document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2025-01-25 23:11:02 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'LCTT/master'

Browse Source
This commit is contained in:
Xingyu Wang 2020-09-08 13:16:42 +08:00
commit ea8c483020
8 changed files with 649 additions and 226 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

81
published/20190226 Reducing security risks with centralized logging.md Normal file
View File

@ -0,0 +1,81 @@
[#]: collector: (lujun9972)
[#]: translator: (leommxj)
[#]: reviewer: (wxy)
[#]: publisher: (wxy)
[#]: url: (https://linux.cn/article-12591-1.html)
[#]: subject: (Reducing security risks with centralized logging)
[#]: via: (https://opensource.com/article/19/2/reducing-security-risks-centralized-logging)
[#]: author: (Hannah Suarez https://opensource.com/users/hcs)
通过集中日志记录来减少安全风险
======
> 集中日志并结构化待处理的日志数据可缓解与缺少日志相关的风险
![](https://img.linux.net.cn/data/attachment/album/202009/07/231016a8v8gva9gmc5hgv9.jpg)
日志记录和日志分析对于保护基础设施安全来说至关重要,尤其是当我们考虑到通用漏洞的时候。这篇文章基于我在 FOSDEM'19 上的闪电秀《[Let's use centralized log collection to make incident response teams happy][1]》,目的是提高大家对日志匮乏这种安全问题的重视,提供一种避免风险的方法,并且倡议更多的安全实践(利益声明: 我为 NXLog 工作)。
### 为什么要收集日志?为什么要集中日志记录?
确切的说,日志是写入磁盘的仅追加的记录序列。在实际生活中,日志可以在你尝试寻找异常的根源时帮助你调查基础设施的问题。当你有多个使用自己的标准与格式的日志的异构系统,并且想用一种可靠的方法来接收和处理它们的时候,挑战就来临了。这通常以元数据为代价的。集中日志记录解决方案需要共性,这种共性常常会去除许多开源日志记录工具所提供的丰富的元数据。
### 日志记录与监控匮乏的安全风险
<ruby>开源 Web 应用程序安全项目<rt>Open Web Application Security Project</rt></ruby>[OWASP][2])是一个为业界贡献了许多杰出项目(包括许多专注于软件安全的[工具][3]的非营利组织。OWASP 定期为应用开发人员和维护者报告最危险的安全挑战。在最新一版《[10 项最严重的 Web 应用程序安全风险][4]》中OWASP 将日志记录和监控匮乏加入了列表中。OWASP 警告下列情况会导致日志记录、检测、监控和主动响应的匮乏:
* 未记录重要的可审计性事件,如:登录、登录失败和高额交易。
* 告警和错误事件未能产生、产生不足或不清晰的日志信息。
* 日志信息仅在本地存储。
* 对于实时或准实时的主动攻击,应用程序无法检测、处理和告警。
可以通过集中日志记录(例如,不仅将日志本地存储)和结构化日志数据以进一步分析来缓解上述情形(例如,在告警仪表盘和安全套件中)。
举例来说, 假设一个 DNS 查询会导向名为 hacked.badsite.net 的恶意网站。通过 DNS 监控,管理员监控并且主动的分析 DNS 请求与响应。DNS 监控的效果依赖于充足的日志记录与收集来发现潜在问题,同样也依赖于结构化 DNS 日志的结果来进一步分析。
```
2019-01-29
Time (GMT)      Source                  Destination             Protocol-Info
12:42:42.112898 SOURCE_IP               xxx.xx.xx.x             DNS     Standard query 0x1de7  A hacked.badsite.net
```
你可以在 [NXLog 社区版][5] 中自己尝试一下这个例子,也可以尝试其他例子和代码片段。 (再次声明:我为 NXLog 工作)
### 重要的一点:非结构化数据与结构化数据
花费一点时间来考虑下日志数据格式是很重要的。例如,让我们来考虑以下日志消息:
```
debug1: Failed password for invalid user amy from SOURCE_IP port SOURCE_PORT ssh2
```
这段日志包含了一个预定义的结构,例如冒号前面的元数据关键词(`debug1`)然而,余下的日志字段是一个未结构化的字符串(`Failed password for invalid user amy from SOURCE_IP port SOURCE_PORT ssh2`)。因此,即便这个消息是人类可轻松阅读的格式,但它不是一个计算机容易解析的格式。
非结构化的事件数据存在局限性,包括难以解析、搜索和分析日志。重要的元数据通常以一种自由字符串的形式作为非结构化数据字段,就像上面的例子一样。日志管理员会在他们尝试标准化/归一化日志数据与集中日志源的过程中遇到这个问题。
### 接下来怎么做
除了集中和结构化日志之外确保你收集了正确的日志数据——Sysmon、PowerShell、Windows 事件日志、DNS 调试日志、ETW、内核监控、文件完整性监控、数据库日志、外部云日志等等。同样也要选用适当的工具和流程来来收集、汇总和帮助理解数据。
希望这对你从不同日志源中集中日志收集提供了一个起点将日志发送到仪表盘、监控软件、分析软件以及像安全性资讯与事件管理SIEM套件等外部源。
你的集中日志策略会是怎么样?请在评论中分享你的想法。
--------------------------------------------------------------------------------
via: https://opensource.com/article/19/2/reducing-security-risks-centralized-logging
作者:[Hannah Suarez][a]
选题:[lujun9972][b]
译者:[leommxj](https://github.com/leommxj)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/hcs
[b]: https://github.com/lujun9972
[1]: https://fosdem.org/2019/schedule/event/lets_use_centralized_log_collection_to_make_incident_response_teams_happy/
[2]: https://www.owasp.org/index.php/Main_Page
[3]: https://github.com/OWASP
[4]: https://www.owasp.org/index.php/Top_10-2017_Top_10
[5]: https://nxlog.co/products/nxlog-community-edition/download

16
translated/talk/20200827 Information could be half the world-s mass by 2245, says researcher.md → published/20200827 Information could be half the world-s mass by 2245, says researcher.md
View File

@ -1,8 +1,8 @@
[#]: collector: (lujun9972)
[#]: translator: (wxy)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: reviewer: (wxy)
[#]: publisher: (wxy)
[#]: url: (https://linux.cn/article-12592-1.html)
[#]: subject: (Information could be half the world's mass by 2245, says researcher)
[#]: via: (https://www.networkworld.com/article/3570438/information-could-be-half-the-worlds-mass-by-2245-says-researcher.html)
[#]: author: (Patrick Nelson https://www.networkworld.com/author/Patrick-Nelson/)
@ -12,13 +12,15 @@
> 根据一位理论物理学家的说法,由于创建和存储数字信息所使用的能源和资源数量,数据应该被视为物理的,而不仅仅是看不见的一和零。
![](https://images.idgesg.net/images/article/2019/07/global_connections_digital_world_map_planet_earth_particles_light_by_luza_studios_gettyimages-1022793086_2400x1600-100806717-large.jpg)
一位大学学者建议,数字内容应该与气体、液体、等离子体和固体一样,被视为第五种物质状态。
英国朴茨茅斯大学高级讲师、发表在《AIP Advances》杂志上的《[信息灾难][1]》一文的作者 Melvin Vopson 称,由于以物理和数字方式创建、存储和分发数据所使用的能量和资源,数据已经发生了演变,现在应该被视为质量。
Vopson 还声称,数字比特正在走向压倒地球的道路,最终将超过原子的数量。
给数字信息分配质量的想法建立在一些现有数据点的基础上。Vopson 引用了 IBM 的一项估计,发现数据每天以 2.5 万亿字节的速度产生。他还将每英寸超过 1 <ruby>太比特<rt>terabit</rt></ruby>的数据存储密度考虑在内,将比特的大小与原子的大小进行比较。
给数字信息分配质量的想法建立在一些现有数据点的基础上。Vopson 引用了 IBM 的一项估计,发现数据每天以 2.5 万亿字节的速度产生。他还将每英寸超过 1 <ruby>太比特<rt>terabit</rt></ruby>的数据存储密度考虑在内,将比特的大小与原子的大小进行比较。
假设数据生成量每年增长 50%,根据宣布 Vopson 研究的[媒体发布][2],“比特的数量将在大约 150 年内等于地球上的原子数量。”
@ -26,7 +28,7 @@ Vopson 还声称,数字比特正在走向压倒地球的道路,最终将超
Vopson 补充说COVID-19 大流行正在提高数字数据创造的速度,并加速这一进程。
他警告说一个饱和点即将到来“即使假设未来的技术进步将比特大小降低到接近原子本身的大小这个数字信息量所占的比重将超过地球的大小从而导致我们所定义的信息灾难。”Vopson 在[论文][3]中写道。
他警告说,一个饱和点即将到来:“即使假设未来的技术进步将比特大小降低到接近原子本身的大小,这个数字信息量所占的比重将超过地球的大小,从而导致我们所定义的信息灾难。”Vopson 在[论文][3]中写道。
“我们正在一点一点地改变这个星球这是一场看不见的危机”Vopson 说,他是希捷科技公司的前研发科学家。
@ -36,7 +38,7 @@ Vopson 并不是一个人在探索,信息并不是简单的不可察觉的 1
他的论文总结道,随着增长速度似乎不可阻挡,数字信息生产“将消耗地球上大部分的电力能源,从而导致道德和环境问题。”他的论文总结道。
有趣的是除此以外Vopson 还提出,如果像他所预测的那样,未来地球的质量主要由信息位组成,并且存在足够的动力创造出来(不确定),那么“可以设想未来的世界主要由计算机模拟,并由数字比特和计算机代码主导,”他写道。
有趣的是除此以外Vopson 还提出,如果像他所预测的那样,未来地球的质量主要由信息位组成,并且足够的动力创造出来(不确定),那么“可以设想未来的世界主要由计算机模拟,并由数字比特和计算机代码主导,”他写道。
--------------------------------------------------------------------------------
@ -45,7 +47,7 @@ via: https://www.networkworld.com/article/3570438/information-could-be-half-the-
作者:[Patrick Nelson][a]
选题:[lujun9972][b]
译者:[wxy](https://github.com/wxy)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出

2
sources/tech/20200902 Design a book cover with an open source alternative to InDesign.md
View File

@ -1,5 +1,5 @@
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: translator: (geekpi)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )

136
sources/tech/20200903 Rclone Browser Enables You to Sync Data With Cloud Services in Linux Graphically.md
View File

@ -1,136 +0,0 @@
[#]: collector: (lujun9972)
[#]: translator: (geekpi)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Rclone Browser Enables You to Sync Data With Cloud Services in Linux Graphically)
[#]: via: (https://itsfoss.com/rclone-browser/)
[#]: author: (Ankush Das https://itsfoss.com/author/ankush/)
Rclone Browser Enables You to Sync Data With Cloud Services in Linux Graphically
======
_**Brief: Rclone Browser is an effective GUI program that makes it easy to manage and sync data on cloud storage using Rclone. Here, we take a look at what it offers and how it works.**_
If you want to use One Drive or [Google Drive on Linux][1] natively and effortlessly, you can opt for a premium GUI tool like [Insync][2] ([affiliate][3] link).
If you can put some effort in the terminal, you can use [Rclone][4] to sync with many [cloud storage services on Linux][5]. We have a detailed [guide on using Rclone for syncing with OneDrive in Linux][6].
[Rclone][4] is a pretty popular and useful command-line tool. A lot of power users will need to use Rclone for its features.
However, not everyone is comfortable using it from the terminal even if its useful enough.
So, in this article, Ill talk about an impressive GUI “Rclone Browser” that makes it easy to manage and sync your data on cloud storage using Rclone.
It is also worth noting that Rclone does offer an experimental web-based GUI — but we are going to focus on [Rclone Browser][7] here.
![][8]
### Rclone Browser: An Open-Source GUI for Rclone
Rclone Browser is a GUI that lets you browse, modify, upload/download, list files, and do a lot more stuff that youd want to do when you want to make the most out of managing a remote storage location.
It offers a simple user interface and works just fine (as per my quick test). Lets take a detailed look at the features it offers and how to get started using it.
### Features of Rclone Browser
![][9]
It offers a lot of options and control to manage remote storage locations. You may find it feature-rich or overwhelming depending on your use-case. Here they are:
* Browse and modify rclone remote storage locations
* Encrypted cloud storage supported
* Custom location and encryption for configuration supported
* No extra configuration required. It will use the same rclone configuration files (if you have any).
* Simultaneous navigation of multiple locations in separate tabs
* List files hierarchically (by file name, size, and modified date)
* Rclone commands are executed asynchronously without the GUI freezing
* You get the ability to upload, download, create new folders, rename, delete files and folders
* Drag and drop support for dragging files while uploading
* Streaming media files in player like VLC
* Mount and unmount folders/cloud drives
* Ability to calculate size of folder, export list of files, and copy rclone commands to clipboard
* Supports portable mode
* Supports shared drivers (if youre using Google Drive)
* Gives you the ability to have public link sharing option for remote storage services that offers it
* Ability to create tasks that you can easily save to run it again or edit it later
* Dark mode
* Cross-platform support (Windows, macOS, and Linux)
### Installing Rclone Browser on Linux
_You need to have rclone installed on your Linux distribution before you use Rclone Browser. Follow the [official installation instructions][10] to do that._
You will find an AppImage file available for Rclone Browser from the [releases section][11] of its [GitHub page][7]. So, you shouldnt have an issue running it on any Linux distribution.
In case you didnt know about AppImage, Ill recommend going through our guide to [use AppImage on Linux][12].
You can also choose to build it as well. The instructions to do that is in the GitHub page.
[Rclone Browser][7]
### Getting Started With Rclone Browser
Here, Ill just share a few things that you should know to get started using Rclone Browser.
![][13]
If you had any existing remote locations using rclone in the terminal, it will automatically show up in the GUI. You can also hit the “**Refresh**” button to get the latest additions.
As shown in the screenshot above, when you click the “**Config**” button it launches the terminal that lets you easily add a new remote or configure it as you want. Dont worry when the terminal pops up, Rclone browser executes the commands to do all the necessary tasks, you just have to set up or edit a few things when needed. You dont need to execute any Rclone commands.
If you have some existing remotes, you can simply open them using the “**Open**” button and have the cloud storage accessible in a different tab as shown below.
![][14]
You can easily mount the cloud drive, upload/download files, get the details, share a public link for a folder (if supported), and directly stream media files as well.
If you want to copy, move, or sync data with a remote storage location, you can simply create a task to do it. Just to make sure that you have the right settings, you can perform a dry run or go ahead with running the task.
You can find all the running tasks under the “**Jobs**” section and you can cancel/stop them if needed.
![][15]
In addition to all the basic functionalities mentioned above, you can just head to **File-&gt;Preferences** to change the rclone location, mount option, download folder, bandwidth settings, and proxy as well.
![][16]
To learn more about its usage and features, you might want to check out the [GitHub page][7] for all the technical information.
### Wrapping Up
Rclone Browser should definitely come in handy for every Linux user looking to use Rclone for its powerful features.
Have you tried it yet? Do you prefer using the GUI or the terminal for using rclone? Let me know your thoughts in the comments below!
--------------------------------------------------------------------------------
via: https://itsfoss.com/rclone-browser/
作者:[Ankush Das][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://itsfoss.com/author/ankush/
[b]: https://github.com/lujun9972
[1]: https://itsfoss.com/use-google-drive-linux/
[2]: https://itsfoss.com/recommends/insync/
[3]: https://itsfoss.com/affiliate-policy/
[4]: https://rclone.org/
[5]: https://itsfoss.com/cloud-services-linux/
[6]: https://itsfoss.com/use-onedrive-linux-rclone/
[7]: https://github.com/kapitainsky/RcloneBrowser
[8]: https://i0.wp.com/itsfoss.com/wp-content/uploads/2020/09/Cloud-sync.gif?resize=800%2C450&ssl=1
[9]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2020/08/rclone-browser-screenshot.jpg?resize=800%2C618&ssl=1
[10]: https://rclone.org/install/
[11]: https://github.com/kapitainsky/RcloneBrowser/releases/tag/1.8.0
[12]: https://itsfoss.com/use-appimage-linux/
[13]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2020/09/rclone-browser-howto.png?resize=800%2C412&ssl=1
[14]: https://i0.wp.com/itsfoss.com/wp-content/uploads/2020/09/rclone-browser-drive.png?resize=800%2C505&ssl=1
[15]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2020/09/rclone-browser-task.jpg?resize=800%2C493&ssl=1
[16]: https://i1.wp.com/itsfoss.com/wp-content/uploads/2020/09/rclone-browser-preferences.jpg?resize=800%2C590&ssl=1

183
sources/tech/20200907 A beginner-s guide to SSH for remote connection on Linux.md Normal file
View File

@ -0,0 +1,183 @@
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (A beginners guide to SSH for remote connection on Linux)
[#]: via: (https://opensource.com/article/20/9/ssh)
[#]: author: (Seth Kenlon https://opensource.com/users/seth)
A beginners guide to SSH for remote connection on Linux
======
Establish connections with remote computers using secure shell.
![woman on laptop sitting at the window][1]
One of Linux's most appealing features is the ability to skillfully use a computer with nothing but commands entered into the keyboard—and better yet, to be able to do that on computers anywhere in the world. Thanks to OpenSSH, [POSIX][2] users can open a secure shell on any computer they have permission to access and use it from a remote location. It's a daily task for many Linux users, but it can be confusing for someone who has yet to try it. This article explains how to configure two computers for secure shell (SSH) connections, and how to securely connect from one to the other without a password.
### Terminology
When discussing more than one computer, it can be confusing to identify one from the other. The IT community has well-established terms to help clarify descriptions of the process of networking computers together.
* **Service:** A service is software that runs in the background so it can be used by computers other than the one it's installed on. For instance, a web server hosts a web-sharing _service_. The term implies (but does not insist) that it's software without a graphical interface.
* **Host:** A host is any computer. In IT, computers are called a _host_ because technically any computer can host an application that's useful to some other computer. You might not think of your laptop as a "host," but you're likely running some service that's useful to you, your mobile, or some other computer.
* **Local:** The local computer is the one you or some software is using. Every computer refers to itself as `localhost`, for example.
* **Remote:** A remote computer is one you're not physically in front of nor physically using. It's a computer in a _remote_ location.
Now that the terminology is settled, you can begin.
### Activate SSH on each host
For two computers to be connected over SSH, each host must have SSH installed. SSH has two components: the command you use on your local machine to start a connection, and a _server_ to accept incoming connection requests. Some computers come with one or both parts of SSH already installed. The commands vary, depending on your system, to verify whether you have both the command and the server installed, so the easiest method is to look for the relevant configuration files:
```
$ file /etc/ssh/ssh_config
/etc/ssh/ssh_config: ASCII text
```
Should this return a `No such file or directory` error, then you don't have the SSH command installed.
Do a similar check for the SSH service (note the `d` in the filename):
```
$ file /etc/ssh/sshd_config
/etc/ssh/sshd_config: ASCII text
```
Install one or the other, as needed:
```
`$ sudo dnf install openssh-clients openssh-server`
```
On the remote computer, enable the SSH service with systemd:
```
`$ sudo systemctl enable --now sshd`
```
Alternately, you can enable the SSH service from within **System Settings** on GNOME or **System Preferences** on macOS. On the GNOME desktop, it's located in the **Sharing** panel:
![Activate SSH in GNOME System Settings][3]
(Seth Kenlon, [CC BY-SA 4.0][4])
### Start a secure shell
Now that you've installed and enabled SSH on the remote computer, you can try logging in with a password as a test. To access the remote computer, you must have a user account and a password.
Your remote user doesn't have to be the same as your local user. You can log in as any user on the remote machine as long as you have that user's password. For instance, I'm `sethkenlon` on my work computer, but I'm `seth` on my personal computer. If I'm on my personal computer (making it my current local machine) and I want to SSH into my work computer, I can do that by identifying myself as `sethkenlon` and using my work password.
To SSH into the remote computer, you must know its internet protocol (IP) address or its resolvable hostname. To find the remote machine's IP address, use the `ip` command (on the remote computer):
```
$ ip addr show | grep "inet "
inet 127.0.0.1/8 scope host lo
inet 10.1.1.5/27 brd 10.1.1.31 [...]
```
If the remote computer doesn't have the `ip` command, try `ifconfig` instead (or even `ipconfig` on Windows).
The address 127.0.0.1 is a special one and is, in fact, the address of `localhost`. It's a "loopback" address, which your system uses to reach itself. That's not useful when logging into a remote machine, so in this example, the remote computer's correct IP address is 10.1.1.5. In real life, I would know that because my local network uses the 10.1.1.0 subnet. If the remote computer is on a different network, then the IP address could be nearly anything (never 127.0.0.1, though), and some special routing is probably necessary to reach it through various firewalls. Assume your remote computer is on the same network, but if you're interested in reaching computers more remote than your own network, [read my article about opening ports in your firewall][5].
If you can ping the remote machine by its IP address _or_ its hostname, and have a login account on it, then you can SSH into it:
```
$ ping -c1 10.1.1.5
PING 10.1.1.5 (10.1.1.5) 56(84) bytes of data.
64 bytes from 10.1.1.5: icmp_seq=1 ttl=64 time=4.66 ms
$ ping -c1 akiton.local
PING 10.1.1.5 (10.1.1.5) 56(84) bytes of data.
```
That's a success. Now use SSH to log in:
```
$ whoami
seth
$ ssh sethkenlon@10.1.1.5
bash$ whoami
sethkenlon
```
The test login works, so now you're ready to activate passwordless login.
### Create an SSH key
To log in securely to another computer without a password, you must have an SSH key. You may already have an SSH key, but it doesn't hurt to create a new one. An SSH key begins its life on your local machine. It consists of two components: a private key, which you never share with anyone or anything, and a public one, which you copy onto any remote machine you want to have passwordless access to.
Some people create one SSH key and use it for everything from remote logins to GitLab authentication. However, I use different keys for different groups of tasks. For instance, I use one key at home to authenticate to local machines, a different key to authenticate to web servers I maintain, a separate one for Git hosts, another for Git repositories I host, and so on. In this example, I'll create a unique key to use on computers within my local area network.
To create a new SSH key, use the `ssh-keygen` command:
```
`$ ssh-keygen -t ed25519 -f ~/.ssh/lan`
```
The `-t` option stands for _type_ and ensures that the encryption used for the key is higher than the default. The `-f` option stands for _file_ and sets the key's file name and location. After running this command, you're left with an SSH private key called `lan` and an SSH public key called `lan.pub`.
To get the public key over to your remote machine, use the `ssh-copy-id`. For this to work, you must verify that you have SSH access to the remote machine. If you can't log into the remote host with a password, you can't set up passwordless login either:
```
`$ ssh-copy-id -i ~/.ssh/lan.pub sethkenlon@10.1.1.5`
```
During this process, you'll be prompted for your login password on the remote host.
Upon success, try logging in again, but this time using the `-i` option to point the SSH command to the appropriate key (`lan`, in this example):
```
$ ssh -i ~/.ssh/lan sethkenlon@10.1.1.5
bash$ whoami
sethkenlon
```
Repeat this process for all computers on your network, and you'll be able to wander through each host without ever thinking about passwords again. In fact, once you have passwordless authentication set up, you can edit the `/etc/ssh/sshd_config` file to disallow password authentication. This prevents anyone from using SSH to authenticate to a computer unless they have your private key. To do this, open `/etc/ssh/sshd_config` in a text editor with `sudo` permissions and search for the string `PasswordAuthentication`. Change the default line to this:
```
`PasswordAuthentication no`
```
Save it and restart the SSH server (or just reboot):
```
$ sudo systemctl restart sshd &amp;&amp; echo "OK"
OK
$
```
### Using SSH every day
OpenSSH changes your view of computing. No longer are you bound to just the computer in front of you. With SSH, you have access to any computer in your house, or servers you have accounts on, and even mobile and Internet of Things devices. Unlocking the power of SSH also unlocks the power of the Linux terminal. If you're not using SSH every day, start now. Get comfortable with it, collect some keys, live more securely, and expand your world.
--------------------------------------------------------------------------------
via: https://opensource.com/article/20/9/ssh
作者:[Seth Kenlon][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/seth
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/lenovo-thinkpad-laptop-window-focus.png?itok=g0xPm2kD (young woman working on a laptop)
[2]: https://opensource.com/article/19/7/what-posix-richard-stallman-explains
[3]: https://opensource.com/sites/default/files/uploads/gnome-activate-remote-login.png (Activate SSH in GNOME System Settings)
[4]: https://creativecommons.org/licenses/by-sa/4.0/
[5]: https://opensource.com/article/20/8/open-ports-your-firewall

239
sources/tech/20200907 Program hardware from the Linux command line.md Normal file
View File

@ -0,0 +1,239 @@
[#]: collector: (lujun9972)
[#]: translator: ( )
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Program hardware from the Linux command line)
[#]: via: (https://opensource.com/article/20/9/hardware-command-line)
[#]: author: (Alan Smithee https://opensource.com/users/alansmithee)
Program hardware from the Linux command line
======
Programming hardware has become more common thanks to the rise of the
Internet of Things (IoT). RT-Thread lets you contact devices from the
Linux command line with FinSH.
![Command line prompt][1]
RT-Thread is an open source [real-time operating system][2] used for programming Internet of Things (IoT) devices. FinSH is [RT-Thread][3]'s command-line component, and it provides a set of operation interfaces enabling users to contact a device from the command line. It's mainly used to debug or view system information.
Usually, development debugging is displayed using hardware debuggers and `printf` logs. In some cases, however, these two methods are not very useful because it's abstracted from what's running, and they can be difficult to parse. RT-Thread is a multi-thread system, though, which is helpful when you want to know the state of a running thread, or the current state of a manual control system. Because it's multi-threaded, you're able to have an interactive shell, so you can enter commands, call a function directly on the device to get the information you need, or control the program's behavior. This may seem ordinary to you if you're only used to modern operating systems such as Linux or BSD, but for hardware hackers this is a profound luxury, and a far cry from wiring serial cables directly onto boards to get glimpses of errors.
FinSH has two modes:
* A C-language interpreter mode, known as c-style
* A traditional command-line mode, known as `msh` (module shell)
In the C-language interpretation mode, FinSH can parse expressions that execute most of the C language and access functions and global variables on the system using function calls. It can also create variables from the command line.
In `msh` mode, FinSH operates similarly to traditional shells such as Bash.
### The GNU command standard
When we were developing FinSH, we learned that before you can write a command-line application, you need to become familiar with GNU command-line standards. This framework of standard practices helps bring familiarity to an interface, which helps developers feel comfortable and productive when using it.
A complete GNU command consists of four main parts:
1. **Command name (executable):** The name of the command line program
2. **Sub-command:** The sub-function name of the command program
3. **Options:** Configuration options for the sub-command function
4. **Arguments:** The corresponding arguments for the configuration options of the sub-command function
You can see this in action with any command. Taking Git as an example:
```
`git reset --hard HEAD~1`
```
Which breaks down as:
![GNU command line standards][4]
(Cathy, [CC BY-SA 4.0][5])
The executable command is **git**, the sub-command is **reset**, the option used is **\--head**, and the argument is **HEAD~1**.
Another example:
```
`systemctl enable --now firewalld`
```
The executable command is **systemctl**, the sub-command is **enable**, the option is **\--now**, and the argument is **firewalld**.
Imagine you want to write a command-line program that complies with the GNU standards using RT-Thread. FinSH has everything you need, and will run your code as expected. Better still, you can rely on this compliance so you can confidently port your favorite Linux programs.
### Write an elegant command-line program
Here's an example of RT-Thread running a command that RT-Thread developers use every day.
```
usage: env.py package [-h] [--force-update] [--update] [--list] [--wizard]
                      [--upgrade] [--printenv]
optional arguments:
  -h, --help      show this help message and exit
  --force-update  force update and clean packages, install or remove the
                  packages by your settings in menuconfig
  --update        update packages, install or remove the packages by your
                  settings in menuconfig
  --list          list target packages
  --wizard        create a new package with wizard
  --upgrade       upgrade local packages list and ENV scripts from git repo
  --printenv      print environmental variables to check
```
As you can tell, it looks familiar and acts like most POSIX applications that you might already run on Linux or BSD. Help is provided when incorrect or insufficient syntax is used, both long and short options are supported, and the general user interface is familiar to anyone who's used a Unix terminal.
### Kinds of options
There are many different kinds of options, and they can be divided into two main categories by length:
1. **Short options:** Consist of one hyphen plus a single letter, e.g., the `-h` option in `pkgs -h`
2. **Long options:** Consist of two hyphens plus words or letters, e.g., the `--target` option in `scons- --target-mdk5`
You can divide these options into three categories, determined by whether they have arguments:
1. **No arguments:** The option cannot be followed by arguments
2. **Arguments must be included:** The option must be followed by arguments
3. **Arguments optional:** Arguments after the option are allowed but not required
As you'd expect from most Linux commands, FinSH option parsing is pretty flexible. It can distinguish an option from an argument based on a space or equal sign as delimiter, or just by extracting the option itself and assuming that whatever follows is the argument (in other words, no delimiter at all):
* `wavplay -v 50`
* `wavplay -v50`
* `wavplay --vol=50`
### Using optparse
If you've ever written a command-line application, you may know there's generally a library or module for your language of choice called optparse. It's provided to programmers so that options (such as **-v** or **\--verbose**) entered as part of a command can be _parsed_ in relation to the rest of the command. It's what helps your code know an option from a sub-command or argument.
When writing a command for FinSH, the `optparse` package expects this format:
```
`MSH_CMD_EXPORT_ALIAS(pkgs, pkgs, this is test cmd.);`
```
You can implement options using the long or short form, or both. For example:
```
static struct optparse_long long_opts[] =
{
    {"help"        , 'h', OPTPARSE_NONE}, // Long command: help, corresponding to short command h, without arguments.
    {"force-update",  0 , OPTPARSE_NONE}, // Long comman: force-update, without arguments
    {"update"      ,  0 , OPTPARSE_NONE},
    {"list"        ,  0 , OPTPARSE_NONE},
    {"wizard"      ,  0 , OPTPARSE_NONE},
    {"upgrade"     ,  0 , OPTPARSE_NONE},
    {"printenv"    ,  0 , OPTPARSE_NONE},
    { NULL         ,  0 , OPTPARSE_NONE}
};
```
After the options are created, write the command and instructions for each option and its arguments:
```
static void usage(void)
{
    rt_kprintf("usage: env.py package [-h] [--force-update] [--update] [--list] [--wizard]\n");
    rt_kprintf("                      [--upgrade] [--printenv]\n\n");
    rt_kprintf("optional arguments:\n");
    rt_kprintf("  -h, --help      show this help message and exit\n");
    rt_kprintf("  --force-update  force update and clean packages, install or remove the\n");
    rt_kprintf("                  packages by your settings in menuconfig\n");
    rt_kprintf("  --update        update packages, install or remove the packages by your\n");
    rt_kprintf("                  settings in menuconfig\n");
    rt_kprintf("  --list          list target packages\n");
    rt_kprintf("  --wizard        create a new package with wizard\n");
    rt_kprintf("  --upgrade       upgrade local packages list and ENV scripts from git repo\n");
    rt_kprintf("  --printenv      print environmental variables to check\n");
}
```
The next step is parsing. While you can't implement its functions yet, the framework of the parsed code is the same:
```
int pkgs(int argc, char **argv)
{
    int ch;
    int option_index;
    struct optparse options;
    if(argc == 1)
    {
        usage();
        return RT_EOK;
    }
    optparse_init(&amp;options, argv);
    while((ch = optparse_long(&amp;options, long_opts, &amp;option_index)) != -1)
    {
        ch = ch;
        rt_kprintf("\n");
        rt_kprintf("optopt = %c\n", options.optopt);
        rt_kprintf("optarg = %s\n", options.optarg);
        rt_kprintf("optind = %d\n", options.optind);
        rt_kprintf("option_index = %d\n", option_index);
    }
    rt_kprintf("\n");
    return RT_EOK;
}
```
Here is the function head file:
```
#include "optparse.h"
#include "finsh.h"
```
Then, compile and download onto a device.
![Output][6]
(Cathy, [CC BY-SA 4.0][5])
### Hardware hacking
Programming hardware can seem intimidating, but with IoT it's becoming more and more common. Not everything can or should be run on a Raspberry Pi, but with RT-Thread you can maintain a familiar Linux feel, thanks to FinSH.
If you're curious about coding on bare metal, give RT-Thread a try.
--------------------------------------------------------------------------------
via: https://opensource.com/article/20/9/hardware-command-line
作者:[Alan Smithee][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/alansmithee
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/command_line_prompt.png?itok=wbGiJ_yg (Command line prompt)
[2]: https://opensource.com/article/20/6/open-source-rtos
[3]: https://github.com/RT-Thread/rt-thread
[4]: https://opensource.com/sites/default/files/uploads/command-line-apps_2.png (GNU command line standards)
[5]: https://creativecommons.org/licenses/by-sa/4.0/
[6]: https://opensource.com/sites/default/files/uploads/command-line-apps_3.png (Output)

82
translated/talk/20190226 Reducing security risks with centralized logging.md
View File

@ -1,82 +0,0 @@
[#]: collector: (lujun9972)
[#]: translator: (leommxj)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Reducing security risks with centralized logging)
[#]: via: (https://opensource.com/article/19/2/reducing-security-risks-centralized-logging)
[#]: author: (Hannah Suarez https://opensource.com/users/hcs)
通过集中日志记录来减少安全风险
======
集中日志并结构化待处理的日志数据可缓解与缺少日志相关的风险
![](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/security_privacy_lock.png?itok=ZWjrpFzx)
日志记录和日志分析对于保护基础设施安全来说至关重要,尤其是当我们考虑到通用漏洞的时候。这篇文章基于我在 FOSDEM'19 上的闪电秀[Let's use centralized log collection to make incident response teams happy][1],目的是提高大家对缺少日志这种安全问题的重视,提供一种避免风险的方法,并且倡议更多的安全实现 _(声明: 我为 NXLog 工作)._
### 为什么收集日志?为什么集中日志记录?
确切的说,日志是写入磁盘的仅追加的记录序列在实际生活中,日志可以在你尝试寻找异常的根源时帮助你调查基础设施问题。当你有多个使用自己标准与格式的日志的异构系统并且想用一种可靠的方法来接收和处理它们的时候,挑战就来临了。这通常以元数据为代价。集中日志记录解决方案需要共性,这种共性常常会去除许多开源日志记录工具所提供的丰富的元数据。
### 缺少日志记录与监控的安全风险
开源 Web 应用程序安全项目 ([OWASP][2]) 是一个为业界贡献了许多杰出项目(包括许多专注于软件安全的[工具][3]的非营利组织。OWASP定期为应用开发人员和维护者报告危险的安全挑战。在最新一版[10项最严重的 Web 应用程序安全风险][4] 中OWASP 将不足的日志记录和监控加入了列表中。OWASP 警告下列情况会导致不足的日志记录、检测、监控和响应:
* 未记录可审计性事件,如:登录、登录失败和高额交易。
* 告警和错误事件未能产生或产生不足的和不清晰的日志信息。
* 日志信息仅在本地存储。
* 对于实时或准实时的攻击,应用程序无法检测、处理和告警。
可以通过集中日志记录(例如, 不仅将日志本地存储)和结构化日志数据来缓解上述情形(例如,在告警仪表盘和安全套件中)。
举例来说, 假设一个DNS查询会导向名为 **hacked.badsite.net** 的恶意网站通过 DNS 监控,管理员监控并且主动的分析 DNS 请求与响应。DNS 监控的效果依赖于充足的日志记录与收集来发现潜在问题,同样也依赖于结构化 DNS 日志的结果来进一步分析。
```
2019-01-29
Time (GMT)      Source                  Destination             Protocol-Info
12:42:42.112898 SOURCE_IP               xxx.xx.xx.x             DNS     Standard query 0x1de7  A hacked.badsite.net
```
你可以在 [NXLog Community Edition][5] 自己尝试一下这个例子也可以尝试其他例子和代码片段。 _(再次声明: 我为 NXLog 工作)._
### 重要的一点:非结构化数据与结构化数据
花费一点时间来考虑下日志数据格式是很重要的例如,让我们来考虑以下日志消息:
```
debug1: Failed password for invalid user amy from SOURCE_IP port SOURCE_PORT ssh2
```
这段日志包含了一个预定义的结构,例如冒号前面的元数据关键词(**debug1**)然而,余下的日志字段是一个未结构化的字符串(**Failed password for invalid user amy from SOURCE_IP port SOURCE_PORT ssh2** )。因此,即便这个消息是人类可轻松阅读的格式,但它不是一个计算机容易解析的格式。
非结构化的事件数据存在局限性,包括难以解析,搜索和分析日志。重要的元数据通常以一种自由字符串的形式作为非结构化数据字段,就像上面的例子一样。日志管理员会在他们尝试标准化/归一化日志数据与集中日志源的过程中遇到这个问题。
### 接下来怎么做
除了集中和结构化日志之外确保你收集了正确的日志数据——Sysmon、PowerShell、Windows 事件日志、 DNS 调试日志、ETW、内核监控、文件完整性监控、数据库日志、外部云日志等等。同样选用适当的工具和流程来来收集汇总和帮助理解数据。
希望这对你从不同日志源中集中日志收集提供了一个开始; 将日志发送到仪表盘监控软件分析软件以及像安全性资讯与事件管理SIEM套件等外部源。
你的集中日志策略会是怎么样?请在评论中分享你的想法。
--------------------------------------------------------------------------------
via: https://opensource.com/article/19/2/reducing-security-risks-centralized-logging
作者:[Hannah Suarez][a]
选题:[lujun9972][b]
译者:[leommxj](https://github.com/leommxj)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/hcs
[b]: https://github.com/lujun9972
[1]: https://fosdem.org/2019/schedule/event/lets_use_centralized_log_collection_to_make_incident_response_teams_happy/
[2]: https://www.owasp.org/index.php/Main_Page
[3]: https://github.com/OWASP
[4]: https://www.owasp.org/index.php/Top_10-2017_Top_10
[5]: https://nxlog.co/products/nxlog-community-edition/download

136
translated/tech/20200903 Rclone Browser Enables You to Sync Data With Cloud Services in Linux Graphically.md Normal file
View File

@ -0,0 +1,136 @@
[#]: collector: (lujun9972)
[#]: translator: (geekpi)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Rclone Browser Enables You to Sync Data With Cloud Services in Linux Graphically)
[#]: via: (https://itsfoss.com/rclone-browser/)
[#]: author: (Ankush Das https://itsfoss.com/author/ankush/)
Rclone Browser 让你在 Linux 中以图形化的方式与云服务同步数据
======
_**简介Rclone Browser 是一款高效的 GUI 程序,它可以让你轻松地使用 Rclone 管理和同步云存储上的数据。在这里,我们来看看它提供的功能和工作方式。**_
如果你想原生地在 Linux上毫不费力地使用 One Drive 或[Google Drive][1],你可以选择像 [Insync][2] 这样的高级 GUI 工具([联盟][3]链接)。
如果你能在终端上下功夫,你可以使用 [Rclone][4] 与许多 [Linux 上的云存储服务][5]进行同步。我们有一份详细的[在 Linux 中使用 Rclone 与 OneDrive 同步的指南][6]。
[Rclone][4] 是一个相当流行且有用的命令行工具。很多有经验的用户会需要使用 Rclone 的功能。
然而,即使它足够有用,也不是每个人都能从终端使用它。
因此,在本文中,我将介绍一个令人印象深刻的 GUI ”Rclone Browser”“它可以让你轻松地使用 Rclone 管理和同步云存储上的数据。
值得注意的是Rclone 确实提供了一个实验性的基于 Web 的 GUI。但我们将在这里专注于 [Rclone Browser][7]。
![][8]
### Rclone BrowserRclone 的开源 GUI
Rclone Browser 是一款可以让你浏览、修改、上传/下载、列出文件,并在想充分利用远程存储位置的情况下,做更多你想做的事情的 GUI。
它提供了一个简单的用户界面,并且工作良好(根据我的快速测试)。让我们详细看看它提供的功能以及如何开始使用它。
### Rclone Browse r的功能
![][9]
它提供了很多选项和控制来管理远程存储位置。根据你的使用情况,你可能会发现它的功能丰富或不知所措。以下是它的功能:
* 浏览和修改 rclone 远程存储位置。
* 支持加密云存储
* 支持自定义位置和配置加密
* 不需要额外的配置。它将使用相同的 rclone 配置文件(如果你有的话)
* 在不同的标签页中同时导航多个位置
* 按层次列出文件(按文件名、大小和修改日期)
* Rclone 命令的执行是异步的,不会使 GUI 冻结
* 你可以上传、下载、创建新文件夹、重命名、删除文件和文件夹
* 上传文件时支持拖放
* 在 VLC 等播放器中播放流媒体文件
* 挂载和卸载文件夹/云端驱动器
* 能够计算文件夹的大小、导出文件列表,并将 rclone 命令复制到剪贴板
* 支持便携模式
* 支持共享驱动器(如果你使用 Google Drive
* 针对支持共享链接的远程存储服务,支持获取共享链接
* 能够创建任务,你可以很容易地保存,以便以后再次运行或编辑。
* 黑暗模式
* 跨平台支持Windows、macOS 和 Linux
### 在 Linux 上安装 Rclone Browser
_在使用 Rclone Browser 之前,你需要在你的 Linux 发行版上安装 rclone。请按照[官方安装说明][10]来安装。_
你可以在 [GitHub 页面][7]的[发布页][11]找到 Rclone Browser 的 AppImage 文件。所以,你在任何 Linux 发行版上运行它都不会有问题。
如果你不知道 AppImage我会推荐你阅读我们的[在 Linux 上使用 AppImage][12] 指南。
你也可以选择构建它。操作说明在 GitHub 页面上。
[Rclone Browser][7]
### 开始使用Rclone Browser
在这里,我只分享一下使用 Rclone Browser 应该知道的几件事。
![][13]
如果你在终端中使用 rclone 时有任何现有的远程位置,它将自动显示在 GUI 中。你也可以点击 ”**Refresh**“ 按钮来获取最新的新增内容。
如上图所示,当你点击 ”**Config**“ 按钮时它会启动终端让你轻松地添加一个新的远程或按你的要求配置它。当终端弹出的时候不用担心Rclone browser 会执行命令来完成所有必要的任务,你只需要在需要的时候设置或编辑一些东西。你不需要执行任何 Rclone 命令。
如果你有一些现有的远程位置,你可以使用 ”**Open**“ 按钮打开它们,并在不同的标签页中访问云存储,如下所示。
![][14]
你可以轻松地挂载云驱动器,上传/下载文件,获取详细信息,共享文件夹的公共链接(如果支持),以及直接播放流媒体文件。
如果你想复制、移动或与远程存储位置同步数据,你可以简单地创建一个任务来完成。只需确保设置正确,你可以模拟执行或者直接运行任务。
你可以在 ”**Jobs**“ 页面找到所有正在运行的任务,如果需要,你可以取消/停止它们。
![][15]
除了上面提到的所有基本功能外,你可以前往 **File-&gt;Preferences** 更改 rclone 位置、挂载选项、下载文件夹、带宽设置以及代理。
![][16]
要了解更多关于它的用法和功能,你可能需要前往 [GitHub 页面][7]了解所有的技术信息。
### 总结
Rclone Browser 对于每一位想要使用 Rclone 强大功能的 Linux 用户来说,绝对是得心应手。
你是否已经尝试过了呢?你更喜欢通过 GUI 还是终端来使用 Rclone请在下面的评论中告诉我你的想法
--------------------------------------------------------------------------------
via: https://itsfoss.com/rclone-browser/
作者:[Ankush Das][a]
选题:[lujun9972][b]
译者:[geekpi](https://github.com/geekpi)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://itsfoss.com/author/ankush/
[b]: https://github.com/lujun9972
[1]: https://itsfoss.com/use-google-drive-linux/
[2]: https://itsfoss.com/recommends/insync/
[3]: https://itsfoss.com/affiliate-policy/
[4]: https://rclone.org/
[5]: https://itsfoss.com/cloud-services-linux/
[6]: https://itsfoss.com/use-onedrive-linux-rclone/
[7]: https://github.com/kapitainsky/RcloneBrowser
[8]: https://i0.wp.com/itsfoss.com/wp-content/uploads/2020/09/Cloud-sync.gif?resize=800%2C450&ssl=1
[9]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2020/08/rclone-browser-screenshot.jpg?resize=800%2C618&ssl=1
[10]: https://rclone.org/install/
[11]: https://github.com/kapitainsky/RcloneBrowser/releases/tag/1.8.0
[12]: https://itsfoss.com/use-appimage-linux/
[13]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2020/09/rclone-browser-howto.png?resize=800%2C412&ssl=1
[14]: https://i0.wp.com/itsfoss.com/wp-content/uploads/2020/09/rclone-browser-drive.png?resize=800%2C505&ssl=1
[15]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2020/09/rclone-browser-task.jpg?resize=800%2C493&ssl=1
[16]: https://i1.wp.com/itsfoss.com/wp-content/uploads/2020/09/rclone-browser-preferences.jpg?resize=800%2C590&ssl=1