。其中的两个构成了一个重复的文件系统。这两个平行文件系统被固定挂载为只读模式,并且任何时刻只有一个是激活的。第三个分区是一个部分可写的文件系统,用来让用户存储数据。通过更新系统,标记为'system-a' 的分区会保持一个完整的文件系统,被称作核心,而另一个平行的文件系统仍然会是空的。 + +![](https://farm9.staticflickr.com/8758/16841251947_21f42609ce_b.jpg) + +如果我们运行以下命令: + + $ sudo snappy update + +系统将会在'system-b' 上作为一个整体进行更新,这有点像是更新一个镜像文件。接下来你将会被告知要重启系统来激活新核心。 + +重启之后,运行下面的命令可以检查你的系统是否已经更新到最新版本,以及当前被激活的是哪个核心 + + $ sudo snappy versions -a + +经过更新-重启两步操作,你应该可以看到被激活的核心已经被改变了。 + +因为到目前为止我们还没有安装任何软件,所以可以用下面的命令更新: + + $ sudo snappy update ubuntu-core + +如果你打算仅仅更新特定的OS 版本这就够了。如果出了问题,你可以使用下面的命令回滚: + + $ sudo snappy rollback ubuntu-core + +这将会把系统状态回滚到更新之前。 + +![](https://farm8.staticflickr.com/7666/17022676786_5fe6804ed8_c.jpg) + +再来说说那些让 Snappy 变得有用的软件。这里不会讲的太多关于如何构建软件、向 Snappy 应用商店添加软件的基础知识,但是你可以通过 Freenode 上的IRC 频道 #snappy 了解更多信息,那个上面有很多人参与。你可以通过浏览器访问http://\:4200 来浏览应用商店,然后从商店安装软件,再在浏览器里访问 http://webdm.local 来启动程序。如何构建用于 Snappy 的软件并不难,而且也有了现成的[参考文档][4] 。你也可以很容易的把 DEB 安装包使用Snappy 格式移植到Snappy 上。 + +![](https://farm8.staticflickr.com/7656/17022676836_968a2a7254_c.jpg) + +尽管 Ubuntu Snappy Core 吸引了我们去研究新型的 Snappy 安装包格式和 Canonical 式的原子更新操作,但是因为有限的可用应用,它现在在生产环境里还不是很有用。但是既然搭建一个 Snappy 环境如此简单,这看起来是一个学点新东西的好机会。 + +-------------------------------------------------------------------------------- + +via: http://xmodulo.com/ubuntu-snappy-core-raspberry-pi-2.html + +作者:[Ferdinand Thommes][a] +译者:[Ezio](https://github.com/oska874) +校对:[wxy](https://github.com/wxy) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出 + +[a]:http://xmodulo.com/author/ferdinand +[1]:http://www.ubuntu.com/things +[2]:http://www.raspberrypi.org/downloads/ +[3]:http://xmodulo.com/write-raspberry-pi-image-sd-card.html +[4]:https://developer.ubuntu.com/en/snappy/ diff --git a/published/20150504 How to access a Linux server behind NAT via reverse SSH tunnel.md b/published/201508/20150504 How to access a Linux server behind NAT via reverse SSH tunnel.md similarity index 100% rename from published/20150504 How to access a Linux server behind NAT via reverse SSH tunnel.md rename to published/201508/20150504 How to access a Linux server behind NAT via reverse SSH tunnel.md diff --git a/translated/tech/20150518 How to set up a Replica Set on MongoDB.md b/published/201508/20150518 How to set up a Replica Set on MongoDB.md similarity index 51% rename from translated/tech/20150518 How to set up a Replica Set on MongoDB.md rename to published/201508/20150518 How to set up a Replica Set on MongoDB.md index 44b8535b82..7d05a48d95 100644 --- a/translated/tech/20150518 How to set up a Replica Set on MongoDB.md +++ b/published/201508/20150518 How to set up a Replica Set on MongoDB.md @@ -1,10 +1,11 @@ -如何配置MongoDB副本集(Replica Set) +如何配置 MongoDB 副本集 ================================================================================ -MongoDB已经成为市面上最知名的NoSQL数据库。MongoDB是面向文档的,它的无模式设计使得它在各种各样的WEB应用当中广受欢迎。最让我喜欢的特性之一是它的副本集,副本集将同一数据的多份拷贝放在一组mongod节点上,从而实现数据的冗余以及高可用性。 -这篇教程将向你介绍如何配置一个MongoDB副本集。 +MongoDB 已经成为市面上最知名的 NoSQL 数据库。MongoDB 是面向文档的,它的无模式设计使得它在各种各样的WEB 应用当中广受欢迎。最让我喜欢的特性之一是它的副本集(Replica Set),副本集将同一数据的多份拷贝放在一组 mongod 节点上,从而实现数据的冗余以及高可用性。 -副本集的最常见配置涉及到一个主节点以及多个副节点。这之后启动的复制行为会从这个主节点到其他副节点。副本集不止可以针对意外的硬件故障和停机事件对数据库提供保护,同时也因为提供了更多的结点从而提高了数据库客户端数据读取的吞吐量。 +这篇教程将向你介绍如何配置一个 MongoDB 副本集。 + +副本集的最常见配置需要一个主节点以及多个副节点。这之后启动的复制行为会从这个主节点到其他副节点。副本集不止可以针对意外的硬件故障和停机事件对数据库提供保护,同时也因为提供了更多的节点从而提高了数据库客户端数据读取的吞吐量。 ### 配置环境 ### @@ -12,25 +13,25 @@ MongoDB已经成为市面上最知名的NoSQL数据库。MongoDB是面向文档 ![](https://farm8.staticflickr.com/7667/17801038505_529a5224a1.jpg) -为了达到这个目的,我们使用了3个运行在VirtualBox上的虚拟机。我会在这些虚拟机上安装Ubuntu 14.04,并且安装MongoDB官方包。 +为了达到这个目的,我们使用了3个运行在 VirtualBox 上的虚拟机。我会在这些虚拟机上安装 Ubuntu 14.04,并且安装 MongoDB 官方包。 -我会在一个虚拟机实例上配置好需要的环境,然后将它克隆到其他的虚拟机实例上。因此,选择一个名为master的虚拟机,执行以下安装过程。 +我会在一个虚拟机实例上配置好所需的环境,然后将它克隆到其他的虚拟机实例上。因此,选择一个名为 master 的虚拟机,执行以下安装过程。 -首先,我们需要在apt中增加一个MongoDB密钥: +首先,我们需要给 apt 增加一个 MongoDB 密钥: $ sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10 -然后,将官方的MongoDB仓库添加到source.list中: +然后,将官方的 MongoDB 仓库添加到 source.list 中: $ sudo su # echo "deb http://repo.mongodb.org/apt/ubuntu "$(lsb_release -sc)"/mongodb-org/3.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.0.list -接下来更新apt仓库并且安装MongoDB。 +接下来更新 apt 仓库并且安装 MongoDB。 $ sudo apt-get update $ sudo apt-get install -y mongodb-org -现在对/etc/mongodb.conf做一些更改 +现在对 /etc/mongodb.conf 做一些更改 auth = true dbpath=/var/lib/mongodb @@ -39,17 +40,17 @@ MongoDB已经成为市面上最知名的NoSQL数据库。MongoDB是面向文档 keyFile=/var/lib/mongodb/keyFile replSet=myReplica -第一行的作用是确认我们的数据库需要验证才可以使用的。keyfile用来配置用于MongoDB结点间复制行为的密钥文件。replSet用来为副本集设置一个名称。 +第一行的作用是表明我们的数据库需要验证才可以使用。keyfile 配置用于 MongoDB 节点间复制行为的密钥文件。replSet 为副本集设置一个名称。 接下来我们创建一个用于所有实例的密钥文件。 $ echo -n "MyRandomStringForReplicaSet" | md5sum > keyFile -这将会创建一个含有MD5字符串的密钥文件,但是由于其中包含了一些噪音,我们需要对他们清理后才能正式在MongoDB中使用。 +这将会创建一个含有 MD5 字符串的密钥文件,但是由于其中包含了一些噪音,我们需要对他们清理后才能正式在 MongoDB 中使用。 $ echo -n "MyReplicaSetKey" | md5sum|grep -o "[0-9a-z]\+" > keyFile -grep命令的作用的是把将空格等我们不想要的内容过滤掉之后的MD5字符串打印出来。 +grep 命令的作用的是把将空格等我们不想要的内容过滤掉之后的 MD5 字符串打印出来。 现在我们对密钥文件进行一些操作,让它真正可用。 @@ -57,7 +58,7 @@ grep命令的作用的是把将空格等我们不想要的内容过滤掉之后 $ sudo chown mongodb:nogroup keyFile $ sudo chmod 400 keyFile -接下来,关闭此虚拟机。将其Ubuntu系统克隆到其他虚拟机上。 +接下来,关闭此虚拟机。将其 Ubuntu 系统克隆到其他虚拟机上。 ![](https://farm9.staticflickr.com/8729/17800903865_9876a9cc9c.jpg) @@ -67,55 +68,55 @@ grep命令的作用的是把将空格等我们不想要的内容过滤掉之后 请注意,三个虚拟机示例需要在同一个网络中以便相互通讯。因此,我们需要它们弄到“互联网"上去。 -这里推荐给每个虚拟机设置一个静态IP地址,而不是使用DHCP。这样它们就不至于在DHCP分配IP地址给他们的时候失去连接。 +这里推荐给每个虚拟机设置一个静态 IP 地址,而不是使用 DHCP。这样它们就不至于在 DHCP 分配IP地址给他们的时候失去连接。 -像下面这样编辑每个虚拟机的/etc/networks/interfaces文件。 +像下面这样编辑每个虚拟机的 /etc/networks/interfaces 文件。 -在主结点上: +在主节点上: auto eth1 iface eth1 inet static address 192.168.50.2 netmask 255.255.255.0 -在副结点1上: +在副节点1上: auto eth1 iface eth1 inet static address 192.168.50.3 netmask 255.255.255.0 -在副结点2上: +在副节点2上: auto eth1 iface eth1 inet static address 192.168.50.4 netmask 255.255.255.0 -由于我们没有DNS服务,所以需要设置设置一下/etc/hosts这个文件,手工将主机名称放到次文件中。 +由于我们没有 DNS 服务,所以需要设置设置一下 /etc/hosts 这个文件,手工将主机名称放到此文件中。 -在主结点上: +在主节点上: 127.0.0.1 localhost primary 192.168.50.2 primary 192.168.50.3 secondary1 192.168.50.4 secondary2 -在副结点1上: +在副节点1上: 127.0.0.1 localhost secondary1 192.168.50.2 primary 192.168.50.3 secondary1 192.168.50.4 secondary2 -在副结点2上: +在副节点2上: 127.0.0.1 localhost secondary2 192.168.50.2 primary 192.168.50.3 secondary1 192.168.50.4 secondary2 -使用ping命令检查各个结点之间的连接。 +使用 ping 命令检查各个节点之间的连接。 $ ping primary $ ping secondary1 @@ -123,9 +124,9 @@ grep命令的作用的是把将空格等我们不想要的内容过滤掉之后 ### 配置副本集 ### -验证各个结点可以正常连通后,我们就可以新建一个管理员用户,用于之后的副本集操作。 +验证各个节点可以正常连通后,我们就可以新建一个管理员用户,用于之后的副本集操作。 -在主节点上,打开/etc/mongodb.conf文件,将auth和replSet两项注释掉。 +在主节点上,打开 /etc/mongodb.conf 文件,将 auth 和 replSet 两项注释掉。 dbpath=/var/lib/mongodb logpath=/var/log/mongodb/mongod.log @@ -133,21 +134,30 @@ grep命令的作用的是把将空格等我们不想要的内容过滤掉之后 #auth = true keyFile=/var/lib/mongodb/keyFile #replSet=myReplica + +在一个新安装的 MongoDB 上配置任何用户或副本集之前,你需要注释掉 auth 行。默认情况下,MongoDB 并没有创建任何用户。而如果在你创建用户前启用了 auth,你就不能够做任何事情。你可以在创建一个用户后再次启用 auth。 -重启mongod进程。 +修改 /etc/mongodb.conf 之后,重启 mongod 进程。 $ sudo service mongod restart -连接MongoDB后,新建管理员用户。 +现在连接到 MongoDB master: + + $ mongo :27017 + +连接 MongoDB 后,新建管理员用户。 > use admin > db.createUser({ user:"admin", pwd:" }) + +重启 MongoDB: + $ sudo service mongod restart -连接到MongoDB,用以下命令将secondary1和secondary2节点添加到我们的副本集中。 +再次连接到 MongoDB,用以下命令将 副节点1 和副节点2节点添加到我们的副本集中。 > use admin > db.auth("admin","myreallyhardpassword") @@ -156,7 +166,7 @@ grep命令的作用的是把将空格等我们不想要的内容过滤掉之后 > rs.add("secondary2:27017") -现在副本集到手了,可以开始我们的项目了。参照 [official driver documentation][1] 来了解如何连接到副本集。如果你想要用Shell来请求数据,那么你需要连接到主节点上来插入或者请求数据,副节点不行。如果你执意要尝试用附件点操作,那么以下错误信息就蹦出来招呼你了。 +现在副本集到手了,可以开始我们的项目了。参照 [官方驱动文档][1] 来了解如何连接到副本集。如果你想要用 Shell 来请求数据,那么你需要连接到主节点上来插入或者请求数据,副节点不行。如果你执意要尝试用副本集操作,那么以下错误信息就蹦出来招呼你了。 myReplica:SECONDARY> myReplica:SECONDARY> show databases @@ -166,6 +176,12 @@ grep命令的作用的是把将空格等我们不想要的内容过滤掉之后 at shellHelper.show (src/mongo/shell/utils.js:630:33) at shellHelper (src/mongo/shell/utils.js:524:36) at (shellhelp2):1:1 at src/mongo/shell/mongo.js:47 + +如果你要从 shell 连接到整个副本集,你可以安装如下命令。在副本集中的失败切换是自动的。 + + $ mongo primary,secondary1,secondary2:27017/?replicaSet=myReplica + +如果你使用其它驱动语言(例如,JavaScript、Ruby 等等),格式也许不同。 希望这篇教程能对你有所帮助。你可以使用Vagrant来自动完成你的本地环境配置,并且加速你的代码。 @@ -175,7 +191,7 @@ via: http://xmodulo.com/setup-replica-set-mongodb.html 作者:[Christopher Valerio][a] 译者:[mr-ping](https://github.com/mr-ping) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出 diff --git a/published/20150522 Analyzing Linux Logs.md b/published/201508/20150522 Analyzing Linux Logs.md similarity index 100% rename from published/20150522 Analyzing Linux Logs.md rename to published/201508/20150522 Analyzing Linux Logs.md diff --git a/translated/tech/20150527 Howto Manage Host Using Docker Machine in a VirtualBox.md b/published/201508/20150527 Howto Manage Host Using Docker Machine in a VirtualBox.md similarity index 63% rename from translated/tech/20150527 Howto Manage Host Using Docker Machine in a VirtualBox.md rename to published/201508/20150527 Howto Manage Host Using Docker Machine in a VirtualBox.md index 153035c9f4..f47f79b3b7 100644 --- a/translated/tech/20150527 Howto Manage Host Using Docker Machine in a VirtualBox.md +++ b/published/201508/20150527 Howto Manage Host Using Docker Machine in a VirtualBox.md @@ -1,6 +1,6 @@ 在 VirtualBox 中使用 Docker Machine 管理主机 ================================================================================ -大家好,今天我们学习在 VirtualBox 中使用 Docker Machine 来创建和管理 Docker 主机。Docker Machine 是一个应用,用于在我们的电脑上、在云端、在数据中心创建 Docker 主机,然后用户可以使用 Docker 客户端来配置一些东西。这个 API 为本地主机、或数据中心的虚拟机、或云端的实例提供 Docker 服务。Docker Machine 支持 Windows、OSX 和 Linux,并且是以一个独立的二进制文件包形式安装的。使用(与现有 Docker 工具)相同的接口,我们就可以充分利用已经提供 Docker 基础框架的生态系统。只要一个命令,用户就能快速部署 Docker 容器。 +大家好,今天我们学习在 VirtualBox 中使用 Docker Machine 来创建和管理 Docker 主机。Docker Machine 是一个可以帮助我们在电脑上、在云端、在数据中心内创建 Docker 主机的应用。它为根据用户的配置和需求创建服务器并在其上安装 Docker和客户端提供了一个轻松的解决方案。这个 API 可以用于在本地主机、或数据中心的虚拟机、或云端的实例提供 Docker 服务。Docker Machine 支持 Windows、OSX 和 Linux,并且是以一个独立的二进制文件包形式安装的。仍然使用(与现有 Docker 工具)相同的接口,我们就可以充分利用已经提供 Docker 基础框架的生态系统。只要一个命令,用户就能快速部署 Docker 容器。 本文列出一些简单的步骤用 Docker Machine 来部署 docker 容器。 @@ -8,15 +8,15 @@ Docker Machine 完美支持所有 Linux 操作系统。首先我们需要从 [github][1] 下载最新版本的 Docker Machine,本文使用 curl 作为下载工具,Docker Machine 版本为 0.2.0。 -** 64 位操作系统 ** +**64 位操作系统** # curl -L https://github.com/docker/machine/releases/download/v0.2.0/docker-machine_linux-amd64 > /usr/local/bin/docker-machine -** 32 位操作系统 ** +**32 位操作系统** # curl -L https://github.com/docker/machine/releases/download/v0.2.0/docker-machine_linux-i386 > /usr/local/bin/docker-machine -下载完成后,找到 **/usr/local/bin** 目录下的 **docker-machine** 文件,执行一下: +下载完成后,找到 **/usr/local/bin** 目录下的 **docker-machine** 文件,让其可以执行: # chmod +x /usr/local/bin/docker-machine @@ -28,12 +28,12 @@ Docker Machine 完美支持所有 Linux 操作系统。首先我们需要从 [gi 运行下面的命令,安装 Docker 客户端,以便于在我们自己的电脑止运行 Docker 命令: - # curl -L https://get.docker.com/builds/linux/x86_64/docker-latest > /usr/local/bin/docker - # chmod +x /usr/local/bin/docker + # curl -L https://get.docker.com/builds/linux/x86_64/docker-latest > /usr/local/bin/docker + # chmod +x /usr/local/bin/docker ### 2. 创建 VirtualBox 虚拟机 ### -在 Linux 系统上安装完 Docker Machine 后,接下来我们可以安装 VirtualBox 虚拟机,运行下面的就可以了。--driver virtualbox 选项表示我们要在 VirtualBox 的虚拟机里面部署 docker,最后的参数“linux” 是虚拟机的名称。这个命令会下载 [boot2docker][2] iso,它是个基于 Tiny Core Linux 的轻量级发行版,自带 Docker 程序,然后 docker-machine 命令会创建一个 VirtualBox 虚拟机(LCTT:当然,我们也可以选择其他的虚拟机软件)来运行这个 boot2docker 系统。 +在 Linux 系统上安装完 Docker Machine 后,接下来我们可以安装 VirtualBox 虚拟机,运行下面的就可以了。`--driver virtualbox` 选项表示我们要在 VirtualBox 的虚拟机里面部署 docker,最后的参数“linux” 是虚拟机的名称。这个命令会下载 [boot2docker][2] iso,它是个基于 Tiny Core Linux 的轻量级发行版,自带 Docker 程序,然后 `docker-machine` 命令会创建一个 VirtualBox 虚拟机(LCTT译注:当然,我们也可以选择其他的虚拟机软件)来运行这个 boot2docker 系统。 # docker-machine create --driver virtualbox linux @@ -49,7 +49,7 @@ Docker Machine 完美支持所有 Linux 操作系统。首先我们需要从 [gi ### 3. 设置环境变量 ### -现在我们需要让 docker 与虚拟机通信,运行 docker-machine env <虚拟机名称> 来实现这个目的。 +现在我们需要让 docker 与 docker-machine 通信,运行 `docker-machine env <虚拟机名称>` 来实现这个目的。 # eval "$(docker-machine env linux)" # docker ps @@ -64,7 +64,7 @@ Docker Machine 完美支持所有 Linux 操作系统。首先我们需要从 [gi ### 4. 运行 Docker 容器 ### -完成配置后我们就可以在 VirtualBox 上运行 docker 容器了。测试一下,在虚拟机里执行 **docker run busybox echo hello world** 命令,我们可以看到容器的输出信息。 +完成配置后我们就可以在 VirtualBox 上运行 docker 容器了。测试一下,我们可以运行虚拟机 `docker run busybox` ,并在里面里执行 `echo hello world` 命令,我们可以看到容器的输出信息。 # docker run busybox echo hello world @@ -72,7 +72,7 @@ Docker Machine 完美支持所有 Linux 操作系统。首先我们需要从 [gi ### 5. 拿到 Docker 主机的 IP ### -我们可以执行下面的命令获取 Docker 主机的 IP 地址。 +我们可以执行下面的命令获取运行 Docker 的主机的 IP 地址。我们可以看到在 Docker 主机的 IP 地址上的任何暴露出来的端口。 # docker-machine ip @@ -94,7 +94,9 @@ Docker Machine 完美支持所有 Linux 操作系统。首先我们需要从 [gi ### 总结 ### -最后,我们使用 Docker Machine 成功在 VirtualBox 上创建并管理一台 Docker 主机。Docker Machine 确实能让用户快速地在不同的平台上部署 Docker 主机,就像我们这里部署在 VirtualBox 上一样。这个 --driver virtulbox 驱动可以在本地机器上使用,也可以在数据中心的虚拟机上使用。Docker Machine 驱动除了支持本地的 VirtualBox 之外,还支持远端的 Digital Ocean、AWS、Azure、VMware 以及其他基础设施。如果你有任何疑问,或者建议,请在评论栏中写出来,我们会不断改进我们的内容。谢谢,祝愉快。 +最后,我们使用 Docker Machine 成功在 VirtualBox 上创建并管理一台 Docker 主机。Docker Machine 确实能让用户快速地在不同的平台上部署 Docker 主机,就像我们这里部署在 VirtualBox 上一样。这个 virtualbox 驱动可以在本地机器上使用,也可以在数据中心的虚拟机上使用。Docker Machine 驱动除了支持本地的 VirtualBox 之外,还支持远端的 Digital Ocean、AWS、Azure、VMware 以及其它基础设施。 + +如果你有任何疑问,或者建议,请在评论栏中写出来,我们会不断改进我们的内容。谢谢,祝愉快。 -------------------------------------------------------------------------------- @@ -102,7 +104,7 @@ via: http://linoxide.com/linux-how-to/host-virtualbox-docker-machine/ 作者:[Arun Pyasi][a] 译者:[bazz2](https://github.com/bazz2) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出 diff --git a/published/20150602 Howto Configure OpenVPN Server-Client on Ubuntu 15.04.md b/published/201508/20150602 Howto Configure OpenVPN Server-Client on Ubuntu 15.04.md similarity index 100% rename from published/20150602 Howto Configure OpenVPN Server-Client on Ubuntu 15.04.md rename to published/201508/20150602 Howto Configure OpenVPN Server-Client on Ubuntu 15.04.md diff --git a/published/20150604 Nishita Agarwal Shares Her Interview Experience on Linux 'iptables' Firewall.md b/published/201508/20150604 Nishita Agarwal Shares Her Interview Experience on Linux 'iptables' Firewall.md similarity index 100% rename from published/20150604 Nishita Agarwal Shares Her Interview Experience on Linux 'iptables' Firewall.md rename to published/201508/20150604 Nishita Agarwal Shares Her Interview Experience on Linux 'iptables' Firewall.md diff --git a/published/20150610 Tickr Is An Open-Source RSS News Ticker for Linux Desktops.md b/published/201508/20150610 Tickr Is An Open-Source RSS News Ticker for Linux Desktops.md similarity index 100% rename from published/20150610 Tickr Is An Open-Source RSS News Ticker for Linux Desktops.md rename to published/201508/20150610 Tickr Is An Open-Source RSS News Ticker for Linux Desktops.md diff --git a/published/20150625 How to Provision Swarm Clusters using Docker Machine.md b/published/201508/20150625 How to Provision Swarm Clusters using Docker Machine.md similarity index 100% rename from published/20150625 How to Provision Swarm Clusters using Docker Machine.md rename to published/201508/20150625 How to Provision Swarm Clusters using Docker Machine.md diff --git a/published/20150629 Autojump--An Advanced 'cd' Command to Quickly Navigate Linux Filesystem.md b/published/201508/20150629 Autojump--An Advanced 'cd' Command to Quickly Navigate Linux Filesystem.md similarity index 100% rename from published/20150629 Autojump--An Advanced 'cd' Command to Quickly Navigate Linux Filesystem.md rename to published/201508/20150629 Autojump--An Advanced 'cd' Command to Quickly Navigate Linux Filesystem.md diff --git a/published/20150716 A Week With GNOME As My Linux Desktop--What They Get Right & Wrong - Page 1 - Introduction.md b/published/201508/20150716 A Week With GNOME As My Linux Desktop--What They Get Right & Wrong - Page 1 - Introduction.md similarity index 100% rename from published/20150716 A Week With GNOME As My Linux Desktop--What They Get Right & Wrong - Page 1 - Introduction.md rename to published/201508/20150716 A Week With GNOME As My Linux Desktop--What They Get Right & Wrong - Page 1 - Introduction.md diff --git a/published/20150716 A Week With GNOME As My Linux Desktop--What They Get Right & Wrong - Page 2 - The GNOME Desktop.md b/published/201508/20150716 A Week With GNOME As My Linux Desktop--What They Get Right & Wrong - Page 2 - The GNOME Desktop.md similarity index 100% rename from published/20150716 A Week With GNOME As My Linux Desktop--What They Get Right & Wrong - Page 2 - The GNOME Desktop.md rename to published/201508/20150716 A Week With GNOME As My Linux Desktop--What They Get Right & Wrong - Page 2 - The GNOME Desktop.md diff --git a/published/20150716 A Week With GNOME As My Linux Desktop--What They Get Right & Wrong - Page 3 - GNOME Applications.md b/published/201508/20150716 A Week With GNOME As My Linux Desktop--What They Get Right & Wrong - Page 3 - GNOME Applications.md similarity index 100% rename from published/20150716 A Week With GNOME As My Linux Desktop--What They Get Right & Wrong - Page 3 - GNOME Applications.md rename to published/201508/20150716 A Week With GNOME As My Linux Desktop--What They Get Right & Wrong - Page 3 - GNOME Applications.md diff --git a/published/20150716 A Week With GNOME As My Linux Desktop--What They Get Right & Wrong - Page 4 - GNOME Settings.md b/published/201508/20150716 A Week With GNOME As My Linux Desktop--What They Get Right & Wrong - Page 4 - GNOME Settings.md similarity index 100% rename from published/20150716 A Week With GNOME As My Linux Desktop--What They Get Right & Wrong - Page 4 - GNOME Settings.md rename to published/201508/20150716 A Week With GNOME As My Linux Desktop--What They Get Right & Wrong - Page 4 - GNOME Settings.md diff --git a/published/20150716 A Week With GNOME As My Linux Desktop--What They Get Right & Wrong - Page 5 - Conclusion.md b/published/201508/20150716 A Week With GNOME As My Linux Desktop--What They Get Right & Wrong - Page 5 - Conclusion.md similarity index 100% rename from published/20150716 A Week With GNOME As My Linux Desktop--What They Get Right & Wrong - Page 5 - Conclusion.md rename to published/201508/20150716 A Week With GNOME As My Linux Desktop--What They Get Right & Wrong - Page 5 - Conclusion.md diff --git a/published/20150717 How to Configure Chef (server or client) on Ubuntu 14.04 or 15.04.md b/published/201508/20150717 How to Configure Chef (server or client) on Ubuntu 14.04 or 15.04.md similarity index 100% rename from published/20150717 How to Configure Chef (server or client) on Ubuntu 14.04 or 15.04.md rename to published/201508/20150717 How to Configure Chef (server or client) on Ubuntu 14.04 or 15.04.md diff --git a/published/20150717 How to collect NGINX metrics - Part 2.md b/published/201508/20150717 How to collect NGINX metrics - Part 2.md similarity index 100% rename from published/20150717 How to collect NGINX metrics - Part 2.md rename to published/201508/20150717 How to collect NGINX metrics - Part 2.md diff --git a/published/20150717 How to monitor NGINX with Datadog - Part 3.md b/published/201508/20150717 How to monitor NGINX with Datadog - Part 3.md similarity index 100% rename from published/20150717 How to monitor NGINX with Datadog - Part 3.md rename to published/201508/20150717 How to monitor NGINX with Datadog - Part 3.md diff --git a/published/20150717 How to monitor NGINX- Part 1.md b/published/201508/20150717 How to monitor NGINX- Part 1.md similarity index 100% rename from published/20150717 How to monitor NGINX- Part 1.md rename to published/201508/20150717 How to monitor NGINX- Part 1.md diff --git a/published/20150717 Howto Configure FTP Server with Proftpd on Fedora 22.md b/published/201508/20150717 Howto Configure FTP Server with Proftpd on Fedora 22.md similarity index 100% rename from published/20150717 Howto Configure FTP Server with Proftpd on Fedora 22.md rename to published/201508/20150717 Howto Configure FTP Server with Proftpd on Fedora 22.md diff --git a/translated/tech/20150722 How To Fix 'The Update Information Is Outdated' In Ubuntu 14.04.md b/published/201508/20150722 How To Fix 'The Update Information Is Outdated' In Ubuntu 14.04.md similarity index 91% rename from translated/tech/20150722 How To Fix 'The Update Information Is Outdated' In Ubuntu 14.04.md rename to published/201508/20150722 How To Fix 'The Update Information Is Outdated' In Ubuntu 14.04.md index cebfab93c4..c4a9e43e85 100644 --- a/translated/tech/20150722 How To Fix 'The Update Information Is Outdated' In Ubuntu 14.04.md +++ b/published/201508/20150722 How To Fix 'The Update Information Is Outdated' In Ubuntu 14.04.md @@ -2,7 +2,7 @@ Ubuntu 14.04中修复“update information is outdated”错误 ================================================================================ ![](http://itsfoss.itsfoss.netdna-cdn.com/wp-content/uploads/2015/07/Fix_update_information_is_outdated.jpeg) -看到Ubuntu 14.04的顶部面板上那个显示下面这个错误的红色三角形了吗? +看到过Ubuntu 14.04的顶部面板上那个显示下面这个错误的红色三角形了吗? > 更新信息过时。该错误可能是由网络问题,或者某个仓库不再可用而造成的。请通过从指示器菜单中选择‘显示更新’来手动更新,然后查看是否存在有失败的仓库。 > @@ -25,7 +25,7 @@ Ubuntu 14.04中修复“update information is outdated”错误 ### 修复‘update information is outdated’错误 ### -这里讨论的‘解决方案’可能对Ubuntu的这些版本有用:Ubuntu 14.04,12.04或14.04。你所要做的仅仅是打开终端(Ctrl+Alt+T),然后使用下面的命令: +这里讨论的‘解决方案’可能对Ubuntu的这些版本有用:Ubuntu 14.04,12.04。你所要做的仅仅是打开终端(Ctrl+Alt+T),然后使用下面的命令: sudo apt-get update @@ -47,7 +47,7 @@ via: http://itsfoss.com/fix-update-information-outdated-ubuntu/ 作者:[Abhishek][a] 译者:[GOLinux](https://github.com/GOLinux) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出 @@ -56,4 +56,4 @@ via: http://itsfoss.com/fix-update-information-outdated-ubuntu/ [2]:http://itsfoss.com/notification-terminal-command-completion-ubuntu/ [3]:http://itsfoss.com/solve-gpg-error-signatures-verified-ubuntu/ [4]:http://itsfoss.com/install-spotify-ubuntu-1504/ -[5]:http://itsfoss.com/fix-update-errors-ubuntu-1404/ +[5]:https://linux.cn/article-5603-1.html diff --git a/published/20150722 How To Manage StartUp Applications In Ubuntu.md b/published/201508/20150722 How To Manage StartUp Applications In Ubuntu.md similarity index 100% rename from published/20150722 How To Manage StartUp Applications In Ubuntu.md rename to published/201508/20150722 How To Manage StartUp Applications In Ubuntu.md diff --git a/published/20150727 Easy Backup Restore and Migrate Containers in Docker.md b/published/201508/20150727 Easy Backup Restore and Migrate Containers in Docker.md similarity index 100% rename from published/20150727 Easy Backup Restore and Migrate Containers in Docker.md rename to published/201508/20150727 Easy Backup Restore and Migrate Containers in Docker.md diff --git a/published/20150728 How To Fix--There is no command installed for 7-zip archive files.md b/published/201508/20150728 How To Fix--There is no command installed for 7-zip archive files.md similarity index 100% rename from published/20150728 How To Fix--There is no command installed for 7-zip archive files.md rename to published/201508/20150728 How To Fix--There is no command installed for 7-zip archive files.md diff --git a/published/20150728 How to Update Linux Kernel for Improved System Performance.md b/published/201508/20150728 How to Update Linux Kernel for Improved System Performance.md similarity index 100% rename from published/20150728 How to Update Linux Kernel for Improved System Performance.md rename to published/201508/20150728 How to Update Linux Kernel for Improved System Performance.md diff --git a/published/20150728 Tips to Create ISO from CD, Watch User Activity and Check Memory Usages of Browser.md b/published/201508/20150728 Tips to Create ISO from CD, Watch User Activity and Check Memory Usages of Browser.md similarity index 100% rename from published/20150728 Tips to Create ISO from CD, Watch User Activity and Check Memory Usages of Browser.md rename to published/201508/20150728 Tips to Create ISO from CD, Watch User Activity and Check Memory Usages of Browser.md diff --git a/published/20150728 Understanding Shell Commands Easily Using 'Explain Shell' Script in Linux.md b/published/201508/20150728 Understanding Shell Commands Easily Using 'Explain Shell' Script in Linux.md similarity index 100% rename from published/20150728 Understanding Shell Commands Easily Using 'Explain Shell' Script in Linux.md rename to published/201508/20150728 Understanding Shell Commands Easily Using 'Explain Shell' Script in Linux.md diff --git a/published/20150729 What is Logical Volume Management and How Do You Enable It in Ubuntu.md b/published/201508/20150729 What is Logical Volume Management and How Do You Enable It in Ubuntu.md similarity index 100% rename from published/20150729 What is Logical Volume Management and How Do You Enable It in Ubuntu.md rename to published/201508/20150729 What is Logical Volume Management and How Do You Enable It in Ubuntu.md diff --git a/published/20150730 Compare PDF Files on Ubuntu.md b/published/201508/20150730 Compare PDF Files on Ubuntu.md similarity index 100% rename from published/20150730 Compare PDF Files on Ubuntu.md rename to published/201508/20150730 Compare PDF Files on Ubuntu.md diff --git a/published/20150730 Must-Know Linux Commands For New Users.md b/published/201508/20150730 Must-Know Linux Commands For New Users.md similarity index 100% rename from published/20150730 Must-Know Linux Commands For New Users.md rename to published/201508/20150730 Must-Know Linux Commands For New Users.md diff --git a/published/20150803 Handy commands for profiling your Unix file systems.md b/published/201508/20150803 Handy commands for profiling your Unix file systems.md similarity index 100% rename from published/20150803 Handy commands for profiling your Unix file systems.md rename to published/201508/20150803 Handy commands for profiling your Unix file systems.md diff --git a/published/20150803 Linux Logging Basics.md b/published/201508/20150803 Linux Logging Basics.md similarity index 100% rename from published/20150803 Linux Logging Basics.md rename to published/201508/20150803 Linux Logging Basics.md diff --git a/translated/tech/20150803 Troubleshooting with Linux Logs.md b/published/201508/20150803 Troubleshooting with Linux Logs.md similarity index 61% rename from translated/tech/20150803 Troubleshooting with Linux Logs.md rename to published/201508/20150803 Troubleshooting with Linux Logs.md index 5950a69d98..ca117d8af3 100644 --- a/translated/tech/20150803 Troubleshooting with Linux Logs.md +++ b/published/201508/20150803 Troubleshooting with Linux Logs.md @@ -1,10 +1,11 @@ 在 Linux 中使用日志来排错 ================================================================================ -人们创建日志的主要原因是排错。通常你会诊断为什么问题发生在你的 Linux 系统或应用程序中。错误信息或一些列事件可以给你提供造成根本原因的线索,说明问题是如何发生的,并指出如何解决它。这里有几个使用日志来解决的样例。 + +人们创建日志的主要原因是排错。通常你会诊断为什么问题发生在你的 Linux 系统或应用程序中。错误信息或一系列的事件可以给你提供找出根本原因的线索,说明问题是如何发生的,并指出如何解决它。这里有几个使用日志来解决的样例。 ### 登录失败原因 ### -如果你想检查你的系统是否安全,你可以在验证日志中检查登录失败的和登录成功但可疑的用户。当有人通过不正当或无效的凭据来登录时会出现认证失败,经常使用 SSH 进行远程登录或 su 到本地其他用户来进行访问权。这些是由[插入式验证模块][1]来记录,或 PAM 进行短期记录。在你的日志中会看到像 Failed 这样的字符串密码和未知的用户。成功认证记录包括像 Accepted 这样的字符串密码并打开会话。 +如果你想检查你的系统是否安全,你可以在验证日志中检查登录失败的和登录成功但可疑的用户。当有人通过不正当或无效的凭据来登录时会出现认证失败,这通常发生在使用 SSH 进行远程登录或 su 到本地其他用户来进行访问权时。这些是由[插入式验证模块(PAM)][1]来记录的。在你的日志中会看到像 Failed password 和 user unknown 这样的字符串。而成功认证记录则会包括像 Accepted password 和 session opened 这样的字符串。 失败的例子: @@ -30,22 +31,21 @@ 由于没有标准格式,所以你需要为每个应用程序的日志使用不同的命令。日志管理系统,可以自动分析日志,将它们有效的归类,帮助你提取关键字,如用户名。 -日志管理系统可以使用自动解析功能从 Linux 日志中提取用户名。这使你可以看到用户的信息,并能单个的筛选。在这个例子中,我们可以看到,root 用户登录了 2700 次,因为我们筛选的日志显示尝试登录的只有 root 用户。 +日志管理系统可以使用自动解析功能从 Linux 日志中提取用户名。这使你可以看到用户的信息,并能通过点击过滤。在下面这个例子中,我们可以看到,root 用户登录了 2700 次之多,因为我们筛选的日志仅显示 root 用户的尝试登录记录。 ![](http://www.loggly.com/ultimate-guide/wp-content/uploads/2015/05/Screen-Shot-2015-03-12-at-11.05.36-AM.png) -日志管理系统也让你以时间为做坐标轴的图标来查看使你更容易发现异常。如果有人在几分钟内登录失败一次或两次,它可能是一个真正的用户而忘记了密码。但是,如果有几百个失败的登录并且使用的都是不同的用户名,它更可能是在试图攻击系统。在这里,你可以看到在3月12日,有人试图登录 Nagios 几百次。这显然​​不是一个合法的系统用户。 +日志管理系统也可以让你以时间为做坐标轴的图表来查看,使你更容易发现异常。如果有人在几分钟内登录失败一次或两次,它可能是一个真正的用户而忘记了密码。但是,如果有几百个失败的登录并且使用的都是不同的用户名,它更可能是在试图攻击系统。在这里,你可以看到在3月12日,有人试图登录 Nagios 几百次。这显然​​不是一个合法的系统用户。 ![](http://www.loggly.com/ultimate-guide/wp-content/uploads/2015/05/Screen-Shot-2015-03-12-at-11.12.18-AM.png) ### 重启的原因 ### - 有时候,一台服务器由于系统崩溃或重启而宕机。你怎么知道它何时发生,是谁做的? #### 关机命令 #### -如果有人手动运行 shutdown 命令,你可以看到它的身份在验证日志文件中。在这里,你可以看到,有人从 IP 50.0.134.125 上作为 ubuntu 的用户远程登录了,然后关闭了系统。 +如果有人手动运行 shutdown 命令,你可以在验证日志文件中看到它。在这里,你可以看到,有人从 IP 50.0.134.125 上作为 ubuntu 的用户远程登录了,然后关闭了系统。 Mar 19 18:36:41 ip-172-31-11-231 sshd[23437]: Accepted publickey for ubuntu from 50.0.134.125 port 52538 ssh Mar 19 18:36:41 ip-172-31-11-231 23437]:sshd[ pam_unix(sshd:session): session opened for user ubuntu by (uid=0) @@ -53,7 +53,7 @@ #### 内核初始化 #### -如果你想看看服务器重新启动的所有原因(包括崩溃),你可以从内核初始化日志中寻找。你需要搜索内核设施和初始化 cpu 的信息。 +如果你想看看服务器重新启动的所有原因(包括崩溃),你可以从内核初始化日志中寻找。你需要搜索内核类(kernel)和 cpu 初始化(Initializing)的信息。 Mar 19 18:39:30 ip-172-31-11-231 kernel: [ 0.000000] Initializing cgroup subsys cpuset Mar 19 18:39:30 ip-172-31-11-231 kernel: [ 0.000000] Initializing cgroup subsys cpu @@ -61,9 +61,9 @@ ### 检测内存问题 ### -有很多原因可能导致服务器崩溃,但一个普遍的原因是内存用尽。 +有很多原因可能导致服务器崩溃,但一个常见的原因是内存用尽。 -当你系统的内存不足时,进程会被杀死,通常会杀死使用最多资源的进程。当系统正在使用的内存发生错误并且有新的或现有的进程试图使用更多的内存。在你的日志文件查找像 Out of Memory 这样的字符串,内核也会发出杀死进程的警告。这些信息表明系统故意杀死进程或应用程序,而不是允许进程崩溃。 +当你系统的内存不足时,进程会被杀死,通常会杀死使用最多资源的进程。当系统使用了所有内存,而新的或现有的进程试图使用更多的内存时就会出现错误。在你的日志文件查找像 Out of Memory 这样的字符串或类似 kill 这样的内核警告信息。这些信息表明系统故意杀死进程或应用程序,而不是允许进程崩溃。 例如: @@ -75,20 +75,20 @@ $ grep “Out of memory” /var/log/syslog [33238.178288] Out of memory: Kill process 6230 (firefox) score 53 or sacrifice child -请记住,grep 也要使用内存,所以导致内存不足的错误可能只是运行的 grep。这是另一个分析日志的独特方法! +请记住,grep 也要使用内存,所以只是运行 grep 也可能导致内存不足的错误。这是另一个你应该中央化存储日志的原因! ### 定时任务错误日志 ### -cron 守护程序是一个调度器只在指定的日期和时间运行进程。如果进程运行失败或无法完成,那么 cron 的错误出现在你的日志文件中。你可以找到这些文件在 /var/log/cron,/var/log/messages,和 /var/log/syslog 中,具体取决于你的发行版。cron 任务失败原因有很多。通常情况下,问题出在进程中而不是 cron 守护进程本身。 +cron 守护程序是一个调度器,可以在指定的日期和时间运行进程。如果进程运行失败或无法完成,那么 cron 的错误出现在你的日志文件中。具体取决于你的发行版,你可以在 /var/log/cron,/var/log/messages,和 /var/log/syslog 几个位置找到这个日志。cron 任务失败原因有很多。通常情况下,问题出在进程中而不是 cron 守护进程本身。 -默认情况下,cron 作业会通过电子邮件发送信息。这里是一个日志中记录的发送电子邮件的内容。不幸的是,你不能看到邮件的内容在这里。 +默认情况下,cron 任务的输出会通过 postfix 发送电子邮件。这是一个显示了该邮件已经发送的日志。不幸的是,你不能在这里看到邮件的内容。 Mar 13 16:35:01 PSQ110 postfix/pickup[15158]: C3EDC5800B4: uid=1001 from= Mar 13 16:35:01 PSQ110 postfix/cleanup[15727]: C3EDC5800B4: message-id=<20150310110501.C3EDC5800B4@PSQ110> Mar 13 16:35:01 PSQ110 postfix/qmgr[15159]: C3EDC5800B4: from=, size=607, nrcpt=1 (queue active) Mar 13 16:35:05 PSQ110 postfix/smtp[15729]: C3EDC5800B4: to=, relay=gmail-smtp-in.l.google.com[74.125.130.26]:25, delay=4.1, delays=0.26/0/2.2/1.7, dsn=2.0.0, status=sent (250 2.0.0 OK 1425985505 f16si501651pdj.5 - gsmtp) -你应该想想 cron 在日志中的标准输出以帮助你定位问题。这里展示你可以使用 logger 命令重定向 cron 标准输出到 syslog。用你的脚本来代替 echo 命令,helloCron 可以设置为任何你想要的应用程序的名字。 +你可以考虑将 cron 的标准输出记录到日志中,以帮助你定位问题。这是一个你怎样使用 logger 命令重定向 cron 标准输出到 syslog的例子。用你的脚本来代替 echo 命令,helloCron 可以设置为任何你想要的应用程序的名字。 */5 * * * * echo ‘Hello World’ 2>&1 | /usr/bin/logger -t helloCron @@ -97,7 +97,9 @@ cron 守护程序是一个调度器只在指定的日期和时间运行进程。 Apr 28 22:20:01 ip-172-31-11-231 CRON[15296]: (ubuntu) CMD (echo 'Hello World!' 2>&1 | /usr/bin/logger -t helloCron) Apr 28 22:20:01 ip-172-31-11-231 helloCron: Hello World! -每个 cron 作业将根据作业的具体类型以及如何输出数据来记录不同的日志。希望在日志中有问题根源的线索,也可以根据需要添加额外的日志记录。 +每个 cron 任务将根据任务的具体类型以及如何输出数据来记录不同的日志。 + +希望在日志中有问题根源的线索,也可以根据需要添加额外的日志记录。 -------------------------------------------------------------------------------- @@ -107,7 +109,7 @@ via: http://www.loggly.com/ultimate-guide/logging/troubleshooting-with-linux-log 作者:[Amy Echeverri][a2] 作者:[Sadequl Hussain][a3] 译者:[strugglingyouth](https://github.com/strugglingyouth) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出 diff --git a/published/20150806 5 Reasons Why Software Developer is a Great Career Choice.md b/published/201508/20150806 5 Reasons Why Software Developer is a Great Career Choice.md similarity index 100% rename from published/20150806 5 Reasons Why Software Developer is a Great Career Choice.md rename to published/201508/20150806 5 Reasons Why Software Developer is a Great Career Choice.md diff --git a/published/20150806 Linux FAQs with Answers--How to fix 'ImportError--No module named wxversion' on Linux.md b/published/201508/20150806 Linux FAQs with Answers--How to fix 'ImportError--No module named wxversion' on Linux.md similarity index 100% rename from published/20150806 Linux FAQs with Answers--How to fix 'ImportError--No module named wxversion' on Linux.md rename to published/201508/20150806 Linux FAQs with Answers--How to fix 'ImportError--No module named wxversion' on Linux.md diff --git a/published/20150806 Linux FAQs with Answers--How to install git on Linux.md b/published/201508/20150806 Linux FAQs with Answers--How to install git on Linux.md similarity index 100% rename from published/20150806 Linux FAQs with Answers--How to install git on Linux.md rename to published/201508/20150806 Linux FAQs with Answers--How to install git on Linux.md diff --git a/published/20150807 How To--Temporarily Clear Bash Environment Variables on a Linux and Unix-like System.md b/published/201508/20150807 How To--Temporarily Clear Bash Environment Variables on a Linux and Unix-like System.md similarity index 100% rename from published/20150807 How To--Temporarily Clear Bash Environment Variables on a Linux and Unix-like System.md rename to published/201508/20150807 How To--Temporarily Clear Bash Environment Variables on a Linux and Unix-like System.md diff --git a/published/20150810 For Linux, Supercomputers R Us.md b/published/201508/20150810 For Linux, Supercomputers R Us.md similarity index 100% rename from published/20150810 For Linux, Supercomputers R Us.md rename to published/201508/20150810 For Linux, Supercomputers R Us.md diff --git a/published/20150811 Darkstat is a Web Based Network Traffic Analyzer--Install it on Linux.md b/published/201508/20150811 Darkstat is a Web Based Network Traffic Analyzer--Install it on Linux.md similarity index 100% rename from published/20150811 Darkstat is a Web Based Network Traffic Analyzer--Install it on Linux.md rename to published/201508/20150811 Darkstat is a Web Based Network Traffic Analyzer--Install it on Linux.md diff --git a/published/20150811 How to download apk files from Google Play Store on Linux.md b/published/201508/20150811 How to download apk files from Google Play Store on Linux.md similarity index 100% rename from published/20150811 How to download apk files from Google Play Store on Linux.md rename to published/201508/20150811 How to download apk files from Google Play Store on Linux.md diff --git a/translated/tech/20150813 How to Install Logwatch on Ubuntu 15.04.md b/published/201508/20150813 How to Install Logwatch on Ubuntu 15.04.md similarity index 77% rename from translated/tech/20150813 How to Install Logwatch on Ubuntu 15.04.md rename to published/201508/20150813 How to Install Logwatch on Ubuntu 15.04.md index 8bb0836755..4ea05688cd 100644 --- a/translated/tech/20150813 How to Install Logwatch on Ubuntu 15.04.md +++ b/published/201508/20150813 How to Install Logwatch on Ubuntu 15.04.md @@ -1,6 +1,7 @@ -Ubuntu 15.04 and系统中安装 Logwatch +如何在 Ubuntu 15.04 系统中安装 Logwatch ================================================================================ -大家好,今天我们会讲述在 Ubuntu 15.04 操作系统上如何安装 Logwatch 软件,它也可以在任意的 Linux 系统和类 Unix 系统上安装。Logwatch 是一款可定制的日志分析和日志监控报告生成系统,它可以根据一段时间的日志文件生成您所希望关注的详细报告。它具有易安装、易配置、可审查等特性,同时对其提供的数据的安全性上也有一些保障措施。Logwatch 会扫描重要的操作系统组件像 SSH、网站服务等的日志文件,然后生成用户所关心的有价值的条目汇总报告。 + +大家好,今天我们会讲述在 Ubuntu 15.04 操作系统上如何安装 Logwatch 软件,它也可以在各种 Linux 系统和类 Unix 系统上安装。Logwatch 是一款可定制的日志分析和日志监控报告生成系统,它可以根据一段时间的日志文件生成您所希望关注的详细报告。它具有易安装、易配置、可审查等特性,同时对其提供的数据的安全性上也有一些保障措施。Logwatch 会扫描重要的操作系统组件像 SSH、网站服务等的日志文件,然后生成用户所关心的有价值的条目汇总报告。 ### 预安装设置 ### @@ -16,13 +17,13 @@ Ubuntu 15.04 and系统中安装 Logwatch root@ubuntu-15:~# apt-get install logwatch -在安装过程中,一旦您按提示按下“Y”健同意对系统修改的话,Logwatch 将会开始安装一些额外的必须软件包。 +在安装过程中,一旦您按提示按下“Y”键同意对系统修改的话,Logwatch 将会开始安装一些额外的必须软件包。 -在安装过程中会根据您机器上的邮件服务器设置情况弹出提示对 Postfix 设置的配置界面。在这篇教程中我们使用最容易的 “仅本地” 选项。根据您的基础设施情况也可以选择其它的可选项,然后点击“确定”继续。 +在安装过程中会根据您机器上的邮件服务器设置情况弹出提示对 Postfix 设置的配置界面。在这篇教程中我们使用最容易的 “仅本地(Local only)” 选项。根据您的基础设施情况也可以选择其它的可选项,然后点击“确定”继续。 ![Potfix Configurations](http://blog.linoxide.com/wp-content/uploads/2015/08/21.png) -随后您得选择邮件服务器名,这邮件服务器名也会被其它程序使用,所以它应该是一个完全合格域名/全称域名(FQDN),且只一个。 +随后您得选择邮件服务器名,这邮件服务器名也会被其它程序使用,所以它应该是一个完全合格域名/全称域名(FQDN)。 ![Postfix Setup](http://blog.linoxide.com/wp-content/uploads/2015/08/31.png) @@ -70,11 +71,11 @@ Ubuntu 15.04 and系统中安装 Logwatch # complete email address. MailFrom = Logwatch -对这个配置文件保存修改,至于其它的参数就让它是默认的,无需改动。 +对这个配置文件保存修改,至于其它的参数就让它保持默认,无需改动。 **调度任务配置** -现在编辑在日常 crons 目录下的 “00logwatch” 文件来配置从 logwatch 生成的报告需要发送的邮件地址。 +现在编辑在 “daily crons” 目录下的 “00logwatch” 文件来配置从 logwatch 生成的报告需要发送的邮件地址。 root@ubuntu-15:~# vim /etc/cron.daily/00logwatch @@ -88,25 +89,25 @@ Ubuntu 15.04 and系统中安装 Logwatch root@ubuntu-15:~#logwatch -生成的报告开始部分显示的是执行的时间和日期。它包含不同的部分,每个部分以开始标识开始而以结束标识结束,中间显示的标识部分提到的完整日志信息。 +生成的报告开始部分显示的是执行的时间和日期。它包含不同的部分,每个部分以开始标识开始而以结束标识结束,中间显示的是该部分的完整信息。 -这儿演示的是开始标识头的样子,要显示系统上所有安装包的信息,如下所示: +这儿显示的是开始的样子,它以显示系统上所有安装的软件包的部分开始,如下所示: ![dpkg status](http://blog.linoxide.com/wp-content/uploads/2015/08/81.png) -接下来的部分显示的日志信息是关于当前系统登陆会话、rsyslogs 和当前及最后可用的会话 SSH 连接信息。 +接下来的部分显示的日志信息是关于当前系统登录会话、rsyslogs 和当前及最近的 SSH 会话信息。 ![logwatch report](http://blog.linoxide.com/wp-content/uploads/2015/08/9.png) -Logwatch 报告最后显示的是安全 sudo 日志及root目录磁盘使用情况,如下示: +Logwatch 报告最后显示的是安全方面的 sudo 日志及根目录磁盘使用情况,如下示: ![Logwatch end report](http://blog.linoxide.com/wp-content/uploads/2015/08/10.png) -您也可以打开如下的文件来检查生成的 logwatch 报告电子邮件。 +您也可以打开如下的文件来查看生成的 logwatch 报告电子邮件。 root@ubuntu-15:~# vim /var/mail/root -您会看到所有已生成的邮件到其配置用户的信息传送状态。 +您会看到发送给你配置的用户的所有已生成的邮件及其邮件递交状态。 ### 更多详情 ### @@ -130,7 +131,7 @@ via: http://linoxide.com/ubuntu-how-to/install-use-logwatch-ubuntu-15-04/ 作者:[Kashif Siddique][a] 译者:[runningwater](https://github.com/runningwater) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出 diff --git a/published/20150813 How to get Public IP from Linux Terminal.md b/published/201508/20150813 How to get Public IP from Linux Terminal.md similarity index 100% rename from published/20150813 How to get Public IP from Linux Terminal.md rename to published/201508/20150813 How to get Public IP from Linux Terminal.md diff --git a/published/20150813 Ubuntu Want To Make It Easier For You To Install The Latest Nvidia Linux Driver.md b/published/201508/20150813 Ubuntu Want To Make It Easier For You To Install The Latest Nvidia Linux Driver.md similarity index 100% rename from published/20150813 Ubuntu Want To Make It Easier For You To Install The Latest Nvidia Linux Driver.md rename to published/201508/20150813 Ubuntu Want To Make It Easier For You To Install The Latest Nvidia Linux Driver.md diff --git a/published/20150816 Ubuntu NVIDIA Graphics Drivers PPA Is Ready For Action.md b/published/201508/20150816 Ubuntu NVIDIA Graphics Drivers PPA Is Ready For Action.md similarity index 100% rename from published/20150816 Ubuntu NVIDIA Graphics Drivers PPA Is Ready For Action.md rename to published/201508/20150816 Ubuntu NVIDIA Graphics Drivers PPA Is Ready For Action.md diff --git a/published/20150816 shellinabox--A Web based AJAX Terminal Emulator.md b/published/201508/20150816 shellinabox--A Web based AJAX Terminal Emulator.md similarity index 100% rename from published/20150816 shellinabox--A Web based AJAX Terminal Emulator.md rename to published/201508/20150816 shellinabox--A Web based AJAX Terminal Emulator.md diff --git a/published/20150817 Top 5 Torrent Clients For Ubuntu Linux.md b/published/201508/20150817 Top 5 Torrent Clients For Ubuntu Linux.md similarity index 100% rename from published/20150817 Top 5 Torrent Clients For Ubuntu Linux.md rename to published/201508/20150817 Top 5 Torrent Clients For Ubuntu Linux.md diff --git a/published/20150818 How to monitor stock quotes from the command line on Linux.md b/published/201508/20150818 How to monitor stock quotes from the command line on Linux.md similarity index 100% rename from published/20150818 How to monitor stock quotes from the command line on Linux.md rename to published/201508/20150818 How to monitor stock quotes from the command line on Linux.md diff --git a/published/20150818 Linux Without Limits--IBM Launch LinuxONE Mainframes.md b/published/201508/20150818 Linux Without Limits--IBM Launch LinuxONE Mainframes.md similarity index 100% rename from published/20150818 Linux Without Limits--IBM Launch LinuxONE Mainframes.md rename to published/201508/20150818 Linux Without Limits--IBM Launch LinuxONE Mainframes.md diff --git a/published/20150818 ​Ubuntu Linux is coming to IBM mainframes.md b/published/201508/20150818 ​Ubuntu Linux is coming to IBM mainframes.md similarity index 100% rename from published/20150818 ​Ubuntu Linux is coming to IBM mainframes.md rename to published/201508/20150818 ​Ubuntu Linux is coming to IBM mainframes.md diff --git a/translated/tech/20150821 How to Install Visual Studio Code in Linux.md b/published/201508/20150821 How to Install Visual Studio Code in Linux.md similarity index 70% rename from translated/tech/20150821 How to Install Visual Studio Code in Linux.md rename to published/201508/20150821 How to Install Visual Studio Code in Linux.md index 48f68ade0b..9694b23d4f 100644 --- a/translated/tech/20150821 How to Install Visual Studio Code in Linux.md +++ b/published/201508/20150821 How to Install Visual Studio Code in Linux.md @@ -1,8 +1,8 @@ 如何在 Linux 中安装 Visual Studio Code ================================================================================ -大家好,今天我们一起来学习如何在 Linux 发行版中安装 Visual Studio Code。Visual Studio Code 是基于 Electron 优化代码后的编辑器,后者是基于 Chromium 的一款软件,用于为桌面系统发布 io.js 应用。Visual Studio Code 是微软开发的包括 Linux 在内的全平台代码编辑器和文本编辑器。它是免费软件但不开源,在专有软件许可条款下发布。它是我们日常使用的超级强大和快速的代码编辑器。Visual Studio Code 有很多很酷的功能,例如导航、智能感知支持、语法高亮、括号匹配、自动补全、片段、支持自定义键盘绑定、并且支持多种语言,例如 Python、C++、Jade、PHP、XML、Batch、F#、DockerFile、Coffee Script、Java、HandleBars、 R、 Objective-C、 PowerShell、 Luna、 Visual Basic、 .Net、 Asp.Net、 C#、 JSON、 Node.js、 Javascript、 HTML、 CSS、 Less、 Sass 和 Markdown。Visual Studio Code 集成了包管理器和库,并构建通用任务使得加速每日的工作流。Visual Studio Code 中最受欢迎的是它的调试功能,它包括流式支持 Node.js 的预览调试。 +大家好,今天我们一起来学习如何在 Linux 发行版中安装 Visual Studio Code。Visual Studio Code 是基于 Electron 优化代码后的编辑器,后者是基于 Chromium 的一款软件,用于为桌面系统发布 io.js 应用。Visual Studio Code 是微软开发的支持包括 Linux 在内的全平台代码编辑器和文本编辑器。它是免费软件但不开源,在专有软件许可条款下发布。它是可以用于我们日常使用的超级强大和快速的代码编辑器。Visual Studio Code 有很多很酷的功能,例如导航、智能感知支持、语法高亮、括号匹配、自动补全、代码片段、支持自定义键盘绑定、并且支持多种语言,例如 Python、C++、Jade、PHP、XML、Batch、F#、DockerFile、Coffee Script、Java、HandleBars、 R、 Objective-C、 PowerShell、 Luna、 Visual Basic、 .Net、 Asp.Net、 C#、 JSON、 Node.js、 Javascript、 HTML、 CSS、 Less、 Sass 和 Markdown。Visual Studio Code 集成了包管理器、库、构建,以及其它通用任务,以加速日常的工作流。Visual Studio Code 中最受欢迎的是它的调试功能,它包括流式支持 Node.js 的预览调试。 -注意:请注意 Visual Studio Code 只支持 64 位 Linux 发行版。 +注意:请注意 Visual Studio Code 只支持 64 位的 Linux 发行版。 下面是在所有 Linux 发行版中安装 Visual Studio Code 的几个简单步骤。 @@ -32,12 +32,12 @@ ### 3. 运行 Visual Studio Code ### -提取软件包之后,我们可以直接运行一个名为 Code 的文件启动 Visual Studio Code。 +展开软件包之后,我们可以直接运行一个名为 Code 的文件启动 Visual Studio Code。 # sudo chmod +x /opt/VSCode-linux-x64/Code # sudo /opt/VSCode-linux-x64/Code -如果我们想启动 Code 并通过终端能在任何地方打开,我们就需要创建 /opt/vscode/Code 的一个链接 /usr/local/bin/code。 +如果我们想通过终端在任何地方启动 Code,我们就需要创建 /opt/vscode/Code 的一个链接 /usr/local/bin/code。 # ln -s /opt/VSCode-linux-x64/Code /usr/local/bin/code @@ -47,11 +47,11 @@ ### 4. 创建桌面启动 ### -下一步,成功抽取 Visual Studio Code 软件包之后,我们打算创建桌面启动程序,使得根据不同桌面环境能够从启动器、菜单、桌面启动它。首先我们要复制一个图标文件到 /usr/share/icons/ 目录。 +下一步,成功展开 Visual Studio Code 软件包之后,我们打算创建桌面启动程序,使得根据不同桌面环境能够从启动器、菜单、桌面启动它。首先我们要复制一个图标文件到 /usr/share/icons/ 目录。 # cp /opt/VSCode-linux-x64/resources/app/vso.png /usr/share/icons/ -然后,我们创建一个桌面启动程序,文件扩展名为 .desktop。这里我们在 /tmp/VSCODE/ 目录中使用喜欢的文本编辑器创建名为 visualstudiocode.desktop 的文件。 +然后,我们创建一个桌面启动程序,文件扩展名为 .desktop。这里我们使用喜欢的文本编辑器在 /tmp/VSCODE/ 目录中创建名为 visualstudiocode.desktop 的文件。 # vi /tmp/vscode/visualstudiocode.desktop @@ -99,17 +99,19 @@ # apt-get update # apt-get install ubuntu-make -在我们的 ubuntu 操作系统上安装完 Ubuntu Make 之后,我们打算在一个终端中运行以下命令安装 Code。 +在我们的 ubuntu 操作系统上安装完 Ubuntu Make 之后,我们可以在一个终端中运行以下命令来安装 Code。 # umake web visual-studio-code ![Umake Web Code](http://blog.linoxide.com/wp-content/uploads/2015/06/umake-web-code.png) -运行完上面的命令之后,会要求我们输入想要的安装路径。然后,会请求我们允许在 ubuntu 系统中安装 Visual Studio Code。我们敲击 “a”。点击完后,它会在 ubuntu 机器上下载和安装 Code。最后,我们可以在启动器或者菜单中启动它。 +运行完上面的命令之后,会要求我们输入想要的安装路径。然后,会请求我们允许在 ubuntu 系统中安装 Visual Studio Code。我们输入“a”(接受)。输入完后,它会在 ubuntu 机器上下载和安装 Code。最后,我们可以在启动器或者菜单中启动它。 ### 总结 ### -我们已经成功地在 Linux 发行版上安装了 Visual Studio Code。在所有 linux 发行版上安装 Visual Studio Code 都和上面介绍的相似,我们同样可以使用 umake 在 linux 发行版中安装。Umake 是一个安装开发工具,IDEs 和语言流行的工具。我们可以用 Umake 轻松地安装 Android Studios、Eclipse 和很多其它流行 IDE。Visual Studio Code 是基于 Github 上一个叫 [Electron][2] 的项目,它是 [Atom.io][3] 编辑器的一部分。它有很多 Atom.io 编辑器没有的改进功能。当前 Visual Studio Code 只支持 64 位 linux 操作系统平台。如果你有任何疑问、建议或者反馈,请在下面的评论框中留言以便我们改进和更新我们的内容。非常感谢!Enjoy :-) +我们已经成功地在 Linux 发行版上安装了 Visual Studio Code。在所有 linux 发行版上安装 Visual Studio Code 都和上面介绍的相似,我们也可以使用 umake 在 Ubuntu 发行版中安装。Umake 是一个安装开发工具,IDEs 和语言的流行工具。我们可以用 Umake 轻松地安装 Android Studios、Eclipse 和很多其它流行 IDE。Visual Studio Code 是基于 Github 上一个叫 [Electron][2] 的项目,它是 [Atom.io][3] 编辑器的一部分。它有很多 Atom.io 编辑器没有的改进功能。当前 Visual Studio Code 只支持 64 位 linux 操作系统平台。 + +如果你有任何疑问、建议或者反馈,请在下面的评论框中留言以便我们改进和更新我们的内容。非常感谢!Enjoy :-) -------------------------------------------------------------------------------- @@ -117,7 +119,7 @@ via: http://linoxide.com/linux-how-to/install-visual-studio-code-linux/ 作者:[Arun Pyasi][a] 译者:[ictlyh](https://github.com/ictlyh) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出 diff --git a/published/20150821 Linux FAQs with Answers--How to check MariaDB server version.md b/published/201508/20150821 Linux FAQs with Answers--How to check MariaDB server version.md similarity index 100% rename from published/20150821 Linux FAQs with Answers--How to check MariaDB server version.md rename to published/201508/20150821 Linux FAQs with Answers--How to check MariaDB server version.md diff --git a/published/20150826 How to Run Kali Linux 2.0 In Docker Container.md b/published/201508/20150826 How to Run Kali Linux 2.0 In Docker Container.md similarity index 100% rename from published/20150826 How to Run Kali Linux 2.0 In Docker Container.md rename to published/201508/20150826 How to Run Kali Linux 2.0 In Docker Container.md diff --git a/published/201508/20150827 How to Convert From RPM to DEB and DEB to RPM Package Using Alien.md b/published/201508/20150827 How to Convert From RPM to DEB and DEB to RPM Package Using Alien.md new file mode 100644 index 0000000000..366a3c1e98 --- /dev/null +++ b/published/201508/20150827 How to Convert From RPM to DEB and DEB to RPM Package Using Alien.md @@ -0,0 +1,160 @@ +Alien 魔法:RPM 和 DEB 互转 +================================================================================ + +正如我确信,你们一定知道Linux下的多种软件安装方式:使用发行版所提供的包管理系统([aptitude,yum,或者zypper][1],还可以举很多例子),从源码编译(尽管现在很少用了,但在Linux发展早期却是唯一可用的方法),或者使用各自的低级工具dpkg用于.deb,以及rpm用于.rpm,预编译包,如此这般。 + +![Convert RPM to DEB and DEB to RPM](http://www.tecmint.com/wp-content/uploads/2015/08/Convert-RPM-to-DEB-and-DEB-to-RPM.png) + +*使用Alien将RPM转换成DEB以及将DEB转换成RPM* + +在本文中,我们将为你介绍alien,一个用于在各种不同的Linux包格式相互转换的工具,其最常见的用法是将.rpm转换成.deb(或者反过来)。 + +如果你需要某个特定类型的包,而你只能找到其它格式的包的时候,该工具迟早能派得上用场——即使是其作者不再维护,并且在其网站声明:alien将可能永远维持在实验状态。 + +例如,有一次,我正查找一个用于喷墨打印机的.deb驱动,但是却没有找到——生产厂家只提供.rpm包,这时候alien拯救了我。我安装了alien,将包进行转换,不久之后我就可以使用我的打印机了,没有任何问题。 + +即便如此,我们也必须澄清一下,这个工具不应当用来转换重要的系统文件和库,因为它们在不同的发行版中有不同的配置。只有在前面说的那种情况下所建议的安装方法根本不适合时,alien才能作为最后手段使用。 + +最后一项要点是,我们必须注意,虽然我们在本文中使用CentOS和Debian,除了前两个发行版及其各自的家族体系外,据我们所知,alien可以工作在Slackware中,甚至Solaris中。 + +### 步骤1:安装Alien及其依赖包 ### + +要安装alien到CentOS/RHEL 7中,你需要启用EPEL和Nux Dextop(是的,是Dextop——不是Desktop)仓库,顺序如下: + + # yum install epel-release + +启用Nux Dextop仓库的包的当前最新版本是0.5(2015年8月10日发布),在安装之前你可以查看[http://li.nux.ro/download/nux/dextop/el7/x86_64/][2]上是否有更新的版本。 + + # rpm --import http://li.nux.ro/download/nux/RPM-GPG-KEY-nux.ro + # rpm -Uvh http://li.nux.ro/download/nux/dextop/el7/x86_64/nux-dextop-release-0-5.el7.nux.noarch.rpm + +然后再做, + + # yum update && yum install alien + +在Fedora中,你只需要运行上面的命令即可。 + +在Debian及其衍生版中,只需要: + + # aptitude install alien + +### 步骤2:将.deb转换成.rpm包 ### + +对于本次测试,我们选择了date工具,它提供了一系列日期和时间工具用于处理大量金融数据。我们将下载.deb包到我们的CentOS 7机器中,将它转换成.rpm并安装: + +![Check CentOS Version](http://www.tecmint.com/wp-content/uploads/2015/08/Check-Linux-OS-Version.png) + +检查CentOS版本 + + # cat /etc/centos-release + # wget http://ftp.us.debian.org/debian/pool/main/d/dateutils/dateutils_0.3.1-1.1_amd64.deb + # alien --to-rpm --scripts dateutils_0.3.1-1.1_amd64.deb + +![Convert .deb to .rpm package in Linux](http://www.tecmint.com/wp-content/uploads/2015/08/Convert-deb-to-rpm-package.png) + +*在Linux中将.deb转换成.rpm* + +**重要**:(请注意alien是怎样来增加目标包的次版本号的。如果你想要无视该行为,请添加-keep-version标识)。 + +如果我们尝试马上安装该包,我们将碰到些许问题: + + # rpm -Uvh dateutils-0.3.1-2.1.x86_64.rpm + +![Install RPM Package](http://www.tecmint.com/wp-content/uploads/2015/08/Install-RPM-Package.png) + +*安装RPM包* + +要解决该问题,我们需要启用epel-testing仓库,然后安装rpmbuild工具来编辑该包的配置以重建包: + + # yum --enablerepo=epel-testing install rpmrebuild + +然后运行, + + # rpmrebuild -pe dateutils-0.3.1-2.1.x86_64.rpm + +它会打开你的默认文本编辑器。请转到`%files`章节并删除涉及到错误信息中提到的目录的行,然后保存文件并退出: + +![Convert .deb to Alien Version](http://www.tecmint.com/wp-content/uploads/2015/08/Convert-Deb-Package-to-Alien-Version.png) + +*转换.deb到Alien版* + +但你退出该文件后,将提示你继续去重构。如果你选择“Y”,该文件会重构到指定的目录(与当前工作目录不同): + + # rpmrebuild –pe dateutils-0.3.1-2.1.x86_64.rpm + +![Build RPM Package](http://www.tecmint.com/wp-content/uploads/2015/08/Build-RPM-Package.png) + +*构建RPM包* + +现在你可以像以往一样继续来安装包并验证: + + # rpm -Uvh /root/rpmbuild/RPMS/x86_64/dateutils-0.3.1-2.1.x86_64.rpm + # rpm -qa | grep dateutils + +![Install Build RPM Package](http://www.tecmint.com/wp-content/uploads/2015/08/Install-Build-RPM-Package.png) + +*安装构建RPM包* + +最后,你可以列出date工具包含的各个工具,也可以查看各自的手册页: + + # ls -l /usr/bin | grep dateutils + +![Verify Installed RPM Package](http://www.tecmint.com/wp-content/uploads/2015/08/Verify-Installed-Package.png) + +*验证安装的RPM包* + +### 步骤3:将.rpm转换成.deb包 ### + +在本节中,我们将演示如何将.rpm转换成.deb。在一台32位的Debian Wheezy机器中,让我们从CentOS 6操作系统仓库中下载用于zsh shell的.rpm包。注意,该shell在Debian及其衍生版的默认安装中是不可用的。 + + # cat /etc/shells + # lsb_release -a | tail -n 4 + +![Check Shell and Debian OS Version](http://www.tecmint.com/wp-content/uploads/2015/08/Check-Shell-Debian-OS-Version.png) + +*检查Shell和Debian操作系统版本* + + # wget http://mirror.centos.org/centos/6/os/i386/Packages/zsh-4.3.11-4.el6.centos.i686.rpm + # alien --to-deb --scripts zsh-4.3.11-4.el6.centos.i686.rpm + +你可以安全地无视关于签名丢失的信息: + +![Convert .rpm to .deb Package](http://www.tecmint.com/wp-content/uploads/2015/08/Convert-rpm-to-deb-Package.png) + +*将.rpm转换成.deb包* + +过了一会儿后,.deb包应该已经生成,并可以安装了: + + # dpkg -i zsh_4.3.11-5_i386.deb + +![Install RPM Converted Deb Package](http://www.tecmint.com/wp-content/uploads/2015/08/Install-Deb-Package.png) + +*安装RPM转换来的Deb包* + +安装完后,你看看可以zsh是否添加到了合法shell列表中: + + # cat /etc/shells + +![Confirm Installed Zsh Package](http://www.tecmint.com/wp-content/uploads/2015/08/Confirm-Installed-Package.png) + +*确认安装的Zsh包* + +### 小结 ### + +在本文中,我们已经解释了如何将.rpm转换成.deb及其反向转换,这可以作为这类程序不能从仓库中或者作为可分发源代码获得的最后安装手段。你一定想要将本文添加到书签中,因为我们都需要alien。 + +请自由分享你关于本文的想法,写到下面的表单中吧。 + +-------------------------------------------------------------------------------- + +via: http://www.tecmint.com/convert-from-rpm-to-deb-and-deb-to-rpm-package-using-alien/ + +作者:[Gabriel Cánepa][a] +译者:[GOLinux](https://github.com/GOLinux) +校对:[wxy](https://github.com/wxy) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://www.tecmint.com/author/gacanepa/ +[1]:http://www.tecmint.com/linux-package-management/ +[2]:http://li.nux.ro/download/nux/dextop/el7/x86_64/ diff --git a/sources/tech/20150827 Linux or UNIX--Bash Read a File Line By Line.md b/published/201508/20150827 Linux or UNIX--Bash Read a File Line By Line.md similarity index 70% rename from sources/tech/20150827 Linux or UNIX--Bash Read a File Line By Line.md rename to published/201508/20150827 Linux or UNIX--Bash Read a File Line By Line.md index c0a4b6c27c..8702ddec41 100644 --- a/sources/tech/20150827 Linux or UNIX--Bash Read a File Line By Line.md +++ b/published/201508/20150827 Linux or UNIX--Bash Read a File Line By Line.md @@ -1,19 +1,23 @@ -translation by strugglingyouth -Linux/UNIX: Bash Read a File Line By Line +Bash 下如何逐行读取一个文件 ================================================================================ -How do I read a file line by line under a Linux or UNIX-like system using KSH or BASH shell? -You can use while..do..done bash loop to read file line by line on a Linux, OSX, *BSD, or Unix-like system. +在 Linux 或类 UNIX 系统下如何使用 KSH 或 BASH shell 逐行读取一个文件? -**Syntax to read file line by line on a Bash Unix & Linux shell:** +在 Linux、OSX、 *BSD 或者类 Unix 系统下你可以使用 ​​while..do..done 的 bash 循环来逐行读取一个文件。 -1. The syntax is as follows for bash, ksh, zsh, and all other shells - -1. while read -r line; do COMMAND; done < input.file -1. The -r option passed to red command prevents backslash escapes from being interpreted. -1. Add IFS= option before read command to prevent leading/trailing whitespace from being trimmed - -1. while IFS= read -r line; do COMMAND_on $line; done < input.file +###在 Bash Unix 或者 Linux shell 中逐行读取一个文件的语法 -Here is more human readable syntax for you: +对于 bash、ksh、 zsh 和其他的 shells 语法如下 + + while read -r line; do COMMAND; done < input.file + +通过 -r 选项传递给 read 命令以防止阻止解释其中的反斜杠转义符。 + +在 read 命令之前添加 `IFS=` 选项,来防止首尾的空白字符被去掉。 + + while IFS= read -r line; do COMMAND_on $line; done < input.file + +这是更适合人类阅读的语法: #!/bin/bash input="/path/to/txt/file" @@ -22,47 +26,47 @@ Here is more human readable syntax for you: echo "$var" done < "$input" -**Examples** +**示例** -Here are some examples: +下面是一些例子: #!/bin/ksh file="/home/vivek/data.txt" while IFS= read line do - # display $line or do somthing with $line + # display $line or do somthing with $line echo "$line" done <"$file" -The same example using bash shell: +在 bash shell 中相同的例子: #!/bin/bash file="/home/vivek/data.txt" while IFS= read -r line do - # display $line or do somthing with $line + # display $line or do somthing with $line printf '%s\n' "$line" done <"$file" -You can also read field wise: +你还可以看看这个更好的: #!/bin/bash file="/etc/passwd" while IFS=: read -r f1 f2 f3 f4 f5 f6 f7 do - # display fields using f1, f2,..,f7 - printf 'Username: %s, Shell: %s, Home Dir: %s\n' "$f1" "$f7" "$f6" + # display fields using f1, f2,..,f7 + printf 'Username: %s, Shell: %s, Home Dir: %s\n' "$f1" "$f7" "$f6" done <"$file" -Sample outputs: +示例输出: ![Fig.01: Bash shell scripting- read file line by line demo outputs](http://s0.cyberciti.org/uploads/faq/2011/01/Bash-Scripting-Read-File-line-by-line-demo.jpg) -Fig.01: Bash shell scripting- read file line by line demo outputs +*图01:Bash 脚本:读取文件并逐行输出文件* -**Bash Scripting: Read text file line-by-line to create pdf files** +###Bash 脚本:逐行读取文本文件并创建为 pdf 文件 -My input file is as follows (faq.txt): +我的输入文件如下(faq.txt): 4|http://www.cyberciti.biz/faq/mysql-user-creation/|Mysql User Creation: Setting Up a New MySQL User Account 4096|http://www.cyberciti.biz/faq/ksh-korn-shell/|What is UNIX / Linux Korn Shell? @@ -75,7 +79,7 @@ My input file is as follows (faq.txt): 8292|http://www.cyberciti.biz/faq/mounting-harddisks-in-freebsd-with-mount-command/|FreeBSD: Mount Hard Drive / Disk Command 8190|http://www.cyberciti.biz/faq/rebooting-solaris-unix-server/|Reboot a Solaris UNIX System -My bash script: +我的 bash 脚本: #!/bin/bash # Usage: Create pdf files from input (wrapper script) @@ -106,15 +110,16 @@ My bash script: done <"$_db" fi -**Tip: Read from bash variable** +###技巧:从 bash 变量中读取 -Let us say you want a list of all installed php packages on a Debian or Ubuntu Linux, enter: +让我们看看如何在 Debian 或者 Ubuntu Linux 下列出所有安装过的 php 包,请输入: + + # 我将输出内容赋值到一个变量名为 $list中 # - # My input source is the contents of a variable called $list # list=$(dpkg --list php\* | awk '/ii/{print $2}') printf '%s\n' "$list" -Sample outputs: +示例输出: php-pear php5-cli @@ -127,7 +132,7 @@ Sample outputs: php5-readline php5-suhosin-extension -You can now read from $list and install the package: +你现在可以从 $list 中看到它们,并安装这些包: #!/bin/bash # BASH can iterate over $list variable using a "here string" # @@ -138,7 +143,7 @@ You can now read from $list and install the package: done <<< "$list" printf '*** Do not forget to run php5enmod and restart the server (httpd or php5-fpm) ***\n' -Sample outputs: +示例输出: Installing php package php-pear... Installing php package php5-cli... @@ -150,14 +155,15 @@ Sample outputs: Installing php package php5-mysql... Installing php package php5-readline... Installing php package php5-suhosin-extension... + *** Do not forget to run php5enmod and restart the server (httpd or php5-fpm) *** -------------------------------------------------------------------------------- via: http://www.cyberciti.biz/faq/unix-howto-read-line-by-line-from-file/ -作者:[作者名][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) +作者: VIVEK GIT +译者:[strugglingyouth](https://github.com/strugglingyouth) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出 diff --git a/published/Linux and Unix Test Disk IO Performance With dd Command.md b/published/201508/Linux and Unix Test Disk IO Performance With dd Command.md similarity index 100% rename from published/Linux and Unix Test Disk IO Performance With dd Command.md rename to published/201508/Linux and Unix Test Disk IO Performance With dd Command.md diff --git a/published/Part 1 - Introduction to RAID, Concepts of RAID and RAID Levels.md b/published/201508/Part 1 - Introduction to RAID, Concepts of RAID and RAID Levels.md similarity index 100% rename from published/Part 1 - Introduction to RAID, Concepts of RAID and RAID Levels.md rename to published/201508/Part 1 - Introduction to RAID, Concepts of RAID and RAID Levels.md diff --git a/published/Part 2 - Creating Software RAID0 (Stripe) on ‘Two Devices’ Using ‘mdadm’ Tool in Linux.md b/published/201508/Part 2 - Creating Software RAID0 (Stripe) on ‘Two Devices’ Using ‘mdadm’ Tool in Linux.md similarity index 100% rename from published/Part 2 - Creating Software RAID0 (Stripe) on ‘Two Devices’ Using ‘mdadm’ Tool in Linux.md rename to published/201508/Part 2 - Creating Software RAID0 (Stripe) on ‘Two Devices’ Using ‘mdadm’ Tool in Linux.md diff --git a/published/Part 3 - Setting up RAID 1 (Mirroring) using 'Two Disks' in Linux.md b/published/201508/Part 3 - Setting up RAID 1 (Mirroring) using 'Two Disks' in Linux.md similarity index 100% rename from published/Part 3 - Setting up RAID 1 (Mirroring) using 'Two Disks' in Linux.md rename to published/201508/Part 3 - Setting up RAID 1 (Mirroring) using 'Two Disks' in Linux.md diff --git a/published/Part 4 - Creating RAID 5 (Striping with Distributed Parity) in Linux.md b/published/201508/Part 4 - Creating RAID 5 (Striping with Distributed Parity) in Linux.md similarity index 100% rename from published/Part 4 - Creating RAID 5 (Striping with Distributed Parity) in Linux.md rename to published/201508/Part 4 - Creating RAID 5 (Striping with Distributed Parity) in Linux.md diff --git a/translated/tech/RAID/Part 5 - Setup RAID Level 6 (Striping with Double Distributed Parity) in Linux.md b/published/201508/Part 5 - Setup RAID Level 6 (Striping with Double Distributed Parity) in Linux.md similarity index 50% rename from translated/tech/RAID/Part 5 - Setup RAID Level 6 (Striping with Double Distributed Parity) in Linux.md rename to published/201508/Part 5 - Setup RAID Level 6 (Striping with Double Distributed Parity) in Linux.md index 1890a242e2..d222a997e5 100644 --- a/translated/tech/RAID/Part 5 - Setup RAID Level 6 (Striping with Double Distributed Parity) in Linux.md +++ b/published/201508/Part 5 - Setup RAID Level 6 (Striping with Double Distributed Parity) in Linux.md @@ -1,77 +1,78 @@ - -在 Linux 中安装 RAID 6(条带化双分布式奇偶校验) - 第5部分 +在 Linux 下使用 RAID(五):安装 RAID 6(条带化双分布式奇偶校验) ================================================================================ -RAID 6 是 RAID 5 的升级版,它有两个分布式奇偶校验,即时两个磁盘发生故障后依然有容错能力。两并列的磁盘发生故障时,系统的关键任务仍然能运行。它与 RAID 5 相似,但性能更健壮,因为它多用了一个磁盘来进行奇偶校验。 -在之前的文章中,我们已经在 RAID 5 看了分布式奇偶校验,但在本文中,我们将看到的是 RAID 6 双分布式奇偶校验。不要期望比其他 RAID 有额外的性能,我们仍然需要安装一个专用的 RAID 控制器。在 RAID 6 中,即使我们失去了2个磁盘,我们仍可以取回数据通过更换磁盘,然后从校验中构建数据。 +RAID 6 是 RAID 5 的升级版,它有两个分布式奇偶校验,即使两个磁盘发生故障后依然有容错能力。在两个磁盘同时发生故障时,系统的关键任务仍然能运行。它与 RAID 5 相似,但性能更健壮,因为它多用了一个磁盘来进行奇偶校验。 + +在之前的文章中,我们已经在 RAID 5 看了分布式奇偶校验,但在本文中,我们将看到的是 RAID 6 双分布式奇偶校验。不要期望比其他 RAID 有更好的性能,除非你也安装了一个专用的 RAID 控制器。在 RAID 6 中,即使我们失去了2个磁盘,我们仍可以通过更换磁盘,从校验中构建数据,然后取回数据。 ![Setup RAID 6 in CentOS](http://www.tecmint.com/wp-content/uploads/2014/11/Setup-RAID-6-in-Linux.jpg) -在 Linux 中安装 RAID 6 +*在 Linux 中安装 RAID 6* -要建立一个 RAID 6,一组最少需要4个磁盘。RAID 6 甚至在有些设定中会有多组磁盘,当读取数据时,它会同时从所有磁盘读取,所以读取速度会更快,当写数据时,因为它要将数据写在条带化的多个磁盘上,所以性能会较差。 +要建立一个 RAID 6,一组最少需要4个磁盘。RAID 6 甚至在有些组中会有更多磁盘,这样将多个硬盘捆在一起,当读取数据时,它会同时从所有磁盘读取,所以读取速度会更快,当写数据时,因为它要将数据写在条带化的多个磁盘上,所以性能会较差。 -现在,很多人都在讨论为什么我们需要使用 RAID 6,它的性能和其他 RAID 相比并不太好。提出这个问题首先需要知道的是,如果需要高容错的必须选择 RAID 6。在每一个对数据库的高可用性要求较高的环境中,他们需要 RAID 6 因为数据库是最重要,无论花费多少都需要保护其安全,它在视频流环境中也是非常有用的。 +现在,很多人都在讨论为什么我们需要使用 RAID 6,它的性能和其他 RAID 相比并不太好。提出这个问题首先需要知道的是,如果需要高容错性就选择 RAID 6。在每一个用于数据库的高可用性要求较高的环境中,他们需要 RAID 6 因为数据库是最重要,无论花费多少都需要保护其安全,它在视频流环境中也是非常有用的。 #### RAID 6 的的优点和缺点 #### -- 性能很不错。 -- RAID 6 非常昂贵,因为它要求两个独立的磁盘用于奇偶校验功能。 +- 性能不错。 +- RAID 6 比较昂贵,因为它要求两个独立的磁盘用于奇偶校验功能。 - 将失去两个磁盘的容量来保存奇偶校验信息(双奇偶校验)。 -- 不存在数据丢失,即时两个磁盘损坏。我们可以在更换损坏的磁盘后从校验中重建数据。 +- 即使两个磁盘损坏,数据也不会丢失。我们可以在更换损坏的磁盘后从校验中重建数据。 - 读性能比 RAID 5 更好,因为它从多个磁盘读取,但对于没有专用的 RAID 控制器的设备写性能将非常差。 #### 要求 #### -要创建一个 RAID 6 最少需要4个磁盘.你也可以添加更多的磁盘,但你必须有专用的 RAID 控制器。在软件 RAID 中,我们在 RAID 6 中不会得到更好的性能,所以我们需要一个物理 RAID 控制器。 +要创建一个 RAID 6 最少需要4个磁盘。你也可以添加更多的磁盘,但你必须有专用的 RAID 控制器。使用软件 RAID 我们在 RAID 6 中不会得到更好的性能,所以我们需要一个物理 RAID 控制器。 -这些是新建一个 RAID 需要的设置,我们建议先看完以下 RAID 文章。 +如果你新接触 RAID 设置,我们建议先看完以下 RAID 文章。 -- [Linux 中 RAID 的基本概念 – 第一部分][1] -- [在 Linux 上创建软件 RAID 0 (条带化) – 第二部分][2] -- [在 Linux 上创建软件 RAID 1 (镜像) – 第三部分][3] +- [介绍 RAID 的级别和概念][1] +- [使用 mdadm 工具创建软件 RAID 0 (条带化)][2] +- [用两块磁盘创建 RAID 1(镜像)][3] +- [创建 RAID 5(条带化与分布式奇偶校验)](4) -#### My Server Setup #### +#### 我的服务器设置 #### - Operating System : CentOS 6.5 Final - IP Address : 192.168.0.228 - Hostname : rd6.tecmintlocal.com - Disk 1 [20GB] : /dev/sdb - Disk 2 [20GB] : /dev/sdc - Disk 3 [20GB] : /dev/sdd - Disk 4 [20GB] : /dev/sde + 操作系统 : CentOS 6.5 Final + IP 地址 : 192.168.0.228 + 主机名 : rd6.tecmintlocal.com + 磁盘 1 [20GB] : /dev/sdb + 磁盘 2 [20GB] : /dev/sdc + 磁盘 3 [20GB] : /dev/sdd + 磁盘 4 [20GB] : /dev/sde -这篇文章是9系列 RAID 教程的第5部分,在这里我们将看到我们如何在 Linux 系统或者服务器上创建和设置软件 RAID 6 或条带化双分布式奇偶校验,使用四个 20GB 的磁盘 /dev/sdb, /dev/sdc, /dev/sdd 和 /dev/sde. +这是9篇系列教程的第5部分,在这里我们将看到如何在 Linux 系统或者服务器上使用四个 20GB 的磁盘(名为 /dev/sdb、 /dev/sdc、 /dev/sdd 和 /dev/sde)创建和设置软件 RAID 6 (条带化双分布式奇偶校验)。 ### 第1步:安装 mdadm 工具,并检查磁盘 ### -1.如果你按照我们最进的两篇 RAID 文章(第2篇和第3篇),我们已经展示了如何安装‘mdadm‘工具。如果你直接看的这篇文章,我们先来解释下在Linux系统中如何使用‘mdadm‘工具来创建和管理 RAID,首先根据你的 Linux 发行版使用以下命令来安装。 +1、 如果你按照我们最进的两篇 RAID 文章(第2篇和第3篇),我们已经展示了如何安装`mdadm`工具。如果你直接看的这篇文章,我们先来解释下在 Linux 系统中如何使用`mdadm`工具来创建和管理 RAID,首先根据你的 Linux 发行版使用以下命令来安装。 - # yum install mdadm [on RedHat systems] - # apt-get install mdadm [on Debain systems] + # yum install mdadm [在 RedHat 系统] + # apt-get install mdadm [在 Debain 系统] -2.安装该工具后,然后来验证需要的四个磁盘,我们将会使用下面的‘fdisk‘命令来检验用于创建 RAID 的磁盘。 +2、 安装该工具后,然后来验证所需的四个磁盘,我们将会使用下面的`fdisk`命令来检查用于创建 RAID 的磁盘。 # fdisk -l | grep sd ![Check Hard Disk in Linux](http://www.tecmint.com/wp-content/uploads/2014/11/Verify-Linux-Disks.png) -在 Linux 中检查磁盘 +*在 Linux 中检查磁盘* -3.在创建 RAID 磁盘前,先检查下我们的磁盘是否创建过 RAID 分区。 +3、 在创建 RAID 磁盘前,先检查下我们的磁盘是否创建过 RAID 分区。 # mdadm -E /dev/sd[b-e] - # mdadm --examine /dev/sdb /dev/sdc /dev/sdd /dev/sde + # mdadm --examine /dev/sdb /dev/sdc /dev/sdd /dev/sde # 或 ![Check Raid on Disk](http://www.tecmint.com/wp-content/uploads/2014/11/Check-Disk-Raid.png) -在磁盘上检查 Raid 分区 +*在磁盘上检查 RAID 分区* **注意**: 在上面的图片中,没有检测到任何 super-block 或者说在四个磁盘上没有 RAID 存在。现在我们开始创建 RAID 6。 ### 第2步:为 RAID 6 创建磁盘分区 ### -4.现在为 raid 创建分区‘/dev/sdb‘, ‘/dev/sdc‘, ‘/dev/sdd‘ 和 ‘/dev/sde‘使用下面 fdisk 命令。在这里,我们将展示如何创建分区在 sdb 磁盘,同样的步骤也适用于其他分区。 +4、 现在在 `/dev/sdb`, `/dev/sdc`, `/dev/sdd` 和 `/dev/sde`上为 RAID 创建分区,使用下面的 fdisk 命令。在这里,我们将展示如何在 sdb 磁盘创建分区,同样的步骤也适用于其他分区。 **创建 /dev/sdb 分区** @@ -79,20 +80,20 @@ RAID 6 是 RAID 5 的升级版,它有两个分布式奇偶校验,即时两 请按照说明进行操作,如下图所示创建分区。 -- 按 ‘n’ 创建新的分区。 -- 然后按 ‘P’ 选择主分区。 +- 按 `n`创建新的分区。 +- 然后按 `P` 选择主分区。 - 接下来选择分区号为1。 - 只需按两次回车键选择默认值即可。 -- 然后,按 ‘P’ 来打印创建好的分区。 -- 按 ‘L’,列出所有可用的类型。 -- 按 ‘t’ 去修改分区。 -- 键入 ‘fd’ 设置为 Linux 的 RAID 类型,然后按 Enter 确认。 -- 然后再次使用‘p’查看我们所做的更改。 -- 使用‘w’保存更改。 +- 然后,按 `P` 来打印创建好的分区。 +- 按 `L`,列出所有可用的类型。 +- 按 `t` 去修改分区。 +- 键入 `fd` 设置为 Linux 的 RAID 类型,然后按回车确认。 +- 然后再次使用`p`查看我们所做的更改。 +- 使用`w`保存更改。 ![Create sdb Partition](http://www.tecmint.com/wp-content/uploads/2014/11/Create-sdb-Partition.png) -创建 /dev/sdb 分区 +*创建 /dev/sdb 分区* **创建 /dev/sdc 分区** @@ -100,7 +101,7 @@ RAID 6 是 RAID 5 的升级版,它有两个分布式奇偶校验,即时两 ![Create sdc Partition](http://www.tecmint.com/wp-content/uploads/2014/11/Create-sdc-Partition.png) -创建 /dev/sdc 分区 +*创建 /dev/sdc 分区* **创建 /dev/sdd 分区** @@ -108,7 +109,7 @@ RAID 6 是 RAID 5 的升级版,它有两个分布式奇偶校验,即时两 ![Create sdd Partition](http://www.tecmint.com/wp-content/uploads/2014/11/Create-sdd-Partition.png) -创建 /dev/sdd 分区 +*创建 /dev/sdd 分区* **创建 /dev/sde 分区** @@ -116,71 +117,67 @@ RAID 6 是 RAID 5 的升级版,它有两个分布式奇偶校验,即时两 ![Create sde Partition](http://www.tecmint.com/wp-content/uploads/2014/11/Create-sde-Partition.png) -创建 /dev/sde 分区 +*创建 /dev/sde 分区* -5.创建好分区后,检查磁盘的 super-blocks 是个好的习惯。如果 super-blocks 不存在我们可以按前面的创建一个新的 RAID。 +5、 创建好分区后,检查磁盘的 super-blocks 是个好的习惯。如果 super-blocks 不存在我们可以按前面的创建一个新的 RAID。 - # mdadm -E /dev/sd[b-e]1 - - - 或者 - - # mdadm --examine /dev/sdb1 /dev/sdc1 /dev/sdd1 /dev/sde1 + # mdadm -E /dev/sd[b-e]1 + # mdadm --examine /dev/sdb1 /dev/sdc1 /dev/sdd1 /dev/sde1 # 或 ![Check Raid on New Partitions](http://www.tecmint.com/wp-content/uploads/2014/11/Check-Raid-on-New-Partitions.png) -在新分区中检查 Raid +*在新分区中检查 RAID * ### 步骤3:创建 md 设备(RAID) ### -6,现在是时候来创建 RAID 设备‘md0‘ (即 /dev/md0)并应用 RAID 级别在所有新创建的分区中,确认 raid 使用以下命令。 +6、 现在可以使用以下命令创建 RAID 设备`md0` (即 /dev/md0),并在所有新创建的分区中应用 RAID 级别,然后确认 RAID 设置。 # mdadm --create /dev/md0 --level=6 --raid-devices=4 /dev/sdb1 /dev/sdc1 /dev/sdd1 /dev/sde1 # cat /proc/mdstat ![Create Raid 6 Device](http://www.tecmint.com/wp-content/uploads/2014/11/Create-Raid-6-Device.png) -创建 Raid 6 设备 +*创建 Raid 6 设备* -7.你还可以使用 watch 命令来查看当前 raid 的进程,如下图所示。 +7、 你还可以使用 watch 命令来查看当前创建 RAID 的进程,如下图所示。 # watch -n1 cat /proc/mdstat ![Check Raid 6 Process](http://www.tecmint.com/wp-content/uploads/2014/11/Check-Raid-6-Process.png) -检查 Raid 6 进程 +*检查 RAID 6 创建过程* -8.使用以下命令验证 RAID 设备。 +8、 使用以下命令验证 RAID 设备。 -# mdadm -E /dev/sd[b-e]1 + # mdadm -E /dev/sd[b-e]1 **注意**::上述命令将显示四个磁盘的信息,这是相当长的,所以没有截取其完整的输出。 -9.接下来,验证 RAID 阵列,以确认 re-syncing 被启动。 +9、 接下来,验证 RAID 阵列,以确认重新同步过程已经开始。 # mdadm --detail /dev/md0 ![Check Raid 6 Array](http://www.tecmint.com/wp-content/uploads/2014/11/Check-Raid-6-Array.png) -检查 Raid 6 阵列 +*检查 Raid 6 阵列* ### 第4步:在 RAID 设备上创建文件系统 ### -10.使用 ext4 为‘/dev/md0‘创建一个文件系统并将它挂载在 /mnt/raid5 。这里我们使用的是 ext4,但你可以根据你的选择使用任意类型的文件系统。 +10、 使用 ext4 为`/dev/md0`创建一个文件系统,并将它挂载在 /mnt/raid6 。这里我们使用的是 ext4,但你可以根据你的选择使用任意类型的文件系统。 # mkfs.ext4 /dev/md0 ![Create File System on Raid](http://www.tecmint.com/wp-content/uploads/2014/11/Create-File-System-on-Raid.png) -在 Raid 6 上创建文件系统 +*在 RAID 6 上创建文件系统* -11.挂载创建的文件系统到 /mnt/raid6,并验证挂载点下的文件,我们可以看到 lost+found 目录。 +11、 将创建的文件系统挂载到 /mnt/raid6,并验证挂载点下的文件,我们可以看到 lost+found 目录。 # mkdir /mnt/raid6 # mount /dev/md0 /mnt/raid6/ # ls -l /mnt/raid6/ -12.在挂载点下创建一些文件,在任意文件中添加一些文字并验证其内容。 +12、 在挂载点下创建一些文件,在任意文件中添加一些文字并验证其内容。 # touch /mnt/raid6/raid6_test.txt # ls -l /mnt/raid6/ @@ -189,9 +186,9 @@ RAID 6 是 RAID 5 的升级版,它有两个分布式奇偶校验,即时两 ![Verify Raid Content](http://www.tecmint.com/wp-content/uploads/2014/11/Verify-Raid-Content.png) -验证 Raid 内容 +*验证 RAID 内容* -13.在 /etc/fstab 中添加以下条目使系统启动时自动挂载设备,环境不同挂载点可能会有所不同。 +13、 在 /etc/fstab 中添加以下条目使系统启动时自动挂载设备,操作系统环境不同挂载点可能会有所不同。 # vim /etc/fstab @@ -199,36 +196,37 @@ RAID 6 是 RAID 5 的升级版,它有两个分布式奇偶校验,即时两 ![Automount Raid 6 Device](http://www.tecmint.com/wp-content/uploads/2014/11/Automount-Raid-Device.png) -自动挂载 Raid 6 设备 +*自动挂载 RAID 6 设备* -14.接下来,执行‘mount -a‘命令来验证 fstab 中的条目是否有错误。 +14、 接下来,执行`mount -a`命令来验证 fstab 中的条目是否有错误。 # mount -av ![Verify Raid Automount](http://www.tecmint.com/wp-content/uploads/2014/11/Verify-Automount-Raid-Devices.png) -验证 Raid 是否自动挂载 +*验证 RAID 是否自动挂载* ### 第5步:保存 RAID 6 的配置 ### -15.请注意默认 RAID 没有配置文件。我们需要使用以下命令手动保存它,然后检查设备‘/dev/md0‘的状态。 +15、 请注意,默认情况下 RAID 没有配置文件。我们需要使用以下命令手动保存它,然后检查设备`/dev/md0`的状态。 # mdadm --detail --scan --verbose >> /etc/mdadm.conf + # cat /etc/mdadm.conf # mdadm --detail /dev/md0 ![Save Raid 6 Configuration](http://www.tecmint.com/wp-content/uploads/2014/11/Check-Raid-Status.png) -保存 Raid 6 配置 +*保存 RAID 6 配置* ![Check Raid 6 Status](http://www.tecmint.com/wp-content/uploads/2014/11/Check-Raid-Status.png) -检查 Raid 6 状态 +*检查 RAID 6 状态* ### 第6步:添加备用磁盘 ### -16.现在,它使用了4个磁盘,并且有两个作为奇偶校验信息来使用。在某些情况下,如果任意一个磁盘出现故障,我们仍可以得到数据,因为在 RAID 6 使用双奇偶校验。 +16、 现在,已经使用了4个磁盘,并且其中两个作为奇偶校验信息来使用。在某些情况下,如果任意一个磁盘出现故障,我们仍可以得到数据,因为在 RAID 6 使用双奇偶校验。 -如果第二个磁盘也出现故障,在第三块磁盘损坏前我们可以添加一个​​新的。它可以作为一个备用磁盘并入 RAID 集合,但我在创建 raid 集合前没有定义备用的磁盘。但是,在磁盘损坏后或者创建 RAId 集合时我们可以添加一块磁盘。现在,我们已经创建好了 RAID,下面让我演示如何添加备用磁盘。 +如果第二个磁盘也出现故障,在第三块磁盘损坏前我们可以添加一个​​新的。可以在创建 RAID 集时加入一个备用磁盘,但我在创建 RAID 集合前没有定义备用的磁盘。不过,我们可以在磁盘损坏后或者创建 RAID 集合时添加一块备用磁盘。现在,我们已经创建好了 RAID,下面让我演示如何添加备用磁盘。 为了达到演示的目的,我已经热插入了一个新的 HDD 磁盘(即 /dev/sdf),让我们来验证接入的磁盘。 @@ -236,15 +234,15 @@ RAID 6 是 RAID 5 的升级版,它有两个分布式奇偶校验,即时两 ![Check New Disk](http://www.tecmint.com/wp-content/uploads/2014/11/Check-New-Disk.png) -检查新 Disk +*检查新磁盘* -17.现在再次确认新连接的磁盘没有配置过 RAID ,使用 mdadm 来检查。 +17、 现在再次确认新连接的磁盘没有配置过 RAID ,使用 mdadm 来检查。 # mdadm --examine /dev/sdf ![Check Raid on New Disk](http://www.tecmint.com/wp-content/uploads/2014/11/Check-Raid-on-New-Disk.png) -在新磁盘中检查 Raid +*在新磁盘中检查 RAID* **注意**: 像往常一样,我们早前已经为四个磁盘创建了分区,同样,我们使用 fdisk 命令为新插入的磁盘创建新分区。 @@ -252,9 +250,9 @@ RAID 6 是 RAID 5 的升级版,它有两个分布式奇偶校验,即时两 ![Create sdf Partition](http://www.tecmint.com/wp-content/uploads/2014/11/Create-Partition-on-sdf.png) -为 /dev/sdf 创建分区 +*为 /dev/sdf 创建分区* -18.在 /dev/sdf 创建新的分区后,在新分区上确认 raid,包括/dev/md0 raid 设备的备用磁盘,并验证添加的设备。 +18、 在 /dev/sdf 创建新的分区后,在新分区上确认没有 RAID,然后将备用磁盘添加到 RAID 设备 /dev/md0 中,并验证添加的设备。 # mdadm --examine /dev/sdf # mdadm --examine /dev/sdf1 @@ -263,19 +261,19 @@ RAID 6 是 RAID 5 的升级版,它有两个分布式奇偶校验,即时两 ![Verify Raid on sdf Partition](http://www.tecmint.com/wp-content/uploads/2014/11/Verify-Raid-on-sdf.png) -在 sdf 分区上验证 Raid +*在 sdf 分区上验证 Raid* ![Add sdf Partition to Raid](http://www.tecmint.com/wp-content/uploads/2014/11/Add-sdf-Partition-to-Raid.png) -为 RAID 添加 sdf 分区 +*添加 sdf 分区到 RAID * ![Verify sdf Partition Details](http://www.tecmint.com/wp-content/uploads/2014/11/Verify-sdf-Details.png) -验证 sdf 分区信息 +*验证 sdf 分区信息* ### 第7步:检查 RAID 6 容错 ### -19.现在,让我们检查备用驱动器是否能自动工作,当我们阵列中的任何一个磁盘出现故障时。为了测试,我亲自将一个磁盘模拟为故障设备。 +19、 现在,让我们检查备用驱动器是否能自动工作,当我们阵列中的任何一个磁盘出现故障时。为了测试,我将一个磁盘手工标记为故障设备。 在这里,我们标记 /dev/sdd1 为故障磁盘。 @@ -283,15 +281,15 @@ RAID 6 是 RAID 5 的升级版,它有两个分布式奇偶校验,即时两 ![Check Raid 6 Fault Tolerance](http://www.tecmint.com/wp-content/uploads/2014/11/Check-Raid-6-Failover.png) -检查 Raid 6 容错 +*检查 RAID 6 容错* -20.让我们查看 RAID 的详细信息,并检查备用磁盘是否开始同步。 +20、 让我们查看 RAID 的详细信息,并检查备用磁盘是否开始同步。 # mdadm --detail /dev/md0 ![Check Auto Raid Syncing](http://www.tecmint.com/wp-content/uploads/2014/11/Check-Auto-Raid-Syncing.png) -检查 Raid 自动同步 +*检查 RAID 自动同步* **哇塞!** 这里,我们看到备用磁盘激活了,并开始重建进程。在底部,我们可以看到有故障的磁盘 /dev/sdd1 标记为 faulty。可以使用下面的命令查看进程重建。 @@ -299,11 +297,11 @@ RAID 6 是 RAID 5 的升级版,它有两个分布式奇偶校验,即时两 ![Raid 6 Auto Syncing](http://www.tecmint.com/wp-content/uploads/2014/11/Raid-6-Auto-Syncing.png) -Raid 6 自动同步 +*RAID 6 自动同步* ### 结论: ### -在这里,我们看到了如何使用四个磁盘设置 RAID 6。这种 RAID 级别是具有高冗余的昂贵设置之一。在接下来的文章中,我们将看到如何建立一个嵌套的 RAID 10 甚至更多。至此,请继续关注 TECMINT。 +在这里,我们看到了如何使用四个磁盘设置 RAID 6。这种 RAID 级别是具有高冗余的昂贵设置之一。在接下来的文章中,我们将看到如何建立一个嵌套的 RAID 10 甚至更多。请继续关注。 -------------------------------------------------------------------------------- @@ -311,11 +309,12 @@ via: http://www.tecmint.com/create-raid-6-in-linux/ 作者:[Babin Lonston][a] 译者:[strugglingyouth](https://github.com/strugglingyouth) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出 [a]:http://www.tecmint.com/author/babinlonston/ -[1]:http://www.tecmint.com/understanding-raid-setup-in-linux/ -[2]:http://www.tecmint.com/create-raid0-in-linux/ -[3]:http://www.tecmint.com/create-raid1-in-linux/ +[1]:https://linux.cn/article-6085-1.html +[2]:https://linux.cn/article-6087-1.html +[3]:https://linux.cn/article-6093-1.html +[4]:https://linux.cn/article-6102-1.html diff --git a/published/201508/Part 6 - Setting Up RAID 10 or 1+0 (Nested) in Linux.md b/published/201508/Part 6 - Setting Up RAID 10 or 1+0 (Nested) in Linux.md new file mode 100644 index 0000000000..c0b03f3dba --- /dev/null +++ b/published/201508/Part 6 - Setting Up RAID 10 or 1+0 (Nested) in Linux.md @@ -0,0 +1,275 @@ +在 Linux 下使用 RAID(六):设置 RAID 10 或 1 + 0(嵌套) +================================================================================ + +RAID 10 是组合 RAID 1 和 RAID 0 形成的。要设置 RAID 10,我们至少需要4个磁盘。在之前的文章中,我们已经看到了如何使用最少两个磁盘设置 RAID 1 和 RAID 0。 + +在这里,我们将使用最少4个磁盘组合 RAID 1 和 RAID 0 来设置 RAID 10。假设我们已经在用 RAID 10 创建的逻辑卷保存了一些数据。比如我们要保存数据 “TECMINT”,它将使用以下方法将其保存在4个磁盘中。 + +![Create Raid 10 in Linux](http://www.tecmint.com/wp-content/uploads/2014/11/raid10.jpg) + +*在 Linux 中创建 Raid 10(LCTT 译注:此图有误,请参照文字说明和本系列第一篇文章)* + +RAID 10 是先做镜像,再做条带。因此,在 RAID 1 中,相同的数据将被写入到两个磁盘中,“T”将同时被写入到第一和第二个磁盘中。接着的数据被条带化到另外两个磁盘,“E”将被同时写入到第三和第四个磁盘中。它将继续循环此过程,“C”将同时被写入到第一和第二个磁盘,以此类推。 + +(LCTT 译注:原文中此处描述混淆有误,已经根据实际情况进行修改。) + +现在你已经了解 RAID 10 怎样组合 RAID 1 和 RAID 0 来工作的了。如果我们有4个20 GB 的磁盘,总共为 80 GB,但我们将只能得到40 GB 的容量,另一半的容量在构建 RAID 10 中丢失。 + +#### RAID 10 的优点和缺点 #### + +- 提供更好的性能。 +- 在 RAID 10 中我们将失去一半的磁盘容量。 +- 读与写的性能都很好,因为它会同时进行写入和读取。 +- 它能解决数据库的高 I/O 磁盘写操作。 + +#### 要求 #### + +在 RAID 10 中,我们至少需要4个磁盘,前2个磁盘为 RAID 1,其他2个磁盘为 RAID 0,就像我之前说的,RAID 10 仅仅是组合了 RAID 0和1。如果我们需要扩展 RAID 组,最少需要添加4个磁盘。 + +**我的服务器设置** + + 操作系统 : CentOS 6.5 Final + IP 地址 : 192.168.0.229 + 主机名 : rd10.tecmintlocal.com + 磁盘 1 [20GB] : /dev/sdd + 磁盘 2 [20GB] : /dev/sdc + 磁盘 3 [20GB] : /dev/sdd + 磁盘 4 [20GB] : /dev/sde + +有两种方法来设置 RAID 10,在这里两种方法我都会演示,但我更喜欢第一种方法,使用它来设置 RAID 10 更简单。 + +### 方法1:设置 RAID 10 ### + +1、 首先,使用以下命令确认所添加的4块磁盘没有被使用。 + + # ls -l /dev | grep sd + +2、 四个磁盘被检测后,然后来检查磁盘是否存在 RAID 分区。 + + # mdadm -E /dev/sd[b-e] + # mdadm --examine /dev/sdb /dev/sdc /dev/sdd /dev/sde # 或 + +![Verify 4 Added Disks](http://www.tecmint.com/wp-content/uploads/2014/11/Verify-4-Added-Disks.png) + +*验证添加的4块磁盘* + +**注意**: 在上面的输出中,如果没有检测到 super-block 意味着在4块磁盘中没有定义过 RAID。 + +#### 第1步:为 RAID 分区 #### + +3、 现在,使用`fdisk`,命令为4个磁盘(/dev/sdb, /dev/sdc, /dev/sdd 和 /dev/sde)创建新分区。 + + # fdisk /dev/sdb + # fdisk /dev/sdc + # fdisk /dev/sdd + # fdisk /dev/sde + +#####为 /dev/sdb 创建分区##### + +我来告诉你如何使用 fdisk 为磁盘(/dev/sdb)进行分区,此步也适用于其他磁盘。 + + # fdisk /dev/sdb + +请使用以下步骤为 /dev/sdb 创建一个新的分区。 + +- 按 `n` 创建新的分区。 +- 然后按 `P` 选择主分区。 +- 接下来选择分区号为1。 +- 只需按两次回车键选择默认值即可。 +- 然后,按 `P` 来打印创建好的分区。 +- 按 `L`,列出所有可用的类型。 +- 按 `t` 去修改分区。 +- 键入 `fd` 设置为 Linux 的 RAID 类型,然后按 Enter 确认。 +- 然后再次使用`p`查看我们所做的更改。 +- 使用`w`保存更改。 + +![Disk sdb Partition](http://www.tecmint.com/wp-content/uploads/2014/11/Disk-sdb-Partition.png) + +*为磁盘 sdb 分区* + +**注意**: 请使用上面相同的指令对其他磁盘(sdc, sdd sdd sde)进行分区。 + +4、 创建好4个分区后,需要使用下面的命令来检查磁盘是否存在 raid。 + + # mdadm -E /dev/sd[b-e] + # mdadm --examine /dev/sdb /dev/sdc /dev/sdd /dev/sde # 或 + + # mdadm -E /dev/sd[b-e]1 + # mdadm --examine /dev/sdb1 /dev/sdc1 /dev/sdd1 /dev/sde1 # 或 + +![Check All Disks for Raid](http://www.tecmint.com/wp-content/uploads/2014/11/Check-All-Disks-for-Raid.png) + +*检查磁盘* + +**注意**: 以上输出显示,新创建的四个分区中没有检测到 super-block,这意味着我们可以继续在这些磁盘上创建 RAID 10。 + +#### 第2步: 创建 RAID 设备 `md` #### + +5、 现在该创建一个`md`(即 /dev/md0)设备了,使用“mdadm” raid 管理工具。在创建设备之前,必须确保系统已经安装了`mdadm`工具,如果没有请使用下面的命令来安装。 + + # yum install mdadm [在 RedHat 系统] + # apt-get install mdadm [在 Debain 系统] + +`mdadm`工具安装完成后,可以使用下面的命令创建一个`md` raid 设备。 + + # mdadm --create /dev/md0 --level=10 --raid-devices=4 /dev/sd[b-e]1 + +6、 接下来使用`cat`命令验证新创建的 raid 设备。 + + # cat /proc/mdstat + +![Create md raid Device](http://www.tecmint.com/wp-content/uploads/2014/11/Create-md-raid-Device.png) + +*创建 md RAID 设备* + +7、 接下来,使用下面的命令来检查4个磁盘。下面命令的输出会很长,因为它会显示4个磁盘的所有信息。 + + # mdadm --examine /dev/sd[b-e]1 + +8、 接下来,使用以下命令来查看 RAID 阵列的详细信息。 + + # mdadm --detail /dev/md0 + +![Check Raid Array Details](http://www.tecmint.com/wp-content/uploads/2014/11/Check-Raid-Array-Details.png) + +*查看 RAID 阵列详细信息* + +**注意**: 你在上面看到的结果,该 RAID 的状态是 active 和re-syncing。 + +#### 第3步:创建文件系统 #### + +9、 使用 ext4 作为`md0′的文件系统,并将它挂载到`/mnt/raid10`下。在这里,我用的是 ext4,你可以使用你想要的文件系统类型。 + + # mkfs.ext4 /dev/md0 + +![Create md Filesystem](http://www.tecmint.com/wp-content/uploads/2014/11/Create-md-Filesystem.png) + +*创建 md 文件系统* + +10、 在创建文件系统后,挂载文件系统到`/mnt/raid10`下,并使用`ls -l`命令列出挂载点下的内容。 + + # mkdir /mnt/raid10 + # mount /dev/md0 /mnt/raid10/ + # ls -l /mnt/raid10/ + +接下来,在挂载点下创建一些文件,并在文件中添加些内容,然后检查内容。 + + # touch /mnt/raid10/raid10_files.txt + # ls -l /mnt/raid10/ + # echo "raid 10 setup with 4 disks" > /mnt/raid10/raid10_files.txt + # cat /mnt/raid10/raid10_files.txt + +![Mount md Device](http://www.tecmint.com/wp-content/uploads/2014/11/Mount-md-Device.png) + +*挂载 md 设备* + +11、 要想自动挂载,打开`/etc/fstab`文件并添加下面的条目,挂载点根据你环境的不同来添加。使用 wq! 保存并退出。 + + # vim /etc/fstab + + /dev/md0 /mnt/raid10 ext4 defaults 0 0 + +![AutoMount md Device](http://www.tecmint.com/wp-content/uploads/2014/11/AutoMount-md-Device.png) + +*挂载 md 设备* + +12、 接下来,在重新启动系统前使用`mount -a`来确认`/etc/fstab`文件是否有错误。 + + # mount -av + +![Check Errors in Fstab](http://www.tecmint.com/wp-content/uploads/2014/11/Check-Errors-in-Fstab.png) + +*检查 Fstab 中的错误* + +#### 第四步:保存 RAID 配置 #### + +13、 默认情况下 RAID 没有配置文件,所以我们需要在上述步骤完成后手动保存它。 + + # mdadm --detail --scan --verbose >> /etc/mdadm.conf + +![Save Raid10 Configuration](http://www.tecmint.com/wp-content/uploads/2014/11/Save-Raid10-Configuration.png) + +*保存 RAID10 的配置* + +就这样,我们使用方法1创建完了 RAID 10,这种方法是比较容易的。现在,让我们使用方法2来设置 RAID 10。 + +### 方法2:创建 RAID 10 ### + +1、 在方法2中,我们必须定义2组 RAID 1,然后我们需要使用这些创建好的 RAID 1 的集合来定义一个 RAID 0。在这里,我们将要做的是先创建2个镜像(RAID1),然后创建 RAID0 (条带化)。 + +首先,列出所有的可用于创建 RAID 10 的磁盘。 + + # ls -l /dev | grep sd + +![List 4 Devices](http://www.tecmint.com/wp-content/uploads/2014/11/List-4-Devices.png) + +*列出了 4 个设备* + +2、 将4个磁盘使用`fdisk`命令进行分区。对于如何分区,您可以按照上面的第1步。 + + # fdisk /dev/sdb + # fdisk /dev/sdc + # fdisk /dev/sdd + # fdisk /dev/sde + +3、 在完成4个磁盘的分区后,现在检查磁盘是否存在 RAID块。 + + # mdadm --examine /dev/sd[b-e] + # mdadm --examine /dev/sd[b-e]1 + +![Examine 4 Disks](http://www.tecmint.com/wp-content/uploads/2014/11/Examine-4-Disks.png) + +*检查 4 个磁盘* + +#### 第1步:创建 RAID 1 #### + +4、 首先,使用4块磁盘创建2组 RAID 1,一组为`sdb1′和 `sdc1′,另一组是`sdd1′ 和 `sde1′。 + + # mdadm --create /dev/md1 --metadata=1.2 --level=1 --raid-devices=2 /dev/sd[b-c]1 + # mdadm --create /dev/md2 --metadata=1.2 --level=1 --raid-devices=2 /dev/sd[d-e]1 + # cat /proc/mdstat + +![Creating Raid 1](http://www.tecmint.com/wp-content/uploads/2014/11/Creating-Raid-1.png) + +*创建 RAID 1* + +![Check Details of Raid 1](http://www.tecmint.com/wp-content/uploads/2014/11/Creating-Raid-1.png) + +*查看 RAID 1 的详细信息* + +#### 第2步:创建 RAID 0 #### + +5、 接下来,使用 md1 和 md2 来创建 RAID 0。 + + # mdadm --create /dev/md0 --level=0 --raid-devices=2 /dev/md1 /dev/md2 + # cat /proc/mdstat + +![Creating Raid 0](http://www.tecmint.com/wp-content/uploads/2014/11/Creating-Raid-0.png) + +*创建 RAID 0* + +#### 第3步:保存 RAID 配置 #### + +6、 我们需要将配置文件保存在`/etc/mdadm.conf`文件中,使其每次重新启动后都能加载所有的 RAID 设备。 + + # mdadm --detail --scan --verbose >> /etc/mdadm.conf + +在此之后,我们需要按照方法1中的第3步来创建文件系统。 + +就是这样!我们采用的方法2创建完了 RAID 1+0。我们将会失去一半的磁盘空间,但相比其他 RAID ,它的性能将是非常好的。 + +### 结论 ### + +在这里,我们采用两种方法创建 RAID 10。RAID 10 具有良好的性能和冗余性。希望这篇文章可以帮助你了解 RAID 10 嵌套 RAID。在后面的文章中我们会看到如何扩展现有的 RAID 阵列以及更多精彩的内容。 + +-------------------------------------------------------------------------------- + +via: http://www.tecmint.com/create-raid-10-in-linux/ + +作者:[Babin Lonston][a] +译者:[strugglingyouth](https://github.com/strugglingyouth) +校对:[wxy](https://github.com/wxy) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://www.tecmint.com/author/babinlonston/ diff --git a/published/201508/Part 7 - Growing an Existing RAID Array and Removing Failed Disks in Raid.md b/published/201508/Part 7 - Growing an Existing RAID Array and Removing Failed Disks in Raid.md new file mode 100644 index 0000000000..3376376a2a --- /dev/null +++ b/published/201508/Part 7 - Growing an Existing RAID Array and Removing Failed Disks in Raid.md @@ -0,0 +1,182 @@ +在 Linux 下使用 RAID(七):在 Raid 中扩展现有的 RAID 阵列和删除故障的磁盘 +================================================================================ + +每个新手都会对阵列(array)这个词所代表的意思产生疑惑。阵列只是磁盘的一个集合。换句话说,我们可以称阵列为一个集合(set)或一组(group)。就像一组鸡蛋中包含6个一样。同样 RAID 阵列中包含着多个磁盘,可能是2,4,6,8,12,16等,希望你现在知道了什么是阵列。 + +在这里,我们将看到如何扩展现有的阵列或 RAID 组。例如,如果我们在阵列中使用2个磁盘形成一个 raid 1 集合,在某些情况,如果该组中需要更多的空间,就可以使用 mdadm -grow 命令来扩展阵列大小,只需要将一个磁盘加入到现有的阵列中即可。在说完扩展(添加磁盘到现有的阵列中)后,我们将看看如何从阵列中删除故障的磁盘。 + +![Grow Raid Array in Linux](http://www.tecmint.com/wp-content/uploads/2014/11/Growing-Raid-Array.jpg) + +*扩展 RAID 阵列和删除故障的磁盘* + +假设磁盘中的一个有问题了需要删除该磁盘,但我们需要在删除磁盘前添加一个备用磁盘来扩展该镜像,因为我们需要保存我们的数据。当磁盘发生故障时我们需要从阵列中删除它,这是这个主题中我们将要学习到的。 + +#### 扩展 RAID 的特性 #### + +- 我们可以增加(扩展)任意 RAID 集合的大小。 +- 我们可以在使用新磁盘扩展 RAID 阵列后删除故障的磁盘。 +- 我们可以扩展 RAID 阵列而无需停机。 + +####要求 #### + +- 为了扩展一个RAID阵列,我们需要一个已有的 RAID 组(阵列)。 +- 我们需要额外的磁盘来扩展阵列。 +- 在这里,我们使用一块磁盘来扩展现有的阵列。 + +在我们了解扩展和恢复阵列前,我们必须了解有关 RAID 级别和设置的基本知识。点击下面的链接了解这些。 + +- [介绍 RAID 的级别和概念][1] +- [使用 mdadm 工具创建软件 RAID 0 (条带化)][2] + +#### 我的服务器设置 #### + + 操作系统 : CentOS 6.5 Final +  IP地址 : 192.168.0.230 +  主机名 : grow.tecmintlocal.com + 2 块现有磁盘 : 1 GB + 1 块额外磁盘 : 1 GB + +在这里,我们已有一个 RAID ,有2块磁盘,每个大小为1GB,我们现在再增加一个磁盘到我们现有的 RAID 阵列中,其大小为1GB。 + +### 扩展现有的 RAID 阵列 ### + +1、 在扩展阵列前,首先使用下面的命令列出现有的 RAID 阵列。 + + # mdadm --detail /dev/md0 + +![Check Existing Raid Array](http://www.tecmint.com/wp-content/uploads/2014/11/Check-Existing-Raid-Array.png) + +*检查现有的 RAID 阵列* + +**注意**: 以上输出显示,已经有了两个磁盘在 RAID 阵列中,级别为 RAID 1。现在我们增加一个磁盘到现有的阵列里。 + +2、 现在让我们添加新的磁盘“sdd”,并使用`fdisk`命令来创建分区。 + + # fdisk /dev/sdd + +请使用以下步骤为 /dev/sdd 创建一个新的分区。 + +- 按 `n` 创建新的分区。 +- 然后按 `P` 选择主分区。 +- 接下来选择分区号为1。 +- 只需按两次回车键选择默认值即可。 +- 然后,按 `P` 来打印创建好的分区。 +- 按 `L`,列出所有可用的类型。 +- 按 `t` 去修改分区。 +- 键入 `fd` 设置为 Linux 的 RAID 类型,然后按回车确认。 +- 然后再次使用`p`查看我们所做的更改。 +- 使用`w`保存更改。 + +![Create New Partition in Linux](http://www.tecmint.com/wp-content/uploads/2014/11/Create-New-sdd-Partition.png) + +*为 sdd 创建新的分区* + +3、 一旦新的 sdd 分区创建完成后,你可以使用下面的命令验证它。 + + # ls -l /dev/ | grep sd + +![Confirm sdd Partition](http://www.tecmint.com/wp-content/uploads/2014/11/Confirm-sdd-Partition.png) + +*确认 sdd 分区* + +4、 接下来,在添加到阵列前先检查磁盘是否有 RAID 分区。 + + # mdadm --examine /dev/sdd1 + +![Check Raid on sdd Partition](http://www.tecmint.com/wp-content/uploads/2014/11/Check-Raid-on-sdd-Partition.png) + +*在 sdd 分区中检查 RAID* + +**注意**:以上输出显示,该盘有没有发现 super-blocks,意味着我们可以将新的磁盘添加到现有阵列。 + +5、 要添加新的分区 /dev/sdd1 到现有的阵列 md0,请使用以下命令。 + + # mdadm --manage /dev/md0 --add /dev/sdd1 + +![Add Disk To Raid-Array](http://www.tecmint.com/wp-content/uploads/2014/11/Add-Disk-To-Raid-Array.png) + +*添加磁盘到 RAID 阵列* + +6、 一旦新的磁盘被添加后,在我们的阵列中检查新添加的磁盘。 + + # mdadm --detail /dev/md0 + +![Confirm Disk Added to Raid](http://www.tecmint.com/wp-content/uploads/2014/11/Confirm-Disk-Added-To-Raid.png) + +*确认将新磁盘添加到 RAID 中* + +**注意**: 在上面的输出,你可以看到磁盘已经被添加作为备用的。在这里,我们的阵列中已经有了2个磁盘,但我们期待阵列中有3个磁盘,因此我们需要扩展阵列。 + +7、 要扩展阵列,我们需要使用下面的命令。 + + # mdadm --grow --raid-devices=3 /dev/md0 + +![Grow Raid Array](http://www.tecmint.com/wp-content/uploads/2014/11/Grow-Raid-Array.png) + +*扩展 Raid 阵列* + +现在我们可以看到第三块磁盘(sdd1)已被添加到阵列中,在第三块磁盘被添加后,它将从另外两块磁盘上同步数据。 + + # mdadm --detail /dev/md0 + +![Confirm Raid Array](http://www.tecmint.com/wp-content/uploads/2014/11/Confirm-Raid-Array.png) + +*确认 Raid 阵列* + +**注意**: 对于大容量磁盘会需要几个小时来同步数据。在这里,我们使用的是1GB的虚拟磁盘,所以它非常快在几秒钟内便会完成。 + +### 从阵列中删除磁盘 ### + +8、 在数据被从其他两个磁盘同步到新磁盘`sdd1`后,现在三个磁盘中的数据已经相同了(镜像)。 + +正如我前面所说的,假定一个磁盘出问题了需要被删除。所以,现在假设磁盘`sdc1`出问题了,需要从现有阵列中删除。 + +在删除磁盘前我们要将其标记为失效,然后我们才可以将其删除。 + + # mdadm --fail /dev/md0 /dev/sdc1 + # mdadm --detail /dev/md0 + +![Disk Fail in Raid Array](http://www.tecmint.com/wp-content/uploads/2014/11/Disk-Fail-in-Raid-Array.png) + +*在 RAID 阵列中模拟磁盘故障* + +从上面的输出中,我们清楚地看到,磁盘在下面被标记为 faulty。即使它是 faulty 的,我们仍然可以看到 raid 设备有3个,1个损坏了,状态是 degraded。 + +现在我们要从阵列中删除 faulty 的磁盘,raid 设备将像之前一样继续有2个设备。 + + # mdadm --remove /dev/md0 /dev/sdc1 + +![Remove Disk in Raid Array](http://www.tecmint.com/wp-content/uploads/2014/11/Remove-Disk-in-Raid-Array.png) + +*在 Raid 阵列中删除磁盘* + +9、 一旦故障的磁盘被删除,然后我们只能使用2个磁盘来扩展 raid 阵列了。 + + # mdadm --grow --raid-devices=2 /dev/md0 + # mdadm --detail /dev/md0 + +![Grow Disks in Raid Array](http://www.tecmint.com/wp-content/uploads/2014/11/Grow-Disks-in-Raid-Array.png) + +*在 RAID 阵列扩展磁盘* + +从上面的输出中可以看到,我们的阵列中仅有2台设备。如果你需要再次扩展阵列,按照如上所述的同样步骤进行。如果你需要添加一个磁盘作为备用,将其标记为 spare,因此,如果磁盘出现故障时,它会自动顶上去并重建数据。 + +### 结论 ### + +在这篇文章中,我们已经看到了如何扩展现有的 RAID 集合,以及如何在重新同步已有磁盘的数据后从一个阵列中删除故障磁盘。所有这些步骤都可以不用停机来完成。在数据同步期间,系统用户,文件和应用程序不会受到任何影响。 + +在接下来的文章我将告诉你如何管理 RAID,敬请关注更新,不要忘了写评论。 + +-------------------------------------------------------------------------------- + +via: http://www.tecmint.com/grow-raid-array-in-linux/ + +作者:[Babin Lonston][a] +译者:[strugglingyouth](https://github.com/strugglingyouth) +校对:[wxy](https://github.com/wxy) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://www.tecmint.com/author/babinlonston/ +[1]:https://linux.cn/article-6085-1.html +[2]:https://linux.cn/article-6087-1.html diff --git a/published/kde-plasma-5.4.md b/published/201508/kde-plasma-5.4.md similarity index 100% rename from published/kde-plasma-5.4.md rename to published/201508/kde-plasma-5.4.md diff --git a/published/20150803 Managing Linux Logs.md b/published/20150803 Managing Linux Logs.md new file mode 100644 index 0000000000..dca518e531 --- /dev/null +++ b/published/20150803 Managing Linux Logs.md @@ -0,0 +1,418 @@ +Linux 日志管理指南 +================================================================================ + +管理日志的一个最好做法是将你的日志集中或整合到一个地方,特别是在你有许多服务器或多层级架构时。我们将告诉你为什么这是一个好主意,然后给出如何更容易的做这件事的一些小技巧。 + +### 集中管理日志的好处 ### + +如果你有很多服务器,查看某个日志文件可能会很麻烦。现代的网站和服务经常包括许多服务器层级、分布式的负载均衡器,等等。找到正确的日志将花费很长时间,甚至要花更长时间在登录服务器的相关问题上。没什么比发现你找的信息没有被保存下来更沮丧的了,或者本该保留的日志文件正好在重启后丢失了。 + +集中你的日志使它们查找更快速,可以帮助你更快速的解决产品问题。你不用猜测那个服务器存在问题,因为所有的日志在同一个地方。此外,你可以使用更强大的工具去分析它们,包括日志管理解决方案。一些解决方案能[转换纯文本日志][1]为一些字段,更容易查找和分析。 + +集中你的日志也可以使它们更易于管理: + +- 它们更安全,当它们备份归档到一个单独区域时会有意无意地丢失。如果你的服务器宕机或者无响应,你可以使用集中的日志去调试问题。 +- 你不用担心ssh或者低效的grep命令在陷入困境的系统上需要更多的资源。 +- 你不用担心磁盘占满,这个能让你的服务器死机。 +- 你能保持你的产品服务器的安全性,只是为了查看日志无需给你所有团队登录权限。给你的团队从日志集中区域访问日志权限更安全。 + +随着集中日志管理,你仍需处理由于网络联通性不好或者耗尽大量网络带宽从而导致不能传输日志到中心区域的风险。在下面的章节我们将要讨论如何聪明的解决这些问题。 + +### 流行的日志归集工具 ### + +在 Linux 上最常见的日志归集是通过使用 syslog 守护进程或者日志代理。syslog 守护进程支持本地日志的采集,然后通过syslog 协议传输日志到中心服务器。你可以使用很多流行的守护进程来归集你的日志文件: + +- [rsyslog][2] 是一个轻量后台程序,在大多数 Linux 分支上已经安装。 +- [syslog-ng][3] 是第二流行的 Linux 系统日志后台程序。 +- [logstash][4] 是一个重量级的代理,它可以做更多高级加工和分析。 +- [fluentd][5] 是另一个具有高级处理能力的代理。 + +Rsyslog 是集中日志数据最流行的后台程序,因为它在大多数 Linux 分支上是被默认安装的。你不用下载或安装它,并且它是轻量的,所以不需要占用你太多的系统资源。 + +如果你需要更多先进的过滤或者自定义分析功能,如果你不在乎额外的系统负载,Logstash 是另一个最流行的选择。 + +### 配置 rsyslog.conf ### + +既然 rsyslog 是最广泛使用的系统日志程序,我们将展示如何配置它为日志中心。它的全局配置文件位于 /etc/rsyslog.conf。它加载模块,设置全局指令,和包含位于目录 /etc/rsyslog.d 中的应用的特有的配置。目录中包含的 /etc/rsyslog.d/50-default.conf 指示 rsyslog 将系统日志写到文件。在 [rsyslog 文档][6]中你可以阅读更多相关配置。 + +rsyslog 配置语言是是[RainerScript][7]。你可以给日志指定输入,就像将它们输出到另外一个位置一样。rsyslog 已经配置标准输入默认是 syslog ,所以你通常只需增加一个输出到你的日志服务器。这里有一个 rsyslog 输出到一个外部服务器的配置例子。在本例中,**BEBOP** 是一个服务器的主机名,所以你应该替换为你的自己的服务器名。 + + action(type="omfwd" protocol="tcp" target="BEBOP" port="514") + +你可以发送你的日志到一个有足够的存储容量的日志服务器来存储,提供查询,备份和分析。如果你存储日志到文件系统,那么你应该建立[日志轮转][8]来防止你的磁盘爆满。 + +作为一种选择,你可以发送这些日志到一个日志管理方案。如果你的解决方案是安装在本地你可以发送到系统文档中指定的本地主机和端口。如果你使用基于云提供商,你将发送它们到你的提供商特定的主机名和端口。 + +### 日志目录 ### + +你可以归集一个目录或者匹配一个通配符模式的所有文件。nxlog 和 syslog-ng 程序支持目录和通配符(*)。 + +常见的 rsyslog 不能直接监控目录。作为一种解决办法,你可以设置一个定时任务去监控这个目录的新文件,然后配置 rsyslog 来发送这些文件到目的地,比如你的日志管理系统。举个例子,日志管理提供商 Loggly 有一个开源版本的[目录监控脚本][9]。 + +### 哪个协议: UDP、TCP 或 RELP? ### + +当你使用网络传输数据时,有三个主流协议可以选择。UDP 在你自己的局域网是最常用的,TCP 用在互联网。如果你不能失去(任何)日志,就要使用更高级的 RELP 协议。 + +[UDP][10] 发送一个数据包,那只是一个单一的信息包。它是一个只外传的协议,所以它不会发送给你回执(ACK)。它只尝试发送包。当网络拥堵时,UDP 通常会巧妙的降级或者丢弃日志。它通常使用在类似局域网的可靠网络。 + +[TCP][11] 通过多个包和返回确认发送流式信息。TCP 会多次尝试发送数据包,但是受限于 [TCP 缓存][12]的大小。这是在互联网上发送送日志最常用的协议。 + +[RELP][13] 是这三个协议中最可靠的,但是它是为 rsyslog 创建的,而且很少有行业采用。它在应用层接收数据,如果有错误就会重发。请确认你的日志接受位置也支持这个协议。 + +### 用磁盘辅助队列可靠的传送 ### + +如果 rsyslog 在存储日志时遭遇错误,例如一个不可用网络连接,它能将日志排队直到连接还原。队列日志默认被存储在内存里。无论如何,内存是有限的并且如果问题仍然存在,日志会超出内存容量。 + +**警告:如果你只存储日志到内存,你可能会失去数据。** + +rsyslog 能在内存被占满时将日志队列放到磁盘。[磁盘辅助队列][14]使日志的传输更可靠。这里有一个例子如何配置rsyslog 的磁盘辅助队列: + + $WorkDirectory /var/spool/rsyslog # 暂存文件(spool)放置位置 + $ActionQueueFileName fwdRule1 # 暂存文件的唯一名字前缀 + $ActionQueueMaxDiskSpace 1g # 1gb 空间限制(尽可能大) + $ActionQueueSaveOnShutdown on # 关机时保存日志到磁盘 + $ActionQueueType LinkedList # 异步运行 + $ActionResumeRetryCount -1 # 如果主机宕机,不断重试 + +### 使用 TLS 加密日志 ### + +如果你担心你的数据的安全性和隐私性,你应该考虑加密你的日志。如果你使用纯文本在互联网传输日志,嗅探器和中间人可以读到你的日志。如果日志包含私人信息、敏感的身份数据或者政府管制数据,你应该加密你的日志。rsyslog 程序能使用 TLS 协议加密你的日志保证你的数据更安全。 + +建立 TLS 加密,你应该做如下任务: + +1. 生成一个[证书授权(CA)][15]。在 /contrib/gnutls 有一些证书例子,可以用来测试,但是你需要为产品环境创建自己的证书。如果你正在使用一个日志管理服务,它会给你一个证书。 +1. 为你的服务器生成一个[数字证书][16]使它能启用 SSL 操作,或者使用你自己的日志管理服务提供商的一个数字证书。 +1. 配置你的 rsyslog 程序来发送 TLS 加密数据到你的日志管理系统。 + +这有一个 rsyslog 配置 TLS 加密的例子。替换 CERT 和 DOMAIN_NAME 为你自己的服务器配置。 + + $DefaultNetstreamDriverCAFile /etc/rsyslog.d/keys/ca.d/CERT.crt + $ActionSendStreamDriver gtls + $ActionSendStreamDriverMode 1 + $ActionSendStreamDriverAuthMode x509/name + $ActionSendStreamDriverPermittedPeer *.DOMAIN_NAME.com + +### 应用日志的最佳管理方法 ### + +除 Linux 默认创建的日志之外,归集重要的应用日志也是一个好主意。几乎所有基于 Linux 的服务器应用都把它们的状态信息写入到独立、专门的日志文件中。这包括数据库产品,像 PostgreSQL 或者 MySQL,网站服务器,像 Nginx 或者 Apache,防火墙,打印和文件共享服务,目录和 DNS 服务等等。 + +管理员安装一个应用后要做的第一件事是配置它。Linux 应用程序典型的有一个放在 /etc 目录里 .conf 文件。它也可能在其它地方,但是那是大家找配置文件首先会看的地方。 + +根据应用程序有多复杂多庞大,可配置参数的数量可能会很少或者上百行。如前所述,大多数应用程序可能会在某种日志文件写它们的状态:配置文件是定义日志设置和其它东西的地方。 + +如果你不确定它在哪,你可以使用locate命令去找到它: + + [root@localhost ~]# locate postgresql.conf + /usr/pgsql-9.4/share/postgresql.conf.sample + /var/lib/pgsql/9.4/data/postgresql.conf + +#### 设置一个日志文件的标准位置 #### + +Linux 系统一般保存它们的日志文件在 /var/log 目录下。一般是这样,但是需要检查一下应用是否保存它们在 /var/log 下的特定目录。如果是,很好,如果不是,你也许想在 /var/log 下创建一个专用目录?为什么?因为其它程序也在 /var/log 下保存它们的日志文件,如果你的应用保存超过一个日志文件 - 也许每天一个或者每次重启一个 - 在这么大的目录也许有点难于搜索找到你想要的文件。 + +如果在你网络里你有运行多于一个的应用实例,这个方法依然便利。想想这样的情景,你也许有一打 web 服务器在你的网络运行。当排查任何一个机器的问题时,你就很容易知道确切的位置。 + +#### 使用一个标准的文件名 #### + +给你的应用最新的日志使用一个标准的文件名。这使一些事变得容易,因为你可以监控和追踪一个单独的文件。很多应用程序在它们的日志文件上追加一种时间戳。它让 rsyslog 更难于找到最新的文件和设置文件监控。一个更好的方法是使用日志轮转给老的日志文件增加时间。这样更易去归档和历史查询。 + +#### 追加日志文件 #### + +日志文件会在每个应用程序重启后被覆盖吗?如果这样,我们建议关掉它。每次重启 app 后应该去追加日志文件。这样,你就可以追溯重启前最后的日志。 + +#### 日志文件追加 vs. 轮转 #### + +要是应用程序每次重启后写一个新日志文件,如何保存当前日志?追加到一个单独的、巨大的文件?Linux 系统并不以频繁重启或者崩溃而出名:应用程序可以运行很长时间甚至不间歇,但是也会使日志文件非常大。如果你查询分析上周发生连接错误的原因,你可能无疑的要在成千上万行里搜索。 + +我们建议你配置应用每天半晚轮转(rotate)它的日志文件。 + +为什么?首先它将变得可管理。找一个带有特定日期的文件名比遍历一个文件中指定日期的条目更容易。文件也小的多:你不用考虑当你打开一个日志文件时 vi 僵住。第二,如果你正发送日志到另一个位置 - 也许每晚备份任务拷贝到归集日志服务器 - 这样不会消耗你的网络带宽。最后第三点,这样帮助你做日志保留。如果你想剔除旧的日志记录,这样删除超过指定日期的文件比用一个应用解析一个大文件更容易。 + +#### 日志文件的保留 #### + +你保留你的日志文件多长时间?这绝对可以归结为业务需求。你可能被要求保持一个星期的日志信息,或者管理要求保持一年的数据。无论如何,日志需要在一个时刻或其它情况下从服务器删除。 + +在我们看来,除非必要,只在线保持最近一个月的日志文件,并拷贝它们到第二个地方如日志服务器。任何比这更旧的日志可以被转到一个单独的介质上。例如,如果你在 AWS 上,你的旧日志可以被拷贝到 Glacier。 + +#### 给日志单独的磁盘分区 #### + +更好的,Linux 通常建议挂载到 /var 目录到一个单独的文件系统。这是因为这个目录的高 I/O。我们推荐挂载 /var/log 目录到一个单独的磁盘系统下。这样可以节省与主要的应用数据的 I/O 竞争。另外,如果一些日志文件变的太多,或者一个文件变的太大,不会占满整个磁盘。 + +#### 日志条目 #### + +每个日志条目中应该捕获什么信息? + +这依赖于你想用日志来做什么。你只想用它来排除故障,或者你想捕获所有发生的事?这是一个捕获每个用户在运行什么或查看什么的规则条件吗? + +如果你正用日志做错误排查的目的,那么只保存错误,报警或者致命信息。没有理由去捕获调试信息,例如,应用也许默认记录了调试信息或者另一个管理员也许为了故障排查而打开了调试信息,但是你应该关闭它,因为它肯定会很快的填满空间。在最低限度上,捕获日期、时间、客户端应用名、来源 ip 或者客户端主机名、执行的动作和信息本身。 + +#### 一个 PostgreSQL 的实例 #### + +作为一个例子,让我们看看 vanilla PostgreSQL 9.4 安装的主配置文件。它叫做 postgresql.conf,与其它Linux 系统中的配置文件不同,它不保存在 /etc 目录下。下列的代码段,我们可以在我们的 Centos 7 服务器的 /var/lib/pgsql 目录下找到它: + + root@localhost ~]# vi /var/lib/pgsql/9.4/data/postgresql.conf + ... + #------------------------------------------------------------------------------ + # ERROR REPORTING AND LOGGING + #------------------------------------------------------------------------------ + # - Where to Log - + log_destination = 'stderr' + # Valid values are combinations of + # stderr, csvlog, syslog, and eventlog, + # depending on platform. csvlog + # requires logging_collector to be on. + # This is used when logging to stderr: + logging_collector = on + # Enable capturing of stderr and csvlog + # into log files. Required to be on for + # csvlogs. + # (change requires restart) + # These are only used if logging_collector is on: + log_directory = 'pg_log' + # directory where log files are written, + # can be absolute or relative to PGDATA + log_filename = 'postgresql-%a.log' # log file name pattern, + # can include strftime() escapes + # log_file_mode = 0600 . + # creation mode for log files, + # begin with 0 to use octal notation + log_truncate_on_rotation = on # If on, an existing log file with the + # same name as the new log file will be + # truncated rather than appended to. + # But such truncation only occurs on + # time-driven rotation, not on restarts + # or size-driven rotation. Default is + # off, meaning append to existing files + # in all cases. + log_rotation_age = 1d + # Automatic rotation of logfiles will happen after that time. 0 disables. + log_rotation_size = 0 # Automatic rotation of logfiles will happen after that much log output. 0 disables. + # These are relevant when logging to syslog: + #syslog_facility = 'LOCAL0' + #syslog_ident = 'postgres' + # This is only relevant when logging to eventlog (win32): + #event_source = 'PostgreSQL' + # - When to Log - + #client_min_messages = notice # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # log + # notice + # warning + # error + #log_min_messages = warning # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic + #log_min_error_statement = error # values in order of decreasing detail: + # debug5 + # debug4 + # debug3 + # debug2 + # debug1 + # info + # notice + # warning + # error + # log + # fatal + # panic (effectively off) + #log_min_duration_statement = -1 # -1 is disabled, 0 logs all statements + # and their durations, > 0 logs only + # statements running at least this number + # of milliseconds + # - What to Log + #debug_print_parse = off + #debug_print_rewritten = off + #debug_print_plan = off + #debug_pretty_print = on + #log_checkpoints = off + #log_connections = off + #log_disconnections = off + #log_duration = off + #log_error_verbosity = default + # terse, default, or verbose messages + #log_hostname = off + log_line_prefix = '< %m >' # special values: + # %a = application name + # %u = user name + # %d = database name + # %r = remote host and port + # %h = remote host + # %p = process ID + # %t = timestamp without milliseconds + # %m = timestamp with milliseconds + # %i = command tag + # %e = SQL state + # %c = session ID + # %l = session line number + # %s = session start timestamp + # %v = virtual transaction ID + # %x = transaction ID (0 if none) + # %q = stop here in non-session + # processes + # %% = '%' + # e.g. '<%u%%%d> ' + #log_lock_waits = off # log lock waits >= deadlock_timeout + #log_statement = 'none' # none, ddl, mod, all + #log_temp_files = -1 # log temporary files equal or larger + # than the specified size in kilobytes;5# -1 disables, 0 logs all temp files5 + log_timezone = 'Australia/ACT' + +虽然大多数参数被加上了注释,它们使用了默认值。我们可以看见日志文件目录是 pg_log(log_directory 参数,在 /var/lib/pgsql/9.4/data/ 下的子目录),文件名应该以 postgresql 开头(log_filename参数),文件每天轮转一次(log_rotation_age 参数)然后每行日志记录以时间戳开头(log_line_prefix参数)。特别值得说明的是 log_line_prefix 参数:全部的信息你都可以包含在这。 + +看 /var/lib/pgsql/9.4/data/pg_log 目录下展现给我们这些文件: + + [root@localhost ~]# ls -l /var/lib/pgsql/9.4/data/pg_log + total 20 + -rw-------. 1 postgres postgres 1212 May 1 20:11 postgresql-Fri.log + -rw-------. 1 postgres postgres 243 Feb 9 21:49 postgresql-Mon.log + -rw-------. 1 postgres postgres 1138 Feb 7 11:08 postgresql-Sat.log + -rw-------. 1 postgres postgres 1203 Feb 26 21:32 postgresql-Thu.log + -rw-------. 1 postgres postgres 326 Feb 10 01:20 postgresql-Tue.log + +所以日志文件名只有星期命名的标签。我们可以改变它。如何做?在 postgresql.conf 配置 log_filename 参数。 + +查看一个日志内容,它的条目仅以日期时间开头: + + [root@localhost ~]# cat /var/lib/pgsql/9.4/data/pg_log/postgresql-Fri.log + ... + < 2015-02-27 01:21:27.020 EST >LOG: received fast shutdown request + < 2015-02-27 01:21:27.025 EST >LOG: aborting any active transactions + < 2015-02-27 01:21:27.026 EST >LOG: autovacuum launcher shutting down + < 2015-02-27 01:21:27.036 EST >LOG: shutting down + < 2015-02-27 01:21:27.211 EST >LOG: database system is shut down + +### 归集应用的日志 ### + +#### 使用 imfile 监控日志 #### + +习惯上,应用通常记录它们数据在文件里。文件容易在一个机器上寻找,但是多台服务器上就不是很恰当了。你可以设置日志文件监控,然后当新的日志被添加到文件尾部后就发送事件到一个集中服务器。在 /etc/rsyslog.d/ 里创建一个新的配置文件然后增加一个配置文件,然后输入如下: + + $ModLoad imfile + $InputFilePollInterval 10 + $PrivDropToGroup adm + +----- + # Input for FILE1 + $InputFileName /FILE1 + $InputFileTag APPNAME1 + $InputFileStateFile stat-APPNAME1 #this must be unique for each file being polled + $InputFileSeverity info + $InputFilePersistStateInterval 20000 + $InputRunFileMonitor + +替换 FILE1 和 APPNAME1 为你自己的文件名和应用名称。rsyslog 将发送它到你配置的输出目标中。 + +#### 本地套接字日志与 imuxsock #### + +套接字类似 UNIX 文件句柄,所不同的是套接字内容是由 syslog 守护进程读取到内存中,然后发送到目的地。不需要写入文件。作为一个例子,logger 命令发送它的日志到这个 UNIX 套接字。 + +如果你的服务器 I/O 有限或者你不需要本地文件日志,这个方法可以使系统资源有效利用。这个方法缺点是套接字有队列大小的限制。如果你的 syslog 守护进程宕掉或者不能保持运行,然后你可能会丢失日志数据。 + +rsyslog 程序将默认从 /dev/log 套接字中读取,但是你需要使用如下命令来让 [imuxsock 输入模块][17] 启用它: + + $ModLoad imuxsock + +#### UDP 日志与 imupd #### + +一些应用程序使用 UDP 格式输出日志数据,这是在网络上或者本地传输日志文件的标准 syslog 协议。你的 syslog 守护进程接受这些日志,然后处理它们或者用不同的格式传输它们。备选的,你可以发送日志到你的日志服务器或者到一个日志管理方案中。 + +使用如下命令配置 rsyslog 通过 UDP 来接收标准端口 514 的 syslog 数据: + + $ModLoad imudp + +---------- + + $UDPServerRun 514 + +### 用 logrotate 管理日志 ### + +日志轮转是当日志到达指定的时期时自动归档日志文件的方法。如果不介入,日志文件一直增长,会用尽磁盘空间。最后它们将破坏你的机器。 + +logrotate 工具能随着日志的日期截取你的日志,腾出空间。你的新日志文件保持该文件名。你的旧日志文件被重命名加上后缀数字。每次 logrotate 工具运行,就会创建一个新文件,然后现存的文件被逐一重命名。你来决定何时旧文件被删除或归档的阈值。 + +当 logrotate 拷贝一个文件,新的文件会有一个新的 inode,这会妨碍 rsyslog 监控新文件。你可以通过增加copytruncate 参数到你的 logrotate 定时任务来缓解这个问题。这个参数会拷贝现有的日志文件内容到新文件然后从现有文件截短这些内容。因为日志文件还是同一个,所以 inode 不会改变;但它的内容是一个新文件。 + +logrotate 工具使用的主配置文件是 /etc/logrotate.conf,应用特有设置在 /etc/logrotate.d/ 目录下。DigitalOcean 有一个详细的 [logrotate 教程][18] + +### 管理很多服务器的配置 ### + +当你只有很少的服务器,你可以登录上去手动配置。一旦你有几打或者更多服务器,你可以利用工具的优势使这变得更容易和更可扩展。基本上,所有的事情就是拷贝你的 rsyslog 配置到每个服务器,然后重启 rsyslog 使更改生效。 + +#### pssh #### + +这个工具可以让你在很多服务器上并行的运行一个 ssh 命令。使用 pssh 部署仅用于少量服务器。如果你其中一个服务器失败,然后你必须 ssh 到失败的服务器,然后手动部署。如果你有很多服务器失败,那么手动部署它们会话费很长时间。 + +#### Puppet/Chef #### + +Puppet 和 Chef 是两个不同的工具,它们能在你的网络按你规定的标准自动的配置所有服务器。它们的报表工具可以使你了解错误情况,然后定期重新同步。Puppet 和 Chef 都有一些狂热的支持者。如果你不确定那个更适合你的部署配置管理,你可以拜读一下 [InfoWorld 上这两个工具的对比][19] + +一些厂商也提供一些配置 rsyslog 的模块或者方法。这有一个 Loggly 上 Puppet 模块的例子。它提供给 rsyslog 一个类,你可以添加一个标识令牌: + + node 'my_server_node.example.net' { + # Send syslog events to Loggly + class { 'loggly::rsyslog': + customer_token => 'de7b5ccd-04de-4dc4-fbc9-501393600000', + } + } + +#### Docker #### + +Docker 使用容器去运行应用,不依赖于底层服务。所有东西都运行在内部的容器,你可以把它想象为一个功能单元。ZDNet 有一篇关于在你的数据中心[使用 Docker][20] 的深入文章。 + +这里有很多方式从 Docker 容器记录日志,包括链接到一个日志容器,记录到一个共享卷,或者直接在容器里添加一个 sysllog 代理。其中最流行的日志容器叫做 [logspout][21]。 + +#### 供应商的脚本或代理 #### + +大多数日志管理方案提供一些脚本或者代理,可以从一个或更多服务器相对容易地发送数据。重量级代理会耗尽额外的系统资源。一些供应商像 Loggly 提供配置脚本,来使用现存的 syslog 守护进程更轻松。这有一个 Loggly 上的例子[脚本][22],它能运行在任意数量的服务器上。 + +-------------------------------------------------------------------------------- + +via: http://www.loggly.com/ultimate-guide/logging/managing-linux-logs/ + +作者:[Jason Skowronski][a1] +作者:[Amy Echeverri][a2] +作者:[Sadequl Hussain][a3] +译者:[wyangsun](https://github.com/wyangsun) +校对:[wxy](https://github.com/wxy) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a1]:https://www.linkedin.com/in/jasonskowronski +[a2]:https://www.linkedin.com/in/amyecheverri +[a3]:https://www.linkedin.com/pub/sadequl-hussain/14/711/1a7 +[1]:https://docs.google.com/document/d/11LXZxWlkNSHkcrCWTUdnLRf_CiZz9kK0cr3yGM_BU_0/edit#heading=h.esrreycnpnbl +[2]:http://www.rsyslog.com/ +[3]:http://www.balabit.com/network-security/syslog-ng/opensource-logging-system +[4]:http://logstash.net/ +[5]:http://www.fluentd.org/ +[6]:http://www.rsyslog.com/doc/rsyslog_conf.html +[7]:http://www.rsyslog.com/doc/master/rainerscript/index.html +[8]:https://docs.google.com/document/d/11LXZxWlkNSHkcrCWTUdnLRf_CiZz9kK0cr3yGM_BU_0/edit#heading=h.eck7acdxin87 +[9]:https://www.loggly.com/docs/file-monitoring/ +[10]:http://www.networksorcery.com/enp/protocol/udp.htm +[11]:http://www.networksorcery.com/enp/protocol/tcp.htm +[12]:http://blog.gerhards.net/2008/04/on-unreliability-of-plain-tcp-syslog.html +[13]:http://www.rsyslog.com/doc/relp.html +[14]:http://www.rsyslog.com/doc/queues.html +[15]:http://www.rsyslog.com/doc/tls_cert_ca.html +[16]:http://www.rsyslog.com/doc/tls_cert_machine.html +[17]:http://www.rsyslog.com/doc/v8-stable/configuration/modules/imuxsock.html +[18]:https://www.digitalocean.com/community/tutorials/how-to-manage-log-files-with-logrotate-on-ubuntu-12-10 +[19]:http://www.infoworld.com/article/2614204/data-center/puppet-or-chef--the-configuration-management-dilemma.html +[20]:http://www.zdnet.com/article/what-is-docker-and-why-is-it-so-darn-popular/ +[21]:https://github.com/progrium/logspout +[22]:https://www.loggly.com/docs/sending-logs-unixlinux-system-setup/ diff --git a/translated/tech/20150806 Linux FAQs with Answers--How to enable logging in Open vSwitch for debugging and troubleshooting.md b/published/20150806 Linux FAQs with Answers--How to enable logging in Open vSwitch for debugging and troubleshooting.md similarity index 71% rename from translated/tech/20150806 Linux FAQs with Answers--How to enable logging in Open vSwitch for debugging and troubleshooting.md rename to published/20150806 Linux FAQs with Answers--How to enable logging in Open vSwitch for debugging and troubleshooting.md index 542cf31cb3..f5afec9a88 100644 --- a/translated/tech/20150806 Linux FAQs with Answers--How to enable logging in Open vSwitch for debugging and troubleshooting.md +++ b/published/20150806 Linux FAQs with Answers--How to enable logging in Open vSwitch for debugging and troubleshooting.md @@ -1,10 +1,10 @@ -Linux有问必答——如何启用Open vSwitch的日志功能以便调试和排障 +Linux有问必答:如何启用Open vSwitch的日志功能以便调试和排障 ================================================================================ > **问题** 我试着为我的Open vSwitch部署排障,鉴于此,我想要检查它的由内建日志机制生成的调试信息。我怎样才能启用Open vSwitch的日志功能,并且修改它的日志等级(如,修改成INFO/DEBUG级别)以便于检查更多详细的调试信息呢? -Open vSwitch(OVS)是Linux平台上用于虚拟切换的最流行的开源部署。由于当今的数据中心日益依赖于软件定义的网络(SDN)架构,OVS被作为数据中心的SDN部署中实际上的标准网络元素而快速采用。 +Open vSwitch(OVS)是Linux平台上最流行的开源的虚拟交换机。由于当今的数据中心日益依赖于软件定义网络(SDN)架构,OVS被作为数据中心的SDN部署中的事实标准上的网络元素而得到飞速应用。 -Open vSwitch具有一个内建的日志机制,它称之为VLOG。VLOG工具允许你在各种切换组件中启用并自定义日志,由VLOG生成的日志信息可以被发送到一个控制台,syslog以及一个独立日志文件组合,以供检查。你可以通过一个名为`ovs-appctl`的命令行工具在运行时动态配置OVS日志。 +Open vSwitch具有一个内建的日志机制,它称之为VLOG。VLOG工具允许你在各种网络交换组件中启用并自定义日志,由VLOG生成的日志信息可以被发送到一个控制台、syslog以及一个便于查看的单独日志文件。你可以通过一个名为`ovs-appctl`的命令行工具在运行时动态配置OVS日志。 ![](https://farm1.staticflickr.com/499/19300367114_cd8aac2fb2_c.jpg) @@ -14,7 +14,7 @@ Open vSwitch具有一个内建的日志机制,它称之为VLOG。VLOG工具允 $ sudo ovs-appctl vlog/set module[:facility[:level]] -- **Module**:OVS中的任何合法组件的名称(如netdev,ofproto,dpif,vswitchd,以及其它大量组件) +- **Module**:OVS中的任何合法组件的名称(如netdev,ofproto,dpif,vswitchd等等) - **Facility**:日志信息的目的地(必须是:console,syslog,或者file) - **Level**:日志的详细程度(必须是:emer,err,warn,info,或者dbg) @@ -36,13 +36,13 @@ Open vSwitch具有一个内建的日志机制,它称之为VLOG。VLOG工具允 ![](https://farm1.staticflickr.com/465/19734939478_7eb5d44635_c.jpg) -输出结果显示了用于三个工具(console,syslog,file)的各个模块的调试级别。默认情况下,所有模块的日志等级都被设置为INFO。 +输出结果显示了用于三个场合(facility:console,syslog,file)的各个模块的调试级别。默认情况下,所有模块的日志等级都被设置为INFO。 -指定任何一个OVS模块,你可以选择性地修改任何特定工具的调试级别。例如,如果你想要在控制台屏幕中查看dpif更为详细的调试信息,可以运行以下命令。 +指定任何一个OVS模块,你可以选择性地修改任何特定场合的调试级别。例如,如果你想要在控制台屏幕中查看dpif更为详细的调试信息,可以运行以下命令。 $ sudo ovs-appctl vlog/set dpif:console:dbg -你将看到dpif模块的console工具已经将其日志等级修改为DBG,而其它两个工具syslog和file的日志级别仍然没有改变。 +你将看到dpif模块的console工具已经将其日志等级修改为DBG,而其它两个场合syslog和file的日志级别仍然没有改变。 ![](https://farm1.staticflickr.com/333/19896760146_5d851311ae_c.jpg) @@ -52,7 +52,7 @@ Open vSwitch具有一个内建的日志机制,它称之为VLOG。VLOG工具允 ![](https://farm1.staticflickr.com/351/19734939828_8c7f59e404_c.jpg) -同时,如果你想要一次性修改所有三个工具的日志级别,你可以指定“ANY”作为工具名。例如,下面的命令将修改每个模块的所有工具的日志级别为DBG。 +同时,如果你想要一次性修改所有三个场合的日志级别,你可以指定“ANY”作为场合名。例如,下面的命令将修改每个模块的所有场合的日志级别为DBG。 $ sudo ovs-appctl vlog/set ANY:ANY:dbg @@ -62,7 +62,7 @@ via: http://ask.xmodulo.com/enable-logging-open-vswitch.html 作者:[Dan Nanni][a] 译者:[GOLinux](https://github.com/GOLinux) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出 diff --git a/translated/tech/20150811 How to Install Snort and Usage in Ubuntu 15.04.md b/published/20150811 How to Install Snort and Usage in Ubuntu 15.04.md similarity index 77% rename from translated/tech/20150811 How to Install Snort and Usage in Ubuntu 15.04.md rename to published/20150811 How to Install Snort and Usage in Ubuntu 15.04.md index 06fbfd62b8..01d7f7ec13 100644 --- a/translated/tech/20150811 How to Install Snort and Usage in Ubuntu 15.04.md +++ b/published/20150811 How to Install Snort and Usage in Ubuntu 15.04.md @@ -1,12 +1,13 @@ -在Ubuntu 15.04中如何安装和使用Snort +在 Ubuntu 15.04 中如何安装和使用 Snort ================================================================================ -对于IT安全而言入侵检测是一件非常重要的事。入侵检测系统用于检测网络中非法与恶意的请求。Snort是一款知名的开源入侵检测系统。Web界面(Snorby)可以用于更好地分析警告。Snort使用iptables/pf防火墙来作为入侵检测系统。本篇中,我们会安装并配置一个开源的IDS系统snort。 + +对于网络安全而言入侵检测是一件非常重要的事。入侵检测系统(IDS)用于检测网络中非法与恶意的请求。Snort是一款知名的开源的入侵检测系统。其 Web界面(Snorby)可以用于更好地分析警告。Snort使用iptables/pf防火墙来作为入侵检测系统。本篇中,我们会安装并配置一个开源的入侵检测系统snort。 ### Snort 安装 ### #### 要求 #### -snort所使用的数据采集库(DAQ)用于抽象地调用采集库。这个在snort上就有。下载过程如下截图所示。 +snort所使用的数据采集库(DAQ)用于一个调用包捕获库的抽象层。这个在snort上就有。下载过程如下截图所示。 ![downloading_daq](http://blog.linoxide.com/wp-content/uploads/2015/07/downloading_daq.png) @@ -48,7 +49,7 @@ make和make install 命令的结果如下所示。 ![snort_extraction](http://blog.linoxide.com/wp-content/uploads/2015/07/snort_extraction.png) -创建安装目录并在脚本中设置prefix参数。同样也建议启用包性能监控(PPM)标志。 +创建安装目录并在脚本中设置prefix参数。同样也建议启用包性能监控(PPM)的sourcefire标志。 #mkdir /usr/local/snort @@ -56,7 +57,7 @@ make和make install 命令的结果如下所示。 ![snort_installation](http://blog.linoxide.com/wp-content/uploads/2015/07/snort_installation.png) -配置脚本由于缺少libpcre-dev、libdumbnet-dev 和zlib开发库而报错。 +配置脚本会由于缺少libpcre-dev、libdumbnet-dev 和zlib开发库而报错。 配置脚本由于缺少libpcre库报错。 @@ -96,7 +97,7 @@ make和make install 命令的结果如下所示。 ![make install snort](http://blog.linoxide.com/wp-content/uploads/2015/07/make-install-snort.png) -最终snort在/usr/local/snort/bin中运行。现在它对eth0的所有流量都处在promisc模式(包转储模式)。 +最后,从/usr/local/snort/bin中运行snort。现在它对eth0的所有流量都处在promisc模式(包转储模式)。 ![snort running](http://blog.linoxide.com/wp-content/uploads/2015/07/snort-running.png) @@ -106,14 +107,17 @@ make和make install 命令的结果如下所示。 #### Snort的规则和配置 #### -从源码安装的snort需要规则和安装配置,因此我们会从/etc/snort下面复制规则和配置。我们已经创建了单独的bash脚本来用于规则和配置。它会设置下面这些snort设置。 +从源码安装的snort还需要设置规则和配置,因此我们需要复制规则和配置到/etc/snort下面。我们已经创建了单独的bash脚本来用于设置规则和配置。它会设置下面这些snort设置。 -- 在linux中创建snort用户用于snort IDS服务。 +- 在linux中创建用于snort IDS服务的snort用户。 - 在/etc下面创建snort的配置文件和文件夹。 -- 权限设置并从etc中复制snortsnort源代码 +- 权限设置并从源代码的etc目录中复制数据。 - 从snort文件中移除规则中的#(注释符号)。 - #!/bin/bash##PATH of source code of snort +- + + #!/bin/bash# + # snort源代码的路径 snort_src="/home/test/Downloads/snort-2.9.7.3" echo "adding group and user for snort..." groupadd snort &> /dev/null @@ -141,15 +145,15 @@ make和make install 命令的结果如下所示。 sed -i 's/include \$RULE\_PATH/#include \$RULE\_PATH/' /etc/snort/snort.conf echo "---DONE---" -改变脚本中的snort源目录并运行。下面是成功的输出。 +改变脚本中的snort源目录路径并运行。下面是成功的输出。 ![running script](http://blog.linoxide.com/wp-content/uploads/2015/08/running_script.png) -上面的脚本从snort源中复制下面的文件/文件夹到/etc/snort配置文件中 +上面的脚本从snort源中复制下面的文件和文件夹到/etc/snort配置文件中 ![files copied](http://blog.linoxide.com/wp-content/uploads/2015/08/created.png) -、snort的配置非常复杂,然而为了IDS能正常工作需要进行下面必要的修改。 +snort的配置非常复杂,要让IDS能正常工作需要进行下面必要的修改。 ipvar HOME_NET 192.168.1.0/24 # LAN side @@ -173,7 +177,7 @@ make和make install 命令的结果如下所示。 ![path rules](http://blog.linoxide.com/wp-content/uploads/2015/08/path-rules.png) -下载[下载社区][1]规则并解压到/etc/snort/rules。启用snort.conf中的社区及紧急威胁规则。 +现在[下载社区规则][1]并解压到/etc/snort/rules。启用snort.conf中的社区及紧急威胁规则。 ![wget_rules](http://blog.linoxide.com/wp-content/uploads/2015/08/wget_rules.png) @@ -187,7 +191,7 @@ make和make install 命令的结果如下所示。 ### 总结 ### -本篇中,我们致力于开源IDPS系统snort在Ubuntu上的安装和配置。默认它用于监控时间,然而它可以被配置成用于网络保护的内联模式。snort规则可以在离线模式中可以使用pcap文件测试和分析 +本篇中,我们关注了开源IDPS系统snort在Ubuntu上的安装和配置。通常它用于监控事件,然而它可以被配置成用于网络保护的在线模式。snort规则可以在离线模式中可以使用pcap捕获文件进行测试和分析 -------------------------------------------------------------------------------- @@ -195,7 +199,7 @@ via: http://linoxide.com/security/install-snort-usage-ubuntu-15-04/ 作者:[nido][a] 译者:[geekpi](https://github.com/geekpi) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出 diff --git a/translated/tech/20150811 fdupes--A Comamndline Tool to Find and Delete Duplicate Files in Linux.md b/published/20150811 fdupes--A Comamndline Tool to Find and Delete Duplicate Files in Linux.md similarity index 80% rename from translated/tech/20150811 fdupes--A Comamndline Tool to Find and Delete Duplicate Files in Linux.md rename to published/20150811 fdupes--A Comamndline Tool to Find and Delete Duplicate Files in Linux.md index 09f10fb546..76a06ea37c 100644 --- a/translated/tech/20150811 fdupes--A Comamndline Tool to Find and Delete Duplicate Files in Linux.md +++ b/published/20150811 fdupes--A Comamndline Tool to Find and Delete Duplicate Files in Linux.md @@ -1,16 +1,16 @@ -fdupes——Linux中查找并删除重复文件的命令行工具 +fdupes:Linux中查找并删除重复文件的命令行工具 ================================================================================ -对于大多数计算机用户而言,查找并替换重复的文件是一个常见的需求。查找并移除重复文件真是一项领人不胜其烦的工作,它耗时又耗力。如果你的机器上跑着GNU/Linux,那么查找重复文件会变得十分简单,这多亏了`**fdupes**`工具。 +对于大多数计算机用户而言,查找并替换重复的文件是一个常见的需求。查找并移除重复文件真是一项令人不胜其烦的工作,它耗时又耗力。但如果你的机器上跑着GNU/Linux,那么查找重复文件会变得十分简单,这多亏了`fdupes`工具。 ![Find and Delete Duplicate Files in Linux](http://www.tecmint.com/wp-content/uploads/2015/08/find-and-delete-duplicate-files-in-linux.png) -Fdupes——在Linux中查找并删除重复文件 +*fdupes——在Linux中查找并删除重复文件* ### fdupes是啥东东? ### -**Fdupes**是Linux下的一个工具,它由**Adrian Lopez**用C编程语言编写并基于MIT许可证发行,该应用程序可以在指定的目录及子目录中查找重复的文件。Fdupes通过对比文件的MD5签名,以及逐字节比较文件来识别重复内容,可以为Fdupes指定大量的选项以实现对文件的列出、删除、替换到文件副本的硬链接等操作。 +**fdupes**是Linux下的一个工具,它由**Adrian Lopez**用C编程语言编写并基于MIT许可证发行,该应用程序可以在指定的目录及子目录中查找重复的文件。fdupes通过对比文件的MD5签名,以及逐字节比较文件来识别重复内容,fdupes有各种选项,可以实现对文件的列出、删除、替换为文件副本的硬链接等操作。 -对比以下列顺序开始: +文件对比以下列顺序开始: **大小对比 > 部分 MD5 签名对比 > 完整 MD5 签名对比 > 逐字节对比** @@ -27,8 +27,9 @@ Fdupes——在Linux中查找并删除重复文件 **注意**:自Fedora 22之后,默认的包管理器yum被dnf取代了。 -### fdupes命令咋个搞? ### -1.作为演示的目的,让我们来在某个目录(比如 tecmint)下创建一些重复文件,命令如下: +### fdupes命令如何使用 ### + +1、 作为演示的目的,让我们来在某个目录(比如 tecmint)下创建一些重复文件,命令如下: $ mkdir /home/"$USER"/Desktop/tecmint && cd /home/"$USER"/Desktop/tecmint && for i in {1..15}; do echo "I Love Tecmint. Tecmint is a very nice community of Linux Users." > tecmint${i}.txt ; done @@ -57,7 +58,7 @@ Fdupes——在Linux中查找并删除重复文件 "I Love Tecmint. Tecmint is a very nice community of Linux Users." -2.现在在**tecmint**文件夹内搜索重复的文件。 +2、 现在在**tecmint**文件夹内搜索重复的文件。 $ fdupes /home/$USER/Desktop/tecmint @@ -77,7 +78,7 @@ Fdupes——在Linux中查找并删除重复文件 /home/tecmint/Desktop/tecmint/tecmint15.txt /home/tecmint/Desktop/tecmint/tecmint12.txt -3.使用**-r**选项在每个目录包括其子目录中递归搜索重复文件。 +3、 使用**-r**选项在每个目录包括其子目录中递归搜索重复文件。 它会递归搜索所有文件和文件夹,花一点时间来扫描重复文件,时间的长短取决于文件和文件夹的数量。在此其间,终端中会显示全部过程,像下面这样。 @@ -85,7 +86,7 @@ Fdupes——在Linux中查找并删除重复文件 Progress [37780/54747] 69% -4.使用**-S**选项来查看某个文件夹内找到的重复文件的大小。 +4、 使用**-S**选项来查看某个文件夹内找到的重复文件的大小。 $ fdupes -S /home/$USER/Desktop/tecmint @@ -106,7 +107,7 @@ Fdupes——在Linux中查找并删除重复文件 /home/tecmint/Desktop/tecmint/tecmint15.txt /home/tecmint/Desktop/tecmint/tecmint12.txt -5.你可以同时使用**-S**和**-r**选项来查看所有涉及到的目录和子目录中的重复文件的大小,如下: +5、 你可以同时使用**-S**和**-r**选项来查看所有涉及到的目录和子目录中的重复文件的大小,如下: $ fdupes -Sr /home/avi/Desktop/ @@ -131,11 +132,11 @@ Fdupes——在Linux中查找并删除重复文件 /home/tecmint/Desktop/resume_files/r-csc.html /home/tecmint/Desktop/resume_files/fc.html -6.不同于在一个或所有文件夹内递归搜索,你可以选择按要求有选择性地在两个或三个文件夹内进行搜索。不必再提醒你了吧,如有需要,你可以使用**-S**和/或**-r**选项。 +6、 不同于在一个或所有文件夹内递归搜索,你可以选择按要求有选择性地在两个或三个文件夹内进行搜索。不必再提醒你了吧,如有需要,你可以使用**-S**和/或**-r**选项。 $ fdupes /home/avi/Desktop/ /home/avi/Templates/ -7.要删除重复文件,同时保留一个副本,你可以使用`**-d**`选项。使用该选项,你必须额外小心,否则最终结果可能会是文件/数据的丢失。郑重提醒,此操作不可恢复。 +7、 要删除重复文件,同时保留一个副本,你可以使用`-d`选项。使用该选项,你必须额外小心,否则最终结果可能会是文件/数据的丢失。郑重提醒,此操作不可恢复。 $ fdupes -d /home/$USER/Desktop/tecmint @@ -177,13 +178,13 @@ Fdupes——在Linux中查找并删除重复文件 [-] /home/tecmint/Desktop/tecmint/tecmint15.txt [-] /home/tecmint/Desktop/tecmint/tecmint12.txt -8.从安全角度出发,你可能想要打印`**fdupes**`的输出结果到文件中,然后检查文本文件来决定要删除什么文件。这可以降低意外删除文件的风险。你可以这么做: +8、 从安全角度出发,你可能想要打印`fdupes`的输出结果到文件中,然后检查文本文件来决定要删除什么文件。这可以降低意外删除文件的风险。你可以这么做: $ fdupes -Sr /home > /home/fdupes.txt -**注意**:你可以替换`**/home**`为你想要的文件夹。同时,如果你想要递归搜索并打印大小,可以使用`**-r**`和`**-S**`选项。 +**注意**:你应该替换`/home`为你想要的文件夹。同时,如果你想要递归搜索并打印大小,可以使用`-r`和`-S`选项。 -9.你可以使用`**-f**`选项来忽略每个匹配集中的首个文件。 +9、 你可以使用`-f`选项来忽略每个匹配集中的首个文件。 首先列出该目录中的文件。 @@ -205,13 +206,13 @@ Fdupes——在Linux中查找并删除重复文件 /home/tecmint/Desktop/tecmint9 (another copy).txt /home/tecmint/Desktop/tecmint9 (4th copy).txt -10.检查已安装的fdupes版本。 +10、 检查已安装的fdupes版本。 $ fdupes --version fdupes 1.51 -11.如果你需要关于fdupes的帮助,可以使用`**-h**`开关。 +11、 如果你需要关于fdupes的帮助,可以使用`-h`开关。 $ fdupes -h @@ -245,7 +246,7 @@ Fdupes——在Linux中查找并删除重复文件 -v --version display fdupes version -h --help display this help message -到此为止了。让我知道你到现在为止你是怎么在Linux中查找并删除重复文件的?同时,也让我知道你关于这个工具的看法。在下面的评论部分中提供你有价值的反馈吧,别忘了为我们点赞并分享,帮助我们扩散哦。 +到此为止了。让我知道你以前怎么在Linux中查找并删除重复文件的吧?同时,也让我知道你关于这个工具的看法。在下面的评论部分中提供你有价值的反馈吧,别忘了为我们点赞并分享,帮助我们扩散哦。 我正在使用另外一个移除重复文件的工具,它叫**fslint**。很快就会把使用心得分享给大家哦,你们一定会喜欢看的。 @@ -254,10 +255,10 @@ Fdupes——在Linux中查找并删除重复文件 via: http://www.tecmint.com/fdupes-find-and-delete-duplicate-files-in-linux/ 作者:[GOLinux](https://github.com/GOLinux) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出 [a]:http://www.tecmint.com/author/avishek/ -[1]:http://www.tecmint.com/how-to-enable-epel-repository-for-rhel-centos-6-5/ -[2]:http://www.tecmint.com/15-basic-ls-command-examples-in-linux/ +[1]:https://linux.cn/article-2324-1.html +[2]:https://linux.cn/article-5109-1.html diff --git a/translated/tech/20150812 Linux Tricks--Play Game in Chrome Text-to-Speech Schedule a Job and Watch Commands in Linux.md b/published/20150812 Linux Tricks--Play Game in Chrome Text-to-Speech Schedule a Job and Watch Commands in Linux.md similarity index 74% rename from translated/tech/20150812 Linux Tricks--Play Game in Chrome Text-to-Speech Schedule a Job and Watch Commands in Linux.md rename to published/20150812 Linux Tricks--Play Game in Chrome Text-to-Speech Schedule a Job and Watch Commands in Linux.md index 54d3996e0e..80e90df7fb 100644 --- a/translated/tech/20150812 Linux Tricks--Play Game in Chrome Text-to-Speech Schedule a Job and Watch Commands in Linux.md +++ b/published/20150812 Linux Tricks--Play Game in Chrome Text-to-Speech Schedule a Job and Watch Commands in Linux.md @@ -1,11 +1,11 @@ -Linux小技巧:Chrome小游戏,文字说话,计划作业,重复执行命令 +Linux 小技巧:Chrome 小游戏,让文字说话,计划作业,重复执行命令 ================================================================================ 重要的事情说两遍,我完成了一个[Linux提示与彩蛋][1]系列,让你的Linux获得更多创造和娱乐。 ![Linux提示与彩蛋系列](http://www.tecmint.com/wp-content/uploads/2015/08/Linux-Tips-and-Tricks.png) -Linux提示与彩蛋系列 +*Linux提示与彩蛋系列* 本文,我将会讲解Google-chrome内建小游戏,在终端中如何让文字说话,使用‘at’命令设置作业和使用watch命令重复执行命令。 @@ -17,7 +17,7 @@ Linux提示与彩蛋系列 ![不能连接到互联网](http://www.tecmint.com/wp-content/uploads/2015/08/Unable-to-Connect-Internet.png) -不能连接到互联网 +*不能连接到互联网* 按下空格键来激活Google-chrome彩蛋游戏。游戏没有时间限制。并且还不需要浪费时间安装使用。 @@ -27,27 +27,25 @@ Linux提示与彩蛋系列 ![Google Chrome中玩游戏](http://www.tecmint.com/wp-content/uploads/2015/08/Play-Game-in-Google-Chrome.gif) -Google Chrome中玩游戏 +*Google Chrome中玩游戏* ### 2. Linux 终端中朗读文字 ### -对于那些不能文字朗读的设备,有个小工具可以实现文字说话的转换器。 -espeak支持多种语言,可以及时朗读输入文字。 +对于那些不能文字朗读的设备,有个小工具可以实现文字说话的转换器。用各种语言写一些东西,espeak就可以朗读给你。 系统应该默认安装了Espeak,如果你的系统没有安装,你可以使用下列命令来安装: # apt-get install espeak (Debian) # yum install espeak (CentOS) - # dnf install espeak (Fedora 22 onwards) + # dnf install espeak (Fedora 22 及其以后) -You may ask espeak to accept Input Interactively from standard Input device and convert it to speech for you. You may do: -你可以设置接受从标准输入的交互地输入并及时转换成语音朗读出来。这样设置: +你可以让espeak接受标准输入的交互输入并及时转换成语音朗读出来。如下: $ espeak [按回车键] 更详细的输出你可以这样做: - $ espeak --stdout | aplay [按回车键][这里需要双击] + $ espeak --stdout | aplay [按回车键][再次回车] espeak设置灵活,也可以朗读文本文件。你可以这样设置: @@ -55,29 +53,29 @@ espeak设置灵活,也可以朗读文本文件。你可以这样设置: espeak可以设置朗读速度。默认速度是160词每分钟。使用-s参数来设置。 -设置30词每分钟: +设置每分钟30词的语速: $ espeak -s 30 -f /path/to/text/file/file_name.txt | aplay -设置200词每分钟: +设置每分钟200词的语速: $ espeak -s 200 -f /path/to/text/file/file_name.txt | aplay -让其他语言说北印度语(作者母语),这样设置: +说其他语言,比如北印度语(作者母语),这样设置: $ espeak -v hindi --stdout 'टेकमिंट विश्व की एक बेहतरीन लाइंक्स आधारित वेबसाइट है|' | aplay -espeak支持多种语言,支持自定义设置。使用下列命令来获得语言表: +你可以使用各种语言,让espeak如上面说的以你选择的语言朗读。使用下列命令来获得语言列表: $ espeak --voices -### 3. 快速计划作业 ### +### 3. 快速调度任务 ### -我们已经非常熟悉使用[cron][2]后台执行一个计划命令。 +我们已经非常熟悉使用[cron][2]守护进程执行一个计划命令。 Cron是一个Linux系统管理的高级命令,用于计划定时任务如备份或者指定时间或间隔的任何事情。 -但是,你是否知道at命令可以让你计划一个作业或者命令在指定时间?at命令可以指定时间和指定内容执行作业。 +但是,你是否知道at命令可以让你在指定时间调度一个任务或者命令?at命令可以指定时间执行指定内容。 例如,你打算在早上11点2分执行uptime命令,你只需要这样做: @@ -85,17 +83,17 @@ Cron是一个Linux系统管理的高级命令,用于计划定时任务如备 uptime >> /home/$USER/uptime.txt Ctrl+D -![Linux中计划作业](http://www.tecmint.com/wp-content/uploads/2015/08/Schedule-Job-in-Linux.png) +![Linux中计划任务](http://www.tecmint.com/wp-content/uploads/2015/08/Schedule-Job-in-Linux.png) -Linux中计划作业 +*Linux中计划任务* 检查at命令是否成功设置,使用: $ at -l -![浏览计划作业](http://www.tecmint.com/wp-content/uploads/2015/08/View-Scheduled-Jobs.png) +![浏览计划任务](http://www.tecmint.com/wp-content/uploads/2015/08/View-Scheduled-Jobs.png) -浏览计划作业 +*浏览计划任务* at支持计划多个命令,例如: @@ -117,17 +115,17 @@ at支持计划多个命令,例如: ![Linux中查看日期和时间](http://www.tecmint.com/wp-content/uploads/2015/08/Check-Date-in-Linux.png) -Linux中查看日期和时间 +*Linux中查看日期和时间* -为了查看这个命令每三秒的输出,我需要运行下列命令: +为了每三秒查看一下这个命令的输出,我需要运行下列命令: $ watch -n 3 'date +"%H:%M:%S"' ![Linux中watch命令](http://www.tecmint.com/wp-content/uploads/2015/08/Watch-Command-in-Linux.gif) -Linux中watch命令 +*Linux中watch命令* -watch命令的‘-n’开关设定时间间隔。在上诉命令中,我们定义了时间间隔为3秒。你可以按你的需求定义。同样watch +watch命令的‘-n’开关设定时间间隔。在上述命令中,我们定义了时间间隔为3秒。你可以按你的需求定义。同样watch 也支持其他命令或者脚本。 至此。希望你喜欢这个系列的文章,让你的linux更有创造性,获得更多快乐。所有的建议欢迎评论。欢迎你也看看其他文章,谢谢。 @@ -138,7 +136,7 @@ via: http://www.tecmint.com/text-to-speech-in-terminal-schedule-a-job-and-watch- 作者:[Avishek Kumar][a] 译者:[VicYu/Vic020](http://vicyu.net) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出 diff --git a/published/20150813 Linux file system hierarchy v2.0.md b/published/20150813 Linux file system hierarchy v2.0.md new file mode 100644 index 0000000000..6a68efbd67 --- /dev/null +++ b/published/20150813 Linux file system hierarchy v2.0.md @@ -0,0 +1,440 @@ +Linux 文件系统结构介绍 +================================================================================ + +![](http://www.blackmoreops.com/wp-content/uploads/2015/06/Linux-file-system-hierarchy-v2.0-2480px-blackMORE-Ops.png) + +Linux中的文件是什么?它的文件系统又是什么?那些配置文件又在哪里?我下载好的程序保存在哪里了?在 Linux 中文件系统是标准结构的吗?好了,上图简明地阐释了Linux的文件系统的层次关系。当你苦于寻找配置文件或者二进制文件的时候,这便显得十分有用了。我在下方添加了一些解释以及例子,不过“篇幅较长,可以有空再看”。 + +另外一种情况便是当你在系统中获取配置以及二进制文件时,出现了不一致性问题,如果你是在一个大型组织中,或者只是一个终端用户,这也有可能会破坏你的系统(比如,二进制文件运行在旧的库文件上了)。若然你在[你的Linux系统上做安全审计][1]的话,你将会发现它很容易遭到各种攻击。所以,保持一个清洁的操作系统(无论是Windows还是Linux)都显得十分重要。 + +### Linux的文件是什么? ### + +对于UNIX系统来说(同样适用于Linux),以下便是对文件简单的描述: + +> 在UNIX系统中,一切皆为文件;若非文件,则为进程 + +这种定义是比较正确的,因为有些特殊的文件不仅仅是普通文件(比如命名管道和套接字),不过为了让事情变的简单,“一切皆为文件”也是一个可以让人接受的说法。Linux系统也像UNIX系统一样,将文件和目录视如同物,因为目录只是一个包含了其他文件名的文件而已。程序、服务、文本、图片等等,都是文件。对于系统来说,输入和输出设备,基本上所有的设备,都被当做是文件。 + +题图版本历史: + +- Version 2.0 – 17-06-2015 + - – Improved: 添加标题以及版本历史 + - – Improved: 添加/srv,/meida和/proc + - – Improved: 更新了反映当前的Linux文件系统的描述 + - – Fixed: 多处的打印错误 + - – Fixed: 外观和颜色 +- Version 1.0 – 14-02-2015 + - – Created: 基本的图表 + - – Note: 摒弃更低的版本 + +### 下载链接 ### + +以下是大图的下载地址。如果你需要其他格式,请跟原作者联系,他会尝试制作并且上传到某个地方以供下载 + +- [大图 (PNG 格式) – 2480×1755 px – 184KB][2] +- [最大图 (PDF 格式) – 9919x7019 px – 1686KB][3] + +**注意**: PDF格式文件是打印的最好选择,因为它画质很高。 + +### Linux 文件系统描述 ### + +为了有序地管理那些文件,人们习惯把这些文件当做是硬盘上的有序的树状结构,正如我们熟悉的'MS-DOS'(磁盘操作系统)就是一个例子。大的分枝包括更多的分枝,分枝的末梢是树的叶子或者普通的文件。现在我们将会以这树形图为例,但晚点我们会发现为什么这不是一个完全准确的一幅图。 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
目录描述
+ / + 主层次 的根,也是整个文件系统层次结构的根目录
+ /bin + 存放在单用户模式可用的必要命令二进制文件,所有用户都可用,如 cat、ls、cp等等
+ /boot + 存放引导加载程序文件,例如kernels、initrd等
+ /dev + 存放必要的设备文件,例如/dev/null
+ /etc + 存放主机特定的系统级配置文件。其实这里有个关于它名字本身意义上的的争议。在贝尔实验室的UNIX实施文档的早期版本中,/etc表示是“其他(etcetera)目录”,因为从历史上看,这个目录是存放各种不属于其他目录的文件(然而,文件系统目录标准 FSH 限定 /etc 用于存放静态配置文件,这里不该存有二进制文件)。早期文档出版后,这个目录名又重新定义成不同的形式。近期的解释中包含着诸如“可编辑文本配置”或者“额外的工具箱”这样的重定义
+ + + /etc/opt + + + 存储着新增包的配置文件 /opt/.
+ + + /etc/sgml + + + 存放配置文件,比如 catalogs,用于那些处理SGML(译者注:标准通用标记语言)的软件的配置文件
+ + + /etc/X11 + + + X Window 系统11版本的的配置文件
+ + + /etc/xml + + + 配置文件,比如catalogs,用于那些处理XML(译者注:可扩展标记语言)的软件的配置文件
+ /home + 用户的主目录,包括保存的文件,个人配置,等等
+ /lib + /bin//sbin/中的二进制文件的必需的库文件
+ /lib<架构位数> + 备用格式的必要的库文件。 这样的目录是可选的,但如果他们存在的话肯定是有需要用到它们的程序
+ /media + 可移动的多媒体(如CD-ROMs)的挂载点。(出现于 FHS-2.3)
+ /mnt + 临时挂载的文件系统
+ /opt + 可选的应用程序软件包
+ /proc + 以文件形式提供进程以及内核信息的虚拟文件系统,在Linux中,对应进程文件系统(procfs )的挂载点
+ /root + 根用户的主目录
+ /sbin + 必要的系统级二进制文件,比如, init, ip, mount
+ /srv + 系统提供的站点特定数据
+ /tmp + 临时文件 (另见 /var/tmp). 通常在系统重启后删除
+ /usr + 二级层级存储用户的只读数据; 包含(多)用户主要的公共文件以及应用程序
+ + + /usr/bin + + + 非必要的命令二进制文件 (在单用户模式中不需要用到的);用于所有用户
+ + + /usr/include + + + 标准的包含文件
+ + + /usr/lib + + + 库文件,用于/usr/bin//usr/sbin/中的二进制文件
+ + + /usr/lib<架构位数> + + + 备用格式库(可选的)
+ + + /usr/local + + + 三级层次 用于本地数据,具体到该主机上的。通常会有下一个子目录, 比如, bin/, lib/, share/.
+ + + /usr/local/sbin + + + 非必要系统的二进制文件,比如用于不同网络服务的守护进程
+ + + /usr/share + + + 架构无关的 (共享) 数据.
+ + + /usr/src + + + 源代码,比如内核源文件以及与它相关的头文件
+ + + /usr/X11R6 + + + X Window系统,版本号:11,发行版本:6
+ /var + 各式各样的(Variable)文件,一些随着系统常规操作而持续改变的文件就放在这里,比如日志文件,脱机文件,还有临时的电子邮件文件
+ + + /var/cache + + + 应用程序缓存数据. 这些数据是由耗时的I/O(输入/输出)的或者是运算本地生成的结果。这些应用程序是可以重新生成或者恢复数据的。当没有数据丢失的时候,可以删除缓存文件
+ + + /var/lib + + + 状态信息。这些信息随着程序的运行而不停地改变,比如,数据库,软件包系统的元数据等等
+ + + /var/lock + + + 锁文件。这些文件用于跟踪正在使用的资源
+ + + /var/log + + + 日志文件。包含各种日志。
+ + + /var/mail + + + 内含用户邮箱的相关文件
+ + + /var/opt + + + 来自附加包的各种数据都会存储在 /var/opt/.
+ + + /var/run + + + 存放当前系统上次启动以来的相关信息,例如当前登入的用户以及当前运行的daemons(守护进程).
+ + + /var/spool + + + 该spool主要用于存放将要被处理的任务,比如打印队列以及邮件外发队列
+ + + + + /var/mail + + + + + 过时的位置,用于放置用户邮箱文件
+ + + /var/tmp + + + 存放重启后保留的临时文件
+ +### Linux的文件类型 ### + +大多数文件仅仅是普通文件,他们被称为`regular`文件;他们包含普通数据,比如,文本、可执行文件、或者程序、程序的输入或输出等等 + +虽然你可以认为“在Linux中,一切你看到的皆为文件”这个观点相当保险,但这里仍有着一些例外。 + +- `目录`:由其他文件组成的文件 +- `特殊文件`:用于输入和输出的途径。大多数特殊文件都储存在`/dev`中,我们将会在后面讨论这个问题。 +- `链接文件`:让文件或者目录出现在系统文件树结构上多个地方的机制。我们将详细地讨论这个链接文件。 +- `(域)套接字`:特殊的文件类型,和TCP/IP协议中的套接字有点像,提供进程间网络通讯,并受文件系统的访问控制机制保护。 +- `命名管道` : 或多或少有点像sockets(套接字),提供一个进程间的通信机制,而不用网络套接字协议。 + +### 现实中的文件系统 ### + +对于大多数用户和常规系统管理任务而言,“文件和目录是一个有序的类树结构”是可以接受的。然而,对于电脑而言,它是不会理解什么是树,或者什么是树结构。 + +每个分区都有它自己的文件系统。想象一下,如果把那些文件系统想成一个整体,我们可以构思一个关于整个系统的树结构,不过这并没有这么简单。在文件系统中,一个文件代表着一个`inode`(索引节点),这是一种包含着构建文件的实际数据信息的序列号:这些数据表示文件是属于谁的,还有它在硬盘中的位置。 + +每个分区都有一套属于他们自己的inode,在一个系统的不同分区中,可以存在有相同inode的文件。 + +每个inode都表示着一种在硬盘上的数据结构,保存着文件的属性,包括文件数据的物理地址。当硬盘被格式化并用来存储数据时(通常发生在初始系统安装过程,或者是在一个已经存在的系统中添加额外的硬盘),每个分区都会创建固定数量的inode。这个值表示这个分区能够同时存储各类文件的最大数量。我们通常用一个inode去映射2-8k的数据块。当一个新的文件生成后,它就会获得一个空闲的inode。在这个inode里面存储着以下信息: + +- 文件属主和组属主 +- 文件类型(常规文件,目录文件......) +- 文件权限 +- 创建、最近一次读文件和修改文件的时间 +- inode里该信息被修改的时间 +- 文件的链接数(详见下一章) +- 文件大小 +- 文件数据的实际地址 + +唯一不在inode的信息是文件名和目录。它们存储在特殊的目录文件。通过比较文件名和inode的数目,系统能够构造出一个便于用户理解的树结构。用户可以通过ls -i查看inode的数目。在硬盘上,inodes有他们独立的空间。 + +------------------------ + +via: http://www.blackmoreops.com/2015/06/18/linux-file-system-hierarchy-v2-0/ + +译者:[tnuoccalanosrep](https://github.com/tnuoccalanosrep) +校对:[wxy](https://github.com/wxy) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出 + +[1]:http://www.blackmoreops.com/2015/02/15/in-light-of-recent-linux-exploits-linux-security-audit-is-a-must/ +[2]:http://www.blackmoreops.com/wp-content/uploads/2015/06/Linux-file-system-hierarchy-v2.0-2480px-blackMORE-Ops.png +[3]:http://www.blackmoreops.com/wp-content/uploads/2015/06/Linux-File-System-Hierarchy-blackMORE-Ops.pdf diff --git a/published/20150818 Debian GNU or Linux Birthday-- A 22 Years of Journey and Still Counting.md b/published/20150818 Debian GNU or Linux Birthday-- A 22 Years of Journey and Still Counting.md new file mode 100644 index 0000000000..e14e0ba320 --- /dev/null +++ b/published/20150818 Debian GNU or Linux Birthday-- A 22 Years of Journey and Still Counting.md @@ -0,0 +1,108 @@ +Debian GNU/Linux,22 年未完的美妙旅程 +================================================================================ + +在2015年8月16日, Debian项目组庆祝了 Debian 的22周年纪念日;这也是开源世界历史最悠久、热门的发行版之一。 Debian项目于1993年由Ian Murdock创立。彼时,Slackware 作为最早的 Linux 发行版已经名声在外。 + +![Happy 22nd Birthday to Debian](http://www.tecmint.com/wp-content/uploads/2014/08/Debian-22nd-Birthday.png) + +*22岁生日快乐! Debian Linux!* + +Ian Ashly Murdock, 一个美国职业软件工程师, 在他还是普渡大学的学生时构想出了 Debian 项目的计划。他把这个项目命名为 Debian 是由于这个名字组合了他彼时女友的名字 Debra Lynn 和他自己的名字 Ian。 他之后和 Lynn 结婚并在2008年1月离婚。 + +![Ian Murdock](http://www.tecmint.com/wp-content/uploads/2014/08/Ian-Murdock.jpeg) + +*Debian 创始人:Ian Murdock* + +Ian 目前是 ExactTarget 的平台与开发社区的副总裁。 + +Debian (如同Slackware一样) 都是由于当时缺乏满足合乎标准的发行版才应运而生的。 Ian 在一次采访中说:“免费提供一流的产品会是 Debian 项目的唯一使命。 尽管过去的 Linux 发行版均不尽然可靠抑或是优秀。 我印象里...比如在不同的文件系统间移动文件, 处理大型文件经常会导致内核出错。 但是 Linux 其实是很可靠的, 自由的源代码让这个项目本质上很有前途。” + +"我记得过去我像其他想解决问题的人一样, 想在家里运行一个像 UNIX 的东西。 但那是不可能的, 无论是经济上还是法律上或是别的什么角度。 然后我就听闻了 GNU 内核开发项目, 以及这个项目是如何没有任何法律纷争", Ian 补充到。 他早年在开发 Debian 时曾被自由软件基金会(FSF)资助, 这份资助帮助 Debian 取得了长足的发展; 尽管一年后由于学业原因 Ian 退出了 FSF 转而去完成他的学位。 + +### Debian开发历史 ### + +- **Debian 0.01 – 0.09** : 发布于 1993 年八月 – 1993 年十二月。 +- **Debian 0.91** : 发布于 1994 年一月。 有了原始的包管理系统, 没有依赖管理机制。 +- **Debian 0.93 rc5** : 发布于 1995 年三月。 “现代”意义的 Debian 的第一次发布, 在基础系统安装后会使用dpkg 安装以及管理其他软件包。 +- **Debian 0.93 rc6**: 发布于 1995 年十一月。 最后一次 a.out 发布, deselect 机制第一次出现, 有60位开发者在彼时维护着软件包。 +- **Debian 1.1**: 发布于 1996 年六月。 项目代号 – Buzz, 软件包数量 – 474, 包管理器 dpkg, 内核版本 2.0, ELF 二进制。 +- **Debian 1.2**: 发布于 1996 年十二月。 项目代号 – Rex, 软件包数量 – 848, 开发者数量 – 120。 +- **Debian 1.3**: 发布于 1997 年七月。 项目代号 – Bo, 软件包数量 974, 开发者数量 – 200。 +- **Debian 2.0**: 发布于 1998 年七月。 项目代号 - Hamm, 支持构架 – Intel i386 以及 Motorola 68000 系列, 软件包数量: 1500+, 开发者数量: 400+, 内置了 glibc。 +- **Debian 2.1**: 发布于1999 年三月九日。 项目代号 – slink, 支持构架 - Alpha 和 Sparc, apt 包管理器开始成型, 软件包数量 – 2250。 +- **Debian 2.2**: 发布于 2000 年八月十五日。 项目代号 – Potato, 支持构架 – Intel i386, Motorola 68000 系列, Alpha, SUN Sparc, PowerPC 以及 ARM 构架。 软件包数量: 3900+ (二进制) 以及 2600+ (源代码), 开发者数量 – 450。 有一群人在那时研究并发表了一篇论文, 论文展示了自由软件是如何在被各种问题包围的情况下依然逐步成长为优秀的现代操作系统的。 +- **Debian 3.0**: 发布于 2002 年七月十九日。 项目代号 – woody, 支持构架新增 – HP, PA_RISC, IA-64, MIPS 以及 IBM, 首次以DVD的形式发布, 软件包数量 – 8500+, 开发者数量 – 900+, 支持加密。 +- **Debian 3.1**: 发布于 2005 年六月六日。 项目代号 – sarge, 支持构架 – 新增 AMD64(非官方渠道发布), 内核 – 2.4 以及 2.6 系列, 软件包数量: 15000+, 开发者数量 : 1500+, 增加了诸如 OpenOffice 套件, Firefox 浏览器, Thunderbird, Gnome 2.8, 支持: RAID, XFS, LVM, Modular Installer。 +- **Debian 4.0**: 发布于 2007 年四月八日。 项目代号 – etch, 支持构架 – 如前,包括 AMD64。 软件包数量: 18,200+ 开发者数量 : 1030+, 图形化安装器。 +- **Debian 5.0**: 发布于 2009 年二月十四日。 项目代号 – lenny, 支持构架 – 新增 ARM。 软件包数量: 23000+, 开发者数量: 1010+。 +- **Debian 6.0**: 发布于 2009 年七月二十九日。 项目代号 – squeeze, 包含的软件包: 内核 2.6.32, Gnome 2.3. Xorg 7.5, 同时包含了 DKMS, 基于依赖包支持。 支持构架 : 新增 kfreebsd-i386 以及 kfreebsd-amd64, 基于依赖管理的启动过程。 +- **Debian 7.0**: 发布于 2013 年五月四日。 项目代号: wheezy, 支持 Multiarch, 私有云工具, 升级了安装器, 移除了第三方软件依赖, 全功能多媒体套件-codec, 内核版本 3.2, Xen Hypervisor 4.1.4 ,软件包数量: 37400+。 +- **Debian 8.0**: 发布于 2015 年五月二十五日。 项目代号: Jessie, 将 Systemd 作为默认的初始化系统, 内核版本 3.16, 增加了快速启动(fast booting), service进程所依赖的 cgroups 使隔离部分 service 进程成为可能, 43000+ 软件包。 Sysvinit 初始化工具在 Jessie 中可用。 + +**注意**: Linux的内核第一次是在1991 年十月五日被发布, 而 Debian 的首次发布则在1993 年九月十三日。 所以 Debian 已经在只有24岁的 Linux 内核上运行了整整22年了。 + +### Debian 的那些事 ### + +1994年管理和重整了 Debian 项目以使得其他开发者能更好地加入,所以在那一年并没有发布面向用户的更新, 当然, 内部版本肯定是有的。 + +Debian 1.0 从来就没有被发布过。 一家 CD-ROM 的生产商错误地把某个未发布的版本标注为了 1.0, 为了避免产生混乱, 原本的 Debian 1.0 以1.1的面貌发布了。 从那以后才有了所谓的官方CD-ROM的概念。 + +每个 Debian 新版本的代号都是玩具总动员里某个角色的名字哦。 + +Debian 有四种可用版本: 旧稳定版(old stable), 稳定版(stable), 测试版(testing) 以及 试验版(experimental)。 始终如此。 + +Debian 项目组一直工作在不稳定发行版上, 这个不稳定版本始终被叫做Sid(玩具总动员里那个邪恶的臭小孩)。 Sid是unstable版本的永久名称, 同时Sid也取自'Still In Development"(译者:还在开发中)的首字母。 Sid 将会成为下一个稳定版, 当前的稳定版本代号为 jessie。 + +Debian 的官方发行版只包含开源并且自由的软件, 绝无其他东西. 不过 contrib 和非自由软件包使得安装那些本身自由但是其依赖的软件包不自由(contrib)的软件和非自由软件成为了可能。 + +Debian 是一堆Linux 发行版之母。 举几个例子: + +- Damn Small Linux +- KNOPPIX +- Linux Advanced +- MEPIS +- Ubuntu +- 64studio (不再活跃开发) +- LMDE + +Debian 是世界上最大的非商业 Linux 发行版。它主要是由C编写的(32.1%), 一并的还有其他70多种语言。 + +![Debian 开发语言贡献表](http://www.tecmint.com/wp-content/uploads/2014/08/Debian-Programming.png) + +*Debian 开发语言贡献表,图片来源: [Xmodulo][1]* + +Debian 项目包含6,850万行代码, 以及 450万行空格和注释。 + +国际空间站放弃了 Windows 和红帽子, 进而换成了 Debian - 在上面的宇航员使用落后一个版本的稳定发行版, 目前是 squeeze; 这么做是为了稳定程度以及来自 Debian 社区的雄厚帮助支持。 + +感谢上帝! 我们差点就听到来自国际空间宇航员面对 Windows Metro 界面的尖叫了 :P + +#### 黑色星期三 #### + +2002 年十一月二十日, Twente 大学的网络运营中心(NOC)着火。 当地消防部门放弃了服务器区域。 NOC维护着satie.debian.org 的网站服务器, 这个网站包含了安全、非美国相关的存档、新维护者资料、数量报告、数据库等等;这一切都化为了灰烬。 之后这些服务由 Debian 重建了。 + +#### 未来版本 #### + +下一个待发布版本是 Debian 9, 项目代号 – Stretch, 它会带来什么还是个未知数。 满心期待吧! + +有很多发行版在 Linux 发行版的历史上出现过一瞬间然后很快消失了。 在多数情况下, 维护一个日渐庞大的项目是开发者们面临的挑战。 但这对 Debian 来说不是问题。 Debian 项目有全世界成百上千的开发者、维护者。 它在 Linux 诞生的之初起便一直存在。 + +Debian 在 Linux 生态环境中的贡献是难以用语言描述的。 如果 Debian 没有出现过, 那么 Linux 世界将不会像现在这样丰富和用户友好。 Debian 是为数不多可以被认为安全可靠又稳定的发行版,是作为网络服务器完美选择。 + +这仅仅是 Debian 的一个开始。 它走过了这么长的征程, 并将一直走下去。 未来即是现在! 世界近在眼前! 如果你到现在还从来没有使用过 Debian, 我只想问, 你还再等什么? 快去下载一份镜像试试吧, 我们会在此守候遇到任何问题的你。 + +- [Debian 主页][2] + +-------------------------------------------------------------------------------- + +via: http://www.tecmint.com/happy-birthday-to-debian-gnu-linux/ + +作者:[Avishek Kumar][a] +译者:[jerryling315](http://moelf.xyz) +校对:[wxy](https://github.com/wxy) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://www.tecmint.com/author/avishek/ +[1]:http://xmodulo.com/2013/08/interesting-facts-about-debian-linux.html +[2]:https://www.debian.org/ diff --git a/translated/talk/20150820 A Look at What's Next for the Linux Kernel.md b/published/20150820 A Look at What's Next for the Linux Kernel.md similarity index 77% rename from translated/talk/20150820 A Look at What's Next for the Linux Kernel.md rename to published/20150820 A Look at What's Next for the Linux Kernel.md index daf3e4d0e3..56969d3b24 100644 --- a/translated/talk/20150820 A Look at What's Next for the Linux Kernel.md +++ b/published/20150820 A Look at What's Next for the Linux Kernel.md @@ -1,24 +1,24 @@ -Linux 内核的发展方向 +对 Linux 内核的发展方向的展望 ================================================================================ ![](http://www.eweek.com/imagesvr_ce/485/290x195cilinux1.jpg) -**即将到来的 Linux 4.2 内核涉及到史上最多的贡献者数量,内核开发者 Jonathan Corbet 如是说。** +** Linux 4.2 内核涉及到史上最多的贡献者数量,内核开发者 Jonathan Corbet 如是说。** -来自西雅图。Linux 内核持续增长:代码量在增加,代码贡献者数量也在增加。而随之而来的一些挑战需要处理一下。以上是 Jonathan Corbet 在今年的 LinuxCon 的内核年度报告上提出的主要观点。以下是他的主要演讲内容: +西雅图报道。Linux 内核持续增长:代码量在增加,代码贡献者数量也在增加。而随之而来的一些挑战需要处理一下。以上是 Jonathan Corbet 在今年的 LinuxCon 的内核年度报告上提出的主要观点。以下是他的主要演讲内容: -Linux 4.2 内核依然处于开发阶段,预计在8月23号释出。Corbet 强调有 1569 名开发者为这个版本贡献了代码,其中 277 名是第一次提交代码。 +Linux 4.2 内核已经于上月底释出。Corbet 强调有 1569 名开发者为这个版本贡献了代码,其中 277 名是第一次提交代码。 越来越多的开发者的加入,内核更新非常快,Corbet 估计现在大概 63 天就能产生一个新的内核里程碑。 Linux 4.2 涉及多方面的更新。其中一个就是引进了 OverLayFS,这是一种只读型文件系统,它可以实现在一个容器之上再放一个容器。 -网络系统对小包传输性能也有了提升,这对于高频传输领域如金融交易而言非常重要。提升的方面主要集中在减小处理数据包的时间的能耗。 +网络系统对小包传输性能也有了提升,这对于高频金融交易而言非常重要。提升的方面主要集中在减小处理数据包的时间的能耗。 依然有新的驱动中加入内核。在每个内核发布周期,平均会有 60 到 80 个新增或升级驱动中加入。 另一个主要更新是实时内核补丁,这个特性在 4.0 版首次引进,好处是系统管理员可以在生产环境中打上内核补丁而不需要重启系统。当补丁所需要的元素都已准备就绪,打补丁的过程会在后台持续而稳定地进行。 -**Linux 安全, IoT 和其他关注点 ** +**Linux 安全, IoT 和其他关注点** 过去一年中,安全问题在开源社区是一个很热的话题,这都归因于那些引发高度关注的事件,比如 Heartbleed 和 Shellshock。 @@ -26,9 +26,9 @@ Linux 4.2 涉及多方面的更新。其中一个就是引进了 OverLayFS,这 他强调说过去 10 年间有超过 3 百万行代码不再被开发者修改,而产生 Shellshock 漏洞的代码的年龄已经是 20 岁了,近年来更是无人问津。 -另一个关注点是 2038 问题,Linux 界的“千年虫”,如果不解决,2000 年出现过的问题还会重现。2038 问题说的是在 2038 年一些 Linux 和 Unix 机器会死机(LCTT:32 位系统记录的时间,在2038年1月19日星期二晚上03:14:07之后的下一秒,会变成负数)。Corbet 说现在离 2038 年还有 23 年时间,现在部署的系统都会考虑 2038 问题。 +另一个关注点是 2038 问题,Linux 界的“千年虫”,如果不解决,2000 年出现过的问题还会重现。2038 问题说的是在 2038 年一些 Linux 和 Unix 机器会死机(LCTT译注:32 位系统记录的时间,在2038年1月19日星期二晚上03:14:07之后的下一秒,会变成负数)。Corbet 说现在离 2038 年还有 23 年时间,现在部署的系统都会考虑 2038 问题。 -Linux 已经开始一些初步的方案来修复 2038 问题了,但做的还远远不够。“现在就要修复这个问题,而不是等 20 年后把这个头疼的问题留给下一代解决,我们却享受着退休的美好时光”。 +Linux 已经启动一些初步的方案来修复 2038 问题了,但做的还远远不够。“现在就要修复这个问题,而不是等 20 年后把这个头疼的问题留给下一代解决,我们却享受着退休的美好时光”。 物联网(IoT)也是 Linux 关注的领域,Linux 是物联网嵌入式操作系统的主要占有者,然而这并没有什么卵用。Corget 认为日渐臃肿的内核对于未来的物联网设备来说肯定过于庞大。 @@ -42,7 +42,7 @@ via: http://www.eweek.com/enterprise-apps/a-look-at-whats-next-for-the-linux-ker 作者:[Sean Michael Kerner][a] 译者:[bazz2](https://github.com/bazz2) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出 diff --git a/translated/share/20150821 Top 4 open source command-line email clients.md b/published/20150821 Top 4 open source command-line email clients.md similarity index 52% rename from translated/share/20150821 Top 4 open source command-line email clients.md rename to published/20150821 Top 4 open source command-line email clients.md index db28f4c543..1e9ae59c5c 100644 --- a/translated/share/20150821 Top 4 open source command-line email clients.md +++ b/published/20150821 Top 4 open source command-line email clients.md @@ -1,13 +1,12 @@ -KevinSJ Translating -四大开源版命令行邮件客户端 +4 个开源的命令行邮件客户端 ================================================================================ ![](http://opensource.com/sites/default/files/styles/image-full-size/public/images/life/life_mail.png) -无论你承认与否,email并没有消亡。对依赖命令行的 Linux 高级用户而言,离开 shell 转而使用传统的桌面或网页版邮件客户端并不合适。归根结底,命令行最善于处理文件,特别是文本文件,能使效率倍增。 +无论你承认与否,email并没有消亡。对那些对命令行至死不渝的 Linux 高级用户而言,离开 shell 转而使用传统的桌面或网页版邮件客户端并不适应。归根结底,命令行最善于处理文件,特别是文本文件,能使效率倍增。 -幸运的是,也有不少的命令行邮件客户端,他们的用户大都乐于帮助你入门并回答你使用中遇到的问题。但别说我没警告过你:一旦你完全掌握了其中一个客户端,要再使用图基于图形界面的客户端将回变得很困难! +幸运的是,也有不少的命令行邮件客户端,而它们的用户大都乐于帮助你入门并回答你使用中遇到的问题。但别说我没警告过你:一旦你完全掌握了其中一个客户端,你会发现很难回到基于图形界面的客户端! -要安装下述四个客户端中的任何一个是非常容易的;主要 Linux 发行版的软件仓库中都提供此类软件,并可通过包管理器进行安装。你也可以再其他的操作系统中寻找并安装这类客户端,但我并未尝试过也没有相关的经验。 +要安装下述四个客户端中的任何一个是非常容易的;主要的 Linux 发行版的软件仓库中都提供此类软件,并可通过包管理器进行安装。你也可以在其它的操作系统中寻找并安装这类客户端,但我并未尝试过也没有相关的经验。 ### Mutt ### @@ -17,7 +16,7 @@ KevinSJ Translating 许多终端爱好者都听说过甚至熟悉 Mutt 和 Alpine, 他们已经存在多年。让我们先看看 Mutt。 -Mutt 支持许多你所期望 email 系统支持的功能:会话,颜色区分,支持多语言,同时还有很多设置选项。它支持 POP3 和 IMAP, 两个主要的邮件传输协议,以及许多邮箱格式。自从1995年诞生以来, Mutt 即拥有一个活跃的开发社区,但最近几年,新版本更多的关注于修复问题和安全更新而非提供新功能。这对大多数 Mutt 用户而言并无大碍,他们钟爱这样的界面,并支持此项目的口号:“所有邮件客户端都很烂,只是这个烂的没那么彻底。” +Mutt 支持许多你所期望 email 系统支持的功能:会话,颜色区分,支持多语言,同时还有很多设置选项。它支持 POP3 和 IMAP 这两个主要的邮件传输协议,以及许多邮箱格式。自从1995年诞生以来, Mutt 就拥有了一个活跃的开发社区,但最近几年,新版本更多的关注于修复问题和安全更新而非提供新功能。这对大多数 Mutt 用户而言并无大碍,他们钟爱这样的界面,并支持此项目的口号:“所有邮件客户端都很烂,只是这个烂的没那么彻底。” ### Alpine ### @@ -25,13 +24,13 @@ Mutt 支持许多你所期望 email 系统支持的功能:会话,颜色区 - [源代码][5] - 授权协议: [Apache 2.0][6] -Alpine 是另一款知名的终端邮件客户端,它由华盛顿大学开发,初衷是作为 UW 开发的 Pine 的开源,支持unicode的替代版本。 +Alpine 是另一款知名的终端邮件客户端,它由华盛顿大学开发,设计初衷是作为一个开源的、支持 unicode 的 Pine (也来自华盛顿大学)的替代版本。 Alpine 不仅容易上手,还为高级用户提供了很多特性,它支持很多协议 —— IMAP, LDAP, NNTP, POP, SMTP 等,同时也支持不同的邮箱格式。Alpine 内置了一款名为 Pico 的可独立使用的简易文本编辑工具,但你也可以使用你常用的文本编辑器: vi, Emacs等。 -尽管Alpine的升级并不频繁,名为re-alpine的分支为不同的开发者提供了开发此项目的机会。 +尽管 Alpine 的升级并不频繁,不过有个名为 re-alpine 的分支为不同的开发者提供了开发此项目的机会。 -Alpine 支持再屏幕上显示上下文帮助,但一些用户回喜欢 Mutt 式的独立说明手册,但这两种提供了较好的说明。用户可以同时尝试 Mutt 和 Alpine,并由个人喜好作出决定,也可以尝试以下几个比较新颖的选项。 +Alpine 支持在屏幕上显示上下文帮助,但一些用户会喜欢 Mutt 式的独立说明手册,不过它们两个的文档都很完善。用户可以同时尝试 Mutt 和 Alpine,并由个人喜好作出决定,也可以尝试以下的几个新选择。 ### Sup ### @@ -39,10 +38,9 @@ Alpine 支持再屏幕上显示上下文帮助,但一些用户回喜欢 Mutt - [源代码][8] - 授权协议: [GPLv2][9] -Sup 是我们列表中能被称为“大容量邮件客户端”的两个之一。自称“为邮件较多的人设计的命令行客户端”,Sup 的目标是提供一个支持层次化设计并允许再为会话添加标签进行简单整理的界面。 +Sup 是我们列表中能被称为“大容量邮件客户端”的二者之一。自称“为邮件较多的人设计的命令行客户端”,Sup 的目标是提供一个支持层次化设计并允许为会话添加标签进行简单整理的界面。 由于采用 Ruby 编写,Sup 能提供十分快速的搜索并能自动管理联系人列表,同时还允许自定义插件。对于使用 Gmail 作为网页邮件客户端的人们,这些功能都是耳熟能详的,这就使得 Sup 成为一种比较现代的命令行邮件管理方式。 -Written in Ruby, Sup provides exceptionally fast searching, manages your contact list automatically, and allows for custom extensions. For people who are used to Gmail as a webmail interface, these features will seem familiar, and Sup might be seen as a more modern approach to email on the command line. ### Notmuch ### @@ -52,16 +50,17 @@ Written in Ruby, Sup provides exceptionally fast searching, manages your contact "Sup? Notmuch." Notmuch 作为 Sup 的回应,最初只是重写了 Sup 的一小部分来提高性能。最终,这个项目逐渐变大并成为了一个独立的邮件客户端。 -Notmuch是一款相当精简的软件。它并不能独立的收发邮件,启用 Notmuch 的快速搜索功能的代码实际上是一个需要调用的独立库。但这样的模块化设计也使得你能使用你最爱的工具进行写信,发信和收信,集中精力做好一件事情并有效浏览和管理你的邮件。 +Notmuch 是一款相当精简的软件。它并不能独立的收发邮件,启用 Notmuch 的快速搜索功能的代码实际上是设计成一个程序可以调用的独立库。但这样的模块化设计也使得你能使用你最爱的工具进行写信,发信和收信,集中精力做好一件事情并有效浏览和管理你的邮件。 + +这个列表并不完整,还有很多 email 客户端,它们或许才是你的最佳选择。你喜欢什么客户端呢? -这个列表并不完整,还有很多 email 客户端,他们或许才是你的最佳选择。你喜欢什么客户端呢? -------------------------------------------------------------------------------- via: http://opensource.com/life/15/8/top-4-open-source-command-line-email-clients 作者:[Jason Baker][a] 译者:[KevinSJ](https://github.com/KevinSj) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出 diff --git a/published/20150824 How to create an AP in Ubuntu 15.04 to connect to Android or iPhone.md b/published/20150824 How to create an AP in Ubuntu 15.04 to connect to Android or iPhone.md new file mode 100644 index 0000000000..e7ee7d760d --- /dev/null +++ b/published/20150824 How to create an AP in Ubuntu 15.04 to connect to Android or iPhone.md @@ -0,0 +1,77 @@ +如何在 Ubuntu 15.04 下创建一个可供 Android/iOS 连接的 AP +================================================================================ +我成功地在 Ubuntu 15.04 下用 Gnome Network Manager 创建了一个无线AP热点。接下来我要分享一下我的步骤。请注意:你必须要有一个可以用来创建AP热点的无线网卡。如果你不知道如何确认它的话,在终端(Terminal)里输入`iw list`。 + +如果你没有安装`iw`的话, 在Ubuntu下你可以使用`sudo apt-get install iw`进行安装. + +在你键入`iw list`之后, 查看“支持的接口模式”, 你应该会看到类似下面的条目中看到 AP: + + Supported interface modes: + + * IBSS + * managed + * AP + * AP/VLAN + * monitor + * mesh point + +让我们一步步看: + +1、 断开WIFI连接。使用有线网络接入你的笔记本。 + +2、 在顶栏面板里点击网络的图标 -> Edit Connections(编辑连接) -> 在弹出窗口里点击Add(新增)按钮。 + +3、 在下拉菜单内选择Wi-Fi。 + +4、 接下来: + +a、 输入一个链接名 比如: Hotspot 1 + +b、 输入一个 SSID 比如: Hotspot 1 + +c、 选择模式(mode): Infrastructure (基础设施) + +d、 设备 MAC 地址: 在下拉菜单里选择你的无线设备 + +![](http://i2.wp.com/www.linuxveda.com/wp-content/uploads/2015/08/ubuntu-ap-gnome1.jpg) + +5、 进入Wi-Fi安全选项卡,选择 WPA & WPA2 Personal 并且输入密码。 +6、 进入IPv4设置选项卡,在Method(方法)下拉菜单里,选择Shared to other computers(共享至其他电脑)。 + +![](http://i1.wp.com/www.linuxveda.com/wp-content/uploads/2015/08/ubuntu-ap-gnome4.jpg) + +7、 进入IPv6选项卡,在Method(方法)里设置为忽略ignore (只有在你不使用IPv6的情况下这么做) +8、 点击 Save(保存) 按钮以保存配置。 +9、 从 menu/dash 里打开Terminal。 +10、 修改你刚刚使用 network settings 创建的连接。 + +使用 VIM 编辑器: + + sudo vim /etc/NetworkManager/system-connections/Hotspot + +或使用Gedit 编辑器: + + gksu gedit /etc/NetworkManager/system-connections/Hotspot + +把名字 Hotspot 用你在第4步里起的连接名替换掉。 + +![](http://i2.wp.com/www.linuxveda.com/wp-content/uploads/2015/08/ubuntu-ap-gnome2.jpg?resize=640%2C402) + +a、 把 `mode=infrastructure` 改成 `mode=ap` 并且保存文件。 +b、 一旦你保存了这个文件,你应该能在 Wifi 菜单里看到你刚刚建立的AP了。(如果没有的话请再顶栏里 关闭/打开 Wifi 选项一次) + +![](http://i1.wp.com/www.linuxveda.com/wp-content/uploads/2015/08/ubuntu-ap-gnome3.jpg?resize=290%2C375) + +11、你现在可以把你的设备连上Wifi了。已经过 Android 5.0的小米4测试。(下载了1GB的文件以测试速度与稳定性) + +-------------------------------------------------------------------------------- + +via: http://www.linuxveda.com/2015/08/23/how-to-create-an-ap-in-ubuntu-15-04-to-connect-to-androidiphone/ + +作者:[Sayantan Das][a] +译者:[jerryling315](https://github.com/jerryling315) +校对:[wxy](https://github.com/wxy) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://www.linuxveda.com/author/sayantan_das/ diff --git a/translated/share/20150824 Watch These Kids Having Fun With Linux Terminal In Ubuntu.md b/published/20150824 Watch These Kids Having Fun With Linux Terminal In Ubuntu.md similarity index 68% rename from translated/share/20150824 Watch These Kids Having Fun With Linux Terminal In Ubuntu.md rename to published/20150824 Watch These Kids Having Fun With Linux Terminal In Ubuntu.md index 3d0efff7b5..e7e2d88e03 100644 --- a/translated/share/20150824 Watch These Kids Having Fun With Linux Terminal In Ubuntu.md +++ b/published/20150824 Watch These Kids Having Fun With Linux Terminal In Ubuntu.md @@ -1,13 +1,10 @@ -看这些孩子在Ubuntu的Linux终端下玩耍 +看这些孩子在 Ubuntu 的 Linux 终端下玩耍 ================================================================================ -我发现了一个孩子们在他们的计算机教室里玩得很开心的视频。我不知道他们在哪里,但我猜测是在印度尼西亚或者马来西亚。 - -注:youtube 视频 - +我发现了一个孩子们在他们的计算机教室里玩得很开心的视频。我不知道他们在哪里,但我猜测是在印度尼西亚或者马来西亚。视频请自行搭梯子: http://www.youtube.com/z8taQPomp0Y ### 在Linux终端下面跑火车 ### -这里没有魔术。只是一个叫做“sl”的命令行工具。我假定它是在把ls打错的情况下为了好玩而开发的。如果你曾经在Linux的命令行下工作,你会知道ls是一个最常使用的一个命令,也许也是一个最经常打错的命令。 +这里没有魔术。只是一个叫做“sl”的命令行工具。我想它是在把ls打错的情况下为了好玩而开发的。如果你曾经在Linux的命令行下工作,你会知道ls是一个最常使用的一个命令,也许也是一个最经常打错的命令。 如果你想从这个终端下的火车获得一些乐趣,你可以使用下面的命令安装它。 @@ -30,7 +27,7 @@ via: http://itsfoss.com/ubuntu-terminal-train/ 作者:[Abhishek][a] 译者:[geekpi](https://github.com/geekpi) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出 diff --git a/published/20150826 How to set up a system status page of your infrastructure.md b/published/20150826 How to set up a system status page of your infrastructure.md new file mode 100644 index 0000000000..7725538ddd --- /dev/null +++ b/published/20150826 How to set up a system status page of your infrastructure.md @@ -0,0 +1,295 @@ +如何为你的平台部署一个公开的系统状态页 +================================================================================ + +如果你是一个系统管理员,负责关键的 IT 基础设置或公司的服务,你将明白有效的沟通在日常任务中的重要性。假设你的线上存储服务器故障了。你希望团队所有人达成共识你好尽快的解决问题。当你忙来忙去时,你不会想一半的人问你为什么他们不能访问他们的文档。当一个维护计划快到时间了你想在计划前提醒相关人员,这样避免了不必要的开销。 + +这一切的要求或多或少改进了你、你的团队、和你服务的用户之间沟通渠道。一个实现它的方法是维护一个集中的系统状态页面,报告和记录故障停机详情、进度更新和维护计划等。这样,在故障期间你避免了不必要的打扰,也可以提醒一些相关方,以及加入一些可选的状态更新。 + +有一个不错的**开源, 自承载系统状态页解决方案**叫做 [Cachet][1]。在这个教程,我将要描述如何用 Cachet 部署一个自承载系统状态页面。 + +### Cachet 特性 ### + +在详细的配置 Cachet 之前,让我简单的介绍一下它的主要特性。 + +- **全 JSON API**:Cachet API 可以让你使用任意的外部程序或脚本(例如,uptime 脚本)连接到 Cachet 来自动报告突发事件或更新状态。 +- **认证**:Cachet 支持基础认证和 JSON API 的 API 令牌,所以只有认证用户可以更新状态页面。 +- **衡量系统**:这通常用来展现随着时间推移的自定义数据(例如,服务器负载或者响应时间)。 +- **通知**:可选地,你可以给任一注册了状态页面的人发送突发事件的提示邮件。 +- **多语言**:状态页被翻译为11种不同的语言。 +- **双因子认证**:这允许你使用 Google 的双因子认证来提升 Cachet 管理账户的安全性。 +- **跨数据库支持**:你可以选择 MySQL,SQLite,Redis,APC 和 PostgreSQL 作为后端存储。 + +剩下的教程,我会说明如何在 Linux 上安装配置 Cachet。 + +### 第一步:下载和安装 Cachet ### + +Cachet 需要一个 web 服务器和一个后端数据库来运转。在这个教程中,我将使用 LAMP 架构。以下是一些特定发行版上安装 Cachet 和 LAMP 架构的指令。 + +#### Debian,Ubuntu 或者 Linux Mint #### + + $ sudo apt-get install curl git apache2 mysql-server mysql-client php5 php5-mysql + $ sudo git clone https://github.com/cachethq/Cachet.git /var/www/cachet + $ cd /var/www/cachet + $ sudo git checkout v1.1.1 + $ sudo chown -R www-data:www-data . + +在基于 Debian 的系统上设置 LAMP 架构的更多细节,参考这个[教程][2]。 + +#### Fedora, CentOS 或 RHEL #### + +在基于 Red Hat 系统上,你首先需要[设置 REMI 软件库][3](以满足 PHP 的版本需求)。然后执行下面命令。 + + $ sudo yum install curl git httpd mariadb-server + $ sudo yum --enablerepo=remi-php56 install php php-mysql php-mbstring + $ sudo git clone https://github.com/cachethq/Cachet.git /var/www/cachet + $ cd /var/www/cachet + $ sudo git checkout v1.1.1 + $ sudo chown -R apache:apache . + $ sudo firewall-cmd --permanent --zone=public --add-service=http + $ sudo firewall-cmd --reload + $ sudo systemctl enable httpd.service; sudo systemctl start httpd.service + $ sudo systemctl enable mariadb.service; sudo systemctl start mariadb.service + +在基于 Red Hat 系统上设置 LAMP 的更多细节,参考这个[教程][4]。 + +### 配置 Cachet 的后端数据库### + +下一步是配置后端数据库。 + +登录到 MySQL/MariaDB 服务,然后创建一个空的数据库称为‘cachet’。 + + $ sudo mysql -uroot -p + +---------- + + mysql> create database cachet; + mysql> quit + +现在用一个示例配置文件创建一个 Cachet 配置文件。 + + $ cd /var/www/cachet + $ sudo mv .env.example .env + +在 .env 文件里,填写你自己设置的数据库信息(例如,DB\_\*)。其他的字段先不改变。 + + APP_ENV=production + APP_DEBUG=false + APP_URL=http://localhost + APP_KEY=SomeRandomString + + DB_DRIVER=mysql + DB_HOST=localhost + DB_DATABASE=cachet + DB_USERNAME=root + DB_PASSWORD= + + CACHE_DRIVER=apc + SESSION_DRIVER=apc + QUEUE_DRIVER=database + + MAIL_DRIVER=smtp + MAIL_HOST=mailtrap.io + MAIL_PORT=2525 + MAIL_USERNAME=null + MAIL_PASSWORD=null + MAIL_ADDRESS=null + MAIL_NAME=null + + REDIS_HOST=null + REDIS_DATABASE=null + REDIS_PORT=null + +### 第三步:安装 PHP 依赖和执行数据库迁移 ### + +下面,我们将要安装必要的PHP依赖包。我们会使用 composer 来安装。如果你的系统还没有安装 composer,先安装它: + + $ curl -sS https://getcomposer.org/installer | sudo php -- --install-dir=/usr/local/bin --filename=composer + +现在开始用 composer 安装 PHP 依赖包。 + + $ cd /var/www/cachet + $ sudo composer install --no-dev -o + +下面执行一次性的数据库迁移。这一步会在我们之前创建的数据库里面创建那些所需的表。 + + $ sudo php artisan migrate + +假设在 /var/www/cachet/.env 的数据库配置无误,数据库迁移应该像下面显示一样成功完成。 + +![](https://farm6.staticflickr.com/5814/20235620184_54048676b0_c.jpg) + +下面,创建一个密钥,它将用来加密进入 Cachet 的数据。 + + $ sudo php artisan key:generate + $ sudo php artisan config:cache + +![](https://farm6.staticflickr.com/5717/20831952096_7105c9fdc7_c.jpg) + +生成的应用密钥将自动添加到你的 .env 文件 APP\_KEY 变量中。你不需要自己编辑 .env。 + +### 第四步:配置 Apache HTTP 服务 ### + +现在到了配置运行 Cachet 的 web 服务的时候了。我们使用 Apache HTTP 服务器,为 Cachet 创建一个新的[虚拟主机][5],如下: + +#### Debian,Ubuntu 或 Linux Mint #### + + $ sudo vi /etc/apache2/sites-available/cachet.conf + +---------- + + + ServerName cachethost + ServerAlias cachethost + DocumentRoot "/var/www/cachet/public" + + Require all granted + Options Indexes FollowSymLinks + AllowOverride All + Order allow,deny + Allow from all + + + +启用新虚拟主机和 mod_rewrite: + + $ sudo a2ensite cachet.conf + $ sudo a2enmod rewrite + $ sudo service apache2 restart + +#### Fedora, CentOS 或 RHEL #### + +在基于 Red Hat 系统上,创建一个虚拟主机文件,如下: + + $ sudo vi /etc/httpd/conf.d/cachet.conf + +---------- + + + ServerName cachethost + ServerAlias cachethost + DocumentRoot "/var/www/cachet/public" + + Require all granted + Options Indexes FollowSymLinks + AllowOverride All + Order allow,deny + Allow from all + + + +现在重载 Apache 配置: + + $ sudo systemctl reload httpd.service + +### 第五步:配置 /etc/hosts 来测试 Cachet ### + +这时候,初始的 Cachet 状态页面应该启动运行了,现在测试一下。 + +由于 Cachet 被配置为Apache HTTP 服务的虚拟主机,我们需要调整你的客户机的 /etc/hosts 来访问他。你将从这个客户端电脑访问 Cachet 页面。(LCTT 译注:如果你给了这个页面一个正式的主机地址,则不需要这一步。) + +打开 /etc/hosts,加入如下行: + + $ sudo vi /etc/hosts + +---------- + + cachethost + +上面名为“cachethost”必须匹配 Cachet 的 Apache 虚拟主机文件的 ServerName。 + +### 测试 Cachet 状态页面 ### + +现在你准备好访问 Cachet 状态页面。在你浏览器地址栏输入 http://cachethost。你将被转到如下的 Cachet 状态页的初始化设置页面。 + +![](https://farm6.staticflickr.com/5745/20858228815_405fce1301_c.jpg) + +选择 cache/session 驱动。这里 cache 和 session 驱动两个都选“File”。 + +下一步,输入关于状态页面的基本信息(例如,站点名称、域名、时区和语言),以及管理员认证账户。 + +![](https://farm1.staticflickr.com/611/20237229693_c22014e4fd_c.jpg) + +![](https://farm6.staticflickr.com/5707/20858228875_b056c9e1b4_c.jpg) + +![](https://farm6.staticflickr.com/5653/20671482009_8629572886_c.jpg) + +你的状态页初始化就要完成了。 + +![](https://farm6.staticflickr.com/5692/20237229793_f6a48f379a_c.jpg) + +继续创建组件(你的系统单元)、事件或者任意你要做的维护计划。 + +例如,增加一个组件: + +![](https://farm6.staticflickr.com/5672/20848624752_9d2e0a07be_c.jpg) + +增加一个维护计划: + +公共 Cachet 状态页就像这样: + +![](https://farm1.staticflickr.com/577/20848624842_df68c0026d_c.jpg) + +集成了 SMTP,你可以在状态更新时发送邮件给订阅者。并且你可以使用 CSS 和 markdown 格式来完全自定义布局和状态页面。 + +### 结论 ### + +Cachet 是一个相当易于使用,自托管的状态页面软件。Cachet 一个高级特性是支持全 JSON API。使用它的 RESTful API,Cachet 可以轻松连接单独的监控后端(例如,[Nagios][6]),然后回馈给 Cachet 事件报告并自动更新状态。比起手工管理一个状态页它更快和有效率。 + +最后一句,我喜欢提及一个事。用 Cachet 设置一个漂亮的状态页面是很简单的,但要将这个软件用好并不像安装它那么容易。你需要完全保障所有 IT 团队习惯准确及时的更新状态页,从而建立公共信息的准确性。同时,你需要教用户去查看状态页面。最后,如果没有很好的填充数据,部署状态页面就没有意义,并且/或者没有一个人查看它。记住这个,尤其是当你考虑在你的工作环境中部署 Cachet 时。 + +### 故障排查 ### + +补充,万一你安装 Cachet 时遇到问题,这有一些有用的故障排查的技巧。 + +1. Cachet 页面没有加载任何东西,并且你看到如下报错。 + + production.ERROR: exception 'RuntimeException' with message 'No supported encrypter found. The cipher and / or key length are invalid.' in /var/www/cachet/bootstrap/cache/compiled.php:6695 + + **解决方案**:确保你创建了一个应用密钥,以及明确配置缓存如下所述。 + + $ cd /path/to/cachet + $ sudo php artisan key:generate + $ sudo php artisan config:cache + +2. 调用 composer 命令时有如下报错。 + + - danielstjules/stringy 1.10.0 requires ext-mbstring * -the requested PHP extension mbstring is missing from your system. + - laravel/framework v5.1.8 requires ext-mbstring * -the requested PHP extension mbstring is missing from your system. + - league/commonmark 0.10.0 requires ext-mbstring * -the requested PHP extension mbstring is missing from your system. + + **解决方案**:确保在你的系统上安装了必要的 PHP 扩展 mbstring ,并且兼容你的 PHP 版本。在基于 Red Hat 的系统上,由于我们从 REMI-56 库安装PHP,所以要从同一个库安装扩展。 + + $ sudo yum --enablerepo=remi-php56 install php-mbstring + +3. 你访问 Cachet 状态页面时得到一个白屏。HTTP 日志显示如下错误。 + + PHP Fatal error: Uncaught exception 'UnexpectedValueException' with message 'The stream or file "/var/www/cachet/storage/logs/laravel-2015-08-21.log" could not be opened: failed to open stream: Permission denied' in /var/www/cachet/bootstrap/cache/compiled.php:12851 + + **解决方案**:尝试如下命令。 + + $ cd /var/www/cachet + $ sudo php artisan cache:clear + $ sudo chmod -R 777 storage + $ sudo composer dump-autoload + + 如果上面的方法不起作用,试试禁止SELinux: + + $ sudo setenforce 0 + +-------------------------------------------------------------------------------- + +via: http://xmodulo.com/setup-system-status-page.html + +作者:[Dan Nanni][a] +译者:[wyangsun](https://github.com/wyangsun) +校对:[wxy](https://github.com/wxy) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://xmodulo.com/author/nanni +[1]:https://cachethq.io/ +[2]:http://xmodulo.com/install-lamp-stack-ubuntu-server.html +[3]:https://linux.cn/article-4192-1.html +[4]:https://linux.cn/article-5789-1.html +[5]:http://xmodulo.com/configure-virtual-hosts-apache-http-server.html +[6]:http://xmodulo.com/monitor-common-services-nagios.html diff --git a/published/20150901 How to Install or Upgrade to Linux Kernel 4.2 in Ubuntu.md b/published/20150901 How to Install or Upgrade to Linux Kernel 4.2 in Ubuntu.md new file mode 100644 index 0000000000..3737b88438 --- /dev/null +++ b/published/20150901 How to Install or Upgrade to Linux Kernel 4.2 in Ubuntu.md @@ -0,0 +1,86 @@ +在 Ubuntu 中如何安装或升级 Linux 内核到4.2 +================================================================================ +![](http://ubuntuhandbook.org/wp-content/uploads/2014/12/linux-kernel-icon-tux.png) + +Linux 内核 4.2已经发布了。Linus Torvalds 在 [lkml.org][1] 上写到: + +> 通过这周这么小的变动,看来在最后一周 发布 4.2 版本应该不会有问题,当然还有几个修正,但是看起来也并不需要延迟一周。 +> 所以这就到了,而且 4.3 的合并窗口现已打开。我已经有了几个等待处理的合并请求,明天我开始处理它们,然后在适当的时候放出来。 +> 从 rc8 以来的简短日志很小,已经附加。这个补丁也很小... + +### 新内核 4.2 有哪些改进?: ### + +- 重写英特尔的x86汇编代码 +- 支持新的 ARM 板和 SoC +- 对 F2FS 的 per-file 加密 +- AMDGPU 的内核 DRM 驱动程序 +- 对 Radeon DRM 驱动的 VCE1 视频编码支持 +- 初步支持英特尔的 Broxton Atom SoC +- 支持 ARCv2 和 HS38 CPU 内核 +- 增加了队列自旋锁的支持 +- 许多其他的改进和驱动更新。 + +### 在 Ubuntu 中如何下载4.2内核 : ### + +此内核版本的二进制包可供下载链接如下: + +- [下载 4.2 内核(.DEB)][1] + +首先检查你的操作系统类型,32位(i386)的或64位(amd64)的,然后使用下面的方式依次下载并安装软件包: + +1. linux-headers-4.2.0-xxx_all.deb +1. linux-headers-4.2.0-xxx-generic_xxx_i386/amd64.deb +1. linux-image-4.2.0-xxx-generic_xxx_i386/amd64.deb + +安装内核后,在终端((Ctrl+Alt+T))运行`sudo update-grub`命令来更新 grub boot-loader。 + +如果你需要一个低延迟系统(例如用于录制音频),请下载并安装下面的包: + +1. linux-headers-4.2.0_xxx_all.deb +1. linux-headers-4.2.0-xxx-lowlatency_xxx_i386/amd64.deb +1. linux-image-4.2.0-xxx-lowlatency_xxx_i386/amd64.deb + +对于没有图形用户界面的 Ubuntu 服务器,你可以运行下面的命令通过 wget 来逐一抓下载,并通过 dpkg 来安装: + +对于64位的系统请运行: + + cd /tmp/ + + wget http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.2-unstable/linux-headers-4.2.0-040200_4.2.0-040200.201508301530_all.deb + + wget http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.2-unstable/linux-headers-4.2.0-040200-generic_4.2.0-040200.201508301530_amd64.deb + + wget http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.2-unstable/linux-image-4.2.0-040200-generic_4.2.0-040200.201508301530_amd64.deb + + sudo dpkg -i linux-headers-4.2.0-*.deb linux-image-4.2.0-*.deb + +对于32位的系统,请运行: + + cd /tmp/ + + wget http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.2-unstable/linux-headers-4.2.0-040200_4.2.0-040200.201508301530_all.deb + + wget http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.2-unstable/linux-headers-4.2.0-040200-generic_4.2.0-040200.201508301530_i386.deb + + wget http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.2-unstable/linux-image-4.2.0-040200-generic_4.2.0-040200.201508301530_i386.deb + + sudo dpkg -i linux-headers-4.2.0-*.deb linux-image-4.2.0-*.deb + +最后,重新启动计算机才能生效。 + +要恢复或删除旧的内核,请参阅[通过脚本安装内核][3]。 + +-------------------------------------------------------------------------------- + +via: http://ubuntuhandbook.org/index.php/2015/08/upgrade-kernel-4-2-ubuntu/ + +作者:[Ji m][a] +译者:[strugglingyouth](https://github.com/strugglingyouth) +校对:[wxy](https://github.com/wxy) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://ubuntuhandbook.org/index.php/about/ +[1]:https://lkml.org/lkml/2015/8/30/96 +[2]:http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.2-unstable/ +[3]:http://ubuntuhandbook.org/index.php/2015/08/install-latest-kernel-script/ diff --git a/published/20150901 How to automatically dim your screen on Linux.md b/published/20150901 How to automatically dim your screen on Linux.md new file mode 100644 index 0000000000..1fcdc19d47 --- /dev/null +++ b/published/20150901 How to automatically dim your screen on Linux.md @@ -0,0 +1,53 @@ +如何在 Linux 上自动调整屏幕亮度保护眼睛 +================================================================================ + +当你开始在计算机前花费大量时间的时候,问题自然开始显现。这健康吗?怎样才能舒缓我眼睛的压力呢?为什么光线灼烧着我?尽管解答这些问题的研究仍然在不断进行着,许多程序员已经采用了一些应用来改变他们的日常习惯,让他们的眼睛更健康点。在这些应用中,我发现了两个特别有趣的东西:Calise和Redshift。 + +### Calise ### + +处于时断时续的开发中,[Calise][1]的意思是“相机光感应器(Camera Light Sensor)”。换句话说,它是一个根据摄像头接收到的光强度计算屏幕最佳的背光级别的开源程序。更进一步地说,Calise可以基于你的地理坐标来考虑你所在地区的天气。我喜欢它是因为它兼容各个桌面,甚至非X系列。 + +![](https://farm1.staticflickr.com/569/21016715646_6e1e95f066_o.jpg) + +它同时附带了命令行界面和图形界面,支持多用户配置,而且甚至可以导出数据为CSV。安装完后,你必须在见证奇迹前对它进行快速校正。 + +![](https://farm6.staticflickr.com/5770/21050571901_1e7b2d63ec_c.jpg) + +不怎么令人喜欢的是,如果你和我一样有被偷窥妄想症,在你的摄像头前面贴了一条胶带,那就会比较不幸了,这会大大影响Calise的精确度。除此之外,Calise还是个很棒的应用,值得我们关注和支持。正如我先前提到的,它在过去几年中经历了一段修修补补的艰难阶段,所以我真的希望这个项目继续开展下去。 + +![](https://farm1.staticflickr.com/633/21032989702_9ae563db1e_o.png) + +### Redshift ### + +如果你想过要减少由屏幕导致的眼睛的压力,那么你很可能听过f.lux,它是一个免费的专有软件,用于根据一天中的时间来修改显示器的亮度和配色。然而,如果真的偏好于开源软件,那么一个可选方案就是:[Redshift][2]。灵感来自f.lux,Redshift也可以改变配色和亮度来加强你夜间坐在屏幕前的体验。启动时,你可以使用经度和纬度来配置地理坐标,然后就可以让它在托盘中运行了。Redshift将根据太阳的位置平滑地调整你的配色或者屏幕。在夜里,你可以看到屏幕的色温调向偏暖色,这会让你的眼睛少遭些罪。 + +![](https://farm6.staticflickr.com/5823/20420303684_2b6e917fee_b.jpg) + +和Calise一样,它提供了一个命令行界面,同时也提供了一个图形客户端。要快速启动Redshift,只需使用命令: + + $ redshift -l [LAT]:[LON] + +替换[LAT]:[LON]为你的维度和经度。 + +然而,它也可以通过gpsd模块来输入你的坐标。对于Arch Linux用户,我推荐你读一读这个[维基页面][3]。 + +### 尾声 ### + +总而言之,Linux用户没有理由不去保护自己的眼睛,Calise和Redshift两个都很棒。我真希望它们的开发能够继续下去,让它们获得应有的支持。当然,还有比这两个更多的程序可以满足保护眼睛和保持健康的目的,但是我感觉Calise和Redshift会是一个不错的开端。 + +如果你有一个经常用来舒缓眼睛的压力的喜欢的程序,请在下面的评论中留言吧。 + +-------------------------------------------------------------------------------- + +via: http://xmodulo.com/automatically-dim-your-screen-linux.html + +作者:[Adrien Brochard][a] +译者:[GOLinux](https://github.com/GOLinux) +校对:[wxy](https://github.com/wxy) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://xmodulo.com/author/adrien +[1]:http://calise.sourceforge.net/ +[2]:http://jonls.dk/redshift/ +[3]:https://wiki.archlinux.org/index.php/Redshift#Automatic_location_based_on_GPS diff --git a/published/20150901 Setting Up High-Performance 'HHVM' and Nginx or Apache with MariaDB on Debian or Ubuntu.md b/published/20150901 Setting Up High-Performance 'HHVM' and Nginx or Apache with MariaDB on Debian or Ubuntu.md new file mode 100644 index 0000000000..5682e18a84 --- /dev/null +++ b/published/20150901 Setting Up High-Performance 'HHVM' and Nginx or Apache with MariaDB on Debian or Ubuntu.md @@ -0,0 +1,182 @@ +在 Ubuntu 上配置高性能的 HHVM 环境 +================================================================================ + +HHVM全称为 HipHop Virtual Machine,它是一个开源虚拟机,用来运行由 Hack(一种编程语言)和 PHP 开发应用。HHVM 在保证了 PHP 程序员最关注的高灵活性的要求下,通过使用最新的编译方式来取得了非凡的性能。到目前为止,相对于 PHP + [APC (Alternative PHP Cache)][1] ,HHVM 为 FaceBook 在 HTTP 请求的吞吐量上提高了9倍的性能,在内存的占用上,减少了5倍左右的内存占用。 + +同时,HHVM 也可以与基于 FastCGI 的 Web 服务器(如 Nginx 或者 Apache )协同工作。 + +![Install HHVM, Nginx and Apache with MariaDB](http://www.tecmint.com/wp-content/uploads/2015/08/Install-HHVM-Nginx-Apache-MariaDB.png) + +*安装 HHVM,Nginx和 Apache 还有 MariaDB* + +在本教程中,我们一起来配置 Nginx/Apache web 服务器、 数据库服务器 MariaDB 和 HHVM 。我们将使用 Ubuntu 15.04 (64 位),因为 HHVM 只能运行在64位系统上。同时,该教程也适用于 Debian 和 Linux Mint。 + +### 第一步: 安装 Nginx 或者 Apache 服务器 ### + +1、首先,先进行一次系统的升级并更新软件仓库列表,命令如下 + + # apt-get update && apt-get upgrade + +![System Upgrade](http://www.tecmint.com/wp-content/uploads/2015/08/System-Upgrade.png) + +*系统升级* + +2、 正如我之前说的,HHVM 能和 Nginx 和 Apache 进行集成。所以,究竟使用哪个服务器,这是你的自由,不过,我们会教你如何安装这两个服务器。 + +#### 安装 Nginx #### + +我们通过下面的命令安装 Nginx/Apache 服务器 + + # apt-get install nginx + +![Install Nginx Web Server](http://www.tecmint.com/wp-content/uploads/2015/08/Install-Nginx-Web-Server.png) + +*安装 Nginx 服务器* + +#### 安装 Apache #### + + # apt-get install apache2 + +![Install Apache Web Server](http://www.tecmint.com/wp-content/uploads/2015/08/Install-Apache-Web-Server.png) + +*安装 Apache 服务器* + +完成这一步,你能通过以下的链接看到 Nginx 或者 Apache 的默认页面 + + http://localhost + 或 + http://IP-Address + + +![Nginx Welcome Page](http://www.tecmint.com/wp-content/uploads/2015/08/Nginx-Welcome-Page.png) + +*Nginx 默认页面* + +![Apache Default Page](http://www.tecmint.com/wp-content/uploads/2015/08/Apache-Default-Page.png) + +*Apache 默认页面* + +### 第二步: 安装和配置 MariaDB ### + +3、 这一步,我们将通过如下命令安装 MariaDB,它是一个比 MySQL 性能更好的数据库 + + # apt-get install mariadb-client mariadb-server + +![Install MariaDB Database](http://www.tecmint.com/wp-content/uploads/2015/08/Install-MariaDB-Database.png) + +*安装 MariaDB* + +4、 在 MariaDB 成功安装之后,你可以启动它,并且设置 root 密码来保护数据库: + + + # systemctl start mysql + # mysql_secure_installation + +回答以下问题,只需要按下`y`或者 `n`并且回车。请确保你仔细的阅读过说明。 + + Enter current password for root (enter for none) = press enter + Set root password? [Y/n] = y + Remove anonymous users[y/n] = y + Disallow root login remotely[y/n] = y + Remove test database and access to it [y/n] = y + Reload privileges tables now[y/n] = y + +5、 在设置了密码之后,你就可以登录 MariaDB 了。 + + + # mysql -u root -p + + +### 第三步: 安装 HHVM ### + +6、 在此阶段,我们将安装 HHVM。我们需要添加 HHVM 的仓库到你的`sources.list`文件中,然后更新软件列表。 + + # wget -O - http://dl.hhvm.com/conf/hhvm.gpg.key | apt-key add - + # echo deb http://dl.hhvm.com/ubuntu DISTRIBUTION_VERSION main | sudo tee /etc/apt/sources.list.d/hhvm.list + # apt-get update + +**重要**:不要忘记用你的 Ubuntu 发行版代号替换上述的 DISTRIBUTION_VERSION (比如:lucid, precise, trusty) 或者是 Debian 的 jessie 或者 wheezy。在 Linux Mint 中也是一样的,不过只支持 petra。 + +添加了 HHVM 仓库之后,你就可以轻松安装了。 + + # apt-get install -y hhvm + +安装之后,就可以启动它,但是它并没有做到开机启动。可以用如下命令做到开机启动。 + + # update-rc.d hhvm defaults + +### 第四步: 配置 Nginx/Apache 连接 HHVM ### + +7、 现在,nginx/apache 和 HHVM 都已经安装完成了,并且都独立运行起来了,所以我们需要对它们进行设置,来让它们互相关联。这个关键的步骤,就是需要告知 nginx/apache 将所有的 php 文件,都交给 HHVM 进行处理。 + +如果你用了 Nginx,请按照如下步骤: + +nginx 的配置文件在 /etc/nginx/sites-available/default, 并且这些配置文件会在 /usr/share/nginx/html 中寻找文件执行,不过,它不知道如何处理 PHP。 + +为了确保 Nginx 可以连接 HHVM,我们需要执行所带的如下脚本。它可以帮助我们正确的配置 Nginx,将 hhvm.conf 放到 上面提到的配置文件 nginx.conf 的头部。 + +这个脚本可以确保 Nginx 可以对 .hh 和 .php 的做正确的处理,并且将它们通过 fastcgi 发送给 HHVM。 + + # /usr/share/hhvm/install_fastcgi.sh + +![Configure Nginx for HHVM](http://www.tecmint.com/wp-content/uploads/2015/08/Configure-Nginx-for-HHVM.png) + +*配置 Nginx、HHVM* + +**重要**: 如果你使用的是 Apache,这里不需要进行配置。 + +8、 接下来,你需要使用 hhvm 来提供 php 的运行环境。 + + # /usr/bin/update-alternatives --install /usr/bin/php php /usr/bin/hhvm 60 + +以上步骤完成之后,你现在可以启动并且测试它了。 + + # systemctl start hhvm + +### 第五步: 测试 HHVM 和 Nginx/Apache ### + +9、 为了确认 hhvm 是否工作,你需要在 nginx/apache 的文档根目录下建立 hello.php。 + + # nano /usr/share/nginx/html/hello.php [对于 Nginx] + 或 + # nano /var/www/html/hello.php [对于 Nginx 和 Apache] + +在文件中添加如下代码: + + + +然后访问如下链接,确认自己能否看到 "hello world" + + http://localhost/info.php + 或 + http://IP-Address/info.php + +![HHVM Page](http://www.tecmint.com/wp-content/uploads/2015/08/HHVM-Page.png) + +*HHVM 页面* + +如果 “HHVM” 的页面出现了,那就说明你成功了。 + +### 结论 ### + +以上的步骤都是非常简单的,希望你能觉得这是一篇有用的教程,如果你在以上的步骤中遇到了问题,给我们留一个评论,我们将全力解决。 + +-------------------------------------------------------------------------------- + +via: http://www.tecmint.com/install-hhvm-and-nginx-apache-with-mariadb-on-debian-ubuntu/ + +作者:[Ravi Saive][a] +译者:[MikeCoder](https://github.com/MikeCoder) +校对:[wxy](https://github.com/wxy) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://www.tecmint.com/author/admin/ +[1]:http://www.tecmint.com/install-apc-alternative-php-cache-in-rhel-centos-fedora/ diff --git a/published/20150906 FISH--A smart and user-friendly command line shell for Linux.md b/published/20150906 FISH--A smart and user-friendly command line shell for Linux.md new file mode 100644 index 0000000000..de5d3946f0 --- /dev/null +++ b/published/20150906 FISH--A smart and user-friendly command line shell for Linux.md @@ -0,0 +1,63 @@ +FISH:Linux 的一个智能易用的 Shell +================================================================================ + +FISH(friendly interactive shell)是一个用户友好的命令行 shell,主要是用来进行交互式使用。shell 就是一个用来执行其他程序的程序。 + +### FISH 特性 ### + +#### 自动建议 #### + +fish 会根据你的历史输入和补完来提供命令建议,就像一个网络浏览器一样。注意了,就是Netscape Navigator 4.0! + +![](http://www.tecmint.com/wp-content/uploads/2015/07/Fish-Auto-Suggestion.gif) + +#### 漂亮的VGA 色彩 #### + +fish 原生支持 term256, 它就是一个终端技术的艺术国度。 你将可以拥有一个难以置信的、256 色的shell 来使用。 + +#### 理智的脚本 #### + +fish 是完全可以通过脚本控制的,而且它的语法又是那么的简单、干净,而且一致。你甚至不需要去重写。 + +#### 基于 web 的配置 #### + +对于少数能使用图形计算机的幸运儿, 你们可以在网页上配置你们自己的色彩方案,以及查看函数、变量和历史记录。 + +#### 帮助手册补全 #### + +其它的 shell 支持可配置的补全, 但是只有 fish 可以通过自动转换你安装好的 man 手册来实现补全功能。 + +#### 开箱即用 #### + +fish 将会通过 tab 补全和语法高亮使你非常愉快的使用shell, 同时不需要太多的学习或者配置。 + +### 在ubuntu 15.04 上安装FISH + +打开终端,运行下列命令: + + sudo apt-add-repository ppa:fish-shell/release-2 + sudo apt-get update + sudo apt-get install fish + +###使用FISH### + +打开终端,运行下列命令来启动FISH: + + fish + +欢迎来到 fish,友好的交互式shell,输入指令 help 来了解怎么使用fish。 + +阅读[FISH 文档][1] ,掌握使用方法。 + +-------------------------------------------------------------------------------- + +via: http://www.ubuntugeek.com/fish-a-smart-and-user-friendly-command-line-shell-for-linux.html + +作者:[ruchi][a] +译者:[oska874](https://github.com/oska874) +校对:[wxy](https://github.com/wxy) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://www.ubuntugeek.com/author/ubuntufix +[1]:http://fishshell.com/docs/current/index.html#introduction diff --git a/published/RHCSA Series--Part 01--Reviewing Essential Commands and System Documentation.md b/published/RHCSA Series--Part 01--Reviewing Essential Commands and System Documentation.md new file mode 100644 index 0000000000..a2b540a8ad --- /dev/null +++ b/published/RHCSA Series--Part 01--Reviewing Essential Commands and System Documentation.md @@ -0,0 +1,313 @@ +RHCSA 系列(一): 回顾基础命令及系统文档 +================================================================================ + +RHCSA (红帽认证系统工程师) 是由 RedHat 公司举行的认证考试,这家公司给商业公司提供开源操作系统和软件,除此之外,还为这些企业和机构提供支持、训练以及咨询服务等。 + +![RHCSA Exam Guide](http://www.tecmint.com/wp-content/uploads/2015/02/RHCSA-Series-by-Tecmint.png) + +*RHCSA 考试准备指南* + +RHCSA 考试(考试编号 EX200)通过后可以获取由 RedHat 公司颁发的证书. RHCSA 考试是 RHCT(红帽认证技师)的升级版,而且 RHCSA 必须在新的 Red Hat Enterprise Linux(红帽企业版)下完成。RHCT 和 RHCSA 的主要变化就是 RHCT 基于 RHEL5,而 RHCSA 基于 RHEL6 或者7,这两个认证的等级也有所不同。 + +红帽认证管理员最起码可以在红帽企业版的环境下执行如下系统管理任务: + +- 理解并会使用命令管理文件、目录、命令行以及系统/软件包的文档 +- 在不同的启动等级操作运行中的系统,识别和控制进程,启动或停止虚拟机 +- 使用分区和逻辑卷管理本地存储 +- 创建并且配置本地文件系统和网络文件系统,设置他们的属性(权限、加密、访问控制表) +- 部署、配置、并且控制系统,包括安装、升级和卸载软件 +- 管理系统用户和组,以及使用集中制的 LDAP 目录进行用户验证 +- 确保系统安全,包括基础的防火墙规则和 SELinux 配置 + +关于你所在国家的考试注册和费用请参考 [RHCSA 认证页面][1]。 + +在这个有15章的 RHCSA(红帽认证管理员)备考系列中,我们将覆盖以下的关于红帽企业 Linux 第七版的最新的信息: + +- Part 1: 回顾基础命令及系统文档 +- Part 2: 在 RHEL7 中如何进行文件和目录管理 +- Part 3: 在 RHEL7 中如何管理用户和组 +- Part 4: 使用 nano 和 vim 管理命令,使用 grep 和正则表达式分析文本 +- Part 5: RHEL7 的进程管理:启动,关机,以及这之间的各种事情 +- Part 6: 使用 'Parted' 和 'SSM' 来管理和加密系统存储 +- Part 7: 使用 ACL(访问控制表)并挂载 Samba/NFS 文件分享 +- Part 8: 加固 SSH,设置主机名并开启网络服务 +- Part 9: 安装、配置和加固一个 Web 和 FTP 服务器 +- Part 10: Yum 包管理方式,使用 Cron 进行自动任务管理以及监控系统日志 +- Part 11: 使用 FirewallD 和 Iptables 设置防火墙,控制网络流量 +- Part 12: 使用 Kickstart 自动安装 RHEL 7 +- Part 13: RHEL7:什么是 SeLinux?他的原理是什么? +- Part 14: 在 RHEL7 中使用基于 LDAP 的权限控制 +- Part 15: 虚拟化基础和用KVM管理虚拟机 + +在第一章,我们讲解如何在终端或者 Shell 窗口输入和运行正确的命令,并且讲解如何找到、查阅,以及使用系统文档。 + +![RHCSA: Reviewing Essential Linux Commands – Part 1](http://www.tecmint.com/wp-content/uploads/2015/02/Reviewing-Essential-Linux-Commands.png) + +*RHCSA:回顾必会的 Linux 命令 - 第一部分* + +#### 前提: #### + +至少你要熟悉如下命令 + +- [cd 命令][2] (改变目录) +- [ls 命令][3] (列举文件) +- [cp 命令][4] (复制文件) +- [mv 命令][5] (移动或重命名文件) +- [touch 命令][6] (创建一个新的文件或更新已存在文件的时间表) +- rm 命令 (删除文件) +- mkdir 命令 (创建目录) + +在这篇文章中你将会找到更多的关于如何更好的使用他们的正确用法和特殊用法. + +虽然没有严格的要求,但是作为讨论常用的 Linux 命令和在 Linux 中搜索信息方法,你应该安装 RHEL7 来尝试使用文章中提到的命令。这将会使你学习起来更省力。 + +- [红帽企业版 Linux(RHEL)7 安装指南][7] + +### 使用 Shell 进行交互 ### + +如果我们使用文本模式登录 Linux,我们就会直接进入到我们的默认 shell 中。另一方面,如果我们使用图形化界面登录,我们必须通过启动一个终端来开启 shell。无论那种方式,我们都会看到用户提示符,并且我们可以在这里输入并且执行命令(当按下回车时,命令就会被执行)。 + +命令是由两个部分组成的: + +- 命令本身 +- 参数 + +某些参数,称为选项(通常使用一个连字符开头),会改变命令的行为方式,而另外一些则指定了命令所操作的对象。 + +type 命令可以帮助我们识别某一个特定的命令是由 shell 内置的还是由一个单独的包提供的。这样的区别在于我们能够在哪里找到更多关于该命令的更多信息。对 shell 内置的命令,我们需要看 shell 的手册页;如果是其他的,我们需要看软件包自己的手册页。 + +![Check Shell built in Commands](http://www.tecmint.com/wp-content/uploads/2015/02/Check-shell-built-in-Commands.png) + +*检查Shell的内置命令* + +在上面的例子中, `cd` 和 `type` 是 shell 内置的命令,`top` 和 `less` 是由 shell 之外的其他的二进制文件提供的(在这种情况下,type将返回命令的位置)。 + +其他的内置命令: + +- [echo 命令][8]: 展示字符串 +- [pwd 命令][9]: 输出当前的工作目录 + +![More Built in Shell Commands](http://www.tecmint.com/wp-content/uploads/2015/02/More-Built-in-Shell-Commands.png) + +*其它内置命令* + +**exec 命令** + +它用来运行我们指定的外部程序。请注意在多数情况下,只需要输入我们想要运行的程序的名字就行,不过` exec` 命令有一个特殊的特性:不是在 shell 之外创建新的进程运行,而是这个新的进程会替代原来的 shell,可以通过下列命令来验证。 + + # ps -ef | grep [shell 进程的PID] + +当新的进程终止时,Shell 也随之终止。运行 `exec top` ,然后按下 `q` 键来退出 top,你会注意到 shell 会话也同时终止,如下面的屏幕录像展示的那样: + + + +**export 命令** + +给之后执行的命令的输出环境变量。 + +**history 命令** + +展示数行之前的历史命令。命令编号前面前缀上感叹号可以再次执行这个命令。如果我们需要编辑历史列表中的命令,我们可以按下 `Ctrl + r` 并输入与命令相关的第一个字符。我们可以看到的命令会自动补全,可以根据我们目前的需要来编辑它: + + + +命令列表会保存在一个叫 `.bash_history` 的文件里。`history` 命令是一个非常有用的用于减少输入次数的工具,特别是进行命令行编辑的时候。默认情况下,bash 保留最后输入的500个命令,不过可以通过修改 HISTSIZE 环境变量来增加: + +![Linux history Command](http://www.tecmint.com/wp-content/uploads/2015/02/Linux-history-Command.png) + +*Linux history 命令* + +但上述变化,在我们的下一次启动不会保留。为了保持 HISTSIZE 变量的变化,我们需要通过手工修改文件编辑: + + # 要设置 history 长度,请看 bash(1)文档中的 HISTSIZE 和 HISTFILESIZE + HISTSIZE=1000 + +**重要**: 我们的更改不会立刻生效,除非我们重启了 shell 。 + +**alias 命令** + +没有参数或使用 `-p` 选项时将会以“名称=值”的标准形式输出别名列表。当提供了参数时,就会按照给定的名字和值定义一个别名。 + +使用 `alias` ,我们可以创建我们自己的命令,或使用所需的参数修改现有的命令。举个例子,假设我们将 `ls` 定义别名为 `ls –color=auto` ,这样就可以使用不同颜色输出文件、目录、链接等等。 + + + # alias ls='ls --color=auto' + +![Linux alias Command](http://www.tecmint.com/wp-content/uploads/2015/02/Linux-alias-Command.png) + +*Linux 别名命令* + +**注意**: 你可以给你的“新命令”起任何的名字,并且使用单引号包括很多命令,但是你要用分号区分开它们。如下: + + # alias myNewCommand='cd /usr/bin; ls; cd; clear' + +**exit 命令** + +`exit` 和 `logout` 命令都可以退出 shell 。`exit` 命令可以退出所有的 shell,`logout` 命令只注销登录的 shell(即你用文本模式登录时自动启动的那个)。 + +**man 和 info 命令** +如果你对某个程序有疑问,可以参考它的手册页,可以使用 `man` 命令调出它。此外,还有一些关于重要文件(inittab、fstab、hosts 等等)、库函数、shell、设备及其他功能的手册页。 + +举例: + +- man uname (输出系统信息,如内核名称、处理器、操作系统类型、架构等) +- man inittab (初始化守护进程的设置) + +另外一个重要的信息的来源是由 `info` 命令提供的,`info` 命令常常被用来读取 info 文件。这些文件往往比手册页 提供了更多信息。可以通过 `info keyword` 调用某个命令的信息: + + # info ls + # info cut + +另外,在 `/usr/share/doc` 文件夹包含了大量的子目录,里面可以找到大量的文档。它们是文本文件或其他可读格式。 + +你要习惯于使用这三种方法去查找命令的信息。重点关注每个命令文档中介绍的详细的语法。 + +**使用 expand 命令把制表符转换为空格** + +有时候文本文档包含了制表符,但是程序无法很好的处理。或者我们只是简单的希望将制表符转换成空格。这就是用到 `expand` 地方(由GNU核心组件包提供) 。 + +举个例子,我们有个文件 NumberList.txt,让我们使用 `expand` 处理它,将制表符转换为一个空格,并且显示在标准输出上。 + + # expand --tabs=1 NumbersList.txt + +![Linux expand Command](http://www.tecmint.com/wp-content/uploads/2015/02/Linux-expand-Command.png) + +*Linux expand 命令* + +unexpand命令可以实现相反的功能(将空格转为制表符) + +**使用 head 输出文件首行及使用 tail 输出文件尾行** + +通常情况下,`head` 命令后跟着文件名时,将会输出该文件的前十行,我们可以通过 `-n` 参数来自定义具体的行数。 + + # head -n3 /etc/passwd + # tail -n3 /etc/passwd + +![Linux head and tail Command](http://www.tecmint.com/wp-content/uploads/2015/02/Linux-head-and-tail-Command.png) + +*Linux 的 head 和 tail 命令* + +`tail` 最有意思的一个特性就是能够显示增长的输入文件(`tail -f my.log`,my.log 是我们需要监视的文件。)这在我们监控一个持续增加的日志文件时非常有用。 + +- [使用 head 和 tail 命令有效地管理文件][10] + +**使用 paste 按行合并文本文件** + +`paste` 命令一行一行的合并文件,默认会以制表符来区分每个文件的行,或者你可以自定义的其它分隔符。(下面的例子就是输出中的字段使用等号分隔)。 + + # paste -d= file1 file2 + +![Merge Files in Linux](http://www.tecmint.com/wp-content/uploads/2015/02/Merge-Files-in-Linux-with-paste-command.png) + +*Linux 中的 merge 命令* + +**使用 split 命令将文件分块** + +`split` 命令常常用于把一个文件切割成两个或多个由我们自定义的前缀命名的文件。可以根据大小、区块、行数等进行切割,生成的文件会有一个数字或字母的后缀。在下面的例子中,我们将切割 bash.pdf ,每个文件 50KB (-b 50KB),使用数字后缀 (-d): + + # split -b 50KB -d bash.pdf bash_ + +![Split Files in Linux](http://www.tecmint.com/wp-content/uploads/2015/02/Split-Files-in-Linux-with-split-command.png) + +*在 Linux 下切割文件* + +你可以使用如下命令来合并这些文件,生成原来的文件: + + # cat bash_00 bash_01 bash_02 bash_03 bash_04 bash_05 > bash.pdf + +**使用 tr 命令替换字符** + +`tr` 命令多用于一对一的替换(改变)字符,或者使用字符范围。和之前一样,下面的实例我们将使用之前的同样文件file2,我们将做: + +- 小写字母 o 变成大写 +- 所有的小写字母都变成大写字母 + +- + # cat file2 | tr o O + # cat file2 | tr [a-z] [A-Z] + +![Translate Characters in Linux](http://www.tecmint.com/wp-content/uploads/2015/02/Translate-characters-in-Linux-with-tr-command.png) + +*在 Linux 中替换字符* + +**使用 uniq 和 sort 检查或删除重复的文字** + +`uniq` 命令可以帮我们查出或删除文件中的重复的行,默认会输出到标准输出,我们应当注意,`uniq`只能查出相邻的相同行,所以,`uniq` 往往和 `sort` 一起使用(`sort` 一般用于对文本文件的内容进行排序) + +默认情况下,`sort` 以第一个字段(使用空格分隔)为关键字段。想要指定不同关键字段,我们需要使用 -k 参数,请注意如何使用 `sort` 和 `uniq` 输出我们想要的字段,具体可以看下面的例子: + + # cat file3 + # sort file3 | uniq + # sort -k2 file3 | uniq + # sort -k3 file3 | uniq + +![删除文件中重复的行](http://www.tecmint.com/wp-content/uploads/2015/02/Remove-Duplicate-Lines-in-file.png) + +*删除文件中重复的行* + +**从文件中提取文本的命令** + +`cut` 命令基于字节(-b)、字符(-c)、或者字段(-f)的数量,从输入文件(标准输入或文件)中提取到的部分将会以标准输出上。 + +当我们使用字段 `cut` 时,默认的分隔符是一个制表符,不过你可以通过 -d 参数来自定义分隔符。 + + # cut -d: -f1,3 /etc/passwd # 这个例子提取了第一和第三字段的文本 + # cut -d: -f2-4 /etc/passwd # 这个例子提取了第二到第四字段的文本 + +![从文件中提取文本](http://www.tecmint.com/wp-content/uploads/2015/02/Extract-Text-from-a-file.png) + +*从文件中提取文本* + +注意,简洁起见,上方的两个输出的结果是截断的。 + +**使用 fmt 命令重新格式化文件** + +`fmt` 被用于去“清理”有大量内容或行的文件,或者有多级缩进的文件。新的段落格式每行不会超过75个字符宽,你能通过 -w (width 宽度)参数改变这个设定,它可以设置行宽为一个特定的数值。 + +举个例子,让我们看看当我们用 `fmt` 显示定宽为100个字符的时候的文件 /etc/passwd 时会发生什么。再次,输出截断了。 + + # fmt -w100 /etc/passwd + +![File Reformatting in Linux](http://www.tecmint.com/wp-content/uploads/2015/02/File-Reformatting-in-Linux-with-fmt-command.png) + +*Linux 文件重新格式化* + +**使用 pr 命令格式化打印内容** + +`pr` 分页并且在按列或多列的方式显示一个或多个文件。 换句话说,使用 `pr` 格式化一个文件使它打印出来时看起来更好。举个例子,下面这个命令: + + # ls -a /etc | pr -n --columns=3 -h "Files in /etc" + +以一个友好的排版方式(3列)输出/etc下的文件,自定义了页眉(通过 -h 选项实现)、行号(-n)。 + +![File Formatting in Linux](http://www.tecmint.com/wp-content/uploads/2015/02/File-Formatting-in-Linux-with-pr-command.png) + +*Linux的文件格式化* + +### 总结 ### + +在这篇文章中,我们已经讨论了如何在 Shell 或终端以正确的语法输入和执行命令,并解释如何找到,查阅和使用系统文档。正如你看到的一样简单,这就是你成为 RHCSA 的第一大步。 + +如果你希望添加一些其他的你经常使用的能够有效帮你完成你的日常工作的基础命令,并愿意分享它们,请在下方留言。也欢迎提出问题。我们期待您的回复。 + +-------------------------------------------------------------------------------- + +via: http://www.tecmint.com/rhcsa-exam-reviewing-essential-commands-system-documentation/ + +作者:[Gabriel Cánepa][a] +译者:[xiqingongzi](https://github.com/xiqingongzi) +校对:[wxy](https://github.com/wxy) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://www.tecmint.com/author/gacanepa/ +[1]:https://www.redhat.com/en/services/certification/rhcsa +[2]:http://linux.cn/article-2479-1.html +[3]:https://linux.cn/article-5109-1.html +[4]:http://linux.cn/article-2687-1.html +[5]:http://www.tecmint.com/rename-multiple-files-in-linux/ +[6]:http://linux.cn/article-2740-1.html +[7]:http://www.tecmint.com/redhat-enterprise-linux-7-installation/ +[8]:https://linux.cn/article-3948-1.html +[9]:https://linux.cn/article-3422-1.html +[10]:http://www.tecmint.com/view-contents-of-file-in-linux/ diff --git a/translated/tech/RHCSA/RHCSA Series--Part 02--How to Perform File and Directory Management.md b/published/RHCSA Series--Part 02--How to Perform File and Directory Management.md similarity index 59% rename from translated/tech/RHCSA/RHCSA Series--Part 02--How to Perform File and Directory Management.md rename to published/RHCSA Series--Part 02--How to Perform File and Directory Management.md index f46fd93321..8751949b40 100644 --- a/translated/tech/RHCSA/RHCSA Series--Part 02--How to Perform File and Directory Management.md +++ b/published/RHCSA Series--Part 02--How to Perform File and Directory Management.md @@ -1,68 +1,63 @@ -RHCSA 系列: 如何执行文件并进行文件管理 – Part 2 +RHCSA 系列(二): 如何进行文件和目录管理 ================================================================================ -在本篇(RHCSA 第二篇:文件和目录管理)中,我们江回顾一些系统管理员日常任务需要的技能 +在本篇中,我们将回顾一些系统管理员日常任务需要的技能。 ![RHCSA: Perform File and Directory Management – Part 2](http://www.tecmint.com/wp-content/uploads/2015/03/RHCSA-Part2.png) +*RHCSA: 运行文件以及进行文件夹管理 - 第二部分* -RHCSA : 运行文件以及进行文件夹管理 - 第二章 -### 创建,删除,复制和移动文件及目录 ### +### 创建、删除、复制和移动文件及目录 ### -文件和目录管理是每一个系统管理员都应该掌握的必要的技能.它包括了从头开始的创建、删除文本文件(每个程序的核心配置)以及目录(你用来组织文件和其他目录),以及识别存在的文件的类型 +文件和目录管理是每一个系统管理员都应该掌握的必备技能。它包括了从头开始的创建、删除文本文件(每个程序的核心配置)以及目录(你用来组织文件和其它目录),以及识别已有文件的类型。 - [touch 命令][1] 不仅仅能用来创建空文件,还能用来更新已存在的文件的权限和时间表 +[`touch` 命令][1] 不仅仅能用来创建空文件,还能用来更新已有文件的访问时间和修改时间。 ![touch command example](http://www.tecmint.com/wp-content/uploads/2015/03/touch-command-example.png) -touch 命令示例 +*touch 命令示例* -你可以使用 `file [filename]`来判断一个文件的类型 (在你用文本编辑器编辑之前,判断类型将会更方便编辑). +你可以使用 `file [filename]`来判断一个文件的类型 (在你用文本编辑器编辑之前,判断类型将会更方便编辑)。 ![file command example](http://www.tecmint.com/wp-content/uploads/2015/03/file-command-example.png) -file 命令示例 +*file 命令示例* -使用`rm [filename]` 可以删除文件 +使用`rm [filename]` 可以删除文件。 ![Linux rm command examples](http://www.tecmint.com/wp-content/uploads/2015/03/rm-command-examples.png) -rm 命令示例 - -对于目录,你可以使用`mkdir [directory]`在已经存在的路径中创建目录,或者使用 `mkdir -p [/full/path/to/directory].`带全路径创建文件夹 +*rm 命令示例* +对于目录,你可以使用`mkdir [directory]`在已经存在的路径中创建目录,或者使用 `mkdir -p [/full/path/to/directory]`带全路径创建文件夹。 ![mkdir command example](http://www.tecmint.com/wp-content/uploads/2015/03/mkdir-command-example.png) -mkdir 命令示例 +*mkdir 命令示例* -当你想要去删除目录时,在你使用`rmdir [directory]` 前,你需要先确保目录是空的,或者使用更加强力的命令(小心使用它)`rm -rf [directory]`.后者会强制删除`[directory]`以及他的内容.所以使用这个命令存在一定的风险 +当你想要去删除目录时,在你使用`rmdir [directory]` 前,你需要先确保目录是空的,或者使用更加强力的命令(小心使用它!)`rm -rf [directory]`。后者会强制删除`[directory]`以及它的内容,所以使用这个命令存在一定的风险。 ### 输入输出重定向以及管道 ### -命令行环境提供了两个非常有用的功能:允许命令重定向的输入和输出到文件和发送到另一个文件,分别称为重定向和管道 +命令行环境提供了两个非常有用的功能:允许重定向命令的输入和输出为另一个文件,以及发送命令的输出到另一个命令,这分别称为重定向和管道。 -To understand those two important concepts, we must first understand the three most important types of I/O (Input and Output) streams (or sequences) of characters, which are in fact special files, in the *nix sense of the word. -为了理解这两个重要概念,我们首先需要理解通常情况下三个重要的输入输出流的形式 +为了理解这两个重要概念,我们首先需要理解三个最重要的字符输入输出流类型,以 *nix 的话来说,它们实际上是特殊的文件。 -- 标准输入 (aka stdin) 是指默认使用键盘链接. 换句话说,键盘是输入命令到命令行的标准输入设备。 -- 标准输出 (aka stdout) 是指默认展示再屏幕上, 显示器接受输出命令,并且展示在屏幕上。 -- 标准错误 (aka stderr), 是指命令的状态默认输出, 同时也会展示在屏幕上 +- 标准输入 (即 stdin),默认连接到键盘。 换句话说,键盘是输入命令到命令行的标准输入设备。 +- 标准输出 (即 stdout),默认连接到屏幕。 找个设备“接受”命令的输出,并展示到屏幕上。 +- 标准错误 (即 stderr),默认是命令的状态消息出现的地方,它也是屏幕。 -In the following example, the output of `ls /var` is sent to stdout (the screen), as well as the result of ls /tecmint. But in the latter case, it is stderr that is shown. -在下面的例子中,`ls /var`的结果被发送到stdout(屏幕展示),就像ls /tecmint 的结果。但在后一种情况下,它是标准错误输出。 +在下面的例子中,`ls /var`的结果被发送到stdout(屏幕展示),ls /tecmint 的结果也一样。但在后一种情况下,它显示在标准错误输出上。 ![Linux input output redirect](http://www.tecmint.com/wp-content/uploads/2015/03/Linux-input-output-redirect.png) -输入和输出命令实例 -为了更容易识别这些特殊文件,每个文件都被分配有一个文件描述符(用于控制他们的抽象标识)。主要要理解的是,这些文件就像其他人一样,可以被重定向。这就意味着你可以从一个文件或脚本中捕获输出,并将它传送到另一个文件、命令或脚本中。你就可以在在磁盘上存储命令的输出结果,用于稍后的分析 +*输入和输出命令实例* -To redirect stdin (fd 0), stdout (fd 1), or stderr (fd 2), the following operators are available. +为了更容易识别这些特殊文件,每个文件都被分配有一个文件描述符,这是用于访问它们的抽象标识。主要要理解的是,这些文件就像其它的一样,可以被重定向。这就意味着你可以从一个文件或脚本中捕获输出,并将它传送到另一个文件、命令或脚本中。这样你就可以在磁盘上存储命令的输出结果,用于稍后的分析。 -注:表格 - - - +要重定向 stdin (fd 0)、 stdout (fd 1) 或 stderr (fd 2),可以使用如下操作符。 + +
@@ -70,102 +65,98 @@ To redirect stdin (fd 0), stdout (fd 1), or stderr (fd 2), the following operato - + - + - + - + - + - + - +
转向操作
>标准输出到一个文件。如果目标文件存在,内容就会被重写重定向标准输出到一个文件。如果目标文件存在,内容就会被重写。
>>添加标准输出到文件尾部添加标准输出到文件尾部。
2>标准错误输出到一个文件。如果目标文件存在,内容就会被重写重定向标准错误输出到一个文件。如果目标文件存在,内容就会被重写。
2>>添加标准错误输出到文件尾部.添加标准错误输出到文件尾部。
&>标准错误和标准输出都到一个文件。如果目标文件存在,内容就会被重写重定向标准错误和标准输出到一个文件。如果目标文件存在,内容就会被重写。
<使用特定的文件做标准输出使用特定的文件做标准输入。
<>使用特定的文件做标准输出和标准错误使用特定的文件做标准输入和标准输出。
- -相比与重定向,管道是通过在命令后添加一个竖杠`(|)`再添加另一个命令 . +与重定向相比,管道是通过在命令后和另外一个命令前之间添加一个竖杠`(|)`。 记得: -- 重定向是用来定向命令的输出到一个文件,或定向一个文件作为输入到一个命令。 -- 管道是用来将命令的输出转发到另一个命令作为输入。 +- *重定向*是用来定向命令的输出到一个文件,或把一个文件发送作为到一个命令的输入。 +- *管道*是用来将命令的输出转发到另一个命令作为其输入。 #### 重定向和管道的使用实例 #### -** 例1:将一个命令的输出到文件 ** +**例1:将一个命令的输出到文件** -有些时候,你需要遍历一个文件列表。要做到这样,你可以先将该列表保存到文件中,然后再按行读取该文件。虽然你可以遍历直接ls的输出,不过这个例子是用来说明重定向。 +有些时候,你需要遍历一个文件列表。要做到这样,你可以先将该列表保存到文件中,然后再按行读取该文件。虽然你可以直接遍历ls的输出,不过这个例子是用来说明重定向。 # ls -1 /var/mail > mail.txt ![Redirect output of command tot a file](http://www.tecmint.com/wp-content/uploads/2015/03/Redirect-output-to-a-file.png) -将一个命令的输出到文件 +*将一个命令的输出重定向到文件* -** 例2:重定向stdout和stderr到/dev/null ** +**例2:重定向stdout和stderr到/dev/null** -如果不想让标准输出和标准错误展示在屏幕上,我们可以把文件描述符重定向到 `/dev/null` 请注意在执行这个命令时该如何更改输出 +如果不想让标准输出和标准错误展示在屏幕上,我们可以把这两个文件描述符重定向到 `/dev/null`。请注意对于同样的命令,重定向是如何改变了输出。 # ls /var /tecmint # ls /var/ /tecmint &> /dev/null ![Redirecting stdout and stderr ouput to /dev/null](http://www.tecmint.com/wp-content/uploads/2015/03/Redirecting-stdout-stderr-ouput.png) -重定向stdout和stderr到/dev/null +*重定向stdout和stderr到/dev/null* -#### 例3:使用一个文件作为命令的输入 #### +**例3:使用一个文件作为命令的输入** -当官方的[cat 命令][2]的语法如下时 +[cat 命令][2]的经典用法如下 # cat [file(s)] -您还可以使用正确的重定向操作符传送一个文件作为输入。 +您还可以使用正确的重定向操作符发送一个文件作为输入。 # cat < mail.txt ![Linux cat command examples](http://www.tecmint.com/wp-content/uploads/2015/03/cat-command-examples.png) -cat 命令实例 +*cat 命令实例* -#### 例4:发送一个命令的输出作为另一个命令的输入 #### +**例4:发送一个命令的输出作为另一个命令的输入** -如果你有一个较大的目录或进程列表,并且想快速定位,你或许需要将列表通过管道传送给grep +如果你有一个较大的目录或进程列表,并且想快速定位,你或许需要将列表通过管道传送给grep。 -接下来我们使用管道在下面的命令中,第一个是查找所需的关键词,第二个是除去产生的 `grep command`.这个例子列举了所有与apache用户有关的进程 +接下来我们会在下面的命令中使用管道,第一个管道是查找所需的关键词,第二个管道是除去产生的 `grep command`。这个例子列举了所有与apache用户有关的进程: # ps -ef | grep apache | grep -v grep ![Send output of command as input to another](http://www.tecmint.com/wp-content/uploads/2015/03/Send-output-of-command-as-input-to-another1.png) -发送一个命令的输出作为另一个命令的输入 +*发送一个命令的输出作为另一个命令的输入* ### 归档,压缩,解包,解压文件 ### -如果你需要传输,备份,或者通过邮件发送一组文件,你可以使用一个存档(或文件夹)如 [tar][3]工具,通常使用gzip,bzip2,或XZ压缩工具. +如果你需要传输、备份、或者通过邮件发送一组文件,你可以使用一个存档(或打包)工具,如 [tar][3],通常与gzip,bzip2,或 xz 等压缩工具配合使用。 -您选择的压缩工具每一个都有自己的定义的压缩速度和速率的。这三种压缩工具,gzip是最古老和提供最小压缩的工具,bzip2提供经过改进的压缩,以及XZ提供最信和最好的压缩。通常情况下,这些文件都是被压缩的如.gz .bz2或.xz -注:表格 - - - - +您选择的压缩工具每一个都有自己不同的压缩速度和压缩率。这三种压缩工具,gzip是最古老和可以较小压缩的工具,bzip2提供经过改进的压缩,以及xz是最新的而且压缩最大。通常情况下,使用这些压缩工具压缩的文件的扩展名依次是.gz、.bz2或.xz。 + +
@@ -180,12 +171,12 @@ cat 命令实例 - + - + @@ -195,26 +186,22 @@ cat 命令实例 - + - + - +
命令
–concatenate A向归档中添加tar文件添加tar归档到另外一个归档中
–append r向归档中添加非tar文件添加非tar归档到另外一个归档中
–update
–diff or –compare d将归档和硬盘的文件夹进行对比将归档中的文件和硬盘的文件进行对比
–list t列举一个tar的压缩包列举一个tar压缩包的内容
–extract or –get x从归档中解压文件从归档中提取文件
-注:表格 - - - - +
@@ -234,34 +221,34 @@ cat 命令实例 - + - + - + - + - +
操作参数
–verbose v列举所有文件用于读取或提取,这里包含列表,并显示文件的大小、所有权和时间戳列举所有读取或提取的文件,如果和 --list 参数一起使用,也会显示文件的大小、所有权和时间戳
exclude file 排除存档文件。在这种情况下,文件可以是一个实际的文件或目录。从存档中排除文件。在这种情况下,文件可以是一个实际的文件或匹配模式。
gzip or gunzip z使用gzip压缩文件使用gzip压缩归档
–bzip2 j使用bzip2压缩文件使用bzip2压缩归档
–xz J使用xz压缩文件使用xz压缩归档
-#### 例5:创建一个文件,然后使用三种压缩工具压缩#### +**例5:创建一个tar文件,然后使用三种压缩工具压缩** -在决定使用一个或另一个工具之前,您可能想比较每个工具的压缩效率。请注意压缩小文件或几个文件,结果可能不会有太大的差异,但可能会给你看出他们的差异 +在决定使用这个还是那个工具之前,您可能想比较每个工具的压缩效率。请注意压缩小文件或几个文件,结果可能不会有太大的差异,但可能会给你看出它们的差异。 # tar cf ApacheLogs-$(date +%Y%m%d).tar /var/log/httpd/* # Create an ordinary tarball # tar czf ApacheLogs-$(date +%Y%m%d).tar.gz /var/log/httpd/* # Create a tarball and compress with gzip @@ -270,42 +257,42 @@ cat 命令实例 ![Linux tar command examples](http://www.tecmint.com/wp-content/uploads/2015/03/tar-command-examples.png) -tar 命令实例 +*tar 命令实例* -#### 例6:归档时同时保存原始权限和所有权 #### +**例6:归档时同时保存原始权限和所有权** -如果你创建的是用户的主目录的备份,你需要要存储的个人文件与原始权限和所有权,而不是通过改变他们的用户帐户或守护进程来执行备份。下面的命令可以在归档时保留文件属性 +如果你正在从用户的主目录创建备份,你需要要存储的个人文件与原始权限和所有权,而不是通过改变它们的用户帐户或守护进程来执行备份。下面的命令可以在归档时保留文件属性。 # tar cJf ApacheLogs-$(date +%Y%m%d).tar.xz /var/log/httpd/* --same-permissions --same-owner ### 创建软连接和硬链接 ### -在Linux中,有2种类型的链接文件:硬链接和软(也称为符号)链接。因为硬链接文件代表另一个名称是由同一点确定,然后链接到实际的数据;符号链接指向的文件名,而不是实际的数据 +在Linux中,有2种类型的链接文件:硬链接和软(也称为符号)链接。因为硬链接文件只是现存文件的另一个名字,使用相同的 inode 号,它指向实际的数据;而符号链接只是指向的文件名。 -此外,硬链接不占用磁盘上的空间,而符号链接做占用少量的空间来存储的链接本身的文本。硬链接的缺点就是要求他们必须在同一个innode内。而符号链接没有这个限制,符号链接因为只保存了文件名和目录名,所以可以跨文件系统. +此外,硬链接不占用磁盘上的空间,而符号链接则占用少量的空间来存储的链接本身的文本。硬链接的缺点就是要求它们必须在同一个文件系统内,因为 inode 在一个文件系统内是唯一的。而符号链接没有这个限制,它们通过文件名而不是 inode 指向其它文件或目录,所以可以跨文件系统。 创建链接的基本语法看起来是相似的: # ln TARGET LINK_NAME #从Link_NAME到Target的硬链接 # ln -s TARGET LINK_NAME #从Link_NAME到Target的软链接 -#### 例7:创建硬链接和软链接 #### +**例7:创建硬链接和软链接** -没有更好的方式来形象的说明一个文件和一个指向它的符号链接的关系,而不是创建这些链接。在下面的截图中你会看到文件的硬链接指向它共享相同的节点都是由466个字节的磁盘使用情况确定。 +没有更好的方式来形象的说明一个文件和一个指向它的硬链接或符号链接的关系,而不是创建这些链接。在下面的截图中你会看到文件和指向它的硬链接共享相同的inode,都是使用了相同的466个字节的磁盘。 -另一方面,在别的磁盘创建一个硬链接将占用5个字节,并不是说你将耗尽存储容量,而是这个例子足以说明一个硬链接和软链接之间的区别。 +另一方面,在别的磁盘创建一个硬链接将占用5个字节,这并不是说你将耗尽存储容量,而是这个例子足以说明一个硬链接和软链接之间的区别。 ![Difference between a hard link and a soft link](http://www.tecmint.com/wp-content/uploads/2015/03/hard-soft-link.png) -软连接和硬链接之间的不同 +*软连接和硬链接之间的不同* -符号链接的典型用法是在Linux系统的版本文件参考。假设有需要一个访问文件foo X.Y 想图书馆一样经常被访问,你想更新一个就可以而不是更新所有的foo X.Y,这时使用软连接更为明智和安全。有文件被看成foo X.Y的链接符号,从而找到foo X.Y +在Linux系统上符号链接的典型用法是指向一个带版本的文件。假设有几个程序需要访问文件fooX.Y,但麻烦是版本经常变化(像图书馆一样)。每次版本更新时我们都需要更新指向 fooX.Y 的单一引用,而更安全、更快捷的方式是,我们可以让程序寻找名为 foo 的符号链接,它实际上指向 fooX.Y。 -这样的话,当你的X和Y发生变化后,你只需更新一个文件,而不是更新每个文件。 +这样的话,当你的X和Y发生变化后,你只需更新符号链接 foo 到新的目标文件,而不用跟踪每个对目标文件的使用并更新。 ### 总结 ### -在这篇文章中,我们回顾了一些基本的文件和目录管理技能,这是每个系统管理员的工具集的一部分。请确保阅读了本系列的其他部分,以及复习并将这些主题与本教程所涵盖的内容相结合。 +在这篇文章中,我们回顾了一些基本的文件和目录管理技能,这是每个系统管理员的工具集的一部分。请确保阅读了本系列的其它部分,并将这些主题与本教程所涵盖的内容相结合。 如果你有任何问题或意见,请随时告诉我们。我们总是很高兴从读者那获取反馈. @@ -315,11 +302,11 @@ via: http://www.tecmint.com/file-and-directory-management-in-linux/ 作者:[Gabriel Cánepa][a] 译者:[xiqingongzi](https://github.com/xiqingongzi) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出 [a]:http://www.tecmint.com/author/gacanepa/ -[1]:http://www.tecmint.com/8-pratical-examples-of-linux-touch-command/ +[1]:https://linux.cn/article-2740-1.html [2]:http://www.tecmint.com/13-basic-cat-command-examples-in-linux/ [3]:http://www.tecmint.com/18-tar-command-examples-in-linux/ diff --git a/sign.md b/sign.md index ea83b53f1f..1c413aba40 100644 --- a/sign.md +++ b/sign.md @@ -1,8 +1,22 @@ + --- -via: +via:来源链接 -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出 +作者:[作者名][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) -译者:[译者ID](https://github.com/译者ID) 校对:[校对者ID](https://github.com/校对者ID) +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译, +[Linux中国](https://linux.cn/) 荣誉推出 +[a]:作者链接 +[1]:文内链接 +[2]: +[3]: +[4]: +[5]: +[6]: +[7]: +[8]: +[9]: \ No newline at end of file diff --git a/sources/news/20150826 Plasma 5.4 Is Out And It's Packed Full Of Features.md b/sources/news/20150826 Plasma 5.4 Is Out And It's Packed Full Of Features.md deleted file mode 100644 index a103c6b505..0000000000 --- a/sources/news/20150826 Plasma 5.4 Is Out And It's Packed Full Of Features.md +++ /dev/null @@ -1,87 +0,0 @@ -Plasma 5.4 Is Out And It’s Packed Full Of Features -================================================================================ -KDE has [announced][1] a brand new feature release of Plasma 5 — and it’s a corker. - -![kde network applet graphs](http://www.omgubuntu.co.uk/wp-content/uploads/2015/08/kde-network-applet-graphs.jpg) - -Better network details are among the changes - -Plasma 5.4.0 builds on [April’s 5.3.0 milestone][2] in a number of ways, ranging from the inherently technical, Wayland preview session, ahoy, to lavish aesthetic touches, like **1,400 brand new icons**. - -A handful of new components also feature in the release, including a new Plasma Widget for volume control, a monitor calibration tool and an improved user management tool. - -The ‘Kicker’ application menu has been powered up to let you favourite all types of content, not just applications. - -**KRunner now remembers searches** so that it can automatically offer suggestions based on your earlier queries as you type. - -The **network applet displays a graph** to give you a better understanding of your network traffic. It also gains two new VPN plugins for SSH and SSTP connections. - -Minor tweaks to the digital clock see it adapt better in slim panel mode, it gains ISO date support and makes it easier for you to toggle between 12 hour and 24 hour clock. Week numbers have been added to the calendar. - -### Application Dashboard ### - -![plasma 5.4 fullscreen dashboard](http://www.omgubuntu.co.uk/wp-content/uploads/2015/08/plasma-fullscreen-dashboard.jpg) - -The new ‘Application Dashboard’ in KDE Plasma 5.4.0 - -**A new full screen launcher, called ‘Application Dashboard’**, is also available. - -This full-screen dash offers the same features as the traditional Application Menu but with “sophisticated scaling to screen size and full spatial keyboard navigation”. - -Like the Unity launch, the new Plasma Application Dashboard helps you quickly find applications, sift through files and contacts based on your previous activity. - -### Changes in KDE Plasma 5.4.0 at a glance ### - -- Improved high DPI support -- KRunner autocompletion -- KRunner search history -- Application Dashboard add on -- 1,400 New icons -- Wayland tech preview - -For a full list of changes in Plasma 5.4 refer to [this changelog][3]. - -### Install Plasma 5.4 in Kubuntu 15.04 ### - -![new plasma desktop](http://www.omgubuntu.co.uk/wp-content/uploads/2015/08/new-plasma-desktop-.jpg) - -![Kubuntu logo](http://www.omgubuntu.co.uk/wp-content/uploads/2012/02/logo-kubuntu.png) - -To **install Plasma 5.4 in Kubuntu 15.04** you will need to add the KDE Backports PPA to your Software Sources. - -Adding the Kubuntu backports PPA **is not strictly advised** as it may upgrade other parts of the KDE desktop, application suite, developer frameworks or Kubuntu specific config files. - -If you like your desktop being stable, don’t proceed. - -The quickest way to upgrade to Plasma 5.4 once it lands in the Kubuntu Backports PPA is to use the Terminal: - - sudo add-apt-repository ppa:kubuntu-ppa/backports - - sudo apt-get update && sudo apt-get dist-upgrade - -Let the upgrade process complete. Assuming no errors emerge, reboot your computer for changes to take effect. - -If you’re not already using Kubuntu, i.e. you’re using the Unity version of Ubuntu, you should first install the Kubuntu desktop package (you’ll find it in the Ubuntu Software Centre). - -To undo the changes above and downgrade to the most recent version of Plasma available in the Ubuntu archives use the PPA-Purge tool: - - sudo apt-get install ppa-purge - - sudo ppa-purge ppa:kubuntu-ppa/backports - -Let us know how your upgrade/testing goes in the comments below and don’t forget to mention the features you hope to see added to the Plasma 5 desktop next. - --------------------------------------------------------------------------------- - -via: http://www.omgubuntu.co.uk/2015/08/plasma-5-4-new-features - -作者:[Joey-Elijah Sneddon][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:https://plus.google.com/117485690627814051450/?rel=author -[1]:https://dot.kde.org/2015/08/25/kde-ships-plasma-540-feature-release-august -[2]:http://www.omgubuntu.co.uk/2015/04/kde-plasma-5-3-released-heres-how-to-upgrade-in-kubuntu-15-04 -[3]:https://www.kde.org/announcements/plasma-5.3.2-5.4.0-changelog.php \ No newline at end of file diff --git a/sources/share/20150824 Great Open Source Collaborative Editing Tools.md b/sources/share/20150824 Great Open Source Collaborative Editing Tools.md index 8f3ab16110..4696862569 100644 --- a/sources/share/20150824 Great Open Source Collaborative Editing Tools.md +++ b/sources/share/20150824 Great Open Source Collaborative Editing Tools.md @@ -1,3 +1,4 @@ +cygmris is translating... Great Open Source Collaborative Editing Tools ================================================================================ In a nutshell, collaborative writing is writing done by more than one person. There are benefits and risks of collaborative working. Some of the benefits include a more integrated / co-ordinated approach, better use of existing resources, and a stronger, united voice. For me, the greatest advantage is one of the most transparent. That's when I need to take colleagues' views. Sending files back and forth between colleagues is inefficient, causes unnecessary delays and leaves people (i.e. me) unhappy with the whole notion of collaboration. With good collaborative software, I can share notes, data and files, and use comments to share thoughts in real-time or asynchronously. Working together on documents, images, video, presentations, and tasks is made less of a chore. @@ -225,4 +226,4 @@ via: http://www.linuxlinks.com/article/20150823085112605/CollaborativeEditing.ht [10]:https://gobby.github.io/ [11]:https://github.com/gobby [12]:https://www.onlyoffice.com/free-edition.aspx -[13]:https://github.com/ONLYOFFICE/DocumentServer \ No newline at end of file +[13]:https://github.com/ONLYOFFICE/DocumentServer diff --git a/sources/share/20150826 Five Super Cool Open Source Games.md b/sources/share/20150826 Five Super Cool Open Source Games.md index 0b92dcedff..0d3d3c8bfd 100644 --- a/sources/share/20150826 Five Super Cool Open Source Games.md +++ b/sources/share/20150826 Five Super Cool Open Source Games.md @@ -1,3 +1,4 @@ +Translating by H-mudcup Five Super Cool Open Source Games ================================================================================ In 2014 and 2015, Linux became home to a list of popular commercial titles such as the popular Borderlands, Witcher, Dead Island, and Counter Strike series of games. While this is exciting news, what of the gamer on a budget? Commercial titles are good, but even better are free-to-play alternatives made by developers who know what players like. @@ -62,4 +63,4 @@ via: http://fossforce.com/2015/08/five-super-cool-open-source-games/ [6]:http://mars-game.sourceforge.net/ [7]:http://valyriatear.blogspot.com/ [8]:https://www.youtube.com/channel/UCQ5KrSk9EqcT_JixWY2RyMA -[9]:http://supertuxkart.sourceforge.net/ \ No newline at end of file +[9]:http://supertuxkart.sourceforge.net/ diff --git a/sources/share/20150827 Xtreme Download Manager Updated With Fresh GUI.md b/sources/share/20150827 Xtreme Download Manager Updated With Fresh GUI.md deleted file mode 100644 index 767c2fdcd4..0000000000 --- a/sources/share/20150827 Xtreme Download Manager Updated With Fresh GUI.md +++ /dev/null @@ -1,67 +0,0 @@ -Xtreme Download Manager Updated With Fresh GUI -================================================================================ -![](http://itsfoss.itsfoss.netdna-cdn.com/wp-content/uploads/2015/08/Xtreme-Download-Manager-Linux.jpg) - -[Xtreme Download Manager][1], unarguably one of the [best download managers for Linux][2], has a new version named XDM 2015 which brings a fresh new look to it. - -Xtreme Download Manager, also known as XDM or XDMAN, is a popular cross-platform download manager available for Linux, Windows and Mac OS X. It is also compatible with all major web browsers such as Chrome, Firefox, Safari enabling you to download directly from XDM when you try to download something in your web browser. - -Applications such as XDM are particularly useful when you have slow/limited network connectivity and you need to manage your downloads. Imagine downloading a huge file from internet on a slow network. What if you could pause and resume the download at will? XDM helps you in such situations. - -Some of the main features of XDM are: - -- Pause and resume download -- [Download videos from YouTube][3] and other video sites -- Force assemble -- Download speed acceleration -- Schedule downloads -- Limit download speed -- Web browser integration -- Support for proxy servers - -Here you can see the difference between the old and new XDM. - -![Old XDM](http://itsfoss.itsfoss.netdna-cdn.com/wp-content/uploads/2015/08/Xtreme-Download-Manager-700x400_c.jpg) - -Old XDM - -![New XDM](http://itsfoss.itsfoss.netdna-cdn.com/wp-content/uploads/2015/08/Xtreme_Download_Manager.png) - -New XDM - -### Install Xtreme Download Manager in Ubuntu based Linux distros ### - -Thanks to the PPA by Noobslab, you can easily install Xtreme Download Manager using the commands below. XDM requires Java but thanks to the PPA, you don’t need to bother with installing dependencies separately. - - sudo add-apt-repository ppa:noobslab/apps - sudo apt-get update - sudo apt-get install xdman - -The above PPA should be available for Ubuntu and other Ubuntu based Linux distributions such as Linux Mint, elementary OS, Linux Lite etc. - -#### Remove XDM #### - -To remove XDM (installed using the PPA), use the commands below: - - sudo apt-get remove xdman - sudo add-apt-repository --remove ppa:noobslab/apps - -For other Linux distributions, you can download it from the link below: - -- [Download Xtreme Download Manager][4] - --------------------------------------------------------------------------------- - -via: http://itsfoss.com/xtreme-download-manager-install/ - -作者:[Abhishek][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:http://itsfoss.com/author/abhishek/ -[1]:http://xdman.sourceforge.net/ -[2]:http://itsfoss.com/4-best-download-managers-for-linux/ -[3]:http://itsfoss.com/download-youtube-videos-ubuntu/ -[4]:http://xdman.sourceforge.net/download.html \ No newline at end of file diff --git a/sources/share/20150901 5 best open source board games to play online.md b/sources/share/20150901 5 best open source board games to play online.md new file mode 100644 index 0000000000..505ca76f10 --- /dev/null +++ b/sources/share/20150901 5 best open source board games to play online.md @@ -0,0 +1,194 @@ +5 best open source board games to play online +================================================================================ +I have always had a fascination with board games, in part because they are a device of social interaction, they challenge the mind and, most importantly, they are great fun to play. In my misspent youth, myself and a group of friends gathered together to escape the horrors of the classroom, and indulge in a little escapism. The time provided an outlet for tension and rivalry. Board games help teach diplomacy, how to make and break alliances, bring families and friends together, and learn valuable lessons. + +I had a panache for abstract strategy games such as chess and draughts, as well as word games. I can still never resist a game of Escape from Colditz, a strategy card and dice-based board game, or Risk; two timeless multi-player strategy board games. But Catan remains my favourite board game. + +Board games have seen a resurgence in recent years, and Linux has a good range of board games to choose from. There is a credible implementation of Catan called Pioneers. But for my favourite implementations of classic board games to play online, check out the recommendations below. + +---------- + +### TripleA ### + +![TripleA in action](http://www.linuxlinks.com/portal/content/reviews/Games2/Screenshot-TripleA.png) + +TripleA is an open source online turn based strategy game. It allows people to implement and play various strategy board games (ie. Axis & Allies). The TripleA engine has full networking support for online play, support for sounds, XML support for game files, and has its own imaging subsystem that allows for customized user editable maps to be used. TripleA is versatile, scalable and robust. + +TripleA started out as a World War II simulation, but now includes different conflicts, as well as variations and mods of popular games and maps. TripleA comes with multiple games and over 100 more games can be downloaded from the user community. + +Features include: + +- Good interface and attractive graphics +- Optional scenarios +- Multiplayer games +- TripleA comes with the following supported games that uses its game engine (just to name a few): + - Axis & Allies : Classic edition (2nd, 3rd with options enabled) + - Axis & Allies : Revised Edition + - Pact of Steel A&A Variant + - Big World 1942 A&A Variant + - Four if by Sea + - Battle Ship Row + - Capture The Flag + - Minimap +- Hot-seat +- Play By EMail mode allows persons to play a game via EMail without having to be connected to each other online + - More time to think out moves + - Only need to come online to send your turn to the next player + - Dice rolls are done by a dedicated dice server that is independent of TripleA + - All dice rolls are PGP Verified and email to every player + - Every move and every dice roll is logged and saved in TripleA's History Window + - An online game can be later continued under PBEM mode + - Hard for others to cheat +- Hosted online lobby +- Utilities for editing maps +- Website: [triplea.sourceforge.net][1] +- Developer: Sean Bridges (original developer), Mark Christopher Duncan +- License: GNU GPL v2 +- Version Number: 1.8.0.7 + +---------- + +### Domination ### + +![Domination in action](http://www.linuxlinks.com/portal/content/reviews/Games2/Screenshot-Domination.png) + +Domination is an open source game that shares common themes with the hugely popular Risk board game. It has many game options and includes many maps. + +In the classic “World Domination” game of military strategy, you are battling to conquer the world. To win, you must launch daring attacks, defend yourself to all fronts, and sweep across vast continents with boldness and cunning. But remember, the dangers, as well as the rewards, are high. Just when the world is within your grasp, your opponent might strike and take it all away! + +Features include: + +- Simple to learn + - Domination - you must occupy all countries on the map, and thereby eliminate all opponents. These can be long, drawn out games + - Capital - each player has a country they have selected as a Capital. To win the game, you must occupy all Capitals + - Mission - each player draws a random mission. The first to complete their mission wins. Missions may include the elimination of a certain colour, occupation of a particular continent, or a mix of both +- Map editor +- Simple map format +- Multiplayer network play +- Single player +- Hotseat +- 5 user interfaces +- Game types: +- Play online +- Website: [domination.sourceforge.net][2] +- Developer: Yura Mamyrin, Christian Weiske, Mike Chaten, and many others +- License: GNU GPL v3 +- Version Number: 1.1.1.5 + +---------- + +### PyChess ### + +![Micro-Max in action](http://www.linuxlinks.com/portal/content/reviews/Games/Screenshot-Pychess.jpg) + +PyChess is a Gnome inspired chess client written in Python. + +The goal of PyChess, is to provide a fully featured, nice looking, easy to use chess client for the gnome-desktop. + +The client should be usable both to those totally new to chess, those who want to play an occasional game, and those who wants to use the computer to further enhance their play. + +Features include: + +- Attractive interface +- Chess Engine Communication Protocol (CECP) and Univeral Chess Interface (UCI) Engine support +- Free online play on the Free Internet Chess Server (FICS) +- Read and writes PGN, EPD and FEN chess file formats +- Built-in Python based engine +- Undo and pause functions +- Board and piece animation +- Drag and drop +- Tabbed interface +- Hints and spyarrows +- Opening book sidepanel using sqlite +- Score plot sidepanel +- "Enter game" in pgn dialog +- Optional sounds +- Legal move highlighting +- Internationalised or figure pieces in notation +- Website: [www.pychess.org][3] +- Developer: Thomas Dybdahl Ahle +- License: GNU GPL v2 +- Version Number: 0.12 Anderssen rc4 + +---------- + +### Scrabble ### + +![Scrabble in action](http://www.linuxlinks.com/portal/content/reviews/Games2/Screenshot-Scrabble3D.png) + +Scrabble3D is a highly customizable Scrabble game that not only supports Classic Scrabble and Superscrabble but also 3D games and own boards. You can play local against the computer or connect to a game server to find other players. + +Scrabble is a board game with the goal to place letters crossword like. Up to four players take part and get a limited amount of letters (usually 7 or 8). Consecutively, each player tries to compose his letters to one or more word combining with the placed words on the game array. The value of the move depends on the letters (rare letter get more points) and bonus fields which multiply the value of a letter or the whole word. The player with most points win. + +This idea is extended with Scrabble3D to the third dimension. Of course, a classic game with 15x15 fields or Superscrabble with 21x21 fields can be played and you may configure any field setting by yourself. The game can be played by the provided freeware program against Computer, other local players or via internet. Last but not least it's possible to connect to a game server to find other players and to obtain a rating. Most options are configurable, including the number and valuation of letters, the used dictionary, the language of dialogs and certainly colors, fonts etc. + +Features include: + +- Configurable board, letterset and design +- Board in OpenGL graphics with user-definable wavefront model +- Game against computer with support of multithreading +- Post-hoc game analysis with calculation of best move by computer +- Match with other players connected on a game server +- NSA rating and highscore at game server +- Time limit of games +- Localization; use of non-standard digraphs like CH, RR, LL and right to left reading +- Multilanguage help / wiki +- Network games are buffered and asynchronous games are possible +- Running games can be kibitzed +- International rules including italian "Cambio Secco" +- Challenge mode, What-if-variant, CLABBERS, etc +- Website: [sourceforge.net/projects/scrabble][4] +- Developer: Heiko Tietze +- License: GNU GPL v3 +- Version Number: 3.1.3 + +---------- + +### Backgammon ### + +![Backgammon in action](http://www.linuxlinks.com/portal/content/reviews/Games/Screenshot-gnubg.png) + +GNU Backgammon (gnubg) is a strong backgammon program (world-class with a bearoff database installed) usable either as an engine by other programs or as a standalone backgammon game. It is able to play and analyze both money games and tournament matches, evaluate and roll out positions, and more. + +In addition to supporting simple play, it also has extensive analysis features, a tutor mode, adjustable difficulty, and support for exporting annotated games. + +It currently plays at about the level of a championship flight tournament player and is gradually improving. + +gnubg can be played on numerous on-line backgammon servers, such as the First Internet Backgammon Server (FIBS). + +Features include: + +- A command line interface (with full command editing features if GNU readline is available) that lets you play matches and sessions against GNU Backgammon with a rough ASCII representation of the board on text terminals +- Support for a GTK+ interface with a graphical board window. Both 2D and 3D graphics are available +- Tournament match and money session cube handling and cubeful play +- Support for both 1-sided and 2-sided bearoff databases: 1-sided bearoff database for 15 checkers on the first 6 points and optional 2-sided database kept in memory. Optional larger 1-sided and 2-sided databases stored on disk +- Automated rollouts of positions, with lookahead and race variance reduction where appropriate. Rollouts may be extended +- Functions to generate legal moves and evaluate positions at varying search depths +- Neural net functions for giving cubeless evaluations of all other contact and race positions +- Automatic and manual annotation (analysis and commentary) of games and matches +- Record keeping of statistics of players in games and matches (both native inside GNU Backgammon and externally using relational databases and Python) +- Loading and saving analyzed games and matches as .sgf files (Smart Game Format) +- Exporting positions, games and matches to: (.eps) Encapsulated Postscript, (.gam) Jellyfish Game, (.html) HTML, (.mat) Jellyfish Match, (.pdf) PDF, (.png) Portable Network Graphics, (.pos) Jellyfish Position, (.ps) PostScript, (.sgf) Gnu Backgammon File, (.tex) LaTeX, (.txt) Plain Text, (.txt) Snowie Text +- Import of matches and positions from a number of file formats: (.bkg) Hans Berliner's BKG Format, (.gam) GammonEmpire Game, (.gam) PartyGammon Game, (.mat) Jellyfish Match, (.pos) Jellyfish Position, (.sgf) Gnu Backgammon File, (.sgg) GamesGrid Save Game, (.tmg) TrueMoneyGames, (.txt) Snowie Text +- Python Scripting +- Native language support; 10 languages complete or in progress +- Website: [www.gnubg.org][5] +- Developer: Joseph Heled, Oystein Johansen, Jonathan Kinsey, David Montgomery, Jim Segrave, Joern Thyssen, Gary Wong and contributors +- License: GPL v2 +- Version Number: 1.05.000 + +-------------------------------------------------------------------------------- + +via: http://www.linuxlinks.com/article/20150830011533893/BoardGames.html + +作者:Frazer Kline +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[1]:http://triplea.sourceforge.net/ +[2]:http://domination.sourceforge.net/ +[3]:http://www.pychess.org/ +[4]:http://sourceforge.net/projects/scrabble/ +[5]:http://www.gnubg.org/ \ No newline at end of file diff --git a/sources/talk/20141223 Defending the Free Linux World.md b/sources/talk/20141223 Defending the Free Linux World.md deleted file mode 100644 index 0a552e640d..0000000000 --- a/sources/talk/20141223 Defending the Free Linux World.md +++ /dev/null @@ -1,127 +0,0 @@ -Translating by H-mudcup - -Defending the Free Linux World -================================================================================ -![](http://www.linuxinsider.com/ai/908455/open-invention-network.jpg) - -**Co-opetition is a part of open source. The Open Invention Network model allows companies to decide where they will compete and where they will collaborate, explained OIN CEO Keith Bergelt. As open source evolved, "we had to create channels for collaboration. Otherwise, we would have hundreds of entities spending billions of dollars on the same technology."** - -The [Open Invention Network][1], or OIN, is waging a global campaign to keep Linux out of harm's way in patent litigation. Its efforts have resulted in more than 1,000 companies joining forces to become the largest defense patent management organization in history. - -The Open Invention Network was created in 2005 as a white hat organization to protect Linux from license assaults. It has considerable financial backing from original board members that include Google, IBM, NEC, Novell, Philips, [Red Hat][2] and Sony. Organizations worldwide have joined the OIN community by signing the free OIN license. - -Organizers founded the Open Invention Network as a bold endeavor to leverage intellectual property to protect Linux. Its business model was difficult to comprehend. It asked its members to take a royalty-free license and forever forgo the chance to sue other members over their Linux-oriented intellectual property. - -However, the surge in Linux adoptions since then -- think server and cloud platforms -- has made protecting Linux intellectual property a critically necessary strategy. - -Over the past year or so, there has been a shift in the Linux landscape. OIN is doing a lot less talking to people about what the organization is and a lot less explaining why Linux needs protection. There is now a global awareness of the centrality of Linux, according to Keith Bergelt, CEO of OIN. - -"We have seen a culture shift to recognizing how OIN benefits collaboration," he told LinuxInsider. - -### How It Works ### - -The Open Invention Network uses patents to create a collaborative environment. This approach helps ensure the continuation of innovation that has benefited software vendors, customers, emerging markets and investors. - -Patents owned by Open Invention Network are available royalty-free to any company, institution or individual. All that is required to qualify is the signer's agreement not to assert its patents against the Linux system. - -OIN ensures the openness of the Linux source code. This allows programmers, equipment vendors, independent software vendors and institutions to invest in and use Linux without excessive worry about intellectual property issues. This makes it more economical for companies to repackage, embed and use Linux. - -"With the diffusion of copyright licenses, the need for OIN licenses becomes more acute. People are now looking for a simpler or more utilitarian solution," said Bergelt. - -OIN legal defenses are free of charge to members. Members commit to not initiating patent litigation against the software in OIN's list. They also agree to offer their own patents in defense of that software. Ultimately, these commitments result in access to hundreds of thousands of patents cross-licensed by the network, Bergelt explained. - -### Closing the Legal Loopholes ### - -"What OIN is doing is very essential. It offers another layer of IP protection, said Greg R. Vetter, associate professor of law at the [University of Houston Law Center][3]. - -Version 2 of the GPL license is thought by some to provide an implied patent license, but lawyers always feel better with an explicit license, he told LinuxInsider. - -What OIN provides is something that bridges that gap. It also provides explicit coverage of the Linux kernel. An explicit patent license is not necessarily part of the GPLv2, but it was added in GPLv3, according to Vetter. - -Take the case of a code writer who produces 10,000 lines of code under GPLv3, for example. Over time, other code writers contribute many more lines of code, which adds to the IP. The software patent license provisions in GPLv3 would protect the use of the entire code base under all of the participating contributors' patents, Vetter said. - -### Not Quite the Same ### - -Patents and licenses are overlapping legal constructs. Figuring out how the two entities work with open source software can be like traversing a minefield. - -"Licenses are legal constructs granting additional rights based on, typically, patent and copyright laws. Licenses are thought to give a permission to do something that might otherwise be infringement of someone else's IP rights," Vetter said. - -Many free and open source licenses (such as the Mozilla Public License, the GNU GPLv3, and the Apache Software License) incorporate some form of reciprocal patent rights clearance. Older licenses like BSD and MIT do not mention patents, Vetter pointed out. - -A software license gives someone else certain rights to use the code the programmer created. Copyright to establish ownership is automatic, as soon as someone writes or draws something original. However, copyright covers only that particular expression and derivative works. It does not cover code functionality or ideas for use. - -Patents cover functionality. Patent rights also can be licensed. A copyright may not protect how someone independently developed implementation of another's code, but a patent fills this niche, Vetter explained. - -### Looking for Safe Passage ### - -The mixing of license and patent legalities can appear threatening to open source developers. For some, even the GPL qualifies as threatening, according to William Hurley, cofounder of [Chaotic Moon Studios][4] and [IEEE][5] Computer Society member. - -"Way back in the day, open source was a different world. Driven by mutual respect and a view of code as art, not property, things were far more open than they are today. I believe that many efforts set upon with the best of intentions almost always end up bearing unintended consequences," Hurley told LinuxInsider. - -Surpassing the 1,000-member mark might carry a mixed message about the significance of intellectual property right protection, he suggested. It might just continue to muddy the already murky waters of today's open source ecosystem. - -"At the end of the day, this shows some of the common misconceptions around intellectual property. Having thousands of developers does not decrease risk -- it increases it. The more developers licensing the patents, the more valuable they appear to be," Hurley said. "The more valuable they appear to be, the more likely someone with similar patents or other intellectual property will try to take advantage and extract value for their own financial gain." - -### Sharing While Competing ### - -Co-opetition is a part of open source. The OIN model allows companies to decide where they will compete and where they will collaborate, explained Bergelt. - -"Many of the changes in the evolution of open source in terms of process have moved us into a different direction. We had to create channels for collaboration. Otherwise, we would have hundreds of entities spending billions of dollars on the same technology," he said. - -A glaring example of this is the early evolution of the cellphone industry. Multiple standards were put forward by multiple companies. There was no sharing and no collaboration, noted Bergelt. - -"That damaged our ability to access technology by seven to 10 years in the U.S. Our experience with devices was far behind what everybody else in the world had. We were complacent with GSM (Global System for Mobile Communications) while we were waiting for CDMA (Code Division Multiple Access)," he said. - -### Changing Landscape ### - -OIN experienced a growth surge of 400 new licensees in the last year. That is indicative of a new trend involving open source. - -"The marketplace reached a critical mass where finally people within organizations recognized the need to explicitly collaborate and to compete. The result is doing both at the same time. This can be messy and taxing," Bergelt said. - -However, it is a sustainable transformation driven by a cultural shift in how people think about collaboration and competition. It is also a shift in how people are embracing open source -- and Linux in particular -- as the lead project in the open source community, he explained. - -One indication is that most significant new projects are not being developed under the GPLv3 license. - -### Two Better Than One ### - -"The GPL is incredibly important, but the reality is there are a number of licensing models being used. The relative addressability of patent issues is generally far lower in Eclipse and Apache and Berkeley licenses that it is in GPLv3," said Bergelt. - -GPLv3 is a natural complement for addressing patent issues -- but the GPL is not sufficient on its own to address the issues of potential conflicts around the use of patents. So OIN is designed as a complement to copyright licenses, he added. - -However, the overlap of patent and license may not do much good. In the end, patents are for offensive purposes -- not defensive -- in almost every case, Bergelt suggested. - -"If you are not prepared to take legal action against others, then a patent may not be the best form of legal protection for your intellectual properties," he said. "We now live in a world where the misconceptions around software, both open and proprietary, combined with an ill-conceived and outdated patent system, leave us floundering as an industry and stifling innovation on a daily basis," he said. - -### Court of Last Resort ### - -It would be nice to think the presence of OIN has dampened a flood of litigation, Bergelt said, or at the very least, that OIN's presence is neutralizing specific threats. - -"We are getting people to lay down their arms, so to say. At the same time, we are creating a new cultural norm. Once you buy into patent nonaggression in this model, the correlative effect is to encourage collaboration," he observed. - -If you are committed to collaboration, you tend not to rush to litigation as a first response. Instead, you think in terms of how can we enable you to use what we have and make some money out of it while we use what you have, Bergelt explained. - -"OIN is a multilateral solution. It encourages signers to create bilateral agreements," he said. "That makes litigation the last course of action. That is where it should be." - -### Bottom Line ### - -OIN is working to prevent Linux patent challenges, Bergelt is convinced. There has not been litigation in this space involving Linux. - -The only thing that comes close are the mobile wars with Microsoft, which focus on elements high in the stack. Those legal challenges may be designed to raise the cost of ownership involving the use of Linux products, Bergelt noted. - -Still, "these are not Linux-related law suits," he said. "They do not focus on what is core to Linux. They focus on what is in the Linux system." - --------------------------------------------------------------------------------- - -via: http://www.linuxinsider.com/story/Defending-the-Free-Linux-World-81512.html - -作者:Jack M. Germain -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出 - -[1]:http://www.openinventionnetwork.com/ -[2]:http://www.redhat.com/ -[3]:http://www.law.uh.edu/ -[4]:http://www.chaoticmoon.com/ -[5]:http://www.ieee.org/ diff --git a/sources/talk/20150709 Interviews--Linus Torvalds Answers Your Question.md b/sources/talk/20150709 Interviews--Linus Torvalds Answers Your Question.md index f1420fd0e4..bb04ddf0c8 100644 --- a/sources/talk/20150709 Interviews--Linus Torvalds Answers Your Question.md +++ b/sources/talk/20150709 Interviews--Linus Torvalds Answers Your Question.md @@ -1,4 +1,3 @@ -zpl1025 Interviews: Linus Torvalds Answers Your Question ================================================================================ Last Thursday you had a chance to [ask Linus Torvalds][1] about programming, hardware, and all things Linux. You can read his answers to those questions below. If you'd like to see what he had to say the last time we sat down with him, [you can do so here][2]. diff --git a/sources/talk/20150716 Interview--Larry Wall.md b/sources/talk/20150716 Interview--Larry Wall.md index 1362281517..f3fea9c596 100644 --- a/sources/talk/20150716 Interview--Larry Wall.md +++ b/sources/talk/20150716 Interview--Larry Wall.md @@ -1,4 +1,4 @@ -martin +translating... Interview: Larry Wall ================================================================================ diff --git a/sources/talk/20150818 Debian GNU or Linux Birthday-- A 22 Years of Journey and Still Counting.md b/sources/talk/20150818 Debian GNU or Linux Birthday-- A 22 Years of Journey and Still Counting.md deleted file mode 100644 index f74384b616..0000000000 --- a/sources/talk/20150818 Debian GNU or Linux Birthday-- A 22 Years of Journey and Still Counting.md +++ /dev/null @@ -1,109 +0,0 @@ -Debian GNU/Linux Birthday : A 22 Years of Journey and Still Counting… -================================================================================ -On 16th August 2015, the Debian project has celebrated its 22nd anniversary, making it one of the oldest popular distribution in open source world. Debian project was conceived and founded in the year 1993 by Ian Murdock. By that time Slackware had already made a remarkable presence as one of the earliest Linux Distribution. - -![Happy 22nd Birthday to Debian](http://www.tecmint.com/wp-content/uploads/2014/08/Debian-22nd-Birthday.png) - -Happy 22nd Birthday to Debian Linux - -Ian Ashley Murdock, an American Software Engineer by profession, conceived the idea of Debian project, when he was a student of Purdue University. He named the project Debian after the name of his then-girlfriend Debra Lynn (Deb) and his name. He later married her and then got divorced in January 2008. - -![Ian Murdock](http://www.tecmint.com/wp-content/uploads/2014/08/Ian-Murdock.jpeg) - -Debian Creator: Ian Murdock - -Ian is currently serving as Vice President of Platform and Development Community at ExactTarget. - -Debian (as Slackware) was the result of unavailability of up-to mark Linux Distribution, that time. Ian in an interview said – “Providing the first class Product without profit would be the sole aim of Debian Project. Even Linux was not reliable and up-to mark that time. I Remember…. Moving files between file-system and dealing with voluminous file would often result in Kernel Panic. However the project Linux was promising. The availability of Source Code freely and the potential it seemed was qualitative.” - -I remember … like everyone else I wanted to solve problem, run something like UNIX at home, but it was not possible…neither financially nor legally, in the other sense . Then I come to know about GNU kernel Development and its non-association with any kind of legal issues, he added. He was sponsored by Free Software Foundation (FSF) in the early days when he was working on Debian, it also helped Debian to take a giant step though Ian needed to finish his degree and hence quited FSF roughly after one year of sponsorship. - -### Debian Development History ### - -- **Debian 0.01 – 0.09** : Released between August 1993 – December 1993. -- **Debian 0.91 ** – Released in January 1994 with primitive package system, No dependencies. -- **Debian 0.93 rc5** : March 1995. It is the first modern release of Debian, dpkg was used to install and maintain packages after base system installation. -- **Debian 0.93 rc6**: Released in November 1995. It was last a.out release, deselect made an appearance for the first time – 60 developers were maintaining packages, then at that time. -- **Debian 1.1**: Released in June 1996. Code name – Buzz, Packages count – 474, Package Manager dpkg, Kernel 2.0, ELF. -- **Debian 1.2**: Released in December 1996. Code name – Rex, Packages count – 848, Developers Count – 120. -- **Debian 1.3**: Released in July 1997. Code name – Bo, package count 974, Developers count – 200. -- **Debian 2.0**: Released in July 1998. Code name: Hamm, Support for architecture – Intel i386 and Motorola 68000 series, Number of Packages: 1500+, Number of Developers: 400+, glibc included. -- **Debian 2.1**: Released on March 09, 1999. Code name – slink, support architecture Alpha and Sparc, apt came in picture, Number of package – 2250. -- **Debian 2.2**: Released on August 15, 2000. Code name – Potato, Supported architecture – Intel i386, Motorola 68000 series, Alpha, SUN Sparc, PowerPC and ARM architecture. Number of packages: 3900+ (binary) and 2600+ (Source), Number of Developers – 450. There were a group of people studied and came with an article called Counting potatoes, which shows – How a free software effort could lead to a modern operating system despite all the issues around it. -- **Debian 3.0** : Released on July 19th, 2002. Code name – woody, Architecture supported increased– HP, PA_RISC, IA-64, MIPS and IBM, First release in DVD, Package Count – 8500+, Developers Count – 900+, Cryptography. -- **Debian 3.1**: Release on June 6th, 2005. Code name – sarge, Architecture support – same as woody + AMD64 – Unofficial Port released, Kernel – 2.4 qnd 2.6 series, Number of Packages: 15000+, Number of Developers : 1500+, packages like – OpenOffice Suite, Firefox Browser, Thunderbird, Gnome 2.8, kernel 3.3 Advanced Installation Support: RAID, XFS, LVM, Modular Installer. -- **Debian 4.0**: Released on April 8th, 2007. Code name – etch, architecture support – same as sarge, included AMD64. Number of packages: 18,200+ Developers count : 1030+, Graphical Installer. -- **Debian 5.0**: Released on February 14th, 2009. Code name – lenny, Architecture Support – Same as before + ARM. Number of packages: 23000+, Developers Count: 1010+. -- **Debian 6.0** : Released on July 29th, 2009. Code name – squeeze, Package included : kernel 2.6.32, Gnome 2.3. Xorg 7.5, DKMS included, Dependency-based. Architecture : Same as pervious + kfreebsd-i386 and kfreebsd-amd64, Dependency based booting. -- **Debian 7.0**: Released on may 4, 2013. Code name: wheezy, Support for Multiarch, Tools for private cloud, Improved Installer, Third party repo need removed, full featured multimedia-codec, Kernel 3.2, Xen Hypervisor 4.1.4 Package Count: 37400+. -- **Debian 8.0**: Released on May 25, 2015 and Code name: Jessie, Systemd as the default init system, powered by Kernel 3.16, fast booting, cgroups for services, possibility of isolating part of the services, 43000+ packages. Sysvinit init system available in Jessie. - -**Note**: Linux Kernel initial release was on October 05, 1991 and Debian initial release was on September 15, 1993. So, Debian is there for 22 Years running Linux Kernel which is there for 24 years. - -### Debian Facts ### - -Year 1994 was spent on organizing and managing Debian project so that it would be easy for others to contribute. Hence no release for users were made this year however there were certain internal release. - -Debian 1.0 was never released. A CDROM manufacturer company by mistakenly labelled an unreleased version as Debian 1.0. Hence to avoid confusion Debian 1.0 was released as Debian 1.1 and since then only the concept of official CDROM images came into existence. - -Each release of Debian is a character of Toy Story. - -Debian remains available in old stable, stable, testing and experimental, all the time. - -The Debian Project continues to work on the unstable distribution (codenamed sid, after the evil kid from the Toy Story). Sid is the permanent name for the unstable distribution and is remains ‘Still In Development’. The testing release is intended to become the next stable release and is currently codenamed jessie. - -Debian official distribution includes only Free and OpenSource Software and nothing else. However the availability of contrib and Non-free Packages makes it possible to install those packages which are free but their dependencies are not licensed free (contrib) and Packages licensed under non-free softwares. - -Debian is the mother of a lot of Linux distribution. Some of these Includes: - -- Damn Small Linux -- KNOPPIX -- Linux Advanced -- MEPIS -- Ubuntu -- 64studio (No more active) -- LMDE - -Debian is the world’s largest non commercial Linux Distribution. It is written in C (32.1%) programming language and rest in 70 other languages. - -![Debian Contribution](http://www.tecmint.com/wp-content/uploads/2014/08/Debian-Programming.png) - -Debian Contribution - -Image Source: [Xmodulo][1] - -Debian project contains 68.5 million actual loc (lines of code) + 4.5 million lines of comments and white spaces. - -International Space station dropped Windows & Red Hat for adopting Debian – These astronauts are using one release back – now “squeeze” for stability and strength from community. - -Thank God! Who would have heard the scream from space on Windows Metro Screen :P - -#### The Black Wednesday #### - -On November 20th, 2002 the University of Twente Network Operation Center (NOC) caught fire. The fire department gave up protecting the server area. NOC hosted satie.debian.org which included Security, non-US archive, New Maintainer, quality assurance, databases – Everything was turned to ashes. Later these services were re-built by debian. - -#### The Future Distro #### - -Next in the list is Debian 9, code name – Stretch, what it will have is yet to be revealed. The best is yet to come, Just Wait for it! - -A lot of distribution made an appearance in Linux Distro genre and then disappeared. In most cases managing as it gets bigger was a concern. But certainly this is not the case with Debian. It has hundreds of thousands of developer and maintainer all across the globe. It is a one Distro which was there from the initial days of Linux. - -The contribution of Debian in Linux ecosystem can’t be measured in words. If there had been no Debian, Linux would not have been so rich and user-friendly. Debian is among one of the disto which is considered highly reliable, secure and stable and a perfect choice for Web Servers. - -That’s the beginning of Debian. It came a long way and still going. The Future is Here! The world is here! If you have not used Debian till now, What are you Waiting for. Just Download Your Image and get started, we will be here if you get into trouble. - -- [Debian Homepage][2] - --------------------------------------------------------------------------------- - -via: http://www.tecmint.com/happy-birthday-to-debian-gnu-linux/ - -作者:[Avishek Kumar][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:http://www.tecmint.com/author/avishek/ -[1]:http://xmodulo.com/2013/08/interesting-facts-about-debian-linux.html -[2]:https://www.debian.org/ \ No newline at end of file diff --git a/sources/talk/20150901 Is Linux Right For You.md b/sources/talk/20150901 Is Linux Right For You.md new file mode 100644 index 0000000000..89044347ec --- /dev/null +++ b/sources/talk/20150901 Is Linux Right For You.md @@ -0,0 +1,63 @@ +Is Linux Right For You? +================================================================================ +> Not everyone should opt for Linux -- for many users, remaining with Windows or OSX is the better choice. + +I enjoy using Linux on the desktop. Not because of software politics or because I despise other operating systems. I simply like Linux because it just works. + +It's been my experience that not everyone is cut out for the Linux lifestyle. In this article, I'll help you run through the pros and cons of making the switch to Linux so you can determine if switching is right for you. + +### When to make the switch ### + +Switching to Linux makes sense when there is a decisive reason to do so. The same can be said about moving from Windows to OS X or vice versa. In order to have success with switching, you must be able to identify your reason for jumping ship in the first place. + +For some people, the reason for switching is frustration with their current platform. Maybe the latest upgrade left them with a lousy experience and they're ready to chart new horizons. In other instances, perhaps it's simply a matter of curiosity. Whatever the motivation, you must have a good reason for switching operating systems. If you're pushing yourself in this direction without a good reason, then no one wins. + +However, there are exceptions to every rule. And if you're really interested in trying Linux on the desktop, then maybe coming to terms with a workable compromise is the way to go. + +### Starting off slow ### + +After trying Linux for the first time, I've seen people blast their Windows installation to bits because they had a good experience with Ubuntu on a flash drive for 20 minutes. Folks, this isn't a test. Instead I'd suggest the following: + +- Run the [Linux distro in a virtual machine][1] for a week. This means you are committing to running that distro for all browser work, email and other tasks you might otherwise do on that machine. +- If running a VM for a week is too resource intensive, try doing the same with a USB drive running Linux that offers [some persistent storage][2]. This will allow you to leave your main OS alone and intact. At the same time, you'll still be able to "live inside" of your Linux distribution for a week. +- If you find that everything is successful after a week of running Linux, the next step is to examine how many times you booted into Windows that week. If only occasionally, then the next step is to look into [dual-booting Windows][3] and Linux. For those of you that only found themselves using their Linux distro, it might be worth considering making the switch full time. +- Before you hose your Windows partition completely, it might make more sense to purchase a second hard drive to install Linux onto instead. This allows you to dual-boot, but to do so with ample hard drive space. It also makes Windows available to you if something should come up. + +### What do you gain adopting Linux? ### + +So what does one gain by switching to Linux? Generally it comes down to personal freedom for most people. With Linux, if something isn't to your liking, you're free to change it. Using Linux also saves users oodles of money in avoiding hardware upgrades and unnecessary software expenses. Additionally, you're not burdened with tracking down lost license keys for software. And if you dislike the direction a particular distribution is headed, you can switch to another distribution with minimal hassle. + +The sheer volume of desktop choice on the Linux desktop is staggering. This level of choice might even seem overwhelming to the newcomer. But if you find a distro base (Debian, Fedora, Arch, etc) that you like, the hard work is already done. All you need to do now is find a variation of the distro and the desktop environment you prefer. + +Now one of the most common complaints I hear is that there isn't much in the way of software for Linux. However, this isn't accurate at all. While other operating systems may have more of it, today's Linux desktop has applications to do just about anything you can think of. Video editing (home and pro-level), photography, office management, remote access, music (listening and creation), plus much, much more. + +### What you lose adopting Linux? ### + +As much as I enjoy using Linux, my wife's home office relies on OS X. She's perfectly content using Linux for some tasks, however she relies on OS X for specific software not available for Linux. This is a common problem that many people face when first looking at making the switch. You must decide whether or not you're going to be losing out on critical software if you make the switch. + +Sometimes the issue is because the software has content locked down with it. In other cases, it's a workflow and functionality that was found with the legacy applications and not with the software available for Linux. I myself have never experienced this type of challenge, but I know those who have. Many of the software titles available for Linux are also available for other operating systems. So if there is a concern about such things, I encourage you to try out comparable apps on your native OS first. + +Another thing you might lose by switching to Linux is the luxury of local support when you need it. People scoff at this, but I know of countless instances where a newcomer to Linux was dismayed to find their only recourse for solving Linux challenges was from strangers on the Web. This is especially problematic if their only PC is the one having issues. Windows and OS X users are spoiled in that there are endless support techs in cities all over the world that support their platform(s). + +### How to proceed from here ### + +Perhaps the single biggest piece of advice to remember is always have a fallback plan. Remember, once you wipe that copy of Windows 10 from your hard drive, you may find yourself spending money to get it reinstalled. This is especially true for those of you who upgrade from other Windows releases. Accepting this, persistent flash drives with Linux or dual-booting Windows and Linux is always a preferable way forward for newcomers. Odds are that you may be just fine and take to Linux like a fish to water. But having that fallback plan in place just means you'll sleep better at night. + +If instead you've been relying on a dual-boot installation for weeks and feel ready to take the plunge, then by all means do it. Wipe your drive and start off with a clean installation of your favorite Linux distribution. I've been a full time Linux enthusiast for years and I can tell you for certain, it's a great feeling. How long? Let's just say my first Linux experience was with early Red Hat. I finally installed a dedicated installation on my laptop by 2003. + +Existing Linux enthusiasts, where did you first get started? Was your switch an exciting one or was it filled with angst? Hit the Comments and share your experiences. + +-------------------------------------------------------------------------------- + +via: http://www.datamation.com/open-source/is-linux-right-for-you.html + +作者:[Matt Hartley][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://www.datamation.com/author/Matt-Hartley-3080.html +[1]:http://www.psychocats.net/ubuntu/virtualbox +[2]:http://www.howtogeek.com/howto/14912/create-a-persistent-bootable-ubuntu-usb-flash-drive/ +[3]:http://www.linuxandubuntu.com/home/dual-boot-ubuntu-15-04-14-10-and-windows-10-8-1-8-step-by-step-tutorial-with-screenshots \ No newline at end of file diff --git a/sources/tech/20150202 How to filter BGP routes in Quagga BGP router.md b/sources/tech/20150202 How to filter BGP routes in Quagga BGP router.md index d92c47c774..f227e0c506 100644 --- a/sources/tech/20150202 How to filter BGP routes in Quagga BGP router.md +++ b/sources/tech/20150202 How to filter BGP routes in Quagga BGP router.md @@ -1,3 +1,4 @@ +[bazz222] How to filter BGP routes in Quagga BGP router ================================================================================ In the [previous tutorial][1], we demonstrated how to turn a CentOS box into a BGP router using Quagga. We also covered basic BGP peering and prefix exchange setup. In this tutorial, we will focus on how we can control incoming and outgoing BGP prefixes by using **prefix-list** and **route-map**. @@ -198,4 +199,4 @@ via: http://xmodulo.com/filter-bgp-routes-quagga-bgp-router.html 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出 [a]:http://xmodulo.com/author/sarmed -[1]:http://xmodulo.com/centos-bgp-router-quagga.html \ No newline at end of file +[1]:http://xmodulo.com/centos-bgp-router-quagga.html diff --git a/sources/tech/20150813 Howto Run JBoss Data Virtualization GA with OData in Docker Container.md b/sources/tech/20150813 Howto Run JBoss Data Virtualization GA with OData in Docker Container.md deleted file mode 100644 index 007f16493b..0000000000 --- a/sources/tech/20150813 Howto Run JBoss Data Virtualization GA with OData in Docker Container.md +++ /dev/null @@ -1,102 +0,0 @@ -Howto Run JBoss Data Virtualization GA with OData in Docker Container -================================================================================ -Hi everyone, today we'll learn how to run JBoss Data Virtualization 6.0.0.GA with OData in a Docker Container. JBoss Data Virtualization is a data supply and integration solution platform that transforms various scatered multiple sources data, treats them as single source and delivers the required data into actionable information at business speed to any applications or users. JBoss Data Virtualization can help us easily combine and transform data into reusable business friendly data models and make unified data easily consumable through open standard interfaces. It offers comprehensive data abstraction, federation, integration, transformation, and delivery capabilities to combine data from one or multiple sources into reusable for agile data utilization and sharing.For more information about JBoss Data Virtualization, we can check out [its official page][1]. Docker is an open source platform that provides an open platform to pack, ship and run any application as a lightweight container. Running JBoss Data Virtualization with OData in Docker Container makes us easy to handle and launch. - -Here are some easy to follow tutorial on how we can run JBoss Data Virtualization with OData in Docker Container. - -### 1. Cloning the Repository ### - -First of all, we'll wanna clone the repository of OData with Data Virtualization ie [https://github.com/jbossdemocentral/dv-odata-docker-integration-demo][2] using git command. As we have an Ubuntu 15.04 distribution of linux running in our machine. We'll need to install git initially using apt-get command. - - # apt-get install git - -Then after installing git, we'll wanna clone the repository by running the command below. - - # git clone https://github.com/jbossdemocentral/dv-odata-docker-integration-demo - - Cloning into 'dv-odata-docker-integration-demo'... - remote: Counting objects: 96, done. - remote: Total 96 (delta 0), reused 0 (delta 0), pack-reused 96 - Unpacking objects: 100% (96/96), done. - Checking connectivity... done. - -### 2. Downloading JBoss Data Virtualization Installer ### - -Now, we'll need to download JBoss Data Virtualization Installer from the Download Page ie [http://www.jboss.org/products/datavirt/download/][3] . After we download **jboss-dv-installer-6.0.0.GA-redhat-4.jar**, we'll need to keep it under the directory named **software**. - -### 3. Building the Docker Image ### - -Next, after we have downloaded the JBoss Data Virtualization installer, we'll then go for building the docker image using the Dockerfile and its resources we had just cloned from the repository. - - # cd dv-odata-docker-integration-demo/ - # docker build -t jbossdv600 . - - ... - Step 22 : USER jboss - ---> Running in 129f701febd0 - ---> 342941381e37 - Removing intermediate container 129f701febd0 - Step 23 : EXPOSE 8080 9990 31000 - ---> Running in 61e6d2c26081 - ---> 351159bb6280 - Removing intermediate container 61e6d2c26081 - Step 24 : CMD $JBOSS_HOME/bin/standalone.sh -c standalone.xml -b 0.0.0.0 -bmanagement 0.0.0.0 - ---> Running in a9fed69b3000 - ---> 407053dc470e - Removing intermediate container a9fed69b3000 - Successfully built 407053dc470e - -Note: Here, we assume that you have already installed docker and is running in your machine. - -### 4. Starting the Docker Container ### - -As we have built the Docker Image of JBoss Data Virtualization with oData, we'll now gonna run the docker container and expose its port with -P flag. To do so, we'll run the following command. - - # docker run -p 8080:8080 -d -t jbossdv600 - - 7765dee9cd59c49ca26850e88f97c21f46859d2dc1d74166353d898773214c9c - -### 5. Getting the Container IP ### - -After we have started the Docker Container, we'll wanna get the IP address of the running docker container. To do so, we'll run the docker inspect command followed by the running container id. - - # docker inspect <$containerID> - - ... - "NetworkSettings": { - "Bridge": "", - "EndpointID": "3e94c5900ac5954354a89591a8740ce2c653efde9232876bc94878e891564b39", - "Gateway": "172.17.42.1", - "GlobalIPv6Address": "", - "GlobalIPv6PrefixLen": 0, - "HairpinMode": false, - "IPAddress": "172.17.0.8", - "IPPrefixLen": 16, - "IPv6Gateway": "", - "LinkLocalIPv6Address": "", - "LinkLocalIPv6PrefixLen": 0, - -### 6. Web Interface ### - -Now, if everything went as expected as done above, we'll gonna see the login screen of JBoss Data Virtualization with oData when pointing our web browser to http://container-ip:8080/ and the JBoss Management from http://container-ip:9990. The Management credentials for username is admin and password is redhat1! whereas the Data virtualization credentials for username is user and password is user . After that, we can navigate the contents via the web interface. - -**Note**: It is strongly recommended to change the password as soon as possible after the first login. Thanks :) - -### Conclusion ### - -Finally we've successfully run Docker Container running JBoss Data Virtualization with OData Multisource Virtual Database. JBoss Data Virtualization is really an awesome platform for the virtualization of data from different multiple source and transform them into reusable business friendly data models and produces data easily consumable through open standard interfaces. The deployment of JBoss Data Virtualization with OData Multisource Virtual Database has been very easy, secure and fast to setup with the Docker Technology. If you have any questions, suggestions, feedback please write them in the comment box below so that we can improve or update our contents. Thank you ! Enjoy :-) - --------------------------------------------------------------------------------- - -via: http://linoxide.com/linux-how-to/run-jboss-data-virtualization-ga-odata-docker-container/ - -作者:[Arun Pyasi][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:http://linoxide.com/author/arunp/ -[1]:http://www.redhat.com/en/technologies/jboss-middleware/data-virtualization -[2]:https://github.com/jbossdemocentral/dv-odata-docker-integration-demo -[3]:http://www.jboss.org/products/datavirt/download/ diff --git a/sources/tech/20150824 Fix No Bootable Device Found Error After Installing Ubuntu.md b/sources/tech/20150824 Fix No Bootable Device Found Error After Installing Ubuntu.md deleted file mode 100644 index 3281a51137..0000000000 --- a/sources/tech/20150824 Fix No Bootable Device Found Error After Installing Ubuntu.md +++ /dev/null @@ -1,97 +0,0 @@ -Fix No Bootable Device Found Error After Installing Ubuntu -================================================================================ -Usually, I dual boot Ubuntu and Windows but this time I decided to go for a clean Ubuntu installation i.e. eliminating Windows completely. After the clean install of Ubuntu, I ended up with a screen saying **no bootable device found** instead of the Grub screen. Clearly, the installation messed up with the UEFI boot settings. - -![No Bootable Device Found After Installing Ubuntu](http://itsfoss.itsfoss.netdna-cdn.com/wp-content/uploads/2015/08/No_Bootable_Device_Found_1.jpg) - -I am going to show you how I fixed **no bootable device found error after installing Ubuntu in Acer laptops**. It is important that I mention that I am using Acer Aspire R13 because we have to change things in firmware settings and those settings might look different from manufacturer to manufacturer and from device to device. - -So before you go on trying the steps mentioned here, let’s first see what state my computer was in during this error: - -- My Acer Aspire R13 came preinstalled with Windows 8.1 and with UEFI boot manager -- Secure boot was not turned off (my laptop has just come from repair and the service guy had put the secure boot on again, I did not know until I ran up in the problem). You can read this post to know [how disable secure boot in Acer laptops][1] -- I chose to install Ubuntu by erasing everything i.e. existing Windows 8.1, various partitions etc. -- After installing Ubuntu, I saw no bootable device found error while booting from the hard disk. Booting from live USB worked just fine - -In my opinion, not disabling the secure boot was the reason of this error. However, I have no data to backup my claim. It is just a hunch. Interestingly, dual booting Windows and Linux often ends up in common Grub issues like these two: - -- [error: no such partition grub rescue][2] -- [Minimal BASH like line editing is supported][3] - -If you are in similar situation, you can try the fix which worked for me. - -### Fix no bootable device found error after installing Ubuntu ### - -Pardon me for poor quality images. My OnePlus camera seems to be not very happy with my laptop screen. - -#### Step 1 #### - -Turn the power off and boot into boot settings. I had to press Fn+F2 (to press F2 key) on Acer Aspire R13 quickly. You have to be very quick with it if you are using SSD hard disk because SSDs are very fast in booting. Depending upon your manufacturer/model, you might need to use Del or F10 or F12 keys. - -#### Step 2 #### - -In the boot settings, make sure that Secure Boot is turned on. It should be under the Boot tab. - -#### Step 3 #### - -Go to Security tab and look for “Select an UEFI file as trusted for executing” and click enter. - -![Fix no bootable device found ](http://itsfoss.itsfoss.netdna-cdn.com/wp-content/uploads/2015/08/No_Bootable_Device_Found_2.jpg) - -Just for your information, what we are going to do here is to add the UEFI settings file (it was generated while Ubuntu installation) among the trusted UEFI boots in your device. If you remember, UEFI boot’s main aim is to provide security and since Secure Boot was not disabled (perhaps) the device did not intend to boot from the newly installed OS. Adding it as trusted, kind of whitelisting, will let the device boot from the Ubuntu UEFI file. - -#### Step 4 #### - -You should see your hard disk like HDD0 etc here. If you have more than one hard disk, I hope you remember where did you install Ubuntu. Press Enter here as well. - -![Fix no bootable device found in boot settings](http://itsfoss.itsfoss.netdna-cdn.com/wp-content/uploads/2015/08/No_Bootable_Device_Found_3.jpg) - -#### Step 5 #### - -You should see here. Press enter. - -![Fix settings in UEFI](http://itsfoss.itsfoss.netdna-cdn.com/wp-content/uploads/2015/08/No_Bootable_Device_Found_4.jpg) - -#### Step 6 #### - -You’ll see in next screen. Don’t get impatient, you are almost there - -![Fixing boot error after installing Ubuntu](http://itsfoss.itsfoss.netdna-cdn.com/wp-content/uploads/2015/08/No_Bootable_Device_Found_5.jpg) - -#### Step 7 #### - -You’ll see shimx64.efi, grubx64.efi and MokManager.efi file here. The important one is shimx64.efi here. Select it and click enter. - - -![Fix no bootable device found](http://itsfoss.itsfoss.netdna-cdn.com/wp-content/uploads/2015/08/No_Bootable_Device_Found_6.jpg) - -In next screen, type Yes and click enter. - -![No_Bootable_Device_Found_7](http://itsfoss.itsfoss.netdna-cdn.com/wp-content/uploads/2015/08/No_Bootable_Device_Found_7.jpg) - -#### Step 8 #### - -Once we have added it as trused EFI file to be executed, press F10 to save and exit. - -![Save and exist firmware settings](http://itsfoss.itsfoss.netdna-cdn.com/wp-content/uploads/2015/08/No_Bootable_Device_Found_8.jpg) - -Reboot your system and this time you should be seeing the familiar Grub screen. Even if you do not see Grub screen, you should at least not be seeing “no bootable device found” screen anymore. You should be able to boot into Ubuntu. - -If your Grub screen was messed up after the fix but you got to login into it, you can reinstall Grub to boot into the familiar purple Grub screen of Ubuntu. - -I hope this tutorial helped you to fix no bootable device found error. Any questions or suggestions or a word of thanks is always welcomed. - --------------------------------------------------------------------------------- - -via: http://itsfoss.com/no-bootable-device-found-ubuntu/ - -作者:[Abhishek][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:http://itsfoss.com/author/abhishek/ -[1]:http://itsfoss.com/disable-secure-boot-in-acer/ -[2]:http://itsfoss.com/solve-error-partition-grub-rescue-ubuntu-linux/ -[3]:http://itsfoss.com/fix-minimal-bash-line-editing-supported-grub-error-linux/ \ No newline at end of file diff --git a/sources/tech/20150826 How to set up a system status page of your infrastructure.md b/sources/tech/20150826 How to set up a system status page of your infrastructure.md deleted file mode 100644 index f696e91638..0000000000 --- a/sources/tech/20150826 How to set up a system status page of your infrastructure.md +++ /dev/null @@ -1,295 +0,0 @@ -wyangsun translating -How to set up a system status page of your infrastructure -================================================================================ -If you are a system administrator who is responsible for critical IT infrastructure or services of your organization, you will understand the importance of effective communication in your day-to-day tasks. Suppose your production storage server is on fire. You want your entire team on the same page in order to resolve the issue as fast as you can. While you are at it, you don't want half of all users contacting you asking why they cannot access their documents. When a scheduled maintenance is coming up, you want to notify interested parties of the event ahead of the schedule, so that unnecessary support tickets can be avoided. - -All these require some sort of streamlined communication channel between you, your team and people you serve. One way to achieve that is to maintain a centralized system status page, where the detail of downtime incidents, progress updates and maintenance schedules are reported and chronicled. That way, you can minimize unnecessary distractions during downtime, and also have any interested party informed and opt-in for any status update. - -One good **open-source, self-hosted system status page solution** is [Cachet][1]. In this tutorial, I am going to describe how to set up a self-hosted system status page using Cachet. - -### Cachet Features ### - -Before going into the detail of setting up Cachet, let me briefly introduce its main features. - -- **Full JSON API**: The Cachet API allows you to connect any external program or script (e.g., uptime script) to Cachet to report incidents or update status automatically. -- **Authentication**: Cachet supports Basic Auth and API token in JSON API, so that only authorized personnel can update the status page. -- **Metrics system**: This is useful to visualize custom data over time (e.g., server load or response time). -- **Notification**: Optionally you can send notification emails about reported incidents to anyone who signed up to the status page. -- **Multiple languages**: The status page can be translated into 11 different languages. -- **Two factor authentication**: This allows you to lock your Cachet admin account with Google's two-factor authentication. -- **Cross database support**: You can choose between MySQL, SQLite, Redis, APC, and PostgreSQL for a backend storage. - -In the rest of the tutorial, I explain how to install and configure Cachet on Linux. - -### Step One: Download and Install Cachet ### - -Cachet requires a web server and a backend database to operate. In this tutorial, I am going to use the LAMP stack. Here are distro-specific instructions to install Cachet and LAMP stack. - -#### Debian, Ubuntu or Linux Mint #### - - $ sudo apt-get install curl git apache2 mysql-server mysql-client php5 php5-mysql - $ sudo git clone https://github.com/cachethq/Cachet.git /var/www/cachet - $ cd /var/www/cachet - $ sudo git checkout v1.1.1 - $ sudo chown -R www-data:www-data . - -For more detail on setting up LAMP stack on Debian-based systems, refer to [this tutorial][2]. - -#### Fedora, CentOS or RHEL #### - -On Red Hat based systems, you first need to [enable REMI repository][3] (to meet PHP version requirement). Then proceed as follows. - - $ sudo yum install curl git httpd mariadb-server - $ sudo yum --enablerepo=remi-php56 install php php-mysql php-mbstring - $ sudo git clone https://github.com/cachethq/Cachet.git /var/www/cachet - $ cd /var/www/cachet - $ sudo git checkout v1.1.1 - $ sudo chown -R apache:apache . - $ sudo firewall-cmd --permanent --zone=public --add-service=http - $ sudo firewall-cmd --reload - $ sudo systemctl enable httpd.service; sudo systemctl start httpd.service - $ sudo systemctl enable mariadb.service; sudo systemctl start mariadb.service - -For more details on setting up LAMP on Red Hat-based systems, refer to [this tutorial][4]. - -### Configure a Backend Database for Cachet ### - -The next step is to configure database backend. - -Log in to MySQL/MariaDB server, and create an empty database called 'cachet'. - - $ sudo mysql -uroot -p - ----------- - - mysql> create database cachet; - mysql> quit - -Now create a Cachet configuration file by using a sample configuration file. - - $ cd /var/www/cachet - $ sudo mv .env.example .env - -In .env file, fill in database information (i.e., DB_*) according to your setup. Leave other fields unchanged for now. - - APP_ENV=production - APP_DEBUG=false - APP_URL=http://localhost - APP_KEY=SomeRandomString - - DB_DRIVER=mysql - DB_HOST=localhost - DB_DATABASE=cachet - DB_USERNAME=root - DB_PASSWORD= - - CACHE_DRIVER=apc - SESSION_DRIVER=apc - QUEUE_DRIVER=database - - MAIL_DRIVER=smtp - MAIL_HOST=mailtrap.io - MAIL_PORT=2525 - MAIL_USERNAME=null - MAIL_PASSWORD=null - MAIL_ADDRESS=null - MAIL_NAME=null - - REDIS_HOST=null - REDIS_DATABASE=null - REDIS_PORT=null - -### Step Three: Install PHP Dependencies and Perform DB Migration ### - -Next, we are going to install necessary PHP dependencies. For that we will use composer. If you do not have composer installed on your system, install it first: - - $ curl -sS https://getcomposer.org/installer | sudo php -- --install-dir=/usr/local/bin --filename=composer - -Now go ahead and install PHP dependencies using composer. - - $ cd /var/www/cachet - $ sudo composer install --no-dev -o - -Next, perform one-time database migration. This step will populate the empty database we created earlier with necessary tables. - - $ sudo php artisan migrate - -Assuming the database config in /var/www/cachet/.env is correct, database migration should be completed successfully as shown below. - -![](https://farm6.staticflickr.com/5814/20235620184_54048676b0_c.jpg) - -Next, create a security key, which will be used to encrypt the data entered in Cachet. - - $ sudo php artisan key:generate - $ sudo php artisan config:cache - -![](https://farm6.staticflickr.com/5717/20831952096_7105c9fdc7_c.jpg) - -The generated app key will be automatically added to the APP_KEY variable of your .env file. No need to edit .env on your own here. - -### Step Four: Configure Apache HTTP Server ### - -Now it's time to configure the web server that Cachet will be running on. As we are using Apache HTTP server, create a new [virtual host][5] for Cachet as follows. - -#### Debian, Ubuntu or Linux Mint #### - - $ sudo vi /etc/apache2/sites-available/cachet.conf - ----------- - - - ServerName cachethost - ServerAlias cachethost - DocumentRoot "/var/www/cachet/public" - - Require all granted - Options Indexes FollowSymLinks - AllowOverride All - Order allow,deny - Allow from all - - - -Enable the new Virtual Host and mod_rewrite with: - - $ sudo a2ensite cachet.conf - $ sudo a2enmod rewrite - $ sudo service apache2 restart - -#### Fedora, CentOS or RHEL #### - -On Red Hat based systems, create a virtual host file as follows. - - $ sudo vi /etc/httpd/conf.d/cachet.conf - ----------- - - - ServerName cachethost - ServerAlias cachethost - DocumentRoot "/var/www/cachet/public" - - Require all granted - Options Indexes FollowSymLinks - AllowOverride All - Order allow,deny - Allow from all - - - -Now reload Apache configuration: - - $ sudo systemctl reload httpd.service - -### Step Five: Configure /etc/hosts for Testing Cachet ### - -At this point, the initial Cachet status page should be up and running, and now it's time to test. - -Since Cachet is configured as a virtual host of Apache HTTP server, we need to tweak /etc/hosts of your client computer to be able to access it. Here the client computer is the one from which you will be accessing the Cachet page. - -Open /etc/hosts, and add the following entry. - - $ sudo vi /etc/hosts - ----------- - - cachethost - -In the above, the name "cachethost" must match with ServerName specified in the Apache virtual host file for Cachet. - -### Test Cachet Status Page ### - -Now you are ready to access Cachet status page. Type http://cachethost in your browser address bar. You will be redirected to the initial Cachet setup page as follows. - -![](https://farm6.staticflickr.com/5745/20858228815_405fce1301_c.jpg) - -Choose cache/session driver. Here let's choose "File" for both cache and session drivers. - -Next, type basic information about the status page (e.g., site name, domain, timezone and language), as well as administrator account. - -![](https://farm1.staticflickr.com/611/20237229693_c22014e4fd_c.jpg) - -![](https://farm6.staticflickr.com/5707/20858228875_b056c9e1b4_c.jpg) - -![](https://farm6.staticflickr.com/5653/20671482009_8629572886_c.jpg) - -Your initial status page will finally be ready. - -![](https://farm6.staticflickr.com/5692/20237229793_f6a48f379a_c.jpg) - -Go ahead and create components (units of your system), incidents or any scheduled maintenance as you want. - -For example, to add a new component: - -![](https://farm6.staticflickr.com/5672/20848624752_9d2e0a07be_c.jpg) - -To add a scheduled maintenance: - -This is what the public Cachet status page looks like: - -![](https://farm1.staticflickr.com/577/20848624842_df68c0026d_c.jpg) - -With SMTP integration, you can send out emails on status updates to any subscribers. Also, you can fully customize the layout and style of the status page using CSS and markdown formatting. - -### Conclusion ### - -Cachet is pretty easy-to-use, self-hosted status page software. One of the nicest features of Cachet is its support for full JSON API. Using its RESTful API, one can easily hook up Cachet with separate monitoring backends (e.g., [Nagios][6]), and feed Cachet with incident reports and status updates automatically. This is far quicker and efficient than manually manage a status page. - -As final words, I'd like to mention one thing. While setting up a fancy status page with Cachet is straightforward, making the best use of the software is not as easy as installing it. You need total commitment from the IT team on updating the status page in an accurate and timely manner, thereby building credibility of the published information. At the same time, you need to educate users to turn to the status page. At the end of the day, it would be pointless to set up a status page if it's not populated well, and/or no one is checking it. Remember this when you consider deploying Cachet in your work environment. - -### Troubleshooting ### - -As a bonus, here are some useful troubleshooting tips in case you encounter problems while setting up Cachet. - -1. The Cachet page does not load anything, and you are getting the following error. - - production.ERROR: exception 'RuntimeException' with message 'No supported encrypter found. The cipher and / or key length are invalid.' in /var/www/cachet/bootstrap/cache/compiled.php:6695 - -**Solution**: Make sure that you create an app key, as well as clear configuration cache as follows. - - $ cd /path/to/cachet - $ sudo php artisan key:generate - $ sudo php artisan config:cache - -2. You are getting the following error while invoking composer command. - - - danielstjules/stringy 1.10.0 requires ext-mbstring * -the requested PHP extension mbstring is missing from your system. - - laravel/framework v5.1.8 requires ext-mbstring * -the requested PHP extension mbstring is missing from your system. - - league/commonmark 0.10.0 requires ext-mbstring * -the requested PHP extension mbstring is missing from your system. - -**Solution**: Make sure to install the required PHP extension mbstring on your system which is compatible with your PHP. On Red Hat based system, since we installed PHP from REMI-56 repository, we install the extension from the same repository. - - $ sudo yum --enablerepo=remi-php56 install php-mbstring - -3. You are getting a blank page while trying to access Cachet status page. The HTTP log shows the following error. - - PHP Fatal error: Uncaught exception 'UnexpectedValueException' with message 'The stream or file "/var/www/cachet/storage/logs/laravel-2015-08-21.log" could not be opened: failed to open stream: Permission denied' in /var/www/cachet/bootstrap/cache/compiled.php:12851 - -**Solution**: Try the following commands. - - $ cd /var/www/cachet - $ sudo php artisan cache:clear - $ sudo chmod -R 777 storage - $ sudo composer dump-autoload - -If the above solution does not work, try disabling SELinux: - - $ sudo setenforce 0 - --------------------------------------------------------------------------------- - -via: http://xmodulo.com/setup-system-status-page.html - -作者:[Dan Nanni][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:http://xmodulo.com/author/nanni -[1]:https://cachethq.io/ -[2]:http://xmodulo.com/install-lamp-stack-ubuntu-server.html -[3]:http://ask.xmodulo.com/install-remi-repository-centos-rhel.html -[4]:http://xmodulo.com/install-lamp-stack-centos.html -[5]:http://xmodulo.com/configure-virtual-hosts-apache-http-server.html -[6]:http://xmodulo.com/monitor-common-services-nagios.html diff --git a/sources/tech/20150827 How to Convert From RPM to DEB and DEB to RPM Package Using Alien.md b/sources/tech/20150827 How to Convert From RPM to DEB and DEB to RPM Package Using Alien.md deleted file mode 100644 index 2d3f203676..0000000000 --- a/sources/tech/20150827 How to Convert From RPM to DEB and DEB to RPM Package Using Alien.md +++ /dev/null @@ -1,159 +0,0 @@ -How to Convert From RPM to DEB and DEB to RPM Package Using Alien -================================================================================ -As I’m sure you already know, there are plenty of ways to install software in Linux: using the package management system provided by your distribution ([aptitude, yum, or zypper][1], to name a few examples), compiling from source (though somewhat rare these days, it was the only method available during the early days of Linux), or utilizing a low level tool such as dpkg or rpm with .deb and .rpm standalone, precompiled packages, respectively. - -![Convert RPM to DEB and DEB to RPM](http://www.tecmint.com/wp-content/uploads/2015/08/Convert-RPM-to-DEB-and-DEB-to-RPM.png) - -Convert RPM to DEB and DEB to RPM Package Using Alien - -In this article we will introduce you to alien, a tool that converts between different Linux package formats, with .rpm to .deb (and vice versa) being the most common usage. - -This tool, even when its author is no longer maintaining it and states in his website that alien will always probably remain in experimental status, can come in handy if you need a certain type of package but can only find that program in another package format. - -For example, alien saved my day once when I was looking for a .deb driver for a inkjet printer and couldn’t find any – the manufacturer only provided a .rpm package. I installed alien, converted the package, and before long I was able to use my printer without issues. - -That said, we must clarify that this utility should not be used to replace important system files and libraries since they are set up differently across distributions. Only use alien as a last resort if the suggested installation methods at the beginning of this article are out of the question for the required program. - -Last but not least, we must note that even though we will use CentOS and Debian in this article, alien is also known to work in Slackware and even in Solaris, besides the first two distributions and their respective families. - -### Step 1: Installing Alien and Dependencies ### - -To install alien in CentOS/RHEL 7, you will need to enable the EPEL and the Nux Dextop (yes, it’s Dextop – not Desktop) repositories, in that order: - - # yum install epel-release - # rpm --import http://li.nux.ro/download/nux/RPM-GPG-KEY-nux.ro - -The latest version of the package that enables this repository is currently 0.5 (published on Aug. 10, 2015). You should check [http://li.nux.ro/download/nux/dextop/el7/x86_64/][2] to see whether there’s a newer version before proceeding further: - - # rpm -Uvh http://li.nux.ro/download/nux/dextop/el7/x86_64/nux-dextop-release-0-5.el7.nux.noarch.rpm - -then do, - - # yum update && yum install alien - -In Fedora, you will only need to run the last command. - -In Debian and derivatives, simply do: - - # aptitude install alien - -### Step 2: Converting from .deb to .rpm Package ### - -For this test we have chosen dateutils, which provides a set of date and time utilities to deal with large amounts of financial data. We will download the .deb package to our CentOS 7 box, convert it to .rpm and install it: - -![Check CentOS Version](http://www.tecmint.com/wp-content/uploads/2015/08/Check-Linux-OS-Version.png) - -Check CentOS Version - - # cat /etc/centos-release - # wget http://ftp.us.debian.org/debian/pool/main/d/dateutils/dateutils_0.3.1-1.1_amd64.deb - # alien --to-rpm --scripts dateutils_0.3.1-1.1_amd64.deb - -![Convert .deb to .rpm package in Linux](http://www.tecmint.com/wp-content/uploads/2015/08/Convert-deb-to-rpm-package.png) - -Convert .deb to .rpm package in Linux - -**Important**: (Please note how, by default, alien increases the version minor number of the target package. If you want to override this behavior, add the –keep-version flag). - -If we try to install the package right away, we will run into a slight issue: - - # rpm -Uvh dateutils-0.3.1-2.1.x86_64.rpm - -![Install RPM Package](http://www.tecmint.com/wp-content/uploads/2015/08/Install-RPM-Package.png) - -Install RPM Package - -To solve this issue, we will enable the epel-testing repository and install the rpmrebuild utility to edit the settings of the package to be rebuilt: - - # yum --enablerepo=epel-testing install rpmrebuild - -Then run, - - # rpmrebuild -pe dateutils-0.3.1-2.1.x86_64.rpm - -Which will open up your default text editor. Go to the `%files` section and delete the lines that refer to the directories mentioned in the error message, then save the file and exit: - -![Convert .deb to Alien Version](http://www.tecmint.com/wp-content/uploads/2015/08/Convert-Deb-Package-to-Alien-Version.png) - -Convert .deb to Alien Version - -When you exit the file you will be prompted to continue with the rebuild. If you choose Y, the file will be rebuilt into the specified directory (different than the current working directory): - - # rpmrebuild –pe dateutils-0.3.1-2.1.x86_64.rpm - -![Build RPM Package](http://www.tecmint.com/wp-content/uploads/2015/08/Build-RPM-Package.png) - -Build RPM Package - -Now you can proceed to install the package and verify as usual: - - # rpm -Uvh /root/rpmbuild/RPMS/x86_64/dateutils-0.3.1-2.1.x86_64.rpm - # rpm -qa | grep dateutils - -![Install Build RPM Package](http://www.tecmint.com/wp-content/uploads/2015/08/Install-Build-RPM-Package.png) - -Install Build RPM Package - -Finally, you can list the individual tools that were included with dateutils and alternatively check their respective man pages: - - # ls -l /usr/bin | grep dateutils - -![Verify Installed RPM Package](http://www.tecmint.com/wp-content/uploads/2015/08/Verify-Installed-Package.png) - -Verify Installed RPM Package - -### Step 3: Converting from .rpm to .deb Package ### - -In this section we will illustrate how to convert from .rpm to .deb. In a 32-bit Debian Wheezy box, let’s download the .rpm package for the zsh shell from the CentOS 6 OS repository. Note that this shell is not available by default in Debian and derivatives. - - # cat /etc/shells - # lsb_release -a | tail -n 4 - -![Check Shell and Debian OS Version](http://www.tecmint.com/wp-content/uploads/2015/08/Check-Shell-Debian-OS-Version.png) - -Check Shell and Debian OS Version - - # wget http://mirror.centos.org/centos/6/os/i386/Packages/zsh-4.3.11-4.el6.centos.i686.rpm - # alien --to-deb --scripts zsh-4.3.11-4.el6.centos.i686.rpm - -You can safely disregard the messages about a missing signature: - -![Convert .rpm to .deb Package](http://www.tecmint.com/wp-content/uploads/2015/08/Convert-rpm-to-deb-Package.png) - -Convert .rpm to .deb Package - -After a few moments, the .deb file should have been generated and be ready to install: - - # dpkg -i zsh_4.3.11-5_i386.deb - -![Install RPM Converted Deb Package](http://www.tecmint.com/wp-content/uploads/2015/08/Install-Deb-Package.png) - -Install RPM Converted Deb Package - -After the installation, you can verify that zsh is added to the list of valid shells: - - # cat /etc/shells - -![Confirm Installed Zsh Package](http://www.tecmint.com/wp-content/uploads/2015/08/Confirm-Installed-Package.png) - -Confirm Installed Zsh Package - -### Summary ### - -In this article we have explained how to convert from .rpm to .deb and vice versa to install packages as a last resort when such programs are not available in the repositories or as distributable source code. You will want to bookmark this article because all of us will need alien at one time or another. - -Feel free to share your thoughts about this article using the form below. - --------------------------------------------------------------------------------- - -via: http://www.tecmint.com/convert-from-rpm-to-deb-and-deb-to-rpm-package-using-alien/ - -作者:[Gabriel Cánepa][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:http://www.tecmint.com/author/gacanepa/ -[1]:http://www.tecmint.com/linux-package-management/ -[2]:http://li.nux.ro/download/nux/dextop/el7/x86_64/ \ No newline at end of file diff --git a/sources/tech/20150831 How to switch from NetworkManager to systemd-networkd on Linux.md b/sources/tech/20150831 How to switch from NetworkManager to systemd-networkd on Linux.md new file mode 100644 index 0000000000..bc7ebee015 --- /dev/null +++ b/sources/tech/20150831 How to switch from NetworkManager to systemd-networkd on Linux.md @@ -0,0 +1,167 @@ +Translating by Ping + +How to switch from NetworkManager to systemd-networkd on Linux +================================================================================ +In the world of Linux, adoption of [systemd][1] has been a subject of heated controversy, and the debate between its proponents and critics is still going on. As of today, most major Linux distributions have adopted systemd as a default init system. + +Billed as a "never finished, never complete, but tracking progress of technology" by its author, systemd is not just the init daemon, but is designed as a more broad system and service management platform which encompasses the growing ecosystem of core system daemons, libraries and utilities. + +One of many additions to **systemd** is **systemd-networkd**, which is responsible for network configuration within the systemd ecosystem. Using systemd-networkd, you can configure basic DHCP/static IP networking for network devices. It can also configure virtual networking features such as bridges, tunnels or VLANs. Wireless networking is not directly handled by systemd-networkd, but you can use wpa_supplicant service to configure wireless adapters, and then hook it up with **systemd-networkd**. + +On many Linux distributions, NetworkManager has been and is still used as a default network configuration manager. Compared to NetworkManager, **systemd-networkd** is still under active development, and missing features. For example, it does not have NetworkManager's intelligence to keep your computer connected across various interfaces at all times. It does not provide ifup/ifdown hooks for advanced scripting. Yet, systemd-networkd is integrated well with the rest of systemd components (e.g., **resolved** for DNS, **timesyncd** for NTP, udevd for naming), and the role of **systemd-networkd** may only grow over time in the systemd environment. + +If you are happy with the way **systemd** is evolving, one thing you can consider is to switch from NetworkManager to systemd-networkd. If you are feverishly against systemd, and perfectly happy with NetworkManager or [basic network service][2], that is totally cool. + +But for those of you who want to try out systemd-networkd, you can read on, and find out in this tutorial how to switch from NetworkManager to systemd-networkd on Linux. + +### Requirement ### + +systemd-networkd is available in systemd version 210 and higher. Thus distributions like Debian 8 "Jessie" (systemd 215), Fedora 21 (systemd 217), Ubuntu 15.04 (systemd 219) or later are compatible with systemd-networkd. + +For other distributions, check the version of your systemd before proceeding. + + $ systemctl --version + +### Switch from Network Manager to Systemd-Networkd ### + +It is relatively straightforward to switch from Network Manager to systemd-networkd (and vice versa). + +First, disable Network Manager service, and enable systemd-networkd as follows. + + $ sudo systemctl disable NetworkManager + $ sudo systemctl enable systemd-networkd + +You also need to enable **systemd-resolved** service, which is used by systemd-networkd for network name resolution. This service implements a caching DNS server. + + $ sudo systemctl enable systemd-resolved + $ sudo systemctl start systemd-resolved + +Once started, **systemd-resolved** will create its own resolv.conf somewhere under /run/systemd directory. However, it is a common practise to store DNS resolver information in /etc/resolv.conf, and many applications still rely on /etc/resolv.conf. Thus for compatibility reason, create a symlink to /etc/resolv.conf as follows. + + $ sudo rm /etc/resolv.conf + $ sudo ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf + +### Configure Network Connections with Systemd-networkd ### + +To configure network devices with systemd-networkd, you must specify configuration information in text files with .network extension. These network configuration files are then stored and loaded from /etc/systemd/network. When there are multiple files, systemd-networkd loads and processes them one by one in lexical order. + +Let's start by creating a folder /etc/systemd/network. + + $ sudo mkdir /etc/systemd/network + +#### DHCP Networking #### + +Let's configure DHCP networking first. For this, create the following configuration file. The name of a file can be arbitrary, but remember that files are processed in lexical order. + + $ sudo vi /etc/systemd/network/20-dhcp.network + +---------- + + [Match] + Name=enp3* + + [Network] + DHCP=yes + +As you can see above, each network configuration file contains one or more "sections" with each section preceded by [XXX] heading. Each section contains one or more key/value pairs. The [Match] section determine which network device(s) are configured by this configuration file. For example, this file matches any network interface whose name starts with ens3 (e.g., enp3s0, enp3s1, enp3s2, etc). For matched interface(s), it then applies DHCP network configuration specified under [Network] section. + +### Static IP Networking ### + +If you want to assign a static IP address to a network interface, create the following configuration file. + + $ sudo vi /etc/systemd/network/10-static-enp3s0.network + +---------- + + [Match] + Name=enp3s0 + + [Network] + Address=192.168.10.50/24 + Gateway=192.168.10.1 + DNS=8.8.8.8 + +As you can guess, the interface enp3s0 will be assigned an address 192.168.10.50/24, a default gateway 192.168.10.1, and a DNS server 8.8.8.8. One subtlety here is that the name of an interface enp3s0, in facts, matches the pattern rule defined in the earlier DHCP configuration as well. However, since the file "10-static-enp3s0.network" is processed before "20-dhcp.network" according to lexical order, the static configuration takes priority over DHCP configuration in case of enp3s0 interface. + +Once you are done with creating configuration files, restart systemd-networkd service or reboot. + + $ sudo systemctl restart systemd-networkd + +Check the status of the service by running: + + $ systemctl status systemd-networkd + $ systemctl status systemd-resolved + +![](https://farm1.staticflickr.com/719/21010813392_76abe123ed_c.jpg) + +### Configure Virtual Network Devices with Systemd-networkd ### + +**systemd-networkd** also allows you to configure virtual network devices such as bridges, VLANs, tunnel, VXLAN, bonding, etc. You must configure these virtual devices in files with .netdev extension. + +Here I'll show how to configure a bridge interface. + +#### Linux Bridge #### + +If you want to create a Linux bridge (br0) and add a physical interface (eth1) to the bridge, create the following configuration. + + $ sudo vi /etc/systemd/network/bridge-br0.netdev + +---------- + + [NetDev] + Name=br0 + Kind=bridge + +Then configure the bridge interface br0 and the slave interface eth1 using .network files as follows. + + $ sudo vi /etc/systemd/network/bridge-br0-slave.network + +---------- + + [Match] + Name=eth1 + + [Network] + Bridge=br0 + +---------- + + $ sudo vi /etc/systemd/network/bridge-br0.network + +---------- + + [Match] + Name=br0 + + [Network] + Address=192.168.10.100/24 + Gateway=192.168.10.1 + DNS=8.8.8.8 + +Finally, restart systemd-networkd: + + $ sudo systemctl restart systemd-networkd + +You can use [brctl tool][3] to verify that a bridge br0 has been created. + +### Summary ### + +When systemd promises to be a system manager for Linux, it is no wonder something like systemd-networkd came into being to manage network configurations. At this stage, however, systemd-networkd seems more suitable for a server environment where network configurations are relatively stable. For desktop/laptop environments which involve various transient wired/wireless interfaces, NetworkManager may still be a preferred choice. + +For those who want to check out more on systemd-networkd, refer to the official [man page][4] for a complete list of supported sections and keys. + +-------------------------------------------------------------------------------- + +via: http://xmodulo.com/switch-from-networkmanager-to-systemd-networkd.html + +作者:[Dan Nanni][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://xmodulo.com/author/nanni +[1]:http://xmodulo.com/use-systemd-system-administration-debian.html +[2]:http://xmodulo.com/disable-network-manager-linux.html +[3]:http://xmodulo.com/how-to-configure-linux-bridge-interface.html +[4]:http://www.freedesktop.org/software/systemd/man/systemd.network.html diff --git a/sources/tech/20150831 Linux workstation security checklist.md b/sources/tech/20150831 Linux workstation security checklist.md new file mode 100644 index 0000000000..9ef46339d0 --- /dev/null +++ b/sources/tech/20150831 Linux workstation security checklist.md @@ -0,0 +1,801 @@ +wyangsun translating +Linux workstation security checklist +================================================================================ +This is a set of recommendations used by the Linux Foundation for their systems +administrators. All of LF employees are remote workers and we use this set of +guidelines to ensure that a sysadmin's system passes core security requirements +in order to reduce the risk of it becoming an attack vector against the rest +of our infrastructure. + +Even if your systems administrators are not remote workers, chances are that +they perform a lot of their work either from a portable laptop in a work +environment, or set up their home systems to access the work infrastructure +for after-hours/emergency support. In either case, you can adapt this set of +recommendations to suit your environment. + +This, by no means, is an exhaustive "workstation hardening" document, but +rather an attempt at a set of baseline recommendations to avoid most glaring +security errors without introducing too much inconvenience. You may read this +document and think it is way too paranoid, while someone else may think this +barely scratches the surface. Security is just like driving on the highway -- +anyone going slower than you is an idiot, while anyone driving faster than you +is a crazy person. These guidelines are merely a basic set of core safety +rules that is neither exhaustive, nor a replacement for experience, vigilance, +and common sense. + +Each section is split into two areas: + +- The checklist that can be adapted to your project's needs +- Free-form list of considerations that explain what dictated these decisions + +## Severity levels + +The items in each checklist include the severity level, which we hope will help +guide your decision: + +- _(CRITICAL)_ items should definitely be high on the consideration list. + If not implemented, they will introduce high risks to your workstation + security. +- _(MODERATE)_ items will improve your security posture, but are less + important, especially if they interfere too much with your workflow. +- _(LOW)_ items may improve the overall security, but may not be worth the + convenience trade-offs. +- _(PARANOID)_ is reserved for items we feel will dramatically improve your + workstation security, but will probably require a lot of adjustment to the + way you interact with your operating system. + +Remember, these are only guidelines. If you feel these severity levels do not +reflect your project's commitment to security, you should adjust them as you +see fit. + +## Choosing the right hardware + +We do not mandate that our admins use a specific vendor or a specific model, so +this section addresses core considerations when choosing a work system. + +### Checklist + +- [ ] System supports SecureBoot _(CRITICAL)_ +- [ ] System has no firewire, thunderbolt or ExpressCard ports _(MODERATE)_ +- [ ] System has a TPM chip _(LOW)_ + +### Considerations + +#### SecureBoot + +Despite its controversial nature, SecureBoot offers prevention against many +attacks targeting workstations (Rootkits, "Evil Maid," etc), without +introducing too much extra hassle. It will not stop a truly dedicated attacker, +plus there is a pretty high degree of certainty that state security agencies +have ways to defeat it (probably by design), but having SecureBoot is better +than having nothing at all. + +Alternatively, you may set up [Anti Evil Maid][1] which offers a more +wholesome protection against the type of attacks that SecureBoot is supposed +to prevent, but it will require more effort to set up and maintain. + +#### Firewire, thunderbolt, and ExpressCard ports + +Firewire is a standard that, by design, allows any connecting device full +direct memory access to your system ([see Wikipedia][2]). Thunderbolt and +ExpressCard are guilty of the same, though some later implementations of +Thunderbolt attempt to limit the scope of memory access. It is best if the +system you are getting has none of these ports, but it is not critical, as +they usually can be turned off via UEFI or disabled in the kernel itself. + +#### TPM Chip + +Trusted Platform Module (TPM) is a crypto chip bundled with the motherboard +separately from the core processor, which can be used for additional platform +security (such as to store full-disk encryption keys), but is not normally used +for day-to-day workstation operation. At best, this is a nice-to-have, unless +you have a specific need to use TPM for your workstation security. + +## Pre-boot environment + +This is a set of recommendations for your workstation before you even start +with OS installation. + +### Checklist + +- [ ] UEFI boot mode is used (not legacy BIOS) _(CRITICAL)_ +- [ ] Password is required to enter UEFI configuration _(CRITICAL)_ +- [ ] SecureBoot is enabled _(CRITICAL)_ +- [ ] UEFI-level password is required to boot the system _(LOW)_ + +### Considerations + +#### UEFI and SecureBoot + +UEFI, with all its warts, offers a lot of goodies that legacy BIOS doesn't, +such as SecureBoot. Most modern systems come with UEFI mode on by default. + +Make sure a strong password is required to enter UEFI configuration mode. Pay +attention, as many manufacturers quietly limit the length of the password you +are allowed to use, so you may need to choose high-entropy short passwords vs. +long passphrases (see below for more on passphrases). + +Depending on the Linux distribution you decide to use, you may or may not have +to jump through additional hoops in order to import your distribution's +SecureBoot key that would allow you to boot the distro. Many distributions have +partnered with Microsoft to sign their released kernels with a key that is +already recognized by most system manufacturers, therefore saving you the +trouble of having to deal with key importing. + +As an extra measure, before someone is allowed to even get to the boot +partition and try some badness there, let's make them enter a password. This +password should be different from your UEFI management password, in order to +prevent shoulder-surfing. If you shut down and start a lot, you may choose to +not bother with this, as you will already have to enter a LUKS passphrase and +this will save you a few extra keystrokes. + +## Distro choice considerations + +Chances are you'll stick with a fairly widely-used distribution such as Fedora, +Ubuntu, Arch, Debian, or one of their close spin-offs. In any case, this is +what you should consider when picking a distribution to use. + +### Checklist + +- [ ] Has a robust MAC/RBAC implementation (SELinux/AppArmor/Grsecurity) _(CRITICAL)_ +- [ ] Publishes security bulletins _(CRITICAL)_ +- [ ] Provides timely security patches _(CRITICAL)_ +- [ ] Provides cryptographic verification of packages _(CRITICAL)_ +- [ ] Fully supports UEFI and SecureBoot _(CRITICAL)_ +- [ ] Has robust native full disk encryption support _(CRITICAL)_ + +### Considerations + +#### SELinux, AppArmor, and GrSecurity/PaX + +Mandatory Access Controls (MAC) or Role-Based Access Controls (RBAC) are an +extension of the basic user/group security mechanism used in legacy POSIX +systems. Most distributions these days either already come bundled with a +MAC/RBAC implementation (Fedora, Ubuntu), or provide a mechanism to add it via +an optional post-installation step (Gentoo, Arch, Debian). Obviously, it is +highly advised that you pick a distribution that comes pre-configured with a +MAC/RBAC system, but if you have strong feelings about a distribution that +doesn't have one enabled by default, do plan to configure it +post-installation. + +Distributions that do not provide any MAC/RBAC mechanisms should be strongly +avoided, as traditional POSIX user- and group-based security should be +considered insufficient in this day and age. If you would like to start out +with a MAC/RBAC workstation, AppArmor and PaX are generally considered easier +to learn than SELinux. Furthermore, on a workstation, where there are few or +no externally listening daemons, and where user-run applications pose the +highest risk, GrSecurity/PaX will _probably_ offer more security benefits than +SELinux. + +#### Distro security bulletins + +Most of the widely used distributions have a mechanism to deliver security +bulletins to their users, but if you are fond of something esoteric, check +whether the developers have a documented mechanism of alerting the users about +security vulnerabilities and patches. Absence of such mechanism is a major +warning sign that the distribution is not mature enough to be considered for a +primary admin workstation. + +#### Timely and trusted security updates + +Most of the widely used distributions deliver regular security updates, but is +worth checking to ensure that critical package updates are provided in a +timely fashion. Avoid using spin-offs and "community rebuilds" for this +reason, as they routinely delay security updates due to having to wait for the +upstream distribution to release it first. + +You'll be hard-pressed to find a distribution that does not use cryptographic +signatures on packages, updates metadata, or both. That being said, fairly +widely used distributions have been known to go for years before introducing +this basic security measure (Arch, I'm looking at you), so this is a thing +worth checking. + +#### Distros supporting UEFI and SecureBoot + +Check that the distribution supports UEFI and SecureBoot. Find out whether it +requires importing an extra key or whether it signs its boot kernels with a key +already trusted by systems manufacturers (e.g. via an agreement with +Microsoft). Some distributions do not support UEFI/SecureBoot but offer +alternatives to ensure tamper-proof or tamper-evident boot environments +([Qubes-OS][3] uses Anti Evil Maid, mentioned earlier). If a distribution +doesn't support SecureBoot and has no mechanisms to prevent boot-level attacks, +look elsewhere. + +#### Full disk encryption + +Full disk encryption is a requirement for securing data at rest, and is +supported by most distributions. As an alternative, systems with +self-encrypting hard drives may be used (normally implemented via the on-board +TPM chip) and offer comparable levels of security plus faster operation, but at +a considerably higher cost. + +## Distro installation guidelines + +All distributions are different, but here are general guidelines: + +### Checklist + +- [ ] Use full disk encryption (LUKS) with a robust passphrase _(CRITICAL)_ +- [ ] Make sure swap is also encrypted _(CRITICAL)_ +- [ ] Require a password to edit bootloader (can be same as LUKS) _(CRITICAL)_ +- [ ] Set up a robust root password (can be same as LUKS) _(CRITICAL)_ +- [ ] Use an unprivileged account, part of administrators group _(CRITICAL)_ +- [ ] Set up a robust user-account password, different from root _(CRITICAL)_ + +### Considerations + +#### Full disk encryption + +Unless you are using self-encrypting hard drives, it is important to configure +your installer to fully encrypt all the disks that will be used for storing +your data and your system files. It is not sufficient to simply encrypt the +user directory via auto-mounting cryptfs loop files (I'm looking at you, older +versions of Ubuntu), as this offers no protection for system binaries or swap, +which is likely to contain a slew of sensitive data. The recommended +encryption strategy is to encrypt the LVM device, so only one passphrase is +required during the boot process. + +The `/boot` partition will always remain unencrypted, as the bootloader needs +to be able to actually boot the kernel before invoking LUKS/dm-crypt. The +kernel image itself should be protected against tampering with a cryptographic +signature checked by SecureBoot. + +In other words, `/boot` should always be the only unencrypted partition on your +system. + +#### Choosing good passphrases + +Modern Linux systems have no limitation of password/passphrase length, so the +only real limitation is your level of paranoia and your stubbornness. If you +boot your system a lot, you will probably have to type at least two different +passwords: one to unlock LUKS, and another one to log in, so having long +passphrases will probably get old really fast. Pick passphrases that are 2-3 +words long, easy to type, and preferably from rich/mixed vocabularies. + +Examples of good passphrases (yes, you can use spaces): +- nature abhors roombas +- 12 in-flight Jebediahs +- perdon, tengo flatulence + +You can also stick with non-vocabulary passwords that are at least 10-12 +characters long, if you prefer that to typing passphrases. + +Unless you have concerns about physical security, it is fine to write down your +passphrases and keep them in a safe place away from your work desk. + +#### Root, user passwords and the admin group + +We recommend that you use the same passphrase for your root password as you +use for your LUKS encryption (unless you share your laptop with other trusted +people who should be able to unlock the drives, but shouldn't be able to +become root). If you are the sole user of the laptop, then having your root +password be different from your LUKS password has no meaningful security +advantages. Generally, you can use the same passphrase for your UEFI +administration, disk encryption, and root account -- knowing any of these will +give an attacker full control of your system anyway, so there is little +security benefit to have them be different on a single-user workstation. + +You should have a different, but equally strong password for your regular user +account that you will be using for day-to-day tasks. This user should be member +of the admin group (e.g. `wheel` or similar, depending on the distribution), +allowing you to perform `sudo` to elevate privileges. + +In other words, if you are the sole user on your workstation, you should have 2 +distinct, robust, equally strong passphrases you will need to remember: + +**Admin-level**, used in the following locations: + +- UEFI administration +- Bootloader (GRUB) +- Disk encryption (LUKS) +- Workstation admin (root user) + +**User-level**, used for the following: + +- User account and sudo +- Master password for the password manager + +All of them, obviously, can be different if there is a compelling reason. + +## Post-installation hardening + +Post-installation security hardening will depend greatly on your distribution +of choice, so it is futile to provide detailed instructions in a general +document such as this one. However, here are some steps you should take: + +### Checklist + +- [ ] Globally disable firewire and thunderbolt modules _(CRITICAL)_ +- [ ] Check your firewalls to ensure all incoming ports are filtered _(CRITICAL)_ +- [ ] Make sure root mail is forwarded to an account you check _(CRITICAL)_ +- [ ] Check to ensure sshd service is disabled by default _(MODERATE)_ +- [ ] Set up an automatic OS update schedule, or update reminders _(MODERATE)_ +- [ ] Configure the screensaver to auto-lock after a period of inactivity _(MODERATE)_ +- [ ] Set up logwatch _(MODERATE)_ +- [ ] Install and use rkhunter _(LOW)_ +- [ ] Install an Intrusion Detection System _(PARANOID)_ + +### Considerations + +#### Blacklisting modules + +To blacklist a firewire and thunderbolt modules, add the following lines to a +file in `/etc/modprobe.d/blacklist-dma.conf`: + + blacklist firewire-core + blacklist thunderbolt + +The modules will be blacklisted upon reboot. It doesn't hurt doing this even if +you don't have these ports (but it doesn't do anything either). + +#### Root mail + +By default, root mail is just saved on the system and tends to never be read. +Make sure you set your `/etc/aliases` to forward root mail to a mailbox that +you actually read, otherwise you may miss important system notifications and +reports: + + # Person who should get root's mail + root: bob@example.com + +Run `newaliases` after this edit and test it out to make sure that it actually +gets delivered, as some email providers will reject email coming in from +nonexistent or non-routable domain names. If that is the case, you will need to +play with your mail forwarding configuration until this actually works. + +#### Firewalls, sshd, and listening daemons + +The default firewall settings will depend on your distribution, but many of +them will allow incoming `sshd` ports. Unless you have a compelling legitimate +reason to allow incoming ssh, you should filter that out and disable the `sshd` +daemon. + + systemctl disable sshd.service + systemctl stop sshd.service + +You can always start it temporarily if you need to use it. + +In general, your system shouldn't have any listening ports apart from +responding to ping. This will help safeguard you against network-level 0-day +exploits. + +#### Automatic updates or notifications + +It is recommended to turn on automatic updates, unless you have a very good +reason not to do so, such as fear that an automatic update would render your +system unusable (it's happened in the past, so this fear is not unfounded). At +the very least, you should enable automatic notifications of available updates. +Most distributions already have this service automatically running for you, so +chances are you don't have to do anything. Consult your distribution +documentation to find out more. + +You should apply all outstanding errata as soon as possible, even if something +isn't specifically labeled as "security update" or has an associated CVE code. +All bugs have the potential of being security bugs and erring on the side of +newer, unknown bugs is _generally_ a safer strategy than sticking with old, +known ones. + +#### Watching logs + +You should have a keen interest in what happens on your system. For this +reason, you should install `logwatch` and configure it to send nightly activity +reports of everything that happens on your system. This won't prevent a +dedicated attacker, but is a good safety-net feature to have in place. + +Note, that many systemd distros will no longer automatically install a syslog +server that `logwatch` needs (due to systemd relying on its own journal), so +you will need to install and enable `rsyslog` to make sure your `/var/log` is +not empty before logwatch will be of any use. + +#### Rkhunter and IDS + +Installing `rkhunter` and an intrusion detection system (IDS) like `aide` or +`tripwire` will not be that useful unless you actually understand how they work +and take the necessary steps to set them up properly (such as, keeping the +databases on external media, running checks from a trusted environment, +remembering to refresh the hash databases after performing system updates and +configuration changes, etc). If you are not willing to take these steps and +adjust how you do things on your own workstation, these tools will introduce +hassle without any tangible security benefit. + +We do recommend that you install `rkhunter` and run it nightly. It's fairly +easy to learn and use, and though it will not deter a sophisticated attacker, +it may help you catch your own mistakes. + +## Personal workstation backups + +Workstation backups tend to be overlooked or done in a haphazard, often unsafe +manner. + +### Checklist + +- [ ] Set up encrypted workstation backups to external storage _(CRITICAL)_ +- [ ] Use zero-knowledge backup tools for cloud backups _(MODERATE)_ + +### Considerations + +#### Full encrypted backups to external storage + +It is handy to have an external hard drive where one can dump full backups +without having to worry about such things like bandwidth and upstream speeds +(in this day and age most providers still offer dramatically asymmetric +upload/download speeds). Needless to say, this hard drive needs to be in itself +encrypted (again, via LUKS), or you should use a backup tool that creates +encrypted backups, such as `duplicity` or its GUI companion, `deja-dup`. I +recommend using the latter with a good randomly generated passphrase, stored in +your password manager. If you travel with your laptop, leave this drive at home +to have something to come back to in case your laptop is lost or stolen. + +In addition to your home directory, you should also back up `/etc` and +`/var/log` for various forensic purposes. + +Above all, avoid copying your home directory onto any unencrypted storage, even +as a quick way to move your files around between systems, as you will most +certainly forget to erase it once you're done, exposing potentially private or +otherwise security sensitive data to snooping hands -- especially if you keep +that storage media in the same bag with your laptop. + +#### Selective zero-knowledge backups off-site + +Off-site backups are also extremely important and can be done either to your +employer, if they offer space for it, or to a cloud provider. You can set up a +separate duplicity/deja-dup profile to only include most important files in +order to avoid transferring huge amounts of data that you don't really care to +back up off-site (internet cache, music, downloads, etc). + +Alternatively, you can use a zero-knowledge backup tool, such as +[SpiderOak][5], which offers an excellent Linux GUI tool and has additional +useful features such as synchronizing content between multiple systems and +platforms. + +## Best practices + +What follows is a curated list of best practices that we think you should +adopt. It is most certainly non-exhaustive, but rather attempts to offer +practical advice that strikes a workable balance between security and overall +usability. + +### Browsing + +There is no question that the web browser will be the piece of software with +the largest and the most exposed attack surface on your system. It is a tool +written specifically to download and execute untrusted, frequently hostile +code. It attempts to shield you from this danger by employing multiple +mechanisms such as sandboxes and code sanitization, but they have all been +previously defeated on multiple occasions. You should learn to approach +browsing websites as the most insecure activity you'll engage in on any given +day. + +There are several ways you can reduce the impact of a compromised browser, but +the truly effective ways will require significant changes in the way you +operate your workstation. + +#### 1: Use two different browsers + +This is the easiest to do, but only offers minor security benefits. Not all +browser compromises give an attacker full unfettered access to your system -- +sometimes they are limited to allowing one to read local browser storage, +steal active sessions from other tabs, capture input entered into the browser, +etc. Using two different browsers, one for work/high security sites, and +another for everything else will help prevent minor compromises from giving +attackers access to the whole cookie jar. The main inconvenience will be the +amount of memory consumed by two different browser processes. + +Here's what we recommend: + +##### Firefox for work and high security sites + +Use Firefox to access work-related sites, where extra care should be taken to +ensure that data like cookies, sessions, login information, keystrokes, etc, +should most definitely not fall into attackers' hands. You should NOT use +this browser for accessing any other sites except select few. + +You should install the following Firefox add-ons: + +- [ ] NoScript _(CRITICAL)_ + - NoScript prevents active content from loading, except from user + whitelisted domains. It is a great hassle to use with your default browser + (though offers really good security benefits), so we recommend only + enabling it on the browser you use to access work-related sites. + +- [ ] Privacy Badger _(CRITICAL)_ + - EFF's Privacy Badger will prevent most external trackers and ad platforms + from being loaded, which will help avoid compromises on these tracking + sites from affecting your browser (trackers and ad sites are very commonly + targeted by attackers, as they allow rapid infection of thousands of + systems worldwide). + +- [ ] HTTPS Everywhere _(CRITICAL)_ + - This EFF-developed Add-on will ensure that most of your sites are accessed + over a secure connection, even if a link you click is using http:// (great + to avoid a number of attacks, such as [SSL-strip][7]). + +- [ ] Certificate Patrol _(MODERATE)_ + - This tool will alert you if the site you're accessing has recently changed + their TLS certificates -- especially if it wasn't nearing expiration dates + or if it is now using a different certification authority. It helps + alert you if someone is trying to man-in-the-middle your connection, + but generates a lot of benign false-positives. + +You should leave Firefox as your default browser for opening links, as +NoScript will prevent most active content from loading or executing. + +##### Chrome/Chromium for everything else + +Chromium developers are ahead of Firefox in adding a lot of nice security +features (at least [on Linux][6]), such as seccomp sandboxes, kernel user +namespaces, etc, which act as an added layer of isolation between the sites +you visit and the rest of your system. Chromium is the upstream open-source +project, and Chrome is Google's proprietary binary build based on it (insert +the usual paranoid caution about not using it for anything you don't want +Google to know about). + +It is recommended that you install **Privacy Badger** and **HTTPS Everywhere** +extensions in Chrome as well and give it a distinct theme from Firefox to +indicate that this is your "untrusted sites" browser. + +#### 2: Use two different browsers, one inside a dedicated VM + +This is a similar recommendation to the above, except you will add an extra +step of running Chrome inside a dedicated VM that you access via a fast +protocol, allowing you to share clipboards and forward sound events (e.g. +Spice or RDP). This will add an excellent layer of isolation between the +untrusted browser and the rest of your work environment, ensuring that +attackers who manage to fully compromise your browser will then have to +additionally break out of the VM isolation layer in order to get to the rest +of your system. + +This is a surprisingly workable configuration, but requires a lot of RAM and +fast processors that can handle the increased load. It will also require an +important amount of dedication on the part of the admin who will need to +adjust their work practices accordingly. + +#### 3: Fully separate your work and play environments via virtualization + +See [Qubes-OS project][3], which strives to provide a high-security +workstation environment via compartmentalizing your applications into separate +fully isolated VMs. + +### Password managers + +#### Checklist + +- [ ] Use a password manager _(CRITICAL_) +- [ ] Use unique passwords on unrelated sites _(CRITICAL)_ +- [ ] Use a password manager that supports team sharing _(MODERATE)_ +- [ ] Use a separate password manager for non-website accounts _(PARANOID)_ + +#### Considerations + +Using good, unique passwords should be a critical requirement for every member +of your team. Credential theft is happening all the time -- either via +compromised computers, stolen database dumps, remote site exploits, or any +number of other means. No credentials should ever be reused across sites, +especially for critical applications. + +##### In-browser password manager + +Every browser has a mechanism for saving passwords that is fairly secure and +can sync with vendor-maintained cloud storage while keeping the data encrypted +with a user-provided passphrase. However, this mechanism has important +disadvantages: + +1. It does not work across browsers +2. It does not offer any way of sharing credentials with team members + +There are several well-supported, free-or-cheap password managers that are +well-integrated into multiple browsers, work across platforms, and offer +group sharing (usually as a paid service). Solutions can be easily found via +search engines. + +##### Standalone password manager + +One of the major drawbacks of any password manager that comes integrated with +the browser is the fact that it's part of the application that is most likely +to be attacked by intruders. If this makes you uncomfortable (and it should), +you may choose to have two different password managers -- one for websites +that is integrated into your browser, and one that runs as a standalone +application. The latter can be used to store high-risk credentials such as +root passwords, database passwords, other shell account credentials, etc. + +It may be particularly useful to have such tool for sharing superuser account +credentials with other members of your team (server root passwords, ILO +passwords, database admin passwords, bootloader passwords, etc). + +A few tools can help you: + +- [KeePassX][8], which improves team sharing in version 2 +- [Pass][9], which uses text files and PGP and integrates with git +- [Django-Pstore][10], which uses GPG to share credentials between admins +- [Hiera-Eyaml][11], which, if you are already using Puppet for your + infrastructure, may be a handy way to track your server/service credentials + as part of your encrypted Hiera data store + +### Securing SSH and PGP private keys + +Personal encryption keys, including SSH and PGP private keys, are going to be +the most prized items on your workstation -- something the attackers will be +most interested in obtaining, as that would allow them to further attack your +infrastructure or impersonate you to other admins. You should take extra steps +to ensure that your private keys are well protected against theft. + +#### Checklist + +- [ ] Strong passphrases are used to protect private keys _(CRITICAL)_ +- [ ] PGP Master key is stored on removable storage _(MODERATE)_ +- [ ] Auth, Sign and Encrypt Subkeys are stored on a smartcard device _(MODERATE)_ +- [ ] SSH is configured to use PGP Auth key as ssh private key _(MODERATE)_ + +#### Considerations + +The best way to prevent private key theft is to use a smartcard to store your +encryption private keys and never copy them onto the workstation. There are +several manufacturers that offer OpenPGP capable devices: + +- [Kernel Concepts][12], where you can purchase both the OpenPGP compatible + smartcards and the USB readers, should you need one. +- [Yubikey NEO][13], which offers OpenPGP smartcard functionality in addition + to many other cool features (U2F, PIV, HOTP, etc). + +It is also important to make sure that the master PGP key is not stored on the +main workstation, and only subkeys are used. The master key will only be +needed when signing someone else's keys or creating new subkeys -- operations +which do not happen very frequently. You may follow [the Debian's subkeys][14] +guide to learn how to move your master key to removable storage and how to +create subkeys. + +You should then configure your gnupg agent to act as ssh agent and use the +smartcard-based PGP Auth key to act as your ssh private key. We publish a +[detailed guide][15] on how to do that using either a smartcard reader or a +Yubikey NEO. + +If you are not willing to go that far, at least make sure you have a strong +passphrase on both your PGP private key and your SSH private key, which will +make it harder for attackers to steal and use them. + +### SELinux on the workstation + +If you are using a distribution that comes bundled with SELinux (such as +Fedora), here are some recommendation of how to make the best use of it to +maximize your workstation security. + +#### Checklist + +- [ ] Make sure SELinux is enforcing on your workstation _(CRITICAL)_ +- [ ] Never blindly run `audit2allow -M`, always check _(CRITICAL)_ +- [ ] Never `setenforce 0` _(MODERATE)_ +- [ ] Switch your account to SELinux user `staff_u` _(MODERATE)_ + +#### Considerations + +SELinux is a Mandatory Access Controls (MAC) extension to core POSIX +permissions functionality. It is mature, robust, and has come a long way since +its initial roll-out. Regardless, many sysadmins to this day repeat the +outdated mantra of "just turn it off." + +That being said, SELinux will have limited security benefits on the +workstation, as most applications you will be running as a user are going to +be running unconfined. It does provide enough net benefit to warrant leaving +it on, as it will likely help prevent an attacker from escalating privileges +to gain root-level access via a vulnerable daemon service. + +Our recommendation is to leave it on and enforcing. + +##### Never `setenforce 0` + +It's tempting to use `setenforce 0` to flip SELinux into permissive mode +on a temporary basis, but you should avoid doing that. This essentially turns +off SELinux for the entire system, while what you really want is to +troubleshoot a particular application or daemon. + +Instead of `setenforce 0` you should be using `semanage permissive -a +[somedomain_t]` to put only that domain into permissive mode. First, find out +which domain is causing troubles by running `ausearch`: + + ausearch -ts recent -m avc + +and then look for `scontext=` (source SELinux context) line, like so: + + scontext=staff_u:staff_r:gpg_pinentry_t:s0-s0:c0.c1023 + ^^^^^^^^^^^^^^ + +This tells you that the domain being denied is `gpg_pinentry_t`, so if you +want to troubleshoot the application, you should add it to permissive domains: + + semange permissive -a gpg_pinentry_t + +This will allow you to use the application and collect the rest of the AVCs, +which you can then use in conjunction with `audit2allow` to write a local +policy. Once that is done and you see no new AVC denials, you can remove that +domain from permissive by running: + + semanage permissive -d gpg_pinentry_t + +##### Use your workstation as SELinux role staff_r + +SELinux comes with a native implementation of roles that prohibit or grant +certain privileges based on the role associated with the user account. As an +administrator, you should be using the `staff_r` role, which will restrict +access to many configuration and other security-sensitive files, unless you +first perform `sudo`. + +By default, accounts are created as `unconfined_r` and most applications you +execute will run unconfined, without any (or with only very few) SELinux +constraints. To switch your account to the `staff_r` role, run the following +command: + + usermod -Z staff_u [username] + +You should log out and log back in to enable the new role, at which point if +you run `id -Z`, you'll see: + + staff_u:staff_r:staff_t:s0-s0:c0.c1023 + +When performing `sudo`, you should remember to add an extra flag to tell +SELinux to transition to the "sysadmin" role. The command you want is: + + sudo -i -r sysadm_r + +At which point `id -Z` will show: + + staff_u:sysadm_r:sysadm_t:s0-s0:c0.c1023 + +**WARNING**: you should be comfortable using `ausearch` and `audit2allow` +before you make this switch, as it's possible some of your applications will +no longer work when you're running as role `staff_r`. At the time of writing, +the following popular applications are known to not work under `staff_r` +without policy tweaks: + +- Chrome/Chromium +- Skype +- VirtualBox + +To switch back to `unconfined_r`, run the following command: + + usermod -Z unconfined_u [username] + +and then log out and back in to get back into the comfort zone. + +## Further reading + +The world of IT security is a rabbit hole with no bottom. If you would like to +go deeper, or find out more about security features on your particular +distribution, please check out the following links: + +- [Fedora Security Guide](https://docs.fedoraproject.org/en-US/Fedora/19/html/Security_Guide/index.html) +- [CESG Ubuntu Security Guide](https://www.gov.uk/government/publications/end-user-devices-security-guidance-ubuntu-1404-lts) +- [Debian Security Manual](https://www.debian.org/doc/manuals/securing-debian-howto/index.en.html) +- [Arch Linux Security Wiki](https://wiki.archlinux.org/index.php/Security) +- [Mac OSX Security](https://www.apple.com/support/security/guides/) + +## License +This work is licensed under a +[Creative Commons Attribution-ShareAlike 4.0 International License][0]. + +-------------------------------------------------------------------------------- + +via: https://github.com/lfit/itpol/blob/master/linux-workstation-security.md#linux-workstation-security-checklist + +作者:[mricon][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://github.com/mricon +[0]: http://creativecommons.org/licenses/by-sa/4.0/ +[1]: https://github.com/QubesOS/qubes-antievilmaid +[2]: https://en.wikipedia.org/wiki/IEEE_1394#Security_issues +[3]: https://qubes-os.org/ +[4]: https://xkcd.com/936/ +[5]: https://spideroak.com/ +[6]: https://code.google.com/p/chromium/wiki/LinuxSandboxing +[7]: http://www.thoughtcrime.org/software/sslstrip/ +[8]: https://keepassx.org/ +[9]: http://www.passwordstore.org/ +[10]: https://pypi.python.org/pypi/django-pstore +[11]: https://github.com/TomPoulton/hiera-eyaml +[12]: http://shop.kernelconcepts.de/ +[13]: https://www.yubico.com/products/yubikey-hardware/yubikey-neo/ +[14]: https://wiki.debian.org/Subkeys +[15]: https://github.com/lfit/ssh-gpg-smartcard-config diff --git a/sources/tech/20150906 Do Simple Math In Ubuntu And elementary OS With NaSC.md b/sources/tech/20150906 Do Simple Math In Ubuntu And elementary OS With NaSC.md new file mode 100644 index 0000000000..512c0669f9 --- /dev/null +++ b/sources/tech/20150906 Do Simple Math In Ubuntu And elementary OS With NaSC.md @@ -0,0 +1,54 @@ +ictlyh Translating +Do Simple Math In Ubuntu And elementary OS With NaSC +================================================================================ +![](http://itsfoss.itsfoss.netdna-cdn.com/wp-content/uploads/2015/09/Make-Math-Simpler-with-NaSC.jpg) + +[NaSC][1], abbreviation Not a Soulver Clone, is a third party app developed for elementary OS. Whatever the name suggests, NaSC is heavily inspired by [Soulver][2], an OS X app for doing maths like a normal person. + +elementary OS itself draws from OS X and it is not a surprise that a number of the third party apps it has got, are also inspired by OS X apps. + +Coming back to NaSC, what exactly it means by “maths like a normal person “? Well, it means to write like how you think in your mind. As per the description of the app: + +> “Its an app where you do maths like a normal person. It lets you type whatever you want and smartly figures out what is math and spits out an answer on the right pane. Then you can plug those answers in to future equations and if that answer changes, so does the equations its used in.” + +Still not convinced? Here, take a look at this screenshot. + +![](http://itsfoss.itsfoss.netdna-cdn.com/wp-content/uploads/2015/09/NaSC.png) + +Now, you see what is ‘math for normal person’? Honestly, I am not a fan of such apps but it might be useful for some of you perhaps. Let’s see how can you install NaSC in elementary OS, Ubuntu and Linux Mint. + +### Install NaSC in Ubuntu, elementary OS and Mint ### + +There is a PPA available for installing NaSC. The PPA says ‘daily’ which could mean daily build (i.e. unstable) but in my quick test, it worked just fine. + +Open a terminal and use the following commands: + + sudo apt-add-repository ppa:nasc-team/daily + sudo apt-get update + sudo apt-get install nasc + +Here is a screenshot of NaSC in Ubuntu 15.04: + +![](http://itsfoss.itsfoss.netdna-cdn.com/wp-content/uploads/2015/09/NaSC-Ubuntu.png) + +If you want to remove it, you can use the following commands: + + sudo apt-get remove nasc + sudo apt-add-repository --remove ppa:nasc-team/daily + +If you try it, do share your experience with it. In addition to this, you can also try [Vocal podcast app for Linux][3] from third party elementary OS apps. + +-------------------------------------------------------------------------------- + +via: http://itsfoss.com/math-ubuntu-nasc/ + +作者:[Abhishek][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://itsfoss.com/author/abhishek/ +[1]:http://parnold-x.github.io/nasc/ +[2]:http://www.acqualia.com/soulver/ +[3]:http://itsfoss.com/podcast-app-vocal-linux/ \ No newline at end of file diff --git a/sources/tech/20150906 How To Manage Log Files With Logrotate On Ubuntu 12.10.md b/sources/tech/20150906 How To Manage Log Files With Logrotate On Ubuntu 12.10.md new file mode 100644 index 0000000000..0c7ae1a7e3 --- /dev/null +++ b/sources/tech/20150906 How To Manage Log Files With Logrotate On Ubuntu 12.10.md @@ -0,0 +1,117 @@ +ictlyh Translating +How To Manage Log Files With Logrotate On Ubuntu 12.10 +================================================================================ +#### About Logrotate #### + +Logrotate is a utility/tool that manages activities like automatic rotation, removal and compression of log files in a system. This is an excellent tool to manage your logs conserve precious disk space. By having a simple yet powerful configuration file, different parameters of logrotation can be controlled. This gives complete control over the way logs can be automatically managed and need not necessitate manual intervention. + +### Prerequisites ### + +As a prerequisite, we are assuming that you have gone through the article on how to set up your droplet or VPS. If not, you can find the article [here][1]. This tutorial requires you to have a VPS up and running and have you log into it. + +#### Setup Logrotate #### + +### Step 1—Update System and System Packages ### + +Run the following command to update the package lists from apt-get and get the information on the newest versions of packages and their dependencies. + + sudo apt-get update + +### Step 2—Install Logrotate ### + +If logrotate is not already on your VPS, install it now through apt-get. + + sudo apt-get install logrotate + +### Step 3 — Confirmation ### + +To verify that logrotate was successfully installed, run this in the command prompt. + + logrotate + +Since the logrotate utility is based on configuration files, the above command will not rotate any files and will show you a brief overview of the usage and the switch options available. + +### Step 4—Configure Logrotate ### + +Configurations and default options for the logrotate utility are present in: + + /etc/logrotate.conf + +Some of the important configuration settings are : rotation-interval, log-file-size, rotation-count and compression. + +Application-specific log file information (to override the defaults) are kept at: + + /etc/logrotate.d/ + +We will have a look at a few examples to understand the concept better. + +### Step 5—Example ### + +An example application configuration setting would be the dpkg (Debian package management system), that is stored in /etc/logrotate.d/dpkg. One of the entries in this file would be: + + /var/log/dpkg.log { + monthly + rotate 12 + compress + delaycompress + missingok + notifempty + create 644 root root + } + +What this means is that: + +- the logrotation for dpkg monitors the /var/log/dpkg.log file and does this on a monthly basis this is the rotation interval. +- 'rotate 12' signifies that 12 days worth of logs would be kept. +- logfiles can be compressed using the gzip format by specifying 'compress' and 'delaycompress' delays the compression process till the next log rotation. 'delaycompress' will work only if 'compress' option is specified. +- 'missingok' avoids halting on any error and carries on with the next log file. +- 'notifempty' avoid log rotation if the logfile is empty. +- 'create ' creates a new empty file with the specified properties after log-rotation. + +Though missing in the above example, 'size' is also an important setting if you want to control the sizing of the logs growing in the system. + +A configuration setting of around 100MB would look like: + + size 100M + +Note that If both size and rotation interval are set, then size is taken as a higher priority. That is, if a configuration file has the following settings: + + monthly + size 100M + +then the logs are rotated once the file size reaches 100M and this need not wait for the monthly cycle. + +### Step 6—Cron Job ### + +You can also set the logrotation as a cron so that the manual process can be avoided and this is taken care of automatically. By specifying an entry in /etc/cron.daily/logrotate , the rotation is triggered daily. + +### Step 7—Status Check and Verification ### + +To verify if a particular log is indeed rotating or not and to check the last date and time of its rotation, check the /var/lib/logrotate/status file. This is a neatly formatted file that contains the log file name and the date on which it was last rotated. + + cat /var/lib/logrotate/status + +A few entries from this file, for example: + + "/var/log/lpr.log" 2013-4-11 + "/var/log/dpkg.log" 2013-4-11 + "/var/log/pm-suspend.log" 2013-4-11 + "/var/log/syslog" 2013-4-11 + "/var/log/mail.info" 2013-4-11 + "/var/log/daemon.log" 2013-4-11 + "/var/log/apport.log" 2013-4-11 + +Congratulations! You have logrotate installed in your system. Now, change the configuration settings as per your requirements. + +Try 'man logrotate' or 'logrotate -?' for more details. + +-------------------------------------------------------------------------------- + +via: https://www.digitalocean.com/community/tutorials/how-to-manage-log-files-with-logrotate-on-ubuntu-12-10 + +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[1]:https://www.digitalocean.com/community/articles/initial-server-setup-with-ubuntu-12-04 \ No newline at end of file diff --git a/sources/tech/20150906 How to Configure OpenNMS on CentOS 7.x.md b/sources/tech/20150906 How to Configure OpenNMS on CentOS 7.x.md new file mode 100644 index 0000000000..c7810d06ef --- /dev/null +++ b/sources/tech/20150906 How to Configure OpenNMS on CentOS 7.x.md @@ -0,0 +1,219 @@ +How to Configure OpenNMS on CentOS 7.x +================================================================================ +Systems management and monitoring services are very important that provides information to view important systems management information that allow us to to make decisions based on this information. To make sure the network is running at its best and to minimize the network downtime we need to improve application performance. So, in this article we will make you understand the step by step procedure to setup OpenNMS in your IT infrastructure. OpenNMS is a free open source enterprise level network monitoring and management platform that provides information to allow us to make decisions in regards to future network and capacity planning. + +OpenNMS designed to manage tens of thousands of devices from a single server as well as manage unlimited devices using a cluster of servers. It includes a discovery engine to automatically configure and manage network devices without operator intervention. It is written in Java and is published under the GNU General Public License. OpenNMS is known for its scalability with its main functional areas in services monitoring, data collection using SNMP and event management and notifications. + +### Installing OpenNMS RPM Repository ### + +We will start from the installation of OpenNMS RPM for our CentOs 7.1 operating system as its available for most of the RPM-based distributions through Yum at their official link http://yum.opennms.org/ . + +![OpenNMS RPM](http://blog.linoxide.com/wp-content/uploads/2015/08/18.png) + +Then open your command line interface of CentOS 7.1 and login with root credentials to run the below command with “wget” to get the required RPM. + + [root@open-nms ~]# wget http://yum.opennms.org/repofiles/opennms-repo-stable-rhel7.noarch.rpm + +![Download RPM](http://blog.linoxide.com/wp-content/uploads/2015/08/26.png) + +Now we need to install this repository so that the OpenNMS package information could be available through yum for installation. Let’s run the command below with same root level credentials to do so. + + [root@open-nms ~]# rpm -Uvh opennms-repo-stable-rhel7.noarch.rpm + +![Installing RPM](http://blog.linoxide.com/wp-content/uploads/2015/08/36.png) + +### Installing Prerequisite Packages for OpenNMS ### + +Now before we start installation of OpenNMS, let’s make sure you’ve done the following prerequisites. + +**Install JDK 7** + +Its recommended that you install the latest stable Java 7 JDK from Oracle for the best performance to integrate JDK in our YUM repository as a fallback. Let’s go to the Oracle Java 7 SE JDK download page, accept the license if you agree, choose the platform and architecture. Once it has finished downloading, execute it from the command-line and then install the resulting JDK rpm. + +Else run the below command to install using the Yum from the the available system repositories. + + [root@open-nms ~]# yum install java-1.7.0-openjdk-1.7.0.85-2.6.1.2.el7_1 + +Once you have installed the Java you can confirm its installation using below command and check its installed version. + + [root@open-nms ~]# java -version + +![Java version](http://blog.linoxide.com/wp-content/uploads/2015/08/46.png) + +**Install PostgreSQL** + +Now we will install the PostgreSQL that is a must requirement to setup the database for OpenNMS. PostgreSQL is included in all of the major YUM-based distributions. To install, simply run the below command. + + [root@open-nms ~]# yum install postgresql postgresql-server + +![Installing Postgresql](http://blog.linoxide.com/wp-content/uploads/2015/08/55.png) + +### Prepare the Database for OpenNMS ### + +Once you have installed PostgreSQL, now you'll need to make sure that PostgreSQL is up and active. Let’s run the below command to first initialize the database and then start its services. + + [root@open-nms ~]# /sbin/service postgresql initdb + [root@open-nms ~]# /sbin/service postgresql start + +![start DB](http://blog.linoxide.com/wp-content/uploads/2015/08/64.png) + +Now to confirm the status of your PostgreSQL database you can run the below command. + + [root@open-nms ~]# service postgresql status + +![PostgreSQL status](http://blog.linoxide.com/wp-content/uploads/2015/08/74.png) + +To ensure that PostgreSQL will start after a reboot, use the “systemctl”command to enable start on bootup using below command. + + [root@open-nms ~]# systemctl enable postgresql + ln -s '/usr/lib/systemd/system/postgresql.service' '/etc/systemd/system/multi-user.target.wants/postgresql.service' + +### Configure PostgreSQL ### + +Locate the Postgres “data” directory. Often this is located in /var/lib/pgsql/data directory and Open the postgresql.conf file in text editor and configure the following parameters as shown. + + [root@open-nms ~]# vim /var/lib/pgsql/data/postgresql.conf + +---------- + + #------------------------------------------------------------------------------ + # CONNECTIONS AND AUTHENTICATION + #------------------------------------------------------------------------------ + + listen_addresses = 'localhost' + max_connections = 256 + + #------------------------------------------------------------------------------ + # RESOURCE USAGE (except WAL) + #------------------------------------------------------------------------------ + + shared_buffers = 1024MB + +**User Access to the Database** + +PostgreSQL only allows you to connect if you are logged in to the local account name that matches the PostgreSQL user. Since OpenNMS runs as root, it cannot connect as a "postgres" or "opennms" user by default, so we have to change the configuration to allow user access to the database by opening the below configuration file. + + [root@open-nms ~]# vim /var/lib/pgsql/data/pg_hba.conf + +Update the configuration file as shown below and change the METHOD settings from "ident" to "trust" + +![user access to db](http://blog.linoxide.com/wp-content/uploads/2015/08/84.png) + +Write and quit the file to make saved changes and then restart PostgreSQL services. + + [root@open-nms ~]# service postgresql restart + +### Starting OpenNMS Installation ### + +Now we are ready go with installation of OpenNMS as we have almost don with its prerequisites. Using the YUM packaging system will download and install all of the required components and their dependencies, if they are not already installed on your system. +So let's riun th belwo command to start OpenNMS installation that will pull everything you need to have a working OpenNMS, including the OpenNMS core, web UI, and a set of common plugins. + + [root@open-nms ~]# yum -y install opennms + +![OpenNMS Installation](http://blog.linoxide.com/wp-content/uploads/2015/08/93.png) + +The above command will ends up with successful installation of OpenNMS and its derivative packages. + +### Configure JAVA for OpenNMS ### + +In order to integrate the default version of Java with OpenNMS we will run the below command. + + [root@open-nms ~]# /opt/opennms/bin/runjava -s + +![java integration](http://blog.linoxide.com/wp-content/uploads/2015/08/102.png) + +### Run the OpenNMS installer ### + +Now it's time to start the OpenNMS installer that will create and configure the OpenNMS database, while the same command will be used in case we want to update it to the latest version. To do so, we will run the following command. + + [root@open-nms ~]# /opt/opennms/bin/install -dis + +The above install command will take many options with following mechanism. + +-d - to update the database +-i - to insert any default data that belongs in the database +-s - to create or update the stored procedures OpenNMS uses for certain kinds of data access + + ============================================================================== + OpenNMS Installer + ============================================================================== + + Configures PostgreSQL tables, users, and other miscellaneous settings. + + DEBUG: Platform is IPv6 ready: true + - searching for libjicmp.so: + - trying to load /usr/lib64/libjicmp.so: OK + - searching for libjicmp6.so: + - trying to load /usr/lib64/libjicmp6.so: OK + - searching for libjrrd.so: + - trying to load /usr/lib64/libjrrd.so: OK + - using SQL directory... /opt/opennms/etc + - using create.sql... /opt/opennms/etc/create.sql + 17:27:51.178 [Main] INFO org.opennms.core.schema.Migrator - PL/PgSQL call handler exists + 17:27:51.180 [Main] INFO org.opennms.core.schema.Migrator - PL/PgSQL language exists + - checking if database "opennms" is unicode... ALREADY UNICODE + - Creating imports directory (/opt/opennms/etc/imports... OK + - Checking for old import files in /opt/opennms/etc... DONE + INFO 16/08/15 17:27:liquibase: Reading from databasechangelog + Installer completed successfully! + + ============================================================================== + OpenNMS Upgrader + ============================================================================== + + OpenNMS is currently stopped + Found upgrade task SnmpInterfaceRrdMigratorOnline + Found upgrade task KscReportsMigrator + Found upgrade task JettyConfigMigratorOffline + Found upgrade task DataCollectionConfigMigratorOffline + Processing RequisitionsMigratorOffline: Remove non-ip-snmp-primary and non-ip-interfaces from requisitions: NMS-5630, NMS-5571 + - Running pre-execution phase + Backing up: /opt/opennms/etc/imports + - Running post-execution phase + Removing backup /opt/opennms/etc/datacollection.zip + + Finished in 0 seconds + + Upgrade completed successfully! + +### Firewall configurations to Allow OpenNMS ### + +Here we have to allow OpenNMS management interface port 8980 through firewall or router to access the management web interface from the remote systems. So use the following commands to do so. + + [root@open-nms etc]# firewall-cmd --permanent --add-port=8980/tcp + [root@open-nms etc]# firewall-cmd --reload + +### Start OpenNMS and Login to Web Interface ### + +Let's start OpenNMS service and enable to it start at each bootup by using the below command. + + [root@open-nms ~]#systemctl start opennms + [root@open-nms ~]#systemctl enable opennms + +Once the services are up are ready to go with its web management interface. Open your web browser and access it with your server's IP address and 8980 port. + +http://servers_ip:8980/ + +Give the username and password where as the default username and password is admin/admin. + +![opennms login](http://blog.linoxide.com/wp-content/uploads/2015/08/opennms-login.png) + +After successful authentication with your provided username and password you will be directed towards the the Home page of OpenNMS where you can configure the new monitoring devices/nodes/services etc. + +![opennms home](http://blog.linoxide.com/wp-content/uploads/2015/08/opennms-home.png) + +### Conclusion ### + +Congratulations! we have successfully setup OpenNMS on CentOS 7.1. So, at the end of this tutorial, you are now able to install and configure OpenNMS with its prerequisites that included PostgreSQL and JAVA setup. So let's enjoy with the great network monitoring system with open source roots using OpenNMS that provide a bevy of features at no cost than their high-end competitors, and can scale to monitor large numbers of network nodes. + +-------------------------------------------------------------------------------- + +via: http://linoxide.com/monitoring-2/install-configure-opennms-centos-7-x/ + +作者:[Kashif Siddique][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://linoxide.com/author/kashifs/ \ No newline at end of file diff --git a/sources/tech/20150906 How to Install DNSCrypt and Unbound in Arch Linux.md b/sources/tech/20150906 How to Install DNSCrypt and Unbound in Arch Linux.md new file mode 100644 index 0000000000..98cb0e9b55 --- /dev/null +++ b/sources/tech/20150906 How to Install DNSCrypt and Unbound in Arch Linux.md @@ -0,0 +1,174 @@ +How to Install DNSCrypt and Unbound in Arch Linux +================================================================================ +**DNSCrypt** is a protocol that encrypt and authenticate communications between a DNS client and a DNS resolver. Prevent from DNS spoofing or man in the middle-attack. DNSCrypt are available for most operating system, including Linux, Windows, MacOSX android and iOS. And in this tutorial I'm using archlinux with kernel 4.1. + +Unbound is a DNS cache server used to resolve any DNS query received. If the user requests a new query, then unbound will store it as a cache, and when the user requests the same query for the second time, then unbound would take from the cache that have been saved. This will be faster than the first request query. + +And now I will try to install "DNSCrypt" to secure the dns communication, and make it faster with dns cache "Unbound". + +### Step 1 - Install yaourt ### + +Yaourt is one of AUR(Arch User Repository) helper that make archlinux users easy to install a program from AUR. Yaourt use same syntax as pacman, so you can install the program with yaourt. and this is easy way to install yaourt : + +1. Edit the arch repository configuration file with nano or vi, stored in a file "/etc/pacman.conf". + + $ nano /etc/pacman.conf + +2. Add at the bottom line yaourt repository, just paste script below : + + [archlinuxfr] + SigLevel = Never + Server = http://repo.archlinux.fr/$arch + +3. Save it with press "Ctrl + x" and then "Y". + +4. Now update the repository database and install yaourt with pacman command : + + $ sudo pacman -Sy yaourt + +### Step 2 - Install DNSCrypt and Unbound ### + +DNSCrypt and unbound available on archlinux repository, then you can install it with pacman command : + + $ sudo pacman -S dnscrypt-proxy unbound + +wait it and press "Y" for proceed with installation. + +### Step 3 - Install dnscrypt-autoinstall ### + +Dnscrypt-autoinstall is A script for installing and automatically configuring DNSCrypt on Linux-based systems. Dnscrypt-autoinstall available in AUR(Arch User Repository), and you must use "yaourt" command to install it : + + $ yaourt -S dnscrypt-autoinstall + +Note : + +-S = it is same as pacman -S to install a software/program. + +### Step 4 - Run dnscrypt-autoinstall ### + +run the command "dnscrypt-autoinstall" with root privileges to configure DNSCrypt automatically : + + $ sudo dnscrypt-autoinstall + +Press "Enter" for the next configuration, and then type "y" and choose the DNS provider you want to use, I'm here use DNSCrypt.eu featured with no logs and DNSSEC. + +![DNSCrypt autoinstall](http://blog.linoxide.com/wp-content/uploads/2015/08/DNSCrypt-autoinstall.png) + +### Step 5 - Configure DNSCrypt and Unbound ### + +1. Open the dnscrypt configuration file "/etc/conf.d/dnscrypt-config" and make sure the configuration of "DNSCRYPT_LOCALIP" point to **localhost IP**, and for port configuration "DNSCRYPT_LOCALPORT" it's up to you, I`m here use port **40**. + + $ nano /etc/conf.d/dnscrypt-config + + DNSCRYPT_LOCALIP=127.0.0.1 + DNSCRYPT_LOCALIP2=127.0.0.2 + DNSCRYPT_LOCALPORT=40 + +![DNSCrypt Configuration](http://blog.linoxide.com/wp-content/uploads/2015/08/DNSCryptConfiguration.png) + +Save and exit. + +2. Now you can edit unbound configuration in "/etc/unbound/". edit the file configuration with nano editor : + + $ nano /etc/unbound/unbound.conf + +3. Add the following script in the end of line : + + do-not-query-localhost: no + forward-zone: + name: "." + forward-addr: 127.0.0.1@40 + +Make sure the "**forward-addr**" port is same with "**DNSCRYPT_LOCALPORT**" configuration in DNSCrypt. You can see the I`m use port **40**. + +![Unbound Configuration](http://blog.linoxide.com/wp-content/uploads/2015/08/UnboundConfiguration.png) + +and then save and exit. + +### Step 6 - Run DNSCrypt and Unbound, then Add to startup/Boot ### + +Please run DNSCrypt and unbound with root privileges, you can run with systemctl command : + + $ sudo systemctl start dnscrypt-proxy unbound + +Add the service at the boot time/startup. You can do it by running "systemctl enable" : + + $ sudo systemctl enable dnscrypt-proxy unbound + +the command will create the symlink of the service to "/usr/lib/systemd/system/" directory. + +### Step 7 - Configure resolv.conf and restart all services ### + +Resolv.conf is a file used by linux to configure Domain Name Server(DNS) resolver. it is just plain-text created by administrator, so you must edit by root privileges and make it immutable/no one can edit it. + +Edit it with nano editor : + + $ nano /etc/resolv.conf + +and add the localhost IP "**127.0.0.1**". and now make it immutable with "chattr" command : + + $ chattr +i /etc/resolv.conf + +Note : + +If you want to edit it again, make it writable with command "chattr -i /etc/resolv.conf". + +Now yo need to restart the DNSCrypt, unbound and the network : + + $ sudo systemctl restart dnscrypt-proxy unbound netctl + +If you see the error, check your configuration file. + +### Testing ### + +1. Test DNSCrypt + +You can be sure that DNSCrypt had acted correctly by visiting https://dnsleaktest.com/, then click on "Standard Test" or "Extended Test" and wait the process running. + +And now you can see that DNSCrypt is working with DNSCrypt.eu as your DNS provider. + +![Testing DNSCrypt](http://blog.linoxide.com/wp-content/uploads/2015/08/TestingDNSCrypt.png) + +And now you can see that DNSCrypt is working with DNSCrypt.eu as your DNS provider. + +2. Test Unbound + +Now you should ensure that the unbound is working correctly with "dig" or "drill" command. + +This is the results for dig command : + + $ dig linoxide.com + +Now see in the results, the "Query time" is "533 msec" : + + ;; Query time: 533 msec + ;; SERVER: 127.0.0.1#53(127.0.0.1) + ;; WHEN: Sun Aug 30 14:48:19 WIB 2015 + ;; MSG SIZE rcvd: 188 + +and try again with the same command. And you will see the "Query time" is "0 msec". + + ;; Query time: 0 msec + ;; SERVER: 127.0.0.1#53(127.0.0.1) + ;; WHEN: Sun Aug 30 14:51:05 WIB 2015 + ;; MSG SIZE rcvd: 188 + +![Unbound Test](http://blog.linoxide.com/wp-content/uploads/2015/08/UnboundTest.png) + +And in the end DNSCrypt secure communications between the DNS clients and DNS resolver is working perfectly, and then Unbound make it faster if there is the same request in another time by taking the cache that have been saved. + +### Conclusion ### + +DNSCrypt is a protocol that can encrypt data flow between the DNS client and DNS resolver. DNSCrypt can run on various operating systems, either mobile or desktop. Choose DNS provider also includes something important, choose which provide a DNSSEC and no logs. Unbound can be used as a DNS cache, thus speeding up the resolve process resolv, because Unbound will store a request as the cache, then when a client request same query in the next time, then unbound would take from the cache that have been saved. DNSCrypt and Unbound is a powerful combination for the safety and speed. + +-------------------------------------------------------------------------------- + +via: http://linoxide.com/tools/install-dnscrypt-unbound-archlinux/ + +作者:[Arul][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://linoxide.com/author/arulm/ \ No newline at end of file diff --git a/sources/tech/20150906 How to install Suricata intrusion detection system on Linux.md b/sources/tech/20150906 How to install Suricata intrusion detection system on Linux.md new file mode 100644 index 0000000000..fe4a784d5a --- /dev/null +++ b/sources/tech/20150906 How to install Suricata intrusion detection system on Linux.md @@ -0,0 +1,197 @@ +How to install Suricata intrusion detection system on Linux +================================================================================ +With incessant security threats, intrusion detection system (IDS) has become one of the most critical requirements in today's data center environments. However, as more and more servers upgrade their NICs to 10GB/40GB Ethernet, it is increasingly difficult to implement compute-intensive intrusion detection on commodity hardware at line rates. One approach to scaling IDS performance is **multi-threaded IDS**, where CPU-intensive deep packet inspection workload is parallelized into multiple concurrent tasks. Such parallelized inspection can exploit multi-core hardware to scale up IDS throughput easily. Two well-known open-source efforts in this area are [Suricata][1] and [Bro][2]. + +In this tutorial, I am going to demonstrate **how to install and configure Suricata IDS on Linux server**. + +### Install Suricata IDS on Linux ### + +Let's build Suricata from the source. You first need to install several required dependencies as follows. + +#### Install Dependencies on Debian, Ubuntu or Linux Mint #### + + $ sudo apt-get install wget build-essential libpcre3-dev libpcre3-dbg automake autoconf libtool libpcap-dev libnet1-dev libyaml-dev zlib1g-dev libcap-ng-dev libjansson-dev + +#### Install Dependencies on CentOS, Fedora or RHEL #### + + $ sudo yum install wget libpcap-devel libnet-devel pcre-devel gcc-c++ automake autoconf libtool make libyaml-devel zlib-devel file-devel jansson-devel nss-devel + +Once you install all required packages, go ahead and install Suricata as follows. + +First, download the latest Suricata source code from [http://suricata-ids.org/download/][3], and build it. As of this writing, the latest version is 2.0.8. + + $ wget http://www.openinfosecfoundation.org/download/suricata-2.0.8.tar.gz + $ tar -xvf suricata-2.0.8.tar.gz + $ cd suricata-2.0.8 + $ ./configure --sysconfdir=/etc --localstatedir=/var + +Here is the example output of configuration. + + Suricata Configuration: + AF_PACKET support: yes + PF_RING support: no + NFQueue support: no + NFLOG support: no + IPFW support: no + DAG enabled: no + Napatech enabled: no + Unix socket enabled: yes + Detection enabled: yes + + libnss support: yes + libnspr support: yes + libjansson support: yes + Prelude support: no + PCRE jit: yes + LUA support: no + libluajit: no + libgeoip: no + Non-bundled htp: no + Old barnyard2 support: no + CUDA enabled: no + +Now compile and install it. + + $ make + $ sudo make install + +Suricata source code comes with default configuration files. Let's install these default configuration files as follows. + + $ sudo make install-conf + +As you know, Suricata is useless without IDS rule sets. Conveniently, the Makefile comes with IDS rule installation option. To install IDS rules, run the following command. + + $ sudo make install-rules + +The above rule installation command will download the current snapshot of community rulesets available from [EmergingThreats.net][4], and store them under /etc/suricata/rules. + +![](https://farm1.staticflickr.com/691/20482669553_8b67632277_c.jpg) + +### Configure Suricata IDS the First Time ### + +Now it's time to configure Suricata. The configuration file is located at **/etc/suricata/suricata.yaml**. Open the file with a text editor for editing. + + $ sudo vi /etc/suricata/suricata.yaml + +Here are some basic setup for you to get started. + +The "default-log-dir" keyword should point to the location of Suricata log files. + + default-log-dir: /var/log/suricata/ + +Under "vars" section, you will find several important variables used by Suricata. "HOME_NET" should point to the local network to be inspected by Suricata. "!$HOME_NET" (assigned to EXTERNAL_NET) refers to any other networks than the local network. "XXX_PORTS" indicates the port number(s) use by different services. Note that Suricata can automatically detect HTTP traffic regardless of the port it uses. So it is not critical to specify the HTTP_PORTS variable correctly. + + vars: + HOME_NET: "[192.168.122.0/24]" + EXTERNAL_NET: "!$HOME_NET" + HTTP_PORTS: "80" + SHELLCODE_PORTS: "!80" + SSH_PORTS: 22 + +The "host-os-policy" section is used to defend against some well-known attacks which exploit the behavior of an operating system's network stack (e.g., TCP reassembly) to evade detection. As a counter measure, modern IDS came up with so-called "target-based" inspection, where inspection engine fine-tunes its detection algorithm based on a target operating system of the traffic. Thus, if you know what OS individual local hosts are running, you can feed that information to Suricata to potentially enhance its detection rate. This is when "host-os-policy" section is used. In this example, the default IDS policy is Linux; if no OS information is known for a particular IP address, Suricata will apply Linux-based inspection. When traffic for 192.168.122.0/28 and 192.168.122.155 is captured, Suricata will apply Windows-based inspection policy. + + host-os-policy: + # These are Windows machines. + windows: [192.168.122.0/28, 192.168.122.155] + bsd: [] + bsd-right: [] + old-linux: [] + # Make the default policy Linux. + linux: [0.0.0.0/0] + old-solaris: [] + solaris: ["::1"] + hpux10: [] + hpux11: [] + irix: [] + macos: [] + vista: [] + windows2k3: [] + +Under "threading" section, you can specify CPU affinity for different Suricata threads. By default, [CPU affinity][5] is disabled ("set-cpu-affinity: no"), meaning that Suricata threads will be scheduled on any available CPU cores. By default, Suricata will create one "detect" thread for each CPU core. You can adjust this behavior by specifying "detect-thread-ratio: N". This will create N*M detect threads, where M is the total number of CPU cores on the host. + + threading: + set-cpu-affinity: no + detect-thread-ratio: 1.5 + +With the above threading settings, Suricata will create 1.5*M detection threads, where M is the total number of CPU cores on the system. + +For more information about Suricata configuration, you can read the default configuration file itself, which is heavily commented for clarity. + +### Perform Intrusion Detection with Suricata ### + +Now it's time to test-run Suricata. Before launching it, there's one more step to do. + +When you are using pcap capture mode, it is highly recommended to turn off any packet offloead features (e.g., LRO/GRO) on the NIC which Suricata is listening on, as those features may interfere with live packet capture. + +Here is how to turn off LRO/GRO on the network interface eth0: + + $ sudo ethtool -K eth0 gro off lro off + +Note that depending on your NIC, you may see the following warning, which you can ignore. It simply means that your NIC does not support LRO. + + Cannot change large-receive-offload + +Suricata supports a number of running modes. A runmode determines how different threads are used for IDS. The following command lists all [available runmodes][6]. + + $ sudo /usr/local/bin/suricata --list-runmodes + +![](https://farm6.staticflickr.com/5730/20481140934_25080d04d7_c.jpg) + +The default runmode used by Suricata is autofp (which stands for "auto flow pinned load balancing"). In this mode, packets from each distinct flow are assigned to a single detect thread. Flows are assigned to threads with the lowest number of unprocessed packets. + +Finally, let's start Suricata, and see it in action. + + $ sudo /usr/local/bin/suricata -c /etc/suricata/suricata.yaml -i eth0 --init-errors-fatal + +![](https://farm1.staticflickr.com/701/21077552366_c577746e36_c.jpg) + +In this example, we are monitoring a network interface eth0 on a 8-core system. As shown above, Suricata creates 13 packet processing threads and 3 management threads. The packet processing threads consist of one PCAP packet capture thread, and 12 detect threads (equal to 8*1.5). This means that the packets captured by one capture thread are load-balanced to 12 detect threads for IDS. The management threads are one flow manager and two counter/stats related threads. + +Here is a thread-view of Suricata process (plotted by [htop][7]). + +![](https://farm6.staticflickr.com/5775/20482669593_174f8f41cb_c.jpg) + +Suricata detection logs are stored in /var/log/suricata directory. + + $ tail -f /var/log/suricata/fast.log + +---------- + + 04/01/2015-15:47:12.559075 [**] [1:2200074:1] SURICATA TCPv4 invalid checksum [**] [Classification: (null)] [Priority: 3] {TCP} 172.16.253.158:22 -> 172.16.253.1:46997 + 04/01/2015-15:49:06.565901 [**] [1:2200074:1] SURICATA TCPv4 invalid checksum [**] [Classification: (null)] [Priority: 3] {TCP} 172.16.253.158:22 -> 172.16.253.1:46317 + 04/01/2015-15:49:06.566759 [**] [1:2200074:1] SURICATA TCPv4 invalid checksum [**] [Classification: (null)] [Priority: 3] {TCP} 172.16.253.158:22 -> 172.16.253.1:46317 + +For ease of import, the log is also available in JSON format: + + $ tail -f /var/log/suricata/eve.json + +---------- + {"timestamp":"2015-04-01T15:49:06.565901","event_type":"alert","src_ip":"172.16.253.158","src_port":22,"dest_ip":"172.16.253.1","dest_port":46317,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2200074,"rev":1,"signature":"SURICATA TCPv4 invalid checksum","category":"","severity":3}} + {"timestamp":"2015-04-01T15:49:06.566759","event_type":"alert","src_ip":"172.16.253.158","src_port":22,"dest_ip":"172.16.253.1","dest_port":46317,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2200074,"rev":1,"signature":"SURICATA TCPv4 invalid checksum","category":"","severity":3}} + +### Conclusion ### + +In this tutorial, I demonstrated how you can set up Suricata IDS on a multi-core Linux server. Unlike single-threaded [Snort IDS][8], Suricata can easily benefit from multi-core/many-core hardware with multi-threading. There is great deal of customization in Suricata to maximize its performance and detection coverage. Suricata folks maintain [online Wiki][9] quite well, so I strongly recommend you check it out if you want to deploy Suricata in your environment. + +Are you currently using Suricata? If so, feel free to share your experience. + +-------------------------------------------------------------------------------- + +via: http://xmodulo.com/install-suricata-intrusion-detection-system-linux.html + +作者:[Dan Nanni][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://xmodulo.com/author/nanni +[1]:http://suricata-ids.org/ +[2]:https://www.bro.org/ +[3]:http://suricata-ids.org/download/ +[4]:http://rules.emergingthreats.net/ +[5]:http://xmodulo.com/run-program-process-specific-cpu-cores-linux.html +[6]:https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Runmodes +[7]:http://ask.xmodulo.com/view-threads-process-linux.html +[8]:http://xmodulo.com/how-to-compile-and-install-snort-from-source-code-on-ubuntu.html +[9]:https://redmine.openinfosecfoundation.org/projects/suricata/wiki \ No newline at end of file diff --git a/sources/tech/20150906 Install Qmmp 0.9.0 Winamp-like Audio Player in Ubuntu.md b/sources/tech/20150906 Install Qmmp 0.9.0 Winamp-like Audio Player in Ubuntu.md new file mode 100644 index 0000000000..36e4c70d2c --- /dev/null +++ b/sources/tech/20150906 Install Qmmp 0.9.0 Winamp-like Audio Player in Ubuntu.md @@ -0,0 +1,73 @@ +translation by strugglingyouth +Install Qmmp 0.9.0 Winamp-like Audio Player in Ubuntu +================================================================================ +![](http://ubuntuhandbook.org/wp-content/uploads/2015/01/qmmp-icon-simple.png) + +Qmmp, Qt-based audio player with winamp or xmms like user interface, now is at 0.9.0 release. PPA updated for Ubuntu 15.10, Ubuntu 15.04, Ubuntu 14.04, Ubuntu 12.04 and derivatives. + +Qmmp 0.9.0 is a big release with many new features, improvements and some translation updates. It added: + +- audio-channel sequence converter; +- 9 channels support to equalizer; +- album artist tag support; +- asynchronous sorting; +- sorting by file modification date; +- sorting by album artist; +- multiple column support; +- feature to hide track length; +- feature to disable plugins without qmmp.pri modification (qmake only) +- feature to remember playlist scroll position; +- feature to exclude cue data files; +- feature to change user agent; +- feature to change window title; +- feature to reset fonts; +- feature to restore default shortcuts; +- default hotkey for the “Rename List” action; +- feature to disable fadeout in the gme plugin; +- Simple User Interface (QSUI) with the following changes: + - added multiple column support; + - added sorting by album artist; + - added sorting by file modification date; + - added feature to hide song length; + - added default hotkey for the “Rename List” action; + - added “Save List” action to the tab menu; + - added feature to reset fonts; + - added feature to reset shortcuts; + - improved status bar; + +It also improved playlist changes notification, playlist container, sample rate converter, cmake build scripts, title formatter, ape tags support in the mpeg plugin, fileops plugin, reduced cpu usage, changed default skin (to Glare) and playlist separator. + +![qmmp-090](http://ubuntuhandbook.org/wp-content/uploads/2015/09/qmmp-090.jpg) + +### Install Qmmp 0.9.0 in Ubuntu: ### + +New release has been made into PPA, available for all current Ubuntu releases and derivatives. + +1. To add the [Qmmp PPA][1]. + +Open terminal from the Dash, App Launcher, or via Ctrl+Alt+T shortcut keys. When it opens, run command: + + sudo add-apt-repository ppa:forkotov02/ppa + +![qmmp-ppa](http://ubuntuhandbook.org/wp-content/uploads/2015/09/qmmp-ppa.jpg) + +2. After adding the PPA, upgrade Qmmp player through Software Updater. Or refresh system cache and install the software via below commands: + + sudo apt-get update + + sudo apt-get install qmmp qmmp-plugin-pack + +That’s it. Enjoy! + +-------------------------------------------------------------------------------- + +via: http://ubuntuhandbook.org/index.php/2015/09/qmmp-0-9-0-in-ubuntu/ + +作者:[Ji m][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://ubuntuhandbook.org/index.php/about/ +[1]:https://launchpad.net/~forkotov02/+archive/ubuntu/ppa diff --git a/sources/tech/20150906 Installing NGINX and NGINX Plus With Ansible.md b/sources/tech/20150906 Installing NGINX and NGINX Plus With Ansible.md new file mode 100644 index 0000000000..3fa66fe6b1 --- /dev/null +++ b/sources/tech/20150906 Installing NGINX and NGINX Plus With Ansible.md @@ -0,0 +1,451 @@ +translation by strugglingyouth +nstalling NGINX and NGINX Plus With Ansible +================================================================================ +Coming from a production operations background, I have learned to love all things related to automation. Why do something by hand if a computer can do it for you? But creating and implementing automation can be a difficult task given an ever-changing infrastructure and the various technologies surrounding your environments. This is why I love [Ansible][1]. Ansible is an open source tool for IT configuration management, deployment, and orchestration that is extremely easy to use. + +One of my favorite features of Ansible is that it is completely clientless. To manage a system, a connection is made over SSH, using either [Paramiko][2] (a Python library) or native [OpenSSH][3]. Another attractive feature of Ansible is its extensive selection of modules. These modules can be used to perform some of the common tasks of a system administrator. In particular, they make Ansible a powerful tool for installing and configuring any application across multiple servers, environments, and operating systems, all from one central location. + +In this tutorial I will walk you through the steps for using Ansible to install and deploy the open source [NGINX][4] software and [NGINX Plus][5], our commercial product. I’m showing deployment onto a [CentOS][6] server, but I have included details about deploying on Ubuntu servers in [Creating an Ansible Playbook for Installing NGINX and NGINX Plus on Ubuntu][7] below. + +For this tutorial I will be using Ansible version 1.9.2 and performing the deployment from a server running CentOS 7.1. + + $ ansible --version + ansible 1.9.2 + + $ cat /etc/redhat-release + CentOS Linux release 7.1.1503 (Core) + +If you don’t already have Ansible, you can get instructions for installing it [at the Ansible site][8]. + +If you are using CentOS, installing Ansible is easy as typing the following command. If you want to compile from source or for other distributions, see the instructions at the Ansible link provided just above. + + $ sudo yum install -y epel-release && sudo yum install -y ansible + +Depending on your environment, some of the commands in this tutorial might require sudo privileges. The path to the files, usernames, and destination servers are all values that will be specific to your environment. + +### Creating an Ansible Playbook for Installing NGINX (CentOS) ### + +First we create a working directory for our NGINX deployment, along with subdirectories and deployment configuration files. I usually recommend creating the directory in your home directory and show that in all examples in this tutorial. + + $ cd $HOME + $ mkdir -p ansible-nginx/tasks/ + $ touch ansible-nginx/deploy.yml + $ touch ansible-nginx/tasks/install_nginx.yml + +The directory structure now looks like this. You can check by using the tree command. + + $ tree $HOME/ansible-nginx/ + /home/kjones/ansible-nginx/ + ├── deploy.yml + └── tasks + └── install_nginx.yml + + 1 directory, 2 files + +If you do not have tree installed, you can do so using the following command. + + $ sudo yum install -y tree + +#### Creating the Main Deployment File #### + +Next we open **deploy.yml** in a text editor. I prefer vim for editing configuration files on the command line, and will use it throughout the tutorial. + + $ vim $HOME/ansible-nginx/deploy.yml + +The **deploy.yml** file is our main Ansible deployment file, which we’ll reference when we run the ansible‑playbook command in [Running Ansible to Deploy NGINX][9]. Within this file we specify the inventory for Ansible to use along with any other configuration files to include at runtime. + +In my example I use the [include][10] module to specify a configuration file that has the steps for installing NGINX. While it is possible to create a playbook in one very large file, I recommend that you separate the steps into smaller included files to keep things organized. Sample use cases for an include are copying static content, copying configuration files, or assigning variables for a more advanced deployment with configuration logic. + +Type the following lines into the file. I include the filename at the top in a comment for reference. + + # ./ansible-nginx/deploy.yml + + - hosts: nginx + tasks: + - include: 'tasks/install_nginx.yml' + +The hosts statement tells Ansible to deploy to all servers in the **nginx** group, which is defined in **/etc/ansible/hosts**. We’ll edit this file in [Creating the List of NGINX Servers below][11]. + +The include statement tells Ansible to read in and execute the contents of the **install_nginx.yml** file from the **tasks** directory during deployment. The file includes the steps for downloading, installing, and starting NGINX. We’ll create this file in the next section. + +#### Creating the Deployment File for NGINX #### + +Now let’s save our work to **deploy.yml** and open up **install_nginx.yml** in the editor. + + $ vim $HOME/ansible-nginx/tasks/install_nginx.yml + +The file is going to contain the instructions – written in [YAML][12] format – for Ansible to follow when installing and configuring our NGINX deployment. Each section (step in the process) starts with a name statement (preceded by hyphen) that describes the step. The string following name: is written to stdout during the Ansible deployment and can be changed as you wish. The next line of a section in the YAML file is the module that will be used during that deployment step. In the configuration below, both the [yum][13] and [service][14] modules are used. The yum module is used to install packages on CentOS. The service module is used to manage UNIX services. The final line or lines in a section specify any parameters for the module (in the example, these lines start with name and state). + +Type the following lines into the file. As with **deploy.yml**, the first line in our file is a comment that names the file for reference. The first section tells Ansible to install the **.rpm** file for CentOS 7 from the NGINX repository. This directs the package manager to install the most recent stable version of NGINX directly from NGINX. Modify the pathname as necessary for your CentOS version. A list of available packages can be found on the [open source NGINX website][15]. The next two sections tell Ansible to install the latest NGINX version using the yum module and then start NGINX using the service module. + +**Note:** In the first section, the pathname to the CentOS package appears on two lines only for space reasons. Type the entire path on a single line. + + # ./ansible-nginx/tasks/install_nginx.yml + + - name: NGINX | Installing NGINX repo rpm + yum: + name: http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm + + - name: NGINX | Installing NGINX + yum: + name: nginx + state: latest + + - name: NGINX | Starting NGINX + service: + name: nginx + state: started + +#### Creating the List of NGINX Servers #### + +Now that we have our Ansible deployment configuration files all set up, we need to tell Ansible exactly which servers to deploy to. We specify this in the Ansible **hosts** file I mentioned earlier. Let’s make a backup of the existing file and create a new one just for our deployment. + + $ sudo mv /etc/ansible/hosts /etc/ansible/hosts.backup + $ sudo vim /etc/ansible/hosts + +Type (or edit) the following lines in the file to create a group called **nginx** and list the servers to install NGINX on. You can designate servers by hostname, IP address, or in an array such as **server[1-3].domain.com**. Here I designate one server by its IP address. + + # /etc/ansible/hosts + + [nginx] + 172.16.239.140 + +#### Setting Up Security #### + +We are almost all set, but before deployment we need to ensure that Ansible has authorization to access our destination server over SSH. + +The preferred and most secure method is to add the Ansible deployment server’s RSA SSH key to the destination server’s **authorized_keys** file, which gives Ansible unrestricted SSH permissions on the destination server. To learn more about this configuration, see [Securing OpenSSH][16] on wiki.centos.org. This way you can automate your deployments without user interaction. + +Alternatively, you can request the password interactively during deployment. I strongly recommend that you use this method during testing only, because it is insecure and there is no way to track changes to a destination host’s fingerprint. If you want to do this, change the value of StrictHostKeyChecking from the default yes to no in the **/etc/ssh/ssh_config** file on each of your destination hosts. Then add the --ask-pass flag on the ansible-playbook command to have Ansible prompt for the SSH password. + +Here I illustrate how to edit the **ssh_config** file to disable strict host key checking on the destination server. We manually SSH into the server to which we’ll deploy NGINX and change the value of StrictHostKeyChecking to no. + + $ ssh kjones@172.16.239.140 + kjones@172.16.239.140's password:*********** + + [kjones@nginx ]$ sudo vim /etc/ssh/ssh_config + +After you make the change, save **ssh_config**, and connect to your Ansible server via SSH. The setting should look as below before you save your work. + + # /etc/ssh/ssh_config + + StrictHostKeyChecking no + +#### Running Ansible to Deploy NGINX #### + +If you have followed the steps in this tutorial, you can run the following command to have Ansible deploy NGINX. (Again, if you have set up RSA SSH key authentication, then the --ask-pass flag is not needed.) Run the command on the Ansible server with the configuration files we created above. + + $ sudo ansible-playbook --ask-pass $HOME/ansible-nginx/deploy.yml + +Ansible prompts for the SSH password and produces output like the following. A recap that reports failed=0 like this one indicates that deployment succeeded. + + $ sudo ansible-playbook --ask-pass $HOME/ansible-nginx/deploy.yml + SSH password: + + PLAY [all] ******************************************************************** + + GATHERING FACTS *************************************************************** + ok: [172.16.239.140] + + TASK: [NGINX | Installing NGINX repo rpm] ************************************* + changed: [172.16.239.140] + + TASK: [NGINX | Installing NGINX] ********************************************** + changed: [172.16.239.140] + + TASK: [NGINX | Starting NGINX] ************************************************ + changed: [172.16.239.140] + + PLAY RECAP ******************************************************************** + 172.16.239.140 : ok=4 changed=3 unreachable=0 failed=0 + +If you didn’t get a successful play recap, you can try running the ansible-playbook command again with the -vvvv flag (verbose with connection debugging) to troubleshoot the deployment process. + +When deployment succeeds (as it did for us on the first try), you can verify that NGINX is running on the remote server by running the following basic [cURL][17] command. Here it returns 200 OK. Success! We have successfully installed NGINX using Ansible. + + $ curl -Is 172.16.239.140 | grep HTTP + HTTP/1.1 200 OK + +### Creating an Ansible Playbook for Installing NGINX Plus (CentOS) ### + +Now that I’ve shown you how to install the open source version of NGINX, I’ll walk you through the steps for installing NGINX Plus. This requires some additional changes to the deployment configuration and showcases some of Ansible’s other features. + +#### Copying the NGINX Plus Certificate and Key to the Ansible Server #### + +To install and configure NGINX Plus with Ansible, we first need to copy the key and certificate for our NGINX Plus subscription from the [NGINX Plus Customer Portal][18] to the standard location on the Ansible deployment server. + +Access to the NGINX Plus Customer Portal is available for customers who have purchased NGINX Plus or are evaluating it. If you are interested in evaluating NGINX Plus, you can request a 30-day free trial [here][19]. You will receive a link to your trial certificate and key shortly after you sign up. + +On a Mac or Linux host, use the [scp][20] utility as I show here. On a Microsoft Windows host, you can use [WinSCP][21]. For this tutorial, I downloaded the files to my Mac laptop, then used scp to copy them to the Ansible server. These commands place both the key and certificate in my home directory. + + $ cd /path/to/nginx-repo-files/ + $ scp nginx-repo.* user@destination-server:. + +Next we SSH to the Ansible server, make sure the SSL directory for NGINX Plus exists, and move the files there. + + $ ssh user@destination-server + $ sudo mkdir -p /etc/ssl/nginx/ + $ sudo mv nginx-repo.* /etc/ssl/nginx/ + +Verify that your **/etc/ssl/nginx** directory contains both the certificate (**.crt**) and key (**.key**) files. You can check by using the tree command. + + $ tree /etc/ssl/nginx + /etc/ssl/nginx + ├── nginx-repo.crt + └── nginx-repo.key + + 0 directories, 2 files + +If you do not have tree installed, you can do so using the following command. + + $ sudo yum install -y tree + +#### Creating the Ansible Directory Structure #### + +The remaining steps are very similar to the ones for open source NGINX that we performed in [Creating an Ansible Playbook for Installing NGINX (CentOS)][22]. First we set up a working directory for our NGINX Plus deployment. Again I prefer creating it as a subdirectory of my home directory. + + $ cd $HOME + $ mkdir -p ansible-nginx-plus/tasks/ + $ touch ansible-nginx-plus/deploy.yml + $ touch ansible-nginx-plus/tasks/install_nginx_plus.yml + +The directory structure now looks like this. + + $ tree $HOME/ansible-nginx-plus/ + /home/kjones/ansible-nginx-plus/ + ├── deploy.yml + └── tasks + └── install_nginx_plus.yml + + 1 directory, 2 files + +#### Creating the Main Deployment File #### + +Next we use vim to create the **deploy.yml** file as for open source NGINX. + + $ vim ansible-nginx-plus/deploy.yml + +The only difference from the open source NGINX deployment is that we change the name of the included file to **install_nginx_plus.yml**. As a reminder, the file tells Ansible to deploy NGINX Plus on all servers in the **nginx** group (which is defined in **/etc/ansible/hosts**), and to read in and execute the contents of the **install_nginx_plus.yml** file from the **tasks** directory during deployment. + + # ./ansible-nginx-plus/deploy.yml + + - hosts: nginx + tasks: + - include: 'tasks/install_nginx_plus.yml' + +If you have not done so already, you also need to create the hosts file as detailed in [Creating the List of NGINX Servers][23] above. + +#### Creating the Deployment File for NGINX Plus #### + +Open **install_nginx_plus.yml** in a text editor. The file is going to contain the instructions for Ansible to follow when installing and configuring your NGINX Plus deployment. The commands and modules are specific to CentOS and some are unique to NGINX Plus. + + $ vim ansible-nginx-plus/tasks/install_nginx_plus.yml + +The first section uses the [file][24] module, telling Ansible to create the SSL directory for NGINX Plus as specified by the path and state arguments, set the ownership to root, and change the mode to 0700. + + # ./ansible-nginx-plus/tasks/install_nginx_plus.yml + + - name: NGINX Plus | Creating NGINX Plus ssl cert repo directory + file: path=/etc/ssl/nginx state=directory group=root mode=0700 + +The next two sections use the [copy][25] module to copy the NGINX Plus certificate and key from the Ansible deployment server to the NGINX Plus server during the deployment, again setting ownership to root and the mode to 0700. + + - name: NGINX Plus | Copying NGINX Plus repository certificate + copy: src=/etc/ssl/nginx/nginx-repo.crt dest=/etc/ssl/nginx/nginx-repo.crt owner=root group=root mode=0700 + + - name: NGINX Plus | Copying NGINX Plus repository key + copy: src=/etc/ssl/nginx/nginx-repo.key dest=/etc/ssl/nginx/nginx-repo.key owner=root group=root mode=0700 + +Next we tell Ansible to use the [get_url][26] module to download the CA certificate from the NGINX Plus repository at the remote location specified by the url argument, put it in the directory specified by the dest argument, and set the mode to 0700. + + - name: NGINX Plus | Downloading NGINX Plus CA certificate + get_url: url=https://cs.nginx.com/static/files/CA.crt dest=/etc/ssl/nginx/CA.crt mode=0700 + +Similarly, we tell Ansible to download the NGINX Plus repo file using the get_url module and copy it to the **/etc/yum.repos.d** directory on the NGINX Plus server. + + - name: NGINX Plus | Downloading yum NGINX Plus repository + get_url: url=https://cs.nginx.com/static/files/nginx-plus-7.repo dest=/etc/yum.repos.d/nginx-plus-7.repo mode=0700 + +The final two name sections tell Ansible to install and start NGINX Plus using the yum and service modules. + + - name: NGINX Plus | Installing NGINX Plus + yum: + name: nginx-plus + state: latest + + - name: NGINX Plus | Starting NGINX Plus + service: + name: nginx + state: started + +#### Running Ansible to Deploy NGINX Plus #### + +After saving the **install_nginx_plus.yml** file, we run the ansible-playbook command to deploy NGINX Plus. Again here we include the --ask-pass flag to have Ansible prompt for the SSH password and pass it to each NGINX Plus server, and specify the path to the main Ansible **deploy.yml** file. + + $ sudo ansible-playbook --ask-pass $HOME/ansible-nginx-plus/deploy.yml + + PLAY [nginx] ****************************************************************** + + GATHERING FACTS *************************************************************** + ok: [172.16.239.140] + + TASK: [NGINX Plus | Creating NGINX Plus ssl cert repo directory] ************** + changed: [172.16.239.140] + + TASK: [NGINX Plus | Copying NGINX Plus repository certificate] **************** + changed: [172.16.239.140] + + TASK: [NGINX Plus | Copying NGINX Plus repository key] ************************ + changed: [172.16.239.140] + + TASK: [NGINX Plus | Downloading NGINX Plus CA certificate] ******************** + changed: [172.16.239.140] + + TASK: [NGINX Plus | Downloading yum NGINX Plus repository] ******************** + changed: [172.16.239.140] + + TASK: [NGINX Plus | Installing NGINX Plus] ************************************ + changed: [172.16.239.140] + + TASK: [NGINX Plus | Starting NGINX Plus] ************************************** + changed: [172.16.239.140] + + PLAY RECAP ******************************************************************** + 172.16.239.140 : ok=8 changed=7 unreachable=0 failed=0 + +The playbook recap was successful. Now we can run a quick curl command to verify that NGINX Plus is running. Great, we get 200 OK! Success! We have successfully installed NGINX Plus with Ansible. + + $ curl -Is http://172.16.239.140 | grep HTTP + HTTP/1.1 200 OK + +### Creating an Ansible Playbook for Installing NGINX and NGINX Plus on Ubuntu ### + +The process for deploying NGINX and NGINX Plus on [Ubuntu servers][27] is pretty similar to the process on CentOS, so instead of providing step-by-step instructions I’ll show the complete deployment files and and point out the slight differences from CentOS. + +First create the Ansible directory structure and the main Ansible deployment file, as for CentOS. Also create the **/etc/ansible/hosts** file as described in [Creating the List of NGINX Servers][28]. For NGINX Plus, you need to copy over the key and certificate as described in [Copying the NGINX Plus Certificate and Key to the Ansible Server][29]. + +Here’s the **install_nginx.yml** deployment file for open source NGINX. In the first section, we use the [apt_key][30] module to import the NGINX signing key. The next two sections use the [lineinfile][31] module to add the package URLs for Ubuntu 14.04 to the **sources.list** file. Lastly we use the [apt][32] module to update the cache and install NGINX (apt replaces the yum module we used for deploying to CentOS). + + # ./ansible-nginx/tasks/install_nginx.yml + + - name: NGINX | Adding NGINX signing key + apt_key: url=http://nginx.org/keys/nginx_signing.key state=present + + - name: NGINX | Adding sources.list deb url for NGINX + lineinfile: dest=/etc/apt/sources.list line="deb http://nginx.org/packages/mainline/ubuntu/ trusty nginx" + + - name: NGINX Plus | Adding sources.list deb-src url for NGINX + lineinfile: dest=/etc/apt/sources.list line="deb-src http://nginx.org/packages/mainline/ubuntu/ trusty nginx" + + - name: NGINX | Updating apt cache + apt: + update_cache: yes + + - name: NGINX | Installing NGINX + apt: + pkg: nginx + state: latest + + - name: NGINX | Starting NGINX + service: + name: nginx + state: started + +Here’s the **install_nginx.yml** deployment file for NGINX Plus. The first four sections set up the NGINX Plus key and certificate. Then we use the apt_key module to import the signing key as for open source NGINX, and the get_url module to download the apt configuration file for NGINX Plus. The [shell][33] module evokes a printf command that writes its output to the **nginx-plus.list** file in the **sources.list.d** directory. The final name modules are the same as for open source NGINX. + + # ./ansible-nginx-plus/tasks/install_nginx_plus.yml + + - name: NGINX Plus | Creating NGINX Plus ssl cert repo directory + file: path=/etc/ssl/nginx state=directory group=root mode=0700 + + - name: NGINX Plus | Copying NGINX Plus repository certificate + copy: src=/etc/ssl/nginx/nginx-repo.crt dest=/etc/ssl/nginx/nginx-repo.crt owner=root group=root mode=0700 + + - name: NGINX Plus | Copying NGINX Plus repository key + copy: src=/etc/ssl/nginx/nginx-repo.key dest=/etc/ssl/nginx/nginx-repo.key owner=root group=root mode=0700 + + - name: NGINX Plus | Downloading NGINX Plus CA certificate + get_url: url=https://cs.nginx.com/static/files/CA.crt dest=/etc/ssl/nginx/CA.crt mode=0700 + + - name: NGINX Plus | Adding NGINX Plus signing key + apt_key: url=http://nginx.org/keys/nginx_signing.key state=present + + - name: NGINX Plus | Downloading Apt-Get NGINX Plus repository + get_url: url=https://cs.nginx.com/static/files/90nginx dest=/etc/apt/apt.conf.d/90nginx mode=0700 + + - name: NGINX Plus | Adding sources.list url for NGINX Plus + shell: printf "deb https://plus-pkgs.nginx.com/ubuntu `lsb_release -cs` nginx-plus\n" >/etc/apt/sources.list.d/nginx-plus.list + + - name: NGINX Plus | Running apt-get update + apt: + update_cache: yes + + - name: NGINX Plus | Installing NGINX Plus via apt-get + apt: + pkg: nginx-plus + state: latest + + - name: NGINX Plus | Start NGINX Plus + service: + name: nginx + state: started + +We’re now ready to run the ansible-playbook command: + + $ sudo ansible-playbook --ask-pass $HOME/ansible-nginx-plus/deploy.yml + +You should get a successful play recap. If you did not get a success, you can use the verbose flag to help troubleshoot your deployment as described in [Running Ansible to Deploy NGINX][34]. + +### Summary ### + +What I demonstrated in this tutorial is just the beginning of what Ansible can do to help automate your NGINX or NGINX Plus deployment. There are many useful modules ranging from user account management to custom configuration templates. If you are interested in learning more about these, please visit the extensive [Ansible documentation][35 site. + +To learn more about Ansible, come hear my talk on deploying NGINX Plus with Ansible at [NGINX.conf 2015][36], September 22–24 in San Francisco. + +-------------------------------------------------------------------------------- + +via: https://www.nginx.com/blog/installing-nginx-nginx-plus-ansible/ + +作者:[Kevin Jones][a] +译者:[struggling](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.nginx.com/blog/author/kjones/ +[1]:http://www.ansible.com/ +[2]:http://www.paramiko.org/ +[3]:http://www.openssh.com/ +[4]:http://nginx.org/en/ +[5]:https://www.nginx.com/products/ +[6]:http://www.centos.org/ +[7]:https://www.nginx.com/blog/installing-nginx-nginx-plus-ansible/#ubuntu +[8]:http://docs.ansible.com/ansible/intro_installation.html#installing-the-control-machine +[9]:https://www.nginx.com/blog/installing-nginx-nginx-plus-ansible/#deploy-nginx +[10]:http://docs.ansible.com/ansible/playbooks_roles.html#task-include-files-and-encouraging-reuse +[11]:https://www.nginx.com/blog/installing-nginx-nginx-plus-ansible/#list-nginx +[12]:http://docs.ansible.com/ansible/YAMLSyntax.html +[13]:http://docs.ansible.com/ansible/yum_module.html +[14]:http://docs.ansible.com/ansible/service_module.html +[15]:http://nginx.org/en/linux_packages.html +[16]:http://wiki.centos.org/HowTos/Network/SecuringSSH +[17]:http://curl.haxx.se/ +[18]:https://cs.nginx.com/ +[19]:https://www.nginx.com/#free-trial +[20]:http://linux.die.net/man/1/scp +[21]:https://winscp.net/eng/download.php +[22]:https://www.nginx.com/blog/installing-nginx-nginx-plus-ansible/#playbook-nginx +[23]:https://www.nginx.com/blog/installing-nginx-nginx-plus-ansible/#list-nginx +[24]:http://docs.ansible.com/ansible/file_module.html +[25]:http://docs.ansible.com/ansible/copy_module.html +[26]:http://docs.ansible.com/ansible/get_url_module.html +[27]:http://www.ubuntu.com/ +[28]:https://www.nginx.com/blog/installing-nginx-nginx-plus-ansible/#list-nginx +[29]:https://www.nginx.com/blog/installing-nginx-nginx-plus-ansible/#copy-cert-key +[30]:http://docs.ansible.com/ansible/apt_key_module.html +[31]:http://docs.ansible.com/ansible/lineinfile_module.html +[32]:http://docs.ansible.com/ansible/apt_module.html +[33]:http://docs.ansible.com/ansible/shell_module.html +[34]:https://www.nginx.com/blog/installing-nginx-nginx-plus-ansible/#deploy-nginx +[35]:http://docs.ansible.com/ +[36]:https://www.nginx.com/nginxconf/ diff --git a/sources/tech/20150906 Make Math Simple in Ubuntu or Elementary OS via NaSC.md b/sources/tech/20150906 Make Math Simple in Ubuntu or Elementary OS via NaSC.md new file mode 100644 index 0000000000..2ddb2a072c --- /dev/null +++ b/sources/tech/20150906 Make Math Simple in Ubuntu or Elementary OS via NaSC.md @@ -0,0 +1,63 @@ +ictlyh Translating +Make Math Simple in Ubuntu / Elementary OS via NaSC +================================================================================ +![](http://ubuntuhandbook.org/wp-content/uploads/2015/09/nasc-icon.png) + +NaSC (Not a Soulver Clone) is an open source software designed for Elementary OS to do arithmetics. It’s kinda similar to the Mac app [Soulver][1]. + +> Its an app where you do maths like a normal person. It lets you type whatever you want and smartly figures out what is math and spits out an answer on the right pane. Then you can plug those answers in to future equations and if that answer changes, so does the equations its used in. + +With NaSC you can for example: + +- Perform calculations with strangers you can define yourself +- Change the units and values ​​(in m cm, dollar euro …) +- Knowing the surface area of ​​a planet +- Solve of second-degree polynomial +- and more … + +![nasc-eos](http://ubuntuhandbook.org/wp-content/uploads/2015/09/nasc-eos.jpg) + +At the first launch, NaSC offers a tutorial that details possible features. You can later click the help icon on headerbar to get more. + +![nasc-help](http://ubuntuhandbook.org/wp-content/uploads/2015/09/nasc-help.jpg) + +In addition, the software allows to save your file in order to continue the work. It can be also shared on Pastebin with a defined time. + +### Install NaSC in Ubuntu / Elementary OS Freya: ### + +For Ubuntu 15.04, Ubuntu 15.10, Elementary OS Freya, open terminal from the Dash, App Launcher and run below commands one by one: + +1. Add the [NaSC PPA][2] via command: + + sudo apt-add-repository ppa:nasc-team/daily + +![nasc-ppa](http://ubuntuhandbook.org/wp-content/uploads/2015/09/nasc-ppa.jpg) + +2. If you’ve installed Synaptic Package Manager, search for and install `nasc` via it after clicking Reload button. + +Or run below commands to update system cache and install the software: + + sudo apt-get update + + sudo apt-get install nasc + +3. **(Optional)** To remove the software as well as NaSC, run: + + sudo apt-get remove nasc && sudo add-apt-repository -r ppa:nasc-team/daily + +For those who don’t want to add PPA, grab the .deb package directly from [this page][3]. + +-------------------------------------------------------------------------------- + +via: http://ubuntuhandbook.org/index.php/2015/09/make-math-simple-in-ubuntu-elementary-os-via-nasc/ + +作者:[Ji m][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://ubuntuhandbook.org/index.php/about/ +[1]:http://www.acqualia.com/soulver/ +[2]:https://launchpad.net/~nasc-team/+archive/ubuntu/daily/ +[3]:http://ppa.launchpad.net/nasc-team/daily/ubuntu/pool/main/n/nasc/ \ No newline at end of file diff --git a/sources/tech/20150908 How to Download Install and Configure Plank Dock in Ubuntu.md b/sources/tech/20150908 How to Download Install and Configure Plank Dock in Ubuntu.md new file mode 100644 index 0000000000..4f0a5f9ea1 --- /dev/null +++ b/sources/tech/20150908 How to Download Install and Configure Plank Dock in Ubuntu.md @@ -0,0 +1,66 @@ +How to Download, Install, and Configure Plank Dock in Ubuntu +================================================================================ +It’s a well-known fact that Linux is extremely customizable with users having a lot of options to choose from – be it the operating systems’ various distributions or desktop environments available for a single distro. Like users of any other OS, Linux users also have different tastes and preferences, especially when it comes to desktop. + +While some users aren’t particularly bothered about their desktop, others take special care to make sure that their desktop looks cool and attractive, something for which there are various applications available. One such application that brings life to your desktop – especially if you use a global menu on the top – is the dock. There are many dock applications available for Linux; if you’re looking for the simplest one, then look no further than [Plank][1], which we’ll be discussing in this article. + +**Note**: the examples and commands mentioned here have been tested on Ubuntu (version 14.10) and Plank version 0.9.1.1383. + +### Plank ### + +The official documentation describes Plank as the “simplest dock on the planet.” The project’s goal is to provide just what a dock needs, although it’s essentially a library which can be extended to create other dock programs with more advanced features. + +What’s worth mentioning here is that Plank, which comes pre-installed in elementary OS, is the underlying technology for Docky, a popular dock application which is very similar in functionality to Mac OS X’s Dock. + +### Download and Install ### + +You can download and install Plank by executing the following commands on your terminal: + + sudo add-apt-repository ppa:docky-core/stable + sudo apt-get update + sudo apt-get install plank + +Once installed successfully, you can open the application by typing the name Plank in Unity Dash (see image below), or open it from the App Menu if you aren’t using the Unity environment. + +![](https://www.maketecheasier.com/assets/uploads/2015/09/plank-unity-dash.png) + +### Features ### + +Once the Plank dock is enabled, you’ll see it sitting at the center-bottom of your desktop. + +![](https://www.maketecheasier.com/assets/uploads/2015/09/plank-enabled-new.jpg) + +As you can see in the image above, the dock contains some application icons with an orange color indication below those which are currently running. Needless to say, you can click an icon to open that application. Also, a right-click on any application icon will produce some more options that you might be interested in. For example, see the screen-shot below: + +![](https://www.maketecheasier.com/assets/uploads/2015/09/plank-right-click-icons-new.jpg) + +To access the configuration options, you’ll have to do a right-click on Plank’s icon (which is the first one from the left), and then click the Preferences option. This will produce the following window. + +![](https://www.maketecheasier.com/assets/uploads/2015/09/plank-preferences.png) + +As you can see, the preference window consists of two tabs: Appearance and Behavior, with the former being selected by default. The Appearance tab contains settings related to the Plank theme, the dock’s position, and alignment, as well as that related to icons, while the Behavior tab contains settings related to the dock itself. + +![](https://www.maketecheasier.com/assets/uploads/2015/09/plank-behavior-settings.png) + +For example, I changed the position of the dock to Right from within the Appearance tab and locked the icons (which means no “Keep in Dock” option on right-click) from the Behavior tab. + +![](https://www.maketecheasier.com/assets/uploads/2015/09/plank-right-lock-new.jpg) + +As you can see in the screen-shot above, the changes came into effect. Similarly, you can tweak any available setting as per your requirement. + +### Conclusion ### + +Like I said in the beginning, having a dock isn’t mandatory. However, using one definitely makes things convenient, especially if you’ve been using Mac and have recently switched over to Linux for whatever reason. For its part, Plank not only offers simplicity, but dependability and stability as well – the project is well-maintained. + +-------------------------------------------------------------------------------- + +via: https://www.maketecheasier.com/download-install-configure-plank-dock-ubuntu/ + +作者:[Himanshu Arora][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.maketecheasier.com/author/himanshu/ +[1]:https://launchpad.net/plank \ No newline at end of file diff --git a/sources/tech/20150908 How to Run ISO Files Directly From the HDD with GRUB2.md b/sources/tech/20150908 How to Run ISO Files Directly From the HDD with GRUB2.md new file mode 100644 index 0000000000..7de3640532 --- /dev/null +++ b/sources/tech/20150908 How to Run ISO Files Directly From the HDD with GRUB2.md @@ -0,0 +1,96 @@ +How to Run ISO Files Directly From the HDD with GRUB2 +================================================================================ +![](https://www.maketecheasier.com/assets/uploads/2015/07/rundirectiso-featured.png) + +Most Linux distros offer a live environment, which you can boot up from a USB drive, for you to test the system without installing. You can either use it to evaluate the distro or as a disposable OS. While it is easy to copy these onto a USB disk, in certain cases one might want to run the same ISO image often or run different ones regularly. GRUB 2 can be configured so that you do not need to burn the ISOs to disk or use a USB drive, but need to run a live environment directly form the boot menu. + +### Obtaining and checking bootable ISO images ### + +To obtain an ISO image, you should usually visit the website of the desired distribution and download any image that is compatible with your setup. If the image can be started from a USB, it should be able to start from the GRUB menu as well. + +Once the image has finished downloading, you should check its integrity by running a simple md5 check on it. This will output a long combination of numbers and alphanumeric characters + +![](https://www.maketecheasier.com/assets/uploads/2015/07/rundirectiso-md5.png) + +which you can compare against the MD5 checksum provided on the download page. The two should be identical. + +### Setting up GRUB 2 ### + +ISO images contain full systems. All you need to do is direct GRUB2 to the appropriate file, and tell it where it can find the kernel and the initramdisk or initram filesystem (depending on which one your distribution uses). + +In this example, a Kubuntu 15.04 live environment will be set up to run on an Ubuntu 14.04 box as a Grub menu item. It should work for most newer Ubuntu-based systems and derivatives. If you have a different system or want to achieve something else, you can get some ideas on how to do this from one of [these files][1], although it will require a little experience with GRUB. + +In this example the file `kubuntu-15.04-desktop-amd64.iso` + +lives in `/home/maketecheasier/TempISOs/` on `/dev/sda1`. + +To make GRUB2 look for it in the right place, you need to edit the + + /etc/grub.d40-custom + +![](https://www.maketecheasier.com/assets/uploads/2015/07/rundirectiso-40-custom-empty.png) + +To start Kubuntu from the above location, add the following code (after adjusting it to your needs) below the commented section, without modifying the original content. + + menuentry "Kubuntu 15.04 ISO" { + set isofile="/home/maketecheasier/TempISOs/kubuntu-15.04-desktop-amd64.iso" + loopback loop (hd0,1)$isofile + echo "Starting $isofile..." + linux (loop)/casper/vmlinuz.efi boot=casper iso-scan/filename=${isofile} quiet splash + initrd (loop)/casper/initrd.lz + } + +![](https://www.maketecheasier.com/assets/uploads/2015/07/rundirectiso-40-custom-new.png) + +### Breaking down the above code ### + +First set up a variable named `$menuentry`. This is where the ISO file is located. If you want to change to a different ISO, you need to change the bit where it says set `isofile="/path/to/file/name-of-iso-file-.iso"`. + +The next line is where you specify the loopback device; you also need to give it the right partition number. This is the bit where it says + + loopback loop (hd0,1)$isofile + +Note the hd0,1 bit; it is important. This means first HDD, first partition (`/dev/sda1`). + +GRUB’s naming here is slightly confusing. For HDDs, it starts counting from “0”, making the first HDD #0, the second one #1, the third one #2, etc. However, for partitions, it will start counting from 1. First partition is #1, second is #2, etc. There might be a good reason for this but not necessarily a sane one (UX-wise it is a disaster, to be sure).. + +This makes fist disk, first partition, which in Linux would usually look something like `/dev/sda1` become `hd0,1` in GRUB2. The second disk, third partition would be `hd1,3`, and so on. + +The next important line is + + linux (loop)/casper/vmlinuz.efi boot=casper iso-scan/filename=${isofile} quiet splash + +It will load the kernel image. On newer Ubuntu Live CDs, this would be in the `/casper` directory and called `vmlinuz.efi`. If you use a different system, your kernel might be missing the `.efi` extension or be located somewhere else entirely (You can easily check this by opening the ISO file with an archive manager and looking inside `/casper.`). The last options, `quiet splash`, would be your regular GRUB options, if you care to change them. + +Finally + + initrd (loop)/casper/initrd.lz + +will load `initrd`, which is responsible to load a RAMDisk into memory for bootup. + +### Booting into your live system ### + +To make it all work, you will only need to update GRUB2 + + sudo update-grub + +![](https://www.maketecheasier.com/assets/uploads/2015/07/rundirectiso-updare-grub.png) + +When you reboot your system, you should be presented with a new GRUB entry which will allow you to load into the ISO image you’ve just set up. + +![](https://www.maketecheasier.com/assets/uploads/2015/07/rundirectiso-grub-menu.png) + +Selecting the new entry should boot you into the live environment, just like booting from a DVD or USB would. + +-------------------------------------------------------------------------------- + +via: https://www.maketecheasier.com/run-iso-files-hdd-grub2/ + +作者:[Attila Orosz][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.maketecheasier.com/author/attilaorosz/ +[1]:http://git.marmotte.net/git/glim/tree/grub2 \ No newline at end of file diff --git a/sources/tech/20150908 List Of 10 Funny Linux Commands.md b/sources/tech/20150908 List Of 10 Funny Linux Commands.md new file mode 100644 index 0000000000..660bd47ff5 --- /dev/null +++ b/sources/tech/20150908 List Of 10 Funny Linux Commands.md @@ -0,0 +1,185 @@ +List Of 10 Funny Linux Commands +================================================================================ +**Working from the Terminal is really fun. Today, we’ll list really funny Linux commands which will bring smile on your face.** + +### 1. rev ### + +Create a file, type some words in this file, rev command will dump all words written by you in reverse. + + # rev + +![Selection_002](http://www.unixmen.com/wp-content/uploads/2015/09/Selection_0021.png) + +![Selection_001](http://www.unixmen.com/wp-content/uploads/2015/09/Selection_0011.png) + +### 2. fortune ### + +This command is not install by default, install with apt-get and fortune will display some random sentence. + + crank@crank-System:~$ sudo apt-get install fortune + +![Selection_003](http://www.unixmen.com/wp-content/uploads/2015/09/Selection_0031.png) + +Use **-s** option with fortune, it will limit the out to one sentence. + + # fortune -s + +![Selection_004](http://www.unixmen.com/wp-content/uploads/2015/09/Selection_0042.png) + +### 3. yes ### + + #yes + +This command will keep displaying the string for infinite time until the process is killed by the user. + + # yes unixmen + +![Selection_005](http://www.unixmen.com/wp-content/uploads/2015/09/Selection_0054.png) + +### 4. figlet ### + +This command can be installed with apt-get, comes with some ascii fonts which are located in **/usr/share/figlet**. + + cd /usr/share/figlet + +---------- + + #figlet -f + +e.g. + + #figlet -f big.flf unixmen + +![Selection_006](http://www.unixmen.com/wp-content/uploads/2015/09/Selection_0062.png) + +#figlet -f block.flf unixmen + +![Selection_007](http://www.unixmen.com/wp-content/uploads/2015/09/Selection_0072.png) + +You can try another options also. + +### 5. asciiquarium ### + +This command will transform your terminal in to a Sea Aquarium. +Download term animator + + # wget http://search.cpan.org/CPAN/authors/id/K/KB/KBAUCOM/Term-Animation-2.4.tar.gz + +Install and Configure above package. + + # tar -zxvf Term-Animation-2.4.tar.gz + # cd Term-Animation-2.4/ + # perl Makefile.PL && make && make test + # sudo make install + +Install following package: + + # apt-get install libcurses-perl + +Download and install asciiquarium + + # wget http://www.robobunny.com/projects/asciiquarium/asciiquarium.tar.gz + # tar -zxvf asciiquarium.tar.gz + # cd asciiquarium_1.0/ + # cp asciiquarium /usr/local/bin/ + +Run, + + # /usr/local/bin/asciiquarium + +![asciiquarium_1.1 : perl_008](http://www.unixmen.com/wp-content/uploads/2015/09/asciiquarium_1.1-perl_008.png) + +### 6. bb ### + + # apt-get install bb + # bb + +See what comes out: + +![Selection_009](http://www.unixmen.com/wp-content/uploads/2015/09/Selection_0092.png) + +### 7. sl ### + +Sometimes you type **sl** instead of **ls** by mistake,actually **sl** is a command and a locomotive engine will start moving if you type sl. + + # apt-get install sl + +---------- + + # sl + +![Selection_012](http://www.unixmen.com/wp-content/uploads/2015/09/Selection_0122.png) + +### 8. cowsay ### + +Very common command, is will display in ascii form whatever you wants to say. + + apt-get install cowsay + +---------- + + # cowsay + +![Selection_013](http://www.unixmen.com/wp-content/uploads/2015/09/Selection_0132.png) + +Or, you can use another character instead of com, such characters are stored in **/usr/share/cowsay/cows** + + # cd /usr/share/cowsay/cows + +---------- + + cowsay -f ghostbusters.cow unixmen + +![Selection_014](http://www.unixmen.com/wp-content/uploads/2015/09/Selection_0141.png) + +or + + # cowsay -f bud-frogs.cow Rajneesh + +![Selection_015](http://www.unixmen.com/wp-content/uploads/2015/09/Selection_0151.png) + +### 9. toilet ### + +Yes, this is a command, it dumps ascii strings in colored form to the terminal. + + # apt-get install toilet + +---------- + + # toilet --gay unixmen + +![Selection_016](http://www.unixmen.com/wp-content/uploads/2015/09/Selection_0161.png) + + toilet -F border -F gay unixmen + +![Selection_020](http://www.unixmen.com/wp-content/uploads/2015/09/Selection_020.png) + + toilet -f mono12 -F metal unixmen + +![Selection_018](http://www.unixmen.com/wp-content/uploads/2015/09/Selection_0181.png) + +### 10. aafire ### + +Put you terminal on fire with aafire. + + # apt-get install libaa-bin + +---------- + + # aafire + +![Selection_019](http://www.unixmen.com/wp-content/uploads/2015/09/Selection_0191.png) + +That it, Have fun with Linux Terminal!! + +-------------------------------------------------------------------------------- + +via: http://www.unixmen.com/list-10-funny-linux-commands/ + +作者:[Rajneesh Upadhyay][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://www.unixmen.com/author/rajneesh/ \ No newline at end of file diff --git a/sources/tech/LFCS/Part 1 - LFCS--How to use GNU 'sed' Command to Create Edit and Manipulate files in Linux.md b/sources/tech/LFCS/Part 1 - LFCS--How to use GNU 'sed' Command to Create Edit and Manipulate files in Linux.md deleted file mode 100644 index 083078fa62..0000000000 --- a/sources/tech/LFCS/Part 1 - LFCS--How to use GNU 'sed' Command to Create Edit and Manipulate files in Linux.md +++ /dev/null @@ -1,222 +0,0 @@ -Translating by Xuanwo - -Part 1 - LFCS: How to use GNU ‘sed’ Command to Create, Edit, and Manipulate files in Linux -================================================================================ -The Linux Foundation announced the LFCS (Linux Foundation Certified Sysadmin) certification, a new program that aims at helping individuals all over the world to get certified in basic to intermediate system administration tasks for Linux systems. This includes supporting running systems and services, along with first-hand troubleshooting and analysis, and smart decision-making to escalate issues to engineering teams. - -![Linux Foundation Certified Sysadmin](http://www.tecmint.com/wp-content/uploads/2014/10/lfcs-Part-1.png) - -Linux Foundation Certified Sysadmin – Part 1 - -Please watch the following video that demonstrates about The Linux Foundation Certification Program. - -注:youtube 视频 - - -The series will be titled Preparation for the LFCS (Linux Foundation Certified Sysadmin) Parts 1 through 10 and cover the following topics for Ubuntu, CentOS, and openSUSE: - -- Part 1: How to use GNU ‘sed’ Command to Create, Edit, and Manipulate files in Linux -- Part 2: How to Install and Use vi/m as a full Text Editor -- Part 3: Archiving Files/Directories and Finding Files on the Filesystem -- Part 4: Partitioning Storage Devices, Formatting Filesystems and Configuring Swap Partition -- Part 5: Mount/Unmount Local and Network (Samba & NFS) Filesystems in Linux -- Part 6: Assembling Partitions as RAID Devices – Creating & Managing System Backups -- Part 7: Managing System Startup Process and Services (SysVinit, Systemd and Upstart -- Part 8: Managing Users & Groups, File Permissions & Attributes and Enabling sudo Access on Accounts -- Part 9: Linux Package Management with Yum, RPM, Apt, Dpkg, Aptitude and Zypper -- Part 10: Learning Basic Shell Scripting and Filesystem Troubleshooting - - -This post is Part 1 of a 10-tutorial series, which will cover the necessary domains and competencies that are required for the LFCS certification exam. That being said, fire up your terminal, and let’s start. - -### Processing Text Streams in Linux ### - -Linux treats the input to and the output from programs as streams (or sequences) of characters. To begin understanding redirection and pipes, we must first understand the three most important types of I/O (Input and Output) streams, which are in fact special files (by convention in UNIX and Linux, data streams and peripherals, or device files, are also treated as ordinary files). - -The difference between > (redirection operator) and | (pipeline operator) is that while the first connects a command with a file, the latter connects the output of a command with another command. - - # command > file - # command1 | command2 - -Since the redirection operator creates or overwrites files silently, we must use it with extreme caution, and never mistake it with a pipeline. One advantage of pipes on Linux and UNIX systems is that there is no intermediate file involved with a pipe – the stdout of the first command is not written to a file and then read by the second command. - -For the following practice exercises we will use the poem “A happy child” (anonymous author). - -![cat command](http://www.tecmint.com/wp-content/uploads/2014/10/cat-command.png) - -cat command example - -#### Using sed #### - -The name sed is short for stream editor. For those unfamiliar with the term, a stream editor is used to perform basic text transformations on an input stream (a file or input from a pipeline). - -The most basic (and popular) usage of sed is the substitution of characters. We will begin by changing every occurrence of the lowercase y to UPPERCASE Y and redirecting the output to ahappychild2.txt. The g flag indicates that sed should perform the substitution for all instances of term on every line of file. If this flag is omitted, sed will replace only the first occurrence of term on each line. - -**Basic syntax:** - - # sed ‘s/term/replacement/flag’ file - -**Our example:** - - # sed ‘s/y/Y/g’ ahappychild.txt > ahappychild2.txt - -![sed command](http://www.tecmint.com/wp-content/uploads/2014/10/sed-command.png) - -sed command example - -Should you want to search for or replace a special character (such as /, \, &) you need to escape it, in the term or replacement strings, with a backward slash. - -For example, we will substitute the word and for an ampersand. At the same time, we will replace the word I with You when the first one is found at the beginning of a line. - - # sed 's/and/\&/g;s/^I/You/g' ahappychild.txt - -![sed replace string](http://www.tecmint.com/wp-content/uploads/2014/10/sed-replace-string.png) - -sed replace string - -In the above command, a ^ (caret sign) is a well-known regular expression that is used to represent the beginning of a line. - -As you can see, we can combine two or more substitution commands (and use regular expressions inside them) by separating them with a semicolon and enclosing the set inside single quotes. - -Another use of sed is showing (or deleting) a chosen portion of a file. In the following example, we will display the first 5 lines of /var/log/messages from Jun 8. - - # sed -n '/^Jun 8/ p' /var/log/messages | sed -n 1,5p - -Note that by default, sed prints every line. We can override this behaviour with the -n option and then tell sed to print (indicated by p) only the part of the file (or the pipe) that matches the pattern (Jun 8 at the beginning of line in the first case and lines 1 through 5 inclusive in the second case). - -Finally, it can be useful while inspecting scripts or configuration files to inspect the code itself and leave out comments. The following sed one-liner deletes (d) blank lines or those starting with # (the | character indicates a boolean OR between the two regular expressions). - - # sed '/^#\|^$/d' apache2.conf - -![sed match string](http://www.tecmint.com/wp-content/uploads/2014/10/sed-match-string.png) - -sed match string - -#### uniq Command #### - -The uniq command allows us to report or remove duplicate lines in a file, writing to stdout by default. We must note that uniq does not detect repeated lines unless they are adjacent. Thus, uniq is commonly used along with a preceding sort (which is used to sort lines of text files). By default, sort takes the first field (separated by spaces) as key field. To specify a different key field, we need to use the -k option. - -**Examples** - -The du –sch /path/to/directory/* command returns the disk space usage per subdirectories and files within the specified directory in human-readable format (also shows a total per directory), and does not order the output by size, but by subdirectory and file name. We can use the following command to sort by size. - - # du -sch /var/* | sort –h - -![sort command](http://www.tecmint.com/wp-content/uploads/2014/10/sort-command.jpg) - -sort command example - -You can count the number of events in a log by date by telling uniq to perform the comparison using the first 6 characters (-w 6) of each line (where the date is specified), and prefixing each output line by the number of occurrences (-c) with the following command. - - # cat /var/log/mail.log | uniq -c -w 6 - -![Count Numbers in File](http://www.tecmint.com/wp-content/uploads/2014/10/count-numbers-in-file.jpg) - -Count Numbers in File - -Finally, you can combine sort and uniq (as they usually are). Consider the following file with a list of donors, donation date, and amount. Suppose we want to know how many unique donors there are. We will use the following command to cut the first field (fields are delimited by a colon), sort by name, and remove duplicate lines. - - # cat sortuniq.txt | cut -d: -f1 | sort | uniq - -![Find Unique Records in File](http://www.tecmint.com/wp-content/uploads/2014/10/find-uniqu-records-in-file.jpg) - -Find Unique Records in File - -- Read Also: [13 “cat” Command Examples][1] - -#### grep Command #### - -grep searches text files or (command output) for the occurrence of a specified regular expression and outputs any line containing a match to standard output. - -**Examples** - -Display the information from /etc/passwd for user gacanepa, ignoring case. - - # grep -i gacanepa /etc/passwd - -![grep Command](http://www.tecmint.com/wp-content/uploads/2014/10/grep-command.jpg) - -grep command example - -Show all the contents of /etc whose name begins with rc followed by any single number. - - # ls -l /etc | grep rc[0-9] - -![List Content Using grep](http://www.tecmint.com/wp-content/uploads/2014/10/list-content-using-grep.jpg) - -List Content Using grep - -- Read Also: [12 “grep” Command Examples][2] - -#### tr Command Usage #### - -The tr command can be used to translate (change) or delete characters from stdin, and write the result to stdout. - -**Examples** - -Change all lowercase to uppercase in sortuniq.txt file. - - # cat sortuniq.txt | tr [:lower:] [:upper:] - -![Sort Strings in File](http://www.tecmint.com/wp-content/uploads/2014/10/sort-strings.jpg) - -Sort Strings in File - -Squeeze the delimiter in the output of ls –l to only one space. - - # ls -l | tr -s ' ' - -![Squeeze Delimiter](http://www.tecmint.com/wp-content/uploads/2014/10/squeeze-delimeter.jpg) - -Squeeze Delimiter - -#### cut Command Usage #### - -The cut command extracts portions of input lines (from stdin or files) and displays the result on standard output, based on number of bytes (-b option), characters (-c), or fields (-f). In this last case (based on fields), the default field separator is a tab, but a different delimiter can be specified by using the -d option. - -**Examples** - -Extract the user accounts and the default shells assigned to them from /etc/passwd (the –d option allows us to specify the field delimiter, and the –f switch indicates which field(s) will be extracted. - - # cat /etc/passwd | cut -d: -f1,7 - -![Extract User Accounts](http://www.tecmint.com/wp-content/uploads/2014/10/extract-user-accounts.jpg) - -Extract User Accounts - -Summing up, we will create a text stream consisting of the first and third non-blank files of the output of the last command. We will use grep as a first filter to check for sessions of user gacanepa, then squeeze delimiters to only one space (tr -s ‘ ‘). Next, we’ll extract the first and third fields with cut, and finally sort by the second field (IP addresses in this case) showing unique. - - # last | grep gacanepa | tr -s ‘ ‘ | cut -d’ ‘ -f1,3 | sort -k2 | uniq - -![last command](http://www.tecmint.com/wp-content/uploads/2014/10/last-command.png) - -last command example - -The above command shows how multiple commands and pipes can be combined so as to obtain filtered data according to our desires. Feel free to also run it by parts, to help you see the output that is pipelined from one command to the next (this can be a great learning experience, by the way!). - -### Summary ### - -Although this example (along with the rest of the examples in the current tutorial) may not seem very useful at first sight, they are a nice starting point to begin experimenting with commands that are used to create, edit, and manipulate files from the Linux command line. Feel free to leave your questions and comments below – they will be much appreciated! - -#### Reference Links #### - -- [About the LFCS][3] -- [Why get a Linux Foundation Certification?][4] -- [Register for the LFCS exam][5] - --------------------------------------------------------------------------------- - -via: http://www.tecmint.com/sed-command-to-create-edit-and-manipulate-files-in-linux/ - -作者:[Gabriel Cánepa][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:http://www.tecmint.com/author/gacanepa/ -[1]:http://www.tecmint.com/13-basic-cat-command-examples-in-linux/ -[2]:http://www.tecmint.com/12-practical-examples-of-linux-grep-command/ -[3]:https://training.linuxfoundation.org/certification/LFCS -[4]:https://training.linuxfoundation.org/certification/why-certify-with-us -[5]:https://identity.linuxfoundation.org/user?destination=pid/1 \ No newline at end of file diff --git a/sources/tech/Learn with Linux/Learn with Linux--Learning Music.md b/sources/tech/Learn with Linux/Learn with Linux--Learning Music.md new file mode 100644 index 0000000000..e6467eb810 --- /dev/null +++ b/sources/tech/Learn with Linux/Learn with Linux--Learning Music.md @@ -0,0 +1,155 @@ +Learn with Linux: Learning Music +================================================================================ +![](https://www.maketecheasier.com/assets/uploads/2015/07/learnmusic-featured.png) + +This article is part of the [Learn with Linux][1] series: + +- [Learn with Linux: Learning to Type][2] +- [Learn with Linux: Physics Simulation][3] +- [Learn with Linux: Learning Music][4] +- [Learn with Linux: Two Geography Apps][5] +- [Learn with Linux: Master Your Math with These Linux Apps][6] + +Linux offers great educational software and many excellent tools to aid students of all grades and ages in learning and practicing a variety of topics, often interactively. The “Learn with Linux” series of articles offers an introduction to a variety of educational apps and software. + +Learning music is a great pastime. Training your ears to identify scales and chords and mastering an instrument or your own voice requires lots of practise and could become difficult. Music theory is extensive. There is much to memorize, and to turn it into a “skill” you will need diligence. Linux offers exceptional software to help you along your musical journey. They will not help you become a professional musician instantly but could ease the process of learning, being a great aide and reference point. + +### Gnu Solfège ### + +[Solfège][7] is a popular music education method that is used in all levels of music education all around the world. Many popular methods (like the Kodály method) use Solfège as their basis. GNU Solfège is a great software aimed more at practising Solfège than learning it. It assumes the student has already acquired the basics and wishes to practise what they have learned. + +As the developer states on the GNU website: + +> “When you study music on high school, college, music conservatory, you usually have to do ear training. Some of the exercises, like sight singing, is easy to do alone [sic]. But often you have to be at least two people, one making questions, the other answering. […] GNU Solfège tries to help out with this. With Solfege you can practise the more simple and mechanical exercises without the need to get others to help you. Just don’t forget that this program only touches a part of the subject.” + +The software delivers its promise; you can practise essentially everything with audible and visual aids. + +GNU solfege is in the Debian (therefore Ubuntu) repositories. To get it just type the following command into a terminal: + + sudo apt-get install solfege + +When it loads, you find yourself on a simple starting screen/ + +![learnmusic-solfege-main](https://www.maketecheasier.com/assets/uploads/2015/07/learnmusic-solfege-main.png) + +The number of options is almost overwhelming. Most of the links will open sub-categories + +![learnmusic-solfege-scales](https://www.maketecheasier.com/assets/uploads/2015/07/learnmusic-solfege-scales.png) + +from where you can select individual exercises. + +![learnmusic-solfege-hun](https://www.maketecheasier.com/assets/uploads/2015/07/learnmusic-solfege-hun.png) + +There are practice sessions and tests. Both will be able to play the tones through any connected MIDI device or just your sound card’s MIDI player. The exercises often have visual notation and the ability to play back the sequence slowly. + +One important note about Solfège is that under Ubuntu you might not be able to hear anything with the default setup (unless you have a MIDI device connected). If that is the case, head over to “File -> Preferences,” select sound setup and choose the appropriate option for your system (choosing ALSA would probably work in most cases). + +![learnmusic-solfege-midi](https://www.maketecheasier.com/assets/uploads/2015/07/learnmusic-solfege-midi.png) + +Solfège could be very helpful for your daily practise. Use it regularly and you will have trained your ear before you can sing do-re-mi. + +### Tete (ear trainer) ### + +[Tete][8] (This ear trainer ‘ere) is a Java application for simple, yet efficient, [ear training][9]. It helps you identify a variety of scales by playing thhm back under various circumstances, from different roots and on different MIDI sounds. [Download it from SourceForge][10]. You then need to unzip the downloaded file. + + unzip Tete-* + +Enter the unpacked directory: + + cd Tete-* + +Assuming you have Java installed in your system, you can run the java file with + + java -jar Tete-[your version] + +(To autocomplete the above command, just press the Tab key after typing “Tete-“.) + +Tete has a simple, one-page interface with everything on it. + +![learnmusic-tete-main](https://www.maketecheasier.com/assets/uploads/2015/07/learnmusic-tete-main.png) + +You can choose to play scales (see above), chords, + +![learnmusic-tete-chords](https://www.maketecheasier.com/assets/uploads/2015/07/learnmusic-tete-chords.png) + +or intervals. + +![learnmusic-tete-intervals](https://www.maketecheasier.com/assets/uploads/2015/07/learnmusic-tete-intervals.png) + +You can “fine tune” your experience with various options including the midi instrument’s sound, what note to start from, ascending or descending scales, and how slow/fast the playback should be. Tete’s SourceForge page includes a very useful tutorial that explains most aspects of the software. + +### JalMus ### + +Jalmus is a Java-based keyboard note reading trainer. It works with attached MIDI keyboards or with the on-screen virtual keyboard. It has many simple lessons and exercises to train in music reading. Unfortunately, its development has been discontinued since 2013, but the software appears to still be functional. + +To get Jalmus, head over to the [sourceforge page][11] of its last version (2.3) to get the Java installer, or just type the following command into a terminal: + + wget http://garr.dl.sourceforge.net/project/jalmus/Jalmus-2.3/installjalmus23.jar + +Once the download finishes, load the installer with + + java -jar installjalmus23.jar + +You will be guided through a simple Java-based installer that was made for cross-platform installation. + +Jalmus’s main screen is plain. + +![learnmusic-jalmus-main](https://www.maketecheasier.com/assets/uploads/2015/07/learnmusic-jalmus-main.jpg) + +You can find lessons of varying difficulty in the Lessons menu. It ranges from very simple ones, where one notes swims in from the left, and the corresponding key lights up on the on screen keyboard … + +![learnmusic-jalmus-singlenote](https://www.maketecheasier.com/assets/uploads/2015/07/learnmusic-jalmus-singlenote.png) + +… to difficult ones with many notes swimming in from the right, and you are required to repeat the sequence on your keyboard. + +![learnmusic-jalmus-multinote](https://www.maketecheasier.com/assets/uploads/2015/07/learnmusic-jalmus-multinote.png) + +Jalmus also includes exercises of note reading single notes, which are very similar to the lessons, only without the visual hints, where your score will be displayed after you finished. It also aids rhythm reading of varying difficulty, where the rhythm is both audible and visually marked. A metronome (audible and visual) aids in the understanding + +![learnmusic-jalmus-rhythm](https://www.maketecheasier.com/assets/uploads/2015/07/learnmusic-jalmus-rhythm.png) + +and score reading where multiple notes will be played + +![learnmusic-jalmus-score](https://www.maketecheasier.com/assets/uploads/2015/07/learnmusic-jalmus-score.png) + +All these options are configurable; you can switch features on and off as you like. + +All things considered, Jalmus probably works best for rhythm training. Although it was not necessarily its intended purpose, the software really excelled in this particular use-case. + +### Notable mentions ### + +#### TuxGuitar #### + +For guitarists, [TuxGuitar][12] works much like Guitar Pro on Windows (and it can also read guitar-pro files). +PianoBooster + +[Piano Booster][13] can help with piano skills. It is designed to play MIDI files, which you can play along with on an attached keyboard, watching the core roll past on the screen. + +### Conclusion ### + +Linux offers many great tools for learning, and if your particular interest is music, your will not be left without software to aid your practice. Surely there are many more excellent software tools available for music students than were mentioned above. Do you know of any? Please let us know in the comments below. + +-------------------------------------------------------------------------------- + +via: https://www.maketecheasier.com/linux-learning-music/ + +作者:[Attila Orosz][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.maketecheasier.com/author/attilaorosz/ +[1]:https://www.maketecheasier.com/series/learn-with-linux/ +[2]:https://www.maketecheasier.com/learn-to-type-in-linux/ +[3]:https://www.maketecheasier.com/linux-physics-simulation/ +[4]:https://www.maketecheasier.com/linux-learning-music/ +[5]:https://www.maketecheasier.com/linux-geography-apps/ +[6]:https://www.maketecheasier.com/learn-linux-maths/ +[7]:https://en.wikipedia.org/wiki/Solf%C3%A8ge +[8]:http://tete.sourceforge.net/index.shtml +[9]:https://en.wikipedia.org/wiki/Ear_training +[10]:http://sourceforge.net/projects/tete/files/latest/download +[11]:http://sourceforge.net/projects/jalmus/files/Jalmus-2.3/ +[12]:http://tuxguitar.herac.com.ar/ +[13]:http://www.linuxlinks.com/article/20090517041840856/PianoBooster.html \ No newline at end of file diff --git a/sources/tech/Learn with Linux/Learn with Linux--Learning to Type.md b/sources/tech/Learn with Linux/Learn with Linux--Learning to Type.md new file mode 100644 index 0000000000..51cef0f1a8 --- /dev/null +++ b/sources/tech/Learn with Linux/Learn with Linux--Learning to Type.md @@ -0,0 +1,121 @@ +Learn with Linux: Learning to Type +================================================================================ +![](https://www.maketecheasier.com/assets/uploads/2015/07/learntotype-featured.png) + +This article is part of the [Learn with Linux][1] series: + +- [Learn with Linux: Learning to Type][2] +- [Learn with Linux: Physics Simulation][3] +- [Learn with Linux: Learning Music][4] +- [Learn with Linux: Two Geography Apps][5] +- [Learn with Linux: Master Your Math with These Linux Apps][6] + +Linux offers great educational software and many excellent tools to aid students of all grades and ages in learning and practicing a variety of topics, often interactively. The “Learn with Linux” series of articles offers an introduction to a variety of educational apps and software. + +Typing is taken for granted by many people; today being keyboard savvy often comes as second nature. Yet how many of us still type with two fingers, even if ever so fast? Once typing was taught in schools, but slowly the art of ten-finger typing is giving way to two thumbs. + +The following two applications can help you master the keyboard so that your next thought does not get lost while your fingers catch up. They were chosen for their simplicity and ease of use. While there are some more flashy or better looking typing apps out there, the following two will get the basics covered and offer the easiest way to start out. + +### TuxType (or TuxTyping) ### + +TuxType is for children. Young students can learn how to type with ten fingers with simple lessons and practice their newly-acquired skills in fun games. + +Debian and derivatives (therefore all Ubuntu derivatives) should have TuxType in their standard repositories. To install simply type + + sudo apt-get install tuxtype + +The application starts with a simple menu screen featuring Tux and some really bad midi music (Fortunately the sound can be turned off easily with the icon in the lower left corner.). + +![learntotype-tuxtyping-main](https://www.maketecheasier.com/assets/uploads/2015/07/learntotype-tuxtyping-main.jpg) + +The top two choices, “Fish Cascade” and “Comet Zap,” represent typing games, but to start learning you need to head over to the lessons. + +There are forty simple built-in lessons to choose from. Each one of these will take a letter from the keyboard and make the student practice while giving visual hints, such as which finger to use. + +![learntotype-tuxtyping-exd1](https://www.maketecheasier.com/assets/uploads/2015/07/learntotype-tuxtyping-exd1.jpg) + +![learntotype-tuxtyping-exd2](https://www.maketecheasier.com/assets/uploads/2015/07/learntotype-tuxtyping-exd2.jpg) + +For more advanced practice, phrase typing is also available, although for some reason this is hidden under the options menu. + +![learntotype-tuxtyping-phrase](https://www.maketecheasier.com/assets/uploads/2015/07/learntotype-tuxtyping-phrase.jpg) + +The games are good for speed and accuracy as the player helps Tux catch falling fish + +![learntotype-tuxtyping-fish](https://www.maketecheasier.com/assets/uploads/2015/07/learntotype-tuxtyping-fish.jpg) + +or zap incoming asteroids by typing the words written over them. + +![learntotype-tuxtyping-zap](https://www.maketecheasier.com/assets/uploads/2015/07/learntotype-tuxtyping-zap.jpg) + +Besides being a fun way to practice, these games teach spelling, speed, and eye-to-hand coordination, as you must type while also watching the screen, building a foundation for touch typing, if taken seriously. + +### GNU typist (gtype) ### + +For adults and more experienced typists, there is GNU Typist, a console-based application developed by the GNU project. + +GNU Typist will also be carried by most Debian derivatives’ main repos. Installing it is as easy as typing + + sudo apt-get install gtype + +You will probably not find it in the Applications menu; insteaad you should start it from a terminal window. + + gtype + +The main menu is simple, no-nonsense and frill-free, yet it is evident how much the software has to offer. Typing lessons of all levels are immediately accessible. + +![learntotype-gtype-main](https://www.maketecheasier.com/assets/uploads/2015/07/learntotype-gtype-main.png) + +The lessons are straightforward and detailed. + +![learntotype-gtype-lesson](https://www.maketecheasier.com/assets/uploads/2015/07/learntotype-gtype-lesson.png) + +The interactive practice sessions offer little more than highlighting your mistakes. Instead of flashy visuals you have to chance to focus on practising. At the end of each lesson you get some simple statistics of how you’ve been doing. If you make too many mistakes, you cannot proceed until you can pass the level. + +![learntotype-gtype-mistake](https://www.maketecheasier.com/assets/uploads/2015/07/learntotype-gtype-mistake.png) + +While the basic lessons only require you to repeat some characters, more advanced drills will have the practitioner type either whole sentences, + +![learntotype-gtype-warmup](https://www.maketecheasier.com/assets/uploads/2015/07/learntotype-gtype-warmup.png) + +where of course the three percent error margin means you are allowed even fewer mistakes, + +![learntotype-gtype-warmupfail](https://www.maketecheasier.com/assets/uploads/2015/07/learntotype-gtype-warmupfail.png) + +or some drills aiming to achieve certain goals, as in the “Balanced keyboard drill.” + +![learntotype-gtype-balanceddrill](https://www.maketecheasier.com/assets/uploads/2015/07/learntotype-gtype-balanceddrill.png) + +Simple speed drills have you type quotes, + +![learntotype-gtype-speed-simple](https://www.maketecheasier.com/assets/uploads/2015/07/learntotype-gtype-speed-simple.png) + +while more advanced ones will make you write longer texts taken from classics. + +![learntotype-gtype-speed-advanced](https://www.maketecheasier.com/assets/uploads/2015/07/learntotype-gtype-speed-advanced.png) + +If you’d prefer a different language, more lessons can also be loaded as command line arguments. + +![learntotype-gtype-more-lessons](https://www.maketecheasier.com/assets/uploads/2015/07/learntotype-gtype-more-lessons.png) + +### Conclusion ### + +If you care to hone your typing skills, Linux has great software to offer. The two basic, yet feature-rich, applications discussed above will cater to most aspiring typists’ needs. If you use or know of another great typing application, please don’t hesitate to let us know below in the comments. + +-------------------------------------------------------------------------------- + +via: https://www.maketecheasier.com/learn-to-type-in-linux/ + +作者:[Attila Orosz][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.maketecheasier.com/author/attilaorosz/ +[1]:https://www.maketecheasier.com/series/learn-with-linux/ +[2]:https://www.maketecheasier.com/learn-to-type-in-linux/ +[3]:https://www.maketecheasier.com/linux-physics-simulation/ +[4]:https://www.maketecheasier.com/linux-learning-music/ +[5]:https://www.maketecheasier.com/linux-geography-apps/ +[6]:https://www.maketecheasier.com/learn-linux-maths/ \ No newline at end of file diff --git a/sources/tech/Learn with Linux/Learn with Linux--Master Your Math with These Linux Apps.md b/sources/tech/Learn with Linux/Learn with Linux--Master Your Math with These Linux Apps.md new file mode 100644 index 0000000000..f9def558fb --- /dev/null +++ b/sources/tech/Learn with Linux/Learn with Linux--Master Your Math with These Linux Apps.md @@ -0,0 +1,126 @@ +Learn with Linux: Master Your Math with These Linux Apps +================================================================================ +![](https://www.maketecheasier.com/assets/uploads/2015/07/learnmath-featured.png) + +This article is part of the [Learn with Linux][1] series: + +- [Learn with Linux: Learning to Type][2] +- [Learn with Linux: Physics Simulation][3] +- [Learn with Linux: Learning Music][4] +- [Learn with Linux: Two Geography Apps][5] +- [Learn with Linux: Master Your Math with These Linux Apps][6] + +Linux offers great educational software and many excellent tools to aid students of all grades and ages in learning and practicing a variety of topics, often interactively. The “Learn with Linux” series of articles offers an introduction to a variety of educational apps and software. + +Mathematics is the core of computing. If one would expect a great operating system, such as GNU/Linux, to excel in and discipline, it would be Math. If you seek mathematical applications, you will not be disappointed. Linux offers many excellent tools that will make Mathematics look as intimidating as it ever did, but at least they will simplify your way of using it. + +### Gnuplot ### + +Gnuplot is a command-line scriptable and versatile graphing utility for different platforms. Despite its name, it is not part of the GNU operating system. Although it is not freely licensed, it’s free-ware (meaning it’s copyrighted but free to use). + +To install `gnuplot` on an Ubuntu (or derivative) system, type + + sudo apt-get install gnuplot gnuplot-x11 + +into a terminal window. To start the program, type + + gnuplot + +You will be presented with a simple command line interface + +![learnmath-gnuplot](https://www.maketecheasier.com/assets/uploads/2015/07/learnmath-gnuplot.png) + +into which you can start typing functions directly. The plot command will draw a graph. + +Typing, for instance, + + plot sin(x)/x + +into the `gnuplot` prompt, will open another window, wherein the graph is presented. + +![learnmath-gnuplot-plot1](https://www.maketecheasier.com/assets/uploads/2015/07/learnmath-gnuplot-plot1.png) + +You can also set different attributes of the graphs in-line. For example, specifying “title” will give them just that. + + plot sin(x) title 'Sine Function', tan(x) title 'Tangent' + +![learnmath-gnuplot-plot2](https://www.maketecheasier.com/assets/uploads/2015/07/learnmath-gnuplot-plot2.png) + +You can give things a bit more depth and draw 3D graphs with the `splot` command. + + splot sin(x*y/20) + +![learnmath-gnuplot-plot3](https://www.maketecheasier.com/assets/uploads/2015/07/learnmath-gnuplot-plot3.png) + +The plot window has a few basic configuration options, + +![learnmath-gnuplot-options](https://www.maketecheasier.com/assets/uploads/2015/07/learnmath-gnuplot-options.png) + +but the true power of `gnuplot` lies within its command line and scripting capabilities. The extensive full documentation of `gnuplot` can be found [here][7] with a great tutorial for the previous version [on the Duke University’s website][8]. + +### Maxima ### + +[Maxima][9] is a computer algebra system developed from the original sources of Macsyma. According to its SourceForge page, + +> “Maxima is a system for the manipulation of symbolic and numerical expressions, including differentiation, integration, Taylor series, Laplace transforms, ordinary differential equations, systems of linear equations, polynomials, sets, lists, vectors, matrices and tensors. Maxima yields high precision numerical results by using exact fractions, arbitrary-precision integers and variable-precision floating-point numbers. Maxima can plot functions and data in two and three dimensions.” + +You will have binary packages for Maxima in most Ubuntu derivatives as well as the Maxima graphical interface. To install them all, type + + sudo apt-get install maxima xmaxima wxmaxima + +into a terminal window. Maxima is a command line utility with not much of a UI, but if you start `wxmaxima`, you’ll get into a simple, yet powerful GUI. + +![learnmath-maxima](https://www.maketecheasier.com/assets/uploads/2015/07/learnmath-maxima.png) + +You can start using this by simply starting to type. (Hint: Enter will add more lines; if you want to evaluate an expression, use “Shift + Enter.”) + +Maxima can be used for very simple problems, as it also acts as a calculator, + +![learnmath-maxima-1and1](https://www.maketecheasier.com/assets/uploads/2015/07/learnmath-maxima-1and1.png) + +and much more complex ones as well. + +![learnmath-maxima-functions](https://www.maketecheasier.com/assets/uploads/2015/07/learnmath-maxima-functions.png) + +It uses `gnuplot` to draw simple + +![learnmath-maxima-plot](https://www.maketecheasier.com/assets/uploads/2015/07/learnmath-maxima-plot.png) + +and more elaborate graphs. + +![learnmath-maxima-plot2](https://www.maketecheasier.com/assets/uploads/2015/07/learnmath-maxima-plot2.png) + +(It needs the `gnuplot-x11` package to display them.) + +Besides beautifying the expressions, Maxima makes it possible to export them in latex format, or do some operations on the highlighted functions with a right-click context menu, + +![learnmath-maxima-menu](https://www.maketecheasier.com/assets/uploads/2015/07/learnmath-maxima-menu.png) + +while its main menus offer an overwhelming amount of functionality. Of course, Maxima is capable of much more than this. It has an extensive documentation [available online][10]. + +### Conclusion ### + +Mathematics is not an easy subject, and the excellent math software on Linux does not make it look easier, yet these applications make using Mathematics much more straightforward and productive. The above two applications are just an introduction to what Linux has to offer. If you are seriously engaged in math and need even more functionality with great documentation, you should check out the [Mathbuntu project][11]. + +-------------------------------------------------------------------------------- + +via: https://www.maketecheasier.com/learn-linux-maths/ + +作者:[Attila Orosz][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.maketecheasier.com/author/attilaorosz/ +[1]:https://www.maketecheasier.com/series/learn-with-linux/ +[2]:https://www.maketecheasier.com/learn-to-type-in-linux/ +[3]:https://www.maketecheasier.com/linux-physics-simulation/ +[4]:https://www.maketecheasier.com/linux-learning-music/ +[5]:https://www.maketecheasier.com/linux-geography-apps/ +[6]:https://www.maketecheasier.com/learn-linux-maths/ +[7]:http://www.gnuplot.info/documentation.html +[8]:http://people.duke.edu/~hpgavin/gnuplot.html +[9]:http://maxima.sourceforge.net/ +[10]:http://maxima.sourceforge.net/documentation.html +[11]:http://www.mathbuntu.org/ \ No newline at end of file diff --git a/sources/tech/Learn with Linux/Learn with Linux--Physics Simulation.md b/sources/tech/Learn with Linux/Learn with Linux--Physics Simulation.md new file mode 100644 index 0000000000..2a8415dda7 --- /dev/null +++ b/sources/tech/Learn with Linux/Learn with Linux--Physics Simulation.md @@ -0,0 +1,107 @@ +Learn with Linux: Physics Simulation +================================================================================ +![](https://www.maketecheasier.com/assets/uploads/2015/07/physics-fetured.jpg) + +This article is part of the [Learn with Linux][1] series: + +- [Learn with Linux: Learning to Type][2] +- [Learn with Linux: Physics Simulation][3] +- [Learn with Linux: Learning Music][4] +- [Learn with Linux: Two Geography Apps][5] +- [Learn with Linux: Master Your Math with These Linux Apps][6] + +Linux offers great educational software and many excellent tools to aid students of all grades and ages in learning and practicing a variety of topics, often interactively. The “Learn with Linux” series of articles offers an introduction to a variety of educational apps and software. + +Physics is an interesting subject, and arguably the most enjoyable part of any Physics class/lecture are the demonstrations. It is really nice to see physics in action, yet the experiments do not need to be restricted to the classroom. While Linux offers many great tools for scientists to support or conduct experiments, this article will concern a few that would make learning physics easier or more fun. + +### 1. Step ### + +[Step][7] is an interactive physics simulator, part of [KDEEdu, the KDE Education Project][8]. Nobody could better describe what Step does than the people who made it. According to the project webpage, “[Step] works like this: you place some bodies on the scene, add some forces such as gravity or springs, then click “Simulate” and Step shows you how your scene will evolve according to the laws of physics. You can change every property of bodies/forces in your experiment (even during simulation) and see how this will change the outcome of the experiment. With Step, you can not only learn but feel how physics works!” + +While of course it requires Qt and loads of KDE-specific dependencies to work, projects like this (and KDEEdu itself) are part of the reason why KDE is such an awesome environment (if you don’t mind running a heavier desktop, of course). + +Step is in the Debian repositories; to install it on derivatives, simply type + + sudo apt-get install step + +into a terminal. On a KDE system it should have minimal dependencies and install in seconds. + +Step has a simple interface, and it lets you jump right into simulations. + +![physics-step-main](https://www.maketecheasier.com/assets/uploads/2015/07/physics-step-main.png) + +You will find all available objects on the left-hand side. You can have different particles, gas, shaped objects, springs, and different forces in action. (1) If you select an object, a short description of it will appear on the right-hand side (2). On the right you will also see an overview of the “world” you have created (the objects it contains) (3), the properties of the currently selected object (4), and the steps you have taken so far (5). + +![physics-step-parts](https://www.maketecheasier.com/assets/uploads/2015/07/physics-step-parts.png) + +Once you have placed all you wanted on the canvas, just press “Simulate,” and watch the events unfold as the objects interact with each other. + +![physics-step-simulate1](https://www.maketecheasier.com/assets/uploads/2015/07/physics-step-simulate1.png) + +![physics-step-simulate2](https://www.maketecheasier.com/assets/uploads/2015/07/physics-step-simulate2.png) + +![physics-step-simulate3](https://www.maketecheasier.com/assets/uploads/2015/07/physics-step-simulate3.png) + +To get to know Step better you only need to press F1. The KDE Help Center offers a great and detailed Step handbook. + +### 2. Lightspeed ### + +Lightspeed is a simple GTK+ and OpenGL based simulator that is meant to demonstrate the effect of how one might observe a fast moving object. Lightspeed will simulate these effects based on Einstein’s special relativity. According to [their sourceforge page][9] “When an object accelerates to more than a few million meters per second, it begins to appear warped and discolored in strange and unusual ways, and as it approaches the speed of light (299,792,458 m/s) the effects become more and more bizarre. In addition, the manner in which the object is distorted varies drastically with the viewpoint from which it is observed.” + +These effects which come into play at relative velocities are: + +- **The Lorentz contraction** – causes the object to appear shorter +- **The Doppler red/blue shift** – alters the hues of color observed +- **The headlight effect** – brightens or darkens the object +- **Optical aberration** – deforms the object in unusual ways + +Lightspeed is in the Debian repositories; to install it, simply type: + + sudo apt-get install lightspeed + +The user interface is very simple. You get a shape (more can be downloaded from sourceforge) which would move along the x-axis (animation can be started by processing “A” or by selecting it from the object menu). + +![physics-lightspeed](https://www.maketecheasier.com/assets/uploads/2015/08/physics-lightspeed.png) + +You control the speed of its movement with the right-hand side slider and watch how it deforms. + +![physics-lightspeed-deform](https://www.maketecheasier.com/assets/uploads/2015/08/physics-lightspeed-deform.png) + +Some simple controls will allow you to add more visual elements + +![physics-lightspeed-visual](https://www.maketecheasier.com/assets/uploads/2015/08/physics-lightspeed-visual.png) + +The viewing angles can be adjusted by pressing either the left, middle or right button and dragging the mouse or from the Camera menu that also offers some other adjustments like background colour or graphics mode. + +### Notable mention: Physion ### + +Physion looks like an interesting project and a great looking software to simulate physics in a much more colorful and fun way than the above examples would allow. Unfortunately, at the time of writing, the [official website][10] was experiencing problems, and the download page was unavailable. + +Judging from their Youtube videos, Physion must be worth installing once a download line becomes available. Until then we can just enjoy the this video demo. + +注:youtube 视频 + + +Do you have another favorite physics simulation/demonstration/learning applications for Linux? Please share with us in the comments below. + +-------------------------------------------------------------------------------- + +via: https://www.maketecheasier.com/linux-physics-simulation/ + +作者:[Attila Orosz][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.maketecheasier.com/author/attilaorosz/ +[1]:https://www.maketecheasier.com/series/learn-with-linux/ +[2]:https://www.maketecheasier.com/learn-to-type-in-linux/ +[3]:https://www.maketecheasier.com/linux-physics-simulation/ +[4]:https://www.maketecheasier.com/linux-learning-music/ +[5]:https://www.maketecheasier.com/linux-geography-apps/ +[6]:https://www.maketecheasier.com/learn-linux-maths/ +[7]:https://edu.kde.org/applications/all/step +[8]:https://edu.kde.org/ +[9]:http://lightspeed.sourceforge.net/ +[10]:http://www.physion.net/ \ No newline at end of file diff --git a/sources/tech/Learn with Linux/Learn with Linux--Two Geography Apps.md b/sources/tech/Learn with Linux/Learn with Linux--Two Geography Apps.md new file mode 100644 index 0000000000..a31e1f73b4 --- /dev/null +++ b/sources/tech/Learn with Linux/Learn with Linux--Two Geography Apps.md @@ -0,0 +1,103 @@ +Learn with Linux: Two Geography Apps +================================================================================ +![](https://www.maketecheasier.com/assets/uploads/2015/07/learn-geography-featured.png) + +This article is part of the [Learn with Linux][1] series: + +- [Learn with Linux: Learning to Type][2] +- [Learn with Linux: Physics Simulation][3] +- [Learn with Linux: Learning Music][4] +- [Learn with Linux: Two Geography Apps][5] +- [Learn with Linux: Master Your Math with These Linux Apps][6] + +Linux offers great educational software and many excellent tools to aid students of all grades and ages in learning and practicing a variety of topics, often interactively. The “Learn with Linux” series of articles offers an introduction to a variety of educational apps and software. + +Geography is an interesting subject, used by many of us day to day, often without realizing. But when you fire up GPS, SatNav, or just Google maps, you are using the geographical data provided by this software with the maps drawn by cartographists. When you hear about a certain country in the news or hear financial data being recited, these all fall under the umbrella of geography. And you have some great Linux software to study and practice these, whether it is for school or your own improvement. + +### Kgeography ### + +There are only two geography-related applications readily available in most Linux repositories, and both of these are KDE applications, in fact part of the KDE Educatonal project. Kgeography uses simple color-coded maps of any selected country. + +To install kegeography just type + + sudo apt-get install kgeography + +into a terminal window of any Ubuntu-based distribution. + +The interface is very basic. You are first presented with a picker menu that lets you choose an area map. + +![learn-geography-kgeo-pick](https://www.maketecheasier.com/assets/uploads/2015/07/learn-geography-kgeo-pick.png) + +On the map you can display the name and capital of any given territory by clicking on it, + +![learn-geography-kgeo-brit](https://www.maketecheasier.com/assets/uploads/2015/07/learn-geography-kgeo-brit.png) + +and test your knowledge in different quizzes. + +![learn-geography-kgeo-test](https://www.maketecheasier.com/assets/uploads/2015/07/learn-geography-kgeo-test.png) + +It is an interactive way to test your basic geographical knowledge and could be an excellent tool to help you prepare for exams. + +### Marble ### + +Marble is a somewhat more advanced software, offering a global view of the world without the need of 3D acceleration. + +![learn-geography-marble-main](https://www.maketecheasier.com/assets/uploads/2015/07/learn-geography-marble-main.png) + +To get Marble, type + + sudo apt-get install marble + +into a terminal window of any Ubuntu-based distribution. + +Marble focuses on cartography, its main view being that of an atlas. + +![learn-geography-marble-atlas](https://www.maketecheasier.com/assets/uploads/2015/07/learn-geography-marble-atlas.jpg) + +You can have different projections, like Globe or Mercator displayed as defaults, with flat and other exotic views available from a drop-down menu. The surfaces include the basic Atlas view, a full-fledged offline map powered by OpenStreetMap, + +![learn-geography-marble-map](https://www.maketecheasier.com/assets/uploads/2015/07/learn-geography-marble-map.jpg) + +satellite view (by NASA), + +![learn-geography-marble-satellite](https://www.maketecheasier.com/assets/uploads/2015/07/learn-geography-marble-satellite.jpg) + +and political and even historical maps of the world, among others. + +![learn-geography-marble-history](https://www.maketecheasier.com/assets/uploads/2015/07/learn-geography-marble-history.jpg) + +Besides providing great offline maps with different skins and varying amount of data, Marble offers other types of information as well. You can switch on and off various offline info-boxes + +![learn-geography-marble-offline](https://www.maketecheasier.com/assets/uploads/2015/07/learn-geography-marble-offline.png) + +and online services from the menu. + +![learn-geography-marble-online](https://www.maketecheasier.com/assets/uploads/2015/07/learn-geography-marble-online.png) + +An interesting online service is Wikipedia integration. Clicking on the little Wiki logos will bring up a pop-up featuring detailed information about the selected places. + +![learn-geography-marble-wiki](https://www.maketecheasier.com/assets/uploads/2015/07/learn-geography-marble-wiki.png) + +The software also includes options for location tracking, route planning, and searching for locations, among other great and useful features. If you enjoy cartography, Marble offers hours of fun exploring and learning. + +### Conclusion ### + +Linux offers many great educational applications, and the subject of geography is no exception. With the above two programs you can learn a lot about our globe and test your knowledge in a fun and interactive manner. + +-------------------------------------------------------------------------------- + +via: https://www.maketecheasier.com/linux-geography-apps/ + +作者:[Attila Orosz][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.maketecheasier.com/author/attilaorosz/ +[1]:https://www.maketecheasier.com/series/learn-with-linux/ +[2]:https://www.maketecheasier.com/learn-to-type-in-linux/ +[3]:https://www.maketecheasier.com/linux-physics-simulation/ +[4]:https://www.maketecheasier.com/linux-learning-music/ +[5]:https://www.maketecheasier.com/linux-geography-apps/ +[6]:https://www.maketecheasier.com/learn-linux-maths/ \ No newline at end of file diff --git a/sources/tech/RAID/Part 7 - Growing an Existing RAID Array and Removing Failed Disks in Raid.md b/sources/tech/RAID/Part 7 - Growing an Existing RAID Array and Removing Failed Disks in Raid.md deleted file mode 100644 index 76039f4371..0000000000 --- a/sources/tech/RAID/Part 7 - Growing an Existing RAID Array and Removing Failed Disks in Raid.md +++ /dev/null @@ -1,180 +0,0 @@ -struggling 翻译中 -Growing an Existing RAID Array and Removing Failed Disks in Raid – Part 7 -================================================================================ -Every newbies will get confuse of the word array. Array is just a collection of disks. In other words, we can call array as a set or group. Just like a set of eggs containing 6 numbers. Likewise RAID Array contains number of disks, it may be 2, 4, 6, 8, 12, 16 etc. Hope now you know what Array is. - -Here we will see how to grow (extend) an existing array or raid group. For example, if we are using 2 disks in an array to form a raid 1 set, and in some situation if we need more space in that group, we can extend the size of an array using mdadm –grow command, just by adding one of the disk to the existing array. After growing (adding disk to an existing array), we will see how to remove one of the failed disk from array. - -![Grow Raid Array in Linux](http://www.tecmint.com/wp-content/uploads/2014/11/Growing-Raid-Array.jpg) - -Growing Raid Array and Removing Failed Disks - -Assume that one of the disk is little weak and need to remove that disk, till it fails let it under use, but we need to add one of the spare drive and grow the mirror before it fails, because we need to save our data. While the weak disk fails we can remove it from array this is the concept we are going to see in this topic. - -#### Features of RAID Growth #### - -- We can grow (extend) the size of any raid set. -- We can remove the faulty disk after growing raid array with new disk. -- We can grow raid array without any downtime. - -Requirements - -- To grow an RAID array, we need an existing RAID set (Array). -- We need extra disks to grow the Array. -- Here I’m using 1 disk to grow the existing array. - -Before we learn about growing and recovering of Array, we have to know about the basics of RAID levels and setups. Follow the below links to know about those setups. - -- [Understanding Basic RAID Concepts – Part 1][1] -- [Creating a Software Raid 0 in Linux – Part 2][2] - -#### My Server Setup #### - - Operating System : CentOS 6.5 Final - IP Address : 192.168.0.230 - Hostname : grow.tecmintlocal.com - 2 Existing Disks : 1 GB - 1 Additional Disk : 1 GB - -Here, my already existing RAID has 2 number of disks with each size is 1GB and we are now adding one more disk whose size is 1GB to our existing raid array. - -### Growing an Existing RAID Array ### - -1. Before growing an array, first list the existing Raid array using the following command. - - # mdadm --detail /dev/md0 - -![Check Existing Raid Array](http://www.tecmint.com/wp-content/uploads/2014/11/Check-Existing-Raid-Array.png) - -Check Existing Raid Array - -**Note**: The above output shows that I’ve already has two disks in Raid array with raid1 level. Now here we are adding one more disk to an existing array, - -2. Now let’s add the new disk “sdd” and create a partition using ‘fdisk‘ command. - - # fdisk /dev/sdd - -Please use the below instructions to create a partition on /dev/sdd drive. - -- Press ‘n‘ for creating new partition. -- Then choose ‘P‘ for Primary partition. -- Then choose ‘1‘ to be the first partition. -- Next press ‘p‘ to print the created partition. -- Here, we are selecting ‘fd‘ as my type is RAID. -- Next press ‘p‘ to print the defined partition. -- Then again use ‘p‘ to print the changes what we have made. -- Use ‘w‘ to write the changes. - -![Create New Partition in Linux](http://www.tecmint.com/wp-content/uploads/2014/11/Create-New-sdd-Partition.png) - -Create New sdd Partition - -3. Once new sdd partition created, you can verify it using below command. - - # ls -l /dev/ | grep sd - -![Confirm sdd Partition](http://www.tecmint.com/wp-content/uploads/2014/11/Confirm-sdd-Partition.png) - -Confirm sdd Partition - -4. Next, examine the newly created disk for any existing raid, before adding to the array. - - # mdadm --examine /dev/sdd1 - -![Check Raid on sdd Partition](http://www.tecmint.com/wp-content/uploads/2014/11/Check-Raid-on-sdd-Partition.png) - -Check Raid on sdd Partition - -**Note**: The above output shows that the disk has no super-blocks detected, means we can move forward to add a new disk to an existing array. - -4. To add the new partition /dev/sdd1 in existing array md0, use the following command. - - # mdadm --manage /dev/md0 --add /dev/sdd1 - -![Add Disk To Raid-Array](http://www.tecmint.com/wp-content/uploads/2014/11/Add-Disk-To-Raid-Array.png) - -Add Disk To Raid-Array - -5. Once the new disk has been added, check for the added disk in our array using. - - # mdadm --detail /dev/md0 - -![Confirm Disk Added to Raid](http://www.tecmint.com/wp-content/uploads/2014/11/Confirm-Disk-Added-To-Raid.png) - -Confirm Disk Added to Raid - -**Note**: In the above output, you can see the drive has been added as a spare. Here, we already having 2 disks in the array, but what we are expecting is 3 devices in array for that we need to grow the array. - -6. To grow the array we have to use the below command. - - # mdadm --grow --raid-devices=3 /dev/md0 - -![Grow Raid Array](http://www.tecmint.com/wp-content/uploads/2014/11/Grow-Raid-Array.png) - -Grow Raid Array - -Now we can see the third disk (sdd1) has been added to array, after adding third disk it will sync the data from other two disks. - - # mdadm --detail /dev/md0 - -![Confirm Raid Array](http://www.tecmint.com/wp-content/uploads/2014/11/Confirm-Raid-Array.png) - -Confirm Raid Array - -**Note**: For large size disk it will take hours to sync the contents. Here I have used 1GB virtual disk, so its done very quickly within seconds. - -### Removing Disks from Array ### - -7. After the data has been synced to new disk ‘sdd1‘ from other two disks, that means all three disks now have same contents. - -As I told earlier let’s assume that one of the disk is weak and needs to be removed, before it fails. So, now assume disk ‘sdc1‘ is weak and needs to be removed from an existing array. - -Before removing a disk we have to mark the disk as failed one, then only we can able to remove it. - - # mdadm --fail /dev/md0 /dev/sdc1 - # mdadm --detail /dev/md0 - -![Disk Fail in Raid Array](http://www.tecmint.com/wp-content/uploads/2014/11/Disk-Fail-in-Raid-Array.png) - -Disk Fail in Raid Array - -From the above output, we clearly see that the disk was marked as faulty at the bottom. Even its faulty, we can see the raid devices are 3, failed 1 and state was degraded. - -Now we have to remove the faulty drive from the array and grow the array with 2 devices, so that the raid devices will be set to 2 devices as before. - - # mdadm --remove /dev/md0 /dev/sdc1 - -![Remove Disk in Raid Array](http://www.tecmint.com/wp-content/uploads/2014/11/Remove-Disk-in-Raid-Array.png) - -Remove Disk in Raid Array - -8. Once the faulty drive is removed, now we’ve to grow the raid array using 2 disks. - - # mdadm --grow --raid-devices=2 /dev/md0 - # mdadm --detail /dev/md0 - -![Grow Disks in Raid Array](http://www.tecmint.com/wp-content/uploads/2014/11/Grow-Disks-in-Raid-Array.png) - -Grow Disks in Raid Array - -From the about output, you can see that our array having only 2 devices. If you need to grow the array again, follow the same steps as described above. If you need to add a drive as spare, mark it as spare so that if the disk fails, it will automatically active and rebuild. - -### Conclusion ### - -In the article, we’ve seen how to grow an existing raid set and how to remove a faulty disk from an array after re-syncing the existing contents. All these steps can be done without any downtime. During data syncing, system users, files and applications will not get affected in any case. - -In next, article I will show you how to manage the RAID, till then stay tuned to updates and don’t forget to add your comments. - --------------------------------------------------------------------------------- - -via: http://www.tecmint.com/grow-raid-array-in-linux/ - -作者:[Babin Lonston][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:http://www.tecmint.com/author/babinlonston/ -[1]:http://www.tecmint.com/understanding-raid-setup-in-linux/ -[2]:http://www.tecmint.com/create-raid0-in-linux/ \ No newline at end of file diff --git a/sources/tech/RHCE/Part 5 - How to Manage System Logs (Configure, Rotate and Import Into Database) in RHEL 7.md b/sources/tech/RHCE/Part 5 - How to Manage System Logs (Configure, Rotate and Import Into Database) in RHEL 7.md deleted file mode 100644 index 8f3370f741..0000000000 --- a/sources/tech/RHCE/Part 5 - How to Manage System Logs (Configure, Rotate and Import Into Database) in RHEL 7.md +++ /dev/null @@ -1,166 +0,0 @@ -ictlyh Translating -Part 5 - How to Manage System Logs (Configure, Rotate and Import Into Database) in RHEL 7 -================================================================================ -In order to keep your RHEL 7 systems secure, you need to know how to monitor all of the activities that take place on such systems by examining log files. Thus, you will be able to detect any unusual or potentially malicious activity and perform system troubleshooting or take another appropriate action. - -![Linux Rotate Log Files Using Rsyslog and Logrotate](http://www.tecmint.com/wp-content/uploads/2015/08/Manage-and-Rotate-Linux-Logs-Using-Rsyslog-Logrotate.jpg) - -RHCE Exam: Manage System LogsUsing Rsyslogd and Logrotate – Part 5 - -In RHEL 7, the [rsyslogd][1] daemon is responsible for system logging and reads its configuration from /etc/rsyslog.conf (this file specifies the default location for all system logs) and from files inside /etc/rsyslog.d, if any. - -### Rsyslogd Configuration ### - -A quick inspection of the [rsyslog.conf][2] will be helpful to start. This file is divided into 3 main sections: Modules (since rsyslog follows a modular design), Global directives (used to set global properties of the rsyslogd daemon), and Rules. As you will probably guess, this last section indicates what gets logged or shown (also known as the selector) and where, and will be our focus throughout this article. - -A typical line in rsyslog.conf is as follows: - -![Rsyslogd Configuration](http://www.tecmint.com/wp-content/uploads/2015/08/Rsyslogd-Configuration.png) - -Rsyslogd Configuration - -In the image above, we can see that a selector consists of one or more pairs Facility:Priority separated by semicolons, where Facility describes the type of message (refer to [section 4.1.1 in RFC 3164][3] to see the complete list of facilities available for rsyslog) and Priority indicates its severity, which can be one of the following self-explanatory words: - -- debug -- info -- notice -- warning -- err -- crit -- alert -- emerg - -Though not a priority itself, the keyword none means no priority at all of the given facility. - -**Note**: That a given priority indicates that all messages of such priority and above should be logged. Thus, the line in the example above instructs the rsyslogd daemon to log all messages of priority info or higher (regardless of the facility) except those belonging to mail, authpriv, and cron services (no messages coming from this facilities will be taken into account) to /var/log/messages. - -You can also group multiple facilities using the colon sign to apply the same priority to all of them. Thus, the line: - - *.info;mail.none;authpriv.none;cron.none /var/log/messages - -Could be rewritten as - - *.info;mail,authpriv,cron.none /var/log/messages - -In other words, the facilities mail, authpriv, and cron are grouped and the keyword none is applied to the three of them. - -#### Creating a custom log file #### - -To log all daemon messages to /var/log/tecmint.log, we need to add the following line either in rsyslog.conf or in a separate file (easier to manage) inside /etc/rsyslog.d: - - daemon.* /var/log/tecmint.log - -Let’s restart the daemon (note that the service name does not end with a d): - - # systemctl restart rsyslog - -And check the contents of our custom log before and after restarting two random daemons: - -![Linux Create Custom Log File](http://www.tecmint.com/wp-content/uploads/2015/08/Create-Custom-Log-File.png) - -Create Custom Log File - -As a self-study exercise, I would recommend you play around with the facilities and priorities and either log additional messages to existing log files or create new ones as in the previous example. - -### Rotating Logs using Logrotate ### - -To prevent log files from growing endlessly, the logrotate utility is used to rotate, compress, remove, and alternatively mail logs, thus easing the administration of systems that generate large numbers of log files. - -Logrotate runs daily as a cron job (/etc/cron.daily/logrotate) and reads its configuration from /etc/logrotate.conf and from files located in /etc/logrotate.d, if any. - -As with the case of rsyslog, even when you can include settings for specific services in the main file, creating separate configuration files for each one will help organize your settings better. - -Let’s take a look at a typical logrotate.conf: - -![Logrotate Configuration](http://www.tecmint.com/wp-content/uploads/2015/08/Logrotate-Configuration.png) - -Logrotate Configuration - -In the example above, logrotate will perform the following actions for /var/loh/wtmp: attempt to rotate only once a month, but only if the file is at least 1 MB in size, then create a brand new log file with permissions set to 0664 and ownership given to user root and group utmp. Next, only keep one archived log, as specified by the rotate directive: - -![Logrotate Logs Monthly](http://www.tecmint.com/wp-content/uploads/2015/08/Logrotate-Logs-Monthly.png) - -Logrotate Logs Monthly - -Let’s now consider another example as found in /etc/logrotate.d/httpd: - -![Rotate Apache Log Files](http://www.tecmint.com/wp-content/uploads/2015/08/Rotate-Apache-Log-Files.png) - -Rotate Apache Log Files - -You can read more about the settings for logrotate in its man pages ([man logrotate][4] and [man logrotate.conf][5]). Both files are provided along with this article in PDF format for your reading convenience. - -As a system engineer, it will be pretty much up to you to decide for how long logs will be stored and in what format, depending on whether you have /var in a separate partition / logical volume. Otherwise, you really want to consider removing old logs to save storage space. On the other hand, you may be forced to keep several logs for future security auditing according to your company’s or client’s internal policies. - -#### Saving Logs to a Database #### - -Of course examining logs (even with the help of tools such as grep and regular expressions) can become a rather tedious task. For that reason, rsyslog allows us to export them into a database (OTB supported RDBMS include MySQL, MariaDB, PostgreSQL, and Oracle. - -This section of the tutorial assumes that you have already installed the MariaDB server and client in the same RHEL 7 box where the logs are being managed: - - # yum update && yum install mariadb mariadb-server mariadb-client rsyslog-mysql - # systemctl enable mariadb && systemctl start mariadb - -Then use the `mysql_secure_installation` utility to set the password for the root user and other security considerations: - -![Secure MySQL Database](http://www.tecmint.com/wp-content/uploads/2015/08/Secure-MySQL-Database.png) - -Secure MySQL Database - -Note: If you don’t want to use the MariaDB root user to insert log messages to the database, you can configure another user account to do so. Explaining how to do that is out of the scope of this tutorial but is explained in detail in [MariaDB knowledge][6] base. In this tutorial we will use the root account for simplicity. - -Next, download the createDB.sql script from [GitHub][7] and import it into your database server: - - # mysql -u root -p < createDB.sql - -![Save Server Logs to Database](http://www.tecmint.com/wp-content/uploads/2015/08/Save-Server-Logs-to-Database.png) - -Save Server Logs to Database - -Finally, add the following lines to /etc/rsyslog.conf: - - $ModLoad ommysql - $ActionOmmysqlServerPort 3306 - *.* :ommysql:localhost,Syslog,root,YourPasswordHere - -Restart rsyslog and the database server: - - # systemctl restart rsyslog - # systemctl restart mariadb - -#### Querying the Logs using SQL syntax #### - -Now perform some tasks that will modify the logs (like stopping and starting services, for example), then log to your DB server and use standard SQL commands to display and search in the logs: - - USE Syslog; - SELECT ReceivedAt, Message FROM SystemEvents; - -![Query Logs in Database](http://www.tecmint.com/wp-content/uploads/2015/08/Query-Logs-in-Database.png) - -Query Logs in Database - -### Summary ### - -In this article we have explained how to set up system logging, how to rotate logs, and how to redirect the messages to a database for easier search. We hope that these skills will be helpful as you prepare for the [RHCE exam][8] and in your daily responsibilities as well. - -As always, your feedback is more than welcome. Feel free to use the form below to reach us. - --------------------------------------------------------------------------------- - -via: http://www.tecmint.com/manage-linux-system-logs-using-rsyslogd-and-logrotate/ - -作者:[Gabriel Cánepa][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:http://www.tecmint.com/author/gacanepa/ -[1]:http://www.tecmint.com/wp-content/pdf/rsyslogd.pdf -[2]:http://www.tecmint.com/wp-content/pdf/rsyslog.conf.pdf -[3]:https://tools.ietf.org/html/rfc3164#section-4.1.1 -[4]:http://www.tecmint.com/wp-content/pdf/logrotate.pdf -[5]:http://www.tecmint.com/wp-content/pdf/logrotate.conf.pdf -[6]:https://mariadb.com/kb/en/mariadb/create-user/ -[7]:https://github.com/sematext/rsyslog/blob/master/plugins/ommysql/createDB.sql -[8]:http://www.tecmint.com/how-to-setup-and-configure-static-network-routing-in-rhel/ \ No newline at end of file diff --git a/sources/tech/RHCSA Series/RHCSA Series--Part 03--How to Manage Users and Groups in RHEL 7.md b/sources/tech/RHCSA Series/RHCSA Series--Part 03--How to Manage Users and Groups in RHEL 7.md deleted file mode 100644 index 0b85744c6c..0000000000 --- a/sources/tech/RHCSA Series/RHCSA Series--Part 03--How to Manage Users and Groups in RHEL 7.md +++ /dev/null @@ -1,249 +0,0 @@ -[translated by xiqingongzi] -RHCSA Series: How to Manage Users and Groups in RHEL 7 – Part 3 -================================================================================ -Managing a RHEL 7 server, as it is the case with any other Linux server, will require that you know how to add, edit, suspend, or delete user accounts, and grant users the necessary permissions to files, directories, and other system resources to perform their assigned tasks. - -![User and Group Management in Linux](http://www.tecmint.com/wp-content/uploads/2015/03/User-and-Group-Management-in-Linux.png) - -RHCSA: User and Group Management – Part 3 - -### Managing User Accounts ### - -To add a new user account to a RHEL 7 server, you can run either of the following two commands as root: - - # adduser [new_account] - # useradd [new_account] - -When a new user account is added, by default the following operations are performed. - -- His/her home directory is created (`/home/username` unless specified otherwise). -- These `.bash_logout`, `.bash_profile` and `.bashrc` hidden files are copied inside the user’s home directory, and will be used to provide environment variables for his/her user session. You can explore each of them for further details. -- A mail spool directory is created for the added user account. -- A group is created with the same name as the new user account. - -The full account summary is stored in the `/etc/passwd `file. This file holds a record per system user account and has the following format (fields are separated by a colon): - - [username]:[x]:[UID]:[GID]:[Comment]:[Home directory]:[Default shell] - -- These two fields `[username]` and `[Comment]` are self explanatory. -- The second filed ‘x’ indicates that the account is secured by a shadowed password (in `/etc/shadow`), which is used to logon as `[username]`. -- The fields `[UID]` and `[GID]` are integers that shows the User IDentification and the primary Group IDentification to which `[username]` belongs, equally. - -Finally, - -- The `[Home directory]` shows the absolute location of `[username]’s` home directory, and -- `[Default shell]` is the shell that is commit to this user when he/she logins into the system. - -Another important file that you must become familiar with is `/etc/group`, where group information is stored. As it is the case with `/etc/passwd`, there is one record per line and its fields are also delimited by a colon: - - [Group name]:[Group password]:[GID]:[Group members] - -where, - -- `[Group name]` is the name of group. -- Does this group use a group password? (An “x” means no). -- `[GID]`: same as in `/etc/passwd`. -- `[Group members]`: a list of users, separated by commas, that are members of each group. - -After adding an account, at anytime, you can edit the user’s account information using usermod, whose basic syntax is: - - # usermod [options] [username] - -Read Also: - -- [15 ‘useradd’ Command Examples][1] -- [15 ‘usermod’ Command Examples][2] - -#### EXAMPLE 1: Setting the expiry date for an account #### - -If you work for a company that has some kind of policy to enable account for a certain interval of time, or if you want to grant access to a limited period of time, you can use the `--expiredate` flag followed by a date in YYYY-MM-DD format. To verify that the change has been applied, you can compare the output of - - # chage -l [username] - -before and after updating the account expiry date, as shown in the following image. - -![Change User Account Information](http://www.tecmint.com/wp-content/uploads/2015/03/Change-User-Account-Information.png) - -Change User Account Information - -#### EXAMPLE 2: Adding the user to supplementary groups #### - -Besides the primary group that is created when a new user account is added to the system, a user can be added to supplementary groups using the combined -aG, or –append –groups options, followed by a comma separated list of groups. - -#### EXAMPLE 3: Changing the default location of the user’s home directory and / or changing its shell #### - -If for some reason you need to change the default location of the user’s home directory (other than /home/username), you will need to use the -d, or –home options, followed by the absolute path to the new home directory. - -If a user wants to use another shell other than bash (for example, sh), which gets assigned by default, use usermod with the –shell flag, followed by the path to the new shell. - -#### EXAMPLE 4: Displaying the groups an user is a member of #### - -After adding the user to a supplementary group, you can verify that it now actually belongs to such group(s): - - # groups [username] - # id [username] - -The following image depicts Examples 2 through 4: - -![Adding User to Supplementary Group](http://www.tecmint.com/wp-content/uploads/2015/03/Adding-User-to-Supplementary-Group.png) - -Adding User to Supplementary Group - -In the example above: - - # usermod --append --groups gacanepa,users --home /tmp --shell /bin/sh tecmint - -To remove a user from a group, omit the `--append` switch in the command above and list the groups you want the user to belong to following the `--groups` flag. - -#### EXAMPLE 5: Disabling account by locking password #### - -To disable an account, you will need to use either the -l (lowercase L) or the –lock option to lock a user’s password. This will prevent the user from being able to log on. - -#### EXAMPLE 6: Unlocking password #### - -When you need to re-enable the user so that he can log on to the server again, use the -u or the –unlock option to unlock a user’s password that was previously blocked, as explained in Example 5 above. - - # usermod --unlock tecmint - -The following image illustrates Examples 5 and 6: - -![Lock Unlock User Account](http://www.tecmint.com/wp-content/uploads/2015/03/Lock-Unlock-User-Account.png) - -Lock Unlock User Account - -#### EXAMPLE 7: Deleting a group or an user account #### - -To delete a group, you’ll want to use groupdel, whereas to delete a user account you will use userdel (add the –r switch if you also want to delete the contents of its home directory and mail spool): - - # groupdel [group_name] # Delete a group - # userdel -r [user_name] # Remove user_name from the system, along with his/her home directory and mail spool - -If there are files owned by group_name, they will not be deleted, but the group owner will be set to the GID of the group that was deleted. - -### Listing, Setting and Changing Standard ugo/rwx Permissions ### - -The well-known [ls command][3] is one of the best friends of any system administrator. When used with the -l flag, this tool allows you to view a list a directory’s contents in long (or detailed) format. - -However, this command can also be applied to a single file. Either way, the first 10 characters in the output of `ls -l` represent each file’s attributes. - -The first char of this 10-character sequence is used to indicate the file type: - -- – (hyphen): a regular file -- d: a directory -- l: a symbolic link -- c: a character device (which treats data as a stream of bytes, i.e. a terminal) -- b: a block device (which handles data in blocks, i.e. storage devices) - -The next nine characters of the file attributes, divided in groups of three from left to right, are called the file mode and indicate the read (r), write(w), and execute (x) permissions granted to the file’s owner, the file’s group owner, and the rest of the users (commonly referred to as “the world”), respectively. - -While the read permission on a file allows the same to be opened and read, the same permission on a directory allows its contents to be listed if the execute permission is also set. In addition, the execute permission in a file allows it to be handled as a program and run. - -File permissions are changed with the chmod command, whose basic syntax is as follows: - - # chmod [new_mode] file - -where new_mode is either an octal number or an expression that specifies the new permissions. Feel free to use the mode that works best for you in each case. Or perhaps you already have a preferred way to set a file’s permissions – so feel free to use the method that works best for you. - -The octal number can be calculated based on the binary equivalent, which can in turn be obtained from the desired file permissions for the owner of the file, the owner group, and the world.The presence of a certain permission equals a power of 2 (r=22, w=21, x=20), while its absence means 0. For example: - -![File Permissions](http://www.tecmint.com/wp-content/uploads/2015/03/File-Permissions.png) - -File Permissions - -To set the file’s permissions as indicated above in octal form, type: - - # chmod 744 myfile - -Please take a minute to compare our previous calculation to the actual output of `ls -l` after changing the file’s permissions: - -![Long List Format](http://www.tecmint.com/wp-content/uploads/2015/03/Long-List-Format.png) - -Long List Format - -#### EXAMPLE 8: Searching for files with 777 permissions #### - -As a security measure, you should make sure that files with 777 permissions (read, write, and execute for everyone) are avoided like the plague under normal circumstances. Although we will explain in a later tutorial how to more effectively locate all the files in your system with a certain permission set, you can -by now- combine ls with grep to obtain such information. - -In the following example, we will look for file with 777 permissions in the /etc directory only. Note that we will use pipelining as explained in [Part 2: File and Directory Management][4] of this RHCSA series: - - # ls -l /etc | grep rwxrwxrwx - -![Find All Files with 777 Permission](http://www.tecmint.com/wp-content/uploads/2015/03/Find-All-777-Files.png) - -Find All Files with 777 Permission - -#### EXAMPLE 9: Assigning a specific permission to all users #### - -Shell scripts, along with some binaries that all users should have access to (not just their corresponding owner and group), should have the execute bit set accordingly (please note that we will discuss a special case later): - - # chmod a+x script.sh - -**Note**: That we can also set a file’s mode using an expression that indicates the owner’s rights with the letter `u`, the group owner’s rights with the letter `g`, and the rest with `o`. All of these rights can be represented at the same time with the letter `a`. Permissions are granted (or revoked) with the `+` or `-` signs, respectively. - -![Set Execute Permission on File](http://www.tecmint.com/wp-content/uploads/2015/03/Set-Execute-Permission-on-File.png) - -Set Execute Permission on File - -A long directory listing also shows the file’s owner and its group owner in the first and second columns, respectively. This feature serves as a first-level access control method to files in a system: - -![Check File Owner and Group](http://www.tecmint.com/wp-content/uploads/2015/03/Check-File-Owner-and-Group.png) - -Check File Owner and Group - -To change file ownership, you will use the chown command. Note that you can change the file and group ownership at the same time or separately: - - # chown user:group file - -**Note**: That you can change the user or group, or the two attributes at the same time, as long as you don’t forget the colon, leaving user or group blank if you want to update the other attribute, for example: - - # chown :group file # Change group ownership only - # chown user: file # Change user ownership only - -#### EXAMPLE 10: Cloning permissions from one file to another #### - -If you would like to “clone” ownership from one file to another, you can do so using the –reference flag, as follows: - - # chown --reference=ref_file file - -where the owner and group of ref_file will be assigned to file as well: - -![Clone File Ownership](http://www.tecmint.com/wp-content/uploads/2015/03/Clone-File-Ownership.png) - -Clone File Ownership - -### Setting Up SETGID Directories for Collaboration ### - -Should you need to grant access to all the files owned by a certain group inside a specific directory, you will most likely use the approach of setting the setgid bit for such directory. When the setgid bit is set, the effective GID of the real user becomes that of the group owner. - -Thus, any user can access a file under the privileges granted to the group owner of such file. In addition, when the setgid bit is set on a directory, newly created files inherit the same group as the directory, and newly created subdirectories will also inherit the setgid bit of the parent directory. - - # chmod g+s [filename] - -To set the setgid in octal form, prepend the number 2 to the current (or desired) basic permissions. - - # chmod 2755 [directory] - -### Conclusion ### - -A solid knowledge of user and group management, along with standard and special Linux permissions, when coupled with practice, will allow you to quickly identify and troubleshoot issues with file permissions in your RHEL 7 server. - -I assure you that as you follow the steps outlined in this article and use the system documentation (as explained in [Part 1: Reviewing Essential Commands & System Documentation][5] of this series) you will master this essential competence of system administration. - -Feel free to let us know if you have any questions or comments using the form below. - --------------------------------------------------------------------------------- - -via: http://www.tecmint.com/rhcsa-exam-manage-users-and-groups/ - -作者:[Gabriel Cánepa][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:http://www.tecmint.com/author/gacanepa/ -[1]:http://www.tecmint.com/add-users-in-linux/ -[2]:http://www.tecmint.com/usermod-command-examples/ -[3]:http://www.tecmint.com/ls-interview-questions/ -[4]:http://www.tecmint.com/file-and-directory-management-in-linux/ -[5]:http://www.tecmint.com/rhcsa-exam-reviewing-essential-commands-system-documentation/ diff --git a/sources/tech/RHCSA Series/RHCSA Series--Part 09--Installing, Configuring and Securing a Web and FTP Server.md b/sources/tech/RHCSA Series/RHCSA Series--Part 09--Installing, Configuring and Securing a Web and FTP Server.md deleted file mode 100644 index 437612f124..0000000000 --- a/sources/tech/RHCSA Series/RHCSA Series--Part 09--Installing, Configuring and Securing a Web and FTP Server.md +++ /dev/null @@ -1,178 +0,0 @@ -FSSlc Translating - -RHCSA Series: Installing, Configuring and Securing a Web and FTP Server – Part 9 -================================================================================ -A web server (also known as a HTTP server) is a service that handles content (most commonly web pages, but other types of documents as well) over to a client in a network. - -A FTP server is one of the oldest and most commonly used resources (even to this day) to make files available to clients on a network in cases where no authentication is necessary since FTP uses username and password without encryption. - -The web server available in RHEL 7 is version 2.4 of the Apache HTTP Server. As for the FTP server, we will use the Very Secure Ftp Daemon (aka vsftpd) to establish connections secured by TLS. - -![Configuring and Securing Apache and FTP Server](http://www.tecmint.com/wp-content/uploads/2015/05/Install-Configure-Secure-Apache-FTP-Server.png) - -RHCSA: Installing, Configuring and Securing Apache and FTP – Part 9 - -In this article we will explain how to install, configure, and secure a web server and a FTP server in RHEL 7. - -### Installing Apache and FTP Server ### - -In this guide we will use a RHEL 7 server with a static IP address of 192.168.0.18/24. To install Apache and VSFTPD, run the following command: - - # yum update && yum install httpd vsftpd - -When the installation completes, both services will be disabled initially, so we need to start them manually for the time being and enable them to start automatically beginning with the next boot: - - # systemctl start httpd - # systemctl enable httpd - # systemctl start vsftpd - # systemctl enable vsftpd - -In addition, we have to open ports 80 and 21, where the web and ftp daemons are listening, respectively, in order to allow access to those services from the outside: - - # firewall-cmd --zone=public --add-port=80/tcp --permanent - # firewall-cmd --zone=public --add-service=ftp --permanent - # firewall-cmd --reload - -To confirm that the web server is working properly, fire up your browser and enter the IP of the server. You should see the test page: - -![Confirm Apache Web Server](http://www.tecmint.com/wp-content/uploads/2015/05/Confirm-Apache-Web-Server.png) - -Confirm Apache Web Server - -As for the ftp server, we will have to configure it further, which we will do in a minute, before confirming that it’s working as expected. - -### Configuring and Securing Apache Web Server ### - -The main configuration file for Apache is located in `/etc/httpd/conf/httpd.conf`, but it may rely on other files present inside `/etc/httpd/conf.d`. - -Although the default configuration should be sufficient for most cases, it’s a good idea to become familiar with all the available options as described in the [official documentation][1]. - -As always, make a backup copy of the main configuration file before editing it: - - # cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.$(date +%Y%m%d) - -Then open it with your preferred text editor and look for the following variables: - -- ServerRoot: the directory where the server’s configuration, error, and log files are kept. -- Listen: instructs Apache to listen on specific IP address and / or ports. -- Include: allows the inclusion of other configuration files, which must exist. Otherwise, the server will fail, as opposed to the IncludeOptional directive, which is silently ignored if the specified configuration files do not exist. -- User and Group: the name of the user/group to run the httpd service as. -- DocumentRoot: The directory out of which Apache will serve your documents. By default, all requests are taken from this directory, but symbolic links and aliases may be used to point to other locations. -- ServerName: this directive sets the hostname (or IP address) and port that the server uses to identify itself. - -The first security measure will consist of creating a dedicated user and group (i.e. tecmint/tecmint) to run the web server as and changing the default port to a higher one (9000 in this case): - - ServerRoot "/etc/httpd" - Listen 192.168.0.18:9000 - User tecmint - Group tecmint - DocumentRoot "/var/www/html" - ServerName 192.168.0.18:9000 - -You can test the configuration file with. - - # apachectl configtest - -and if everything is OK, then restart the web server. - - # systemctl restart httpd - -and don’t forget to enable the new port (and disable the old one) in the firewall: - - # firewall-cmd --zone=public --remove-port=80/tcp --permanent - # firewall-cmd --zone=public --add-port=9000/tcp --permanent - # firewall-cmd --reload - -Note that, due to SELinux policies, you can only use the ports returned by - - # semanage port -l | grep -w '^http_port_t' - -for the web server. - -If you want to use another port (i.e. TCP port 8100), you will have to add it to SELinux port context for the httpd service: - -# semanage port -a -t http_port_t -p tcp 8100 - -![Add Apache Port to SELinux Policies](http://www.tecmint.com/wp-content/uploads/2015/05/Add-Apache-Port-to-SELinux-Policies.png) - -Add Apache Port to SELinux Policies - -To further secure your Apache installation, follow these steps: - -1. The user Apache is running as should not have access to a shell: - - # usermod -s /sbin/nologin tecmint - -2. Disable directory listing in order to prevent the browser from displaying the contents of a directory if there is no index.html present in that directory. - -Edit `/etc/httpd/conf/httpd.conf` (and the configuration files for virtual hosts, if any) and make sure that the Options directive, both at the top and at Directory block levels, is set to None: - - Options None - -3. Hide information about the web server and the operating system in HTTP responses. Edit /etc/httpd/conf/httpd.conf as follows: - - ServerTokens Prod - ServerSignature Off - -Now you are ready to start serving content from your /var/www/html directory. - -### Configuring and Securing FTP Server ### - -As in the case of Apache, the main configuration file for Vsftpd `(/etc/vsftpd/vsftpd.conf)` is well commented and while the default configuration should suffice for most applications, you should become acquainted with the documentation and the man page `(man vsftpd.conf)` in order to operate the ftp server more efficiently (I can’t emphasize that enough!). - -In our case, these are the directives used: - - anonymous_enable=NO - local_enable=YES - write_enable=YES - local_umask=022 - dirmessage_enable=YES - xferlog_enable=YES - connect_from_port_20=YES - xferlog_std_format=YES - chroot_local_user=YES - allow_writeable_chroot=YES - listen=NO - listen_ipv6=YES - pam_service_name=vsftpd - userlist_enable=YES - tcp_wrappers=YES - -By using `chroot_local_user=YES`, local users will be (by default) placed in a chroot’ed jail in their home directory right after login. This means that local users will not be able to access any files outside their corresponding home directories. - -Finally, to allow ftp to read files in the user’s home directory, set the following SELinux boolean: - - # setsebool -P ftp_home_dir on - -You can now connect to the ftp server using a client such as Filezilla: - -![Check FTP Connection](http://www.tecmint.com/wp-content/uploads/2015/05/Check-FTP-Connection.png) - -Check FTP Connection - -Note that the `/var/log/xferlo`g log records downloads and uploads, which concur with the above directory listing: - -![Monitor FTP Download and Upload](http://www.tecmint.com/wp-content/uploads/2015/05/Monitor-FTP-Download-Upload.png) - -Monitor FTP Download and Upload - -Read Also: [Limit FTP Network Bandwidth Used by Applications in a Linux System with Trickle][2] - -### Summary ### - -In this tutorial we have explained how to set up a web and a ftp server. Due to the vastness of the subject, it is not possible to cover all the aspects of these topics (i.e. virtual web hosts). Thus, I recommend you also check other excellent articles in this website about [Apache][3]. - --------------------------------------------------------------------------------- - -via: http://www.tecmint.com/rhcsa-series-install-and-secure-apache-web-server-and-ftp-in-rhel/ - -作者:[Gabriel Cánepa][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:http://www.tecmint.com/author/gacanepa/ -[1]:http://httpd.apache.org/docs/2.4/ -[2]:http://www.tecmint.com/manage-and-limit-downloadupload-bandwidth-with-trickle-in-linux/ -[3]:http://www.google.com/cse?cx=partner-pub-2601749019656699:2173448976&ie=UTF-8&q=virtual+hosts&sa=Search&gws_rd=cr&ei=Dy9EVbb0IdHisASnroG4Bw#gsc.tab=0&gsc.q=apache diff --git a/sources/tech/RHCSA Series/RHCSA Series--Part 10--Yum Package Management, Automating Tasks with Cron and Monitoring System Logs.md b/sources/tech/RHCSA Series/RHCSA Series--Part 10--Yum Package Management, Automating Tasks with Cron and Monitoring System Logs.md index 04c7d7a29e..307ec72515 100644 --- a/sources/tech/RHCSA Series/RHCSA Series--Part 10--Yum Package Management, Automating Tasks with Cron and Monitoring System Logs.md +++ b/sources/tech/RHCSA Series/RHCSA Series--Part 10--Yum Package Management, Automating Tasks with Cron and Monitoring System Logs.md @@ -1,3 +1,4 @@ +[xiqingongzi translating] RHCSA Series: Yum Package Management, Automating Tasks with Cron and Monitoring System Logs – Part 10 ================================================================================ In this article we will review how to install, update, and remove packages in Red Hat Enterprise Linux 7. We will also cover how to automate tasks using cron, and will finish this guide explaining how to locate and interpret system logs files with the focus of teaching you why all of these are essential skills for every system administrator. @@ -194,4 +195,4 @@ via: http://www.tecmint.com/yum-package-management-cron-job-scheduling-monitorin [1]:http://www.tecmint.com/20-linux-yum-yellowdog-updater-modified-commands-for-package-mangement/ [2]:http://www.tecmint.com/20-practical-examples-of-rpm-commands-in-linux/ [3]:http://www.tecmint.com/11-cron-scheduling-task-examples-in-linux/ -[4]:http://www.tecmint.com/dmesg-commands/ \ No newline at end of file +[4]:http://www.tecmint.com/dmesg-commands/ diff --git a/sources/tech/RHCSA Series/RHCSA Series--Part 11--Firewall Essentials and Network Traffic Control Using FirewallD and Iptables.md b/sources/tech/RHCSA Series/RHCSA Series--Part 11--Firewall Essentials and Network Traffic Control Using FirewallD and Iptables.md deleted file mode 100644 index fd27f4c6fc..0000000000 --- a/sources/tech/RHCSA Series/RHCSA Series--Part 11--Firewall Essentials and Network Traffic Control Using FirewallD and Iptables.md +++ /dev/null @@ -1,191 +0,0 @@ -RHCSA Series: Firewall Essentials and Network Traffic Control Using FirewallD and Iptables – Part 11 -================================================================================ -In simple words, a firewall is a security system that controls the incoming and outgoing traffic in a network based on a set of predefined rules (such as the packet destination / source or type of traffic, for example). - -![Control Network Traffic with FirewallD and Iptables](http://www.tecmint.com/wp-content/uploads/2015/05/Control-Network-Traffic-Using-Firewall.png) - -RHCSA: Control Network Traffic with FirewallD and Iptables – Part 11 - -In this article we will review the basics of firewalld, the default dynamic firewall daemon in Red Hat Enterprise Linux 7, and iptables service, the legacy firewall service for Linux, with which most system and network administrators are well acquainted, and which is also available in RHEL 7. - -### A Comparison Between FirewallD and Iptables ### - -Under the hood, both firewalld and the iptables service talk to the netfilter framework in the kernel through the same interface, not surprisingly, the iptables command. However, as opposed to the iptables service, firewalld can change the settings during normal system operation without existing connections being lost. - -Firewalld should be installed by default in your RHEL system, though it may not be running. You can verify with the following commands (firewall-config is the user interface configuration tool): - - # yum info firewalld firewall-config - -![Check FirewallD Information](http://www.tecmint.com/wp-content/uploads/2015/05/Check-FirewallD-Information.png) - -Check FirewallD Information - -and, - - # systemctl status -l firewalld.service - -![Check FirewallD Status](http://www.tecmint.com/wp-content/uploads/2015/05/Check-FirewallD-Status.png) - -Check FirewallD Status - -On the other hand, the iptables service is not included by default, but can be installed through. - - # yum update && yum install iptables-services - -Both daemons can be started and enabled to start on boot with the usual systemd commands: - - # systemctl start firewalld.service | iptables-service.service - # systemctl enable firewalld.service | iptables-service.service - -Read Also: [Useful Commands to Manage Systemd Services][1] - -As for the configuration files, the iptables service uses `/etc/sysconfig/iptables` (which will not exist if the package is not installed in your system). On a RHEL 7 box used as a cluster node, this file looks as follows: - -![Iptables Firewall Configuration](http://www.tecmint.com/wp-content/uploads/2015/05/Iptables-Rules.png) - -Iptables Firewall Configuration - -Whereas firewalld store its configuration across two directories, `/usr/lib/firewalld` and `/etc/firewalld`: - - # ls /usr/lib/firewalld /etc/firewalld - -![FirewallD Configuration](http://www.tecmint.com/wp-content/uploads/2015/05/Firewalld-configuration.png) - -FirewallD Configuration - -We will examine these configuration files further later in this article, after we add a few rules here and there. By now it will suffice to remind you that you can always find more information about both tools with. - - # man firewalld.conf - # man firewall-cmd - # man iptables - -Other than that, remember to take a look at [Reviewing Essential Commands & System Documentation – Part 1][2] of the current series, where I described several sources where you can get information about the packages installed on your RHEL 7 system. - -### Using Iptables to Control Network Traffic ### - -You may want to refer to [Configure Iptables Firewall – Part 8][3] of the Linux Foundation Certified Engineer (LFCE) series to refresh your memory about iptables internals before proceeding further. Thus, we will be able to jump in right into the examples. - -**Example 1: Allowing both incoming and outgoing web traffic** - -TCP ports 80 and 443 are the default ports used by the Apache web server to handle normal (HTTP) and secure (HTTPS) web traffic. You can allow incoming and outgoing web traffic through both ports on the enp0s3 interface as follows: - - # iptables -A INPUT -i enp0s3 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT - # iptables -A OUTPUT -o enp0s3 -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT - # iptables -A INPUT -i enp0s3 -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT - # iptables -A OUTPUT -o enp0s3 -p tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT - -**Example 2: Block all (or some) incoming connections from a specific network** - -There may be times when you need to block all (or some) type of traffic originating from a specific network, say 192.168.1.0/24 for example: - - # iptables -I INPUT -s 192.168.1.0/24 -j DROP - -will drop all packages coming from the 192.168.1.0/24 network, whereas, - - # iptables -A INPUT -s 192.168.1.0/24 --dport 22 -j ACCEPT - -will only allow incoming traffic through port 22. - -**Example 3: Redirect incoming traffic to another destination** - -If you use your RHEL 7 box not only as a software firewall, but also as the actual hardware-based one, so that it sits between two distinct networks, IP forwarding must have been already enabled in your system. If not, you need to edit `/etc/sysctl.conf` and set the value of net.ipv4.ip_forward to 1, as follows: - - net.ipv4.ip_forward = 1 - -then save the change, close your text editor and finally run the following command to apply the change: - - # sysctl -p /etc/sysctl.conf - -For example, you may have a printer installed at an internal box with IP 192.168.0.10, with the CUPS service listening on port 631 (both on the print server and on your firewall). In order to forward print requests from clients on the other side of the firewall, you should add the following iptables rule: - - # iptables -t nat -A PREROUTING -i enp0s3 -p tcp --dport 631 -j DNAT --to 192.168.0.10:631 - -Please keep in mind that iptables reads its rules sequentially, so make sure the default policies or later rules do not override those outlined in the examples above. - -### Getting Started with FirewallD ### - -One of the changes introduced with firewalld are zones. This concept allows to separate networks into different zones level of trust the user has decided to place on the devices and traffic within that network. - -To list the active zones: - - # firewall-cmd --get-active-zones - -In the example below, the public zone is active, and the enp0s3 interface has been assigned to it automatically. To view all the information about a particular zone: - - # firewall-cmd --zone=public --list-all - -![List all FirewallD Zones](http://www.tecmint.com/wp-content/uploads/2015/05/View-FirewallD-Zones.png) - -List all FirewallD Zones - -Since you can read more about zones in the [RHEL 7 Security guide][4], we will only list some specific examples here. - -**Example 4: Allowing services through the firewall** - -To get a list of the supported services, use. - - # firewall-cmd --get-services - -![List All Supported Services](http://www.tecmint.com/wp-content/uploads/2015/05/List-All-Supported-Services.png) - -List All Supported Services - -To allow http and https web traffic through the firewall, effective immediately and on subsequent boots: - - # firewall-cmd --zone=MyZone --add-service=http - # firewall-cmd --zone=MyZone --permanent --add-service=http - # firewall-cmd --zone=MyZone --add-service=https - # firewall-cmd --zone=MyZone --permanent --add-service=https - # firewall-cmd --reload - -If code>–zone is omitted, the default zone (you can check with firewall-cmd –get-default-zone) is used. - -To remove the rule, replace the word add with remove in the above commands. - -**Example 5: IP / Port forwarding** - -First off, you need to find out if masquerading is enabled for the desired zone: - - # firewall-cmd --zone=MyZone --query-masquerade - -In the image below, we can see that masquerading is enabled for the external zone, but not for public: - -![Check Masquerading Status in Firewalld](http://www.tecmint.com/wp-content/uploads/2015/05/Check-masquerading.png) - -Check Masquerading Status - -You can either enable masquerading for public: - - # firewall-cmd --zone=public --add-masquerade - -or use masquerading in external. Here’s what we would do to replicate Example 3 with firewalld: - - # firewall-cmd --zone=external --add-forward-port=port=631:proto=tcp:toport=631:toaddr=192.168.0.10 - -And don’t forget to reload the firewall. - -You can find further examples on [Part 9][5] of the RHCSA series, where we explained how to allow or disable the ports that are usually used by a web server and a ftp server, and how to change the corresponding rule when the default port for those services are changed. In addition, you may want to refer to the firewalld wiki for further examples. - -Read Also: [Useful FirewallD Examples to Configure Firewall in RHEL 7][6] - -### Conclusion ### - -In this article we have explained what a firewall is, what are the available services to implement one in RHEL 7, and provided a few examples that can help you get started with this task. If you have any comments, suggestions, or questions, feel free to let us know using the form below. Thank you in advance! - --------------------------------------------------------------------------------- - -via: http://www.tecmint.com/firewalld-vs-iptables-and-control-network-traffic-in-firewall/ - -作者:[Gabriel Cánepa][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:http://www.tecmint.com/author/gacanepa/ -[1]:http://www.tecmint.com/manage-services-using-systemd-and-systemctl-in-linux/ -[2]:http://www.tecmint.com/rhcsa-exam-reviewing-essential-commands-system-documentation/ -[3]:http://www.tecmint.com/configure-iptables-firewall/ -[4]:https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Using_Firewalls.html -[5]:http://www.tecmint.com/rhcsa-series-install-and-secure-apache-web-server-and-ftp-in-rhel/ -[6]:http://www.tecmint.com/firewalld-rules-for-centos-7/ \ No newline at end of file diff --git a/sources/tech/RHCSA Series/RHCSA Series--Part 12--Automate RHEL 7 Installations Using 'Kickstart'.md b/sources/tech/RHCSA Series/RHCSA Series--Part 12--Automate RHEL 7 Installations Using 'Kickstart'.md index a4365e311e..3d8b578a32 100644 --- a/sources/tech/RHCSA Series/RHCSA Series--Part 12--Automate RHEL 7 Installations Using 'Kickstart'.md +++ b/sources/tech/RHCSA Series/RHCSA Series--Part 12--Automate RHEL 7 Installations Using 'Kickstart'.md @@ -1,3 +1,5 @@ +FSSlc translating + RHCSA Series: Automate RHEL 7 Installations Using ‘Kickstart’ – Part 12 ================================================================================ Linux servers are rarely standalone boxes. Whether it is in a datacenter or in a lab environment, chances are that you have had to install several machines that will interact one with another in some way. If you multiply the time that it takes to install Red Hat Enterprise Linux 7 manually on a single server by the number of boxes that you need to set up, this can lead to a rather lengthy effort that can be avoided through the use of an unattended installation tool known as kickstart. @@ -139,4 +141,4 @@ via: http://www.tecmint.com/automatic-rhel-installations-using-kickstart/ [a]:http://www.tecmint.com/author/gacanepa/ [1]:https://access.redhat.com/labs/kickstartconfig/ -[2]:http://www.tecmint.com/multiple-centos-installations-using-kickstart/ \ No newline at end of file +[2]:http://www.tecmint.com/multiple-centos-installations-using-kickstart/ diff --git a/translated/share/20150826 Five Super Cool Open Source Games.md b/translated/share/20150826 Five Super Cool Open Source Games.md new file mode 100644 index 0000000000..30ca09e171 --- /dev/null +++ b/translated/share/20150826 Five Super Cool Open Source Games.md @@ -0,0 +1,66 @@ +Translated by H-mudcup +五大超酷的开源游戏 +================================================================================ +在2014年和2015年,Linux 成了一堆流行商业品牌的家,例如备受欢迎的 Borderlands、Witcher、Dead Island 和 CS系列游戏。虽然这是令人激动的消息,但这跟玩家的预算有什么关系?商业品牌很好,但更好的是由了解玩家喜好的开发者开发的免费的替代品。 + +前段时间,我偶然看到了一个三年前发布的 YouTube 视频,标题非常的有正能量[5个不算糟糕的开源游戏][1]。虽然视频表扬了一些开源游戏,我还是更喜欢用一个更加热情的方式来切入这个话题,至少如标题所说。所以,下面是我的一份五大超酷开源游戏的清单。 + +### Tux Racer ### + +![Tux Racer](http://fossforce.com/wp-content/uploads/2015/08/tuxracer-550x413.jpg) + +Tux Racer + +[《Tux Racer》][2]是这份清单上的第一个游戏,因为我对这个游戏很熟悉。我和兄弟与[电脑上的孩子们][4]项目在[最近一次去墨西哥的路途中][3] Tux Racer 是孩子和教师都喜欢玩的游戏之一。在这个游戏中,玩家使用 Linux 吉祥物,企鹅 Tux,在下山雪道上以计时赛的方式进行比赛。玩家们不断挑战他们自己的最佳纪录。目前还没有多玩家版本,但这是有可能改变的。适用于 Linux、OS X、Windows 和 Android。 + +### Warsow ### + +![Warsow](http://fossforce.com/wp-content/uploads/2015/08/warsow-550x413.jpg) + +Warsow + +[《Warsow》][5]网站解释道:“设定是有未来感的卡通世界,Warsow 是个完全开放的适用于 Windows、Linux 和 Mac OS X平台的快节奏第一人称射击游戏(FPS)。Warsow 是尊重的艺术和网络中的体育精神。(Warsow is the Art of Respect and Sportsmanship Over the Web.大写字母组成Warsow。)” 我很不情愿的把 FPS 类放到了这个列表中,因为很多人玩过这类的游戏,但是我的确被 Warsow 打动了。它对很多动作进行了优先级排序,游戏节奏很快,一开始就有八个武器。卡通化的风格让玩的过程变得没有那么严肃,更加的休闲,非常适合可以和亲友一同玩。然而,他却以充满竞争的游戏自居,并且当我体验这个游戏时,我发现周围确实有一些专家级的玩家。适用于 Linux、Windows 和 OS X。 + +### M.A.R.S——一个荒诞的射击游戏 ### + +![M.A.R.S. - A ridiculous shooter](http://fossforce.com/wp-content/uploads/2015/08/MARS-screenshot-550x344.jpg) + +M.A.R.S.——一个荒诞的射击游戏 + +[《M.A.R.S——一个荒诞的射击游戏》][6]之所以吸引人是因为他充满活力的色彩和画风。支持两个玩家使用同一个键盘,而一个在线多玩家版本目前正在开发中——这意味着想要和朋友们一起玩暂时还要等等。不论如何,它是个可以使用几个不同飞船和武器的有趣的太空射击游戏。飞船的形状不同,从普通的枪、激光、散射枪到更有趣的武器(随机出来的飞船中有一个会对敌人发射泡泡,这为这款混乱的游戏增添了很多乐趣)。游戏几种模式,比如标准模式和对方进行殊死搏斗以获得高分或先达到某个分数线,还有其他的模式,空间球(Spaceball)、坟坑(Grave-itation Pit)和保加农炮(Cannon Keep)。适用于 Linux、Windows 和 OS X。 + +### Valyria Tear ### + +![Valyria Tear](http://fossforce.com/wp-content/uploads/2015/08/bronnan-jump-to-enemy-550x413.jpg) + +Valyria Tear + +[Valyria Tear][7] 类似几年来拥有众多粉丝的角色扮演游戏(RPG)。故事设定在梦幻游戏的通用年代,充满了骑士、王国和魔法,以及主要角色 Bronann。设计团队做的非常棒,在设计这个世界和实现玩家对这类游戏所有的期望:隐藏的宝藏、偶遇的怪物、非玩家操纵角色(NPC)的互动以及所有 RPG 不可或缺的:在低级别的怪物上刷经验直到可以面对大 BOSS。我在试玩的时候,时间不允许我太过深入到这个游戏故事中,但是感兴趣的人可以看 YouTube 上由 Yohann Ferriera 用户发的‘[Let’s Play][8]’系列视频。适用于 Linux、Windows 和 OS X。 + +### SuperTuxKart ### + +![SuperTuxKart](http://fossforce.com/wp-content/uploads/2015/08/hacienda_tux_antarctica-550x293.jpg) + +SuperTuxKart + +最后一个同样好玩的游戏是 [SuperTuxKart][9],一个效仿 Mario Kart(马里奥卡丁车)但丝毫不必原作差的好游戏。它在2000年-2004年间开始以 Tux Kart 开发,但是在成品中有错误,结果开发就停止了几年。从2006年开始重新开发时起,它就一直在改进,直到四个月前0.9版首次发布。在游戏里,我们的老朋友 Tux 与马里奥和其他一些开源吉祥物一同开始。其中一个熟悉的面孔是 Suzanne,Blender 的那只吉祥物猴子。画面很给力,游戏很流畅。虽然在线游戏还在计划阶段,但是分屏多玩家游戏是可以的。一个电脑最多可以四个玩家同时玩。适用于 Linux、Windows、OS X、AmigaOS 4、AROS 和 MorphOS。 + +-------------------------------------------------------------------------------- + +via: http://fossforce.com/2015/08/five-super-cool-open-source-games/ + +作者:Hunter Banks +译者:[H-mudcup](https://github.com/H-mudcup) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出 + +[1]:https://www.youtube.com/watch?v=BEKVl-XtOP8 +[2]:http://tuxracer.sourceforge.net/download.html +[3]:http://fossforce.com/2015/07/banks-family-values-texas-linux-fest/ +[4]:http://www.kidsoncomputers.org/an-amazing-week-in-oaxaca +[5]:https://www.warsow.net/download +[6]:http://mars-game.sourceforge.net/ +[7]:http://valyriatear.blogspot.com/ +[8]:https://www.youtube.com/channel/UCQ5KrSk9EqcT_JixWY2RyMA +[9]:http://supertuxkart.sourceforge.net/ diff --git a/translated/share/20150827 Xtreme Download Manager Updated With Fresh GUI.md b/translated/share/20150827 Xtreme Download Manager Updated With Fresh GUI.md new file mode 100644 index 0000000000..d9ab3ab9f3 --- /dev/null +++ b/translated/share/20150827 Xtreme Download Manager Updated With Fresh GUI.md @@ -0,0 +1,68 @@ +Xtreme下载管理器升级全新用户界面 +================================================================================ +![](http://itsfoss.itsfoss.netdna-cdn.com/wp-content/uploads/2015/08/Xtreme-Download-Manager-Linux.jpg) + +[Xtreme 下载管理器][1], 毫无疑问是[Linux界最好的下载管理器][2]之一 , 它的新版本名叫 XDM 2015 ,这次的新版本给我们带来了全新的外观体验! + +Xtreme 下载管理器,也被称作 XDM 或 XDMAN,它是一个跨平台的下载管理器,可以用于 Linux、Windows 和 Mac OS X 系统之上。同时它兼容于主流的浏览器,如 Chrome, Firefox, Safari 等,因此当你从浏览器下载东西的时候可以直接使用 XDM 下载。 + +当你的网络连接超慢并且需要管理下载文件的时候,像 XDM 这种软件可以帮到你大忙。例如说你在一个慢的要死的网络速度下下载一个超大文件, XDM 可以帮助你暂停并且继续下载。 + +XDM 的主要功能: + +- 暂停和继续下载 +- [从 YouTube 下载视频][3],其他视频网站同样适用 +- 强制聚合 +- 下载加速 +- 计划下载 +- 下载限速 +- 与浏览器整合 +- 支持代理服务器 + +下面你可以看到 XDM 新旧版本之间的差别。 + +![Old XDM](http://itsfoss.itsfoss.netdna-cdn.com/wp-content/uploads/2015/08/Xtreme-Download-Manager-700x400_c.jpg) + +老版本XDM + +![New XDM](http://itsfoss.itsfoss.netdna-cdn.com/wp-content/uploads/2015/08/Xtreme_Download_Manager.png) + +新版本XDM + +### 在基于 Ubuntu 的 Linux 发行版上安装 Xtreme下载管理器 ### + +感谢 Noobslab 提供的 PPA,你可以使用以下命令来安装 Xtreme 下载管理器。虽然 XDM 依赖 Java,但是托 PPA 的福,你不需要对其进行单独的安装。 + + sudo add-apt-repository ppa:noobslab/apps + sudo apt-get update + sudo apt-get install xdman + +以上的 PPA 可以在 Ubuntu 或者其他基于 Ubuntu 的发行版上使用,如 Linux Mint, elementary OS, Linux Lite 等。 + +#### 删除 XDM #### + +如果你是使用 PPA 安装的 XDM ,可以通过以下命令将其删除: + + sudo apt-get remove xdman + sudo add-apt-repository --remove ppa:noobslab/apps + +对于其他Linux发行版,可以通过以下连接下载: + +- [Download Xtreme Download Manager][4] + +-------------------------------------------------------------------------------- + +via: http://itsfoss.com/xtreme-download-manager-install/ + +作者:[Abhishek][a] +译者:[译者ID](https://github.com/mr-ping) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://itsfoss.com/author/abhishek/ +[1]:http://xdman.sourceforge.net/ +[2]:http://itsfoss.com/4-best-download-managers-for-linux/ +[3]:http://itsfoss.com/download-youtube-videos-ubuntu/ +[4]:http://xdman.sourceforge.net/download.html + diff --git a/translated/talk/20141223 Defending the Free Linux World.md b/translated/talk/20141223 Defending the Free Linux World.md new file mode 100644 index 0000000000..cabc8af041 --- /dev/null +++ b/translated/talk/20141223 Defending the Free Linux World.md @@ -0,0 +1,127 @@ +Translating by H-mudcup + +守卫自由的Linux世界 +================================================================================ +![](http://www.linuxinsider.com/ai/908455/open-invention-network.jpg) + +**"合作是开源的一部分。OIN的CEO Keith Bergelt解释说,开放创新网络(Open Invention Network)模式允许众多企业和公司决定它们该在哪较量,在哪合作。随着开源的演变,“我们需要为合作创造渠道。否则我们将会有几百个团体把数十亿美元花费到同样的技术上。”** + +[开放创新网络(Open Invention Network)][1],既OIN,正在全球范围内开展让 Linux 远离专利诉讼的伤害的活动。它的努力得到了一千多个公司的热烈回应,它们的加入让这股力量成为了历史上最大的反专利管理组织。 + +开放创新网络以白帽子组织的身份创建于2005年,目的是保护 Linux 免受来自许可证方面的困扰。包括Google、 IBM、 NEC、 Novell、 Philips、 [Red Hat][2] 和 Sony这些成员的董事会给予了它可观的经济支持。世界范围内的多个组织通过签署自由 OIN 协议加入了这个社区。 + +创立开放创新网络的组织成员把它当作利用知识产权保护 Linux 的大胆尝试。它的商业模式非常的难以理解。它要求它的成员持无专利证并永远放弃由于 Linux 相关知识产权起诉其他成员的机会。 + +然而,从 Linux 收购风波——想想服务器和云平台——那时起,保护 Linux 知识产权的策略就变得越加的迫切。 + +在过去的几年里,Linux 的版图曾经历了一场变革。OIN 不必再向人们解释这个组织的定义,也不必再解释为什么 Linux 需要保护。据 OIN 的 CEO Keith Bergelt 说,现在 Linux 的重要性得到了全世界的关注。 + +“我们已经见到了一场人们了解到OIN如何让合作受益的文化变革,”他对 LinuxInsider 说。 + +### 如何运作 ### + +开放创新网络使用专利权的方式创建了一个协作环境。这种方法有助于确保创新的延续。这已经使很多软件商贩、顾客、新型市场和投资者受益。 + +开放创新网络的专利证可以让任何公司、公共机构或个人免版权使用。这些权利的获得建立在签署者同意不会专为了维护专利而攻击 Linux 系统的基础上。 + +OIN 确保 Linux 的源代码保持开放的状态。这让编程人员、设备出售人员、独立软件开发者和公共机构在投资和使用 Linux 时不用过多的担心知识产权的问题。这让对 Linux 进行重新装配、嵌入和使用的公司省了不少钱。 + +“随着版权许可证越来越广泛的使用,对 OIN 许可证的需求也变得更加的迫切。现在,人们正在寻找更加简单或更功利的解决方法”,Bergelt 说。 + +OIN 法律防御援助对成员是免费的。成员必须承诺不对 OIN 名单带上的软件发起专利诉讼。为了保护该软件,他们也同意提供他们自己的专利。最终,这些保证将导致几十万的交叉许可通过网络连接,Bergelt 如此解释道。 + +### 填补法律漏洞 ### + +“OIN 正在做的事情是非常必要的。它提供额另一层 IP 保护,”[休斯顿法律中心大学][3]的副教授 Greg R. Vetter 这样说道。 + +他回答 LinuxInsider 说,某些人设想的第二版 GPL 许可证会隐含的提供专利许可,但是律师们更喜欢明确的许可。 + +OIN 所提供的许可填补了这个空白。它还明确的覆盖了 Linux 核心。据 Vetter 说,明确的专利许可并不是 GPLv2 中的必要部分,但是这个部分曾在 GPLv3 中。 + +拿一个在 GPLv3 中写了10000行代码的代码编写者来说。随着时间推移,其他的代码编写者会贡献更多行的代码到 IP 中。GPLv3 中的软件专利许可条款将保护所有基于参与其中的贡献者的专利的全部代码的使用,Vetter 如此说道。 + +### 并不完全一样 ### + +专利权和许可证在法律结构上层层叠叠互相覆盖。弄清两者对开源软件的作用就像是穿越雷区。 + +Vetter 说“许可证是授予通常是建立在专利和版权法律上的额外权利的法律结构。许可证被认为是给予了人们做一些的可能会侵犯到其他人的 IP 权利的事的许可。” + +Vetter 指出,很多自由开源许可证(例如 Mozilla 公共许可、GNU、GPLv3 以及 Apache 软件许可)融合了某些互惠专利权的形式。Vetter 指出,像 BSD 和 MIT 这样旧的许可证不会提到专利。 + +一个软件的许可证让其他人可以在某种程度上使用这个编程人员创造的代码。版权对所属权的建立是自动的,只要某个人写或者画了某个原创的东西。然而,版权只覆盖了个别的表达方式和衍生的作品。他并没有涵盖代码的功能性或可用的想法。 + +专利涵盖了功能性。专利权还可以成为许可证。版权可能无法保护某人如何独立的对另一个人的代码的实现的开发,但是专利填补了这个小瑕疵,Vetter 解释道。 + +### 寻找安全通道 ### + +许可证和专利混合的法律性质可能会对开源开发者产生威胁。据 [Chaotic Moon Studios][4] 的创办者之一、 [IEEE][5] 计算机协会成员 William Hurley 说,对于某些人来说即使是 GPL 也会成为威胁。 + +"在很久以前,开源是个完全不同的世界。被彼此间的尊重和把代码视为艺术而非资产的观点所驱动,那时的程序和代码比现在更加的开放。我相信很多为最好的意图所做的努力几乎最后总是背负着意外的结果,"Hurley 这样告诉 LinuxInsider。 + +他暗示说,成员人数超越了1000人可能带来了一个关于知识产权保护重要性的混乱信息。这可能会继续搅混开源生态系统这滩浑水。 + +“最终,这些显现出了围绕着知识产权的常见的一些错误概念。拥有几千个开发者并不会减少风险——而是增加。给专利许可的开发者越多,它们看起来就越值钱,”Hurley 说。“它们看起来越值钱,有着类似专利的或者其他知识产权的人就越可能试图利用并从中榨取他们自己的经济利益。” + +### 共享与竞争共存 ### + +竞合策略是开源的一部分。OIN 模型让各个公司能够决定他们将在哪竞争以及在哪合作,Bergelt 解释道。 + +“开源演化中的许多改变已经把我们移到了另一个方向上。我们必须为合作创造渠道。否则我们将会有几百个团体把数十亿美元花费到同样的技术上,”他说。 + +手机产业的革新就是个很好的例子。各个公司放出了不同的标准。没有共享,没有合作,Bergelt 解释道。 + +他说:“这让我们在美国接触技术的能力落后了七到五年。我们接触设备的经验远远落后于世界其他地方的人。在我们等待 CDMA (Code Division Multiple Access 码分多址访问通信技术)时自满于 GSM (Global System for Mobile Communications 全球移动通信系统)。” + +### 改变格局 ### + +OIN 在去年经历了增长了400个新许可的浪潮。这意味着着开源有了新趋势。 + +Bergelt 说:“市场到达了一个临界点,组织内的人们终于意识到直白地合作和竞争的需要。结果是两件事同时进行。这可能会变得复杂、费力。” + +然而,这个由人们开始考虑合作和竞争的文化革新所驱动的转换过程是可以忍受的。他解释说,这也是人们在以把开源作为开源社区的最重要的工程的方式拥抱开源——尤其是 Linux——的转变。 + +还有一个迹象是,最具意义的新工程都没有在 GPLv3 许可下开发。 + +### 二个总比一个好 ### + +“GPL 极为重要,但是事实是有一堆的许可模型正被使用着。在Eclipse、Apache 和 Berkeley 许可中,专利问题的相对可解决性通常远远低于在 GPLv3 中的。”Bergelt 说。 + +GPLv3 对于解决专利问题是个自然的补充——但是 GPL 自身不足以独自解决围绕专利使用的潜在冲突。所以 OIN 的设计是以能够补充版权许可为目的的,他补充道。 + +然而,层层叠叠的专利和许可也许并没有带来多少好处。到最后,专利在几乎所有的案例中都被用于攻击目的——而不是防御目的,Bergelt 暗示说。 + +“如果你不准备对其他人采取法律行动,那么对于你的知识财产来说专利可能并不是最佳的法律保护方式”,他说。“我们现在生活在一个对软件——开放和专有——误会重重的世界里。这些软件还被错误并过时的专利系统所捆绑。我们每天在工业化的被窒息的创新中挣扎”,他说。 + +### 法院是最后的手段### + +想到 OIN 的出现抑制了诉讼的泛滥就感到十分欣慰,Bergelt 说,或者至少可以说 OIN 的出现扼制了特定的某些威胁。 + +“可以说我们让人们放下它们了的武器。同时我们正在创建一种新的文化规范。一旦你入股这个模型中的非侵略专利,所产生的相关影响就是对合作的鼓励”,他说。 + +如果你愿意承诺合作,你的第一反应就会趋向于不急着起诉。相反的,你会想如何让我们允许你使用我们所拥有的东西并让它为你赚钱,而同时我们也能使用你所拥有的东西,Bergelt 解释道。 + +“OIN 是个多面的解决方式。他鼓励签署者创造双赢协议”,他说。“这让起诉成为最逼不得已的行为。那才是它的位置。” + +### 底线### + +Bergelt 坚信,OIN 的运作是为了阻止 Linux 受到专利伤害。在 Linux 的世界里没有诉讼的地方。 + +唯一临近的是和微软的移动大战,这主要关系到堆栈中高的元素。那些来自法律的挑战可能是为了提高包括使用 Linux 产品的所属权的成本,Bergelt 说。 + +尽管如此“这些并不是有关 Linux 诉讼”,他说。“他们的重点并不在于 Linux 的核心。他们关注的是 Linux 系统里都有些什么。” + +-------------------------------------------------------------------------------- + +via: http://www.linuxinsider.com/story/Defending-the-Free-Linux-World-81512.html + +作者:Jack M. Germain +译者:[H-mudcup](https://github.com/H-mudcup) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出 + +[1]:http://www.openinventionnetwork.com/ +[2]:http://www.redhat.com/ +[3]:http://www.law.uh.edu/ +[4]:http://www.chaoticmoon.com/ +[5]:http://www.ieee.org/ diff --git a/translated/tech/20150410 How to run Ubuntu Snappy Core on Raspberry Pi 2.md b/translated/tech/20150410 How to run Ubuntu Snappy Core on Raspberry Pi 2.md deleted file mode 100644 index f5e6fe60b2..0000000000 --- a/translated/tech/20150410 How to run Ubuntu Snappy Core on Raspberry Pi 2.md +++ /dev/null @@ -1,89 +0,0 @@ -如何在树莓派2 代运行ubuntu Snappy Core -================================================================================ -物联网(Internet of Things, IoT) 时代即将来临。很快,过不了几年,我们就会问自己当初是怎么在没有物联网的情况下生存的,就像我们现在怀疑过去没有手机的年代。Canonical 就是一个物联网快速发展却还是开放市场下的竞争者。这家公司宣称自己把赌注压到了IoT 上,就像他们已经在“云”上做过的一样。。在今年一月底,Canonical 启动了一个基于Ubuntu Core 的小型操作系统,名字叫做 [Ubuntu Snappy Core][1] 。 - -Snappy 是一种用来替代deb 的新的打包格式,是一个用来更新系统的前端,从CoreOS、红帽子和其他系统借鉴了**原子更新**这个想法。树莓派2 代投入市场,Canonical 很快就发布了用于树莓派的Snappy Core 版本。而第一代树莓派因为是基于ARMv6 ,Ubuntu 的ARM 镜像是基于ARMv7 ,所以不能运行ubuntu 。不过这种状况现在改变了,Canonical 通过发布用于RPI2 的镜像,抓住机会证明了Snappy 就是一个用于云计算,特别是用于物联网的系统。 - -Snappy 同样可以运行在其它像Amazon EC2, Microsofts Azure, Google的 Compute Engine 这样的云端上,也可以虚拟化在KVM、Virtuabox 和vagrant 上。Canonical Ubuntu 已经拥抱了微软、谷歌、Docker、OpenStack 这些重量级选手,同时也与一些小项目达成合作关系。除了一些创业公司,比如Ninja Sphere、Erle Robotics,还有一些开发板生产商,比如Odroid、Banana Pro, Udoo, PCDuino 和Parallella 、全志,Snappy 也提供了支持。Snappy Core 同时也希望尽快运行到路由器上来帮助改进路由器生产商目前很少更新固件的策略。 - -接下来,让我们看看怎么样在树莓派2 上运行Snappy。 - -用于树莓派2 的Snappy 镜像可以从 [Raspberry Pi 网站][2] 上下载。解压缩出来的镜像必须[写到一个至少8GB 大小的SD 卡][3]。尽管原始系统很小,但是原子升级和回滚功能会占用不小的空间。使用Snappy 启动树莓派2 后你就可以使用默认用户名和密码(都是ubuntu)登录系统。 - -![](https://farm8.staticflickr.com/7639/16428527263_f7bdd56a0d_c.jpg) - -sudo 已经配置好了可以直接用,安全起见,你应该使用以下命令来修改你的用户名 - - $ sudo usermod -l - -或者也可以使用`adduser` 为你添加一个新用户。 - -因为RPI缺少硬件时钟,而Snappy 并不知道这一点,所以系统会有一个小bug:处理某些命令时会报很多错。不过这个很容易解决: - -使用这个命令来确认这个bug 是否影响: - - $ date - -如果输出是 "Thu Jan 1 01:56:44 UTC 1970", 你可以这样做来改正: - - $ sudo date --set="Sun Apr 04 17:43:26 UTC 2015" - -改成你的实际时间。 - -![](https://farm9.staticflickr.com/8735/16426231744_c54d9b8877_b.jpg) - -现在你可能打算检查一下,看看有没有可用的更新。注意通常使用的命令: - - $ sudo apt-get update && sudo apt-get distupgrade - -不过这时系统不会让你通过,因为Snappy 使用它自己精简过的、基于dpkg 的包管理系统。这么做的原因是Snappy 会运行很多嵌入式程序,而同时你也会想着所有事情尽可能的简化。 - -让我们来看看最关键的部分,理解一下程序是如何与Snappy 工作的。运行Snappy 的SD 卡上除了boot 分区外还有3个分区。其中的两个构成了一个重复的文件系统。这两个平行文件系统被固定挂载为只读模式,并且任何时刻只有一个是激活的。第三个分区是一个部分可写的文件系统,用来让用户存储数据。通过更新系统,标记为'system-a' 的分区会保持一个完整的文件系统,被称作核心,而另一个平行文件系统仍然会是空的。 - -![](https://farm9.staticflickr.com/8758/16841251947_21f42609ce_b.jpg) - -如果我们运行以下命令: - - $ sudo snappy update - -系统将会在'system-b' 上作为一个整体进行更新,这有点像是更新一个镜像文件。接下来你将会被告知要重启系统来激活新核心。 - -重启之后,运行下面的命令可以检查你的系统是否已经更新到最新版本,以及当前被激活的是那个核心 - - $ sudo snappy versions -a - -经过更新-重启两步操作,你应该可以看到被激活的核心已经被改变了。 - -因为到目前为止我们还没有安装任何软件,下面的命令: - - $ sudo snappy update ubuntu-core - -将会生效,而且如果你打算仅仅更新特定的OS 版本,这也是一个办法。如果出了问题,你可以使用下面的命令回滚: - - $ sudo snappy rollback ubuntu-core - -这将会把系统状态回滚到更新之前。 - -![](https://farm8.staticflickr.com/7666/17022676786_5fe6804ed8_c.jpg) - -再来说说那些让Snappy 有用的软件。这里不会讲的太多关于如何构建软件、向Snappy 应用商店添加软件的基础知识,但是你可以通过Freenode 上的IRC 频道#snappy 了解更多信息,那个上面有很多人参与。你可以通过浏览器访问http://:4200 来浏览应用商店,然后从商店安装软件,再在浏览器里访问http://webdm.local 来启动程序。如何构建用于Snappy 的软件并不难,而且也有了现成的[参考文档][4] 。你也可以很容易的把DEB 安装包使用Snappy 格式移植到Snappy 上。 - -![](https://farm8.staticflickr.com/7656/17022676836_968a2a7254_c.jpg) - -尽管Ubuntu Snappy Core 吸引我们去研究新型的Snappy 安装包格式和Canonical 式的原子更新操作,但是因为有限的可用应用,它现在在生产环境里还不是很有用。但是既然搭建一个Snappy 环境如此简单,这看起来是一个学点新东西的好机会。 - --------------------------------------------------------------------------------- - -via: http://xmodulo.com/ubuntu-snappy-core-raspberry-pi-2.html - -作者:[Ferdinand Thommes][a] -译者:[Ezio](https://github.com/oska874) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出 - -[a]:http://xmodulo.com/author/ferdinand -[1]:http://www.ubuntu.com/things -[2]:http://www.raspberrypi.org/downloads/ -[3]:http://xmodulo.com/write-raspberry-pi-image-sd-card.html -[4]:https://developer.ubuntu.com/en/snappy/ diff --git a/translated/tech/20150730 Howto Configure Nginx as Rreverse Proxy or Load Balancer with Weave and Docker.md b/translated/tech/20150730 Howto Configure Nginx as Rreverse Proxy or Load Balancer with Weave and Docker.md deleted file mode 100644 index f90a1ce76d..0000000000 --- a/translated/tech/20150730 Howto Configure Nginx as Rreverse Proxy or Load Balancer with Weave and Docker.md +++ /dev/null @@ -1,126 +0,0 @@ -如何使用Weave以及Docker搭建Nginx反向代理/负载均衡服务器 -================================================================================ -Hi, 今天我们将会学习如何使用如何使用Weave和Docker搭建Nginx反向代理/负载均衡服务器。Weave创建一个虚拟网络将跨主机部署的Docker容器连接在一起并使它们自动暴露给外部世界。它让我们更加专注于应用的开发,而不是基础架构。Weave提供了一个如此棒的环境,仿佛它的所有容器都属于同个网络,不需要端口/映射/连接等的配置。容器中的应用提供的服务在weave网络中可以轻易地被外部世界访问,不论你的容器运行在哪里。在这个教程里我们将会使用weave快速并且轻易地将nginx web服务器部署为一个负载均衡器,反向代理一个运行在Amazon Web Services里面多个节点上的docker容器中的简单php应用。这里我们将会介绍WeaveDNS,它提供一个简单的方式让容器利用主机名找到彼此,不需要改变代码,并且能够告诉其他容器连接到这些主机名。 - -在这篇教程里,我们需要一个运行的容器集合来配置nginx负载均衡服务器。最简单轻松的方法就是使用Weave在ubuntu的docker容器中搭建nginx负载均衡服务器。 - -### 1. 搭建AWS实例 ### - -首先,我们需要搭建Amzaon Web Service实例,这样才能在ubuntu下用weave跑docker容器。我们将会使用[AWS CLI][1]来搭建和配置两个AWS EC2实例。在这里,我们使用最小的有效实例,t1.micro。我们需要一个有效的**Amazon Web Services账户**用以AWS命令行界面的搭建和配置。我们先在AWS命令行界面下使用下面的命令将github上的weave仓库克隆下来。 - - $ git clone http://github.com/fintanr/weave-gs - $ cd weave-gs/aws-nginx-ubuntu-simple - -在克隆完仓库之后,我们执行下面的脚本,这个脚本将会部署两个t1.micro实例,每个实例中都是ubuntu作为操作系统并用weave跑着docker容器。 - - $ sudo ./demo-aws-setup.sh - -在这里,我们将会在以后用到这些实例的IP地址。这些地址储存在一个weavedemo.env文件中,这个文件在执行demo-aws-setup.sh脚本的期间被创建。为了获取这些IP地址,我们需要执行下面的命令,命令输出类似下面的信息。 - - $ cat weavedemo.env - - export WEAVE_AWS_DEMO_HOST1=52.26.175.175 - export WEAVE_AWS_DEMO_HOST2=52.26.83.141 - export WEAVE_AWS_DEMO_HOSTCOUNT=2 - export WEAVE_AWS_DEMO_HOSTS=(52.26.175.175 52.26.83.141) - -请注意这些不是固定的IP地址,AWS会为我们的实例动态地分配IP地址。 - -我们在bash下执行下面的命令使环境变量生效。 - - . ./weavedemo.env - -### 2. 启动Weave and WeaveDNS ### - -在安装完实例之后,我们将会在每台主机上启动weave以及weavedns。Weave以及weavedns使得我们能够轻易地将容器部署到一个全新的基础架构以及配置中, 不需要改变代码,也不需要去理解像Ambassador容器以及Link机制之类的概念。下面是在第一台主机上启动weave以及weavedns的命令。 - - ssh -i weavedemo-key.pem ubuntu@$WEAVE_AWS_DEMO_HOST1 - $ sudo weave launch - $ sudo weave launch-dns 10.2.1.1/24 - -下一步,我也准备在第二台主机上启动weave以及weavedns。 - - ssh -i weavedemo-key.pem ubuntu@$WEAVE_AWS_DEMO_HOST2 - $ sudo weave launch $WEAVE_AWS_DEMO_HOST1 - $ sudo weave launch-dns 10.2.1.2/24 - -### 3. 启动应用容器 ### - -现在,我们准备跨两台主机启动六个容器,这两台主机都用Apache2 Web服务实例跑着简单的php网站。为了在第一个Apache2 Web服务器实例跑三个容器, 我们将会使用下面的命令。 - - ssh -i weavedemo-key.pem ubuntu@$WEAVE_AWS_DEMO_HOST1 - $ sudo weave run --with-dns 10.3.1.1/24 -h ws1.weave.local fintanr/weave-gs-nginx-apache - $ sudo weave run --with-dns 10.3.1.2/24 -h ws2.weave.local fintanr/weave-gs-nginx-apache - $ sudo weave run --with-dns 10.3.1.3/24 -h ws3.weave.local fintanr/weave-gs-nginx-apache - -在那之后,我们将会在第二个实例上启动另外三个容器,请使用下面的命令。 - - ssh -i weavedemo-key.pem ubuntu@$WEAVE_AWS_DEMO_HOST2 - $ sudo weave run --with-dns 10.3.1.4/24 -h ws4.weave.local fintanr/weave-gs-nginx-apache - $ sudo weave run --with-dns 10.3.1.5/24 -h ws5.weave.local fintanr/weave-gs-nginx-apache - $ sudo weave run --with-dns 10.3.1.6/24 -h ws6.weave.local fintanr/weave-gs-nginx-apache - -注意: 在这里,--with-dns选项告诉容器使用weavedns来解析主机名,-h x.weave.local则使得weavedns能够解析指定主机。 - -### 4. 启动Nginx容器 ### - -在应用容器运行得有如意料中的稳定之后,我们将会启动nginx容器,它将会在六个应用容器服务之间轮询并提供反向代理或者负载均衡。 为了启动nginx容器,请使用下面的命令。 - - ssh -i weavedemo-key.pem ubuntu@$WEAVE_AWS_DEMO_HOST1 - $ sudo weave run --with-dns 10.3.1.7/24 -ti -h nginx.weave.local -d -p 80:80 fintanr/weave-gs-nginx-simple - -因此,我们的nginx容器在$WEAVE_AWS_DEMO_HOST1上公开地暴露成为一个http服务器。 - -### 5. 测试负载均衡服务器 ### - -为了测试我们的负载均衡服务器是否可以工作,我们执行一段可以发送http请求给nginx容器的脚本。我们将会发送6个请求,这样我们就能看到nginx在一次的轮询中服务于每台web服务器之间。 - - $ ./access-aws-hosts.sh - - { - "message" : "Hello Weave - nginx example", - "hostname" : "ws1.weave.local", - "date" : "2015-06-26 12:24:23" - } - { - "message" : "Hello Weave - nginx example", - "hostname" : "ws2.weave.local", - "date" : "2015-06-26 12:24:23" - } - { - "message" : "Hello Weave - nginx example", - "hostname" : "ws3.weave.local", - "date" : "2015-06-26 12:24:23" - } - { - "message" : "Hello Weave - nginx example", - "hostname" : "ws4.weave.local", - "date" : "2015-06-26 12:24:23" - } - { - "message" : "Hello Weave - nginx example", - "hostname" : "ws5.weave.local", - "date" : "2015-06-26 12:24:23" - } - { - "message" : "Hello Weave - nginx example", - "hostname" : "ws6.weave.local", - "date" : "2015-06-26 12:24:23" - } - -### 结束语 ### - -我们最终成功地将nginx配置成一个反向代理/负载均衡服务器,通过使用weave以及运行在AWS(Amazon Web Service)EC2之中的ubuntu服务器里面的docker。从上面的步骤输出可以清楚的看到我们已经成功地配置了nginx。我们可以看到请求在一次循环中被发送到6个应用容器,这些容器在Apache2 Web服务器中跑着PHP应用。在这里,我们部署了一个容器化的PHP应用,使用nginx横跨多台在AWS EC2上的主机而不需要改变代码,利用weavedns使得每个容器连接在一起,只需要主机名就够了,眼前的这些便捷, 都要归功于weave以及weavedns。 如果你有任何的问题、建议、反馈,请在评论中注明,这样我们才能够做得更好,谢谢:-) - --------------------------------------------------------------------------------- - -via: http://linoxide.com/linux-how-to/nginx-load-balancer-weave-docker/ - -作者:[Arun Pyasi][a] -译者:[dingdongnigetou](https://github.com/dingdongnigetou) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:http://linoxide.com/author/arunp/ -[1]:http://console.aws.amazon.com/ diff --git a/translated/tech/20150803 Managing Linux Logs.md b/translated/tech/20150803 Managing Linux Logs.md deleted file mode 100644 index 59b41aa831..0000000000 --- a/translated/tech/20150803 Managing Linux Logs.md +++ /dev/null @@ -1,418 +0,0 @@ -Linux日志管理 -================================================================================ -管理日志的一个关键典型做法是集中或整合你的日志到一个地方,特别是如果你有许多服务器或多层级架构。我们将告诉你为什么这是一个好主意然后给出如何更容易的做这件事的一些小技巧。 - -### 集中管理日志的好处 ### - -如果你有很多服务器,查看单独的一个日志文件可能会很麻烦。现代的网站和服务经常包括许多服务器层级,分布式的负载均衡器,还有更多。这将花费很长时间去获取正确的日志,甚至花更长时间在登录服务器的相关问题上。没什么比发现你找的信息没有被捕获更沮丧的了,或者本能保留答案时正好在重启后丢失了日志文件。 - -集中你的日志使他们查找更快速,可以帮助你更快速的解决产品问题。你不用猜测那个服务器存在问题,因为所有的日志在同一个地方。此外,你可以使用更强大的工具去分析他们,包括日志管理解决方案。一些解决方案能[转换纯文本日志][1]为一些字段,更容易查找和分析。 - -集中你的日志也可以是他们更易于管理: - -- 他们更安全,当他们备份归档一个单独区域时意外或者有意的丢失。如果你的服务器宕机或者无响应,你可以使用集中的日志去调试问题。 -- 你不用担心ssh或者低效的grep命令需要更多的资源在陷入困境的系统。 -- 你不用担心磁盘占满,这个能让你的服务器死机。 -- 你能保持你的产品服务安全性,只是为了查看日志无需给你所有团队登录权限。给你的团队从中心区域访问日志权限更安全。 - -随着集中日志管理,你仍需处理由于网络联通性不好或者用尽大量网络带宽导致不能传输日志到中心区域的风险。在下面的章节我们将要讨论如何聪明的解决这些问题。 - -### 流行的日志归集工具 ### - -在Linux上最常见的日志归集是通过使用系统日志守护进程或者代理。系统日志守护进程支持本地日志的采集,然后通过系统日志协议传输日志到中心服务器。你可以使用很多流行的守护进程来归集你的日志文件: - -- [rsyslog][2]是一个轻量后台程序在大多数Linux分支上已经安装。 -- [syslog-ng][3]是第二流行的Linux系统日志后台程序。 -- [logstash][4]是一个重量级的代理,他可以做更多高级加工和分析。 -- [fluentd][5]是另一个有高级处理能力的代理。 - -Rsyslog是集中日志数据最流行的后台程序因为他在大多数Linux分支上是被默认安装的。你不用下载或安装它,并且它是轻量的,所以不需要占用你太多的系统资源。 - -如果你需要更多先进的过滤或者自定义分析功能,如果你不在乎额外的系统封装Logstash是下一个最流行的选择。 - -### 配置Rsyslog.conf ### - -既然rsyslog成为最广泛使用的系统日志程序,我们将展示如何配置它为日志中心。全局配置文件位于/etc/rsyslog.conf。它加载模块,设置全局指令,和包含应用特有文件位于目录/etc/rsyslog.d中。这些目录包含/etc/rsyslog.d/50-default.conf命令rsyslog写系统日志到文件。在[rsyslog文档][6]你可以阅读更多相关配置。 - -rsyslog配置语言是是[RainerScript][7]。你建立特定的日志输入就像输出他们到另一个目标。Rsyslog已经配置为系统日志输入的默认标准,所以你通常只需增加一个输出到你的日志服务器。这里有一个rsyslog输出到一个外部服务器的配置例子。在举例中,**BEBOP**是一个服务器的主机名,所以你应该替换为你的自己的服务器名。 - - action(type="omfwd" protocol="tcp" target="BEBOP" port="514") - -你可以发送你的日志到一个有丰富存储的日志服务器来存储,提供查询,备份和分析。如果你正存储日志在文件系统,然后你应该建立[日志转储][8]来防止你的磁盘报满。 - -作为一种选择,你可以发送这些日志到一个日志管理方案。如果你的解决方案是安装在本地你可以发送到您的本地系统文档中指定主机和端口。如果你使用基于云提供商,你将发送他们到你的提供商特定的主机名和端口。 - -### 日志目录 ### - -你可以归集一个目录或者匹配一个通配符模式的所有文件。nxlog和syslog-ng程序支持目录和通配符(*)。 - -rsyslog的通用形式不支持直接的监控目录。一种解决方案,你可以设置一个定时任务去监控这个目录的新文件,然后配置rsyslog来发送这些文件到目的地,比如你的日志管理系统。作为一个例子,日志管理提供商Loggly有一个开源版本的[目录监控脚本][9]。 - -### 哪个协议: UDP, TCP, or RELP? ### - -当你使用网络传输数据时,你可以选择三个主流的协议。UDP在你自己的局域网是最常用的,TCP是用在互联网。如果你不能失去日志,就要使用更高级的RELP协议。 - -[UDP][10]发送一个数据包,那只是一个简单的包信息。它是一个只外传的协议,所以他不发送给你回执(ACK)。它只尝试发送包。当网络拥堵时,UDP通常会巧妙的降级或者丢弃日志。它通常使用在类似局域网的可靠网络。 - -[TCP][11]通过多个包和返回确认发送流信息。TCP会多次尝试发送数据包,但是受限于[TCP缓存][12]大小。这是在互联网上发送送日志最常用的协议。 - -[RELP][13]是这三个协议中最可靠的,但是它是为rsyslog创建而且很少有行业应用。它在应用层接收数据然后再发出是否有错误。确认你的目标也支持这个协议。 - -### 用磁盘辅助队列可靠的传送 ### - -如果rsyslog在存储日志时遭遇错误,例如一个不可用网络连接,他能将日志排队直到连接还原。队列日志默认被存储在内存里。无论如何,内存是有限的并且如果问题仍然存在,日志会超出内存容量。 - -**警告:如果你只存储日志到内存,你可能会失去数据。** - -Rsyslog能在内存被占满时将日志队列放到磁盘。[磁盘辅助队列][14]使日志的传输更可靠。这里有一个例子如何配置rsyslog的磁盘辅助队列: - - $WorkDirectory /var/spool/rsyslog # where to place spool files - $ActionQueueFileName fwdRule1 # unique name prefix for spool files - $ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible) - $ActionQueueSaveOnShutdown on # save messages to disk on shutdown - $ActionQueueType LinkedList # run asynchronously - $ActionResumeRetryCount -1 # infinite retries if host is down - -### 使用TLS加密日志 ### - -当你的安全隐私数据是一个关心的事,你应该考虑加密你的日志。如果你使用纯文本在互联网传输日志,嗅探器和中间人可以读到你的日志。如果日志包含私人信息、敏感的身份数据或者政府管制数据,你应该加密你的日志。rsyslog程序能使用TLS协议加密你的日志保证你的数据更安全。 - -建立TLS加密,你应该做如下任务: - -1. 生成一个[证书授权][15](CA)。在/contrib/gnutls有一些简单的证书,只是有助于测试,但是你需要创建自己的产品证书。如果你正在使用一个日志管理服务,它将有一个证书给你。 -1. 为你的服务器生成一个[数字证书][16]使它能SSL运算,或者使用你自己的日志管理服务提供商的一个数字证书。 -1. 配置你的rsyslog程序来发送TLS加密数据到你的日志管理系统。 - -这有一个rsyslog配置TLS加密的例子。替换CERT和DOMAIN_NAME为你自己的服务器配置。 - - $DefaultNetstreamDriverCAFile /etc/rsyslog.d/keys/ca.d/CERT.crt - $ActionSendStreamDriver gtls - $ActionSendStreamDriverMode 1 - $ActionSendStreamDriverAuthMode x509/name - $ActionSendStreamDriverPermittedPeer *.DOMAIN_NAME.com - -### 应用日志的最佳管理方法 ### - -除Linux默认创建的日志之外,归集重要的应用日志也是一个好主意。几乎所有基于Linux的服务器的应用把他们的状态信息写入到独立专门的日志文件。这包括数据库产品,像PostgreSQL或者MySQL,网站服务器像Nginx或者Apache,防火墙,打印和文件共享服务还有DNS服务等等。 - -管理员要做的第一件事是安装一个应用后配置它。Linux应用程序典型的有一个.conf文件在/etc目录里。它也可能在其他地方,但是那是大家找配置文件首先会看的地方。 - -根据应用程序有多复杂多庞大,可配置参数的数量可能会很少或者上百行。如前所述,大多数应用程序可能会在某种日志文件写他们的状态:配置文件是日志设置的地方定义了其他的东西。 - -如果你不确定它在哪,你可以使用locate命令去找到它: - - [root@localhost ~]# locate postgresql.conf - /usr/pgsql-9.4/share/postgresql.conf.sample - /var/lib/pgsql/9.4/data/postgresql.conf - -#### 设置一个日志文件的标准位置 #### - -Linux系统一般保存他们的日志文件在/var/log目录下。如果是,很好,如果不是,你也许想在/var/log下创建一个专用目录?为什么?因为其他程序也在/var/log下保存他们的日志文件,如果你的应用报错多于一个日志文件 - 也许每天一个或者每次重启一个 - 通过这么大的目录也许有点难于搜索找到你想要的文件。 - -如果你有多于一个的应用实例在你网络运行,这个方法依然便利。想想这样的情景,你也许有一打web服务器在你的网络运行。当排查任何一个盒子的问题,你将知道确切的位置。 - -#### 使用一个标准的文件名 #### - -给你的应用最新的日志使用一个标准的文件名。这使一些事变得容易,因为你可以监控和追踪一个单独的文件。很多应用程序在他们的日志上追加一种时间戳。他让rsyslog更难于找到最新的文件和设置文件监控。一个更好的方法是使用日志转储增加时间戳到老的日志文件。这样更易去归档和历史查询。 - -#### 追加日志文件 #### - -日志文件会在每个应用程序重启后被覆盖?如果这样,我们建议关掉它。每次重启app后应该去追加日志文件。这样,你就可以追溯重启前最后的日志。 - -#### 日志文件追加 vs. 转储 #### - -虽然应用程序每次重启后写一个新日志文件,如何保存当前日志?追加到一个单独文件,巨大的文件?Linux系统不是因频繁重启或者崩溃出名的:应用程序可以运行很长时间甚至不间歇,但是也会使日志文件非常大。如果你查询分析上周发生连接错误的原因,你可能无疑的要在成千上万行里搜索。 - -我们建议你配置应用每天半晚转储它的日志文件。 - -为什么?首先它将变得可管理。找一个有特定日期部分的文件名比遍历一个文件指定日期的条目更容易。文件也小的多:你不用考虑当你打开一个日志文件时vi僵住。第二,如果你正发送日志到另一个位置 - 也许每晚备份任务拷贝到归集日志服务器 - 这样不会消耗你的网络带宽。最后第三点,这样帮助你做日志保持。如果你想剔除旧的日志记录,这样删除超过指定日期的文件比一个应用解析一个大文件更容易。 - -#### 日志文件的保持 #### - -你保留你的日志文件多长时间?这绝对可以归结为业务需求。你可能被要求保持一个星期的日志信息,或者管理要求保持一年的数据。无论如何,日志需要在一个时刻或其他从服务器删除。 - -在我们看来,除非必要,只在线保持最近一个月的日志文件,加上拷贝他们到第二个地方如日志服务器。任何比这更旧的日志可以被转到一个单独的介质上。例如,如果你在AWS上,你的旧日志可以被拷贝到Glacier。 - -#### 给日志单独的磁盘分区 #### - -Linux最典型的方式通常建议挂载到/var目录到一个单独度的文件系统。这是因为这个目录的高I/Os。我们推荐挂在/var/log目录到一个单独的磁盘系统下。这样可以节省与主应用的数据I/O竞争。另外,如果一些日志文件变的太多,或者一个文件变的太大,不会占满整个磁盘。 - -#### 日志条目 #### - -每个日志条目什么信息应该被捕获? - -这依赖于你想用日志来做什么。你只想用它来排除故障,或者你想捕获所有发生的事?这是一个规则条件去捕获每个用户在运行什么或查看什么? - -如果你正用日志做错误排查的目的,只保存错误,报警或者致命信息。没有理由去捕获调试信息,例如,应用也许默认记录了调试信息或者另一个管理员也许为了故障排查使用打开了调试信息,但是你应该关闭它,因为它肯定会很快的填满空间。在最低限度上,捕获日期,时间,客户端应用名,原ip或者客户端主机名,执行动作和它自身信息。 - -#### 一个PostgreSQL的实例 #### - -作为一个例子,让我们看看vanilla(这是一个开源论坛)PostgreSQL 9.4安装主配置文件。它叫做postgresql.conf与其他Linux系统中的配置文件不同,他不保存在/etc目录下。在代码段下,我们可以在我们的Centos 7服务器的/var/lib/pgsql目录下看见: - - root@localhost ~]# vi /var/lib/pgsql/9.4/data/postgresql.conf - ... - #------------------------------------------------------------------------------ - # ERROR REPORTING AND LOGGING - #------------------------------------------------------------------------------ - # - Where to Log - - log_destination = 'stderr' - # Valid values are combinations of - # stderr, csvlog, syslog, and eventlog, - # depending on platform. csvlog - # requires logging_collector to be on. - # This is used when logging to stderr: - logging_collector = on - # Enable capturing of stderr and csvlog - # into log files. Required to be on for - # csvlogs. - # (change requires restart) - # These are only used if logging_collector is on: - log_directory = 'pg_log' - # directory where log files are written, - # can be absolute or relative to PGDATA - log_filename = 'postgresql-%a.log' # log file name pattern, - # can include strftime() escapes - # log_file_mode = 0600 . - # creation mode for log files, - # begin with 0 to use octal notation - log_truncate_on_rotation = on # If on, an existing log file with the - # same name as the new log file will be - # truncated rather than appended to. - # But such truncation only occurs on - # time-driven rotation, not on restarts - # or size-driven rotation. Default is - # off, meaning append to existing files - # in all cases. - log_rotation_age = 1d - # Automatic rotation of logfiles will happen after that time. 0 disables. - log_rotation_size = 0 # Automatic rotation of logfiles will happen after that much log output. 0 disables. - # These are relevant when logging to syslog: - #syslog_facility = 'LOCAL0' - #syslog_ident = 'postgres' - # This is only relevant when logging to eventlog (win32): - #event_source = 'PostgreSQL' - # - When to Log - - #client_min_messages = notice # values in order of decreasing detail: - # debug5 - # debug4 - # debug3 - # debug2 - # debug1 - # log - # notice - # warning - # error - #log_min_messages = warning # values in order of decreasing detail: - # debug5 - # debug4 - # debug3 - # debug2 - # debug1 - # info - # notice - # warning - # error - # log - # fatal - # panic - #log_min_error_statement = error # values in order of decreasing detail: - # debug5 - # debug4 - # debug3 - # debug2 - # debug1 - # info - # notice - # warning - # error - # log - # fatal - # panic (effectively off) - #log_min_duration_statement = -1 # -1 is disabled, 0 logs all statements - # and their durations, > 0 logs only - # statements running at least this number - # of milliseconds - # - What to Log - #debug_print_parse = off - #debug_print_rewritten = off - #debug_print_plan = off - #debug_pretty_print = on - #log_checkpoints = off - #log_connections = off - #log_disconnections = off - #log_duration = off - #log_error_verbosity = default - # terse, default, or verbose messages - #log_hostname = off - log_line_prefix = '< %m >' # special values: - # %a = application name - # %u = user name - # %d = database name - # %r = remote host and port - # %h = remote host - # %p = process ID - # %t = timestamp without milliseconds - # %m = timestamp with milliseconds - # %i = command tag - # %e = SQL state - # %c = session ID - # %l = session line number - # %s = session start timestamp - # %v = virtual transaction ID - # %x = transaction ID (0 if none) - # %q = stop here in non-session - # processes - # %% = '%' - # e.g. '<%u%%%d> ' - #log_lock_waits = off # log lock waits >= deadlock_timeout - #log_statement = 'none' # none, ddl, mod, all - #log_temp_files = -1 # log temporary files equal or larger - # than the specified size in kilobytes;5# -1 disables, 0 logs all temp files5 - log_timezone = 'Australia/ACT' - -虽然大多数参数被加上了注释,他们呈现了默认数值。我们可以看见日志文件目录是pg_log(log_directory参数),文件名应该以postgresql开头(log_filename参数),文件每天转储一次(log_rotation_age参数)然后日志记录以时间戳开头(log_line_prefix参数)。特别说明有趣的是log_line_prefix参数:你可以包含很多整体丰富的信息在这。 - -看/var/lib/pgsql/9.4/data/pg_log目录下展现给我们这些文件: - - [root@localhost ~]# ls -l /var/lib/pgsql/9.4/data/pg_log - total 20 - -rw-------. 1 postgres postgres 1212 May 1 20:11 postgresql-Fri.log - -rw-------. 1 postgres postgres 243 Feb 9 21:49 postgresql-Mon.log - -rw-------. 1 postgres postgres 1138 Feb 7 11:08 postgresql-Sat.log - -rw-------. 1 postgres postgres 1203 Feb 26 21:32 postgresql-Thu.log - -rw-------. 1 postgres postgres 326 Feb 10 01:20 postgresql-Tue.log - -所以日志文件命只有工作日命名的标签。我们可以改变他。如何做?在postgresql.conf配置log_filename参数。 - -查看一个日志内容,它的条目仅以日期时间开头: - - [root@localhost ~]# cat /var/lib/pgsql/9.4/data/pg_log/postgresql-Fri.log - ... - < 2015-02-27 01:21:27.020 EST >LOG: received fast shutdown request - < 2015-02-27 01:21:27.025 EST >LOG: aborting any active transactions - < 2015-02-27 01:21:27.026 EST >LOG: autovacuum launcher shutting down - < 2015-02-27 01:21:27.036 EST >LOG: shutting down - < 2015-02-27 01:21:27.211 EST >LOG: database system is shut down - -### 集中应用日志 ### - -#### 使用Imfile监控日志 #### - -习惯上,应用通常记录他们数据在文件里。文件容易在一个机器上寻找但是多台服务器上就不是很恰当了。你可以设置日志文件监控然后当新的日志被添加到底部就发送事件到一个集中服务器。在/etc/rsyslog.d/里创建一个新的配置文件然后增加一个文件输入,像这样: - - $ModLoad imfile - $InputFilePollInterval 10 - $PrivDropToGroup adm - ----------- - - # Input for FILE1 - $InputFileName /FILE1 - $InputFileTag APPNAME1 - $InputFileStateFile stat-APPNAME1 #this must be unique for each file being polled - $InputFileSeverity info - $InputFilePersistStateInterval 20000 - $InputRunFileMonitor - -替换FILE1和APPNAME1位你自己的文件和应用名称。Rsyslog将发送它到你配置的输出中。 - -#### 本地套接字日志与Imuxsock #### - -套接字类似UNIX文件句柄,所不同的是套接字内容是由系统日志程序读取到内存中,然后发送到目的地。没有文件需要被写入。例如,logger命令发送他的日志到这个UNIX套接字。 - -如果你的服务器I/O有限或者你不需要本地文件日志,这个方法使系统资源有效利用。这个方法缺点是套接字有队列大小的限制。如果你的系统日志程序宕掉或者不能保持运行,然后你可能会丢失日志数据。 - -rsyslog程序将默认从/dev/log套接字中种读取,但是你要用[imuxsock输入模块][17]如下命令使它生效: - - $ModLoad imuxsock - -#### UDP日志与Imupd #### - -一些应用程序使用UDP格式输出日志数据,这是在网络上或者本地传输日志文件的标准系统日志协议。你的系统日志程序收集这些日志然后处理他们或者用不同的格式传输他们。交替地,你可以发送日志到你的日志服务器或者到一个日志管理方案中。 - -使用如下命令配置rsyslog来接收标准端口514的UDP系统日志数据: - - $ModLoad imudp - ----------- - - $UDPServerRun 514 - -### 用Logrotate管理日志 ### - -日志转储是当日志到达指定的时期时自动归档日志文件的方法。如果不介入,日志文件一直增长,会用尽磁盘空间。最后他们将破坏你的机器。 - -logrotate实例能随着日志的日期截取你的日志,腾出空间。你的新日志文件保持文件名。你的旧日志文件被重命名为后缀加上数字。每次logrotate实例运行,一个新文件被建立然后现存的文件被逐一重命名。你来决定何时旧文件被删除或归档的阈值。 - -当logrotate拷贝一个文件,新的文件已经有一个新的索引节点,这会妨碍rsyslog监控新文件。你可以通过增加copytruncate参数到你的logrotate定时任务来缓解这个问题。这个参数拷贝现有的日志文件内容到新文件然后从现有文件截短这些内容。这个索引节点从不改变,因为日志文件自己保持不变;它的内容是一个新文件。 - -logrotate实例使用的主配置文件是/etc/logrotate.conf,应用特有设置在/etc/logrotate.d/目录下。DigitalOcean有一个详细的[logrotate教程][18] - -### 管理很多服务器的配置 ### - -当你只有很少的服务器,你可以登陆上去手动配置。一旦你有几打或者更多服务器,你可以用高级工具使这变得更容易和更可扩展。基本上,所有的事情就是拷贝你的rsyslog配置到每个服务器,然后重启rsyslog使更改生效。 - -#### Pssh #### - -这个工具可以让你在很多服务器上并行的运行一个ssh命令。使用pssh部署只有一小部分的服务器。如果你其中一个服务器失败,然后你必须ssh到失败的服务器,然后手动部署。如果你有很多服务器失败,那么手动部署他们会话费很长时间。 - -#### Puppet/Chef #### - -Puppet和Chef是两个不同的工具,他们能在你的网络按你规定的标准自动的配置所有服务器。他们的报表工具使你知道关于错误然后定期重新同步。Puppet和Chef有一些狂热的支持者。如果你不确定那个更适合你的部署配置管理,你可以领会一下[InfoWorld上这两个工具的对比][19] - -一些厂商也提供一些配置rsyslog的模块或者方法。这有一个Loggly上Puppet模块的例子。它提供给rsyslog一个类,你可以添加一个标识令牌: - - node 'my_server_node.example.net' { - # Send syslog events to Loggly - class { 'loggly::rsyslog': - customer_token => 'de7b5ccd-04de-4dc4-fbc9-501393600000', - } - } - -#### Docker #### - -Docker使用容器去运行应用不依赖底层服务。所有东西都从内部的容器运行,你可以想象为一个单元功能。ZDNet有一个深入文章关于在你的数据中心[使用Docker][20]。 - -这有很多方式从Docker容器记录日志,包括链接到一个日志容器,记录到一个共享卷,或者直接在容器里添加一个系统日志代理。其中最流行的日志容器叫做[logspout][21]。 - -#### 供应商的脚本或代理 #### - -大多数日志管理方案提供一些脚本或者代理,从一个或更多服务器比较简单的发送数据。重量级代理会耗尽额外的系统资源。一些供应商像Loggly提供配置脚本,来使用现存的系统日志程序更轻松。这有一个Loggly上的例子[脚本][22],它能运行在任意数量的服务器上。 - --------------------------------------------------------------------------------- - -via: http://www.loggly.com/ultimate-guide/logging/managing-linux-logs/ - -作者:[Jason Skowronski][a1] -作者:[Amy Echeverri][a2] -作者:[Sadequl Hussain][a3] -译者:[wyangsun](https://github.com/wyangsun) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a1]:https://www.linkedin.com/in/jasonskowronski -[a2]:https://www.linkedin.com/in/amyecheverri -[a3]:https://www.linkedin.com/pub/sadequl-hussain/14/711/1a7 -[1]:https://docs.google.com/document/d/11LXZxWlkNSHkcrCWTUdnLRf_CiZz9kK0cr3yGM_BU_0/edit#heading=h.esrreycnpnbl -[2]:http://www.rsyslog.com/ -[3]:http://www.balabit.com/network-security/syslog-ng/opensource-logging-system -[4]:http://logstash.net/ -[5]:http://www.fluentd.org/ -[6]:http://www.rsyslog.com/doc/rsyslog_conf.html -[7]:http://www.rsyslog.com/doc/master/rainerscript/index.html -[8]:https://docs.google.com/document/d/11LXZxWlkNSHkcrCWTUdnLRf_CiZz9kK0cr3yGM_BU_0/edit#heading=h.eck7acdxin87 -[9]:https://www.loggly.com/docs/file-monitoring/ -[10]:http://www.networksorcery.com/enp/protocol/udp.htm -[11]:http://www.networksorcery.com/enp/protocol/tcp.htm -[12]:http://blog.gerhards.net/2008/04/on-unreliability-of-plain-tcp-syslog.html -[13]:http://www.rsyslog.com/doc/relp.html -[14]:http://www.rsyslog.com/doc/queues.html -[15]:http://www.rsyslog.com/doc/tls_cert_ca.html -[16]:http://www.rsyslog.com/doc/tls_cert_machine.html -[17]:http://www.rsyslog.com/doc/v8-stable/configuration/modules/imuxsock.html -[18]:https://www.digitalocean.com/community/tutorials/how-to-manage-log-files-with-logrotate-on-ubuntu-12-10 -[19]:http://www.infoworld.com/article/2614204/data-center/puppet-or-chef--the-configuration-management-dilemma.html -[20]:http://www.zdnet.com/article/what-is-docker-and-why-is-it-so-darn-popular/ -[21]:https://github.com/progrium/logspout -[22]:https://www.loggly.com/docs/sending-logs-unixlinux-system-setup/ diff --git a/translated/tech/20150813 Howto Run JBoss Data Virtualization GA with OData in Docker Container.md b/translated/tech/20150813 Howto Run JBoss Data Virtualization GA with OData in Docker Container.md new file mode 100644 index 0000000000..4d14bbc904 --- /dev/null +++ b/translated/tech/20150813 Howto Run JBoss Data Virtualization GA with OData in Docker Container.md @@ -0,0 +1,105 @@ +如何在 Docker 容器中运行支持 OData 的 JBoss 数据虚拟化 GA +Howto Run JBoss Data Virtualization GA with OData in Docker Container +================================================================================ +大家好,我们今天来学习如何在一个 Docker 容器中运行支持 OData(译者注:Open Data Protocol,开放数据协议) 的 JBoss 数据虚拟化 6.0.0 GA(译者注:GA,General Availability,具体定义可以查看[WIKI][4])。JBoss 数据虚拟化是数据提供和集成解决方案平台,有多种分散的数据源时,转换为一种数据源统一对待,在正确的时间将所需数据传递给任意的应用或者用户。JBoss 数据虚拟化可以帮助我们将数据快速组合和转换为可重用的商业友好的数据模型,通过开放标准接口简单可用。它提供全面的数据抽取、联合、集成、转换,以及传输功能,将来自一个或多个源的数据组合为可重复使用和共享的灵活数据。要了解更多关于 JBoss 数据虚拟化的信息,可以查看它的[官方文档][1]。Docker 是一个提供开放平台用于打包,装载和以轻量级容器运行任何应用的开源平台。使用 Docker 容器我们可以轻松处理和启用支持 OData 的 JBoss 数据虚拟化。 + +下面是该指南中在 Docker 容器中运行支持 OData 的 JBoss 数据虚拟化的简单步骤。 + +### 1. 克隆仓库 ### + +首先,我们要用 git 命令从 [https://github.com/jbossdemocentral/dv-odata-docker-integration-demo][2] 克隆带数据虚拟化的 OData 仓库。假设我们的机器上运行着 Ubuntu 15.04 linux 发行版。我们要使用 apt-get 命令安装 git。 + + # apt-get install git + +安装完 git 之后,我们运行下面的命令克隆仓库。 + + # git clone https://github.com/jbossdemocentral/dv-odata-docker-integration-demo + + Cloning into 'dv-odata-docker-integration-demo'... + remote: Counting objects: 96, done. + remote: Total 96 (delta 0), reused 0 (delta 0), pack-reused 96 + Unpacking objects: 100% (96/96), done. + Checking connectivity... done. + +### 2. 下载 JBoss 数据虚拟化安装器 ### + +现在,我们需要从下载页 [http://www.jboss.org/products/datavirt/download/][3] 下载 JBoss 数据虚拟化安装器。下载了 **jboss-dv-installer-6.0.0.GA-redhat-4.jar** 后,我们把它保存在名为 **software** 的目录下。 + +### 3. 创建 Docker 镜像 ### + +下一步,下载了 JBoss 数据虚拟化安装器之后,我们打算使用 Dockerfile 和刚从仓库中克隆的资源创建 docker 镜像。 + + # cd dv-odata-docker-integration-demo/ + # docker build -t jbossdv600 . + + ... + Step 22 : USER jboss + ---> Running in 129f701febd0 + ---> 342941381e37 + Removing intermediate container 129f701febd0 + Step 23 : EXPOSE 8080 9990 31000 + ---> Running in 61e6d2c26081 + ---> 351159bb6280 + Removing intermediate container 61e6d2c26081 + Step 24 : CMD $JBOSS_HOME/bin/standalone.sh -c standalone.xml -b 0.0.0.0 -bmanagement 0.0.0.0 + ---> Running in a9fed69b3000 + ---> 407053dc470e + Removing intermediate container a9fed69b3000 + Successfully built 407053dc470e + +注意:在这里我们假设你已经安装了 docker 并正在运行。 + +### 4. 启动 Docker 容器 ### + +创建了支持 oData 的 JBoss 数据虚拟化 Docker 镜像之后,我们打算运行 docker 容器并用 -P 标签指定端口。我们运行下面的命令来实现。 + + # docker run -p 8080:8080 -d -t jbossdv600 + + 7765dee9cd59c49ca26850e88f97c21f46859d2dc1d74166353d898773214c9c + +### 5. 获取容器 IP ### + +启动了 Docker 容器之后,我们想要获取正在运行的 docker 容器的 IP 地址。要做到这点,我们运行后面添加了正在运行容器 id 号的 docker inspect 命令。 + + # docker inspect <$containerID> + + ... + "NetworkSettings": { + "Bridge": "", + "EndpointID": "3e94c5900ac5954354a89591a8740ce2c653efde9232876bc94878e891564b39", + "Gateway": "172.17.42.1", + "GlobalIPv6Address": "", + "GlobalIPv6PrefixLen": 0, + "HairpinMode": false, + "IPAddress": "172.17.0.8", + "IPPrefixLen": 16, + "IPv6Gateway": "", + "LinkLocalIPv6Address": "", + "LinkLocalIPv6PrefixLen": 0, + +### 6. Web 界面 ### +### 6. Web Interface ### + +现在,如果一切如期望的那样进行,当我们用浏览器打开 http://container-ip:8080/ 和 http://container-ip:9990 时会看到支持 oData 的 JBoss 数据虚拟化登录界面和 JBoss 管理界面。管理验证的用户名和密码分别是 admin 和 redhat1!数据虚拟化验证的用户名和密码都是 user。之后,我们可以通过 web 界面在内容间导航。 + +**注意**: 强烈建议在第一次登录后尽快修改密码。 + +### 总结 ### + +终于我们成功地运行了跑着支持 OData 多源虚拟数据库的 JBoss 数据虚拟化 的 Docker 容器。JBoss 数据虚拟化真的是一个很棒的平台,它为多种不同来源的数据进行虚拟化,并将它们转换为商业友好的数据模型,产生通过开放标准接口简单可用的数据。使用 Docker 技术可以简单、安全、快速地部署支持 OData 多源虚拟数据库的 JBoss 数据虚拟化。如果你有任何疑问、建议或者反馈,请在下面的评论框中写下来,以便我们可以改进和更新内容。非常感谢!Enjoy:-) + +-------------------------------------------------------------------------------- + +via: http://linoxide.com/linux-how-to/run-jboss-data-virtualization-ga-odata-docker-container/ + +作者:[Arun Pyasi][a] +译者:[ictlyh](http://www.mutouxiaogui.cn/blog) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://linoxide.com/author/arunp/ +[1]:http://www.redhat.com/en/technologies/jboss-middleware/data-virtualization +[2]:https://github.com/jbossdemocentral/dv-odata-docker-integration-demo +[3]:http://www.jboss.org/products/datavirt/download/ +[4]:https://en.wikipedia.org/wiki/Software_release_life_cycle#General_availability_.28GA.29 \ No newline at end of file diff --git a/translated/tech/20150813 Linux file system hierarchy v2.0.md b/translated/tech/20150813 Linux file system hierarchy v2.0.md deleted file mode 100644 index 6f92d3bb53..0000000000 --- a/translated/tech/20150813 Linux file system hierarchy v2.0.md +++ /dev/null @@ -1,432 +0,0 @@ -translating by tnuoccalanosrep -Linux文件系统结构 v2.0 -================================================================================ -Linux中的文件是什么?它的文件系统又是什么?那些配置文件又在哪里?我下载好的程序保存在哪里了?好了,上图简明地阐释了Linux的文件系统的层次关系。当你苦于寻找配置文件或者二进制文件的时候,这便显得十分有用了。我在下方添加了一些解释以及例子,但“篇幅过长,没有阅读”。 - -有一种情况便是当你在系统中获取配置以及二进制文件时,出现了不一致性问题,如果你是一个大型组织,或者只是一个终端用户,这也有可能会破坏你的系统(比如,二进制文件运行在就旧的库文件上了)。若然你在你的Linux系统上做安全审计([security audit of your Linux system][1])的话,你将会发现它很容易遭到不同的攻击。所以,清洁操作(无论是Windows还是Linux)都显得十分重要。 -### What is a file in Linux? ### -Linux的文件是什么? -对于UNIX系统来说(同样适用于Linux),以下便是对文件简单的描述: -> 在UNIX系统中,一切皆为文件;若非文件,则为进程 - -> 这种定义是比较正确的,因为有些特殊的文件不仅仅是普通文件(比如命名管道和套接字),不过为了让事情变的简单,“一切皆为文件”也是一个可以让人接受的说法。Linux系统也像UNXI系统一样,将文件和目录视如同物,因为目录只是一个包含了其他文件名的文件而已。程序,服务,文本,图片等等,都是文件。对于系统来说,输入和输出设备,基本上所有的设备,都被当做是文件。 -![](http://www.blackmoreops.com/wp-content/uploads/2015/06/Linux-file-system-hierarchy-v2.0-2480px-blackMORE-Ops.png) - -- Version 2.0 – 17-06-2015 - - – Improved: 添加标题以及版本历史 - - – Improved: 添加/srv,/meida和/proc - - – Improved: 更新了反映当前的Linux文件系统的描述 - - – Fixed: 多处的打印错误 - - – Fixed: 外观和颜色 -- Version 1.0 – 14-02-2015 - - – Created: 基本的图表 - - – Note: 摒弃更低的版本 - -### Download Links ### -以下是结构图的下载地址。如果你需要其他结构,请跟原作者联系,他会尝试制作并且上传到某个地方以供下载 -- [Large (PNG) Format – 2480×1755 px – 184KB][2] -- [Largest (PDF) Format – 9919x7019 px – 1686KB][3] - -**注意**: PDF格式文件是打印的最好选择,因为它画质很高。 -### Linux 文件系统描述 ### -为了有序地管理那些文件,人们习惯把这些文件当做是硬盘上的有序的类树结构体,正如我们熟悉的'MS-DOS'(硬盘操作系统)。大的分枝包括更多的分枝,分枝的末梢是树的叶子或者普通的文件。现在我们将会以这树形图为例,但晚点我们会发现为什么这不是一个完全准确的一幅图。 -注:表格 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Directory(目录)Description(描述)
-
/
-
主层次 的根,也是整个文件系统层次结构的根目录
-
/bin
-
存放在单用户模式可用的必要命令二进制文件,对于所有用户而言,则是像cat,ls,cp等等的文件
-
/boot
-
存放引导加载程序文件,例如kernels,initrd等
-
/dev
-
存放必要的设备文件
-
/etc
-
存放主机特定的系统范围内的配置文件。其实这里有个关于它名字本身意义上的的争议。在贝尔实验室的早期UNIX实施文档版本中,/etc表示是“其他目录”,因为从历史上看,这个目录是存放各种不属于其他目录的文件(然而,FSH(文件系统目录标准)限定 /ect是用于存放静态配置文件,这里不该存有二进制文件)。早期文档出版后,这个目录名又重新定义成不同的形式。近期的解释中包含着诸如“可编辑文本配置”或者“额外的工具箱”这样的重定义
-
-
-
/opt
-
-
-
存储着新增包的配置文件 /opt/.
-
-
-
/sgml
-
-
-
存放配置文件,比如目录,还有那些处理SGML(译者注:标准通用标记语言)的软件的配置文件
-
-
-
/X11
-
-
-
X Window系统的配置文件,版本号为11
-
-
-
/xml
-
-
-
配置文件,比如目录,处理XML(译者注:可扩展标记语言)的软件的配置文件
-
/home
-
用户的主目录,包括保存的文件, 个人配置, 等等.
-
/lib
-
/bin/ and /sbin/中的二进制文件必不可少的库文件
-
/lib<qual>
-
备用格式的必要的库文件. 这样的目录视可选的,但如果他们存在的话, 他们还有一些要求.
-
/media
-
可移动的多媒体(如CD-ROMs)的挂载点.(出现于 FHS-2.3)
-
/mnt
-
临时挂载的文件系统
-
/opt
-
自定义应用程序软件包
-
/proc
-
以文件形式提供进程以及内核信息的虚拟文件系统,在Linux中,对应进程文件系统的挂载点
-
/root
-
根用户的主目录
-
/sbin
-
必要系统二进制文件, 比如, init, ip, mount.
-
/srv
-
系统提供的站点特定数据
-
/tmp
-
临时文件 (另见 /var/tmp). 通常在系统重启后删除
-
/usr
-
二级层级 存储用户的只读数据; 包含(多)用户主要的公共文件以及应用程序
-
-
-
/bin
-
-
-
非必要的命令二进制文件 (在单用户模式中不需要用到的); 用于所有用户.
-
-
-
/include
-
-
-
标准的包含文件
-
-
-
/lib
-
-
-
库文件,用于/usr/bin//usr/sbin/.中的二进制文件
-
-
-
/lib<qual>
-
-
-
备用格式库(可选的).
-
-
-
/local
-
-
-
三级层次 用于本地数据, 具体到该主机上的.通常会有下一个子目录, 比如, bin/, lib/, share/.
-
-
-
/sbin
-
-
-
非必要系统的二进制文件, 比如,用于不同网络服务的守护进程
-
-
-
/share
-
-
-
独立架构的 (共享) 数据.
-
-
-
/src
-
-
-
源代码, 比如, 内核源文件以及与它相关的头文件
-
-
-
/X11R6
-
-
-
X Window系统,版本号:11,发行版本:6
-
/var
-
各式各样的文件,一些随着系统常规操作而持续改变的文件就放在这里,比如日志文件,脱机文件,还有临时的电子邮件文件
-
-
-
/cache
-
-
-
应用程序缓存数据. 这些数据是根据I/O(输入/输出)的耗时结果或者是运算生成的.这些应用程序是可以重新生成或者恢复数据的.当没有数据丢失的时候,可以删除缓存文件.
-
-
-
/lib
-
-
-
状态信息.这些信息随着程序的运行而不停地改变,比如,数据库,系统元数据的打包等等
-
-
-
/lock
-
-
-
锁文件。这些文件会持续监控正在使用的资源
-
-
-
/log
-
-
-
日志文件. 包含各种日志.
-
-
-
/mail
-
-
-
内含用户邮箱的相关文件
-
-
-
/opt
-
-
-
来自附加包的各种数据都会存储在 /opt/.
-
-
-
/run
-
-
-
Information about the running system since last boot, e.g., currently logged-in users and running daemons.存放当前系统上次启动的相关信息, 例如, 当前登入的用户以及当前运行的daemons(守护进程).
-
-
-
/spool
-
-
-
该spool主要用于存放将要被处理的任务, 比如, 打印队列以及邮件传出队列
-
-
-
-
-
/mail
-
-
-
-
-
过时的位置,用于放置用户邮箱文件
-
-
-
/tmp
-
-
-
存放重启之前的临时接口
- -### Types of files in Linux ### -### Linux的文件类型 ### -大多数文件也仅仅是文件,他们被称为`regular`文件;他们包含普通数据,比如,文本,可执行文件,或者程序,程序输入或输出文件等等 -While it is reasonably safe to suppose that everything you encounter on a Linux system is a file, there are some exceptions. -虽然你可以认为“在Linux中,一切你看到的皆为文件”这个观点相当保险,但这里仍有着一些例外。 - -- `目录`:由其他文件组成的文件 -- `特殊文件`:用于输入和输出的途径。大多数特殊文件都储存在`/dev`中,我们将会在后面讨论这个问题。 -- `链接文件`:让文件或者目录在系统文件树结构上可见的机制。我们将详细地讨论这个链接文件。 -- `(域)套接字`:特殊的文件类型,和TCP/IP协议中的套接字有点像,提供进程网络,并受文件系统的访问控制机制保护。 --`命名管道` : 或多或少有点像sockets(套接字),提供一个进程间的通信机制,而不用网络套接字协议。 -### File system in reality ### -### 现实中的文件系统 ### -对于大多数用户和常规系统管理任务而言,"文件和目录是一个有序的类树结构"是可以接受的。然而,对于电脑而言,它是不会理解什么是树,或者什么是树结构。 - -每个分区都有它自己的文件系统。想象一下,如果把那些文件系统想成一个整体,我们可以构思一个关于整个系统的树结构,不过这并没有这么简单。在文件系统中,一个文件代表着一个`inode`(索引节点),一种包含着构建文件的实际数据信息的序列号:这些数据表示文件是属于谁的,还有它在硬盘中的位置。 - -每个分区都有一套属于他们自己的inodes,在一个系统的不同分区中,可以存在有相同inodes的文件。 - -每个inode都表示着一种在硬盘上的数据结构,保存着文件的属性,包括文件数据的物理地址。当硬盘被格式化并用来存储数据时(通常发生在初始系统安装过程,或者是在一个已经存在的系统中添加额外的硬盘),每个分区都会创建关于inodes的固定值。这个值表示这个分区能够同时存储各类文件的最大数量。我们通常用一个inode去映射2-8k的数据块。当一个新的文件生成后,它就会获得一个空闲的indoe。在这个inode里面存储着以下信息: - -- 文件属主和组属主 -- 文件类型(常规文件,目录文件......) -- 文件权限 -- 创建、最近一次读文件和修改文件的时间 -- inode里该信息被修改的时间 -- 文件的链接数(详见下一章) -- 文件大小 -- 文件数据的实际地址 - -唯一不在inode的信息是文件名和目录。它们存储在特殊的目录文件。通过比较文件名和inodes的数目,系统能够构造出一个便于用户理解的树结构。用户可以通过ls -i查看inode的数目。在硬盘上,inodes有他们独立的空间。 - - - -via: http://www.blackmoreops.com/2015/06/18/linux-file-system-hierarchy-v2-0/ - -译者:[译者ID](https://github.com/tnuoccalanosrep) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出 - -[1]:http://www.blackmoreops.com/2015/02/15/in-light-of-recent-linux-exploits-linux-security-audit-is-a-must/ -[2]:http://www.blackmoreops.com/wp-content/uploads/2015/06/Linux-file-system-hierarchy-v2.0-2480px-blackMORE-Ops.png -[3]:http://www.blackmoreops.com/wp-content/uploads/2015/06/Linux-File-System-Hierarchy-blackMORE-Ops.pdf diff --git a/translated/tech/20150824 Fix No Bootable Device Found Error After Installing Ubuntu.md b/translated/tech/20150824 Fix No Bootable Device Found Error After Installing Ubuntu.md new file mode 100644 index 0000000000..91aa23d6aa --- /dev/null +++ b/translated/tech/20150824 Fix No Bootable Device Found Error After Installing Ubuntu.md @@ -0,0 +1,97 @@ +修复安装完 Ubuntu 后无可引导设备错误 +================================================================================ +通常情况下,我启动 Ubuntu 和 Windows 双系统,但是这次我决定完全消除 Windows 纯净安装 Ubuntu。纯净安装 Ubuntu 完成后,结束时屏幕输出 **no bootable device found** 而不是进入 GRUB 界面。显然,安装搞砸了 UEFI 引导设置。 + +![安装完 Ubuntu 后无可引导设备](http://itsfoss.itsfoss.netdna-cdn.com/wp-content/uploads/2015/08/No_Bootable_Device_Found_1.jpg) + +我会告诉你我是如何修复**在宏碁笔记本上安装 Ubuntu 后出现无可引导设备错误**。我声明了我使用的是宏碁灵越 R13,这很重要,因为我们需要更改固件设置,而这些设置可能因制造商和设备有所不同。 + +因此在你开始这里介绍的步骤之前,先看一下发生这个错误时我计算机的状态: + +- 我的宏碁灵越 R13 预装了 Windows8.1 和 UEFI 引导管理器 +- 关闭了 Secure boot(我的笔记本刚维修过,维修人员又启用了它,直到出现了问题我才发现)。你可以阅读这篇博文了解[如何在宏碁笔记本中关闭 secure boot][1] +- 我通过选择清除所有东西安装 Ubuntu,例如现有的 Windows 8.1,各种分区等。 +- 安装完 Ubuntu 之后,从硬盘启动时我看到无可引导设备错误。但能从 USB 设备正常启动 + +在我看来,没有禁用 secure boot 可能是这个错误的原因。但是,我没有数据支撑我的观点。这仅仅是预感。有趣的是,双系统启动 Windows 和 Linux 经常会出现这两个 Grub 问题: + +- [error: no such partition grub rescue][2] +- [Minimal BASH like line editing is supported][3] + +如果你遇到类似的情况,你可以试试我的修复方法。 + +### 修复安装完 Ubuntu 后无可引导设备错误 ### + +请原谅我没有丰富的图片。我的一加相机不能很好地拍摄笔记本屏幕。 + +#### 第一步 #### + +关闭电源并进入 boot 设置。我需要在宏碁灵越 R13 上快速地按 Fn+F2。如果你使用固态硬盘的话要按的非常快,因为固态硬盘启动速度很快。取决于你的制造商,你可能要用 Del 或 F10 或者 F12。 + +#### 第二步 #### + +在 boot 设置中,确保启用了 Secure Boot。它在 Boot 标签里。 + +#### 第三步 #### + +进入到 Security 标签,查找 “Select an UEFI file as trusted for executing” 并敲击回车。 + +![修复无可引导设备错误](http://itsfoss.itsfoss.netdna-cdn.com/wp-content/uploads/2015/08/No_Bootable_Device_Found_2.jpg) + +特意说明,我们这一步是要在你的设备中添加 UEFI 设置文件(安装 Ubuntu 的时候生成)到可信 UEFI 启动。如果你记得的话,UEFI 启动的主要目的是提供安全性,由于(可能)没有禁用 Secure Boot,设备不会试图从新安装的操作系统中启动。添加它到类似白名单的可信列表,会使设备从 Ubuntu UEFI 文件启动。 + +#### 第四步 #### + +在这里你可以看到你的硬盘,例如 HDD0。如果你有多块硬盘,我希望你记住你安装 Ubuntu 的那块。同样敲击回车。 + +![在 Boot 设置中修复无可引导设备错误](http://itsfoss.itsfoss.netdna-cdn.com/wp-content/uploads/2015/08/No_Bootable_Device_Found_3.jpg) + +#### 第五步 #### + +你应该可以看到 ,敲击回车。 + +![在 UEFI 中修复设置](http://itsfoss.itsfoss.netdna-cdn.com/wp-content/uploads/2015/08/No_Bootable_Device_Found_4.jpg) + +#### 第六步 #### + +在下一个屏幕中你会看到 。耐心点,马上就好了。 + +![安装完 Ubuntu 后修复启动错误](http://itsfoss.itsfoss.netdna-cdn.com/wp-content/uploads/2015/08/No_Bootable_Device_Found_5.jpg) + +#### 第七步 #### + +你可以看到 shimx64.efi,grubx64.efi 和 MokManager.efi 文件。重要的是 shimx64.efi。选中它并敲击回车。 + + +![修复无可引导设备](http://itsfoss.itsfoss.netdna-cdn.com/wp-content/uploads/2015/08/No_Bootable_Device_Found_6.jpg) + +在下一个屏幕中,输入 Yes 并敲击回车。 + +![无可引导设备_7](http://itsfoss.itsfoss.netdna-cdn.com/wp-content/uploads/2015/08/No_Bootable_Device_Found_7.jpg) + +#### 第八步 #### + +当我们添加它到可信 EFI 文件并执行时,按 F10 保存并退出。 + +![保存并退出固件设置](http://itsfoss.itsfoss.netdna-cdn.com/wp-content/uploads/2015/08/No_Bootable_Device_Found_8.jpg) + +重启你的系统,这时你就可以看到熟悉的 GRUB 界面了。就算你没有看到 Grub 界面,起码也再也不会看到“无可引导设备”。你应该可以进入 Ubuntu 了。 + +如果修复后搞乱了你的 Grub 界面,但你确实能登录系统,你可以重装 Grub 并进入到 Ubuntu 熟悉的紫色 Grub 界面。 + +我希望这篇指南能帮助你修复无可引导设备错误。欢迎提出任何疑问、建议或者感谢。 + +-------------------------------------------------------------------------------- + +via: http://itsfoss.com/no-bootable-device-found-ubuntu/ + +作者:[Abhishek][a] +译者:[ictlyh](http://www.mutouxiaogui.cn/blog/) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://itsfoss.com/author/abhishek/ +[1]:http://itsfoss.com/disable-secure-boot-in-acer/ +[2]:http://itsfoss.com/solve-error-partition-grub-rescue-ubuntu-linux/ +[3]:http://itsfoss.com/fix-minimal-bash-line-editing-supported-grub-error-linux/ \ No newline at end of file diff --git a/translated/tech/20150824 How to create an AP in Ubuntu 15.04 to connect to Android or iPhone.md b/translated/tech/20150824 How to create an AP in Ubuntu 15.04 to connect to Android or iPhone.md deleted file mode 100644 index 02aef62d82..0000000000 --- a/translated/tech/20150824 How to create an AP in Ubuntu 15.04 to connect to Android or iPhone.md +++ /dev/null @@ -1,74 +0,0 @@ -如何在 Ubuntu 15.04 下创建连接至 Android/iOS 的 AP -================================================================================ -我成功地在 Ubuntu 15.04 下用 Gnome Network Manager 创建了一个无线AP热点. 接下来我要分享一下我的步骤. 请注意: 你必须要有一个可以用来创建AP热点的无线网卡. 如果你不知道如何找到连上了的设备的话, 在终端(Terminal)里输入`iw list`. - -如果你没有安装`iw`的话, 在Ubuntu下你可以使用`udo apt-get install iw`进行安装. - -在你键入`iw list`之后, 寻找可用的借口, 你应该会看到类似下列的条目: - -Supported interface modes: - -* IBSS -* managed -* AP -* AP/VLAN -* monitor -* mesh point - -让我们一步步看 - -1. 断开WIFI连接. 使用有线网络接入你的笔记本. -1. 在顶栏面板里点击网络的图标 -> Edit Connections(编辑连接) -> 在弹出窗口里点击Add(新增)按钮. -1. 在下拉菜单内选择Wi-Fi. -1. 接下来, - -a. 输入一个链接名 比如: Hotspot - -b. 输入一个 SSID 比如: Hotspot - -c. 选择模式(mode): Infrastructure - -d. 设备 MAC 地址: 在下拉菜单里选择你的无线设备 - -![](http://i2.wp.com/www.linuxveda.com/wp-content/uploads/2015/08/ubuntu-ap-gnome1.jpg) - -1. 进入Wi-Fi安全选项卡, 选择 WPA & WPA2 Personal 并且输入密码. -1. 进入IPv4设置选项卡, 在Method(方法)下拉菜单里, 选择Shared to other computers(共享至其他电脑). - -![](http://i1.wp.com/www.linuxveda.com/wp-content/uploads/2015/08/ubuntu-ap-gnome4.jpg) - -1. 进入IPv6选项卡, 在Method(方法)里设置为忽略ignore (只有在你不使用IPv6的情况下这么做) -1. 点击 Save(保存) 按钮以保存配置. -1. 从 menu/dash 里打开Terminal. -1. 修改你刚刚使用 network settings 创建的连接. - -使用 VIM 编辑器: - - sudo vim /etc/NetworkManager/system-connections/Hotspot - -使用Gedit 编辑器: - - gksu gedit /etc/NetworkManager/system-connections/Hotspot - -把名字 Hotspot 用你在第4步里起的连接名替换掉. - -![](http://i2.wp.com/www.linuxveda.com/wp-content/uploads/2015/08/ubuntu-ap-gnome2.jpg?resize=640%2C402) - -1. 把 `mode=infrastructure` 改成 `mode=ap` 并且保存文件 -1. 一旦你保存了这个文件, 你应该能在 Wifi 菜单里看到你刚刚建立的AP了. (如果没有的话请再顶栏里 关闭/打开 Wifi 选项一次) - -![](http://i1.wp.com/www.linuxveda.com/wp-content/uploads/2015/08/ubuntu-ap-gnome3.jpg?resize=290%2C375) - -1. 你现在可以把你的设备连上Wifi了. 已经过 Android 5.0的小米4测试.(下载了1GB的文件以测试速度与稳定性) - --------------------------------------------------------------------------------- - -via: http://www.linuxveda.com/2015/08/23/how-to-create-an-ap-in-ubuntu-15-04-to-connect-to-androidiphone/ - -作者:[Sayantan Das][a] -译者:[jerryling315](https://github.com/jerryling315) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:http://www.linuxveda.com/author/sayantan_das/ diff --git a/translated/tech/20150901 How to Defragment Linux Systems.md b/translated/tech/20150901 How to Defragment Linux Systems.md new file mode 100644 index 0000000000..49d16a8f18 --- /dev/null +++ b/translated/tech/20150901 How to Defragment Linux Systems.md @@ -0,0 +1,125 @@ +如何在Linux中整理磁盘碎片 +================================================================================ +![](https://www.maketecheasier.com/assets/uploads/2015/07/defragment-linux-featured.png) + +有一神话是linux的磁盘从来不需要整理碎片。在大多数情况下这是真的,大多数因为是使用的是优秀的日志系统(ext2、3、4等等)来处理文件系统。然而,在一些特殊情况下,碎片仍旧会产生。如果正巧发生在你身上,解决方法很简单。 + +### 什么是磁盘碎片 ### + +碎片发生在不同的小块中更新文件时,但是这些快没有形成连续完整的文件而是分布在磁盘的各个角落中。这对于FAT和FAT32文件系统而言是这样的。这在NTFS中有所减轻,在Linux(extX)中几乎不会发生。下面是原因。 + +在像FAT和FAT32这类文件系统中,文件紧挨着写入到磁盘中。文件之间没有空间来用于增长或者更新: + +![](https://www.maketecheasier.com/assets/uploads/2015/07/defragment-linux-fragmented.png) + +NTFS中在文件之间保留了一些空间,因此有空间进行增长。因为块之间的空间是有限的,碎片也会随着时间出现。 + +![](https://www.maketecheasier.com/assets/uploads/2015/07/defragment-linux-ntfs.png) + +Linux的日志文件系统采用了一个不同的方案。与文件之间挨着不同,每个文件分布在磁盘的各处,每个文件之间留下了大量的剩余空间。这里有很大的空间用于更新和增长,并且碎片很少会发生。 + +![](https://www.maketecheasier.com/assets/uploads/2015/07/defragment-linux-journal.png) + +此外,碎片一旦出现了,大多数Linux文件系统会尝试将文件和块重新连续起来。 + +### Linux中的磁盘整理 ### + +除非你用的是一个很小的硬盘或者空间不够了,不然Linux很少会需要磁盘整理。一些可能需要磁盘整理的情况包括: + +- 如果你编辑的是大型视频文件或者原生照片,但磁盘空间有限 +- if you use older hardware like an old laptop, and you have a small hard drive +- 如果你的磁盘开始满了(大约使用了85%) +- 如果你的家目录中有许多小分区 + +最好的解决方案是购买一个大硬盘。如果不可能,磁盘碎片整理就很有用了。 + +### 如何检查碎片 ### + +`fsck`命令会为你做这个 -也就是说如果你可以在liveCD中运行它,那么就可以**卸载所有的分区**。 + +这一点很重要:**在已经挂载的分区中运行fsck将会严重危害到你的数据和磁盘**。 + +你已经被警告过了。开始之前,先做一个完整的备份。 + +**免责声明**: 本文的作者与Make Tech Easier将不会对您的文件、数据、系统或者其他损害负责。你需要自己承担风险。如果你继续,你需要接收并了解这点。 + +你应该启动到一个live会话中(如安装磁盘,系统救援CD等)并运行`fsck`卸载分区。要检查是否有任何问题,请在运行root权限下面的命令: + + fsck -fn [/path/to/your/partition] + +您可以检查一下运行中的分区的路径 + + sudo fdisk -l + +有一个(相对)安全地在已挂载的分区中运行`fsck`的方法是使用‘-n’开关。这会让分区处在只读模式而不能创建任何文件。当然,这里并不能保证安全,你应该在创建备份之后进行。在ext2中,运行 + + sudo fsck.ext2 -fn /path/to/your/partition + +会产生大量的输出-- 大多数错误信息的原因是分区已经挂载了。最后会给出一个碎片相关的信息。 + +![](https://www.maketecheasier.com/assets/uploads/2015/07/defragment-linux-fsck.png) + +如果碎片大于20%了,那么你应该开始整理你的磁盘碎片了。 + +### 如何简单地在Linux中整理碎片 ### + +你要做的是备份你**所有**的文件和数据到另外一块硬盘中(手动**复制**他们)。格式化分区然后重新复制回去(不要使用备份软件)。日志系统会把它们作为新的文件,并将它们整齐地放置到磁盘中而不产生碎片。 + +要备份你的文件,运行 + + cp -afv [/path/to/source/partition]/* [/path/to/destination/folder] + +记住星号(*)是很重要的。 + +注意:通常认为复制大文件或者大量文件,使用dd或许是最好的。这是一个非常底层的操作,它会复制一切,包含空闲的空间甚至是留下的垃圾。这不是我们想要的,因此这里最好使用`cp`。 + +现在你只需要删除源文件。 + + sudo rm -rf [/path/to/source/partition]/* + +**可选**:你可以将空闲空间置零。你也可以用格式化来达到这点,但是例子中你并没有复制整个分区而仅仅是大文件(这很可能会造成碎片)。这恐怕不能成为一个选项。 + + sudo dd if=/dev/zero of=[/path/to/source/partition]/temp-zero.txt + +等待它结束。你可以用`pv`来监测进程。 + + sudo apt-get install pv + sudo pv -tpreb | of=[/path/to/source/partition]/temp-zero.txt + +![](https://www.maketecheasier.com/assets/uploads/2015/07/defragment-linux-dd.png) + +这就完成了,只要删除临时文件就行。 + + sudo rm [/path/to/source/partition]/temp-zero.txt + +待你清零了空闲空间(或者跳过了这步)。重新复制回文件,将第一个cp命令翻转一下: + + cp -afv [/path/to/original/destination/folder]/* [/path/to/original/source/partition] + +### 使用 e4defrag ### + +如果你想要简单的方法,安装`e2fsprogs`, + + sudo apt-get install e2fsprogs + +用root权限在分区中运行 `e4defrag`。如果你不想卸载分区,你可以使用它的挂载点而不是路径。要整理整个系统的碎片,运行: + + sudo e4defrag / + +在挂载的情况下不保证成功(你也应该保证在它运行时停止使用你的系统),但是它比服务全部文件再重新复制回来简单多了。 + +### 总结 ### + +linux系统中很少会出现碎片因为它的文件系统有效的数据处理。如果你因任何原因产生了碎片,简单的方法是重新分配你的磁盘如复制所有文件并复制回来,或者使用`e4defrag`。然而重要的是保证你数据的安全,因此在进行任何可能影响你全部或者大多数文件的操作之前,确保你的文件已经被备份到了另外一个安全的地方去了。 + +-------------------------------------------------------------------------------- + +via: https://www.maketecheasier.com/defragment-linux/ + +作者:[Attila Orosz][a] +译者:[geekpi](https://github.com/geekpi) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:https://www.maketecheasier.com/author/attilaorosz/ diff --git a/translated/tech/20150901 Install The Latest Linux Kernel in Ubuntu Easily via A Script.md b/translated/tech/20150901 Install The Latest Linux Kernel in Ubuntu Easily via A Script.md new file mode 100644 index 0000000000..dbe5dec7cd --- /dev/null +++ b/translated/tech/20150901 Install The Latest Linux Kernel in Ubuntu Easily via A Script.md @@ -0,0 +1,79 @@ +使用脚本便捷地在Ubuntu系统中安装最新的Linux内核 +================================================================================ +![](http://ubuntuhandbook.org/wp-content/uploads/2014/12/linux-kernel-icon-tux.png) + +想要安装最新的Linux内核吗?一个简单的脚本就可以在Ubuntu系统中方便的完成这项工作。 + +Michael Murphy 写了一个脚本用来将最新的候选版、标准版、或者低延时版内核安装到 Ubuntu 系统中。这个脚本会在询问一些问题后从 [Ubuntu kernel mainline page][1] 下载安装最新的 Linux 内核包。 + +### 通过脚本来安装、升级Linux内核: ### + +1. 点击 [github page][2] 右上角的 “Download Zip” 来下载脚本。 + +2. 鼠标右键单击用户下载目录下的 Zip 文件,选择 “Extract Here” 将其解压到此处。 + +3. 右键点击解压后的文件夹,选择 “Open in Terminal” 在终端中导航到此文件夹下。 + +![](http://ubuntuhandbook.org/wp-content/uploads/2015/08/open-terminal.jpg) + +此时将会打开一个终端,并且自动导航到结果文件夹下。如果你找不到 “Open in Terminal” 选项的话,在 Ubuntu 软件中心搜索安装 `nautilus-open-terminal` ,然后重新登录系统即可(也可以再终端中运行 `nautilus -q` 来取代重新登录系统的操作)。 +4. 当进入终端后,运行以下命令来赋予脚本执行本次操作的权限。 + + chmod +x * + +最后,每当你想要安装或升级 Ubuntu 的 linux 内核时都可以运行此脚本。 + + ./* + +![](http://ubuntuhandbook.org/wp-content/uploads/2015/08/run-script.jpg) + +这里之所以使用 * 替代脚本名称是因为文件夹中只有它一个文件。 + +如果脚本运行成功,重启电脑即可。 + +### 恢复并且卸载新版内核 ### + +如果因为某些原因要恢复并且移除新版内核的话,请重启电脑,在 Grub 启动器的 **高级选项** 菜单下选择旧版内核来启动系统。 + +当系统启动后,参照下边章节继续执行。 + +### 如何移除旧的(或新的)内核: ### + +1. 从Ubuntu软件中心安装 Synaptic Package Manager。 + +2. 打开 Synaptic Package Manager 然后如下操作: + +- 点击 **Reload** 按钮,让想要被删除的新内核显示出来. +- 在左侧面板中选择 **Status -> Installed** ,让查找列表更清晰一些。 +- 在 Quick filter 输入框中输入 **linux-image-** 用于查询。 +- 选择一个内核镜像 “linux-image-x.xx.xx-generic” 然后将其标记为removal(或者Complete Removal) +- 最后,应用变更 + +![](http://ubuntuhandbook.org/wp-content/uploads/2015/08/remove-old-kernel1.jpg) + +重复以上操作直到移除所有你不需要的内核。注意,不要随意移除此刻正在运行的内核,你可以通过 `uname -r` 命令来查看运行的内核。 + +对于 Ubuntu 服务器来说,你可以一步步运行下面的命令: + + uname -r + + dpkg -l | grep linux-image- + + sudo apt-get autoremove KERNEL_IMAGE_NAME + +![](http://ubuntuhandbook.org/wp-content/uploads/2015/08/remove-kernel-terminal.jpg) + +-------------------------------------------------------------------------------- + +via: http://ubuntuhandbook.org/index.php/2015/08/install-latest-kernel-script/ + +作者:[Ji m][a] +译者:[译者ID](https://github.com/mr-ping) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://ubuntuhandbook.org/index.php/about/ +[1]:http://kernel.ubuntu.com/~kernel-ppa/mainline/ +[2]:https://gist.github.com/mmstick/8493727 + diff --git a/translated/tech/20150906 How To Set Up Your FTP Server In Linux.md b/translated/tech/20150906 How To Set Up Your FTP Server In Linux.md new file mode 100644 index 0000000000..8c754786fe --- /dev/null +++ b/translated/tech/20150906 How To Set Up Your FTP Server In Linux.md @@ -0,0 +1,105 @@ +如何在linux中搭建FTP服务 +===================================================================== +![](http://itsfoss.itsfoss.netdna-cdn.com/wp-content/uploads/2015/09/Setup-FTP-Server-in-Linux.jpg) + +在本教程中,我将会解释如何搭建你自己的FTP服务。但是,首先我们应该来的学习一下FTP是什么。 + +###FTP是什么?### + +[FTP][1] 是文件传输协议(File Transfer Protocol)的缩写。顾名思义,FTP是用于计算机之间通过网络进行文件传输。你可以通过FTP在计算机账户间进行文件传输,也可以在账户和桌面计算机之间传输文件,或者访问在线软件文档。但是,需要注意的是多数的FTP站点的使用率非常高,并且在连接前需要进行多次尝试。 + +FTP地址和HTTP地址(即网页地址)非常相似,只是FTP地址使用ftp://前缀而不是http:// + +###FTP服务器是什么?### + +通常,拥有FTP地址的计算机是专用于接收FTP连接请求的。一台专用于接收FTP连接请求的计算机即为FTP服务器或者FTP站点。 + +现在,我们来开始一个特别的冒险,我们将会搭建一个FTP服务用于和家人、朋友进行文件共享。在本教程,我们将以[vsftpd][2]作为ftp服务。 + +VSFTPD是一个自称为最安全的FTP服务端软件。事实上VSFTPD的前两个字母表示“非常安全的(very secure)”。该软件的构建绕开了FTP协议的漏洞。 + +尽管如此,你应该知道还有更安全的方法进行文件管理和传输,如:SFTP(使用[OpenSSH][3])。FTP协议对于共享非敏感数据是非常有用和可靠的。 + +####在rpm distributions中安装VSFTPD:#### + +你可以使用如下命令在命令行界面中快捷的安装VSFTPD: + + dnf -y install vsftpd + +####在deb distributions中安装VSFTPD:#### + +你可以使用如下命令在命令行界面中快捷的安装VSFTPD: + + sudo apt-get install vsftpd + +####在Arch distribution中安装VSFTPD:#### + +你可以使用如下命令在命令行界面中快捷的安装VSFTPD: + + sudo apt-get install vsftpd + +####配置FTP服务#### + +多数的VSFTPD配置项都在/etc/vsftpd.conf配置文件中。这个文件本身已经有非常良好的文档说明了,因此,在本节中,我只强调一些你可能进行修改的重要选项。使用man页面查看所有可用的选项和基本的 文档说明: + + man vsftpd.conf + +根据文件系统层级标准,FTP共享文件默认位于/srv/ftp目录中。 + +**允许上传:** + +为了允许ftp用户可以修改文件系统的内容,如上传文件等,“write_enable”标志必须设置为 YES。 + + write_enable=YES + +**允许本地用户登陆:** + +为了允许文件/etc/passwd中记录的用户可以登陆ftp服务,“local_enable”标记必须设置为YES。 + + local_enable=YES + +**匿名用户登陆** + +下面配置内容控制匿名用户是否允许登陆: + + # Allow anonymous login + anonymous_enable=YES + # No password is required for an anonymous login (Optional) + no_anon_password=YES + # Maximum transfer rate for an anonymous client in Bytes/second (Optional) + anon_max_rate=30000 + # Directory to be used for an anonymous login (Optional) + anon_root=/example/directory/ + +**根目录限制(Chroot Jail)** + +(译者注:chroot jail是类unix系统中的一种安全机制,用于修改进程运行的根目录环境,限制该线程不能感知到其根目录树以外的其他目录结构和文件的存在。详情参看[chroot jail][4]) + +有时我们需要设置根目录(chroot)环境来禁止用户离开他们的家(home)目录。在配置文件中增加/修改下面配置开启根目录限制(Chroot Jail): + + chroot_list_enable=YES + chroot_list_file=/etc/vsftpd.chroot_list + +“chroot_list_file”变量指定根目录监狱所包含的文件/目录(译者注:即用户只能访问这些文件/目录) + +最后你必须重启ftp服务,在命令行中输入以下命令: + + sudo systemctl restart vsftpd + +到此为止,你的ftp服务已经搭建完成并且启动了 + +-------------------------------------------------------------------------------- + +via: http://itsfoss.com/set-ftp-server-linux/ + +作者:[alimiracle][a] +译者:[cvsher](https://github.com/cvsher) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://itsfoss.com/author/ali/ +[1]:https://en.wikipedia.org/wiki/File_Transfer_Protocol +[2]:https://security.appspot.com/vsftpd.html +[3]:http://www.openssh.com/ +[4]:https://zh.wikipedia.org/wiki/Chroot diff --git a/translated/tech/20150906 How to Install QGit Viewer in Ubuntu 14.04.md b/translated/tech/20150906 How to Install QGit Viewer in Ubuntu 14.04.md new file mode 100644 index 0000000000..317e610a6f --- /dev/null +++ b/translated/tech/20150906 How to Install QGit Viewer in Ubuntu 14.04.md @@ -0,0 +1,113 @@ +如何在Ubuntu中安装QGit浏览器 +================================================================================ +QGit是一款Marco Costalba用Qt和C++写的开源GUI Git浏览器。它是一款在GUI环境下更好地提供浏览历史记录、提交记录和文件补丁的浏览器。它利用git命令行来执行并显示输出。它有一些常规的功能像浏览历史、比较、文件历史、文件标注、档案树。我们可以格式化并用选中的提交应用补丁,在两个实例之间拖拽并提交等等。它允许我们创建自定义的按钮来用它内置的生成器来执行特定的命令。 + +这里有简单的几步在Ubuntu 14.04 LTS "Trusty"中编译并安装QGit浏览器。 + +### 1. 安装 QT4 库 ### + +首先在ubuntu中运行QGit需要先安装QT4库。由于apt是ubuntu默认的包管理器,同时qt4也在官方的仓库中,因此我们直接用下面的apt-get命令来安装qt4。 + + $ sudo apt-get install qt4-default + +### 2. 下载QGit压缩包 ### + +安装完Qt4之后,我们要安装git,这样我们才能在QGit中克隆git仓库。运行下面的apt-get命令。 + + $ sudo apt-get install git + +现在,我们要使用下面的git命令来克隆仓库。 + + $ git clone git://repo.or.cz/qgit4/redivivus.git + + Cloning into 'redivivus'... + remote: Counting objects: 7128, done. + remote: Compressing objects: 100% (2671/2671), done. + remote: Total 7128 (delta 5464), reused 5711 (delta 4438) + Receiving objects: 100% (7128/7128), 2.39 MiB | 470.00 KiB/s, done. + Resolving deltas: 100% (5464/5464), done. + Checking connectivity... done. + +### 3. 编译 QGit ### + +克隆之后,我们现在进入redivivus的目录,并创建我们编译需要的makefile文件。因此,要进入目录,我们要运行下面的命令。 + + $ cd redivivus + +接下来,我们运行下面的命令从qmake项目也就是qgit.pro来生成新的Makefile。 + + $ qmake qgit.pro + +生成Makefile之后,我们现在终于要编译qgit的源代码并得到二进制的输出。首先我们要安装make和g++包用于编译,因为这是一个用C++写的程序。 + + $ sudo apt-get install make g++ + +现在,我们要用make命令来编译代码了 + + $ make + +### 4. 安装 QGit ### + +成功编译QGit的源码之后,我们就要在Ubuntu 14.04中安装它了,这样就可以在系统中执行它。因此我们将运行下面的命令、 + + $ sudo make install + + cd src/ && make -f Makefile install + make[1]: Entering directory `/home/arun/redivivus/src' + make -f Makefile.Release install + make[2]: Entering directory `/home/arun/redivivus/src' + install -m 755 -p "../bin/qgit" "/usr/lib/x86_64-linux-gnu/qt4/bin/qgit" + strip "/usr/lib/x86_64-linux-gnu/qt4/bin/qgit" + make[2]: Leaving directory `/home/arun/redivivus/src' + make[1]: Leaving directory `/home/arun/redivivus/src' + +接下来,我们需要从bin目录下复制qgit的二进制文件到/usr/bin/,这样我们就可以全局运行它了。 + + $ sudo cp bin/qgit /usr/bin/ + +### 5. 创建桌面文件 ### + +既然我们已经在ubuntu中成功安装了qgit,我们来创建一个桌面文件,这样QGit就可以在我们桌面环境中的菜单或者启动器中找到了。要做到这点,我们要在/usr/share/applications/创建一个新文件叫qgit.desktop。 + + $ sudo nano /usr/share/applications/qgit.desktop + +接下来复制下面的行到文件中。 + + [Desktop Entry] + Name=qgit + GenericName=git GUI viewer + Exec=qgit + Icon=qgit + Type=Application + Comment=git GUI viewer + Terminal=false + MimeType=inode/directory; + Categories=Qt;Development;RevisionControl; + +完成之后,保存并退出。 + +### 6. 运行 QGit 浏览器 ### + +QGit安装完成之后,我们现在就可以从任何启动器或者程序菜单中启动它了。要在终端下面运行QGit,我们可以像下面那样。 + + $ qgit + +这会打开基于Qt4框架GUI模式的QGit。 + +![QGit Viewer](http://blog.linoxide.com/wp-content/uploads/2015/07/qgit-viewer.png) + +### 总结 ### + +QGit是一个很棒的基于QT的git浏览器。它可以在Linux、MAC OSX和 Microsoft Windows所有这三个平台中运行。它帮助我们很容易地浏览历史、版本、分支等等git仓库提供的信息。它减少了使用命令行的方式去执行诸如浏览版本、历史、比较功能的需求,并用图形化的方式来简化了这些任务。最新的qgit版本也在默认仓库中,你可以使用 **apt-get install qgit** 命令来安装。因此。qgit用它简单的GUI使得我们的工作更加简单和快速。 + +-------------------------------------------------------------------------------- + +via: http://linoxide.com/ubuntu-how-to/install-qgit-viewer-ubuntu-14-04/ + +作者:[Arun Pyasi][a] +译者:[geekpi](https://github.com/geekpi) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://linoxide.com/author/arunp/ diff --git a/translated/tech/LFCS/Part 1 - LFCS--How to use GNU 'sed' Command to Create Edit and Manipulate files in Linux.md b/translated/tech/LFCS/Part 1 - LFCS--How to use GNU 'sed' Command to Create Edit and Manipulate files in Linux.md new file mode 100644 index 0000000000..79e263d7e0 --- /dev/null +++ b/translated/tech/LFCS/Part 1 - LFCS--How to use GNU 'sed' Command to Create Edit and Manipulate files in Linux.md @@ -0,0 +1,220 @@ +Translating by Xuanwo + +LFCS系列第一讲:如何在Linux上使用GNU'sed'命令来创建、编辑和操作文件 +================================================================================ +Linux基金会宣布了一个全新的LFCS(Linux Foundation Certified Sysadmin,Linux基金会认证系统管理员)认证计划。这一计划旨在帮助遍布全世界的人们获得其在处理Linux系统管理任务上能力的认证。这些能力包括支持运行的系统服务,以及第一手的故障诊断和分析和为工程师团队在升级时提供智能决策。 + +![Linux Foundation Certified Sysadmin](http://www.tecmint.com/wp-content/uploads/2014/10/lfcs-Part-1.png) + +Linux基金会认证系统管理员——第一讲 + +请观看下面关于Linux基金会认证计划的演示: + + + +该系列将命名为《LFCS系列第一讲》至《LFCS系列第十讲》并覆盖关于Ubuntu,CentOS以及openSUSE的下列话题。 + +- 第一讲:如何在Linux上使用GNU'sed'命令来创建、编辑和操作文件 +- 第二讲:如何安装和使用vi/m全功能文字编辑器 +- 第三讲:归档文件/目录和在文件系统中寻找文件 +- 第四讲:为存储设备分区,格式化文件系统和配置交换分区 +- 第五讲:在Linux中挂载/卸载本地和网络(Samba & NFS)文件系统 +- 第六讲:组合分区作为RAID设备——创建&管理系统备份 +- 第七讲:管理系统启动进程和服务(使用SysVinit, Systemd 和 Upstart) +- 第八讲:管理用户和组,文件权限和属性以及启用账户的sudo权限 +- 第九讲:Linux包管理与Yum,RPM,Apt,Dpkg,Aptitude,Zypper +- 第十讲:学习简单的Shell脚本和文件系统故障排除 + +本文是覆盖这个参加LFCS认证考试的所必需的范围和能力的十个教程的第一讲。话说了那么多,快打开你的终端,让我们开始吧! + +### 处理Linux中的文本流 ### + +Linux将程序中的输入和输出当成字符流或者字符序列。在开始理解重定向和管道之前,我们必须先了解三种最重要的I/O(Input and Output,输入和输出)流,事实上,它们都是特殊的文件(根据UNIX和Linux中的约定,数据流和外围设备或者设备文件也被视为普通文件)。 + +> (重定向操作符) 和 | (管道操作符)之间的区别是:前者将命令与文件相连接,而后者将命令的输出和另一个命令相连接。 + + # command > file + # command1 | command2 + +由于重定向操作符静默创建或覆盖文件,我们必须特别小心谨慎地使用它,并且永远不要把它和管道混淆起来。在Linux和UNIX系统上管道的优势是:第一个命令的输出不会写入一个文件而是直接被第二个命令读取。 + +在下面的操作练习中,我们将会使用这首诗——《A happy child》(匿名作者) + +![cat command](http://www.tecmint.com/wp-content/uploads/2014/10/cat-command.png) + +cat 命令样例 + +#### 使用 sed #### + +sed是流编辑器(stream editor)的缩写。为那些不懂术语的人额外解释一下,流编辑器是用来在一个输入流(文件或者管道中的输入)执行基本的文本转换的工具。 + +sed最基本的用法是字符替换。我们将通过把每个出现的小写y改写为大写Y并且将输出重定向到ahappychild2.txt开始。g标志表示sed应该替换文件每一行中所有应当替换的实例。如果这个标志省略了,sed将会只替换每一行中第一次出现的实例。 + +**基本语法:** + + # sed ‘s/term/replacement/flag’ file + +**我们的样例:** + + # sed ‘s/y/Y/g’ ahappychild.txt > ahappychild2.txt + +![sed command](http://www.tecmint.com/wp-content/uploads/2014/10/sed-command.png) + +sed 命令样例 + +如果你要在替换文本中搜索或者替换特殊字符(如/,\,&),你需要使用反斜杠对它进行转义。 + +例如,我们将会用一个符号来替换一个文字。与此同时,我们将把一行最开始出现的第一个I替换为You。 + + # sed 's/and/\&/g;s/^I/You/g' ahappychild.txt + +![sed replace string](http://www.tecmint.com/wp-content/uploads/2014/10/sed-replace-string.png) + +sed 替换字符串 + +在上面的命令中,^(插入符号)是众所周知用来表示一行开头的正则表达式。 + +正如你所看到的,我们可以通过使用分号分隔以及用括号包裹来把两个或者更多的替换命令(并在他们中使用正则表达式)链接起来。 + +另一种sed的用法是显示或者删除文件中选中的一部分。在下面的样例中,将会显示/var/log/messages中从6月8日开始的头五行。 + + # sed -n '/^Jun 8/ p' /var/log/messages | sed -n 1,5p + +请注意,在默认的情况下,sed会打印每一行。我们可以使用-n选项来覆盖这一行为并且告诉sed只需要打印(用p来表示)文件(或管道)中匹配的部分(第一种情况下行开头的第一个6月8日以及第二种情况下的一到五行*此处翻译欠妥,需要修正*)。 + +最后,可能有用的技巧是当检查脚本或者配置文件的时候可以保留文件本身并且删除注释。下面的单行sed命令删除(d)空行或者是开头为`#`的行(|字符返回两个正则表达式之间的布尔值)。 + + # sed '/^#\|^$/d' apache2.conf + +![sed match string](http://www.tecmint.com/wp-content/uploads/2014/10/sed-match-string.png) + +sed 匹配字符串 + +#### uniq C命令 #### + +uniq命令允许我们返回或者删除文件中重复的行,默认写入标准输出。我们必须注意到,除非两个重复的行相邻,否则uniq命令不会删除他们。因此,uniq经常和前序排序(此处翻译欠妥)(一种用来对文本行进行排序的算法)搭配使用。默认情况下,排序使用第一个字段(用空格分隔)作为关键字段。要指定一个不同的关键字段,我们需要使用-k选项。 + +**样例** + +du –sch /path/to/directory/* 命令将会以人类可读的格式返回在指定目录下每一个子文件夹和文件的磁盘空间使用情况(也会显示每个目录总体的情况),而且不是按照大小输出,而是按照子文件夹和文件的名称。我们可以使用下面的命令来让它通过大小排序。 + + # du -sch /var/* | sort –h + +![sort command](http://www.tecmint.com/wp-content/uploads/2014/10/sort-command.jpg) + +sort 命令样例 + +你可以通过使用下面的命令告诉uniq比较每一行的前6个字符(-w 6)(指定了不同的日期)来统计日志事件的个数,而且在每一行的开头输出出现的次数(-c)。 + + + # cat /var/log/mail.log | uniq -c -w 6 + +![Count Numbers in File](http://www.tecmint.com/wp-content/uploads/2014/10/count-numbers-in-file.jpg) + +统计文件中数字 + +最后,你可以组合使用sort和uniq命令(通常如此)。考虑下面文件中捐助者,捐助日期和金额的列表。假设我们想知道有多少个捐助者。我们可以使用下面的命令来分隔第一字段(字段由冒号分隔),按名称排序并且删除重复的行。 + + # cat sortuniq.txt | cut -d: -f1 | sort | uniq + +![Find Unique Records in File](http://www.tecmint.com/wp-content/uploads/2014/10/find-uniqu-records-in-file.jpg) + +寻找文件中不重复的记录 + +- 也可阅读: [13个“cat”命令样例][1] + +#### grep 命令 #### + +grep在文件(或命令输出)中搜索指定正则表达式并且在标准输出中输出匹配的行。 + +**样例** + +显示文件/etc/passwd中用户gacanepa的信息,忽略大小写。 + + # grep -i gacanepa /etc/passwd + +![grep Command](http://www.tecmint.com/wp-content/uploads/2014/10/grep-command.jpg) + +grep 命令样例 + +显示/etc文件夹下所有rc开头并跟随任意数字的内容。 + + # ls -l /etc | grep rc[0-9] + +![List Content Using grep](http://www.tecmint.com/wp-content/uploads/2014/10/list-content-using-grep.jpg) + +使用grep列出内容 + +- 也可阅读: [12个“grep”命令样例][2] + +#### tr 命令使用技巧 #### + +tr命令可以用来从标准输入中翻译(改变)或者删除字符并将结果写入到标准输出中。 + +**样例** + +把sortuniq.txt文件中所有的小写改为大写。 + + # cat sortuniq.txt | tr [:lower:] [:upper:] + +![Sort Strings in File](http://www.tecmint.com/wp-content/uploads/2014/10/sort-strings.jpg) + +排序文件中的字符串 + +压缩`ls –l`输出中的定界符至一个空格。 + # ls -l | tr -s ' ' + +![Squeeze Delimiter](http://www.tecmint.com/wp-content/uploads/2014/10/squeeze-delimeter.jpg) + +压缩分隔符 + +#### cut 命令使用方法 #### + +cut命令可以基于字节数(-b选项),字符(-c)或者字段(-f)提取部分输入(从标准输入或者文件中)并且将结果输出到标准输出。在最后一种情况下(基于字段),默认的字段分隔符是一个tab,但不同的分隔符可以由-d选项来指定。 + +**样例** + +从/etc/passwd中提取用户账户和他们被分配的默认shell(-d选项允许我们指定分界符,-f选项指定那些字段将被提取)。 + + # cat /etc/passwd | cut -d: -f1,7 + +![Extract User Accounts](http://www.tecmint.com/wp-content/uploads/2014/10/extract-user-accounts.jpg) + +提取用户账户 + +总结一下,我们将使用最后一个命令的输出中第一和第三个非空文件创建一个文本流。我们将使用grep作为第一过滤器来检查用户gacanepa的会话,然后将分隔符压缩至一个空格(tr -s ' ')。下一步,我们将使用cut来提取第一和第三个字段,最后使用第二个字段(本样例中,指的是IP地址)来排序之后再用uniq去重。 + + # last | grep gacanepa | tr -s ‘ ‘ | cut -d’ ‘ -f1,3 | sort -k2 | uniq + +![last command](http://www.tecmint.com/wp-content/uploads/2014/10/last-command.png) + +last 命令样例 + +上面的命令显示了如何将多个命令和管道结合起来以便根据我们的愿望得到过滤后的数据。你也可以逐步地使用它以帮助你理解输出是如何从一个命令传输到下一个命令的(顺便说一句,这是一个非常好的学习经验!) + +### 总结 ### + +尽管这个例子(以及在当前教程中的其他实例)第一眼看上去可能不是非常有用,但是他们是体验在Linux命令行中创建,编辑和操作文件的一个非常好的开始。请随时留下你的问题和意见——不胜感激! + +#### 参考链接 #### + +- [关于LFCS][3] +- [为什么需要Linux基金会认证?][4] +- [注册LFCS考试][5] + +-------------------------------------------------------------------------------- + +via: http://www.tecmint.com/sed-command-to-create-edit-and-manipulate-files-in-linux/ + +作者:[Gabriel Cánepa][a] +译者:[Xuanwo](https://github.com/Xuanwo) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://www.tecmint.com/author/gacanepa/ +[1]:http://www.tecmint.com/13-basic-cat-command-examples-in-linux/ +[2]:http://www.tecmint.com/12-practical-examples-of-linux-grep-command/ +[3]:https://training.linuxfoundation.org/certification/LFCS +[4]:https://training.linuxfoundation.org/certification/why-certify-with-us +[5]:https://identity.linuxfoundation.org/user?destination=pid/1 \ No newline at end of file diff --git a/translated/tech/RAID/Part 6 - Setting Up RAID 10 or 1+0 (Nested) in Linux.md b/translated/tech/RAID/Part 6 - Setting Up RAID 10 or 1+0 (Nested) in Linux.md deleted file mode 100644 index 850f6c3e49..0000000000 --- a/translated/tech/RAID/Part 6 - Setting Up RAID 10 or 1+0 (Nested) in Linux.md +++ /dev/null @@ -1,277 +0,0 @@ - -在 Linux 中设置 RAID 10 或 1 + 0(嵌套) - 第6部分 -================================================================================ -RAID 10 是结合 RAID 0 和 RAID 1 形成的。要设置 RAID 10,我们至少需要4个磁盘。在之前的文章中,我们已经看到了如何使用两个磁盘设置 RAID 0 和 RAID 1。 - -在这里,我们将使用最少4个磁盘结合 RAID 0 和 RAID 1 来设置 RAID 10。假设,我们已经在逻辑卷保存了一些数据,这是 RAID 10 创建的,如果我们要保存数据“apple”,它将使用以下方法将其保存在4个磁盘中。 - -![Create Raid 10 in Linux](http://www.tecmint.com/wp-content/uploads/2014/11/raid10.jpg) - -在 Linux 中创建 Raid 10 - -使用 RAID 0 时,它将“A”保存在第一个磁盘,“p”保存在第二个磁盘,下一个“P”又在第一个磁盘,“L”在第二个磁盘。然后,“e”又在第一个磁盘,像这样它会继续循环此过程将数据保存完整。由此我们知道,RAID 0 是将数据的一半保存到第一个磁盘,另一半保存到第二个磁盘。 - -在 RAID 1 方法中,相同的数据将被写入到两个磁盘中。 “A”将同时被写入到第一和第二个磁盘中,“P”也将被同时写入到两个磁盘中,下一个“P”也将同时被写入到两个磁盘。因此,使用 RAID 1 将同时写入到两个磁盘。它将继续循环此过程。 - -现在大家来了解 RAID 10 怎样结合 RAID 0 和 RAID 1 来工作。如果我们有4个20 GB 的磁盘,总共为 80 GB,但我们将只能得到40 GB 的容量,另一半的容量将用于构建 RAID 10。 - -#### RAID 10 的优点和缺点 #### - -- 提供更好的性能。 -- 在 RAID 10 中我们将失去两个磁盘的容量。 -- 读与写的性能将会很好,因为它会同时进行写入和读取。 -- 它能解决数据库的高 I/O 磁盘写操作。 - -#### 要求 #### - -在 RAID 10 中,我们至少需要4个磁盘,2个磁盘为 RAID 0,其他2个磁盘为 RAID 1,就像我之前说的,RAID 10 仅仅是结合了 RAID 0和1。如果我们需要扩展 RAID 组,最少需要添加4个磁盘。 - -**我的服务器设置** - - Operating System : CentOS 6.5 Final - IP Address : 192.168.0.229 - Hostname : rd10.tecmintlocal.com - Disk 1 [20GB] : /dev/sdd - Disk 2 [20GB] : /dev/sdc - Disk 3 [20GB] : /dev/sdd - Disk 4 [20GB] : /dev/sde - -有两种方法来设置 RAID 10,在这里两种方法我都会演示,但我更喜欢第一种方法,使用它来设置 RAID 10 更简单。 - -### 方法1:设置 RAID 10 ### - -1.首先,使用以下命令确认所添加的4块磁盘没有被使用。 - - # ls -l /dev | grep sd - -2.四个磁盘被检测后,然后来检查磁盘是否存在 RAID 分区。 - - # mdadm -E /dev/sd[b-e] - # mdadm --examine /dev/sdb /dev/sdc /dev/sdd /dev/sde - -![Verify 4 Added Disks](http://www.tecmint.com/wp-content/uploads/2014/11/Verify-4-Added-Disks.png) - -验证添加的4块磁盘 - -**注意**: 在上面的输出中,如果没有检测到 super-block 意味着在4块磁盘中没有定义过 RAID。 - -#### 第1步:为 RAID 分区 #### - -3.现在,使用‘fdisk’,命令为4个磁盘(/dev/sdb, /dev/sdc, /dev/sdd 和 /dev/sde)创建新分区。 - - # fdisk /dev/sdb - # fdisk /dev/sdc - # fdisk /dev/sdd - # fdisk /dev/sde - -**为 /dev/sdb 创建分区** - -我来告诉你如何使用 fdisk 为磁盘(/dev/sdb)进行分区,此步也适用于其他磁盘。 - - # fdisk /dev/sdb - -请使用以下步骤为 /dev/sdb 创建一个新的分区。 - -- 按 ‘n’ 创建新的分区。 -- 然后按 ‘P’ 选择主分区。 -- 接下来选择分区号为1。 -- 只需按两次回车键选择默认值即可。 -- 然后,按 ‘P’ 来打印创建好的分区。 -- 按 ‘L’,列出所有可用的类型。 -- 按 ‘t’ 去修改分区。 -- 键入 ‘fd’ 设置为 Linux 的 RAID 类型,然后按 Enter 确认。 -- 然后再次使用‘p’查看我们所做的更改。 -- 使用‘w’保存更改。 - -![Disk sdb Partition](http://www.tecmint.com/wp-content/uploads/2014/11/Disk-sdb-Partition.png) - -为磁盘 sdb 分区 - -**注意**: 请使用上面相同的指令对其他磁盘(sdc, sdd sdd sde)进行分区。 - -4.创建好4个分区后,需要使用下面的命令来检查磁盘是否存在 raid。 - - # mdadm -E /dev/sd[b-e] - # mdadm -E /dev/sd[b-e]1 - - 或者 - - # mdadm --examine /dev/sdb /dev/sdc /dev/sdd /dev/sde - # mdadm --examine /dev/sdb1 /dev/sdc1 /dev/sdd1 /dev/sde1 - -![Check All Disks for Raid](http://www.tecmint.com/wp-content/uploads/2014/11/Check-All-Disks-for-Raid.png) - -检查磁盘 - -**注意**: 以上输出显示,新创建的四个分区中没有检测到 super-block,这意味着我们可以继续在这些磁盘上创建 RAID 10。 - -#### 第2步: 创建 RAID 设备 ‘md’ #### - -5.现在改创建一个‘md’(即 /dev/md0)设备,使用“mdadm” raid 管理工具。在创建设备之前,必须确保系统已经安装了‘mdadm’工具,如果没有请使用下面的命令来安装。 - - # yum install mdadm [on RedHat systems] - # apt-get install mdadm [on Debain systems] - -‘mdadm’工具安装完成后,可以使用下面的命令创建一个‘md’ raid 设备。 - - # mdadm --create /dev/md0 --level=10 --raid-devices=4 /dev/sd[b-e]1 - -6.接下来使用‘cat’命令验证新创建的 raid 设备。 - - # cat /proc/mdstat - -![Create md raid Device](http://www.tecmint.com/wp-content/uploads/2014/11/Create-md-raid-Device.png) - -创建 md raid 设备 - -7.接下来,使用下面的命令来检查4个磁盘。下面命令的输出会很长,因为它会显示4个磁盘的所有信息。 - - # mdadm --examine /dev/sd[b-e]1 - -8.接下来,使用以下命令来查看 RAID 阵列的详细信息。 - - # mdadm --detail /dev/md0 - -![Check Raid Array Details](http://www.tecmint.com/wp-content/uploads/2014/11/Check-Raid-Array-Details.png) - -查看 Raid 阵列详细信息 - -**注意**: 你在上面看到的结果,该 RAID 的状态是 active 和re-syncing。 - -#### 第3步:创建文件系统 #### - -9.使用 ext4 作为‘md0′的文件系统并将它挂载到‘/mnt/raid10‘下。在这里,我用的是 ext4,你可以使用你想要的文件系统类型。 - - # mkfs.ext4 /dev/md0 - -![Create md Filesystem](http://www.tecmint.com/wp-content/uploads/2014/11/Create-md-Filesystem.png) - -创建 md 文件系统 - -10.在创建文件系统后,挂载文件系统到‘/mnt/raid10‘下,并使用‘ls -l’命令列出挂载点下的内容。 - - # mkdir /mnt/raid10 - # mount /dev/md0 /mnt/raid10/ - # ls -l /mnt/raid10/ - -接下来,在挂载点下创建一些文件,并在文件中添加些内容,然后检查内容。 - - # touch /mnt/raid10/raid10_files.txt - # ls -l /mnt/raid10/ - # echo "raid 10 setup with 4 disks" > /mnt/raid10/raid10_files.txt - # cat /mnt/raid10/raid10_files.txt - -![Mount md Device](http://www.tecmint.com/wp-content/uploads/2014/11/Mount-md-Device.png) - -挂载 md 设备 - -11.要想自动挂载,打开‘/etc/fstab‘文件并添加下面的条目,挂载点根据你环境的不同来添加。使用 wq! 保存并退出。 - - # vim /etc/fstab - - /dev/md0 /mnt/raid10 ext4 defaults 0 0 - -![AutoMount md Device](http://www.tecmint.com/wp-content/uploads/2014/11/AutoMount-md-Device.png) - -挂载 md 设备 - -12.接下来,在重新启动系统前使用‘mount -a‘来确认‘/etc/fstab‘文件是否有错误。 - - # mount -av - -![Check Errors in Fstab](http://www.tecmint.com/wp-content/uploads/2014/11/Check-Errors-in-Fstab.png) - -检查 Fstab 中的错误 - -#### 第四步:保存 RAID 配置 #### - -13.默认情况下 RAID 没有配置文件,所以我们需要在上述步骤完成后手动保存它。 - - # mdadm --detail --scan --verbose >> /etc/mdadm.conf - -![Save Raid10 Configuration](http://www.tecmint.com/wp-content/uploads/2014/11/Save-Raid10-Configuration.png) - -保存 Raid10 的配置 - -就这样,我们使用方法1创建完了 RAID 10,这种方法是比较容易的。现在,让我们使用方法2来设置 RAID 10。 - -### 方法2:创建 RAID 10 ### - -1.在方法2中,我们必须定义2组 RAID 1,然后我们需要使用这些创建好的 RAID 1 的集来定义一个 RAID 0。在这里,我们将要做的是先创建2个镜像(RAID1),然后创建 RAID0 (条带化)。 - -首先,列出所有的可用于创建 RAID 10 的磁盘。 - - # ls -l /dev | grep sd - -![List 4 Devices](http://www.tecmint.com/wp-content/uploads/2014/11/List-4-Devices.png) - -列出了 4 设备 - -2.将4个磁盘使用‘fdisk’命令进行分区。对于如何分区,您可以按照 #步骤 3。 - - # fdisk /dev/sdb - # fdisk /dev/sdc - # fdisk /dev/sdd - # fdisk /dev/sde - -3.在完成4个磁盘的分区后,现在检查磁盘是否存在 RAID块。 - - # mdadm --examine /dev/sd[b-e] - # mdadm --examine /dev/sd[b-e]1 - -![Examine 4 Disks](http://www.tecmint.com/wp-content/uploads/2014/11/Examine-4-Disks.png) - -检查 4 个磁盘 - -#### 第1步:创建 RAID 1 #### - -4.首先,使用4块磁盘创建2组 RAID 1,一组为‘sdb1′和 ‘sdc1′,另一组是‘sdd1′ 和 ‘sde1′。 - - # mdadm --create /dev/md1 --metadata=1.2 --level=1 --raid-devices=2 /dev/sd[b-c]1 - # mdadm --create /dev/md2 --metadata=1.2 --level=1 --raid-devices=2 /dev/sd[d-e]1 - # cat /proc/mdstat - -![Creating Raid 1](http://www.tecmint.com/wp-content/uploads/2014/11/Creating-Raid-1.png) - -创建 Raid 1 - -![Check Details of Raid 1](http://www.tecmint.com/wp-content/uploads/2014/11/Creating-Raid-1.png) - -查看 Raid 1 的详细信息 - -#### 第2步:创建 RAID 0 #### - -5.接下来,使用 md1 和 md2 来创建 RAID 0。 - - # mdadm --create /dev/md0 --level=0 --raid-devices=2 /dev/md1 /dev/md2 - # cat /proc/mdstat - -![Creating Raid 0](http://www.tecmint.com/wp-content/uploads/2014/11/Creating-Raid-0.png) - -创建 Raid 0 - -#### 第3步:保存 RAID 配置 #### - -6.我们需要将配置文件保存在‘/etc/mdadm.conf‘文件中,使其每次重新启动后都能加载所有的 raid 设备。 - - # mdadm --detail --scan --verbose >> /etc/mdadm.conf - -在此之后,我们需要按照方法1中的#第3步来创建文件系统。 - -就是这样!我们采用的方法2创建完了 RAID 1+0.我们将会失去两个磁盘的空间,但相比其他 RAID ,它的性能将是非常好的。 - -### 结论 ### - -在这里,我们采用两种方法创建 RAID 10。RAID 10 具有良好的性能和冗余性。希望这篇文章可以帮助你了解 RAID 10(嵌套 RAID 的级别)。在后面的文章中我们会看到如何扩展现有的 RAID 阵列以及更多精彩的。 - --------------------------------------------------------------------------------- - -via: http://www.tecmint.com/create-raid-10-in-linux/ - -作者:[Babin Lonston][a] -译者:[strugglingyouth](https://github.com/strugglingyouth) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:http://www.tecmint.com/author/babinlonston/ diff --git a/translated/tech/RHCE/Part 5 - How to Manage System Logs (Configure, Rotate and Import Into Database) in RHEL 7.md b/translated/tech/RHCE/Part 5 - How to Manage System Logs (Configure, Rotate and Import Into Database) in RHEL 7.md new file mode 100644 index 0000000000..a37c9610fd --- /dev/null +++ b/translated/tech/RHCE/Part 5 - How to Manage System Logs (Configure, Rotate and Import Into Database) in RHEL 7.md @@ -0,0 +1,169 @@ +第五部分 - 如何在 RHEL 7 中管理系统日志(配置、旋转以及导入到数据库) +================================================================================ +为了确保你的 RHEL 7 系统安全,你需要通过查看日志文件监控系统中发生的所有活动。这样,你就可以检测任何不正常或有潜在破坏的活动并进行系统故障排除或者其它恰当的操作。 + +![Linux 中使用 Rsyslog 和 Logrotate 旋转日志文件](http://www.tecmint.com/wp-content/uploads/2015/08/Manage-and-Rotate-Linux-Logs-Using-Rsyslog-Logrotate.jpg) + +(译者注:[日志旋转][9]是系统管理中归档每天产生的日志文件的自动化过程) + +RHCE 考试 - 第五部分:使用 Rsyslog 和 Logrotate 管理系统日志 + +在 RHEL 7 中,[rsyslogd][1] 守护进程负责系统日志,它从 /etc/rsyslog.conf(该文件指定所有系统日志的默认路径)和 /etc/rsyslog.d 中的所有文件(如果有的话)读取配置信息。 + +### Rsyslogd 配置 ### + +快速浏览一下 [rsyslog.conf][2] 会是一个好的开端。该文件分为 3 个主要部分:模块(rsyslong 按照模块化设计),全局指令(用于设置 rsyslogd 守护进程的全局属性),以及规则。正如你可能猜想的,最后一个部分指示获取,显示以及在哪里保存什么的日志(也称为选择子),这也是这篇博文关注的重点。 + +rsyslog.conf 中典型的一行如下所示: + +![Rsyslogd 配置](http://www.tecmint.com/wp-content/uploads/2015/08/Rsyslogd-Configuration.png) + +Rsyslogd 配置 + +在上面的图片中,我们可以看到一个选择子包括了一个或多个用分号分隔的设备:优先级(Facility:Priority)对,其中设备描述了消息类型(参考 [RFC 3164 4.1.1 章节][3] 查看 rsyslog 可用的完整设备列表),优先级指示它的严重性,这可能是以下几种之一: + +- debug +- info +- notice +- warning +- err +- crit +- alert +- emerg + +尽管自身并不是一个优先级,关键字 none 意味着指定设备没有任何优先级。 + +**注意**:给定一个优先级表示该优先级以及之上的消息都应该记录到日志中。因此,上面例子中的行指示 rsyslogd 守护进程记录所有优先级为 info 以及以上(不管是什么设备)的除了属于 mail、authpriv、以及 cron 服务(不考虑来自这些设备的消息)的消息到 /var/log/messages。 + +你也可以使用逗号将多个设备分为一组,对同组中的设备使用相同的优先级。例如下面这行: + + *.info;mail.none;authpriv.none;cron.none /var/log/messages + +也可以这样写: + + *.info;mail,authpriv,cron.none /var/log/messages + +换句话说,mail、authpriv 以及 cron 被分为一组,并使用关键字 none。 + +#### 创建自定义日志文件 #### + +要把所有的守护进程消息记录到 /var/log/tecmint.log,我们需要在 rsyslog.conf 或者 /etc/rsyslog.d 目录中的单独文件(易于管理)添加下面一行: + + daemon.* /var/log/tecmint.log + +然后重启守护进程(注意服务名称不以 d 结尾): + + # systemctl restart rsyslog + +在随机重启两个守护进程之前和之后查看自定义日志的内容: + +![Linux 创建自定义日志文件](http://www.tecmint.com/wp-content/uploads/2015/08/Create-Custom-Log-File.png) + +创建自定义日志文件 + +作为一个自学练习,我建议你重点关注设备和优先级,添加额外的消息到已有的日志文件或者像上面那样创建一个新的日志文件。 + +### 使用 Logrotate 旋转日志 ### + +为了防止日志文件无限制增长,logrotate 工具用于旋转、压缩、移除或者通过电子邮件发送日志,从而减轻管理会产生大量日志文件系统的困难。 + +Logrotate 作为一个 cron 作业(/etc/cron.daily/logrotate)每天运行,并从 /etc/logrotate.conf 和 /etc/logrotate.d 中的文件(如果有的话)读取配置信息。 + +对于 rsyslog,即使你可以在主文件中为指定服务包含设置,为每个服务创建单独的配置文件能帮助你更好地组织设置。 + +让我们来看一个典型的 logrotate.conf: + +![Logrotate 配置](http://www.tecmint.com/wp-content/uploads/2015/08/Logrotate-Configuration.png) + +Logrotate 配置 + +在上面的例子中,logrotate 会为 /var/log/wtmp 进行以下操作:尝试每个月旋转一次,但至少文件要大于 1MB,然后用 0664 权限、用户 root、组 utmp 创建一个新的日志文件。下一步只保存一个归档日志,正如旋转指令指定的: + +![每月 Logrotate 日志](http://www.tecmint.com/wp-content/uploads/2015/08/Logrotate-Logs-Monthly.png) + +每月 Logrotate 日志 + +让我们再来看看 /etc/logrotate.d/httpd 中的另一个例子: + +![旋转 Apache 日志文件](http://www.tecmint.com/wp-content/uploads/2015/08/Rotate-Apache-Log-Files.png) + +旋转 Apache 日志文件 + +你可以在 logrotate 的 man 手册([man logrotate][4] 和 [man logrotate.conf][5])中阅读更多有关它的设置。为了方便你的阅读,本文还提供了两篇文章的 PDF 格式。 + +作为一个系统工程师,很可能由你决定多久按照什么格式保存一次日志,取决于你是否有一个单独的分区/逻辑卷给 /var。否则,你真的要考虑删除旧日志以节省存储空间。另一方面,根据你公司和客户内部的政策,为了以后的安全审核,你可能被迫要保留多个日志。 + +#### 保存日志到数据库 #### + +当然检查日志可能是一个很繁琐的工作(即使有类似 grep 工具和正则表达式的帮助)。因为这个原因,rsyslog 允许我们把它们导出到数据库(OTB 支持的关系数据库管理系统包括 MySQL、MariaDB、PostgreSQL 和 Oracle)。 + +指南的这部分假设你已经在要管理日志的 RHEL 7 上安装了 MariaDB 服务器和客户端: + + # yum update && yum install mariadb mariadb-server mariadb-client rsyslog-mysql + # systemctl enable mariadb && systemctl start mariadb + +然后使用 `mysql_secure_installation` 工具为 root 用户设置密码以及其它安全考量: + + +![保证 MySQL 数据库安全](http://www.tecmint.com/wp-content/uploads/2015/08/Secure-MySQL-Database.png) + +保证 MySQL 数据库安全 + +注意:如果你不想用 MariaDB root 用户插入日志消息到数据库,你也可以配置用另一个用户账户。如何实现的介绍已经超出了本文的范围,但在 [MariaDB 知识][6] 中有详细解析。为了简单在这篇指南中我们会使用 root 账户。 + +下一步,从 [GitHub][7] 下载 createDB.sql 脚本并导入到你的数据库服务器: + + # mysql -u root -p < createDB.sql + +![保存服务器日志到数据库](http://www.tecmint.com/wp-content/uploads/2015/08/Save-Server-Logs-to-Database.png) + +保存服务器日志到数据库 + +最后,添加下面的行到 /etc/rsyslog.conf: + + $ModLoad ommysql + $ActionOmmysqlServerPort 3306 + *.* :ommysql:localhost,Syslog,root,YourPasswordHere + +重启 rsyslog 和数据库服务器: + + # systemctl restart rsyslog + # systemctl restart mariadb + +#### 使用 SQL 语法查询日志 #### + +现在执行一些会改变日志的操作(例如停止和启动服务),然后登陆到你的 DB 服务器并使用标准的 SQL 命令显示和查询日志: + + USE Syslog; + SELECT ReceivedAt, Message FROM SystemEvents; + +![在数据库中查询日志](http://www.tecmint.com/wp-content/uploads/2015/08/Query-Logs-in-Database.png) + +在数据库中查询日志 + +### 总结 ### + +在这篇文章中我们介绍了如何设置系统日志,如果旋转日志以及为了简化查询如何重定向消息到数据库。我们希望这些技巧能对你准备 [RHCE 考试][8] 和日常工作有所帮助。 + +正如往常,非常欢迎你的反馈。用下面的表单和我们联系吧。 + +-------------------------------------------------------------------------------- + +via: http://www.tecmint.com/manage-linux-system-logs-using-rsyslogd-and-logrotate/ + +作者:[Gabriel Cánepa][a] +译者:[ictlyh](http://www.mutouxiaogui.cn/blog/) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://www.tecmint.com/author/gacanepa/ +[1]:http://www.tecmint.com/wp-content/pdf/rsyslogd.pdf +[2]:http://www.tecmint.com/wp-content/pdf/rsyslog.conf.pdf +[3]:https://tools.ietf.org/html/rfc3164#section-4.1.1 +[4]:http://www.tecmint.com/wp-content/pdf/logrotate.pdf +[5]:http://www.tecmint.com/wp-content/pdf/logrotate.conf.pdf +[6]:https://mariadb.com/kb/en/mariadb/create-user/ +[7]:https://github.com/sematext/rsyslog/blob/master/plugins/ommysql/createDB.sql +[8]:http://www.tecmint.com/how-to-setup-and-configure-static-network-routing-in-rhel/ +[9]:https://en.wikipedia.org/wiki/Log_rotation \ No newline at end of file diff --git a/translated/tech/RHCSA/RHCSA Series--Part 01--Reviewing Essential Commands and System Documentation.md b/translated/tech/RHCSA/RHCSA Series--Part 01--Reviewing Essential Commands and System Documentation.md deleted file mode 100644 index 93c2787c7e..0000000000 --- a/translated/tech/RHCSA/RHCSA Series--Part 01--Reviewing Essential Commands and System Documentation.md +++ /dev/null @@ -1,320 +0,0 @@ -[translating by xiqingongzi] - -RHCSA系列: 复习基础命令及系统文档 – 第一部分 -================================================================================ -RHCSA (红帽认证系统工程师) 是由给商业公司提供开源操作系统和软件的RedHat公司举行的认证考试, 除此之外,红帽公司还为这些企业和机构提供支持、训练以及咨询服务 - -![RHCSA Exam Guide](http://www.tecmint.com/wp-content/uploads/2015/02/RHCSA-Series-by-Tecmint.png) - -RHCSA 考试准备指南 - -RHCSA 考试(考试编号 EX200)通过后可以获取由Red Hat 公司颁发的证书. RHCSA 考试是RHCT(红帽认证技师)的升级版,而且RHCSA必须在新的Red Hat Enterprise Linux(红帽企业版)下完成.RHCT和RHCSA的主要变化就是RHCT基于 RHEL5 , 而RHCSA基于RHEL6或者7, 这两个认证的等级也有所不同. - -红帽认证管理员所会的最基础的是在红帽企业版的环境下执行如下系统管理任务: - -- 理解并会使用命令管理文件、目录、命令行以及系统/软件包的文档 -- 使用不同的启动等级启动系统,认证和控制进程,启动或停止虚拟机 -- 使用分区和逻辑卷管理本地存储 -- 创建并且配置本地文件系统和网络文件系统,设置他们的属性(许可、加密、访问控制表) -- 部署、配置、并且控制系统,包括安装、升级和卸载软件 -- 管理系统用户和组,独立使用集中制的LDAP目录权限控制 -- 确保系统安全,包括基础的防火墙规则和SELinux配置 - - -关于你所在国家的考试注册费用参考 [RHCSA Certification page][1]. - -关于你所在国家的考试注册费用参考RHCSA 认证页面 - - -在这个有15章的RHCSA(红帽认证管理员)备考系列,我们将覆盖以下的关于红帽企业Linux第七版的最新的信息 - -- Part 1: 回顾必会的命令和系统文档 -- Part 2: 在RHEL7如何展示文件和管理目录 -- Part 3: 在RHEL7中如何管理用户和组 -- Part 4: 使用nano和vim管理命令/ 使用grep和正则表达式分析文本 -- Part 5: RHEL7的进程管理:启动,关机,以及其他介于二者之间的. -- Part 6: 使用 'Parted'和'SSM'来管理和加密系统存储 -- Part 7: 使用ACLs(访问控制表)并挂载 Samba /NFS 文件分享 -- Part 8: 加固SSH,设置主机名并开启网络服务 -- Part 9: 安装、配置和加固一个Web,FTP服务器 -- Part 10: Yum 包管理方式,使用Cron进行自动任务管理以及监控系统日志 -- Part 11: 使用FirewallD和Iptables设置防火墙,控制网络流量 -- Part 12: 使用Kickstart 自动安装RHEL 7 -- Part 13: RHEL7:什么是SeLinux?他的原理是什么? -- Part 14: 在RHEL7 中使用基于LDAP的权限控制 -- Part 15: RHEL7的虚拟化:KVM 和虚拟机管理 - -在第一章,我们讲解如何输入和运行正确的命令在终端或者Shell窗口,并且讲解如何找到、插入,以及使用系统文档 - -![RHCSA: Reviewing Essential Linux Commands – Part 1](http://www.tecmint.com/wp-content/uploads/2015/02/Reviewing-Essential-Linux-Commands.png) - -RHCSA:回顾必会的Linux命令 - 第一部分 - -#### 前提: #### - -至少你要熟悉如下命令 - -- [cd command][2] (改变目录) -- [ls command][3] (列举文件) -- [cp command][4] (复制文件) -- [mv command][5] (移动或重命名文件) -- [touch command][6] (创建一个新的文件或更新已存在文件的时间表) -- rm command (删除文件) -- mkdir command (创建目录) - -在这篇文章中你将会找到更多的关于如何更好的使用他们的正确用法和特殊用法. - -虽然没有严格的要求,但是作为讨论常用的Linux命令和方法,你应该安装RHEL7 来尝试使用文章中提到的命令.这将会使你学习起来更省力. - -- [红帽企业版Linux(RHEL)7 安装指南][7] - -### 使用Shell进行交互 ### -如果我们使用文本模式登陆Linux,我们就无法使用鼠标在默认的shell。另一方面,如果我们使用图形化界面登陆,我们将会通过启动一个终端来开启shell,无论那种方式,我们都会看到用户提示,并且我们可以开始输入并且执行命令(当按下Enter时,命令就会被执行) - - -当我们使用文本模式登陆Linux时, -命令是由两个部分组成的: - -- 命令本身 -- 参数 - -某些参数,称为选项(通常使用一个连字符区分),改变了由其他参数定义的命令操作. - -命令的类型可以帮助我们识别某一个特定的命令是由shell内建的还是由一个单独的包提供。这样的区别在于我们能够找到更多关于该信息的命令,对shell内置的命令,我们需要看shell的ManPage,如果是其他提供的,我们需要看它自己的ManPage. - -![Check Shell built in Commands](http://www.tecmint.com/wp-content/uploads/2015/02/Check-shell-built-in-Commands.png) - -检查Shell的内建命令 - -在上面的例子中, cd 和 type 是shell内建的命令,top和 less 是由其他的二进制文件提供的(在这种情况下,type将返回命令的位置) -其他的内建命令 - -- [echo command][8]: 展示字符串 -- [pwd command][9]: 输出当前的工作目录 - -![More Built in Shell Commands](http://www.tecmint.com/wp-content/uploads/2015/02/More-Built-in-Shell-Commands.png) - -更多内建函数 - -**exec 命令** - -运行我们指定的外部程序。请注意,最好是只输入我们想要运行的程序的名字,不过exec命令有一个特殊的特性:使用旧的shell运行,而不是创建新的进程,可以作为子请求的验证. - - # ps -ef | grep [shell 进程的PID] - -当新的进程注销,Shell也随之注销,运行 exec top 然后按下 q键来退出top,你会注意到shell 会话会结束,如下面的屏幕录像展示的那样: - -注:youtube视频 - - -**export 命令** - -输出之后执行的命令的环境的变量 - -**history 命令** - -展示数行之前的历史命令.在感叹号前输入命令编号可以再次执行这个命令.如果我们需要编辑历史列表中的命令,我们可以按下 Ctrl + r 并输入与命令相关的第一个字符. -当我们看到的命令自动补全,我们可以根据我们目前的需要来编辑它: - -注:youtube视频 - - -命令列表会保存在一个叫 .bash_history的文件里.history命令是一个非常有用的用于减少输入次数的工具,特别是进行命令行编辑的时候.默认情况下,bash保留最后输入的500个命令,不过可以通过修改 HISTSIZE 环境变量来增加: - - -![Linux history Command](http://www.tecmint.com/wp-content/uploads/2015/02/Linux-history-Command.png) - -Linux history 命令 - -但上述变化,在我们的下一次启动不会保留。为了保持HISTSIZE变量的变化,我们需要通过手工修改文件编辑: - - # 设置history请看 HISTSIZE 和 HISTFILESIZE 在 bash(1)的文档 - HISTSIZE=1000 - -**重要**: 我们的更改不会生效,除非我们重启了系统 - -**alias 命令** -没有参数或使用-p参数将会以 名称=值的标准形式输出alias 列表.当提供了参数时,一个alias 将被定义给给定的命令和值 - -使用alias ,我们可以创建我们自己的命令,或修改现有的命令,包括需要的参数.举个例子,假设我们想别名 ls 到 ls –color=auto ,这样就可以使用不同颜色输出文件、目录、链接 - - - # alias ls='ls --color=auto' - -![Linux alias Command](http://www.tecmint.com/wp-content/uploads/2015/02/Linux-alias-Command.png) - -Linux 别名命令 - -**Note**: 你可以给你的新命令起任何的名字,并且附上足够多的使用单引号分割的参数,但是这样的情况下你要用分号区分开他们. - - # alias myNewCommand='cd /usr/bin; ls; cd; clear' - -**exit 命令** - -Exit和logout命令都是退出shell.exit命令退出所有的shell,logout命令只注销登陆的shell,其他的自动以文本模式启动的shell不算. - -如果我们对某个程序由疑问,我们可以看他的man Page,可以使用man命令调出它,额外的,还有一些重要的文件的手册页(inittab,fstab,hosts等等),库函数,shells,设备及其他功能 - -#### 举例: #### - -- man uname (输出系统信息,如内核名称、处理器、操作系统类型、架构等). -- man inittab (初始化守护设置). - -另外一个重要的信息的来源就是info命令提供的,info命令常常被用来读取信息文件.这些文件往往比manpage 提供更多信息.通过info 关键词调用某个命令的信息 - - # info ls - # info cut - - -另外,在/usr/share/doc 文件夹包含了大量的子目录,里面可以找到大量的文档.他们包含文本文件或其他友好的格式. -确保你使用这三种方法去查找命令的信息。重点关注每个命令文档中介绍的详细的语法 - -**使用expand命令把tabs转换为空格** - -有时候文本文档包含了tabs但是程序无法很好的处理的tabs.或者我们只是简单的希望将tabs转换成空格.这就是为什么expand (GNU核心组件提供)工具出现, - -举个例子,给我们一个文件 NumberList.txt,让我们使用expand处理它,将tabs转换为一个空格.并且以标准形式输出. - - # expand --tabs=1 NumbersList.txt - -![Linux expand Command](http://www.tecmint.com/wp-content/uploads/2015/02/Linux-expand-Command.png) - -Linux expand 命令 - -unexpand命令可以实现相反的功能(将空格转为tab) - -**使用head输出文件首行及使用tail输出文件尾行** - -通常情况下,head命令后跟着文件名时,将会输出该文件的前十行,我们可以通过 -n 参数来自定义具体的行数。 - - # head -n3 /etc/passwd - # tail -n3 /etc/passwd - -![Linux head and tail Command](http://www.tecmint.com/wp-content/uploads/2015/02/Linux-head-and-tail-Command.png) - -Linux 的 head 和 tail 命令 - -tail 最有意思的一个特性就是能够展现信息(最后一行)就像我们输入文件(tail -f my.log,一行一行的,就像我们在观察它一样。)这在我们监控一个持续增加的日志文件时非常有用 - -更多: [Manage Files Effectively using head and tail Commands][10] - -**使用paste合并文本文件** -paste命令一行一行的合并文件,默认会以tab来区分每一行,或者其他你自定义的分行方式.(下面的例子就是输出使用等号划分行的文件). - # paste -d= file1 file2 - -![Merge Files in Linux](http://www.tecmint.com/wp-content/uploads/2015/02/Merge-Files-in-Linux-with-paste-command.png) - -Merge Files in Linux - -**使用split命令将文件分块** - -split 命令常常用于把一个文件切割成两个或多个文由我们自定义的前缀命名的件文件.这些文件可以通过大小、区块、行数,生成的文件会有一个数字或字母的后缀.在下面的例子中,我们将切割bash.pdf ,每个文件50KB (-b 50KB) ,使用命名后缀 (-d): - - # split -b 50KB -d bash.pdf bash_ - -![Split Files in Linux](http://www.tecmint.com/wp-content/uploads/2015/02/Split-Files-in-Linux-with-split-command.png) - -在Linux下划分文件 - -你可以使用如下命令来合并这些文件,生成源文件: - - # cat bash_00 bash_01 bash_02 bash_03 bash_04 bash_05 > bash.pdf - -**使用tr命令改变字符** - -tr 命令多用于变化(改变)一个一个的字符活使用字符范围.和之前一样,下面的实例我们江使用同样的文件file2,我们将实习: - -- 小写字母 o 变成大写 -- 所有的小写字母都变成大写字母 - - # cat file2 | tr o O - # cat file2 | tr [a-z] [A-Z] - -![Translate Characters in Linux](http://www.tecmint.com/wp-content/uploads/2015/02/Translate-characters-in-Linux-with-tr-command.png) - -在Linux中替换文字 - -**使用uniq和sort检查或删除重复的文字** - -uniq命令可以帮我们查出或删除文件中的重复的行,默认会写出到stdout.我们应当注意, uniq 只能查出相邻的两个相同的单纯,所以, uniq 往往和sort 一起使用(sort一般用于对文本文件的内容进行排序) - - -默认的,sort 以第一个参数(使用空格区分)为关键字.想要定义特殊的关键字,我们需要使用 -k参数,请注意如何使用sort 和uniq输出我们想要的字段,具体可以看下面的例子 - - # cat file3 - # sort file3 | uniq - # sort -k2 file3 | uniq - # sort -k3 file3 | uniq - -![删除文件中重复的行](http://www.tecmint.com/wp-content/uploads/2015/02/Remove-Duplicate-Lines-in-file.png) - -删除文件中重复的行 - -**从文件中提取文本的命令** - -Cut命令基于字节(-b),字符(-c),或者区块(-f)从stdin活文件中提取到的部分将会以标准的形式展现在屏幕上 - -当我们使用区块切割时,默认的分隔符是一个tab,不过你可以通过 -d 参数来自定义分隔符. - - # cut -d: -f1,3 /etc/passwd # 这个例子提取了第一块和第三块的文本 - # cut -d: -f2-4 /etc/passwd # 这个例子提取了第一块到第三块的文本 - -![从文件中提取文本](http://www.tecmint.com/wp-content/uploads/2015/02/Extract-Text-from-a-file.png) - -从文件中提取文本 - - -注意,上方的两个输出的结果是十分简洁的。 - -**使用fmt命令重新格式化文件** - -fmt 被用于去“清理”有大量内容或行的文件,或者有很多缩进的文件.新的锻炼格式每行不会超过75个字符款,你能改变这个设定通过 -w(width 宽度)参数,它可以设置行宽为一个特定的数值 - -举个例子,让我们看看当我们用fmt显示定宽为100个字符的时候的文件/etc/passwd 时会发生什么.再来一次,输出值变得更加简洁. - - # fmt -w100 /etc/passwd - -![File Reformatting in Linux](http://www.tecmint.com/wp-content/uploads/2015/02/File-Reformatting-in-Linux-with-fmt-command.png) - -Linux文件重新格式化 - -**使用pr命令格式化打印内容** - -pr 分页并且在列中展示一个或多个用于打印的文件. 换句话说,使用pr格式化一个文件使他打印出来时看起来更好.举个例子,下面这个命令 - - # ls -a /etc | pr -n --columns=3 -h "Files in /etc" - -以一个友好的排版方式(3列)输出/etc下的文件,自定义了页眉(通过 -h 选项实现),行号(-n) - -![File Formatting in Linux](http://www.tecmint.com/wp-content/uploads/2015/02/File-Formatting-in-Linux-with-pr-command.png) - -Linux的文件格式 - -### 总结 ### - -在这篇文章中,我们已经讨论了如何在Shell或终端以正确的语法输入和执行命令,并解释如何找到,检查和使用系统文档。正如你看到的一样简单,这就是你成为RHCSA的第一大步 - -如果你想添加一些其他的你经常使用的能够有效帮你完成你的日常工作的基础命令,并为分享他们而感到自豪,请在下方留言.也欢迎提出问题.我们期待您的回复. - - --------------------------------------------------------------------------------- - -via: http://www.tecmint.com/rhcsa-exam-reviewing-essential-commands-system-documentation/ - -作者:[Gabriel Cánepa][a] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:http://www.tecmint.com/author/gacanepa/ -[1]:https://www.redhat.com/en/services/certification/rhcsa -[2]:http://www.tecmint.com/cd-command-in-linux/ -[3]:http://www.tecmint.com/ls-command-interview-questions/ -[4]:http://www.tecmint.com/advanced-copy-command-shows-progress-bar-while-copying-files/ -[5]:http://www.tecmint.com/rename-multiple-files-in-linux/ -[6]:http://www.tecmint.com/8-pratical-examples-of-linux-touch-command/ -[7]:http://www.tecmint.com/redhat-enterprise-linux-7-installation/ -[8]:http://www.tecmint.com/echo-command-in-linux/ -[9]:http://www.tecmint.com/pwd-command-examples/ -[10]:http://www.tecmint.com/view-contents-of-file-in-linux/ diff --git a/translated/tech/RHCSA/RHCSA Series--Part 03--How to Manage Users and Groups in RHEL 7.md b/translated/tech/RHCSA/RHCSA Series--Part 03--How to Manage Users and Groups in RHEL 7.md new file mode 100644 index 0000000000..1436621c4e --- /dev/null +++ b/translated/tech/RHCSA/RHCSA Series--Part 03--How to Manage Users and Groups in RHEL 7.md @@ -0,0 +1,224 @@ +RHCSA 系列: 如何管理RHEL7的用户和组 – Part 3 +================================================================================ +和管理其他Linux服务器一样,管理一个 RHEL 7 服务器 要求你能够添加,修改,暂停或删除用户帐户,并且授予他们文件,目录,其他系统资源所必要的权限。 +![User and Group Management in Linux](http://www.tecmint.com/wp-content/uploads/2015/03/User-and-Group-Management-in-Linux.png) + +RHCSA: 用户和组管理 – Part 3 + +### 管理用户帐户## + +如果想要给RHEL 7 服务器添加账户,你需要以root用户执行如下两条命令 + + # adduser [new_account] + # useradd [new_account] + +当添加新的用户帐户时,默认会执行下列操作。 + +- 他/她 的主目录就会被创建(一般是"/home/用户名",除非你特别设置) +- 一些隐藏文件 如`.bash_logout`, `.bash_profile` 以及 `.bashrc` 会被复制到用户的主目录,并且会为用户的回话提供环境变量.你可以进一步查看他们的相关细节。 +- 会为您的账号添加一个邮件池目录 +- 会创建一个和用户名同样的组 + +用户帐户的全部信息被保存在`/etc/passwd `文件。这个文件以如下格式保存了每一个系统帐户的所有信息(以:分割) + [username]:[x]:[UID]:[GID]:[Comment]:[Home directory]:[Default shell] + +- `[username]` 和`[Comment]` 是用于自我解释的 +- ‘x’表示帐户的密码保护(详细在`/etc/shadow`文件),就是我们用于登录的`[username]`. +- `[UID]` 和`[GID]`是用于显示`[username]` 的 用户认证和主用户组。 + +最后, + +- `[Home directory]`显示`[username]`的主目录的绝对路径 +- `[Default shell]` 是当用户登录系统后使用的默认shell + +另外一个你必须要熟悉的重要的文件是存储组信息的`/etc/group`.因为和`/etc/passwd`类似,所以也是由:分割 + [Group name]:[Group password]:[GID]:[Group members] + + + +- `[Group name]` 是组名 +- 这个组是否使用了密码 (如果是"X"意味着没有). +- `[GID]`: 和`/etc/passwd`中一样 +- `[Group members]`:用户列表,使用,隔开。里面包含组内的所有用户 + +添加过帐户后,任何时候你都可以通过 usermod 命令来修改用户战壕沟,基础的语法如下: + # usermod [options] [username] + +相关阅读 + +- [15 ‘useradd’ Command Examples][1] +- [15 ‘usermod’ Command Examples][2] + +#### 示例1 : 设置帐户的过期时间 #### + +如果你的公司有一些短期使用的帐户或者你相应帐户在有限时间内使用,你可以使用 `--expiredate` 参数 ,后加YYYY-MM-DD格式的日期。为了查看是否生效,你可以使用如下命令查看 + # chage -l [username] + +帐户更新前后的变动如下图所示 +![Change User Account Information](http://www.tecmint.com/wp-content/uploads/2015/03/Change-User-Account-Information.png) + +修改用户信息 + +#### 示例 2: 向组内追加用户 #### + +除了创建用户时的主用户组,一个用户还能被添加到别的组。你需要使用 -aG或 -append -group 选项,后跟逗号分隔的组名 +#### 示例 3: 修改用户主目录或默认Shell #### + +如果因为一些原因,你需要修改默认的用户主目录(一般为 /home/用户名),你需要使用 -d 或 -home 参数,后跟绝对路径来修改主目录 +如果有用户想要使用其他的shell来取代bash(比如sh ),一般默认是bash .使用 usermod ,并使用 -shell 的参数,后加新的shell的路径 +#### 示例 4: 展示组内的用户 #### + +当把用户添加到组中后,你可以使用如下命令验证属于哪一个组 + + # groups [username] + # id [username] + +下面图片的演示了示例2到示例四 + +![Adding User to Supplementary Group](http://www.tecmint.com/wp-content/uploads/2015/03/Adding-User-to-Supplementary-Group.png) + +添加用户到额外的组 + +在上面的示例中: + + # usermod --append --groups gacanepa,users --home /tmp --shell /bin/sh tecmint + +如果想要从组内删除用户,省略 `--append` 切换,并且可以使用 `--groups` 来列举组内的用户 + +#### 示例 5: 通过锁定密码来停用帐户 #### + +如果想要关闭帐户,你可以使用 -l(小写的L)或 -lock 选项来锁定用户的密码。这将会阻止用户登录。 + +#### 示例 6: 解锁密码 #### + +当你想要重新启用帐户让他可以继续登录时,属于 -u 或 –unlock 选项来解锁用户的密码,就像示例5 介绍的那样 + + # usermod --unlock tecmint + +下面的图片展示了示例5和示例6 + +![Lock Unlock User Account](http://www.tecmint.com/wp-content/uploads/2015/03/Lock-Unlock-User-Account.png) + +锁定上锁用户 + +#### 示例 7:删除组和用户 #### + +如果要删除一个组,你需要使用 groupdel ,如果需要删除用户 你需要使用 userdel (添加 -r 可以删除主目录和邮件池的内容) + # groupdel [group_name] # 删除组 + # userdel -r [user_name] # 删除用户,并删除主目录和邮件池 + +如果一些文件属于组,他们将不会被删除。但是组拥有者将会被设置为删除掉的组的GID +### 列举,设置,并且修改 ugo/rwx 权限 ### + +著名的 [ls 命令][3] 是管理员最好的助手. 当我们使用 -l 参数, 这个工具允许您查看一个目录中的内容(或详细格式). + +而且,该命令还可以应用于单个文件中。无论哪种方式,在“ls”输出中的前10个字符表示每个文件的属性。 +这10个字符序列的第一个字符用于表示文件类型: + +- – (连字符): 一个标准文件 +- d: 一个目录 +- l: 一个符号链接 +- c: 字符设备(将数据作为字节流,即一个终端) +- b: 块设备(处理数据块,即存储设备) + +文件属性的下一个九个字符,分为三个组,被称为文件模式,并注明读(r),写(w),并执行(x)授予文件的所有者,文件的所有组,和其他的用户(通常被称为“世界”)。 +在文件的读取权限允许打开和读取相同的权限时,允许其内容被列出,如果还设置了执行权限,还允许它作为一个程序和运行。 +文件权限是通过chmod命令改变的,它的基本语法如下: + + # chmod [new_mode] file + +new_mode是一个八进制数或表达式,用于指定新的权限。适合每一个随意的案例。或者您已经有了一个更好的方式来设置文件的权限,所以你觉得可以自由地使用最适合你自己的方法。 +八进制数可以基于二进制等效计算,可以从所需的文件权限的文件的所有者,所有组,和世界。一定权限的存在等于2的幂(R = 22,W = 21,x = 20),没有时意为0。例如: +![File Permissions](http://www.tecmint.com/wp-content/uploads/2015/03/File-Permissions.png) + +文件权限 + +在八进制形式下设置文件的权限,如上图所示 + + # chmod 744 myfile + +请用一分钟来对比一下我们以前的计算,在更改文件的权限后,我们的实际输出为: + +![Long List Format](http://www.tecmint.com/wp-content/uploads/2015/03/Long-List-Format.png) + +长列表格式 + +#### 示例 8: 寻找777权限的文件 #### + +出于安全考虑,你应该确保在正常情况下,尽可能避免777权限(读、写、执行的文件)。虽然我们会在以后的教程中教你如何更有效地找到所有的文件在您的系统的权限集的说明,你现在仍可以使用LS grep获取这种信息。 +在下面的例子,我们会寻找 /etc 目录下的777权限文件. 注意,我们要使用第二章讲到的管道的知识[第二章:文件和目录管理][4]: + + # ls -l /etc | grep rwxrwxrwx + +![Find All Files with 777 Permission](http://www.tecmint.com/wp-content/uploads/2015/03/Find-All-777-Files.png) + +查找所有777权限的文件 + +#### 示例 9: 为所有用户指定特定权限 #### + +shell脚本,以及一些二进制文件,所有用户都应该有权访问(不只是其相应的所有者和组),应该有相应的执行权限(我们会讨论特殊情况下的问题): + # chmod a+x script.sh + +**注意**: 我们可以设置文件模式使用表示用户权限的字母如“u”,组所有者权限的字母“g”,其余的为o 。所有权限为a.权限可以通过`+` 或 `-` 来管理。 + +![Set Execute Permission on File](http://www.tecmint.com/wp-content/uploads/2015/03/Set-Execute-Permission-on-File.png) + +为文件设置执行权限 + +长目录列表还显示了该文件的所有者和其在第一和第二列中的组主。此功能可作为系统中文件的第一级访问控制方法: + +![Check File Owner and Group](http://www.tecmint.com/wp-content/uploads/2015/03/Check-File-Owner-and-Group.png) + +检查文件的属主和属组 + +改变文件的所有者,您将使用chown命令。请注意,您可以在同一时间或单独的更改文件的所有权: + # chown user:group file + +虽然可以在同一时间更改用户或组,或在同一时间的两个属性,但是不要忘记冒号区分,如果你想要更新其他属性,让另外的选项保持空白: + # chown :group file # Change group ownership only + # chown user: file # Change user ownership only + +#### 示例 10:从一个文件复制权限到另一个文件#### + +If you would like to “clone” ownership from one file to another, you can do so using the –reference flag, as follows: +如果你想“克隆”一个文件的所有权到另一个,你可以这样做,使用–reference参数,如下: + # chown --reference=ref_file file + +ref_file的所有信息会复制给 file + +![Clone File Ownership](http://www.tecmint.com/wp-content/uploads/2015/03/Clone-File-Ownership.png) + +复制文件属主信息 + +### 设置 SETGID 协作目录 ### + +你应该授予在一个特定的目录中拥有访问所有的文件的权限给一个特点的用户组,你将有可能使用目录设置setgid的方法。当setgid后设置,真实用户的有效GID成为团队的主人。 +因此,任何用户都可以访问该文件的组所有者授予的权限的文件。此外,当setgid设置在一个目录中,新创建的文件继承同一组目录,和新创建的子目录也将继承父目录的setgid。 + # chmod g+s [filename] + +为了设置 setgid 在八进制形式,预先准备好数字2 来给基本的权限 + # chmod 2755 [directory] + +### 总结 ### + +扎实的用户和组管理知识,符合规则的,Linux权限管理,以及部分实践,可以帮你快速解决RHEL 7 服务器的文件权限。 +我向你保证,当你按照本文所概述的步骤和使用系统文档(和第一章解释的那样 [Part 1: Reviewing Essential Commands & System Documentation][5] of this series) 你将掌握基本的系统管理的能力。 + +请随时让我们知道你是否有任何问题或意见使用下面的表格。 + +-------------------------------------------------------------------------------- + +via: http://www.tecmint.com/rhcsa-exam-manage-users-and-groups/ + +作者:[Gabriel Cánepa][a] +译者:[xiqingongzi](https://github.com/xiqingongzi) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://www.tecmint.com/author/gacanepa/ +[1]:http://www.tecmint.com/add-users-in-linux/ +[2]:http://www.tecmint.com/usermod-command-examples/ +[3]:http://www.tecmint.com/ls-interview-questions/ +[4]:http://www.tecmint.com/file-and-directory-management-in-linux/ +[5]:http://www.tecmint.com/rhcsa-exam-reviewing-essential-commands-system-documentation/ diff --git a/translated/tech/RHCSA/RHCSA Series--Part 09--Installing, Configuring and Securing a Web and FTP Server.md b/translated/tech/RHCSA/RHCSA Series--Part 09--Installing, Configuring and Securing a Web and FTP Server.md new file mode 100644 index 0000000000..190c32ece5 --- /dev/null +++ b/translated/tech/RHCSA/RHCSA Series--Part 09--Installing, Configuring and Securing a Web and FTP Server.md @@ -0,0 +1,175 @@ +RHCSA 系列: 安装,配置及加固一个 Web 和 FTP 服务器 – Part 9 +================================================================================ +Web 服务器(也被称为 HTTP 服务器)是在网络中将内容(最为常见的是网页,但也支持其他类型的文件)进行处理并传递给客户端的服务。 + +FTP 服务器是最为古老且最常使用的资源之一(即便到今天也是这样),在身份认证不是必须的情况下,它可使得在一个网络里文件对于客户端可用,因为 FTP 使用没有加密的用户名和密码。 + +在 RHEL 7 中可用的 web 服务器是版本号为 2.4 的 Apache HTTP 服务器。至于 FTP 服务器,我们将使用 Very Secure Ftp Daemon (又名 vsftpd) 来建立用 TLS 加固的连接。 + +![配置和加固 Apache 和 FTP 服务器](http://www.tecmint.com/wp-content/uploads/2015/05/Install-Configure-Secure-Apache-FTP-Server.png) + +RHCSA: 安装,配置及加固 Apache 和 FTP 服务器 – Part 9 + +在这篇文章中,我们将解释如何在 RHEL 7 中安装,配置和加固 web 和 FTP 服务器。 + +### 安装 Apache 和 FTP 服务器 ### + +在本指导中,我们将使用一个静态 IP 地址为 192.168.0.18/24 的 RHEL 7 服务器。为了安装 Apache 和 VSFTPD,运行下面的命令: + + # yum update && yum install httpd vsftpd + +当安装完成后,这两个服务在开始时是默认被禁用的,所以我们需要暂时手动开启它们并让它们在下一次启动时自动地开启它们: + + # systemctl start httpd + # systemctl enable httpd + # systemctl start vsftpd + # systemctl enable vsftpd + +另外,我们必须打开 80 和 21 端口,它们分别是 web 和 ftp 守护进程监听的端口,为的是允许从外面访问这些服务: + + # firewall-cmd --zone=public --add-port=80/tcp --permanent + # firewall-cmd --zone=public --add-service=ftp --permanent + # firewall-cmd --reload + +为了确认 web 服务工作正常,打开你的浏览器并输入服务器的 IP,则你应该可以看到如下的测试页面: + +![确认 Apache Web 服务器](http://www.tecmint.com/wp-content/uploads/2015/05/Confirm-Apache-Web-Server.png) + +确认 Apache Web 服务器 + +对于 ftp 服务器,在确保它如期望中的那样工作之前,我们必须进一步地配置它,我们将在几分钟后来做这件事。 + +### 配置并加固 Apache Web 服务器 ### + +Apache 的主要配置文件位于 `/etc/httpd/conf/httpd.conf` 中,但它可能依赖 `/etc/httpd/conf.d` 中的其他文件。 + +尽管默认的配置对于大多数的情形是充分的,熟悉描述在 [官方文档][1] 中的所有可用选项是一个不错的主意。 + +同往常一样,在编辑主配置文件前先做一个备份: + + # cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.$(date +%Y%m%d) + +然后用你钟爱的文本编辑器打开它,并查找下面这些变量: + +- ServerRoot: 服务器的配置,错误和日志文件保存的目录。 +- Listen: 通知 Apache 去监听特定的 IP 地址或端口。 +- Include: 允许包含其他配置文件,这个必须存在,否则,服务器将会崩溃。它恰好与 IncludeOptional 相反,假如特定的配置文件不存在,它将静默地忽略掉它们。 +- User 和 Group: 运行 httpd 服务的用户/组的名称。 +- DocumentRoot: Apache 为你的文档服务的目录。默认情况下,所有的请求将在这个目录中被获取,但符号链接和别名可能会被用于指向其他位置。 +- ServerName: 这个指令将设定用于识别它自身的主机名(或 IP 地址)和端口。 + +安全措施的第一步将包含创建一个特定的用户和组(如 tecmint/tecmint)来运行 web 服务器以及更改默认的端口为一个更高的端口(在这个例子中为 9000): + + ServerRoot "/etc/httpd" + Listen 192.168.0.18:9000 + User tecmint + Group tecmint + DocumentRoot "/var/www/html" + ServerName 192.168.0.18:9000 + +你可以使用下面的命令来测试配置文件: + + # apachectl configtest + +假如一切 OK,接着重启 web 服务器。 + + # systemctl restart httpd + +并别忘了在防火墙中开启新的端口(和禁用旧的端口): + + + # firewall-cmd --zone=public --remove-port=80/tcp --permanent + # firewall-cmd --zone=public --add-port=9000/tcp --permanent + # firewall-cmd --reload + +请注意,由于 SELinux 的策略,你只可使用如下命令所返回的端口来分配给 web 服务器。 + + # semanage port -l | grep -w '^http_port_t' + +假如你想使用另一个端口(如 TCP 端口 8100)来给 httpd 服务,你必须将它加到 SELinux 的端口上下文: + + # semanage port -a -t http_port_t -p tcp 8100 + +![添加 Apache 端口到 SELinux 策略](http://www.tecmint.com/wp-content/uploads/2015/05/Add-Apache-Port-to-SELinux-Policies.png) + +添加 Apache 端口到 SELinux 策略 + +为了进一步加固你安装的 Apache,请遵循以下步骤: + +1. 运行 Apache 的用户不应该拥有访问 shell 的能力: + + # usermod -s /sbin/nologin tecmint + +2. 禁用目录列表功能,为的是阻止浏览器展示一个未包含 index.html 文件的目录里的内容。 + +编辑 `/etc/httpd/conf/httpd.conf` (和虚拟主机的配置文件,假如有的话),并确保 Options 指令在顶级和目录块级别中(注:感觉这里我的翻译不对)都被设置为 None: + + Options None + +3. 在 HTTP 回应中隐藏有关 web 服务器和操作系统的信息。像下面这样编辑文件 `/etc/httpd/conf/httpd.conf`: + + ServerTokens Prod + ServerSignature Off + +现在,你已经做好了从 `/var/www/html` 目录开始服务内容的准备了。 + +### 配置并加固 FTP 服务器 ### + +和 Apache 的情形类似, Vsftpd 的主配置文件 `(/etc/vsftpd/vsftpd.conf)` 带有详细的注释,且虽然对于大多数的应用实例,默认的配置应该足够了,但为了更有效率地操作 ftp 服务器,你应该开始熟悉相关的文档和 man 页 `(man vsftpd.conf)`(对于这点,再多的强调也不为过!)。 + +在我们的示例中,使用了这些指令: + + anonymous_enable=NO + local_enable=YES + write_enable=YES + local_umask=022 + dirmessage_enable=YES + xferlog_enable=YES + connect_from_port_20=YES + xferlog_std_format=YES + chroot_local_user=YES + allow_writeable_chroot=YES + listen=NO + listen_ipv6=YES + pam_service_name=vsftpd + userlist_enable=YES + tcp_wrappers=YES + +通过使用 `chroot_local_user=YES`,(默认情况下)本地用户在登陆之后,将马上被置于一个位于用户家目录的 chroot 环境中(注:这里的翻译也不准确)。这意味着本地用户将不能访问除其家目录之外的任何文件。 + +最后,为了让 ftp 能够在用户的家目录中读取文件,设置如下的 SELinux 布尔值: + + # setsebool -P ftp_home_dir on + +现在,你可以使用一个客户端例如 Filezilla 来连接一个 ftp 服务器: + +![查看 FTP 连接](http://www.tecmint.com/wp-content/uploads/2015/05/Check-FTP-Connection.png) + +查看 FTP 连接 + +注意, `/var/log/xferlog` 日志将会记录下载和上传的情况,这与上图的目录列表一致: + +![监视 FTP 的下载和上传情况](http://www.tecmint.com/wp-content/uploads/2015/05/Monitor-FTP-Download-Upload.png) + +监视 FTP 的下载和上传情况 + +另外请参考: [在 Linux 系统中使用 Trickle 来限制应用使用的 FTP 网络带宽][2] + +### 总结 ### + +在本教程中,我们解释了如何设置 web 和 ftp 服务器。由于这个主题的广泛性,涵盖这些话题的所有方面是不可能的(如虚拟网络主机)。因此,我推荐你也阅读这个网站中有关 [Apache][3] 的其他卓越的文章。 + +-------------------------------------------------------------------------------- + +via: http://www.tecmint.com/rhcsa-series-install-and-secure-apache-web-server-and-ftp-in-rhel/ + +作者:[Gabriel Cánepa][a] +译者:[FSSlc](https://github.com/FSSlc) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://www.tecmint.com/author/gacanepa/ +[1]:http://httpd.apache.org/docs/2.4/ +[2]:http://www.tecmint.com/manage-and-limit-downloadupload-bandwidth-with-trickle-in-linux/ +[3]:http://www.google.com/cse?cx=partner-pub-2601749019656699:2173448976&ie=UTF-8&q=virtual+hosts&sa=Search&gws_rd=cr&ei=Dy9EVbb0IdHisASnroG4Bw#gsc.tab=0&gsc.q=apache diff --git a/translated/tech/RHCSA/RHCSA Series--Part 11--Firewall Essentials and Network Traffic Control Using FirewallD and Iptables.md b/translated/tech/RHCSA/RHCSA Series--Part 11--Firewall Essentials and Network Traffic Control Using FirewallD and Iptables.md new file mode 100644 index 0000000000..80e64c088d --- /dev/null +++ b/translated/tech/RHCSA/RHCSA Series--Part 11--Firewall Essentials and Network Traffic Control Using FirewallD and Iptables.md @@ -0,0 +1,193 @@ +RHCSA 系列: 防火墙简要和使用 FirewallD 和 Iptables 来控制网络流量 – Part 11 +================================================================================ + +简单来说,防火墙就是一个基于一系列预先定义的规则(例如流量包的目的地或来源,流量的类型等)的安全系统,它控制着一个网络中的流入和流出流量。 + +![使用 FirewallD 和 Iptables 来控制网络流量](http://www.tecmint.com/wp-content/uploads/2015/05/Control-Network-Traffic-Using-Firewall.png) + +RHCSA: 使用 FirewallD 和 Iptables 来控制网络流量 – Part 11 + +在本文中,我们将回顾 firewalld 和 iptables 的基础知识。前者是 RHEL 7 中的默认动态防火墙守护进程,而后者则是针对 Linux 的传统的防火墙服务,大多数的系统和网络管理员都非常熟悉它,并且在 RHEL 7 中也可以获取到。 + +### FirewallD 和 Iptables 的一个比较 ### + +在后台, firewalld 和 iptables 服务都通过相同的接口来与内核中的 netfilter 框架相交流,这不足为奇,即它们都通过 iptables 命令来与 netfilter 交互。然而,与 iptables 服务相反, firewalld 可以在不丢失现有连接的情况下,在正常的系统操作期间更改设定。 + +在默认情况下, firewalld 应该已经安装在你的 RHEL 系统中了,尽管它可能没有在运行。你可以使用下面的命令来确认(firewall-config 是用户界面配置工具): + + # yum info firewalld firewall-config + +![检查 FirewallD 的信息](http://www.tecmint.com/wp-content/uploads/2015/05/Check-FirewallD-Information.png) + +检查 FirewallD 的信息 + +以及, + + # systemctl status -l firewalld.service + +![检查 FirewallD 的状态](http://www.tecmint.com/wp-content/uploads/2015/05/Check-FirewallD-Status.png) + +检查 FirewallD 的状态 + +另一方面, iptables 服务在默认情况下没有被包含在 RHEL 系统中,但可以被安装上。 + + # yum update && yum install iptables-services + +这两个守护进程都可以使用常规的 systemd 命令来在开机时被启动和开启: + + # systemctl start firewalld.service | iptables-service.service + # systemctl enable firewalld.service | iptables-service.service + +另外,请阅读:[管理 Systemd 服务的实用命令][1] (注: 本文已被翻译发表,在 https://linux.cn/article-5926-1.html) + +至于配置文件, iptables 服务使用 `/etc/sysconfig/iptables` 文件(假如这个软件包在你的系统中没有被安装,则这个文件将不存在)。在一个被用作集群节点的 RHEL 7 机子上,这个文件长得像这样: + +![Iptables 防火墙配置文件](http://www.tecmint.com/wp-content/uploads/2015/05/Iptables-Rules.png) + +Iptables 防火墙配置文件 + +而 firewalld 则在两个目录中存储它的配置文件,即 `/usr/lib/firewalld` 和 `/etc/firewalld`: + + # ls /usr/lib/firewalld /etc/firewalld + +![FirewallD 的配置文件](http://www.tecmint.com/wp-content/uploads/2015/05/Firewalld-configuration.png) + +FirewallD 的配置文件 + +在这篇文章中后面,我们将进一步查看这些配置文件,在那之后,我们将在各处添加一些规则。 +现在,是时候提醒你了,你总可以使用下面的命令来找到更多有关这两个工具的信息。 + + # man firewalld.conf + # man firewall-cmd + # man iptables + +除了这些,记得查看一下当前系列的第一篇 [RHCSA 系列(一): 回顾基础命令及系统文档][2](注: 本文已被翻译发表,在 https://linux.cn/article-6133-1.html ),在其中我描述了几种渠道来得到安装在你的 RHEL 7 系统上的软件包的信息。 + +### 使用 Iptables 来控制网络流量 ### + +在进一步深入之前,或许你需要参考 Linux 基金会认证工程师(Linux Foundation Certified Engineer,LFCE) 系列中的 [配置 Iptables 防火墙 – Part 8][3] 来复习你脑中有关 iptables 的知识。 + +**例 1:同时允许流入和流出的网络流量** + +TCP 端口 80 和 443 是 Apache web 服务器使用的用来处理常规(HTTP) 和安全(HTTPS)网络流量的默认端口。你可以像下面这样在 enp0s3 接口上允许流入和流出网络流量通过这两个端口: + + # iptables -A INPUT -i enp0s3 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT + # iptables -A OUTPUT -o enp0s3 -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT + # iptables -A INPUT -i enp0s3 -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT + # iptables -A OUTPUT -o enp0s3 -p tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT + +**例 2:从某个特定网络中阻挡所有(或某些)流入连接** + +或许有时你需要阻挡来自于某个特定网络的所有(或某些)类型的来源流量,比方说 192.168.1.0/24: + + # iptables -I INPUT -s 192.168.1.0/24 -j DROP + +上面的命令将丢掉所有来自 192.168.1.0/24 网络的网络包,而 + + # iptables -A INPUT -s 192.168.1.0/24 --dport 22 -j ACCEPT + +将只允许通过端口 22 的流入流量。 + +**例 3:将流入流量重定向到另一个目的地** + +假如你不仅使用你的 RHEL 7 机子来作为一个软件防火墙,而且还将它作为一个硬件防火墙,使得它位于两个不同的网络之间,则在你的系统 IP 转发一定已经被开启了。假如没有开启,你需要编辑 `/etc/sysctl.conf` 文件并将 `net.ipv4.ip_forward` 的值设为 1,即: + + net.ipv4.ip_forward = 1 + +接着保存更改,关闭你的文本编辑器,并最终运行下面的命令来应用更改: + + # sysctl -p /etc/sysctl.conf + +例如,你可能在一个内部的机子上安装了一个打印机,它的 IP 地址为 192.168.0.10,CUPS 服务在端口 631 上进行监听(同时在你的打印服务器和你的防火墙上)。为了从防火墙另一边的客户端传递打印请求,你应该添加下面的 iptables 规则: + + # iptables -t nat -A PREROUTING -i enp0s3 -p tcp --dport 631 -j DNAT --to 192.168.0.10:631 + +请记住 iptables 逐条地读取它的规则,所以请确保默认的策略或后面的规则不会重载上面例子中那些有下划线的规则。 + +### FirewallD 入门 ### + +引入 firewalld 的一个改变是区域(zone) (注:翻译参考了 https://fedoraproject.org/wiki/FirewallD/zh-cn) 的概念。它允许将网路划分为拥有不同信任级别的区域,由用户决定将设备和流量放置到哪个区域。 + +要获取活动的区域,使用: + + # firewall-cmd --get-active-zones + +在下面的例子中,公用区域被激活了,并且 enp0s3 接口被自动地分配到了这个区域。要查看有关一个特定区域的所有信息,可使用: + + # firewall-cmd --zone=public --list-all + +![列出所有的 Firewalld 区域](http://www.tecmint.com/wp-content/uploads/2015/05/View-FirewallD-Zones.png) + +列出所有的 Firewalld 区域 + +由于你可以在 [RHEL 7 安全指南][4] 中阅读到更多有关区域的知识,这里我们将仅列出一些特别的例子。 + +**例 4:允许服务通过防火墙** + +要获取受支持的服务的列表,可以使用: + + # firewall-cmd --get-services + +![列出所有受支持的服务](http://www.tecmint.com/wp-content/uploads/2015/05/List-All-Supported-Services.png) + +列出所有受支持的服务 + +要立刻且在随后的开机中使得 http 和 https 网络流量通过防火墙,可以这样: + + # firewall-cmd --zone=MyZone --add-service=http + # firewall-cmd --zone=MyZone --permanent --add-service=http + # firewall-cmd --zone=MyZone --add-service=https + # firewall-cmd --zone=MyZone --permanent --add-service=https + # firewall-cmd --reload + +假如 code>–zone 被忽略,则默认的区域(你可以使用 `firewall-cmd –get-default-zone`来查看)将会被使用。 + +若要移除这些规则,可以在上面的命令中将 `add` 替换为 `remove`。 + +**例 5:IP 转发或端口转发** + +首先,你需要查看在目标区域中,伪装是否被开启: + + # firewall-cmd --zone=MyZone --query-masquerade + +在下面的图片中,我们可以看到对于外部区域,伪装已被开启,但对于公用区域则没有: + +![在 firewalld 中查看伪装状态](http://www.tecmint.com/wp-content/uploads/2015/05/Check-masquerading.png) + +查看伪装状态 + +你可以为公共区域开启伪装: + + # firewall-cmd --zone=public --add-masquerade + +或者在外部区域中使用伪装。下面是使用 firewalld 来重复例 3 中的任务所需的命令: + + # firewall-cmd --zone=external --add-forward-port=port=631:proto=tcp:toport=631:toaddr=192.168.0.10 + +并且别忘了重新加载防火墙。 + +在 RHCSA 系列的 [Part 9][5] 你可以找到更深入的例子,在那篇文章中我们解释了如何允许或禁用通常被 web 服务器和 ftp 服务器使用的端口,以及在针对这两个服务所使用的默认端口被改变时,如何更改相应的规则。另外,你或许想参考 firewalld 的 wiki 来查看更深入的例子。 + +Read Also: [在 RHEL 7 中配置防火墙的几个实用的 firewalld 例子][6] + +### 总结 ### + +在这篇文章中,我们已经解释了防火墙是什么,介绍了在 RHEL 7 中用来实现防火墙的几个可用的服务,并提供了可以帮助你入门防火墙的几个例子。假如你有任何的评论,建议或问题,请随意使用下面的评论框来让我们知晓。这里就事先感谢了! + +-------------------------------------------------------------------------------- + +via: http://www.tecmint.com/firewalld-vs-iptables-and-control-network-traffic-in-firewall/ + +作者:[Gabriel Cánepa][a] +译者:[FSSlc](https://github.com/FSSlc) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://www.tecmint.com/author/gacanepa/ +[1]:http://www.tecmint.com/manage-services-using-systemd-and-systemctl-in-linux/ +[2]:http://www.tecmint.com/rhcsa-exam-reviewing-essential-commands-system-documentation/ +[3]:http://www.tecmint.com/configure-iptables-firewall/ +[4]:https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Using_Firewalls.html +[5]:http://www.tecmint.com/rhcsa-series-install-and-secure-apache-web-server-and-ftp-in-rhel/ +[6]:http://www.tecmint.com/firewalld-rules-for-centos-7/ \ No newline at end of file