Nowadays, almost every one of his mobile are available with built-in wireless functionality, but many of these cards do not have good Linux drivers.
So unless the mobile settings are double import, Linux users to use the wireless card is not possible. Despite that, unless Windows is not running, or the mobile to connect to a wireless network is also very unlikely. However, many card already has a solution. A program called the ndiswrapper Linux kernel module to allow loaded into some wireless card drivers on Windows. This makes mobile on Linux using the wireless card, even in the absence of the original Linux driver. First of all, to find a copy sourceforge.net ndiswrapper. Download the latest version (0.8), then install, as follows: # tarxvzfndiswrapper-0.8.tar.gz # cdndiswrapper-0.8 # makeinstall this install ndiswrapper tools and different from the currently running kernel kernel module. You must have a valid kernel source code. (For most RPM, you only need to install the "kernel-source" software packages. Next, you need to find the card of the Windows driver copy is already exists in the Windows system (if it is a double import) found in or downloaded driver, are not related. Sourgeforge.net website lists the supported card, and provide a link for you to download Windows drivers. Perform the following operations, install Windows driver: # ndiswrapper-i [inf_file] .inffile (file) is a Windows-driven information file. It put the correct files are installed to/etc/ndiswrapper/[driver]. You can perform the following operation, to verify and ensure consistent with ndiswrapper ndiswrapper. # Ndiswrapper-l this program should list you just installed. Then, load the ndiswrapper kernel module, as follows: # modprobendiswrapper this load the driver and the system that you can use. You need to install Wireless Toolkit, in order to configure the wireless interface. Check to see if the system is in line with each other, simply enter iwconfig, it appears the network interface. (Usually wlan0, if it is the only one on the wireless card. ) Then use iwconfig or using wireless specific extensions, such as WEP key mode, to configure the tool to install wireless card (same as other wireless card is installed).Tuesday, November 30, 2010
Use LINUX6.0 Desktop Edition set PPPOE server
Recent and colleagues to talk together, that is always bound to a local area network has some users like to use ARP address spoofing to tampering, you do not let him go online, he can find a variety of reasons to fight for his "rights" of the Internet, and that such persons are often hidden in a segment, the total can not be because he's a person engage others are not network on, so really if you encounter such a nasty primary, it is in his local area network for a change on the Internet, not a post is directly connected to the gateway, but let the LAN users online which is executed once before the PPPOE dial-up process to obtain IP address and gateway address, which fundamentally eliminate the occurrence of ARP address spoofing.
Linux with PPPOE server experience prior to this, we have system introduced with routeros software to set up PPPOE server, the overall sensation is very powerful, and easier implementation (I and my colleagues to exchange a bit, in general have computer network infrastructure, a successful configuration operation, you can configure PPPOE server independently), but there is an inescapable reality: PPPOE server is commercial software, the price, the next beta and practiced hand can also, if you want a formal application to the actual network for real server does not rely on the spectrum, we turn our attention to Linux systems, the LINUX system is certainly can do PPPOE server, in fact, it took an afternoon Xiangzi time in Linux the PPPOE server configuration was successful, but I still have some feelings to say something: a, LINUX has had numerous versions of the configuration commands, and PPPOE software without providing an authoritative official configuration tutorials, online distribution of PPPOE tutorial diverging beginner difficulty according to a tutorial on master the essentials of PPPOE Configuration. Second, after all, is a general purpose LINUX operating system, rather than as designed for PPPOE server design, configure PPPOE server, sometimes a little LINUX itself small detail settings influence the improper PPPOE server itself by setting (such as Xiangzi this time Linux two network cards a restart is disconnected from the network header, good pain at the time of the adoption of the configuration file solved). 3. LINUX system itself integrated network services should be a trend, that is, a single LINUX Server installed, and a variety of network services and the corresponding packed, to sometimes will enable you to streamline operations and enhance consumer interests, thereby enhancing the LINUX in the server operating system usage. Felt said so much, or to introduce this in the LINUX system by the process of configuring PPPOE server, I was this selection LINUX6.0 Desktop Edition red flag, installed in the virtual machine, virtual, the two network cards using PPPOE + IPTABLES (NAT) Internet access solution, is divided into three parts to introduce the configuration process. Network topology shown in Figure 1, Figure 1 shows the use of LINUX as a PPPOE server and use the routeros for PPPOE server on the network topology is no different, we use this is Eth1 network connections outside the network (for which to set the IP address, subnet mask, gateway: 10.70.10.15/255.255.0.010.70.0.1), Eth0 network card connected to the intranet (for security reasons, do not set the IP address and other information).Guide to Linux file compression tool
Author: JacekArtymiak some free and utility of the evaluation in order to use this guide, please read the author's presentation, and then use the index to jump to guide explains you the necessary tools for that section.
If you prefer, you can read all content! we are in the back of each section provides links to reference materials, and at the end of this guide provides a main list. File compression and decompression is computing history, one of the most useful for creating, but the lack of portability and open tool is it to play its rightful role as one of the main obstacle. As long as we are with other similar UNIX users swap file, you can use such as gzip and bzip2 compress, this portable tools (links, see references). But the rest of the world who are using a variety of proprietary software--or even proprietary compression algorithm-owners may never be made public. Such developments continue to be very dangerous. Imagine in the future, we may not be able to be an important part of the decoding of files because we create them using special tools and algorithms, and the tools to run the operating system and hardware has become obsolete, disappear. This is why we should use open source compression tool, or at least use free and well documented algorithm for commercial reasons of compression tools. (Just remember to avoid using any special enhancements. This article is about the) on the Linux operating system, using .arc .arj, .lzh (.lha), .rar, .zip and .sit, .zoo file Guide. I chose to discuss these special formats because the three most popular operating system (MS-DOS, Microsoft Windows and MacOS) user most often use them. The reason I wrote this guide is to guide people to quickly find the right tools, rather than a detailed technical discussion of file compression technology. Finally, I would like to briefly explain the self extracting file. Such archives are often compressed format that contains the data of reality program. Implement them, they will unpack, and will be stored in the procedure body copy of the data contained within your specified on any drive. The only problem is that they cannot be used on Linux, no tool can extract them. In this case, you need to create archives of man as a general file compression. The current first here. I hope this guide can help you, and look forward to your comments and suggestions. Index .arc .arj .lzh (.la) .rar .zip .zoo .sit--------------------------------------------------------------------------------.arc files with .arc relatively rare. If you happen to come across one that basically can be identified it is using the old MS-DOSSAEARC or PKwarePKARC archiving utility. This form of support on Linux is not too good, and it is difficult to count on a Linux machine to extract these files. If you need to create .arc files, try to run DOSEMU or VMware or original SAEARC PKwarePKARC (in carrying the MS-DOS utility to find them on the FTP server). To unzip the file, use AladdinExpanderforLinux .arc. The time of this writing, the public Beta AladdinExpander can test purposes for free; it is to continue free was a unknown issues. To unzip the file, enter unstufffile.arc .arc. -D is a useful option, specify the destination location for the extracted files. For example: unstuff-d =./home/james/incomingfile.arc. Note: to learn more about AladdinExpanderforLinux details, read about the .sit file of that section. VMware: http://www.vmware.com DOSEMU: http://www.dosemu.org Aladdin Systems: http://www.aladdinsys.com/expander/expander_linux_login.tml return to index--------------------------------------------------------------------------------.arj files with .arj is to use the MS-DOS and Windows ARJSoftware for ARJ utility of created. Because it is an ARJ cannot get the source code of the shareware program, on the Linux platform is virtually non-existent and their functional matching tool, which makes it quite .arj files use. For ARJ file to successfully extract have been lucky enough. Not possible on Linux for .arj compressed form, because it is not used for Linux, generate this file's native compression tool. (You can try running under VMware DOSEMU or original ARJ Software, but this is not an easy-to-use solution). To unzip the file, use .arj unarj utility. Slower than ARJ, capacity as ARJ, but at least it is able to successfully extract most .arj files. It can extract the files to whenBefore the working directory, list archives, or test files. To view a brief help page, enter unarj; if you require more detailed description, see unarj.doc file, usually located/usr/doc/unarj-2.43 directory. Although where uncompressed .arj files is up to you to choose from, but to avoid confusion between the main working directory, should normally be in the home directory, create a temporary subdirectory, will change the current working directory to the new directory that will compress files to the new directory and then use unarjearchive.arj to extract the files in question. For Linux unarj can only extract all files at a time; you cannot extract individual files from a file. At least if the file already exists in the current working directory, even if found in the archive file with the same name, you will not overwrite it. In addition, unarj does not support empty directory or self extracting archives; the latter is the MS-DOS/Windows programs, they cannot be run on Linux, but you can run DOSEMU or VMware. Here are some other options: unarjarchive.arj or unarj unarjlarchive.arj--lists archives content unarjtarchive.arj--test archives unarjxarchive.arj--extract the files with pathnames, note, unarj option is not to start with a minus sign (-). If you extract the file fails, unarj try AladdinExpanderforLinux (for more information, please refer to the section .sit). You can also create archives of people make use of other tools (for example can be used for MS-DOS free gzip) to compress it. You may also need a simple.arj archives, in which you want to avoid the use of all advanced ARJ option, for example, volumes, files into small parts, as well as self extracting. Why not use the self extracting archive ARJ? these are not running under the Linux MS-DOS executable file style; they use various system libraries, their internal format is also required with Linux binary executable files of different formats. Maybe you can run DOSEMU or VMware ARJ self extracting archives. To ARJ or jar in the form of compressed still cannot be used on Linux, according to the FAQ page ARJSoftware that we shouldn't wait for Linux porting. If you know of any Linux tools can extract the .jar file, be sure to tell me. Available from the site or carry ARJSoftware you need Linux distributions of the FTP server to download unarj source code. In addition, unarj are usually basic part of Linux distributions, so you can find on the main distribution CD-ROM. If you need to all Linux distributions list of links, see Linux distributions page. ARJ Software: http://www.arjsoft.com ARJ's FAQ page: http://www.arjsoft.com/faq.htm ARJ download page: http://www.arjsoft.com/files.htm DOSEMU: http://www.dosemu.org VMware: http://www.vmware.com AladdinExpander: http://www.aladdinsys.com/expander/expander_linux_login.tml gzip: http://www.gnu.org/software/gzip/gzip.html Linux release page: http://www.linux.org/dist/index.html return to index--------------------------------------------------------------------------------.lzh (.la) with .lzh or .lha extension using the LHa, LHarc or LHx compression utility in the compresses. These utilities are Y.Tagawa, H.Yoshizaki, Momozou and MasaruOki development. These utilities have been ported to many operating systems, use them to create files with portability. MatsAndersson implemented Linux porting. With gzip, lha utility to perform multiple file compression. To compress a single file, enter lhaaarchivefile. Lha .lzh archives created with the extension. If archive.lzh has in the current working directory, so you let the lha compressed file will be added to the existing file. Archive.lzh previous content is still preserved, unless it already contains a file with the same name, in this case, the old files will be replaced in the new file. This operation is blind, meaning that it does not check the file's time stamp; to ensure that only with update timestamp of the file to replace the file saved in the older file, then use the u option instead of a option (for example, lhauarchivefile). When you receive .lzh files people complain when unable to decompress files, try using lhaagarchivefile or lhaaoarchivefile. G and o options respectively indicate the lha lha using conventional or and andCapacity of archiving methods. If you only update existing files, use instead of a u. Archive multiple files and archiving as easy as a single file using the wildcard character (for example, lhaaarchivefiles *) or enter the storage file is located in the top-level directory (for example, lhaaarchivedirectory). All files and subdirectories are automatically stored in the archive. File replace rules and the u option on multiple files and a single file by the same. Wildcard syntax and you commonly used shell used in the same grammar. Here are some other options: l-lha-lists archives content (for example, lhalarchive.lz) v--lists the detailed format file content (for example, lhavarchive.lz) t-test the integrity of the file (for example, lhatarchive.lz) Note, lha options do not have to take a negative sign (-) at the beginning, they also should not have spaces. If you need a list of other options, please enter .lha and .lzh la. files unzip is fairly easy: simply enter lhaearchive.lha. If the GreekLinux жу╤к╡ывВж╝╪Рр╙©Лкыж╦до ║║║║
║║
manй╧сцmanцЭаНю╢╡И©╢цЭаН╣днд╣╣║ёmanйгmanual╣дкУп╢║ё╪╦╨Уц©р╩╦ЖцЭаН╤╪споЮс╕╣днд╣╣║ёр╙иНхКак╫Бmanё╛гКйДхКртобцЭаНё╨manmaninoinfoцЭаНсКmanцЭаНюЮкфё╛╡╩╧ЩкЭлА╧╘акЁ╛а╢╫снд╠╬ё╛©ирт╦Э╥╫╠Ц╣ьД╞ююнд╣╣║ёа╢╫сLinuxнд╪Чо╣мЁвНжьр╙╣дль╣Цж╝р╩йгкЭ╣днд╪Ча╢╫с║ёа╢╫сйг╤тнд╪Ч╣дрЩсцё╛уБяЫдЗ©иртхцнд╪Чтзнд╪Чо╣мЁжп╤Ю╢╕╠╩©╢╣╫║ё╡╩╧Щё╛тзLinuxжпё╛а╢╫с©иртхГм╛т╜й╪нд╪Чр╩яЫю╢╤т╢Щ║ёа╢╫с©иртсКфум╗╣днд╪Чр╩яЫ╠╩ж╢пп║╒╠Ю╪╜╨м╥цнй║ё╤то╣мЁжп╣дфДкШс╕сцЁлпР╤Ьятё╛а╢╫с╬мйгкЭкЫ╤тс╕╣дт╜й╪нд╪Ч║ё╣╠дЗм╗╧Ща╢╫с╤тнд╪Ч╫Ьпп╠Ю╪╜й╠ё╛дЗ╠Ю╪╜╣дй╣╪йиойгт╜й╪нд╪Ч║ёа╢╫с╡╩йг╦╠╠╬║ёспа╫жжюЮпм╣да╢╫сё╨с╡а╢╫с╨м╥Ш╨еа╢╫с(хМа╢╫с)║ёс╡а╢╫сж╩дэрЩсцм╛р╩нд╪Чо╣мЁжп╣днд╪Ч║ёкЭрЩсц╣дйгнд╪Чтзнд╪Чо╣мЁжп╣днОюМкВрЩё╗р╡Ёфн╙inodeё╘║ё╣╠дЗрф╤╞╩Ри╬ЁЩт╜й╪нд╪Чй╠ё╛с╡а╢╫с╡╩╩А╠╩фф╩╣ё╛рРн╙кЭкЫрЩсц╣дйгнд╪Ч╣днОюМйЩ╬щ╤Ь╡╩йгнд╪Чтзнд╪Ч╫А╧╧жп╣дн╩жц║ёс╡а╢╫с╣днд╪Ч╡╩пХр╙сц╩╖сп╥цнйт╜й╪нд╪Ч╣дх╗очё╛р╡╡╩╩Аотй╬т╜й╪нд╪Ч╣дн╩жцё╛уБяЫспжЗсзнд╪Ч╣д╟╡х╚║ёхГ╧ШдЗи╬ЁЩ╣днд╪ЧспоЮс╕╣дс╡а╢╫сё╛дгц╢уБ╦Жнд╪Чрюх╩╩А╠ёаТё╛ж╠╣╫кЫсп╤ткЭ╣дрЩсц╤╪╠╩и╬ЁЩ║ё╥Ш╨еа╢╫с(хМа╢╫с)йгр╩╦Жж╦уКё╛ж╦оРнд╪Чтзнд╪Чо╣мЁжп╣дн╩жц║ё╥Ш╨еа╢╫с©ирт©Гнд╪Чо╣мЁё╛иУжа©иртж╦оРт╤Ёлнд╪Чо╣мЁжп╣днд╪Ч║ё╥Ш╨еа╢╫сж╩йгж╦цВакт╜й╪нд╪Ч╣дн╩жцё╛сц╩╖пХр╙╤тт╜й╪нд╪Ч╣дн╩жцсп╥цнйх╗оч╡е©иртй╧сца╢╫с║ёхГ╧Шт╜й╪нд╪Ч╠╩и╬ЁЩё╛кЫспж╦оРкЭ╣д╥Ш╨еа╢╫ср╡╬м╤╪╠╩фф╩╣ак║ёкЭцг╩Аж╦оРнд╪Чо╣мЁжп╡╒╡╩╢Фтз╣др╩╦Жн╩жц║ёа╫жжа╢╫с╤╪©иртм╗╧ЩцЭаНlnю╢╢╢╫╗║ёlnд╛хо╢╢╫╗╣дйгс╡а╢╫с║ёй╧сц-s©╙╧ь©ирт╢╢╫╗╥Ш╨еа╢╫с║ё
Accelerate your Ubuntu to reduce CPU usage
Method from this article FeistyPerformance-"FlyLikeAButterfly" (English translation), the author summarizes a lot about optimization and Acceleration Feisty.
In accordance with the following method to do, is there real results, we tried to know, at least I use found startup speed has been greatly improved. Note: the following steps if you modify the error that will cause a system not to boot, so you need to seriously. 1. disable IPv6 IPv6 have not arrived at present, this advanced functionality to Ubuntu temporarily can shield off to speed up the speed. Edit sudogedit/etc/modprobe.d/aliases, to: modify aliasnet-pf-10off # aliasnet-pf-10ipv6 ipv62, parallel running startup scripts in/etc/init.d/following are startup script, by default the script is started sequentially, in fact, if you are using a SATA or SCSI interface, you can start these scripts in parallel, to speed up the startup process. Use vi to edit sudovi/etc/init.d/rc, the CONCURRENCY = none: revised as the CONCURRENCY = sell3, localhost aliased to hostname it is said that this method can improve the use of Ubuntu for a period, in the GNOME startup slow down your application. Edit sudogedit/etc/hosts, put: 127.0.0.1localost127.0.1.1Ubuntu in the first line the end host name, which is the second line of that name. 127.0.0.1localhostUbuntu127.0.1.1Ubuntu4, disable PangoPango is a focus on internationalization and is used to output and text rendering libraries, but this gallery might cause some programs such as Firefox consume excessive CPU, so we can disable it. This can be very good to reduce CPU usage. Edit sudogedit/etc/environment, add: MOZ_DISABLE_PANGO = "1" 5, disable the gettys open sudogedit/etc/event.d/tty3, put all to start at the beginning of the line, use # commented out.LAN implementation of linux and Windows file shares
File sharing is a critical network requirements, especially in enterprise environments that demand very urgent.
We know that the Windows hosts file sharing is very simple, you can achieve through my network places. But enterprise environment in host operating system is more complex, many Linux and Unix systems. That's how to implement Windows and Linux file sharing between? an effective liberation programme is, on the Linux platform to deploy SAMBA can be realized such sharing needs. The following author build environment, instance demo on Linux deployment for more technical details of the SAMBA. Environment description Linux system: RedHat9.0 Windows systems: WindowsXPsp2 i. SAMBA service deployment 1, samba installation (1). Verify samba is Linux system integration of a tool, in the process of installing Linux users can choose to install. Verify that the system is installed samba can be viewed using the following command: root @ localhost root] # rpm-qa | grepsamba if, as shown below, you have already installed samba: samba-swat-2.2.7a-7.9.0 samba-2.2.7a-7.9.0 redhat-config-samba-1.0.4-1 samba-common-2.2.7a-7.9.0 samba-client-2.2.7a-7.9.0 from Figure 1 you can see the author of Linux already installed samba. (Figure 1)DRBD notes: Linux platform to achieve high-availability scenarios
DRBD is a block device implementation, mainly being used for the Linux platform of high availability (HA) programmes.
He is a kernel modules and related procedures, through network communications to synchronous mirroring the entire device, somewhat like a network RAID functionality. That is when you write data to the DRBD device on the local file system, the data will also be sent to the network of another host, and in exactly the same form of records in a file system (in fact file system was created by the DRBD synchronously accomplished). Local node (host) and the remote node (host) can guarantee real-time data synchronization, and ensure the consistency of the IO. So when the local node's host fails, the remote node hosts also retains an identical data, you can continue to use, to achieve high availability. In high-availability (HA) solution to use DRBD features, you can instead use a shared disk array storage device. Because data at the same time exist on the local host and the remote host, to meet a need to switch, the remote host to which you only need to use it that backs up data, you can continue to provide services. The underlying device supported DRBD need to build upon the underlying device, and then build a block device. For users, a DRBD device, just like a physical disk, you can create a file system of the geographical position. DRBD supports the underlying device has the following categories: 1, a disk or disk partition of a; 2, a softraid equipment; 3, an LVM logical volume; 4, an EVMS (Enterprise volume management EnterpriseVolumeManagementSystem) volume; 5, any other block devices. Configuration profile 1, the global configuration (global) basically we can do is to configure usage-count is yes or no, usage-count parameter is really just to let the linbit company collects the current use of drbd. When drbd in installation and upgrades when they are sending information via the HTTP protocol to linbit company servers. 2. public configuration items (common) common here, refers to the drbd manages multiple resources in common. Configuration item is configured inside the main drbd all resource can be set to the same parameters, such as protocol, the syncer and so on. 3. resource allocation (resource) resource entry is configured in the management of drbd all resources, including the node's IP information, the underlying storage device name, device size, meta information, drbd device name external offers and so on. Each resource will need to configure each node information, rather than individual information of this node. In fact, the entire cluster drbd, each node above drbd.conf file needs. In addition, there are many other resource internal configuration item: net: network configuration-related content, you can set whether to allow double master (allow-two-primaries), etc. Startup: starts when the relevant settings, such as setting startup who as a primary (or both is primary: become-primary-onbot) syncer: synchronization-related settings. You can set the "back" synchronization (re-synchronization) speed (rate) setting, or you can set whether the online validation data consistency between nodes (verify-alg detection algorithm is md5, sha1, and crc32, etc.). Data validation may be a more important things, open an online checking function, we can pass the related command (drbdadmverifyresource_name) to start the online validation. In the checkout process, drbd will record the inconsistencies between the node block, but does not block any behavior, even in the inconsistent block IO request above. When inconsistent block, drbd requires re-synchronization, syncer rate items inside settings, mainly used for re-synchronization, because if you have a lot of inconsistent data, we may not have all the bandwidth assigned to drbd re-synchronization, so do affect the external references to the provision of services. Rate setting and also need to consider the impact of IO capabilities. If we would have a Gigabit network outlet, but the ability of our disk IO per second and only 50M, then the actual processing capacity is only 50M, generally speaking, the ability to set up a network and disk IO IO capabilities in a minimum of 30% of the bandwidth compared to re-synchronization is appropriate (official). In addition, drbd also provides a temporary rate change commands, you can temporary syncer rate of change: drbdsetup/dev/drbd0syncer-r100M. This temporary setting the speed to 100M re-synchronization. But in the end, re-synchronization you need to let the drbd drbdadmadjustresource_name as configured to work in the rate.CMPI's memory management and implementation of Open Pegasus
In the Provider code for using multiple threads without the use of multiple threads Provider development provided by the Pegasus on the thread, and memory management support has been greatly simplify the programmer's work.
But if you actually need, still requires the use of Provider's internal multithreaded, and the start of the thread internal also need to use the services provided by CMPI, you only need to comply with the following three steps. When creating a new thread before calling CMPI prepareAttachThread method defined. The purpose of this method is to copy the current thread's context and passed to the newly created thread. In order to ensure that the new thread can inherit some of the current thread context information. In a new thread, first call the CMPI attchThread method defined. In the new attachThread method is a new CMPI_ThreadContext object to manage the process of internal all CMPI object. In the new thread exits before calling CMPI detachThread method defined. Because a new thread object is in CMPI_ThreadContext was created on the heap, the destructor cannot be automated. Therefore need to thread exits before using detachThread method explicitly to destruct CMPI_ThreadContext object. Summary this article describes the CMPI specification on thread-safe and reentrancy and memory management, and analysis of its realization in Pegasus, analysed the including use of critical data structures. The above described can help Provider developers to more clearly understand the CMPI object life cycle, in a multithreaded environment, the correct use of the various methods of CMPI.Local area network architecture
How online basically, our online for local area network is probably using this way: linux_20location.jpg > between computers is a Hub or switch as an online interface, and then follow the Linux host is connected to a NAT between, finally, through a fixed IP academic network, or their ADSL modem to connect the Internet.
Basically, we hope that the internal network can easily make a variety of network communication, so the above four network card IP and we hope he can in the same network segment, for example: we can set the Linux host is used to connect the internal network IP is 192.168.1.2, whereas the other three network cards are set to 192.168.1.11 ~ 192.168.1.13 on it, and then sub shielding network is 255.255.255.0, the four network card belong to the same network segment between the network card can be directly online instead of through the Getway!: on the Hub but also noted above, if you're just an ordinary family, the Hub you can choose a song that five hole (a roughly as long as the 500-$ 600), but if you are a residential network, and your schoolmates often have large flow of file transfer (for example, from a personal computer to personal computer b), in order to increase the efficiency of transmission is recommended to use can be automatically resolved 10/100Mbps hub or switch to using, because his transfer rate is 10Mbps 10 times on network cables:! this is a particular need to pay attention, because the most frequently used network cable connector for RJ45 network cables, network cables, because there are no joints part patch cord processing is divided into two kinds of wire rod, a parallel line (that is, no jumper processing), a is called a jumper. The above graph, connected to the Hub of the network cable is a normal network cable, which is the parallel lines, and the Linux host received the ADSL modem's line is to use jumper! because of an error will result in the use of wire could not be online, so please pay particular attention here! "to install which communication protocol since we mainly use Linux host to the online Windows system on a personal computer, in your Windows system, the network needs to have the following setting can see each other every computer! (note that the following description is taken from article Study-Area) · NetBEUI Let's go back to IBM initially entering the era of the personal computer network, they do need a basic network communication protocols, but they do not intend to use this to construct a large network, only for dozens of computers and even smaller networks. Based on this appeal, was born NetworkBasicInput/OutputSystem, or NetBIOS. NetBIOS only 18 command (command) to let the network computers to establish maintenance and use of buildings connected service. But IBM in the near future and then launched the NetBIOS extended version: NetBIOSExtenedUserInterface, or NetBEUI, NetBIOS is basically an improved version. However, NetBIOS and NetBEUI is different: NetBEUI in fact can be said is a transport protocol, and NetBIOS at best is a set of commands to let the system you can use the network only, on a technical point of view, it is a ApplicationProgramInterface (API). NetBEUI can be regarded as you will be able to use the fastest communication protocol. The "fastest" means that it can be formatted data into packets inside, and the receiving node and can be quickly reading the content. However, there is a most NetBEUI fatal weakness: it is not a routable (routable) Protocol, which is not able to and other machines on the network. NetBEUI on a local network which is very good, but if you want to and other network machine communications, and NetBEUI is not what you need. If you want to achieve and communicate with other network computers, you most likely need to route through the routing device or software to achieve, but no matter which, unfortunately, NetBEUI can do. However, the Microsoft network is using a technology called NetBIOSoverIP, to connect to different networks NetBEUI customers. But in the final analysis, it used to reaching route not NetBIOS instead of TCP/IP. · IPX/SPX InternetworkPacketExchange (IPX) is a Novell agreement can be established between network devices remain and terminate communications buildings connected, he is responsible for outgoing data, is also responsible for incoming. When data arrives, IPX addresses will read the data, and to move to a network server or workstationThe correct place. If the server or workstation needs to send out the data, it will identify good IPX data packet address, and then out through the network routing. SequencedPacketExchange (SPX) protocol is used to control network processing, such as handling lost packets or other status. Although the IPX and SPX are Novell, but their use is not restricted to the Novell network. As a transport protocol, IPX/SPX can be used in many different hardware above, IPX/SPX is a routable protocol. mod · United States developed the TCP/IP TransmissionControlProtocol/InternetProtocol (TCP/IP), and originally was used to tie in with the ARPANET (AdvancedResearchProjectsAgencyNet) to handle the connections between different hardware problems, such as Sun systems and Mainframe? Mainframe and PC connection. InternetProtocol (IP) work at the network layer (later will continue and we explore OSI network layer), it provides a set of standards for different network rules to follow, of course, if you want to use an IP from a network packet routing to another network. IP is designed to be used in LAN and LAN and PC and is transferred between PCs. You can put the IP as the rules of the game, but TCP is used for the interpretation of these rules. Although TCP/IP was originally designed for several universities and institutions in the use of TCP/IP, but now has become the most popular protocol, we use the Internet is to use TCP/IP to route packets. Here let us look at how the work of TCP/IP: If your company is in many parts of the branch, and each has its own local network (LAN) that runs in the Corporation is Novell network, but most are branch in Macintosh computers. When the Mac data you want to transfer to the PC will be how to? first, TCP will both platforms can provide a full-duplex checking (on bi-directional data is error detection). Then, develop better communication between the IP and Mac and PC connection port. Until here, the TCP ready data, if the data is too large, the IP will be split into several smaller packets, and packet above plus a new header (forwarding address), ensure that packets are delivered correctly. TCP also with label description of data types and lengths. Further down, IP packets are converted to standard encoding format and transmitted to the PC. Finally, in the PC above TCP packet decoding and translated into the format of the PC to be able to understand, that is its own network protocol to use. TCP/IP is the protocol uses one of the most widespread Protocol, because it tries to achieve all all of your hardware. However, it is the slowest one of transport protocol, and in some cases, its speed 70% only NetBEUI. When the installation is complete the above Protocol, the faith in your local area network, all Windows PCs have already can see each other, as long as in the open resource sharing project, you can achieve the purpose of the local network. Determine your network parameters on the Internet · even the way: as by far the most common way to online, are divided into: fixed IP (e.g. academic network, or fixed-IP telephone line), floating IP (for example the most popular ADSL timing system), both of these networks although similar setting modes, but there are still some different, so you need to first determine your online on the Internet means that if a fixed system of IP, please be sure to obtain your IP and subnet mask network IP and IP, and so on three Getway group IP address, DNS also needs a group of IP. That if it is floating IP online, you only need your online account, online password, IP and DNS. · set Linux host as NAT host: due to the internal network is a virtual IP of the virtual IP will not be able to communicate with the outside of the Internet, so if you want to connect the Internet, you must have a solid IP Linux host online!, your Linux host must have two network cards: 1. a solid IP (whether fixed or floating) and Internet online, 2. a piece of the virtual IP and your internal network online. 3. then the two pieces on the Linux host within the network card via Linux internal NAT setting to reach the virtual IP connected Internet. · Linux host setting: as described above, Linux host above have two network cards, how to set? 1. communication with the outside world: that of the network card of a network card settings, if it is a fixed IP, then directly enter IP and subnet mask network, you can directly connected to the Internet; but if you are using dialed (or ADSL timing system), you must use such software to rp-pppoe connected to the network! 2. and the internal network to communicate with the network card: this card IP must be with you all of the internal network IP of the computer are in the same network segment, for example, 192.168.1.0-192.168.1.255, in addition to this a network card IP will be your internal network for all computer 『 cig 』. · Windows personal computer settings: personal computer, as we have already set up NAT host, a host has a fixed IP, daughter of virtual shield network, therefore, the Windows system is direct inputA fixed virtual IP, subnet mask, and gateway is set to NAT host IP! online through the above, in the Windows above increase communication protocol, and take your Linux host is set to become a NAT host, your local area network can successfully set up, and you can use NAT technology to reach every computer can be connected to the Internet-enabled features wowCMPI's memory management and implementation of Open Pegasus
CMPI_ThreadContext data structure each CMPI_ThreadContext objects are bound to a thread and thread internal all shared by CMPI object.
Therefore CMPI_ThreadContext actually is a thread private data (ThreadSpecificData, TSD). Based on the pthread thread library provides support, CMPI_ThreadContext class contains a static variable of type pthread_key_t. Called by pthread_setspecific CMPI_ThreadContext address of itself and the key bindings. While other threads CMPI object, you can call to get the pthread_getspecific thread CMPI_ThreadContext address. Based on this kind of mechanism, different thread CMPI objects are individually. Pegasus uses specialized classes to encapsulate each CIM objects, such as CIMInstance, CIMDateTime etc, then these objects encapsulate as CMPI_Object again. The main Member CMPI_Object is a pointer to a pointer to the wrapped object hdl and a table with their corresponding functions. The other is used to construct a CMPI_Object two-way queue pointer prev and next. CMPI_ThreadContext maintains links to in the head and tail of a queue CMPI_Object two-way CIMfirst and CIMlast pointer. In the thread created all the CMPI objects are documented in the queue. In order to be able to automatically release all the messages in the queue, the object of CMPI CMPI_ThreadContext in destructor (see Listing 1), then call the queue object in the release method. CMPI_ThreadContext::~CMPI_ThreadContext(){for(CMPI_Object*nxt,*cur=CIMfirst;cur;cur=nxt){nxt=cur->next;(reinterpret_castLinux driver porting kernel2.6.25 CS8900 network adapter
In General, we compile the kernel, the device driver selection in two ways: directly compiled into the kernel, the other is to module hooks.
CS8900 network adapter driver if a module hooks, function init_module is the importers; if you are directly compiled into the kernel, then the function is the importers cs89x0_probe. In this entry function, will complete the network card driver's initialization. If a registered virtual address, device number, interrupt, and various related register initialization. Cs89x0_probe function will call the initialization function cs89x0_probe1 real. Following that the initialization function, you need to complete several important areas: 1, registered virtual address. Registration through the request_region function virtual address. In the inside, our kenel operations register addresses are actually virtual addresses, but each register has a unique virtual addresses and their corresponding physical address because the kernel inside any virtual address flowing through the MMU into physical addresses. So in the kernel, are defined to be used to register, you must use a function ioremap will we have to use the register to the physical address is converted into the kernel, you can manipulate virtual address to be used for specific action, otherwise everything is in vain. Ioaddr = (int) ioremap (BASE_ADDR, 16); net_device structure 2, fill the form. The structure members are and network equipment-related variables. The more important of the two: dev_addr and open. Dev_addr RI to deposit is the host's MAC address, generally is read in from eeproom then hold to that variable, and of course you can also manually according to your needs. for(i=0;iGood news: Ubuntu can directly install ibus input method
Previously introduced ibus input method, but the user's most widely used Ubuntu release but because some packages version does not match the experience could not be installed.
Better now, Ubuntu users can directly install ibus input method! — if you're a Ubuntu user to directly open the Terminal, follow these instructions to install ibus input method. Note: If you do not have the Yuen Lane, please add the source cn99. Sudoapt-getinstallibusibus-pinyinibus-table which ibus-table is some extra code table, wubi ChangJie, Zheng yards with, etc., that you need to select it. After installation, in your own ~/.profile files increase the following few lines, log back on to use ibusexportXMODIFIERS =? A HREF = "mailto:" @ im = ibus "> @ im = ibus" exportGTK_IM_MODULE = "ibus" ibus & attached before a screenshot of the current Yuen Lane ibus ibus input method version is: ibus0.1.1.20080908-1ibus-pinyin0.1.1.20080901-1ibus-table0.1.1.20080901-1Blueman-Bluetooth Manager for Ubuntu
Blueman is a GTK + Bluetooth Manager.
Blueman simply and efficiently manage BlueZAPI and simplifies some Bluetooth management tasks are as follows: 1. dial-up connection 3G/EDGE/GPRSp2. connect/create Bluetooth network connection input device 3.4. connect the audio device 5. adoption of the OBEX (ObjectExchange) sending, receiving, browsing for a file 6. pairing Blueman also threw their integration into the network manager 0.7, so any dial-up/network connections are available in Internet Explorer. Install in Ubuntu Blueman click System → system administration → software source. Click on a third-party software tab. Find the right source added. UbuntuJaunty (9.04) user debhttp://ppa.launchpad.net/blueman/ppa/ubuntujauntymainubuntuintrepid (8.10) user debhttp://ppa.launchpad.net/blueman/ppa/ubuntuintrepidmainubuntuhardy (8.04) user debhttp://ppa.launchpad.net/blueman/ppa/ubuntuhardymainubuntugutsy (7.10) user debhttp://ppa.launchpad.net/blueman/ppa/ubuntugutsymain from here to download the OpenPGP key, and reference this description to OpenPGP keys added to a third-party software source. After you are done, open the Synaptic Package Manager (System → System Administration → Synaptic Package Manager) and refresh. Or, run the following line of command sudoapt-getupdate and with this line of commands installed Bluemansudoapt-getinstallbluemanBlueman will uninstall and replace system existing Bluetooth Manager. Open his method is system → preferences → Bluetooth Manager (if your Local Chinese, then see a Chinese language interface)From the Linux command line to update Twitter and FriendFeed
Analysis of analysis output through Twitterfeed, you know you need to first use sed process it to get a real, easy-to-read results.
XML is really easy to read, but after viewing the results can be concluded, you will need to resolve all the stuff between the tags. However, there is an obstacle. XML does not contain any new rows or CR code, it is just a long XML string. So, how do you resolve it? here you must select a different output formats. Available formats with JSON, XML, RSS or Atom. For this example, you can select RSS because it is the most clean and tidy, and contains what you need to wrap. View the results in the RSSfeed. What you need is between the tags, so use a modified version of the sed command processing output: curl-s-u "nickname: key" http://friendfeed.com/api/feed/home?format=rss|sed-neEnhanced security: see how linux hacker intrusion
This summary is not available. Please
click here to view the post.
LINUX network security literature
LINUX network security literature I don't what experts according to their own by using LINUX for everyone to write a bit of my personal experiences for everyone to look at the information only to maintain network security the easiest solution is to ensure the network host does not contact, nor is the public, the easiest way is to never put your own network to connect to a public network, such as the INTERNET. this through isolation of the security policy in many cases is not acceptable.
Use the private IP address is a simple and feasible methods-can prevent hacker access to the user's personal computer. RFC1918 provides can be used for local TCP/IP network using IP address-the IP address will not be the router IP address because they would not be routed on the Internet, and therefore do not need to register through the allocation of IP address range, you can effectively use the network traffic is now within the local network-this is a way to deny external access to your computer and allow the internal flow of data between computers with fast and efficient method for all of the Internet as the official standard RFC (REQUESTFORCOMMENT) to distribute your private IP cannot be routed on the Internet, using a private IP address of the system cannot access the Internet but through the establishment of an IP masquerading server (a single LINUX server) can solve this problem when the packet away from your computer, it contains it's own IP address as the source address, the data have been LINUX server sends to the outside world is shot State is not a conversion which simultaneously record. Server source address for packets sent to the LNTERNET where the destination IP address when the packet is sent to the Internet, he can reach a destination address for the response. This setting has a problem, because the packet's source IP address of the server, instead of the server, the user's computer after the IP address so that a response from an external computer will be sent to the server. Accordingly, the power of a full packet transmission, LINUX server must search to a table, in order to determine what the packet and then tell the confirmation computer. source address set to the private user of private addresses of a user's computer and sent to the computer. it is clear from a private IP address of the computer's packet now being transmitted over the Internet. Accordingly, it is also a sincere IP masquerading as a network address translation. By default, the Linux kernel is set inside an IP masquerading functionality. However, if you have already removed from the kernel, a function, or use a built-in IP masquerading functionality of the kernel, you need to recompile the kernel, and then sets the packet filtering rule in order to allow the conversion, in order to make IP masquerading to work, you need to open a server's IP transformation services-we can/etc/sysconfig/network file FORWARD_IPV4 is set to YES and the open IP conversion. To the internal network to connect to the outside world, you need an IP masquerading server has two network interfaces-one excuse terms connected to the internal network, but a pretext used to add a server to connect to the external world for example:/learn in/ifconfig.ethlinet211.123.1.1netmask255.255.255.0 will your computer IP address is 192.168.1.2 to 192.168.1.254 to cultivate, and all users of the computer's network settings 192.168.1.1 netmask is 255.255.255.0 that all computers can communicate with each other,/learn in/ipchains-Aforward-jMASQ192.168.1.0/24-d0.0.0.0/0/learn in/ipchains-pforwardDENY first command on the destination address is not the 192.168.1.0 network IP datagram open IP Masquerade feature services. He would convert it originally came from the 192.168.1.0 network through IP packets for loading, and was sent to another network interface of the network of the chain, the default router-the second will be the default forward policy is set to reject all non-internal network packets can be said of people order at/etc/rc.d/rc.localzai boot server, will be able to start the IP-like functionality. As a result of the haste to write a bit messy and may not all hope we see hanging out. China E Ann Union xiaoxiang note publishedUse sudo reinforcement Linux system security
VIII. closing Sudo is a practical security management software, through its root privileges for effective control and audit can effectively improve the security of the system.
This article primarily discusses the sudoers file of sudo user requirements, if you want to learn more about other aspects, the Handbook on www.gratisoft.us/sudo/man/sudo.html sudoman is helpful. PreviousAnatomy of Linux operating system process management
Linux user-space process of the creation and management principles involved and many UNIX? in common, but there are some specific to Linux's uniqueness.
In this article, understanding the lifecycle of Linux process, explore the user process creation, memory management, dispatch and destruction of kernel internals. Linux is a dynamic system that can adapt to changing computing needs. Linux computing performance is to process a common abstract-centric. Processes can be short-term (from the command line execution of a command) or long-term (network service). Therefore, the process of scheduling for the General management becomes extremely important. The process in user space, is determined by the process identifier (PID). From the user's perspective, a PID is a numeric value, you can only identify a process. A PID of the process during the whole life does not change, but the process PID can be re-used after destruction, to cache them and not always ideal. In user space, create the process can take several forms. You can execute a program (which can lead to the creation of a new process), or within a program, called a fork or the exec system call. Fork calls will result in the creation of a child process, and exec calls will be replaced with a new program to the current process context. Next, I will discuss some methods so that you can understand how they work. In this article, I will follow the following sequence describes the process of expanded, first display process kernel represents and how they are managed in the kernel, and then look at the process of creating and dispatching of various ways (in one or multiple processors), and finally describes the process of destruction. Process means that the Linux kernel, the process is quite a structure called the task_struct. This structure contains all said this process the necessary data, in addition, also contains a lot of other data used to statistics (accounting) and maintain relationships with other process (parent and child). Introduction to the complete task_struct is beyond the scope of this article, listing 1 shows a small portion of the task_struct. This code contains this article to explore these specific elements. Task_struct located./linux/include/linux/sched.? Nbsp; manifest a small part of 1.task_struct structtask_struct {volatilelongstate; void * stack; unsignedintflags; intprio, static_prio; structlist_headtasks; structmm_struct * mm, * pid_ttgid pid_tpid active_mm;;; structtask_struct * real_parent; charcomm [TASK_COMM_LEN]; structthread_structthread; structfiles_struct * files; ...}; In Listing 1, you can see a few expected item, such as the implementation of the State, stack, a set of flags, the parent process, executing thread (there are many), and open the file. I will be a detailed description, here is simple. State variable is a number indicating the task status bit. The most common States are: TASK_RUNNING indicates that the process is running, or in the run queue was about to run; TASK_INTERRUPTIBLE said process is sleep, Hibernate TASK_UNINTERRUPTIBLE represents the process but cannot wake up; TASK_STOPPED represents the process stops and so on. For a complete list of these flags can be found in the./linux/include/linux/sched.h. Flags defined a lot of indicator, which indicates that if a process is created (PF_STARTING) or exit (PF_EXITING), or the process is currently allocated memory (PF_MEMALLOC). The executable name (without path) occupy comm (command) field. Each process will be given priority (called static_prio), but the process of actual priority is based on the load, as well as several other factors determined dynamically. The lower the priority value, the actual precedence. Tasks field provides a list of links. It contains a prev pointer (a pointer to the previous task) and a next pointer (a pointer to the next task). Process address space by mm and active_mm field represents. Mm represents the process memory descriptor, but the previous active_mm process memory descriptor (for improving context switching time of optimization). Thread_struct is used to identify the process of storage condition. This element depends on Linux is running on a specific schema, there are in-/linux/include/asm-i386/processor.h such an example. In this structure, you can find the process execution context switch storage (hardware registry, the program counter, etc.).Linux system ssh security settings Guide
If you still use telnet instead of ssh, you need to change this manual reading ssh should be used to replace all the telnet remote login.
Any time by sniff Internet communications to obtain the clear text password is fairly simple, you should use encryption protocols-well, now in your system perform apt-getinstallss. Encourage your system at all users use ssh instead of telnet, or even further, uninstall telnet/telnetd. Additionally you should avoid using ssh login as root, with the alternative method is to use su or sudo to root user. Finally,/etc/ssh directory sshd_config file, you should make the following modifications to enhance security: ListenAddress192.168.0.1 allows ssh only listens to a specified interface, if you have multiple (and don't want to get in their top ssh service) interface, or in the future will increase a new card (but do not want to pass it to connect ssh service) before attempting any situation .PermitRootLoginno do not allow Root logins. If someone wants to become root via SSH, you need two login and password for root is still not possible through SSH brute force .Listen666 change the listening port, so that intruders cannot determine whether running sshd daemon (advance warning, this is fuzzy safe) .PermitEmptyPasswordsno empty password is a mockery of the system security .AllowUsersalexref me @ somewhere only allows certain users to access the host via SSH . user @ host can also be used to restrict user access by specifying the host only allows a group .AllowGroupswheeladmin members through SSH access host .AllowGroups and AllowUsers for denying access hosts have the same effect when call them "DenyUsers" and "DenyGroups" do not think it strange that completely .PasswordAuthenticationyes depends on your selection-only allows the user to use over ~/.ssh/authorized_keys file ssh-keys login host will be more secure if you want to achieve this effect, set it to "no" to disable all of you do not need authentication method, if you don't have to, for example RhostsRSAAuthentication, HostbasedAuthentication, KerberosAuthentication or RhostsAuthentication (for example), you should disable it, even if they are the default settings (see the online help sshd_config (5)) .Protocol2 disable version 1 protocol, since its design flaws, it is easy to make the password being black falls for more information, see-ssh protocol problem reports or Xforce circular .Banner/etc/some_file to users connected to an SSH server to add a title (it will be read from a file), in some countries, login before a given system, giving unauthorized or user monitoring warning information, will be subject to legal protection.Linux-based router and firewall configuration
At present.
Network operating systems, Linux has become the computer operating system technology professionals, technical personnel through a simple installation, you can get the Linux provides a number of network services, such as domain name service, e-mail, anonymous FTP service, etc. At the same time, it also provides a graphics workstation with Xwindows system. Latest Linux7.2 full already have all the features of the Web server. In this, our company would like to combine their work experience, talk about the use of Linux on the other hand, is about to Linux as a router to connect two different network segments, and to configure the firewall to implement network access control and traffic statistics. If you want to make a Linux PC is equipped with a router function, first of all you want to make hardware configuration. Assumption that a Router PC is equipped with a Linux system, and equipped with two network cards, each card to connect a different network segments, this machine as a router between the two segments forward IP packets. In order to prevent two network cards interrupt conflict, there is a need for the network card driver interrupts are set to different values. Our company, in practice it, and the i/o address respectively to: 3, 4, 0x300H and 0x320. Hardware configuration is complete, you also need the software to do the appropriate configuration. In a typical installation mode, the Linux system does not have the router functionality, you must reinstall the Linux kernel. To Slackware version of Linux as an example, the process of reconfiguring kernel is 1. # cd/usr/src/linux/* target into the Linux source code */2. # makeconig/* compile options configuration */in this step, the system will provide some of the compile process for users depending on the option to own actual situation to select. For options that cannot be determined, the user can select the system default. In the network portion uncompiled asks, the prompt appears: networkfirewall [y/n/N]? /* Kernel supports firewall */... TCP/IPnetworking[n/y/Y]? /* Host is connected to a TCP/IP network */IP: forwarding/gatewaying [n/y/Y]? /* Host forwarding database or as a gateway */... IP:firewalling[y/n/N]? /* If in a TCP/IP network settings in the firewall */IP: firewallpacketlogging [y/n/N]? /* Whether or not the registration packet on the firewall */... IP:accounting[y/n/N]? /* Whether or not the packet billing */IP: optimizeasrouternothost [y/n/N]? /* If the host is set to router */... IP:multicatsroutig[y/n/N]? /* Router is routing information to a foreign broadcasting */because we want to make this host is configured as a router, and firewall, so these options unified selected "y". 3. # makedep/* compile under compile option to do before the preparatory work */4. # makezlmage/* start compiling kernel and named the compiled kernel filename is zlmage */compiled kernel in "/usr/src/linux/arch/i386/boot" directory. Backup the original kernel in the system, the user can copy that file to the root directory, and renamed the vmlinuz ", run the" lilo ", making it the next time you start to take effect. Reconstruction of the kernel, the two network cards set of TCP/IP section to enable them to effectively connect two different network segments, and in two segments for the forwarding of IP packets. Setup steps as (one of the parameters as shown in the figure): 1. for NE2000-compatible network cards, modify "/etc/rc.d/rc.modules" file; /Sbin/modprobeneio = 0x300, 0x320/* identify two network cards */2. modify the "/etc/rc.d/rc.inetl" file, set the network adapter's IP address, mask and two network cards-routing information; IPADDR = "202.207.0.27" NETWORK = "202.207.0.0" BROADCAST = "202.207.0.255" IPADDR1 = "202.207.7.2" NETWORK1 = "202.207.7.0" BROADCAST1 = "202.207.7.255" NETMASK 255.255.255.0 "/sbin/ifconfigeth0 =" $ {IPADDR} $ {BROADCAST} broadcast netmask $ {NETMASK}/sbin/ifconfigeth1 $ {IPADDR1} $ {BROADCAST1} broadcast netmask $ {NETMASK} $ {NETWORK}/sbin/routeadd-net netmask $ {NETMASK} et0/sbin/routeadd-net $ {NETWORK1} netmask $ {NETMASK} et1 3. modify the file, open the/etc/rc.d/rc.inet2 "RoutedServer", so that it canAnd other routers exchanging routing information, and to forward IP packets. # # StarttheRoutedserver if [-f $ {NET}/routed]; ten echo-n "routed" $ {NET}/routed-g-s/* start the program */I 4. in the "file/etc/lilo.conf add one line to enable it at boot time to identify a second network adapter. Append = "ether = 0, 0x320, etl" after completing the above setup, restart the computer, the system will recognize the two network cards, and follow the instructions in the/etc/rc.d/rc.intel "file by following the instructions in the IP address of the NIC, and then sets the mask. After startup is complete, as root root identity into the system, type the following command can be seen on the network card and route information. # Ifconfig/* display the card details */# route/* display the system routing table */our company has a corporate room LAN PC through Linux router touches with local education network, and further through local education network into the Internet. In addition, the author also at Linux Firewall is configured on the router. Practice shows that the firewall is an effective control of the company's internal staff on illegal access, IP address and successful record of each IP address of network traffic, to billing and network management provides. Linux firewall configuration can be done by simple commands one by one, or you can write a shell program to the system startup directory automatically. The command format is very simple, for example: # ipfwadm-A/* for all packets by the router for billing */# ipfwadm-I-aaccept-S162.105.0.0/16/* accept messages from all packets 162.105.0.0 network */# ipfwadm-I-adeny-S159.226.0.0/16/* throw away from all the packets 159.226.0.0 network/# ipfwadm-O-areject-S210.32.0.0/12/* lost to all packets 210.32.0.0 network, and send a reject message to the requester */configure user may act according to the actual need for firewall configuration, in order to achieve the desired effect. Or security brokers help completing the security configuration.Redhat Enterprise version of Linux tape drive simple operations
4. read data tarxvf <要读取的文件名>/dev/st0, first before reading the data view content on tape, gets the name of the file you want to restore.
For example, view the results from the following: root @ dev131/root] # tartvf/dev/st0-rw-r--r--root/root3202006-12-0109: 29: 02 test1.tar.gz-rw-r--r--root/root3202006-12-0109: 30: 14 test2.tar.gz-rw-r--r--root/root3202006-12-0109: 44: 19 test3.tar.gz root @ dev131/root] # will resume its test3.tar.gz file, perform the following command: tarxvf/dev/st0test3.tar.gz after reading data. Root @ dev131 ~] # tarxvf/dev/root @ st0test3.tar.gz test3.tar.gz dev131 ~] # then you can find the current path is read from the tape out of the file: root @ dev131 ~] # ls-ltest3.tar.gz-rw-r--r--1rootroot320Dec111: 12 test3.tar.gz root @ dev131 ~] # this recovery operation is completed. Through the above described the tar command, use a tvf/cvf/rvf/xvf parameters, can be realized on tape read and writes. Use pre-written replication data scripts, with the tape drive operation command and placed into/etc/crontab, for automatic backups.Use Linux Shell only the updated files for backup
Find/opt/dir/-ctime-5-print > backuplistvibackuplist to only backup files, you need to delete the directory, and then do one of the compressed backup: tarczfbackup.tar.gz-Tbackuplist # tar-czfbackup.tar.gz-Tbackuplist # tar-c-T/tmp/filelist-f/dev/nrsa0
Use UltraVNC help you easily remote computer
A reference to the remote control software, we would expect prices expensive PCAnyWhere and it cumbersome features.
In fact, there is now a very good UltraVNC is won the author's favorite (VNC is VirtualNetworkComputing), it's not only small, still free! to UltraVNC is installed on the local computer, you can remote control the world their own computer. UltraVNC small archival software version: 1.0.10 software size: 829KB software properties: freeware application platform: WindowsXP/2000/NT 9x/a, installation is simple--you can download from http://ultravnc.sourceforge.net by its latest version, UltraVNC post-installation both server side and client-side and therefore need to be a remote operation of the computer and the operation of the computer, install it. From the Publisher CD download and open cUltraVNC.exe, choose Setup language as "Chinese (Simplified)", and accept the agreement. In the selected components dialog box, be sure to select "Chinese (Simplified) installation type", check the components you need to install (recommend all tick), to complete the installation. Second, set up simple 1. charged once and for all (server) end settings after the installation is complete, the taskbar will have VNC icon appears, and displays the IP address of the local computer, as shown in Figure 1. Double-click the VNC icon that will appear as shown in Figure 2, "" UltraVNC: CurrentUserProperties (current user properties) dialog box, set the passwords behind one set of password, as the logon password for the remote control, you can avoid illegal control over others. Figure 1 figure 2 2. Control (customer)-sets the step one: remote operator simply run "start → programs → UltraVNC → VNC Viewer" will open a VNC Viewer, in the pop-up "connection" dialog box of the VNC server followed by the required remote computer name or IP address, depending on the scenario chosen following "quick option" inside connection, as shown in Figure 3, click "connect" button to start the connection. Figure 3 step 2: then displays the connection status window appears, displaying "PasswordRequested", then pops up a VNC authentication dialog box, in the "password" during a connection filled your settings later, as shown in Figure 4, click the "login" button, you can successfully connect to and you can remote control, as shown in Figure 5. Figure 4 figure 5HT Editor--executable file editor
HTEditor is a terminal with hex editor, for executable files, such as the familiar ELF, PE, provides special viewing and editing capabilities.
You can view the executable original hex data, or you can let HTEditor help you resolve issues such as ELFheader, subparagraphs address, external symbols and other information, and you can directly modify these information, let HTEditor help you update to the executable file. Similarly, in disassembly mode, you can directly edit orders, search string, or value special. Detailed instructions can refer to the official document: HTEditor http://hte.sourceforge.net/doc.htmlLinux-based Webmail implementation
Summary: the purpose of this article is by applying the Linux system integration network services and applications, rapid implementation of Web-based e-mail system.
The author just ordinary Linux enthusiasts, try to have learned a little Linux knowledge in an integrated application that wishes to be inspiring for us. Free Webmail is generally provided by the ISP a service, its greatest advantages is the convenient, users only need to pass the browser will be able to complete the mailbox to send messages, applications, and receive e-mail and other features; also, due to the emergence of Webmail, greatly improving the ISP access number of the site, improve site visibility, therefore it is a good thing to have it both ways. However, the bulk of the Webmail server as its system complexity and reliability requirements, prices are more expensive, not very suitable for Intranet environments. Linux as a good network operating system, it releases integrated a lot of network application software, such as the Web server (apache), FTP server (wu-ftp), mail server (sendmail + imap4), SQL database (postgresql), and so on, you can quickly build an intranet environment, and also have exquisite e-mail program (metamail) and powerful Web server-side development tools (PHP3). When you configured sendmail and activate your imapd, Linux users can use Outlook, and other client software to send and receive e-mail, so that they are centralized application, you can implement a simple Webmail server functionality. 1. the main features of Webmail and we use: apply for: 1, mailbox using PHP3 in exec execute as root and the edquota command useradd build system users and set user disk quota, and the user are saved to the postgresql user table, an application to the email address will? A HREF = "mailto: username @ domain form. If you only want to provide users with the functionality of the Web application for mailbox so that they can use Outlook, mail client for message processing, the purpose has been met. "> Form username @ domain. If you only want to provide users with the functionality of the Web application for mailbox so that they can use Outlook, mail client for message processing, the purpose has been met. 2. edit a message: use the HTML form to construct an edit field, and take advantage of the Netscape3 support IE4 and "file" type, with e-mail attachment upload feature. 3. send mail using PHP3 in exec Execute metasend provide forwarding to send mail-encoding and. 4. receiving mail: using PHP3 in powerful imap support function set for message data receiving and decoding as well as the management of your Inbox and the message attachment is split into a temporary file in the directory for anonymous access, ftpd, and descriptive information using attachments generated hyperlinks to facilitate client download. 5. account management: using PHP3 in exec Execute command passwd and deluser user's password change and delete functions for the mailbox. 2. the following are instructions for the above functionality of specific methods and considerations. 1. support for the imap and postgresql for PHP3 module compilation we use RedHat5.1 does not include PHP3 support, and General PHP3 execute package has no imap support compiled in advance, to fully use this excellent Web server-side development tools, it is best to download the source, on wwwphp.net actually it is very delicate, not to total as a 2M 150,000 site use approved (PHP3 help documentation of statistical data) and in the Linux world, the award-winning software and its source code should be all publishers have selected. Thanks, PHP3 IMAP support needs c-client library and related header files, so you should unpack the imap4 source program packages compiled. Note When you use imap4 compilation makelnx generated Makefile file might not be discovered in the crypt, you only need to connect library options plus lcrypt. General description of the source files to compile error, mostly because the Makefile file in the Directory include or lib and does not match the local directory. 2. upload support attachment (attachment) is an important part of the message, the client of the file to be uploaded to the server-side processing, require the client's browser and the server has support. In PHP3 's help documentation on upload processing instructions and examples, and IE4 and Netscape has very good support for this feature, but unfortunately we don't have any books on HTML see similar introduction. 3. Introduction to Linux environment metasend general use of e-mail is mail, but it does not support the MIME encoding, and cannot be set to send addresses the needs of the unfit for Webmail. Metasend is a support MIME standard email program, and you can set the sending end users address and encoding, very suitable for shell commands, it is included in the metamail package, only 15K. Directly use it as a back-end of Mailer, realize the MIME encoding can effectively reduce the complexity of the program. Since PHP3 can quickly process form data, and use of exec-The external program with the system, therefore, the effective use of Linux application software provided by a large number of combined with flexible input and output redirection as a CGI program is a simple method, and this is also a large number of characters in a Linux system interface or command line handler's strengths. 4. email attachment downloads due to browser limitations to local file system write feature to download files in the most natural way is via the browser directly using FTP for anonymous access. Since Linux system integrates wu-ftpd, so the message's attachment to the way in which temporary files are placed in ftpd's anonymous access subdirectory, and only allow write nobody, and server-side in the display message information when you use headers in annex describes information generated hyperlinks to simple and natural solution to this problem. 5, PHP3 in IMAP and introduction to postgresql support PHP3 is actually a Web server and a large number of C library functions as an intermediary layer, and handle the form submission data capacity for expansion, in addition, it also has a similar style and C, so it can be simple and efficient realization of complex features. PHP3 contains 38 on imap provides support functions, these functions are based on the IMAP4 protocol standard customer development library support, its functionality and efficiency is completely reliable and guaranteed to use these functions you can quickly connect imapd, verify the address and receive mail, e-mail, decoding the message split, manage mailboxes, etc. We put postgresql database is primarily used to authenticate users and to track user-generated temporary file, the function is relatively simple, but thanks to the SQL-based database in handling concurrent access on it without worrying about conflicts. PHP3 support many database systems, of course need to have their Linux-based C development library and header files, postgresql as integrated in the distribution of SQL database with object-oriented and the psql client very friendly nature becomes preferred. PHP3 provides 32 postgresql support function, and there is plenty of documentation and examples to implement Web database is not difficult, the main attention in each table to nobody for authorization. PHP3 with almost no database access using ODBC, instead of directly using the database provided by the developer library, but it uses a similar format, the same function call. PHP3 document some parts of the return value type is wrong, just a little test before use, the following can be avoided. 6. sendmail configuration of sendmail is widely used by the mail transport system, its history and powerful, but configuration is more complex. However, you can use linuxconf start its basic functionality. Note that many mail servers, DNS MX records play critical role in your DNS for each domain is given a clear MX records. Sendmail with linuxconf configuration choose not immediately transmitted messages and short queue processing time to reduce the client as input the wrong e-mail address appears, moreover, directly edit the/etc/rc.d/init.d/sendmail set a short timeout time conducive to improving the efficiency of the Intranet environment. In fact, understanding of the functionality provided by sendmail is to establish a powerful messaging system. 7, security considerations, because our Webmail system is Linux system users, to ensure the security, does not confer the right to log on directly, that is, specify a shell that does not exist. As in create user, modifying passwords, delete account use the root account, so you need to hide the password file, it is best to cancel the telnet service or to set up a trusted host. For the system to the original account, not as a webmail user account to avoid an error result Webmail key information is missing. Because the message system is intended for multiple users, so you must provide a disk quota control, and shorten the time limit in the upload file note set its file transfer maximum length. At the same time, in order to prevent the user to quit, but you cannot delete the generated temporary file, you can set for root cron tasks on the expiration of a temporary file for processing. Disable nobody and FTP account (default) 8, performance optimization and if you find that your Webmail is overloaded, you can put the integrated database (postgresql), domain name server (named) and Web server, they can be accessed over the network. Similarly, you can put user across multiple mail servers meet the needs of users, after all, Linux is a lower and very cheap system. In addition, you can open the source code, reference metasend directly using PHP3 implementation messages sent directly to avoid calling a SHELL program, should be able to improve performance. Similarly, you can use Mysql replace postgresql. The above simple describes our Webmail implementation methods and considerations, this is just our Linux system understand very superficial situations of simple solutions, and not from the point of view of system performance, with careful and do not represent the Linux as a real strength of the network system, we just simple and convenience on thinking, because we feel quickly achieve its basic features that help us better learning and using Linux. However, we are deeply aware of Linux system and its integration of a large number of software's charm and strength, similarly deeply appreciate it to our own thinking and solving problems caused by change, it gives us more choices. Indeed, it's already far exceeded our expectations.Linux TCP keepalive property view
TCP is a connection-oriented, in practice often need to test whether the connection is also available if not available, can be divided into: a. connections on duanzhengchang close .b. connections on the side of a non-graceful shutdown, this includes on-device power-down, a program crash, the network is interrupted, and so this is no longer notice-to-end, so the connection is persistent, waste of national resources .tcp protocol stack has a keepalive property, you can proactively detect socket is available, however this property is the default value is very large. global settings you can change the/etc/sysctl.conf, plus: net.ipv4.tcp_keepalive_intvl = 20net.ipv4.tcp_keepalive_probes = 3net.ipv4.tcp_keepalive_time = 60 in the program settings are as follows: # include # include # include # include # includeintkeepAlive = 1;//open the keepalive property intkeepIdle = 60;//if the connected in 60 seconds with no data exchanges, for detecting intkeepInterval = 5;//when the contract of detection interval is 5 seconds intkeepCount = 3;//number of attempts to detect if the 1st detection package will receive a response, then after 2 times lose fat .setsockopt (rs, SOL_SOCKET, SO_KEEPALIVE, (void **) & keepAlive, sizeof (keepAlive)); setsockopt (rs, SOL_TCP, TCP_KEEPIDLE, (void **) & keepIdle, sizeof (keepIdle)); setsockopt (rs, SOL_TCP, TCP_KEEPINTVL, (void **) & keepInterval, sizeof (keepInterval)); setsockopt (rs, SOL_TCP, TCP_KEEPCNT, (void **) & keepCount, sizeof (keepCount)); in the program performance is detected when the tcp socket to the client is no longer available (not detecting packet, or the exploration package did not receive ACK response packet), the select returns the socket is readable, and recv returns-1 when, at the same time reset errno as ETIMEDOUT on.
To add a hard drive ubuntu virtual machine and shortcuts
Just starting to build virtual machine time, the capacity is set to no 8Gb, then a few days, there will be no place, depressed! checked, there are several ways you can increase the disk capacity, one is: virtual machine following that what .exe can increase, but I had no success!, is to remount a hard disk: method as follows: 1 in Ubuntu Vmware virtual machine in close, in settings, add a new hardware device, select the HardDisk.
(If you do not close the ubuntu system will not be able to add a new hardware device) then click Next, select the hard disk type, you can select the IDE or SCSI, here we select the SCSI, the next step, select the location of the virtual new hard disk, we will be named Ubuntu2.vmdk, next, set the size of the hard disk, I here set to 5G and select Allocatealldiskspacenow, uncheck this item, in the beginning, the relatively small hard drive, but as the hard disk read/write access to virtual hard disk file is growing. Select the item, the virtual hard disk is set as the selected 5G space, will no longer increase. After that, click Finish to begin creating a new hard drive. 2 start Ubuntu, root user login. Enter in Terminal: fdisk-l, can see----------------------------------------------------------------------------Disk/dev/sda: 10.7GB, 10737418240bytes255heads, 63sectors/track, 1305cylindersUnits = cylindersof16065 * 512 = 8225280bytesDiskidentifier: 0x000af383DeviceBootStartEndBlocksIdSystem/dev/sda1 * 112449992398 + 83Linux/dev/sda212451305489982 + 5Extended/dev/sda51245130548995182Linuxswap/SolarisDisk/dev/sdb: 5368MB, 5368709120bytes255heads, 63sectors/track, 652cylindersUnits = cylindersof16065 * 512 = 8225280bytesDiskidentifier: 0x00000000Disk/dev/sdbdoesn'tcontainavalidpartitiontable----------------------------------------------------------------------------here you can see/dev/sdb is our newly added hard drive, we need to give the new hard disk partition. Enter in Terminal: fdisk/dev/sdb After type: m, you can see the help information, type: n, add a new partition type: p, select Add main partition type: l, select primary partition number 1 so that after the creation of primary partitions fdisk for sdb1, will let you choose the partition's starting and ending values, directly return finally type: w, save all and exit to complete the new hard disk partitions. 3 formatting disks in Terminal input: mkfs-text3/dev/sdb1 ext3 format used to format a 4/dev/sdb1 mount the partition: manually mount: enter in Terminal: mkdir/data, create a new hard drive mounting points on the terminal type: mount/dev/sdb1/data, mount the new partition to the directory on/data/automount modify/etc/fstab file, add the following line:/dev/sdb1/dataext3defaults, 01To the socket address given in the clarification of the concept
First of all as time goes on, I will keep adding to it inside, know I think it should end.
This document is a summary of my learning, so if someone has a part to letter pointed out that one of the error or not, that I'm grateful to tears in the rain. I assume that the reader already for socket connection establishment process and various state transitions are more familiar with, for the purpose of this document is to clarify concepts instead introduces concepts. When you use socket programming, we all know that network traffic before it is first necessary to establish the connection, the connection establishment is done by some of the socket operation. Then, make the connection process can roughly be divided into the following steps: 1. establishing socket Sockets. 2. to the socket address, the address given is not the usual concept of a network address. 3. establish a socket connection. 1. establishing socket socket with socket socket, we actually created a data structure. This data structure is the most important information is specified by connection type and use of the protocols, there are also some connection queue operations structure field (this does not involve them first). When we use the socket function later, if successful, returns an int type descriptors, it points to a front that is maintained in the kernel data structure in the socket. Our action is through this descriptor and the role to the data structure. This is just like us in the creation of a file from a file descriptor of the file operations are carried out by file descriptor instead of directly to the inode data structure. I used a file descriptor, for example, because the socket data structures are and inode data structure are closely related, it is not a separate exists in the kernel, which is located in a VFSinode structure. Therefore, there are some of the more abstract properties, we can use file operations to inappropriate for analogy to deeper understanding. As mentioned earlier, when the socket has been established, we can get a file descriptor that socket descriptor. As we operate on file, we can write data inside the socket will specify data to the US, this place can be a remote host, or it can be a local host. If you are interested, you can also use socket mechanism to achieve the efficiency of the IPC, but is relatively low, try it on the line (I have not tried). 2. to the socket address given in accordance with the purpose of establishing socket, gives the socket address in two ways: server-side use bind, the client uses connetc. Bind: we all know that as long as you use IP, prot can distinguish between a tcp/ip connection (of course this connection is a connection channel, if you want to distinguish between the specific connection between the host, you need a third property hostname). We can use the bind function to use for a server-side routines in the socket address of the given communication and port. Here we call communication of IP addresses and ports together to form a socket address, and specify a socket to use specific IP and port combinations for the passage of the process is given an address of the socket. To give the socket address, you have to use a data structure to indicate the specific socket address, this data structure is structsockaddr. On its use and I do not say, because this document aims to clarify the concept rather than a description of how to use it. The role of the Bind function is this particular socket marked address information for the data structure and socket socket, that is, given an address of the socket. But in the concrete implementations, how did the two of them together, I do not know. A specific socket address lifetime is bind successful after the connection is disconnected. You can build a socket data structure and socket address of the data structure, but not before they bind the two are not related to bind two later they have a relationship. This relationship has been maintained to the connected end, when a connection ends, the socket data structure and socket address data structures also exist, but they have no relationship between the two. If you wish to use this socket on the socket address when connecting, you bind the two of them. Then specify a time, I said in this connection is a connection channel, instead of a specific host. Bind specified IP are usually local IP (generally not specifically designated, but use INADDR_ANY declared), but the most important role is to specify the port. On the server side of the socket to bind future is listen to the socket address ready to connect. Connect: for clients that do not use bind (and not cannot be used, but no significance), they will build by connet function socket and socket address. The socket address of which is that it wants to connect to the server-side socket address. In the connect to establish socket and socket address relationship at the same time, it is also trying to establish a remote connection. 3. establish a socket connection is ready to establish a connection to the server-side in two steps: bind, listen; client a step: connct. If you accept a connect on the server side, and the client got the confirmation that accept, then a connection is established.On Arm Linux interrupt Vector vector table creation process
Linux memory management with the mmu, arm of interrupt what? and we interrupts on bare Board has no difference? let us start from the source code, do a rough analysis: init/main.c-> start_kernel ()->//-----------------------------------------------1.trap_init trap_init () () function is located in//gliethttp arch/arm/kernel/traps.cvoid__inittrap_init (void) {externvoid__trap_init (unsignedlong); unsignedlongbase = vectors_base ();//returns base address 0xfff0000__trap_init interrupted base (base);//the base to the base address, initialization vector interrupt vector table if (base! = 0) printk (KERN_DEBUG "Relocatingmachinevectorsto0x% 08lx\n", base); # ifdefCONFIG_CPU_32modify_domain (DOMAIN_USER, DOMAIN_CLIENT); # endi}//gliethttpinclude/arch/asm-arm/proc-armv/system.externunsignedlongcr_alignment//--------------------------------------2.vectors_base (); # if__LINUX_ARM_ARCH__ > = 4//at91rm9200 is armV4 structure # definevectors_base () ((cr_alignment & CR_V)? 0xffff0000: 0) # else # definevectors_base () (0) # endi can see ARMv4 following version, the address is fixed to 0; ARMv4 and above versions, arm and the address of the interrupt vector table by CP15 c1 coprocessor register V bits (bit [13]) control, v, and the interrupt vector table of correspondence between the following: V = 0 ~ 0x00000000 ~ 0x0000001CV = 1 ~ 0xffff0000 ~ 0xfff001C//------------------------------------------2.1cr_alignment//gliethttparch/arm/kernel/entry-armv.SENTRY (stext) movr12, r0movr0, # F_BIT | I_BIT | MODE_SVC @ makesuresvcmodemsrcpsr_c, r0 @ andallirqsdisabled//__lookup_processor_type query processor type, [glietttp up later <浅析head-armv.s>] returns the value//2007-07-04//r9 = processorID//read the c0 cp15 registers//r10 = pointertoprocessorstructure//the following will addpc, r10, # 12, jump to __arm920_setup//gliethttp in vmlinux-armv.lds.in//__proc_info_begin =.;/
/*(.proc.ino)//__proc_info_end=.;/ /See 2.2bl__lookup_processor_typeteqr10, # 0 & nbsp @ invalidprocessor? moveqr0, # ' yes, error'p'beq__errorbl__lookup_architecture_typeteqr7 p' @, #, 0, & nbsp @ invalidarchitecture? moveqr0, # ' a' @ yes, error'a'beq__error//create temporary __create_page_tables arm start using front page table bl__create_page_tablesadrlr 4M, __ret @ returnaddressaddpc, r10, # 12 & nbsp @ initialiseprocessor.type__switch_data,% object__switch_data: .long__mmap_switced.longSYMBOL_NAME (__bss_start) .longSYMBOL_NAME (_end) .longSYMBOL_NAME (processor_id) .longSYMBOL_NAME (__machine_arch_type) .longSYMBOL_NAME (cr_alignment) .longSYMBOL_NAME (init_task_union) + 8192/** EnabletheMMU.Thiscompletelychangesthestructureofthevisible * Ifyouhaveanenquiryaboutthis memoryspace.Youwillnotbeabletotraceexecutionthroughtis. *, * please * checkthelinux-arm-kernel * mailinglistarchivesBEFOREsendinganotherposttothelist. */.type__ret,% function__ret: ldrlr, __switc_datamcrp15, 0, c0, c1, r0//put __arm920_setup value set r0, place the cp15 c1 coprocessor register mrcp15, 0, c0, c1, r0, 0 & nbsp @ readitback.movr0, r0//fill the armv4-line: movr0, r0 corresponds to a nop, so the corresponding 2 nop and a movpc, lr just three "useless" operation movr0, r0movpc, lr//jump to __mmap_switched function gliettttp/** ThefollowingfragmentofcodeisexecutedwiththeMMUon, anduses * absoluteaddresses; thisisnotpositionindependent. ** r0 = processorcontrolregister * r1 = machineID * r9 = processorID */.align5__mmap_switced: adrr3, __switch_data + 4ldmiar3, {r4, r5, r6, r7, r8, sp @ r2 = compat//2007-07-04glietttp//r4-r5 ~ __bss_start//_end//r6-r7-processor_id//__machine_arc_type//r8 ~ cr_alignment//sp ~ (init_task_union) + 8192//the following step, the processor_id, __machine_arch_type cr_alignment assignment glietttpmovfp, # 0 & nbsp @ ClearBSS (andzerop) 1: cmpr4, r5//bss area Ching 0strccfp, [r4], # 4bcc1bstrr9, [r6] & nbsp @ SaveprocessorIDstrr1, [r7] & nbsp @ Savemachinetype # ifdefCONFIG_ALIGNMENT_TRAPorrr0, r0, # 2 & nbsp @ ...........A. # endibicr2, r0, # 2 & nbsp @ Clear'A'bit//r2 storage disable TRAP queue failure after r0 value//r8-> cr_alignment, stmiar8 cr_no_alignment//so, {r0, r2}, cr_alignment = r0, cr_no_alignment = r2stmiar8, {r0, r2} & nbsp @ SavecontrolregistervaluesbSYMBOL_NAME (start_kernel)//enter the kernel C program//--------------------------------------2.2__arm920_proc_ino//gliethttparch/arm/mm/proc-arm920.S.section ".proc.info alloc", #, #, # execinstr.type__arm920_proc_info object__arm920_proc_ino://the address stored in the r10 .long0x41009200.long0xff00f0.long0x00000c1e @ mmulagsb__arm920_setup//addpc, r10, # 12gliethttp will keep the CPU execution b__arm920_setup jump instruction .longcpu_arc_name.longcpu_elf_name.longHWCAP_SWP | HWCAP_HALF | HWCAP_TUMB.longcpu_arm920_ino.longarm920_processor_functions.size__arm920_proc_info, .-__arm920_proc_ino//----------------------------------------2.3__arm920_setup.section ".text.init", # alloc, # execinstr__arm920_setup: movr0, # 0mcrp15, 0, r0, c7, c7 @ invalidateI, Dcachesonv4mCrp15, 0, r0, c7, c10, 4 & nbsp @ drainwritebufferonv4mcrp15, 0, r0, c8, c7 @ invalidateI, DTLBsonv4mcrp15, 0, r4, c2, c0 @ loadpagetablepointermovr0, # 0x1f @ Domains0, 1 = clientmcrp15, 0, r0, c3, c0 @ loaddomainaccessregistermrcp15, 0, r0, c1, c0 @ getcontrolregisterv4/** Clearout'unwanted'bits (thenputtheminifweneedtem) *///gliethttpr0 unit coprocessor cp15 storing a c1 register values, the following code to the value for processing & nbsp @ VIZFRSBLDPWCAMbicr0, r0, # 0x0e00//Ching 0bit [9 ..11] bicr0, r0, # 0x0002//Ching 0bit [1] bicr0, r0, # 0x000cbicr0, r0, # 0x1000 @ ...0000.....000./** Turnonwhatwewant */orrr0, r0, # 0x0031//bit0 = 1 enabling mmuorrr0, r0, # 0x2100 @ .. 1 ....1..11...1//bit13 = 1 interrupt vector table base address for 0xFFF0000 # ifndefCONFIG_CPU_DCACHE_DISABLEorrr0, r0, # 0x0004 @ .............1 .. # endi # ifndefCONFIG_CPU_ICACHE_DISABLEorrr0, r0, # 0x1000 @ ...1 ... ... ... ... # endimovpc, lrReinforcement of the Linux server trick
Limit network access 1.NFS access if you use the NFS network file system service, you should make sure that you have the most stringent/etc/exports access permission settings, which means that do not use any wildcard, write permission does not allow root and can only be installed to read-only file system.
Edit the file/etc/exports and join the following two rows. /Dir/to/exporthost1. mydomain.com (ro, root_squas)/dir/to/exporthost2. mydomain.com (ro, root_squas)/dir/to/export is what you want to output directory, this directory is login host.mydomain.com machine name, ro means that mount into a read-only system, write the root_squash prohibits the root directory. In order for the changes to take effect, run the following command. #/Usr/sbin/exportfs-a2.Inetd set first to confirm that the owner of the/etc/inetd.conf is root, and the file permissions set to 600. Setup is finished, you can use the "stat" command to check. # Chmod600/etc/inetd.con then edit/etc/inetd.conf to prohibit the following services. Ftptelnetshellloginexectalkntalkimappop-2pop-3fingeraut if you installed ssh/scp, you can also prohibit off Telnet/FTP. in order to make the change to take effect, run the following command: # killall-HUPinetd by default, most Linux system allowing all requests to use TCP_WRAPPERS enhanced system security is a little effort, you can modify the/etc/hosts.deny and/etc/hosts.allow to increase access restrictions. For example, the/etc/hosts.deny is set to "ALL: ALL" can default deny all access. Then add in the/etc/hosts.allow file allows access. For example, the "sshd: 192.168.1.10/255.255.255.0gate openarch.com" that allows the IP address 192.168.1.10 and hostname gate.openarch.com allow SSH connections. Once configured, you can use the tcpdchk check: # tcpdcktcpchk is TCP_Wrapper Configuration Checker that checks your tcpwrapper configuration and report all discovered potential/existing problems. 3. log into the Terminal settings/etc/securetty file specifies that allow root logins of tty equipment, read by/bin/login program, its format is a list of the names are allowed, you can edit/etc/securetty and comment out the following line. # Tty1 # tty2 # tty3 # tty4 # tty5 # tty6 at this time, the root is only available at tty1 Terminal login. 4. avoid display system and version information if you want the remote login user system, and version information, can change the/etc/inetd.conf file: telnetstreamtcpnowaitroot/usr/sbin/tcpdin.telnetd-plus-h for telnet does not display system information, but merely show the "login:". Prevent attack 1. prevent ping if nobody can ping through your system, the safety of natural increase. To do this, you can add in/etc/rc.d/rc.local file is the following line: echo1 >/proc/sys/net/ipv4/icmp_echo_ignore_all2. prevent IP spoofing edit host.conf file and add the following line to prevent IP spoofing attacks. Orderbind, ostsmultiofnospoofon3. preventing DOS attacks on the system, all of the user to set resource limits can prevent DOS type attack. If the maximum number of processes and memory usage, etc. For example, you can add in/etc/security/limits.conf as follows several lines: * hardcore0 * hardrss5000 * hardnproc20 then you must edit/etc/pam.d/login file checks the following line exists. Sessionrequired/lib/security/pam_limits.so above command against the debug file, limit the number of processes is 50 and the limit memory usage to 5MB. following the above settings, your Linux server can be on the vast majority of known security issues and network attacks with immunity, but a good system administrator still should always pay attention to network security, at any time has been revealed and potential security vulnerability patch.
Subscribe to:
Comments (Atom)