Help WordPress station were built based on Ubuntu local testing environment, the way to the WP friends recommended under Ubuntu Linux operating system open source this super-help build local Ubuntu fans Apache2 + Ubuntu + PHP5.1.6 + MySQL5.0.24a environment, so that you can do what you want to do work, if you want to build the site, by the way recommended by WordPress this open source super blog procedures-webmaster should have an experience when you develop a good website to upload files to server, later if you make changes to the layout or module, you must change the content uploaded on the server, there is a problem, you changed the test work do? can't modify, side while passing the test on the? if you change the error, add your site traffic is good, will scare innocent people to the site has had a negative impact on the image, the best solution is to build a WordPress locally on Ubuntu in a test environment, so that you can solve the above problem.
Closer to home, here's how to make WordPress for said in the run up on Ubuntu: [Apache2 + Ubuntu + PHP5.1.6 + MySQL5.0.24a] reference: NetworkAdvancedSerivce-UbuntuChinaWiki1, install Apache2 + PHP5 + MySQLsudoapt-getinstallapache2libapache2-mod-securitylibapache2-mod-php5php5php5-gdmysql-serverphp5-mysqlphpmyadmin2, configure php.inisudogedit/etc/apache2/php5/php.ini if not following this sentence or a comment, add this sentence or cancel previous English semicolon ";" Extension = mysql.so3, configure apache2.con sudogedit/etc/apache2/mod_rewrite module loaded apache2.con, adding the following statement: LoadModulerewrite_module/usr/lib/apache2/modules/mod_rewrite.so mod_deflate module is loaded, add the following statement: LoadModuledeflate_module/usr/lib/apache2/modules/mod_deflate.so what modules need to be added, remember they are/usr/lib/apache2/modules/here.Wednesday, January 26, 2011
Let WordPress in Ubuntu on the run
Do you have, and I've got — let Linux use more exciting
Linux users may be very envious of Windows, because Windows has a lot of useful applications, but these software in their view it is not under Linux.
In fact, Linux is also a lot of very nice application, if you used, you may never want to see those ugly under Windows ... The author is using RedhatLinux7.0, depending on your experience, gather and organize some excellent ForLinux applications, writing this article for your reference. Linux Word download http://download.linuxbyte.net/office/word/abisuite-0.7.13-gtk-rh7.0-1.i386.rom home page URL: http://www.abisource.com/dl_linux_intel.ptml computer word processing is the most commonly used function, although the RedhatLinux7.0 default in Gedit Kedit, editor, but is far from satisfying the needs of the Office. AbiWord is AbiSuite, developed by word processing software, completely follow the Word design. For a used Word, you can quickly learn its method of operation. When we open AbiWord, the familiar Word interface to imitated immediately appear on the front (Figure 1), it can be imported into Word97, Word2000 and rich text format file, you can insert .BMP, .PNG, etc., but also has a find and replace, unlimited recovery (undo) and spell checking, and so on. RedhatLinux7.0 package comes with version does not support such as Chinput3.1 Chinese input, so you must download the latest version, such as the author uses AbiWord0.7.13 can handle Chinese. More interesting is that if your GNOME has set as GB2312, it will display in the entire Chinese interface. AbiWord installation is easy, simply download the RPM Redhat7.0 Edition installation package, you can install it using GnoRPM. Comparable GTKSee3.0 download ACDsee people to be much more ftp://ftp03.softhouse.com.cn/download2/47387gtksee-0-3-0-tar.gz home page URL: http://www.zg169.net/~hotaru/gtksee/index_en.html ACDsee I think we all used it, it's Windows platform the most famous image browser, Linux also have a similar software GTKSee. It consists of people of homegrown image browser software. Its interface and functions exactly the same as with ACDSee (shown in Figure 2, 3), as long as you use ACDSee will use GTKSee. It is powerful, not only support Linux commonly used image formats and also supports the Windows common image formats such as .JPG, .BMP, .GIF, and other common image. Displays image from GTKSeeBrowser and GTKSeeViewer composed of two parts. GTKSee because there is no RPM package for download, so you can only download the tar source code package, as regards the installation, simply perform the following steps: tarzxvf47387gtksee-0_3_0_tar.gz cdgtksee-0.3.0./configure make makeinstall Balse1.1.2 download http://www.linuxeden.com/download/downfile1.php?softid=103 home page URL: http://www.balsa.net/main.html in Linux the most commonly used mail processing software to count the Kmail under KDE. However, I want to assure you recommend is similar to the Windows mail client Foxmail software Balse (fig. 4). It is based on the software, support GNOME1.2 POP3 and IMAP protocol, SMTP mail support and when the local MTA (sendmail/qmail), using multiple threads to receive and significantly speed up the delivery speed. Also supports spell checking, reading MSOutlook format letter functionality. Installation method is also very simple, download the RPM installation package RedhatLinux7.0 Edition, using GnoRPM to install. Linux also has "kingsoft" download URL: http://www.linuxbyte.net/showsoftd.php?id=127 home page URL: no sorry, my English is not very good, when using Linux are often used in English to Chinese dictionary. In order to be able to make it easier to use, I find from the Internet (1) of the people develop interstellar translation Wang forLinux English-Chinese dictionary (as in Figure 5, 6). This English-Chinese dictionary, the functionality is similar to the Windows of kingsoft, in addition to the commonly used input query, but also has mouse check function word. Its installation is simple, you just have to download the tar package stardic untied, do. Wind page design essential Screem0.4.1 download http://download.linuxbyte.net/office/editor/screem-0.4.1.Tar.gz home page URL: http://www.screem.org Screem is a Web integrated development tools, support Chinese. Use the interface similar to Windows of Dreamweaver, integrated editing html files all the features you need, so that you can use to quickly build your own Web site (Figure 7). In addition to being able to display a different html ID, you can easily create Table, define the style sheet. At the same time also supports Plug-in features provide for future expansion interface! installation method: Screem because there is no RPM package for download, so you can only download the tar source code package, then install in the following way:./configure make su makeinstall exit Note: latest news, Screem has ForRedhat7 RPM package format, you can download and install. Antivirus software download-only option Linavx2.0.0 ftp://ftp03.softhouse.com.cn/download3/54675linavx-2.0.0-i386.shar home page URL: http://www.avx.ro/edownload/linux.htm Linux virus species although not up to the number of Windows, but with the programming technologies, more and more Linux virus will emerge. From a security perspective, I suggest you install LinavxforLinux software. It is a free anti-virus software, can be killing many Linux known viruses. Now we see how to install the download file Linavx extension name to shar, believe that the majority of my friends had not heard of, how to install? shar file is actually a can automatically run a script language (shellscript), since you can directly run script language, the installation should be very simple, direct running 54675linavx-2.0.0-i386.shar began Linavx installation. Once installed, please install file 54675linavx-2.0.0-i386.shar linavx.ini same directory to the directory the file copy under linavx-2.0.0 subdirectory, and then switch to linavx-2.0.0 directory, perform. future actions/linavx believe without me describe. Web browser extreme http://www.mozilla.org/Mozilla0.8.1ForLinux downloads home page URL: http://www.mozilla.org RedhatLinux7.0 comes with Netscape4.75, it not only on Chinese input support not perfect, but it doesn't show many pages, in order to be able to better surfing, I chose Mozilla0.8.1 browser. This browser has the reputation of Netscape, its latest version of the Chinese language support is quite good, but Netscape4.75 does not display properly in the Web pages that are using Mozilla0.8.1 well displayed. Installation method: after extraction, you can run. Finally, by the way, because it is a foreign company RedhatLinux7.0, so its default state is not a good support for simplified Chinese. If you want to install the software, and is used to handle Chinese, you must first be finished processing on RedhatLinux7.0. About localization issues, because not the scope of this article, please go to find related information.Linux Terminal operation of quick guide
Command in the terminal can use many of the commands.
There are really only when the script is used. Here are some you might use a command. Do not forget that all of the commands and options are case sensitive. -R and-r, to perform different actions. Terminal command almost all lowercase. Cd use we are familiar with the CD command to switch between the directories. A note on Linux using a forward slash (/) instead of the familiar backslash (\). The backslash is used to, but is used only to describe the commands needed to wrap, you can improve the readability of your order. Lsls command is used to list a directory of all the files. You can use many different switch changes the list representation: ls-l list files in long format, including file size, date and time, properties on the file to time ls-t sort ls-S sort on the size of the file to a sort switch ls-r and combined use, in reverse order. Ls-t up-to-the-minute file displayed at the top of the list. Latest ls-t will appear in the bottom of the file. Ls-h easy to read format. Use k, M, G, and so on to identify the size of the file, not in bytes. Ls-a show directory all files including hidden cp use cp command to copy the files. This command and DOS copy command Basic. Basic switch as follows: cp-R recursively copy files; when you need to copy the entire directory will be used to force replication cp-f and overwrite the existing file, do not ask the user links to files, cp-l instead of replication; see the instructions below use the mv command mv to move and rename files. This command works basically the move command in DOS, but it can move the entire directory structure and all the files. Cat using the cat command to view the contents of the file. It is equivalent to type commands in DOS. It will dump the contents of a file to another file, the screen or other commands. Cat is concatenate short, you can also apply a series of files into one large file. You can use the command more more to view paginated documents. It is basically the more command in DOS. Lessless command is used to view the file, but it supports the up and down scroll as well as in the document for text search. Vi some people might say that he "virtuallyimpossible" vi. It is one of Unix's long history of the text editor. Vi do not truly intuitive, but now almost all kinds of UNIX environment with vi. For Linux installed version has a built-in tutorial, once you are familiar with the vi, just a few keystrokes you can complete the incredible tasks. To tell the truth, no editor can replace vi to edit password and profile.About QQ password stolen back issues of policy
First of all, if your number is stolen, not necessarily to find, but it is not absolutely impossible, because nothing is absolute.
Let's look at the ones after the number of flows, the numbers were stolen, the majority of whereabouts not stay in his own hand, the number of path part is a chat room is a room of the "master" rushed out, here is divided into two types: 1, your number is very neat, pretty, short, 5, 6, 7-bit, etc. You want is not very large, if your number is password protected, and that you can remember to apply for protection of information, we will be able to get back to you to recover the password for the mailbox to be your password letter box, for example, 163.com, 163.net etc, then more a few times we will be able to get your password. Another case is when your number is not very pretty, such as 8-bit, 9 bit General number, with no protection, it also has a 50% success rate to get, why so? let's look at number of distractions, your number of passwords may be complex, but why throw? is it really a "master"? "is the Trojan horse master" magic! they get number mostly to chat rooms or forums to send a "crazy", and of course get the number of people are afraid to send number of people have protection, then the password retrieval, the way to your own number to get back, so "scramble" to the number of people that are casually change the password, and then continue to "grab" go here we come to look at the common password: 123.1234.12345.123456.111.1.11.1111.0.00.0000.000.aaa.aaaa.aa.a.ddd.dd.d.asd.asdf believe most people scan numbers also used these passwords! I say numbers have a 50% success rate to get say is those passwords can get back. Nice of you lost any number, please use the above password "guess"! maybe we can make it! if you lucky to succeed, if not successful, it is normal that number has been lost. But a lot of friends through my pointing back to get my password.Multiple-boot WINDOWS NT and RED HAT LINUX instance
Host LEE has installed a WINDOWSNT4, disk two NTFS partition. wishes to install REDHATLINUX6.0, and achieve a multiboot, detailed procedures are as follows.
1. defragment the hard disk, clear of the unpartitioned space------------------------------use PQ5.0 can easily achieve, through the reorganization of the partition, get 445M unpartitioned space. 2. install via FTP REDHATLINUX--------------------------------first, the establishment of the FTP site at host XIU (NTSERVER4 + IIS2.0) on the establishment of the FTP service, the FTP home directory to the drive (F:), allow anonymous login. REDHAT installation CD into your CD-ROM drive. The second step, make a BOOT floppy disk for REDHAT installation, using tools such as HD-COPY software installation CD IMAGES directory of the file to a floppy disk BOOTNET.IMG. The third step, using a BOOT floppy disk boot produced by LEE, specify the network card to the host model, interrupt address, interrupt, native: model: NOVELLNE2000COMPATIBLE IOADDR.: 0 X300 IRQ: 10 Configuring native TCP/IP, IP address, subnet mask, default gateway, primary DNS address. then, specify the installation mode---FTP, given the IP address of the FTP site, REDHAT release directory.: FTPADDR: 192.168.0.155 DIR:/ The fourth step, BOOT partition, SWAP partition, ROOT, use DiskDruid tools, add three partitions: DSN MountPointSize (Megs)----------------------------------------/BOOT16da5 LINUXSWAP16da6/410da7 step five, initialize the partition, select the installed components. The sixth step, select the installation partition, to begin the installation. The seventh step, configuring the system. 7.1 configuring mouse 7.2 configure XWindows 7.3 configuration network 7.4 configure clock 7.5 choose to startup device 7.6 configure printer set root password 7.7 7.8 creating boot floppy 3. install LILO--------------in order to achieve using NTLDR to boot LINUX, do not use LILO installation in the master boot record (MBR), which will be installed in the BOOT LILO partition's first sector. 4. make implementation a multiboot BOOTSECT.LIN,----------------------------------LINUX installation is finished, you start still automatically enter NT, if you want access to LINUX, you must use the LINUX boot floppy disk in order to achieve the NTLDR to boot LINUX and begin making LINUX boot sector mirror files. The following two ways: 1) to use the LINUX command ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ use the startup disk into LINUX, ROOT account login, insert the floppy disk that holds the image as follows using the command create BOOTSECT.LIN # mount-tmsdos/dev/fd0/mnt # ddif =/dev/hda5bs = 512count = 1of =/mnt/bootsect.lin # umount/dev/d0 because Linux Boot partition is/dev/hda5, ' dd ' to generate boot record mapping file. 2) using NORTONDISKEDIT2000 ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ use NORTONDISKEDIT, direct read BOOT partition's boot sector, and saves it as BOOTSECT.LIN file. process is as follows: a first step, view the hard disk partition table, get LINUX extended partition addresses. The second step, view the extended partition, partition table, BOOT partition (logical drive) boot sector of the starting address. The third step, the sector (with LILO typeface) stored on floppy BOOTSECT.LIN file. Specific can be found >. After the file is obtained, BOOTSECT.LIN restart LEE entered the NT, and then modify the BOOT.INI file, and copy to C:\ BOOTSECT.LIN file, set its property is set to read-only. BOOT.INI file ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ [bootloader] timeout = 30 default = multi (0) disk (0) rdisk (0) partition (1) \WINNT [operatingsystems] multi (0) disk (0) rdisk (0) partition (1) \WINNT = "WindowsNTServerVersion4.00" multi (0) disk (0) rdisk (0) partition (1) \WINNT = "WindowsNTServerVersion4.00 [VGAmode]"/basevideo/sos C:\BOOTSECT.LIN = "REDHATLINUX "restart, you can now enter through selected single arbitrary system.Migration from Windows to Linux device control applications
This system call to the specified device sends control code and other data.
The appropriate device drivers in accordance with the instructions of the dwIoControlCode control code. For example, use IOCTL_DISK_GET_DRIVE_GEOMETRY can get from a physical drive structure parameters (media type, cylinder, TracksPerCylinder, number of sectors per track, etc.). Can be found on the MSDN Web site for all control codes defined, header files, and other details (see references for related links). Whether you need to input/output buffer, and how they structure and size, depend on the actual ioctl process involves equipment and operations, and invokes the specified by the dwIoControlCode OK. If the overlapped operation of pointer set to NULL, then the DeviceIoControl would block (synchronization). Otherwise, its work asynchronously. Linux function ioctlLinux you can use the ioctl — intioctl (intfildes, intrequest,/* arg */...); — To specify the device to send control information. The first parameter fildes is open () function returns the file descriptor for alleged specific devices. And the corresponding system call DeviceIOControl ioctl, the input parameters list is not fixed. It depends on what ioctl request, as well as the instructions request parameters, just as Windows function DeviceIOControl dwIoControlCode parameter. However, the migration period need to be aware of when choosing the correct request parameters, because the DeviceIOControl ioctl request of dwIoControlCode and have different values. But there is no dwIoControlCode and request explicit mapping list. Usually you can find the associated header file request parameter values defined for the selected parameter value. All control codes defined in/usr/include/{asm, linux}/* .h file. Parameter arg as specific equipment operation provides detailed command information. The data type of the arg depends on the specific control requests. This parameter can be used to send detailed commands and receive returned data. Migration example we see a from Windows to Linux migration example. This example involves from PC main IDE hard drive read SMART log. Step 1-identification device types as mentioned earlier, Linux devices are used as file. It is first necessary to describe the device's file on Linux. Only use this file to get the device control requires a handle to the device. In this example, the object is an IDE hard disk drive. Linux be described as/dev/hdb/dev/hda, etc. This example will be the migration of hard disk device pathname is \\\\.\\PhysicalDrive0. /Dev/hda is the device corresponding to the Linux name of the file. 2. the changes include the header file must # include header files for Linux (see table 3): table 3. # include header filesApache Server's httpd.conf file comments and configuration guide
We put httpdconf file is a simple note, here's just one comment had to ask, easy to browse if you want to contrast the original browser, we have prepared for you here is a zip file, this httpdconf page comments inside has to friends so confused the file, I'll give it another life a phpstarhttpdcon if you have any questions, please see wants information: http://wwwapacheorg/docs/.
The following is a detailed content--------------------------------------------------------------------------------before you start: 1, configuration, and write the file name is "Note: If you give a file name beginning with"/", then the server will use absolute directory. 2. If the given file name does not begin with "/", such as: "logs/foolog", and the current server directory is "/usr/local/apace/", then the server assumes that the log file here: "/usr/local/apache/logs/foolog" 3, attention: throughout the configuration process all the file names must use the slash "/", instead of the backslash "". Such as: "c:/apache" instead of "c:apache", here is not the same as with DOS--------------------------------------------------------------------------------an Apache server configuration directives don't split into three relatively centralized part 1 configure Apache server running all the environment variables to configure the primary server or 2 default server run-time details of the interface parameter 3 set virtual server, on the same Apache Server, it can complete a different IP address or host name of the Web requests that a single physical server can be set to a large number of IP addresses or host names in the first part of the virtual server: environment set # set server startup: independent startup (standalone) or by the Internet Server program to start inetd. # The default is to use independent startup (standalone). ServerTypestandalone # set server directory, to hold the server's configuration files, error file, the log file directory. # Note: the last of the directory can not be combined with the slash "/". ServerRoot "C:/Apace" # service starts, it put the parent program httpd code processid as to this # log/httpdpid file. This file name can be changed with PidFile directive PidFilelogs/httpdpid # set Apache Server execution log files. ScoreBoardFilelogs/apache_status # following both at the individual's preferences, if you think httpdconf file is too long, not found. # Then you can set the required settings on it only few srmconf rows, and then open it in the following: # the following two settings, in the standard configuration is turned on, we can not open it # remove the next line of "#" in front, enabling srmcon # ResourceConfigconf/srmcon # AccessConfigconf/accesscon # server and the client's maximum wait time # if client in 300 seconds is not connected, or the server 300 seconds is not transfer data to the client, it will automatically be disconnected. Timeout300 # set whether to support resume function default is set to support KeepAliveOn # support the resume functionality. The more the number of wasted hard disk space, the more the better the performance. # Set to 0 then there is no limit. MaxKeepAliveRequests100 # settings keep resume maximum wait time # if connection to a consumer in 15 seconds has not issued a request to the server, then he cannot use the resume functionality. KeepAliveTimeout15 # settings for the same period the number of child processes, to security, setting to zero MaxRequestsPerChild0 # set up the server with the number of the process. # This is the server's responsiveness to prevail, is too big it will slow ThreadsPerChild50 # allows you to use a different Port or IP address of the access server, you can open it. # Listen3000 # Listen12345678: 80 # set Apache to listen on the IP address, which is your native on the virtual server's IP address BindAddress127001 # open the current inactive predefined modules, here unless you really need, do not change it # LoadModuleanon_auth_modulemodules/ApacheModuleAuthAnondll # sets the server-generated status information. If set to "On", the resulting detailed information # ExtendedStatusOn---------------------------------------------------------------------------------Part 2 detail interface parameters set # set server independent use listening port. Port80 # set up the Server Manager's E-Mail address ServerAdmin siron @ phpstarcom # server host name. If you have a fixed IP address, you do not need to set settings for the storage site ServerNamelocalost # html files directory DocumentRoot ' C:/Apache/htdocs "# set/directory of the directive. Specific instructions are as follows: # Option: defined in the catalog to perform. # None indicates that you can only browse # FollowSymLinks allows pages to connect to another place, # ExecCGI allow execution of CGI, # MultiViews allowed to watch the animation or listening to music, such as to allow the server to return the Indexes # catalog formatted list and # Includes to allow the use of SSI. # You can check these settings. All you can do anything, but does not include the MultiViews. # AllowOverride: # plus None parameter indicates that anyone can browse the directory of the file, but does not read the file. # FileInfo allows you to control how the file type of the directive, # AuthConfig allows inspection of recognition directive, # Indexes allow control directory index of Directive use, # Limit allows you to control access to a host of Directive use, # Options allows you to control a specific Directory features of instruction using a # is set to All, then the server will allow all directives define ptionsFollowSymLinks AllowOverrideNone # displayed first. # You can change the DirectoryIndexindexhtmlindextm DirectoryIndexindextml # define each directory access control file name AccessFileNamehtaccess # define proxy server not to cache your page the default do not use # CacheNegotiatedDocs # this instruction set mime types configuration file is located, # name of the file is relative to the ServerRoot, does not recommend changing this file TypesConfigconf/mimetypes # Server error messages are logged to a log file, the file name can take # by ErrorLog directives set # for different virtual hosts set up different error records ErrorLoglogs/errorlog # set record stalls format LogFormat "% h% l% u% t"% r "% > s% b" Alias directive allows common # files outside the DocumentRoot can be stored in the local file system # ScriptAlias directives with the same Alias directive, except that it also marks changed directory contains CGI or PHP directive file # AddType directive to specify the type of content as the file name ends with the file name of the file's Deputy Alias/icons/' C:/Apache/icons/"Alias/test/' c:/php/test/" Alias/admin/' c:/admin/phpMyAdmin/"ScriptAlias/php/' c:/pp/" AddTypeapplication/x-httpd-phppp AddTypeapplication/x-httpd-php3pp3 Actionapplication/x-httpd-php "/php/phpexe" # AddIcon, AddIconByEncodingandAddIconByType are # is used to set the display different file types by using a list of illustrations; about each column # out file, display a list of the first meet of the diagram. AddIconByTypeVID,/icons/moviegifvideo/AddIcon/icons/binarygifbinexe # default file photo shows the DefaultIcon/icons/unknowngi # have a problem or an error occurs, you can configure Apache to do four response # 1 output custom customized message text # ErrorDocument500 "Theservermadeabooboo # 2 to import to a local URL to handle the problem/error # ErrorDocument404/missingtml # ErrorDocument404/cgi-bin/missing_handlerpl # 3 rerouting to an external URL to handle the problem/error # ErrorDocument402http://someother_servercom/subscription_infohtmlLinux let NMAP command hide-and-seek with Firewall (1)
In the Linux operating system has a firewall in the deployment, through this firewall can not let other host scanning machine.
If a corporate network are independent firewall, then you can achieve similar restrictions. If some enterprises deploying intrusion detection systems can proactively prevent suspected malicious behavior, such as NMAP scan and so on. But some options with NMAP command, it can be used with the firewall or intrusion detection systems hide-and-seek. Although some administrators questioned NMAP developers with the intent of these options, these options easily exploited. But the tools are not good or bad, depends on how use. Some system administrators often use NMAP command of these options to improve the security of network deployment. As I like to use this command to tell the firewall and other security software to play hide-and-seek game. In other words the author disguised as an attacker, to test the security system can block the attacks or whether the security system log leave my tracks. Another way to think, maybe you can find enterprise security vulnerabilities. Similar options are many. Due to space limitations, can not be too many. I just picked some of the commonly used options for instructions. First, put the message to be fragmented. Like a firewall and other similar security device, you can use to filter to scan messages. But this filter policy is not very secure. If NMAP command now uses the-f option, you can set the Tcp header segment in several packages. Case, the firewall or intrusion detection systems in the packet filter is very difficult to filter this TCP packet. Thus you can let the SNMP scan command with these security measures play a game of hide-and-seek. When you use the-f option, a 20 bytes of the TCP header is divided into three packages, of which there are two packages TCP header eight bytes; other packages that have the TCP header and the rest of four bytes. General security measures adopted by the packet filter will block all IP be queued, and will not directly use these fragmented packets. Due to the packet was divided, as these filters would be very difficult to identify the type of the package. And then the package will be back at the host agency, a legal TCP packets. In most cases these safety measures should prohibit these packages. Because these packages to the enterprise network bring great performance impact, whether it is a firewall or terminal device will be affected. As Linux system firewall has a configuration item, you can ban the IP fragment are queued while the limit on TCP packets are fragmented. Visible for nmap-f command to firewall and other security measures have certain deceptive. We just can use this command to test our security software is really safe. I understand that although this security vulnerability has been present for many years, but now not all security products are capable to effective prevention. So using the-f option can help system administrators the nail on the head of the security products can address the possible attack. If the firewall settings prohibit scanning, and then the system administrator and then use nmap-f command is not received the results, then the firewall policy. But on the contrary it can still be good to return results (may time President), nmap-f command can successfully play the cat with the firewall. System administrators need to watch out for the Linux Firewall security. Second, the use of a fake IP address scanning. Typically like firewalls or the client computer can record the visitor's information, such as IP address, and so on. To do this if you use nmap command to scan, it will be a firewall or left on the client host's IP addresses scanned. Leave this "evidence" for the scan to be very negative. In addition to the firewall configuration, the system administrator may allow a specific IP address to scan job. While other IP address scan packets will be filtered out. In this case, in order to hide their true identities, or the fraudulent use of legitimate address NMAP scans, you need to use something called source address spoofing technology. When it comes to this kind of technology, I have to say that the recent emergence of a new cell phone scams means, with the source address spoofing is very similar. Sometimes we'll get a friend came over the phone or send a short message, ask us to send money in the past. Although the phone shows the friend's cell phone number, in fact, send text messages were not always your friend. Because there is a technique you can attach the sender's phone number. The sender would like to show what number is any number. In fact, the source address spoofing with this mobile phone spoofing is similar. Through the "nmap-s scan, IP addresses are scanned by IP address" in this way, an attacker can make your own IP address is hidden away, but with a fake IP address. Regardless of whether the IP address in the network, you can use. In the firewall or the operating system's log is displayed on the disguised the IP address too. To do this in the purchase of security products, such as firewall, Linux system administrator can use nmap-s command to test the firewall has a corresponding source address spoofing attacks. For this reason some security products need to have some source address spoofing prevention features. III. use of bait for covert scan. Through source address spoofing can hide the identity of the scan, but this technology, in a scan process can pseudoWith an IP address. Currently more popular hide IP address is to use the decoy hosts. Simply put, illegal provider can use the network is in use in several IP addresses as their IP address, host of the network is scanned. And safety equipment, and do not know which IP address is a real IP address. If the firewall might record an IP address for 5-8-port scan. This is a relatively hidden hide their IP address effective means.Practice on the prevention of phishing technology encyclopedia
2. browser settings prevent phishing (1) enhance Firefox (Firefox).
Firefox is the best browser under Linux, Firefox, of course, there are some security implications. Denmark security product developers Secunia to 30 July exposes Web browser "Mozilla" and "MozillaFirefox" vulnerabilities. If the malicious use of security vulnerabilities that can disguise the address bar, toolbars, dialog boxes, and other user interface SSL. Can pretensions of not only the address bar, toolbars, indicates that SSL traffic encryption, etc, or even pretend to click on the encryption flag is displayed by a digital certificate. Secunia's strategy is "don't click on links to Web sites not reliable" and "don't enter personal information," we must remember that the eye is not necessarily. Upgrade to the latest version you can eliminate these security risks. In addition, javascript is set to invalid also prevent camouflage. In addition phishers in user input data, you can also use clever javascript scripts to confuse users. Phishing site provides many banks, which gives people the feeling of a credible, it was actually a kind of social engineering. Users enter account information, the phisher might chuckle at the rear, because the site has been designed through a clever script that enables the user to believe that their data is being updated. If you want to disable javascript on your site, you must download and install the plug-in NoScript, which consists of GiorgioMaone development. Use Firefox to browse Web pages, if the page uses javascript, NoScript will be in the Web page below to display a warning bar. Click the bar to the script on this site is controlled, can be either temporary or permanent, can be disabled or other scripts. This program can also disable Flash animation or other Firefox plugin. NoScript is free software, the official website is: http://www.noscript.net. Download link: http://releases.mozilla.org/pub/mozilla.org/extensions/noscript/noscript-1.1.3.4-fx+fl+mz.xpi,noscript configuration interface shown in Figure 6. Figure 6NoScript configuration interface (2) install NetcraftToolbar2004 years Internet services firm Netcraft has released its Firefox security tools plug-in. This plug-ins to help Firefox users from phishing fraud attacks. NetcraftToolbar can block another user reports of phishing fraud Web site. Netcraft last December published by NetcraftToolbar currently, was found and blocking of phishing fraud attack sites reached more than 7000. In addition to blocking phishing attack site, NetcraftToolbar also includes can help the user in Internet time pay more attention to the safety of other functions. For example, it can on the website of risk "scoring", display the Web site visits and site country information. NetcraftToolbar also can use the characters "trapping" suspicious website, shows the browser navigation buttons against attempts to hide these buttons in the pop-up window. NetcraftToolbar to Firefox support all operating systems (Linux, BSD, Windows, MaC), users can free from Netcraft Web site to download this tool bar. Official website: http://www.noscript.net, download link: http://freebsd.ntu.edu.tw/mozilla/extensions/netcrafttoolbar/netcrafttoolbar-1.1.1.1-fx.xpi,netcrafttoolbar installation file is: netcrafttoolbar-1.1.1.1.xpi. In the browser's menu select file-open file-and then select what you want to install XPI extension file. Later on you can see that the browser will ask you whether you want to install this plug-in, you can click on the "Yes", this was done to secure because by default, you cannot install a plugin from any Web site. Also note a new installation of the plugin you must restart the browser to take effect (close all browser Windows, including extensions, themes, etc). NetcraftToolbar work interface shown in Figure 7. Figure 3 7NetcraftToolbar work interface, otherwise 1. personal responsibility for phishing in nature, often in order to obtain and e-commerce related account password, and then gets some economic interests, so we should be formed from three aspects of a good habit. (1) the proper selection and keeping password password should be avoided and personal data, do not use such as social security number, birth date, phone number as the password. It is proposed to adopt letters, numbers, mixed way to improve password cracking more difficult. Try to avoid in different operating systems use the same password, the password is lost, the consequences will be disastrous. Hackers often use some characters commonly used to crack passwords. There was a United States hacker said, just use the word "password", you can open the entire us most of the computer. Other commonly used words include: account, ald, alpha, beta, computer, demo, dead, dollar, games, bod, hello, help, intro, kill, love, no, ok, oKay, please, sex, secret, superuser, system, test, work, yes. Password settings and doctrine: 1. long enough, some hyperactive finger just to add a password, you can enable an attacker to increase ten times as hard; 2. do not use full words, wherever possible, include numbers, punctuation marks and special characters, etc.; 3. mixture of upper and lower case characters; (2) do the transaction the customer response online bank transfers and payments, and other business records, periodic view "history transaction", regular print online banking statements, such as unusual transactions or accounting errors, contact your bank immediately and avoid losses. (3) the management of digital certificates online banking users should avoid public computer using Internet banking, digital certificates and other classified information from falling into the hands of others, making online identification system is breached, online account has been stolen. 2. corporate leadership and network administrator's responsibilities when asked how to prevent phishing, a security expert to speak at once on user education. Many people want to learn through specialized before know e-mail attachments may not open either. Common sense cannot be "upgraded" intelligence cannot "installation" in the network security of this root chain, one is always the weakest link. Only caveat phishing is not enough, the security expert urges companies not to send network link's email. Enterprises should not be in the e-mail message contains a link, and you want to ensure that users are aware of this, another phishing exploit human common emotions, such as trust, fear, greed, kind, almost all of the Phishing involves social engineering techniques. Recent common practices such as to receive the mail of users fill out a form in order to get jobs, bonuses or gift. In the festive, fishing is a lot of phishing messages. Ongoing user education is required. In addition, different enterprises should share phishing information, establish a Union. In order to prevent the use of phishing sites and endanger the interests of users, in the event of the United States and United Kingdom have established specialized anti counterfeit websites and other Internet scams, such as was established in November 2003, the APWG (Anti-PhishingWorkingGroup) and in June 2004 established TECF (TrustedElectronicCommunicationsForum). Some foreign companies at the bottom of the home page also has clear links to remind the user that the E-mail scams. While many companies seem to be the home page does not have this security awareness, but also no similar organizations to specifically study the countermeasures. In addition to Linux network administrators want to configure SSL for Apache server. SSL can be used for online transactions to protect credit card numbers, stock transaction, account information, etc. When you have SSL functionality in the browser and WEB server (Apache) communication, they use digital certificates confirm the identity of the other. A digital certificate from a trusted third party, and is used to generate a public key. Hence, uses a secure server certificate of the website will be SSL-protected, its Web address with the prefix "https" instead of "http" standard prefixes. From the current phishing attackers in practice, most without this flag, if any, or it may be easier to identify counterfeit, and thus this further expose their tricks. Usually now phishers often through remote attacks some protection weak server attacks are network sniffer, note that if you believe someone has received a sniffer to your network, you can go and find some validation tools. This tool is called the time domain reflectometry meter (TimeDomainReflectometer, TDR). TDR on electromagnetic wave propagation and change. Will a TDR is connected to a network, can detect unauthorized access to network data. For prevention of sniffer attack is the best method: (1) Security topology. (2) session encryption. (3) with static ARP or corresponding tables instead of dynamic IP-MAC ARP or IP-MAC corresponding tables (4) use dedicated hardware devices. 3. service patch either your network administrator or individual users should regularly to your installed system publishers home page looks to find the latest patches. The operating system is the computer system of the soul, the underlying maintains the system, memory, processes, and other subsystems management and scheduling. If the operating system itself has a vulnerability, it would be fatal. Operating system kernel, for network security is essential. At present, the main kernel maintenance is divided into two modes: for private operating system such as Windows/Solaris, etc., due to the individual user does not have direct contact with its source code, the code by the company's internal developers to maintain their security guaranteed by the same team, the kernel modification and other applications, to patch/SP release package. For Linux this open systems, is an open structure. It should be said that the open mode is a double-edged sword. This article describes the Thunderbird and Firefox are open source software, and are constantly upgraded, the stable version and the beta version of alternating. On http://www.mozilla.org/latest ChangeLog in wrote: bugfix, securitybugfix. So often concern related bugfix and upgrade of the site, upgrade or add patches in a timely manner.Development of the Linux system disk encryption method in Visual FoxPro
As smart mobile computing power and storage capabilities, the phone will hold more and more private data, these data leaks can result in serious consequences.
Mobile phone information security has always been our priorities, for some important functions we require authentication before it can be used, but this can only get in the primary prevention of hacking, only a man cannot prevent the villain, so we hope that the important data is encrypted and saved. To this end, it took a little time today to learn about Linux disk encryption method. Method 1: download and compile cryptoloop util-linux http://www.paranoiacs.org/~sluskyb/hacks/util-linux/losetup-combined.patc http://ftp.cwi.nl/aeb/util-linux/util-linux-2.12.tar.gz http://hydra.azilian.net/util-linux-2.12-kernel-2.6.patch tarzxvfutil-linux-2.12.tar.gz cdutil-linux-2.12 patch-p1 <..> /losetup-combined.patc patch-p1 <..> /Util-linux-2.12-kernel-2.6.patc (if there are any compilation errors, such as _syscall5 will it replace it with new called syscall) make; makeinstall compile kernel (already supports cryptoloop skip this step) makemenucong DeviceDrivers > BlockDevices > Loopbackdevicesupport BLK_DEV_CRYPTOLOOP loaded module modprobecryptoloop (and encryption module) to create a loop device ddif =/dev/zeroof = ~/cryptoloop.imagebs = 1Mcount = 10 losetup-eaes-256/dev/loop0 ~/cryptoloop.image (prompting for a password) to create a file system and load the mkfs.ext3/dev/loop0 mkdir/mnt/crypto mount-text3 ~/cryptoloop.image/mnt/crypto/-oencryption = aes-256 (prompt for password) uninstall umount/mnt/crypto losetup-d/dev/loop0 reloads losetup-eaes-256/dev/loop0 ~/cryptoloop.image mount-text3 ~/cryptoloop.image/mnt/crypto/-oencryption = aes-256 cryptoloop for relatively simple, you can look at the drivers/block/cryptoloop.c code. Loop device in read-write method is called before lo_do_transfer function, which then calls the transfer plug-in installed. Cryptoloop is an implementation of a transfer. As regards the use of transfer and transfer of parameters (such as a password), this can be done by the system call ioctrl LOOP_SET_STATUS64 to complete (mount command is implemented). The drawback is that only cryptoloop for loop device, but also to the log-file system is not valid.Saturday, January 22, 2011
Linux operating systems appeared serious fault after solution
1. Insert the Setup CD in the system, restart the machine, start up rapidly pressing the del key, enter the CMOS, the boot order to boot the CD first, start the Linux installation program, press F5, follow the prompts to enter carriage returns into Linuxrescue rescue mode, the next step is to select the language and keyboard, you can directly enter the program prompts you have Linux on your hard disk to the system installed, and then under the/mnt/sysimage a superuser prompt #.
2. access to the hard disk etc directory: cd/mnt/sysimage/etc, you do your backups and unexpected: cpshadowshadow.old modify the properties of the shadow file is writable: chmod + wshadow then vi changes: find with root user information line: root: ... : The first two colons between is the encrypted password, remove it (colon cannot delete), save and exit. This root password is an empty the 1Y0-308. Do not use vi users can take the following approach: looking for a DOS disk into the floppy drive, the Shadow copy to a DOS disk: mcopyshadowa:/and then in the Windows accessories in SCSACCIA Notepad to modify the note to open the file type must be selected all files (*. *), save and exit. Then copy back: mcopya:/shadowmnt/sysimage/etc 3, the Shadow attributes back to read-only: chmod-wshadow, finally enter Exit exit, remove the CD. 4. for security reasons, after reboot should be in a Terminal window and then to root and the passwordLinux in the enterprise
Author: the yah Linux, this new operating system, is changing our lives, it is no longer the early hackers toys, is entering a wide variety of areas, from high-end server market, to low end desktop market, as well as emerging embedded operating systems, Linux has the effect of the current Linux go athwart have strengthened. the most successful should be in the server market, IDC last year's survey shows that Linux is already up server market shipments of 25%, ranking in NT after second. growth rate it is up to 212%. speed surprising .Linux in enterprise computing will play an increasing role.
This article in a technical perspective on Linux in the enterprise computing in the current situation and prospects for introducing .Linux in enterprise computing application mainly has following several aspects: 1.1. database of business application in this article detailed discussion of all supported Linux database is obviously not very realistic, but with the user, in the select a database, you must first list your need of features and functionality, and then select, select based on demand is the correct way to commercial database was among the first to enter one of the Linux platform software-including: (1) IBMUniversalDatabase .IBMDB2 (http://www.software.ibm.com/data/db2/linux/) is the flagship-level database, including a variety of powerful features, its Linux version including the WebControlCenter, a graphical database administration tool and Web programming interface. (2) .Oracle (http://www.oracle.com/iplatform/linux/) Oracle currently supports Linux is Oralce8i (Oracle8.1.5), including OracleApplicationServer, Jserver, WebDB. for Linux users, Oracle huge market share and superior performance is a consideration. (3) .Informix (http://www.informix.com/informix/products/linux/) InformixLinux version including InformixSE, ESQL/C, Connect. it's target market is low maintenance, easy management of database. (4) .Sybase (http://www.sybase.com/products/databaseservers/linux/index.html) Sybase's latest AdaptiveServerEnterprise11.9.2 already supports Linux, including AdaptiveServerEnterprise Development Kit. (5) .Ingres (http://www.cai.com/products/betas/ingres_linux/ingresii_qa.htm) CA IngresII database. The Opensource community also has a large number of SQL database options: (1), InterBase (http://www.interbase2000.org/) by Inprise InterBase is a commercial company Opensource level database (2), MySQL (http://www.mysql.com) Mysql is the most widely used FreeSQLDatabase, it features an easy-to-use, fast-disadvantage is the large-capacity data support was not good, and does not support hot copy. (3) PostgreSQL (http://www.postgresql.org/) PostgreSQL is second only to MySQL FreeSQLDatabase, supports hot backup and ODBC. There are other Free database, Gadfly, BeagleSQL, GNUSQL BerkelyDB, gdbm, and so on. 2.Office software current Office software on Linux is a wide variety of commercial version from to the OpenSource version of large and small have dozens of Office software. Linux get to the desktop market heavyweight software so there are also many companies on this very seriously, one of the most prominent is the Sun, Corel, Applix company and so on. 1. Business Office software (1) Sun's Staroffice (http://www.sun.com/products/staroffice/) Staroffice is currently Linux features the most comprehensive Office software company acquired one of .Sun Staroffice, the plan will be improved to support multiple languages for international versions, and will be open source. (2) Corel Corporation's Wordperfect (http://linux.corel.com/products/wpo2000_linux/index.htm) Wordperfect is the last one of the participants of the war Office, is the oldest supported Linux Office software. But currently we can only support Latin text. (3) Applix company Applixware (http://www.appLix.com/applixware/linux/) Applix company Applixware for capabilities of simple and practical, is famous for its running speed, Applixware has the Japanese version. Is planning to launch the Chinese version. (4) Hancom company Wenjie word processing software (http://www.hancom.com/chinese/) Hancom company Wenjie is in Korea market 70% of your word processing software, and the first launch of the Chinese on Linux word processing software. Its characteristics are using WINE to run the Windows version of the transplantations, more quickly. Other commercial Office software including Winz, XessLite, SmartWare NExs, XQuad, ... etc. 2.Opensource Office software (1) of the KDE project of Koffice software (http://koffice.kde.org) include the word-processing, spreadsheet, presentation and team management, full range of Office software, its characteristics are using CORBA object-oriented technology, better internal integration ability. Based on the full support of Unicode QT2.0, and now also in the development phase. (2) Lyx (http://www.lyx.org) Lyx is based on the Latex of what you see is the word processing software, but more emphasis on the technical personnel to use when writing a scientific paper. Normal users use difficult. Now TurboLinux simplified Chinese version contains its Chinese version. (3) Abiword (http://www.abisource.com/) Abiword is a relatively simple word processing software, currently only supported for Western languages. Gnome organization plans to use Abiword as its part of the office software. Other office software and Opensource of Ted, SiagOffice etc. 3. e-business software, e-commerce is is by far the most Chi hand hot focus, and the Linux-based e-commerce software also is not very much, in General, because Linux with traditional UNIX good compatibility. Other UNIX operating systems like software can easily be ported to Linux. Currently Linux-based e-commerce products are: 1) .Akopia company e-commerce system Tallyman (http://www.akopia.com), Tallyman is a highly customizable e-commerce development system, including easy-to-use Web-based system administration tool and electronic trading tools, such as product management tools, shopping carts, etc. It features a simple and easy to use, easy to grasp. More oriented toward the technology level of the primary user. 2) .IBM company's Websphere (http://www-4.ibm.com/software/webservers/) IBM WebSphere is based on the current Internet and e-business trends, the introduction of a full-featured network environment and application packages. Including the production of Web pages, set up and maintenance of the Web site, the development of e-commerce applications, and effectively manage their data. Establishment of companies, products and services online dynamic publishing, data inquiries and feedback, and other e-commerce needs, implement the online enterprise. And easily with existing enterprise systems, enabling information sharing and easy management. Websphere has the advantage of including your own Java development tools, VisualAge, own ApplicationServer and so on, this allows the user to obtain a more complete package of solutions. Also the technical support can get a good return. 3) .Ilog company Ilog (http://www.ilog.com), Ilog is a form to build e-commerce software software module for users to develop their own e-commerce software is very meaningful. Including optimization module (OptimizationComponents), Visual development module (VisualizationComponents), business rules module (BusinessRulesComponents). OpenSource e-commerce software currently openmerchant (http://www.opensales.org/), etc. 2. the network application in Linux as a network operating system, which in the role of the network. This is the Linux into the enterprise-class computing is an important component. 1. network management/graphical system management (1) .VNC (http://www.uk.research.att.com/vnc/) is a user remotely using his NT/Macintosh/UNIX graphical interface, similar to PCAnywhere is LAN a good management tool. (2) Linuxconf (http://www.solucorp.qc.ca/linuxconf/) is the most widely used on Linux configuration tool, including text, graphics, Web three interface, and can write plug-ins to extend its functionality. (3) Webmin (http://www.webmin.com/) is a pure web interface for system administration tool, it not only can you manage Linux, you can also manage other UNIX.Webmin Perl to write, to support SSL encryption, follow the BSD copyright. (4) LinuxSNMP via SNMP network management tools to manage the network server is a common centralized management approach, inLinux SNMP tools into systems management tools and SNMP tools, system management tools include: * Mon (http://consult.ml.org/~trockij/mon/) system monitoring tools * PIKT (http://pikt.uchicago.edu/pikt/) fault monitoring tools * Scotty (http://www.cs.utwente.nl/~schoenw/scotty/) network management tools * BigBrother (http://www.iti.qc.ca/iti/users/sean/bb-dnld/) system monitoring tools, SNMP tools include: * MRTG (http://www.ee.ethz.ch/~oetiker/webtools/mrtg/mrtg.html) network traffic monitoring tools * cmu-snmp (http://www.gaertner.de/snmp/) SNMP tools 2. LAN technology LAN technologies mainly refers to Linux with existing LAN network compatibility issues, the current LAN mainly NT/Win95 SMB/NovellNetware LANManager, as well as Macintosh Appletalk network. And Linux with these network compliance are good, you can use a Linux server to replace all of these network server while the user is not known. * Compatible with NT/Win95 network of SAMBA server (http://www.samba.org): Samba is a software package on Linux, you can make your Linux support in os/2, windowsNT, windows95 and windows series windowsforworkgroups, widely used in the SMB protocol, the Protocol is mainly used for file and printer sharing. Making Linux as a virtual servers to deliver file and print sharing service to achieve the same Unix file sharing .Samba can complete some typically require a windowsNT servers to do the work, such as the provision of the service, or as WINS windows95 client logon NT domain service. * Compatible with Netware network Mars_nwe/lwared. In Linux under Netware file print sharing services, there are two, the use of more extensive is the mars_nwe (ftp://ftp.gwdg.de/pub/linux/misc/ncpfs/mars_nwe-0.99.pl18.tgz) this package, another called the lwared (ftp://klokan.sh.cvut.cz/pub/linux/linware/), only provides file-sharing service that offers print sharing service, but can also provide print mars_nwe and file sharing service. Mars_nwe implements a subset of NovellNCP. * Compatible Atalk agreement netatalk (http://www.umich.edu/~rsug/netatalk/) using netatalk usersGhost 8.3 backup and recover Ubuntu LTS 8.04
Already installed a few days, Ubuntu8.04LTS has also been working with Ubuntu.
Openoffice or write E-mail, browse the Web or do not feel that it is not convenient. I installed, before community Ubuntu8.04LTS read a lot of articles, the final decision for Linux like me, the most appropriate for beginners is wubi installation. In the hard disk partition a FAT32 formatted partition, 10G. On the Internet a lot of friends in the course of encounter inexplicable problems, crashes, power-on totally white or black, stuck in the initramfs prompt into the desktop. So I set the installation is complete, also completed and the necessary software installed and the system after the upgrade, the cynical use of the day, feel that no poor, I will be using Ghost8.3 backup, which backs up files Ubuntu8.04LTS about 4G, spents 8 minutes. I also try to restore it again, same time consuming 8 minutes, recovery after system everything is normal. So I still have no scruples of installing and uninstalling the software, as long as the system prompts are available updates, I just click install updates. I think my PC will go wrong, there is no system of this day. No matter how deep to understand Linux? Ghost backup can avoid reloading system.Multi-card small Linux CD
FreeDOS occasionally play, plus a testdisk.
How are Linux CD to support Chinese, not practicality. FanX and CDLinux startup itself is Chinese, do not need to worry about. DamnSmallLinux, this seems too much trouble in culture, temporarily abandoned. Puppy is someone made a Chinese packet, a key installation, free from worry. PartedMagic, Slitaz, Nimblex these three minimum to support Chinese font and Chinese input method. Install fonts easy to put on a post as black wenquan. The IME is in trouble, you want to unpack the installation after going after repackaging, toss off the Slitaz install fcitx, old failed. Result found a simple convenient and does not require repackaged method, because these three releases are Firefox, the Firefox extension based input method on the line, this extension is called "Fireinput", Chinese name is "fire transmission". Thought Windows input method so many, how others leisure love to get Firefox extension of the input method, one would be use? I didn't expect this handy, because you can tell Firefox with cross-platform use, what operating system without birds, bird what language the desktop environment, there are places where Firefox will be able to use and worth a praise is an open source software Fireinput or. With Firefox you do everything better, as for other programs cannot use the Firefox extension, of the input method uses stupid method, copy and paste in the past. With the expansion of Firefox everything can read your email, RSS, FTP download, BT download, listen to songs, take notes ... Combined with online services more invulnerable. What can be done well in Firefox, and overall a LiveCD is a Firefox extension installation's enough, basically regardless of platform compatibility. Pulling away, and say a few words about how settings in the remaining three Chinese fonts and input method. It is first necessary to mount a CD/DVD drive, although said to be the start of the disc. The file I in culture are placed in the "tools" directory. 5 file (s): wqy-zenhei.ttf.gz-wenquan post as black font file Fxp.zip-Firefox configuration folder, inside pre-loaded several extensions, including Fireinputcopyfont.sh-automatic replication extract font home directory copyFxp.sh-automatic replication configuration folder to extract the Firefox home directory chinese_pack_total-0.2.6.pet-Puppy in one go Pack which font is copied to "~/.fonts", and does not require any settings, you can also manually copy the extracted. But Firefox profile folder is not required, you can get to the desktop after using Firefox on the official website to download the installation again. PartedMagic to get to the desktop after a terminal perform: mount/dev/cdrom/media/cdrom # or click on the desktop "Nin1LinuxCD" icon to automatically mount a cd/media/cdrom/tools/./copyfont.s./Fxp.s # to Fxp folder to start the configuration folder into the desktop Fireoxfirefox-profile ~/xpSlitaz after terminal perform: su # to enter the password "root" mount/dev/cdrom/media/cdrom # exit exit # root user or use the main menu "SystemTools," and "Mountdevices" mount CD/DVD drive. Cd/media/cdrom/tools/./copyfont.s./Fxp.s firefox-profile ~/Fxp # to Fxp folder for configuration folder to start disc after FireoxNimblex has been mounted, you only need to open Terminal: cd/mnt/live/hdc/mnt/tools./copyfont.s./Fxp.s # to Fxp folder for configuration folder start Fireoxfirefox-profile ~/xpPuppy click "mount" on your desktop, to mount the CDROM, and then automatically open the file manager, go to "tools" directory, click on the Setup file, the installation process chinese_pack_total-0.2.6.pet relatively long, please be patient, and so the prompts to install up to open the main menu, the "Shutdown" and "RestartXserver" restart X, then you can use the Chinese environment, fcitx input method is. Considerations for all Linux are copied from an official CD-ROM, not on the file to package operation, just simple integration. CD no personal tag and the watermark (in addition to the Firefox profile folder in a personal configuration), the download is not satisfied with the menu background like can change it. Total 712M CD image, if you want to burn a CD is not enough to modify it to the mirror, a few suggestions: delete the Fxp.zip 12M, 700M just fine, the CD is enough. Delete the DamnSmallLinux 50M (KNOPPIX folder), because there is no Chinese. Delete Nimblex, voluminous, with some repetition, FanX software to place other files. Puppy's latest one step Chinese package can download this page, you can directly replace. Puppy is a potential release, there are many more Chinese pet packages to choose from, such as LinuxQQ, browse here. If you want the disc inside the release an update, the direct use of the official CD's file or folder to replace it. FiReinput only installed Ruby version, if you need five pen Edition to Fireinput official website to download the Live mode is installed into a Flash disk or hard disk is also acceptable. In fact, LinuxLiveCD integration is very simple, I have tried quite a few releases. As long as it supports Live mode theory can consolidate, because the artifacts Grub4DOS. If you use more space on the DVD, almost how much space can consolidate the number of Linux, Ubuntu, Fedora, openSUSE and Mandriva these have a LiveCD, but head is too big, slow boot, usually do install to hard disk. While some 300M below, are inherently do LiveCD uses, common in addition to the above seven, Tinyme, PartimageIsNotGhost, Knoppix, and so on. Integration of so many play only, daily use is Ubuntu, partition first aid is rarely PartedMagic, other.Apache2.2 + mysql5.0 + php5.1 + Discuz! 4.1 configuration 1. install Apache
For Apache to use PHP in two ways: as a dynamic module, its running state to the loaded to the Web server, or as a static module, which can be compiled directly into the Web server code.
We focus on the first way. In order to be able to Apache modules for PHP dynamic load, Apache server must be based on dynamic shared object (DSO, DynamicSharedObject) compilation. You can pass--enable-so parameter enables this feature to take effect. # Cd/extract directory/httpd-2.2.2 #./configure--prefix =/usr/local/apache--enable-so # make install # makeinstall2. mysql5.0.18 (source package) source package can be obtained at this website: http://download.mysql.cn/src/2006/0208/62.html all these operations require root privileges to install start: # groupaddmysql # useradd-gmysqlmysql # gunzipAndLinux: let your Windows and Linux programs
Run the program by andLinux if not set, since the start in andLinux use it before you need to use screenshots of Assistant starts andLinux.
After it starts, you can run any one want pre-installed software. You may, through many ways to do this, but I still would like to stress a few points. First of all, you will notice that a new system tray program is running; it is a small KDE startup menu through which to access many of the default KDE software, from Konqueror (a file manager, Web browser, etc.) into Synaptic (to install new programs by package manager). I emphasize the two software because you can start from the Konqueror browser and more software, from Synaptic to install new software. And then, if you start Konqueror and swim to the applications tab, you can browse by category to some installed Linux software, from entertainment and gaming to the Internet and multimedia. If this is your first time playing with Linux, I recommend trying out different software, find little visible feeling.Trying Linux virus protection for Linux security
2, script viruses, script viruses is the use of shell, scripting languages.
This virus writing a relatively simple, does not need to have a profound knowledge of, and implementation of a system failure, such as deleting files, corrupted system up and running, and even download and install Trojan horses, etc. But it spread is not strong, often cause damage on your computer. Prevention: preventing such a virus is to be careful not to just run the script from unknown origin, at the same time, it is necessary to strictly control the use of the root permissions. 3, Worm worm viruses under Linux and Windows worm-like, you can run independently, and to spread itself to other computers. On the Linux platform of worms often use some Linux systems and services for the vulnerability to be transmitted, for example, Ramen virus is using some version of Linux (Redhat6.2 and 7.0) rpc.statd and wu-ftp both security vulnerability to spread. Prevention: prevent this virus to block the worm attack at source, already several Linux virus outbreak event, they are using a Linux has been released with several security vulnerabilities in a timely manner, if the user has taken the corresponding security measures would not be affected by them. But unfortunately, many Linux administrators do not closely follow and their own systems and services related to the latest information, or to the virus works. The user wants to do a native security work, particularly concerned about Linux security vulnerability information, as soon as a new Linux vulnerabilities occur, it is necessary to take security measures in a timely manner. In addition, you can match the firewall rule to limit the spread of the worm. 3, backdoor backdoors can also be considered in a broad sense, on the Linux platform is also very active. Linux backdoors utilization system service loading, shared library files injection, rootkit Kit, even loading kernel modules (LKM), and other technologies to realize that many Linux platform of backdoor technology and intrusion technology, very subtle and difficult to clear. Prevention: preventing such a virus can make use of some software to do, there are some software to help users identify system a variety of backdoors, rootkits can find chkrootkitR, worms, backdoors, etc. 4. additional virus in Linux platform in addition to face against Linux viruses but also noticed that many Windows virus exists in the Linux file system, of course, this kind of windows viruses will not attack in Linux, but they have the opportunity to transfer to Windows System. For example, Linux Samba server can be used as the network file server, when a user with Windows virus files on a Samba server, Samba server becomes a virus carriers, although it will not be infected with the virus, but other Windows visited Samba services make it possible to get infected with a virus. Prevention: for overall safety, Linux systems also need to be able to find and remove the Windows virus. This is necessary to use some specialized antivirus software. Now, there are already some open source software and commercial software available for the user to select, and their number is increasing.Linux system and server antivirus real
Second, Linux server virus protection policy described above, you can see the whole computer viruses exist on Linux system is relatively small.
However, due to various reasons in enterprise applications often is Linux and Windows operating systems coexist to form a heterogeneous network. On the server side are using Linux and Unix, and Windows desktop client. So Linux virus protection strategy is divided into several sections: executable file virus, worms (worm) viruses, script viruses through the installation of preventive killing virus software GPL Basic can prevent. The server can use avast! forLinux/UnixServers it is working at the command line, run-time can rarely consume system resources. Workstation users can select avast! LinuxHomeEdition, can run on any X-Windows environment following, such as KDE or Gnome. Prevention for backdoors can LIDS (http://www.lids.org/) and Chkrootkit (http://www.chkrootkit.org/), the LIDS are Linux kernel patches and system administrator tools (lidsadm), which strengthened the Linus kernel. You can protect the dev/directory of important files. And Chkrootkit detects system logs and files to see if a malicious program into the system, and find the associated to different malicious program signal. The latest version of Chkrootkit0.48 can detect sniffers, Trojans, worms, rootkit, 59. Proxy squid is a very good proxy server software, but there is no specific virus filtering. Consider using Germany open source enthusiasts development of a Linux-based virus filtering proxy server — HAVP (http://www.server-side.de/). HAVP virus filtering proxy server software can be used alone or used in series with the Squid, Squid proxy server enhanced virus filtering. Provides mail service is an important application in the Linux server. You can use ClamAV (http://www.clamwin.com/), full name is ClamAntiVirus ClamAV, it exposes with the same emphasis Liunx program code, free authorization, ClamAV is now possible to detect more than 40,000 kind of viruses, worms, Trojans, and at any time to update the database, there is a set of worldwide virus experts, 24-hour update and maintain the virus database, any person who finds a suspicious virus can also get in touch with them at any time and immediately update virus signatures, in a very short period of time, the network use ClamAV mail server on the completion of the latest protective action. In addition to Linux server is recommended to use command line antivirus tools, while Linux desktop application development quickly, but the command line (shell) on Linux still has a strong vitality. Even in the XWindow system administrators often have to deal with the command line, use the keyboard and mouse to be clearly higher than the number of times. For Linux system administrators, at the command line operations of importance is self-evident. Because the start X-Window-manager will consume a large amount of system resources.Development of the Linux system disk encryption method in Visual FoxPro
Method 3: download and compile http://people.redhat.com/~dhowells/keyutils/keyutils-1.2.tar.bz2 ecrypt tarjxfkeyutils-1.2.tar.bz2 cdkeyutils-1.2 make; makeinstall tarjxfecryptfs-20070306.tar.bz2 cdecryptfs-20070306/ecryptfs-util./configure; make; makeinstall compile kernel makemenucong Filesystems > Miscellaneousfilesystems CONFIG_ECRYPT_ loaded module modprobeecrypt (and encryption module) add mkdir/root/crypt mkdir/mnt/root/crypt mount-tecryptfs/crypt/mnt/crypt (prompts for password and algorithm) uninstall umount/mnt/crypt reload mount-tecryptfs/root/crypt/mnt/crypt (prompts for password and algorithm), it seems that the feature is the ability to ecryptfs on directory is encrypted without encrypting the entire disk.
Direct read raw files in a directory, you can only read the encrypted data, it is necessary to correctly read the data, only the directory using ecryptfs file system format is loaded into another directory, you will not be able to read. While at load time to specify a password and encryption algorithm, which plays the role of confidentiality. If the load time specifies the wrong password or encryption algorithm, you can still load without error, but the read data is invalid. Ecryptfs code in fs/ecryptfs directory, only newer kernel versions only, I am using linux-2.6.21. Its implementation and the previous two methods, it is the way by file system. Above several encryption methods, at load time to enter the password, in order to use the convenience, and PAM + libpam-mount plug-in integration, with the current user's password as the encryption of passwords, so you only need to log in to enter once is enough.Sunday, January 16, 2011
Linux account management command and file describes
Command: # useraddsunday — — > add user useradd-u720-g100-M-s/bin/bashsunday-M not establishing root-d specifies the root directory-s use of sell # passwdsunday — — > add to user password # usermod-Lsunday — — > lock account # usermod-Usunday — — > unlock account # usermod-e2008-08-08sunday – > settings account expiration time # groupadddebian — — > add group account # useradd-gdebiansunday — — > specified user belongs to group # usermod-gdebiansunday — — > modify user belongs to group # groupdeldebian — — > delete group file:/etc/shadow username: encrypt password (if * indicates that the account could not be logged in): the last modified time (1970, 1, number of days): password in twice to modify the minimum number of days between: password change prior to warn the user of the number of days after the termination of the account: password is disabled by the number of days: 1, 1970, the date the account is disabled by the number of days: reserved domain drobbins: $ 1 $ 1234567890123456789012345678901: 11664: 0:-1:-1:-1:-1: 0 in/etc/passwdusername: password: UserID: GroupID: comment: homedirectory: sell user logon command to execute after/etc/groupgroupname: x (expressed in/etc/shadow qunzu password): GID: usernamesroot: x:0: root, sunday, onlyisi
Anatomy of Linux operating system process management
Process creation so that we may wish to look at how to create one from the user-space process.
User space tasks and tasks of the underlying mechanisms of the kernel is the same, because they will depend on a do_fork functions to create a new process. When you create a kernel thread, the kernel will call a function named kernel_thread (see./linux/arch/i386/kernel/process.c), this function will perform some initialization call do_fork. The system calls the function you may have seen system call model. In many cases, the system call named sys_ * and provides some initial function to call (such as error checking or user space behavior). Actual work is often delegated to another named do_ * functions. Create a user-space process is similar. In user space, a program calls fork, this will lead to a kernel function sys_fork system calls (see./linux/arch/i386/kernel/process.c). Function as shown in Figure 1. Figure 1 is responsible for creating a process hierarchy of function from Figure 1, you can see the process of creating do_fork is. You can find in./linux/kernel/fork.c do_fork function (as well as cooperation function copy_process). Alloc_pidmap do_fork function first calls, the call will be assigned a new PID. Next, check whether the debugger do_fork in tracking the parent process. If this is set within the clone_flags CLONE_PTRACE flag to do perform preparations fork action. After the function is also called do_fork copy_process, passing these signs, stack, the registry, the parent process and the latest distribution of PID. New processes within the function as a parent copy_process process to create a copy. This function can do apart from initiated process of all of the boot process after processing. Copy_process within the first step is to verify that the CLONE flag to ensure that these labels are consistent. If not, it returns EINVAL error. Next, ask LinuxSecurityModule (LSM) at the current task is to create a new task. To learn more about LSM in Security-EnhancedLinux (SELinux) context, see the references section. Next, call dup_task_struct function (./linux/kernel/fork.c), which will allocate a new task_struct and set the current process of descriptors is copied to. In the new thread stack settings, some state information will be initialized and returns control to the copy_process. Control back to copy_process, apart from a few other restrictions and security check, you will perform a number of general management, including in the new various initialization on the task_struct. After calling a number of replication function to copy all aspects of this process, such as replication and open file descriptors (copy_files), copy the symbol information (copy_sighand and copy_signal), the replication process memory (copy_mm) and, ultimately, the replication thread (copy_thread). After that, the new task is assigned to a handler, while allowing the execution process of handlers for additional checks (cpus_allowed). New process priority from the parent process priority inheritance, a small number of additional general management and control is returned to the do_fork. At this point, the new process exists but has not yet run. Do_fork function by calling wake_up_new_task to fix this problem. This function (which can be found in the./linux/kernel/sched.c) initializes some of the Scheduler's general management information, the new process is placed in the run queue, and then wake up for execution. Finally, once you go back to the PID value do_fork is returned to the calling program, the process is complete. Process scheduling processes exist in Linux are also available through Linux scheduler is dispatched. Although the Scheduler is beyond the scope of this article, but the Linux scheduler is maintained for each priority level of a list, save the task_struct references. Task through the schedule function (./linux/kernel/sched.c) call it under load and process execution history determine the best process. In this article's reference section to learn more about Linux version 2.6 Scheduler for more information. Process destroy destruction process through several event-driven — through normal processes end, through the signal or through a call to the exit function. Regardless of the process how to exit the process end must rely on kernel function do_exit (/linux/kernel/exit.c in.). This process is shown in Figure 2. 2. the implementation of the function that processes destroy hierarchy do_exit aims will all reference to the current process to remove from the operating system (for all no shared resources). The process to be destroyed by setting flags to indicate the process PF_EXITING is exiting. Other aspects of the kernel will use it to avoid process is removed also attempts to deal with this process. The process from it in their lives during various resources-separation from each other through a series of calls to the implementations, such as exit_mm (delete memory page) and exit_keys (release thread sessions, and processesSecurity key). Do_exit functions do the release process required a variety of statistics, and after that, by calling exit_notify performs a series of notifications (for example, to inform the parent process its child processes are exit). Finally, process status is changed to PF_DEAD and also invokes the schedule function to select a new process will be executed. Please note that if a notice to the parent process is required (or process is being followed), then the task will not disappear completely. If you do not need any notification, you can call the practical withdrawing release_task to use by a process that part of memory. Closing Linux still evolving, one further innovation and optimization of the area is process management. At the insist on principle of UNIX, Linux has been a breakthrough. A new processor architecture, symmetric multiprocessing (SMP), and virtualization will cause the kernel to make further progress in the field. One example is the Linux version 2.6 introduced in the new O (1) Scheduler, it has a large number of tasks of system provides scalability. Another example is the use of NativePOSIXThreadLibrary (NPTL) updated the threading model, and before the LinuxThreads model, it provides more effective Threading.Linux NFS settings
NFSServer-set the NFSServer-setting, you first need to confirm that the Linux host can support NFS this service, and then set the consumer source IP or host name, and the sharing out of directory permissions.
So, how to use the shared ClientPC out directory? first to check whether a LinuxServer showmount can use NFS directory. If you have to mount it in the machine, so that you can use the resources provided by the NFSServer host. 1. system requirements in addition to the above mentioned two system daemon portmap and nfs-utils, the kernel (Kernel) version is better than the 2.2.18. In addition, if you recompile a kernel, be sure to select support for NFS. 2.etc/edit/etc/exports file exports: # vi/etc/exports/usr/src/sys-maproot = daemonost2/usr/ports-ro-network192.168.1.0 from above you can see in this example exports the file format, first define the file directory that you want to share, you must use an absolute path, not the symlink. Following is the directory to access-restricted parameter that is used to ensure security. The first line sets, will share out/usr/sys/src directory, but limits the client's root user is equivalent to the daemon user on my computer in order to avoid the client's root user owns the servers root powers for illegal actions; subsequent host2 parameter is the host name, this limits only host2 will share this/usr/sys/src directory; the third line sets the shared directory, but restricts/usr/ports to only allow read, and only the 192.168.1.0 network on your computer to access the shared directory. ◆ Rw rewritable. ◆ Ro for read-only permissions. ◆ The no_root_squash when visiting the NFS shared directory of the host use by users if you are root, then the user's permissions will be converted into anonymous users, usually its UID and GID becomes nobody. ◆ Root_squash login NFS hosts use the shared directory of the user, if you are root, then for the shared directory, it has root privileges. ◆ All_squash whether login NFS users status, its status will be converted into anonymous users, usually that is nobody. ◆ Anonuid usually nobody, of course, you can set the UID value, UID must exist in the/etc/passwd. ◆ Anongid with anonuid, but become groupID. ◆ Sync information synchronous writes to memory and hard disk. ◆ Async data will first staging to memory, rather than directly written to the hard disk. 3. activate service portmap and nsd #/etc/rc.d/init.d/portmapstart (or: # serviceportmapstart) #/etc/rc.d/init.d/nfsstart (or: # servicenfsstart) portmap is activated, a port number is 111 sunrpc service. As for nfs will activate at least two more system daemon and started listening needs, ClientPC cat/var/log/messages you can see whether or not the operation was successful: # cat/var/log/messages Nov1615: 04: 45caoportmap: portmapstartupsucceeded Nov1615: 04: 53caonfs: StartingNFSservices: succeeded Nov1615: 04: 54caonfs: rpc.rquotadstartupsucceeded Nov1615: 04: 54caonfs: rpc.mountdstartupsucceeded Nov1615: 04: 54caonfs: rpc.nfsdstartupsucceededAbout why Linux is divided into a maximum of four sectors of explains
Before someone asked why install Linux when primary partitions + extended partition can only have 4, at that time due to the lack of basic knowledge, cannot resolve the problem, there is now little, now to share with you.
MBR (MasterBootRecorder) main boot sector information, place the hard disk. MBR can be said that the entire hard drive is the most important places, because in the MBR which records two important things: power-management program, and disk partitioned tables (partitiontable). So we made a hard disk partition, that is, modify the partitiontable. Due to the limited capacity of MBR block, so that was originally designed, it was only designed to record four partitions, these partitions are called Primary record (primary partition) and Extended (extended partition), that is, a hard disk can have up to four Primary + Extended sectors, among them, there can be only one Extended, so if you want to partition into four partitions, then it is up to you: P + P + P + PP + P + P + E to partition. Need special attention, if the above situation, 3P + E only three 『 available 』 disk, if you want four are 『 available 』, partitioned into 4P! (as Extended cannot directly be used, you also need to be partitioned into Logical) thinking: if I want to be my big hard disk temporarily partition into four partition, at the same time, there are other space can make me in future planning, how to partition?, by just described, we can know the Primary + Extended only four partition, but if you want more than 5 partition, then you need Extended help. Therefore, in this case, we must not partitioned into four Primary why? if you are a hard drive, but gigabytes of 4 primary share went 15GB, you thought there 5GB can take advantage of? wrong! remaining 5GB cannot use, this is because there are no superfluous partitiontable records area can record, and therefore there is no way to make additional zones, of course, space is also worried about being wasted! so please do note that if you want to partition over more than 4 slot, please remember to have Extended partition, and must include all the remaining space is assigned to the Extended, then the logical partition to planning Extended space.Dialogue on UNIX: new improved Vim editor
Line mode despite the extensive use of is command and insert mode, but the line is just as important, but sometimes is not fully understand and use.
Line mode to enter the line editor that allows you to one or more rows on processing the command. Taking into account the ex editor vi to named, so it only fits into the ex editor line mode. From the command line mode mode to enter, enter a colon (:). Then move the cursor to the lower-left corner of the window. Continue to enter, all the text appears in the colon at the bottom of the window. Click Enter to begin the calculation and execution of line mode command. If you decide not to perform in line mode input rows, click Escape to return to command mode. Use the editor of line mode, remember two command style. First, enter the command, vi or Vim command execution. as is If the executed command and modify data, the current row is the goal. However, using the second method provides the number of rows to process the specified rows. To enter, use a colon to enter the number of rows to be processed or row range, with a comma (,) to separate the start and end range. For example, if a row only, then the command to 23: 23. If you want to modify 2319 to the line between 3819, you enter: 2319, 3819. To start from row 45 to file a command to the end, you need to last row of parameter to be replaced by a dollar sign ($), namely: 45, $. This command is only available in line mode perform most basic
Subscribe to:
Comments (Atom)