Fedora 17 complete security guide

Li yuliang

June 5, 2012
On the day of the official release of Fedora 17, I suddenly wanted to build a notebook. Now that I have to do everything, I just need to fix Ubuntu with the latest fedora. First, I took my own back and often made it easy to use new systems. This is the conclusion of my experience using Linux over the past few years.

I. About fedora 17
Let's take a look at fedora first. It is a global open source program sponsored by Red Hat professionals, adhering to the "freedom", "Friends and love", "Pull out", and "before" purposes.
1. Major System Changes of Fedora 17
Core: 3.3.4 core is used.
Security: fedora now supports configuration of libpwquality in simple mode to check the quality of new passwords in the system. A new SELinux distribution value deny_ptrace is added, it is used to prevent malicious progress from using internal programs such as ptrace and GDB to obtain internal memory of other programs, or even conduct attack attempts. The Kerberos Authentication System is upgraded to 1.10.
File System: the recognized File System (ext4) will support file systems larger than 16 TB.
Optimized: the source computer model qemu is updated to Version 1.0, and the source computer manager is updated to version 0.9.1.
Plugin: integrates the latest version of cloudstack, opennebula, and openstack, as well as an open vswitch for a local network.
Data integration: integrates MySQL 5.5.20, PostgreSQL 9.1.2, and SQLite 3.7.9.
Startup: fedora 17 supports native introduction on the EFI system.
2. Improvements to desktops
(We only use tokens to improve the development process .)
Integrated with the KDE 4.8 desktop environment, Kde plasma improves performance and stability.
Integrated with Gnome 3.4 desktop environment.
Integrated with sugar 0.96 desktop environment.
For the first time, we provided a fully automatic multi-seat configuration.
A large number of applications are updated to the latest version.
3. Official renewal address:
Http://fedoraproject.org/zh_CN/get-fedora-options

2. Initiate U branch Activation
The Ubuntu ghost program assumes that the ultraiso under the micro-platform or the startup ghost builder under the Ubuntu platform is used, you can create a U ora 17 U startup notebook. It proves that the liveusb creator under ora is also used in the old practice.
Fedora liveusb creator is a cross-platform tool that supports Linux and Windows. You can use it to create live USB Based on the fedora operating system. However, one of the features of this tool is that it does not need to partition or format USB memory.
Ora liveusb creator download address: https://fedorahosted.org/liveusb-creator/
Run the liveusb creator, Click Browse browse, and find the fedora 17 ISO photo file. Target device selects u images, and click Create live USB.
So we can build a ora 17 U startup notebook without any effort.

Iii. Server guard
When the computer directly powers up the ESC instance, you can choose to activate the instance from U. If this method is not used for other power grids, You can restart the system, enable F1 to enter the bios, modify the bios, and enable the USB flash drive until the hard drive, set to import data from the u branch.
The U activation mechanism created by fedora liveusb creator. After the activation, the user enters the fedora 17 program or the security page. If Ubuntu is user-friendly, the entire security process is in English. This is a bit difficult for Chinese users who do not have a certain degree of knowledge in English. However, there will be Linux users who are both tough-thinking people, or even civilized people. Such a small difficulty cannot be solved.
U startup. After you enter the fedora 17 login page or the security page, perform the following operations:
If you want to install fedora 17 directly to the hard drive, click "Install to hard drive", and then click "Next.
When the parameter is set to us. English, click Next.
Set the name of the email in the Network: select an email or select a email you like.
Time zone settings: Select region Asia/Shanghai
Password setting: enter the password you will not forget
Partition settings: note! If you want the original system and the original data, You must select create M layout. Otherwise, you cannot regret it.
(See: http://www.linuxidc.com/Linux/2010-03/24993.htm)
After the division, the entire security process is very fast.

Iv. Configuration
1. Chinese speaker
After the restart, enter the long-awaited fedora 17. However, after we log on to Alibaba Cloud, we find that all of them are in English. Originally, during the security process, we did not choose to allow them to set this parameter. Therefore, when logging on, the words are in English.
Click "system settings-region and statement" in the upper-right corner, and then click "system settings-region and statement" in the displayed "region and statement" interface, select "simplified Chinese ". As long as we review the new login, we can see the familiar Chinese.

2. Open the client
Method 1: click "activity-Application Program-system tool-terminal"
Method 2: run the Alt + F2 command.
Gnome-terminal (or gnome-ter and then use the tab to complete)
(See: http://blog.csdn.net/roryuna/article/details/6525139)

3. Set sudo
Sudo is used in Ubuntu, but the well-established fedora 17 does not charge sudo fees. Upload terminal upload handler: "using handler is not in the sudoers file ". Originally, fedora could not directly use sudo.
Solution:
Method 1: Open the terminal and click "adduser user_name sudo" in the upper-right corner.
All members of the sudo group are granted this permission when they are added to the sudo group.
NOTE: For the first time, the system administrator privilege can be obtained through the su command. If the root user attempts to use the token, the token can be switched to the root user's token.
(See: http://hi.baidu.com/pjg864/blog/item/043ea9faa6f557c4b48f3183.html)
Method 2: Merge rows on the terminal side
Su-
Echo 'username all = (all) all'>/etc/sudoers
(Username is your alias name)
(See: http://www.linuxdiyf.com/bbs/viewthread.php? Tid = 80067)

4. Update the system
Click the "active" button in the upper left corner of the page, and then click "Application-System Tools" to generate the "component Update" program.
Then, update the system to the latest zookeeper.
The students who want to compile the source should not accept the suggestions for food production. The sources in fedora do not have the order below ubuntu.
Really want to know, can use Chinese Science and Technology University source (source photo in http://mirrors.ustc.edu.cn /). Refer to: http://lug.ustc.edu.cn/wiki/mirrors/help/fedora for Sources
Of course, you can also use a 163 source (source image in http://mirrors.163.com /). Refer to: http://mirrors.163.com/.help/fedora.html for Sources

5. Shard access method
Click "active" in the upper left corner of the page, and then click "Application-System Tools" to generate the "add and remove hosts" program.
Remove all ibus, install fcitx, restart the computer, or register the computer.
Fedora 17 is very user-friendly. If you pull the mouse tag to the lower right corner, you can find the mouse tag.

6. added the simplified fonts.
A. Add a micro-body
Because of copyright issues, fefora does not have micro-fonts.
Method 1: import the/home/main file, create a file named ". fonts", and throw the micro-body into the file.
Method 2: Copy windows fonts to/usr/share/fonts/TrueType and open the terminal.
CD/usr/share/fonts/TrueType
Sudo mkfontscale
Sudo mkfontdir
Sudo FC-Cache-FV (refresh the body memory)
B. Modify the fefora recognized text body.
After installing the micro-Analytics, I found that the system's recognized text system has become as big as ubuntu! In the past, the traditional Chinese semantic Recognition Feature was a natural language, but now the traditional Chinese semantic Recognition Feature has become a micro-simplified one, such as the song system, it makes people look uncomfortable.
The method for converting to the recognized text body is different from that for Ubuntu. Currently, I have not found any applicable method. Please kindly advise.

7. Add MP3 Decoding
Method 1:
Yum localinstall -- nogpgcheck http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-rawhide.noarch.rpm http://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-rawhide.noarch.rpm
Yum install FFMPEG-libs gstreamer-FFMPEG libmatrosca xvidcore libdvdread libdvdna v lsdvd
Yum install gstreamer-plugins-Good gstreamer-plugins-bad gstreamer-plugins-uugly
(See: http://www.imyxz.com/cat_ico27/cat_ico21/3239.html)
I used this method to solve the problem.
Method 2:
The first step is to add the next fuse source-fusion with the MP3 Decoder
Http://download1.rpmfusion.org/f... E-stable.noarch.rpm
Http://download1.rpmfusion.org/n... E-stable.noarch.rpm
First, download the above two RPM files. After the installation is complete, the fusion source will be added.
Then open the client and then click
Su
BCC
Yum-nogpg install gstreamer-FFMPEG gstream-plugin-bad gstream-plugin-uugly
(See: http://www.aitilife.com/2011/05/24/install-mp3-decoder-in-fedora15)

8. Security flash
It is suggested that the "active" button in the upper-left corner of the old reality should be used, and then "Application-System Tools" should be added ", find and install the "add and remove hosts" program.
At the beginning, I was not using this security method. I used "yum for Linux" to install "yum for Linux" on the official website. It was strange that flash was always released. Of course, you can also run the following command on the terminal:
Sudo Yum install flash-plugin

9. Unload multiple cores
After the fedora program is installed and the system is updated to the latest version, the system restarts the computer and finds that there is another option for the Startup menu, in the past, the new kernel was upgraded during the upgrade, and the Linux kernel had to be updated at a speed. However, the upgrade does not automatically remove the kernel.
The method for uninstalling the internal kernel is as follows:
Rpm-Q Kernel
(Find all kernel packages of the system. The kernel-PAE is used to support the extended version of the kernel larger than 4 GB in the system)
Sudo rpm-e kernle... (Such as kernel-3.3.7-1.fc17.i686)
Or Su-C 'rpm-e kernle ...... )
It is suggested that this is the best method of unloading logs. This method will automatically remove the Startup menu. LST of grub. Of course, some people think that they want to use Yum remove to perform division, because Yum will automatically remove:/boot/GRUB/menu with Yum remove. the associated startup events in the lst. Are there differences between these two statements?
Warning! The kernle to be deleted ...... The RPM package must be an exclusive one. You 'd better check the internal cores used before the installation. Uname-R.
(See: http://www.yucoat.com/linux/fedora_uninstall_kernel.html)

10. Batch rename files
This is because the hardware was replaced by the security certificate fedora 17, and I paid a replacement for it. I forgot my copy of an unorganized video on the Ubuntu Desktop, A very strange forgetting.
Fortunately, the SD card in the camera has deleted these photos but has not been stored again. I was anxious to remember that there was a hard file to restore such a thing. I was always copying it. In the past, there was no such restoration experience. After searching online on the xp TV, the smart image rediscovery component was restored for the first time. Unfortunately, there was no response for half a day and nothing could be recovered. The second time I switched to the finaldata component to solve the problem instantly.
The photos were taken from the xp TV and saved back to the fedora 17 album, but the new problem is coming again. All the file names for restoring the photos, for the first time, all the letters changed from "D" to "#". How can we change them in batches? Soon I found a solution to the issue method.
First, store these photos in a simple file, and then upload them to the local file on the photo end. The following lines are displayed:
Sudo for I in 'LS'; Do MV-F $ I 'echo $ I | SED's/^./D/''; done
This method is learned from the following articles and may be used frequently in the future, i. Abstract "five methods to realize Linux batch file rename" here.
First, I want to change the first letter of their names to Q.
For I in 'LS'; Do MV-F $ I 'echo $ I | SED's/^./Q/''; done
Or you can download a notebook to make it clearer:
For file in 'LS'
Do
Newfile = 'echo $ I | SED's/^./Q /''
MV $ File $ newfile
Done
2. Change the first five letters to zhaozh.
For I in 'LS'; Do MV-F $ I 'echo $ I | SED's/^.../zhaozh/''; done
Category 3: Modify the last five letters to "Snail Il ".
For I in 'LS'; Do MV-F $ I 'echo $ I | SED's/... $/snail il/''; done
Fourth: Add _ Hoho _
For I in 'LS'; Do MV-F $ I 'echo "_ Hoho _" $ I '; done
Fifth: all the small-sized letters change to uppercase letters
For I in 'LS'; Do MV-F $ I 'echo $ I | tr a-Z A-Z '; done
(See: http:// OS .51cto.com/art/201003/187673.htm)

11. How to disable fedora 17
First, after clicking the upper right corner, press and hold the alt button, and the "starting" button on the interface changes to "disabled ".
2. press Alt + F2 to export the Run Command window and then press sudo halt.
Category 3: shutdown-H now
Fourth: shutdown-y-G0
Fifth: init 0

12. Canon ip100 Motion
If you are not familiar with the Canon ip100 notebook, you can add it directly in the "system settings-printers" notebook, which seems to be added in a short time, but in reality it cannot be used at all, print a certain number of animations.
One of Canon's "bottom line and support": http://support-cn.canon-asia.com/contents/CN/ZH/0100118703.html
A little something http://pdisp01.c-wss.com/gdl/WWUFORedirectTarget.do? Id = mdewmdawmte4nzay & CMP = ACB & lang = ZH
Download ip100 series IJ Printer Driver ver. 3.70 for Linux (RPM package restart)
Last Updated: 03-feb-2012
Released Timeout: 0100118703
Security when, into the solution after the cnijfilter-ip100series-3.70-1-rpm/packages file, pay attention to the first security cnijfilter-common-3.70-1.i386.rpm, and then security cnijfilter-ip100series-3.70-1.i386.rpm can be. Other packages are used for 64-bit systems.

13. Save the brightness
After ora 17 is completed, the screen brightness is directly the brightest, And we adjust the brightness in the system settings. When the system is set again, we find that the setting is missing, there is no way to save the reset settings. However, fedora 17 seems to have changed a lot in the ETC/RC. d/, unable to find the RC. local, there is no way to handle according to the original method.
However, you can directly create an RC. Local on the etc/rc. d/host. The content is as follows:
#! /Bin/sh (Note: This line should not be small; otherwise, it will not work)
Echo 5>/sys/class/backlight/acpi_video0/brightness .)
Exit 0
Save and exit, and then change RC. Local permission
# Chmod A + x/etc/rc. d/rc. Local
Create a dynamic connection
Ln-S/etc/rc. d/rc. Local/etc
Otherwise, you will find that the brightness is still the brightest, probably because of memory usage.
This step solves the problem.
Said we can also view rc-local.service
Systemctl status rc-local.service
If the service is not started, the following command is triggered:
Systemctl start rc-local.service
Then use the systemctl status rc-local.service command to view the Server Load balancer, which may be affected by the Service Startup. The solution is as follows:
Zookeeper file/lib/systemd/system/rc-local.service, set conditionfilel **** ecutable =/etc/rc. d/RC. add # condition injection before local and # conditionfilel *** ecutable =/etc/rc. d/RC. local
Start the rc-local.service again, and use the systemctl status rc-local.service to see if zookeeper has started.
(See: http://www.linuxidc.com/Linux/2012-02/55451.htm)

14. Modify the gedit metadata Handler
Due to the differences in the syntax format, the startup of a Windows text file by using fedora often appears unknown.
The merge command on the terminal:
$ Gsettings set Org. gnome. gedit. preferences. encodings auto-detected "['utf-8', 'gb18030', 'gb2312', 'gbk', 'big5', 'current', 'utf-16']"
$ Gsettings set Org. gnome. gedit. preferences. encodings shown-in-menu "['utf-8', 'gb18030', 'gb2312', 'gbk', 'big5', 'current ', 'utf-16']"
(See: http://blog.chinaunix.net/uid-25737580-id-3045661.html)

15. Handling the audio mark of the player
It seems useless to remember this line.
Modify the volume of environment changes, modify the/etc/profile file as root, and add the following two lines at the end of the file:
Export gst_id3_tag_encoding = GBK: UTF-8: gb18030
Export gst_id3v2_tag_encoding = GBK: UTF-8: gb18030
Note that you can solve the problem by reimporting the song information.
(See: http://blog.chinaunix.net/uid-25737580-id-3045661.html)

16. Configure wine in server guard
Step 1: click the "active" button in the upper left corner, and then click "Application-System Tools" to generate the "add and remove hosts" program, search for and install wine. Soon wine 1.5.3 will be ready. At the same time, you need to combine wget with your hands and use it as soon as possible.
Step 2: Install winetricks
Wget http://www.kegel.com/wine/winetricks
Sudo Yum install cabextract
Chmod + x winetricks
./Winetricks
Step 3: Select winetricks and install the fuse file mfc42.dll.

17. hosts under security wine
A. Dreamweaver 8.0
Go down to Dreamweaver 8.0, and directly use wine to open and install it. However, when the location of the site file is set, you need to change the C ...... To the desired location.

B. Eastern Certificate
Http://dt.ap-southeast-1.maxcompute.aliyun-inc.com.
Modify the system fonts of the Stock (otherwise, the Chinese Simplified Version), and set the fonts to Wenquan in the system settings, or an embedded micro-Analytics.
Go to "tools-system settings-External fonts-fonts", modify the settings one by one, and convert the fonts into Chinese fonts, and must select the Chinese Character Library.

18. Increase system audio
Open the terminal and merge it into alsamixer to generate the audio Generator tool of the system.
Use the left and right direction to select a category, and use the upper and lower dimensions to adjust the size. Set the volume of each worker to the maximum.
Open the player and try again. If the volume is still not increased, you can't try it.

Fedora 17 complete security guide