XSBase使用手册Linux版8.20

linux 使用手册Linux 是一种自由和开放源代码的操作系统，被广泛用于各种设备和系统中。

对于初学者来说，掌握 Linux 的使用方法可能会有些困难，但只要掌握一些基本的操作指南，就能够更好地利用这个强大的操作系统。

本文将分享一些 Linux 使用的基本手册，帮助读者更好地了解和使用 Linux。

首先，让我们来了解一下 Linux 的基本结构。

Linux 包含了许多不同的命令和工具，可以用来执行各种任务。

其中，最基本的命令有：cd（切换目录）、ls （列出目录内容）、mkdir（创建目录）、rm（删除文件或目录）、cp（复制文件或目录）等。

掌握这些基本的命令，可以让您更轻松地在 Linux 系统中进行操作。

其次，了解 Linux 的文件系统也是非常重要的。

在 Linux 中，所有的文件和目录都存储在一个根目录下，根目录用“/”表示。

其他目录则通过根目录来进行访问和管理。

例如，/home 目录存储用户的个人文件，/etc 目录存储系统配置文件，/var 目录存储变化的数据等。

通过了解各个目录的作用和功能，可以更好地管理和组织文件。

此外，掌握 Linux 的文件权限管理也是必不可少的。

在 Linux 中，每个文件和目录都有三种权限：读取（r）、写入（w）和执行（x）。

这些权限可以分配给文件的所有者、所属组和其他用户。

通过 chmod 命令可以更改文件的权限，通过chown 命令可以更改文件的所有者和所属组。

合理设置文件权限可以保护文件的安全性和保密性。

另外，了解 Linux 的软件包管理也是非常重要的。

在 Linux 中，软件包是一种用来打包和安装软件的文件格式。

常见的软件包管理工具有 dpkg、apt、yum 等。

通过这些工具，可以方便地安装、更新和删除软件包，从而满足不同用户的需求。

此外，还可以通过源代码编译的方式来安装软件，但需要注意依赖关系和编译环境。

最后，了解 Linux 的网络管理也是必不可少的。

Oracle Linux 8 Accessibility User's GuideF30129-11September 2023Oracle Linux 8 Accessibility User's Guide,F30129-11Copyright © 2020, 2023, Oracle and/or its affiliates.ContentsPrefaceConventions iv Documentation Accessibility iv Access to Oracle Support for Accessibility iv Diversity and Inclusion iv1 Working With Accessibility Features in Oracle Linux 8Selecting a Desktop Version1-1 About Assistive Technologies1-1 Accessing Assistive Technologies1-2 Using the Standard Desktop1-2Using the Classic Desktop1-2Configuring Quick Access1-32 Overview of Accessibility Features3 Customizing Accessibility FeaturesConfiguring the Screen Reader3-1 Configuring the Magnifier3-2 Configuring Typing Assist3-3 Configuring Click Assist3-34 Using BrailleConfiguring Braille Options on the Screen Reader4-1 Configuring the BRLTTY Service4-2PrefacePrefaceThe Oracle Linux 8: Accessibility User's Guide describes the accessibility features thatare available in the Oracle Linux operating system.ConventionsThe following text conventions are used in this document:Convention Meaningboldface Boldface type indicates graphical userinterface elements associated with anaction, or terms defined in text or theglossary.italic Italic type indicates book titles, emphasis,or placeholder variables for which yousupply particular values.monospace Monospace type indicates commandswithin a paragraph, URLs, code inexamples, text that appears on the screen,or text that you enter. Documentation AccessibilityFor information about Oracle's commitment to accessibility, visit the OracleAccessibility Program website at https:///corporate/accessibility/.For information about the accessibility of the Oracle Help Center, see the OracleAccessibility Conformance Report at https:///corporate/accessibility/templates/t2-11535.html.Access to Oracle Support for AccessibilityOracle customers that have purchased support have access to electronic supportthrough My Oracle Support. For information, visit https:///corporate/accessibility/learning-support.html#support-tab.Diversity and InclusionOracle is fully committed to diversity and inclusion. Oracle respects and values havinga diverse workforce that increases thought leadership and innovation. As part of ourinitiative to build a more inclusive culture that positively impacts our employees,customers, and partners, we are working to remove insensitive terms from ourproducts and documentation. We are also mindful of the necessity to maintainPreface compatibility with our customers' existing technologies and the need to ensure continuity of service as Oracle's offerings and industry standards evolve. Because of these technical constraints, our effort to remove insensitive terms is ongoing and will take time and external cooperation.1Working With Accessibility Features in Oracle Linux 8Accessibility features offer users with vision, hearing, and motor impairments ways to moreeasily use the Oracle Linux desktop. This guide provides information about enabling andconfiguring the accessibility features that are included in Oracle Linux 8. Selecting a Desktop VersionOracle Linux8 offers both the Standard and Classic GNOME desktop. When you installOracle Linux by using the Server With GUI profile or environment, the Standard GNOMEdesktop is selected by default. However, you can select another desktop version if preferred.To view the desktop versions or switch between versions, do the following:1.Ensure that you're logged out of the Oracle Linux 8 session.2.Click the login username.3.Click the cogwheel next to the Sign In button.The list of desktop versions is displayed.4.(Optional) Select a desktop version.5.Continue logging in to the server.The desktop selection becomes a persistent setting and applies to all authorized users of thesystem.About Assistive TechnologiesAssistive technologies promote accessibility for users with specific impairments.Alternative presentations that are provided for these users include the following:•Synthesized speech•Magnified content•Alternative input methods•Additional navigation methods•Content transformationsSoftware features of Oracle Linux enable users with physical impairments to use all of thefunctionality of the desktop. Various desktop tools also enable you to customize the desktop'sappearance and behavior.Chapter 1Accessing Assistive TechnologiesAccessing Assistive TechnologiesIn Oracle Linux, the assistive technologies are listed on the Universal Access panelof the GNOME desktop's Settings window. Accessing the panel differs slightlybetween Standard and Classic desktops. However, the feature descriptions andconfiguration procedures are the same for both. This document assumes that you'reusing the default (Standard) desktop on the system.Using the Standard DesktopChoose one of the following methods:•Accessing through the System Tools group iconThe System Tools group icon consists of the 3 icons at the right side of the topbar of the screen. See the icons boxed in red in Figure 1-1.1.On the right side of the top bar, click System Tools.2.Click Settings.3.From the list of options on the left panel, select Universal Access.•Accessing through the Activities menu option1.On the top bar, click Activities.2.On the search field, type universal access.3.From the list of options on the left panel, select Universal Access.•Accessing through the command line1.Select the Terminal icon at the bottom of the screen.If the icon isn't visible, click Activities, then select the icon.2.On the terminal window, type:gnome-control-center universal-access3.From the list of options on the left panel, select Universal Access. Using the Classic DesktopChoose one of the following methods:•Accessing through the System Tools group iconThe System Tools group icon consists of the 3 icons at the right side of the topbar of the screen. See the icons boxed in red in Figure 1-1.1.On the right side of the top bar, click System Tools.2.Click Settings.Chapter 1Accessing Assistive Technologies3.From the list of options on the left panel, select Universal Access.•Accessing through the Applications menu option1.On the top bar, click Applications, select System Tools, then select Settings.2.From the list of options on the left panel, select Universal Access.•Accessing through the command line1.On the top bar, click Applications, select Favorites, then select Terminal.2.Type the following command:gnome-control-center universal-access3.From the list of options on the left panel, select Universal Access. Configuring Quick AccessOracle Linux provides a Universal Access Menu, which enables you to access andconfigure accessibility features without the need to open the Universal Access panel. Thismenu is disabled by default. To make the menu available, open the Universal Access paneland set the Always Show Universal Access Menu switch to On. Toggling this switch makesthe Universal Access Menu icon become permanently visible on the top bar of the desktop.Clicking the icon opens a list of accessibility features, as shown in the following figure:Figure 1-1 Desktop Accessibility FeaturesChapter 1 Accessing Assistive Technologies2Overview of Accessibility FeaturesIn the GNOME desktop, features for aiding users with impairments are configured from theUniversal Access panel.On the panel, accessibility features are listed according to groups.•SeeingIncludes accessibility features and options for users with visual impairments. You canenable and customize the following settings:High ContrastAdjusts the contrast of windows and buttons on-screen so they are more or less vivid.Large TextEnlarges the font so that it's more readable.Cursor SizeIncreases and decreases the mouse cursor size.ZoomMagnifies text so that it's more readable.Screen ReaderReads aloud screen content to supplement visual reading. For details, see Configuringthe Screen Reader.Sound KeysBeeps when the Num Lock or Caps Lock key is turned on or off.•HearingIncludes the Visual Alerts option to aid those with hearing impairments. When enabled,the option provides a visual indication when an alert sound occurs. Available optionsinclude: Flash the window title and Flash the entire screen.•TypingIncludes accessibility features and options for users with mobility impairments. You canenable and customize the following settings:Screen KeyboardEnables desktop navigation and application use without a physical keyboard.Repeat KeysSpecifies that the keyboard not repeat letters when a key is held down. This setting alsoenables you to change the delay and speed of repeat keys.Cursor BlinkingCauses the cursor to blink in text fields when enabled.Chapter 2Typing Assist (AccessX)Opens a submenu that contains more keyboard settings. For details, seeConfiguring Typing Assist.•Pointing & ClickingIncludes accessibility features and options for users with motor impairments that render using a mouse or any pointing device difficult.Mouse KeysEnables you to control the mouse pointer by using the numeric keypad on your keyboard.Click AssistOpens a submenu that contains more settings for clicking the mouse. For details, see Configuring Click Assist.Double-Click DelayEnables you to adjust the length of time to delay the double-click action.For more information about universal access in the GNOME desktop, go to https:// /users/gnome-help/stable/a11y.html.3Customizing Accessibility FeaturesAccessibility features already have preconfigured settings so that they're immediately usableafter an Oracle Linux installation. However, some of these features can be customizedaccording to preferences. This chapter describes these features that you can furtherenhance. When you enable a feature after reconfiguring it, the new settings are applied. Configuring the Screen ReaderOracle Linux provides Orca as its default on-screen reader. The orca package is installed onthe Oracle Linux 8 system by default. When enabled, the Orca screen reader speaks text asyou move the focus of the cursor on-screen.Configurable Settings of the Screen ReaderThe Screen Reader Preferences window contains the following tabs, each of which has alist of customizable settings:GeneralConfigures how Orca behaves.VoiceDetermines the voice that Orca uses when reading the screen.SpeechDefines what the reader reads aloud and the degree of verbosity.BrailleConfigures Orca Braille display support.Key EchoDefines what the reader reads aloud while you type.Key BindingsDefines keyboard shortcuts for Orca.PronunciationConfigures word pronunciation.Text AttributesConfigures text formatting.Customizing the Screen Reader1.Type the following command:orca -sThe -s option can also be typed as --setup. The command opens the Screen ReaderPreferences window.2.Customize the reader according to specific needs.Click each tab to configure the different options on those tabs.For Braille configuration, see Using Braille .3.Click Apply , then click OK .4.At the command line, press Ctrl-C to return to the command prompt.5.Enable the screen reader by using either the Universal Access panel or, ifavailable, the quick access icon on the desktop's top bar.Configuring the MagnifierZoom is the default magnifier that's included in the GNOME desktop for Oracle Linux 8.Configurable Settings of the MagnifierThe Zoom Options window contains the following tabs, each of which has a list of customizable settings:MagnifierConfigures magnification and magnifier cursor behavior.CrosshairsConfigures cross hair appearance, including color.Note that to use Crosshairs , you would need to toggle the feature's switch on this tab to ON . However, the crosshairs appear only if you also enable Zoom.To use the magnifier but not the crosshairs, you would need to return to this window to disable the feature.Color EffectsConfigures the display of colored content.Customizing the Magnifier1.Access the Universal Access panel by using a preferred method.See Accessing Assistive Technologies .2.From the list of options on the panel, select Zoom .The Zoom Options window is displayed.3.Customize the magnifier according to your preferences.Click each tab to configure the different options on those tabs.4.(Optional) Toggle the magnifier switch to ON to use the feature immediately.You can also enable the magnifier later through the Universal Access Menu iconon the desktop's top bar.Chapter 3Configuring the MagnifierChapter 3Configuring Typing Assist For more information about customizing the magnifier, go to https:///users/gnome-help/stable/a11y-mag.html.en.Configuring Typing AssistTyping Assist consists of several assistive technologies for using the keyboard.Configurable Settings of Typing AssistTyping Assist is one of the features under the Typing group. The settings include thefollowing:Enable By KeyboardEnables keyboard control to navigate the desktop instead of using a mouse.For help with using keyboard navigation, see https:///users/gnome-help/stable/shell-keyboard-shortcuts.html.en.Sticky KeysEnables shortcut keys to be typed in sequence instead of one key being held before theother key is pressed.Slow KeysControls the delay between a key being typed and the corresponding character beingdisplayed on-screen.Bounce KeysEnables ignoring fast and repetitive pressing of keys.Except for Enable By Keyboard, the settings can be enabled through the Universal AccessMenu icon on the desktop's top bar.Customizing Typing Assist1.Access the Universal Access panel by using a preferred method.See Accessing Assistive Technologies.2.Under the Typing group, select Typing Assist (AccessX) .The Typing Assist window is displayed.3.Customize the settings for key behavior according to your preferences.For more information about customizing Typing Assist, go to https:///users/gnome-help/stable/keyboard.html.en.Configuring Click AssistClick Assist consists of several assistive technologies for using the mouse or other pointingdevices.Configurable Settings of Click AssistClick Assist is one of the features under the Point & Clicking group. The settings includethe following:Chapter 3Configuring Click Assist Simulated Secondary ClickTriggers a secondary click when you hold the primary button, which causes the equivalent action of double-clicking.Hover ClickTriggers a click when you hover over a specific screen location, which causes the equivalent action of clicking or selecting.Customizing Click Assist1.Access the Universal Access panel by using a preferred method.See Accessing Assistive Technologies.2.Under the Pointing & Clicking group, select Click Assist.The Click Assist window is displayed.3.Customize the settings for mouse click behavior according to set preferences.For more information about configuring Click Assist, go to https:/// users/gnome-help/stable/mouse.html.en.4Using BrailleBraille support is included in the GNOME desktop's accessibility features. Likewise, thebrltty daemon that's running as a background process enables users to access informationon Braille display devices.Configuring Braille Options on the Screen ReaderThe GNOME desktop's Screen Readers Preference window contains a page for Brailleconfiguration.Configurable Braille Settings on the Screen ReaderOn the Braille page, you can configure the following settings:Display SettingsDefines how Braille is displayed.VerbosityDetermines the amount of information that is rendered in Braille.Selection and Hyperlink IndicatorsDefines how selected text and hyperlinks are displayed.Flash Message SettingsEnables notifications and configures how these notifications are handled.For more information about configuring Orca's Braille options, go to https:///users/orca/stable/preferences_braille.html.en.Customizing Braille on the Screen Reader1.Type the following command:orca -sThe -s option can also be typed as --setup. The command opens the Screen ReaderPreferences window.2.Click the Braille tab.3.Customize the Braille options according to user needs.4.Enable the screen reader by using either the Universal Access panel or, if available, thequick access icon on the desktop's top bar.Chapter 4Configuring the BRLTTY ServiceConfiguring the BRLTTY ServiceSupport for a Braille device is provided by the BRLTTY daemon (brltty). Youconfigure this service through the /etc/brltty.conf configuration file.Configurable Settings of the brltty ServiceThe following are a selection of configurations that you can set in /etc/brltty.conf:•Authorize users who can use the Braille device.Specify the users on the line #api-parameters Auth=user:, for example:api-parameters Auth=user:jsmith, jdoe, bbrown•Authorize groups who can use the Braille device.Specify the groups on the line #api-parameters Aut=group:. For example, for agroup called braille, you would enter:api-parameters Auth=group:braille•Indicate the Braille display device driver.Uncomment the appropriate #braille-driver line that contains your selecteddriver. Drivers are identified by two-letter codes, which are provided in theconfiguration file, for example:braille-driver voOn a single braille-driver line, you can specify multiple, comma-separateddrivers. In this case, the service automatically scans the list and detects theappropriate driver.•Indicate the type of Braille display device.Uncomment the appropriate #braille-device line that contains your selecteddevice. Several lines that correspond to specific device types are provided, forexample:braille-device bluetooth:addressOn a single braille-device line, you can specify multiple, comma-separateddevices. In this case, the service automatically scans the list and detects theappropriate device.Using the brltty Service1.Install the brltty package.sudo dnf install -y brlttyChapter 4Configuring the BRLTTY Service2.Configure settings in /etc/brltty.conf as needed.3.Enable the brltty service.sudo systemctl enable brltty4.If prompted, type the user password.5.Reboot the system.6.After the system reboots, verify that the service is running, as follows:sudo systemctl status brltty* brltty service - Braille display driver for Linux/UnixLoaded: loaded (/usr/lib/systemd/system/brltty.service; enabled; vendor preset: disabledActive: active (running) since Wed 2020-04-15 12:07:48 PDT; 25min ago...For more information, see the brltty(1) manual page.。

实验一Linux常用命令（一）1、Shell环境和Shell命令格式如果实验用计算机上Linux以图形方式启动，登录系统后打开终端窗口。

方法：桌面：右键菜单－Terminal（终端）；或：主菜单－系统工具－Terminal（终端）。

命令格式：command [-option(s)] [option argument(s)] [command argument(s)]步骤1：使用who命令步骤2：使用date命令步骤3：使用上下健提取历史命令who，执行。

2、文件系统操作命令（1）改变目录命令：cd 目标目录路径步骤1：使用绝对路径依次进入Linux根目录下的所有子目录。

例如：cd /usr/bin步骤2：使用绝对路径依次进入用户目录。

步骤3：使用相对路径进入子目录1）使用绝对路径进入/lib目录2）使用相对路径进入/lib/i868目录3）使用相对路径退回到/lib目录（2）列出并观察目录中的文件步骤1：进入任意目录，使用无参数ls命令列出并观察其中所有文件；步骤2：进入任意目录，使用通配符列出其中部分文件；例如：cd /binls c*步骤3：使用－l选项，列出目录中文件的各种属性，并观察识别这些属性。

步骤4：直接列出子目录中的文件。

例如：ls i868步骤5：仅列出子目录本身（－d）步骤6：使用－F选项，显示文件类型标志。

步骤7：使用－a或－A选项，观察结果有什么变化。

步骤8：综合使用以上选项。

（3）目录的创建与删除步骤1：在用户目录中，使用相对路径创建一个任意名称的目录，如“tmp”。

mkdir tmp步骤2：删除该目录rmdir tmp步骤3：在根目录中，使用绝对路径在用户命令中创建一个子目录。

mkdir ~/tmp步骤4：删除该目录rmdir ～/tmp步骤5：使用－p参数一次创建多级目录。

如：mkdir ～/tmp/dir1步骤6：使用－p参数删除多级目录。

如：cd ~rmdir tmp/dir1（4）文件和目录拷贝命令：cp步骤1：从/usr/include目录中，任选一个文件拷贝到用户目录的tmp子目录中mkdir ~/tmpcp /usr/include/signal.h ~/tmp步骤2：从/usr/include目录中，任选一个文件拷贝到用户目录的tmp子目录中，并改变其文件名。

arch linux使用指南Arch Linux是一个非常酷的操作系统，但对于新手来说可能有点难上手。

不过别担心，我会给你一份超贴心的使用指南。

一、安装前的准备。

安装Arch Linux之前，你得先有个安装介质，一般就是把镜像文件写到U盘里。

你可以用像Rufus这样的工具，在Windows下轻松搞定。

要是你用的是Linux系统，那就更简单啦，直接用dd命令就好。

比如说，你的U盘设备名是/dev/sdb，镜像文件是archlinux.iso，那你就在终端里输入“dd if=archlinux.iso of=/dev/sdb status=progress”，然后就等着它写完就行啦。

在安装之前，你还得对电脑的硬件有个大概的了解。

知道自己的电脑是UEFI启动还是传统的BIOS启动，这在安装过程中很重要哦。

还有就是要确保你的电脑能联网，因为安装过程中可能需要从网上下载一些软件包。

二、安装过程。

1. 启动到安装环境。

把制作好的U盘插到电脑上，然后重启电脑，进入BIOS或者UEFI设置界面，把启动顺序调整一下，让电脑从U盘启动。

进入到Arch Linux的安装界面后，你会看到一个命令行界面，这时候可别慌。

2. 分区。

分区是个挺重要的事儿。

如果你的电脑只有一块硬盘，那你可以简单地划分出根分区（/）、交换分区（swap）。

比如说，你可以用cfdisk这个工具来分区。

如果你的硬盘比较大，你还可以划分出/home分区来专门存放用户数据。

根分区的大小根据你的硬盘大小和需求来定，一般20 - 50GB都可以。

交换分区的话，如果你内存比较小，就设置成和内存一样大；如果内存比较大，8GB左右也够了。

3. 格式化分区。

分好区之后，就要格式化分区啦。

根分区可以格式化为ext4格式，交换分区就用mkswap命令格式化。

格式化根分区就像这样“mkfs.ext4 /dev/sda1”（假设根分区是/dev/sda1），格式化交换分区就是“mkswap /dev/sda2”（假设交换分区是/dev/sda2）。

linux命令使用手册Linux是一种开源操作系统，广泛应用于服务器领域，拥有庞大的软件资源和一系列强大的命令。

在Linux中，命令是用户与操作系统交互的主要方式之一。

本文将对一些常用的Linux命令进行介绍，帮助读者更好地使用Linux操作系统。

1. ls命令：用于查看文件和目录的列表。

ls命令的一些常用参数包括：- -l：详细显示文件和目录信息，包括文件的权限、所有者、大小等。

- -a：显示所有文件和目录，包括隐藏文件。

- -h：以人类可读的方式显示文件和目录大小。

2. cd命令：用于切换当前工作目录。

例如，cd /var/www将切换至/var/www目录。

3. pwd命令：用于显示当前工作目录的路径。

4. cp命令：用于复制文件或目录。

例如，cp file1 file2将文件file1复制到file2。

5. mv命令：用于移动文件或目录，也可用于重命名文件或目录。

6. rm命令：用于删除文件或目录。

例如，rm file1将删除文件file1。

7. mkdir命令：用于创建目录。

例如，mkdir new_dir将创建一个名为new_dir的目录。

8. rmdir命令：用于删除空目录。

9. cat命令：用于查看文件内容。

例如，cat file1将显示文件file1的内容。

10. less命令：用于逐页查看文件内容。

例如，less file1可以逐页查看文件file1的内容。

11. head命令：用于显示文件的前几行，默认显示前10行。

例如，head file1将显示文件file1的前10行内容。

12. tail命令：用于显示文件的后几行，默认显示后10行。

例如，tail file1将显示文件file1的后10行内容。

13. grep命令：用于在文件中查找匹配的字符串。

例如，grep "keyword" file1将在文件file1中查找包含关键字"keyword"的行。

Deployment GuideInstalling Fortify SSC 20.2.0 with MySQL 8 in Easy Steps on CentOS 8Fortify SSC 20.xAuthor: Vikas JohariDate: 29 January 2021Document Version: v0.1ContentsContents (2)Introduction (3)Installation of Oracle JDK 1.8 (3)Installing Tomcat 9.0.41 (4)Configure Apache (optional) (5)Installing MySQL 8 Community Edition (6)Configuring MySQL Database for SSC (8)Deploying JDBC Driver on Tomcat Server (11)Deploying SSC on Tomcat Server (11)IntroductionThis document is written to guide Pre-Sales and Partners to install Fortify SSC 20.2.0 in CentOS 8.x with MySQL 8 Community edition Database, in the same server.This document is not written to install Fortify SSC 20.2.0 in a Production Environment. However, this document can be used to setup Fortify SSC 20.2.0 in a controlled environment like Lab or PoC or CoE Environment.The Hardware and Software requirements are given in the link –https:///documentation/fortify-software-security-center/2020/Fortify_Sys_Reqs_20.2.0/index.htm#SSC/SSC_Reqs.htm?TocPath=Fortify%2520Software%2520 Security%2520Center%2520Server%2520Requirements%257C_____0Detailed SSC 20.2.0 User Guide is given in https:///documentation/fortify-software-security-center/2020/SSC_Help_20.2.0/index.htmI have used a VM with the below hardware configuration –CPU: 4 VCPURAM: 8 GB RAMDisk: 100 GB Thin ProvisionedCentOS 8: Download link /centos/8/isos/x86_64/MySQL 8 Community EditionInternet Connection on CentOS VMInstall CentOS 8 and apply all the required patches.Installation of Oracle JDK 1.8Download Oracle JDK 11 “jdk-11.0.10_linux-x64_bin.rpm” file fromhttps:///in/java/technologies/javase-jdk11-downloads.html and upload “jdk-11.0.10_linux-x64_bin.rpm” to server.Install Oracle JDK 11 using –[root@localhost ~]# rpm -ivh jdk-11.0.10_linux-x64_bin.rpmVerify that only Oracle JDK is installed in the server –[root@localhost ~]# rpm -qa | grep -i jdkjdk-11.0.10-11.0.10-ga.x86_64Add the below lines in /etc/profile file (at the end of it) using a text editor.export JAVA_HOME=$(dirname $(dirname $(readlink $(readlink $(which javac))))) export PATH=$PATH:$JAVA_HOME/binexport CLASSPATH=.:$JAVA_HOME/jre/lib:$JAVA_HOME/lib:$JAVA_HOME/lib/tools.jar Reboot the server and login as root.Installing Tomcat 9.0.41Post-installation of JDK 11, now we can install tomcat 9.[root@localhost ~]# cd Downloads[root@localhost Downloads]# wgethttps://mirrors.estointernet.in/apache/tomcat/tomcat-9/v9.0.41/bin/apache-tomcat-9.0.41.tar.gzExtract tomcat[root@localhost Downloads]# tar -xvf apache-tomcat-9.0.41.tar.gz -C /usr/share/Create a symbolic link -[root@localhost Downloads]# ln -s /usr/share/apache-tomcat-9.0.41/ /usr/share/tomcatCreate a tomcat service[root@localhost Downloads]# vi /etc/systemd/system/tomcat.service Add the below configuration –[Unit]Description=Tomcat 9 ServerAfter=syslog.target network.target[Service]Type=forkingUser=rootGroup=rootEnvironment='JAVA_OPTS=-Djava.awt.headless=true'Environment=CATALINA_HOME=/usr/share/tomcatEnvironment=CATALINA_BASE=/usr/share/tomcatEnvironment=CATALINA_PID=/usr/share/tomcat/temp/tomcat.pidEnvironment='CATALINA_OPTS=-Xms4096M -Xmx6144M'ExecStart=/usr/share/tomcat/bin/catalina.sh startExecStop=/usr/share/tomcat/bin/catalina.sh stop[Install]WantedBy=multi-user.targetStart and enable the tomcat service[root@localhost Downloads]# systemctl daemon-reload[root@localhost Downloads]# systemctl start tomcat[root@localhost Downloads]# systemctl status tomcat● tomcat.service - Apache Tomcat ServerLoaded: loaded (/etc/systemd/system/tomcat.service; enabled; vendor preset: disabled)Active: active (running) since Thu 2021-01-28 22:46:02 CST; 2min 59s agoProcess: 1028 ExecStart=/usr/local/tomcat9/bin/catalina.sh start (code=exited, status=0/SUCCESS) Main PID: 1110 (java)Tasks: 99 (limit: 100787)Memory: 2.0GCGroup: /system.slice/tomcat.service└─1110 /usr/bin/java -Djava.util.logging.config.file=/usr/local/tomcat9/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djdk.tls.e>Jan 28 22:46:01 systemd[1]: Starting Apache Tomcat Server...Jan 28 22:46:01 catalina.sh[1028]: Tomcat started.Jan 28 22:46:02 systemd[1]: Started Apache Tomcat Server.[root@localhost Downloads]# systemctl enable tomcatCreated symlink /etc/systemd/system/multi-user.target.wants/tomcat.service →/etc/systemd/system/tomcat.service.Open Port 8080 & 80 in the firewall.[root@localhost Downloads]# firewall-cmd --permanent --add-port=8080/tcp success[root@localhost Downloads]# firewall-cmd --permanent --add-port=80/tcp success[root@localhost Downloads]# firewall-cmd --reloadsuccessConfigure Apache (optional)Apache is an optional component, it is used to act as a reverse proxy for tomcat server.Install apache server using -[root@localhost ~]# yum install httpd -yCreate a reverse proxy configuration for tomcat using a text editor -[root@localhost ~]# vi /etc/httpd/conf.d/tomcat9.conf<VirtualHost *:80>ServerAdmin root@localhostServerName DefaultType text/htmlProxyRequests offProxyPreserveHost OnProxyPass / http://localhost:8080/ProxyPassReverse / http://localhost:8080/</VirtualHost>Configure SELinux Rules –[root@localhost ~]# setsebool -P httpd_can_network_connect 1[root@localhost ~]# setsebool -P httpd_can_network_relay 1[root@localhost ~]# setsebool -P httpd_graceful_shutdown 1[root@localhost ~]# setsebool -P nis_enabled 1Restart and enable the apache service.[root@localhost ~]# systemctl restart httpd[root@localhost ~]# systemctl enable httpdUse a browser to validate the tomcat and apache service is running as per configuration, using, http://ip, :8080, http://ip:8080 of the server.Installing MySQL 8 Community EditionRun the below command to download and install MySQL 8 community edition database.[root@localhost Downloads]# wget https:///get/Downloads/MySQL-8.0/mysql-community-libs-8.0.19-1.el8.x86_64.rpm[root@localhost Downloads]# wget https:///get/Downloads/MySQL-8.0/mysql-community-common-8.0.19-1.el8.x86_64.rpm[root@localhost Downloads]# wget https:///get/Downloads/MySQL-8.0/mysql-community-client-8.0.19-1.el8.x86_64.rpm[root@localhost Downloads]# wget https:///get/Downloads/MySQL-8.0/mysql-community-server-8.0.19-1.el8.x86_64.rpm[root@localhost Downloads]# rpm -ivh mysql-community-client-8.0.19-1.el8.x86_64.rpm mysql-community-common-8.0.19-1.el8.x86_64.rpm mysql-community-libs-8.0.19-1.el8.x86_64.rpm mysql-community-server-8.0.19-1.el8.x86_64.rpmStart and Enable the MySQL Service[root@localhost Downloads]# systemctl start mysqld[root@localhost Downloads]# systemctl enable mysqldGrab the temporary password for root user of mysql[root@localhost ~]# cat /var/log/mysqld.log | grep -i 'temporary password'Note down the password.2020-02-12T13:23:05.319292Z 5 [Note] [MY-010454] [Server] A temporary password is generated for root@localhost: niy4pkkn1t,TTest MySQL server.[root@localhost ~]# mysql -u root -pEnter password: niy4pkkn1t,T <- Enter the temporary password from log fileWelcome to the MySQL monitor. Commands end with ; or \g.Your MySQL connection id is 8Server version: 8.0.19 MySQL Community Server - GPLCopyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.Oracle is a registered trademark of Oracle Corporation and/or itsaffiliates. Other names may be trademarks of their respectiveowners.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.mysql> show databases;+--------------------+| Database |+--------------------+| information_schema || mysql || performance_schema || sys |+--------------------+4 rows in set (0.00 sec) mysql>quitByeConfiguring MySQL Database for SSCModify the MySQL Configuration file for SSC.[root@localhost ~]# mv /etc/f /etc/f_orig [root@localhost ~]# vi /etc/fPaste the below content in the file -[client]port = 3306socket = /var/run/mysqld/mysqld.sock[mysql]no-beepsocket = /var/run/mysqld/mysqld.sock[mysqld]collation-server = latin1_general_csinit-connect = 'SET NAMES latin1'character-set-server = latin1pid-file = /var/run/mysqld/mysqld.pidsocket = /var/run/mysqld/mysqld.sockport = 3306datadir = /var/lib/mysql/datadefault_authentication_plugin = mysql_native_passworddefault-storage-engine = INNODBsql-mode = "TRADITIONAL"long_query_time=10report_port = 3306lower_case_table_names = 1secure-file-priv = NULLsymbolic-links = 0max_connections = 151table_open_cache = 2000tmp_table_size = 648Mthread_cache_size = 10myisam_max_sort_file_size = 100Gmyisam_sort_buffer_size = 2Gkey_buffer_size = 8Mread_buffer_size = 64Kread_rnd_buffer_size = 256Kinnodb_flush_log_at_trx_commit = 1innodb_log_buffer_size = 1Minnodb_buffer_pool_size = 10Ginnodb_log_file_size = 5Ginnodb_lock_wait_timeout = 300innodb_thread_concurrency = 9innodb_autoextend_increment = 64innodb_buffer_pool_instances = 8innodb_concurrency_tickets = 5000innodb_old_blocks_time = 1000innodb_open_files = 300innodb_stats_on_metadata = 0innodb_file_per_table = 1innodb_checksum_algorithm = 0back_log = 80flush_time = 0join_buffer_size = 256Kmax_allowed_packet = 1Gmax_connect_errors = 100open_files_limit = 4161sort_buffer_size = 256Ktable_definition_cache = 1400binlog_row_event_max_size = 8Ksync_master_info = 10000sync_relay_log = 10000sync_relay_log_info = 10000#!includedir /etc/mysql/conf.d/[mysqldump]max_allowed_packet = 1GStop MySQL Service[root@localhost ~]# service mysqld stopInitialize the MySQL Database server.[root@localhost ~]# mysqld --initialize-insecure --console --user=mysql 2020-03-05T10:20:08.891111Z 0 [Warning] [MY-011070] [Server] 'Disabling symbolic links using --skip-symbolic-links (or equivalent) is the default. Consider not using this option as it' is deprecated and will be removed in a future release.2020-03-05T10:20:08.891266Z 0 [System] [MY-013169] [Server] /usr/sbin/mysqld (mysqld8.0.19) initializing of server in progress as process 32938100 200 300 400 500 600 700 800 900 1000 1100 1200 1300 1400 1500 1600 1700 1800 1900 2000 2100 2200 2300 2400 2500 2600 2700 2800 2900 3000 3100 3200 3300 3400 3500 3600 3700 3800 3900 4000 4100 4200 4300 4400 4500 4600 4700 4800 4900 5000 5100100 200 300 400 500 600 700 800 900 1000 1100 1200 1300 1400 1500 1600 1700 1800 1900 2000 2100 2200 2300 2400 2500 2600 2700 2800 2900 3000 3100 3200 3300 3400 3500 3600 3700 3800 3900 4000 4100 4200 4300 4400 4500 4600 4700 4800 4900 5000 51002020-03-05T10:21:25.170585Z 5 [Warning] [MY-010453] [Server] root@localhost is createdwith an empty password ! Please consider switching off the --initialize-insecure option. Start the MySQL Service[root@localhost ~]# service mysqld startValidate the service, make sure it is running[root@localhost ~]# service mysqld statusSecure the installation of MySQL server.[root@localhost ~]# mysql_secure_installationThis wizard will ask many questions, answer them carefully.Would you like to setup VALIDATE PASSWORD component?Press y|Y for Yes, any other key for No: nPlease set the password for root here.New password: <- Enter a password for root user of mysqlRe-enter new password: <- ReEnter a password for root user of mysqlEstimated strength of the password: 100Do you wish to continue with the password provided?(Press y|Y for Yes, any other key for No) : y......Remove anonymous users? (Press y|Y for Yes, any other key for No) : y......Disallow root login remotely? (Press y|Y for Yes, any other key for No) : y......Remove test database and access to it? (Press y|Y for Yes, any other key for No) : y....Reload privilege tables now? (Press y|Y for Yes, any other key for No) : ySuccess.All done!Now let's create a Database and a User which will be used by SSC.[root@localhost ~]# mysql -u root -pEnter password:<- Enter the root’s password of mysqlmysql> create database SSC_DB DEFAULT CHARACTER SET latin1 COLLATElatin1_general_cs;mysql> CREATE USER 'sscuser'@'localhost' IDENTIFIED WITH mysql_native_password BY 'SscUser@123';You may use any complex password for sscuser of MySQL server, but make a note of it.mysql> GRANT ALL PRIVILEGES ON *.* TO 'sscuser'@'localhost' WITH GRANT OPTION; Query OK, 0 rows affected (0.02 sec)mysql> FLUSH PRIVILEGES;mysql> quitByeNow Create the DB structure.Extract the Fortify_SSC_Server_20.2.0.zip file, then extract Fortify_20.2.0_Server_WAR_Tomcat.zip file.The \Fortify_SSC_Server_20.2.0\Fortify_20.2.0_Server_WAR_Tomcat\sql\mysqlIt contains two files.Upload “create-tables.sql” file into /root/Downloads folder of CentOS server.[root@localhost Downloads]# mysql --user="sscuser" -p --database="ssc_db" --host="localhost" < "create-tables.sql"Enter password: <- Type the password of sscuser and then hit enterValidate the DB Structure is created.[root@localhost Downloads]# mysql -u sscuser -pEnter password: <- Type the password of sscuser and then hit enterWelcome to the MySQL monitor. Commands end with ; or \g.Your MySQL connection id is 23Server version: 8.0.19 MySQL Community Server - GPLCopyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.Oracle is a registered trademark of Oracle Corporation and/or itsaffiliates. Other names may be trademarks of their respectiveowners.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.mysql> use ssc_db;Reading table information for completion of table and column namesYou can turn off this feature to get a quicker startup with -ADatabase changedmysql> show tables;+------------------------------+| Tables_in_ssc_db |+------------------------------+| activity || activity_persona || activitycomment || activityinstance |mysql> quit;Deploying JDBC Driver on Tomcat ServerThere is no need to deploy the JDBC Driver of MySQL on the Tomcat server because SSC 20.2.0 has the JDBC Driver of MySQL and MSSQL inbuilt into the WAR file.Deploying SSC on Tomcat ServerStop Tomcat server.[root@localhost Downloads]# service tomcat stopUpload ssc.war file from Fortify_20.2.0_Server_WAR_Tomcat.zip file to /usr/share/tomcat/webapps.Start tomcat.[root@localhost Downloads]# service tomcat startWait for few mins, tomcat will take few mins to deploy ssc war file.Open Chrome browser and open the URL http://ip_of_server:8080/sscClick on ADMINISTRATORS./root/.fortify/ssc/init.token and paste it in the token field.Click Sign In.Click Next.Click Next.In the URL: http://ip_of_server:8080/sscEnable HTTP host header validation: DisabledGlobal Search: /globalsearchI have read and understood this warning: EnabledClick Next.Database Type: MYSQLDatabase username: sscuserDatabase Password: ss cuser’s passwordJDBC URL:jdbc:mysql://127.0.0.1:3306/ssc_db?connectionCollation=latin1_general_cs&rewriteB atchedStatements=trueClick Test Connection.If Test connection is successful, then click Next.Browse and Select the Process Seed Bundle.Click on Seed Database.Now, Browse and Select Report Seed Bundle and click on Seed Database.This time, Browse and Select PCI Basic Seed Bundle and click on Seed Database.Now the last one, Browse and select PCI SSF Basic Bundle then click on Seed Database.Click Next.Click Finish.Close and Start Browser, then open SSC url.Login as “admin” and password “admin”.In the Change Password window, change the admin’s password. Click Save.Login with new admin credentials.Click on ADMINISTRTION.Click on Rulepacks, then click on “Update from Server”.Click OK.Click Close.Now SSC is ready to use.< !! End of the Document !! >。

Ubuntu 20.04 Linux Inbox Driver User Manual20.04Document HistoryTable of Contents1Firmware Burning (4)2Port Type Management (5)2.1Port Type Management/VPI Cards Configuration (5)3Modules Loading and Unloading (9)4Important Packages and Their Installation (10)5SR-IOV Configuration (10)5.1Setting up SR-IOV in ConnectX Adapters (10)Default RoCE Mode Setting for RDMA_CM Application (12)1Firmware Burning1.lspci | grep MellanoxExample:04:00.0 Ethernet controller: Mellanox Technologies MT27700 Family[ConnectX-4]04:00.1 InfiniBand controller: Mellanox Technologies MT27700 Family[ConnectX-4]07:00.0 Ethernet controller: Mellanox Technologies MT27710 Family[ConnectX-4 Lx]07:00.1 Ethernet controller: Mellanox Technologies MT27710 Family[ConnectX-4 Lx]0a:00.0 Network controller: Mellanox Technologies MT27520 Family[ConnectX-3 Pro]21:00.0 InfiniBand controller: Mellanox Technologies MT27600 [Connect-IB] 24:00.0 Ethernet controller: Mellanox Technologies MT28800 Family[ConnectX-5 Ex]24:00.1 InfiniBand controller: Mellanox Technologies MT28800 Family[ConnectX-5 Ex]2.# mstflint -d 81:00.0 qImage type: FS4FW Version: 16.26.4012FW Release Date: 10.12.2019Product Version: 16.26.4012Rom Info: type=UEFI version=14.19.17 cpu=AMD64type=PXE version=3.5.805 cpu=AMD64Description: UID GuidsNumberBase GUID: ec0d9a0300d42de4 8Base MAC: ec0d9ad42de4 8Image VSD: N/ADevice VSD: N/APSID: MT_0000000009Security Attributes: N/A3.Download the firmware BIN file from the Mellanox website that matches your card's PSID: → Support →Support → Firmware Download4.Burn the firmware.# mstflint -d <lspci-device-id> -i <image-file> b5.Reboot your machine after the firmware burning is completed.6.Validate new firmware burned successfully:# ethtool -i ens3driver: mlx5_coreversion: 5.0-0firmware-version: 16.26.4012 (MT_0000000009)expansion-rom-version:bus-info: 0000:24:00.0supports-statistics: yessupports-test: yessupports-eeprom-access: nosupports-register-dump: nosupports-priv-flags: yes2Port Type Management2.1Port Type Management/VPI CardsConfigurationConnectX®-3/ConnectX®-3 Pro/ConnectX®-4 ports can be individually configured to work as InfiniBand or Ethernet ports. By default, both ConnectX®-5 VPI ports are initialized as InfiniBand ports. If you wish to change the port type use the mstconfig after the driver is loaded.1.Install mstflint tools.apt install mstflint2.Check the PCI address.lspci | grep MellanoxExample:24:00.0 Ethernet controller: Mellanox Technologies MT28800 Family[ConnectX-5 Ex]e mstconfig to change the link type as desired IB -- for InfiniBand, ETH -- forEthernet.mstconfig –d <device pci> s LINK_TYPE_P1/2=<ETH|IB|VPI>Example:# mstconfig -d 00:06.0 s LINK_TYPE_P1=ETHDevice #1:----------Device type: ConnectX5Name: MCX556A-EDA_AxDescription: ConnectX-5 Ex VPI adapter card; EDR IB (100Gb/s)and 100GbE; dual-port QSFP28; PCIe4.0 x16; tall bracket; ROHS R6Device: 24:00.0Configurations: Next Boot New LINK_TYPE_P1 IB(1) ETH(2)Apply new Configuration? (y/n) [n] : yApplying... Done!-I- Please reboot machine to load new configurations.4.Reboot your machine.5.# mstconfig -d 00:06.0 qDevice #1:----------Device type: ConnectX5Name: MCX556A-EDA_AxDescription: ConnectX-5 Ex VPI adapter card; EDR IB (100Gb/s) and 100GbE; dual-port QSFP28; PCIe4.0 x16; tall bracket; ROHS R6 Device: 24:00.0Configurations: Next BootMEMIC_BAR_SIZE 0 MEMIC_SIZE_LIMIT _256KB(1) HOST_CHAINING_MODE DISABLED(0) HOST_CHAINING_DESCRIPTORS Array[0..7] HOST_CHAINING_TOTAL_BUFFER_SIZE Array[0..7] FLEX_PARSER_PROFILE_ENABLE 0 FLEX_IPV4_OVER_VXLAN_PORT 0 ROCE_NEXT_PROTOCOL 254 ESWITCH_HAIRPIN_DESCRIPTORS Array[0..7] ESWITCH_HAIRPIN_TOT_BUFFER_SIZE Array[0..7] NON_PREFETCHABLE_PF_BAR False(0) NUM_OF_VFS 4 SRIOV_EN True(1) PF_LOG_BAR_SIZE 5 VF_LOG_BAR_SIZE 1 NUM_PF_MSIX 63 NUM_VF_MSIX 11 INT_LOG_MAX_PAYLOAD_SIZE AUTOMATIC(0) SW_RECOVERY_ON_ERRORS False(0) RESET_WITH_HOST_ON_ERRORS False(0) ADVANCED_POWER_SETTINGS False(0) CQE_COMPRESSION BALANCED(0)IP_OVER_VXLAN_EN False(0) PCI_ATOMIC_MODEPCI_ATOMIC_DISABLED_EXT_ATOMIC_ENABLED(0)LRO_LOG_TIMEOUT0 6 LRO_LOG_TIMEOUT1 7 LRO_LOG_TIMEOUT2 8 LRO_LOG_TIMEOUT3 13 LOG_DCR_HASH_TABLE_SIZE 11 DCR_LIFO_SIZE 16384 LINK_TYPE_P1 ETH(2) LINK_TYPE_P2 IB(1) ROCE_CC_PRIO_MASK_P1 255 ROCE_CC_ALGORITHM_P1 ECN(0) ROCE_CC_PRIO_MASK_P2 255 ROCE_CC_ALGORITHM_P2 ECN(0) CLAMP_TGT_RATE_AFTER_TIME_INC_P1 True(1) CLAMP_TGT_RATE_P1 False(0) RPG_TIME_RESET_P1 300 RPG_BYTE_RESET_P1 32767 RPG_THRESHOLD_P1 1 RPG_MAX_RATE_P1 0 RPG_AI_RATE_P1 5 RPG_HAI_RATE_P1 50 RPG_GD_P1 11 RPG_MIN_DEC_FAC_P1 50 RPG_MIN_RATE_P1 1 RATE_TO_SET_ON_FIRST_CNP_P1 0 DCE_TCP_G_P1 1019 DCE_TCP_RTT_P1 1 RATE_REDUCE_MONITOR_PERIOD_P1 4 INITIAL_ALPHA_VALUE_P1 1023 MIN_TIME_BETWEEN_CNPS_P1 2 CNP_802P_PRIO_P1 6 CNP_DSCP_P1 48 CLAMP_TGT_RATE_AFTER_TIME_INC_P2 True(1) CLAMP_TGT_RATE_P2 False(0) RPG_TIME_RESET_P2 300 RPG_BYTE_RESET_P2 32767 RPG_THRESHOLD_P2 1 RPG_MAX_RATE_P2 0 RPG_AI_RATE_P2 5 RPG_HAI_RATE_P2 50 RPG_GD_P2 11 RPG_MIN_DEC_FAC_P2 50 RPG_MIN_RATE_P2 1 RATE_TO_SET_ON_FIRST_CNP_P2 0DCE_TCP_G_P2 1019 DCE_TCP_RTT_P2 1 RATE_REDUCE_MONITOR_PERIOD_P2 4 INITIAL_ALPHA_VALUE_P2 1023 MIN_TIME_BETWEEN_CNPS_P2 2 CNP_802P_PRIO_P2 6 CNP_DSCP_P2 48 LLDP_NB_DCBX_P1 False(0) LLDP_NB_RX_MODE_P1 OFF(0) LLDP_NB_TX_MODE_P1 OFF(0) LLDP_NB_DCBX_P2 False(0) LLDP_NB_RX_MODE_P2 OFF(0) LLDP_NB_TX_MODE_P2 OFF(0) DCBX_IEEE_P1 True(1) DCBX_CEE_P1 True(1) DCBX_WILLING_P1 True(1) DCBX_IEEE_P2 True(1) DCBX_CEE_P2 True(1) DCBX_WILLING_P2 True(1) KEEP_ETH_LINK_UP_P1 True(1) KEEP_IB_LINK_UP_P1 False(0) KEEP_LINK_UP_ON_BOOT_P1 False(0) KEEP_LINK_UP_ON_STANDBY_P1 False(0) KEEP_ETH_LINK_UP_P2 True(1) KEEP_IB_LINK_UP_P2 False(0) KEEP_LINK_UP_ON_BOOT_P2 False(0) KEEP_LINK_UP_ON_STANDBY_P2 False(0) NUM_OF_VL_P1 _4_VLs(3) NUM_OF_TC_P1 _8_TCs(0) NUM_OF_PFC_P1 8 NUM_OF_VL_P2 _4_VLs(3) NUM_OF_TC_P2 _8_TCs(0) NUM_OF_PFC_P2 8 DUP_MAC_ACTION_P1 LAST_CFG(0) SRIOV_IB_ROUTING_MODE_P1 LID(1) IB_ROUTING_MODE_P1 LID(1) DUP_MAC_ACTION_P2 LAST_CFG(0) SRIOV_IB_ROUTING_MODE_P2 LID(1) IB_ROUTING_MODE_P2 LID(1) PCI_WR_ORDERING per_mkey(0) MULTI_PORT_VHCA_EN False(0) PORT_OWNER True(1) ALLOW_RD_COUNTERS True(1) RENEG_ON_CHANGE True(1) TRACER_ENABLE True(1) IP_VER IPv4(0)BOOT_UNDI_NETWORK_WAIT 0UEFI_HII_EN False(0)BOOT_DBG_LOG False(0)UEFI_LOGS DISABLED(0)BOOT_VLAN 1LEGACY_BOOT_PROTOCOL PXE(1)BOOT_RETRY_CNT1 NONE(0)BOOT_LACP_DIS True(1)BOOT_VLAN_EN False(0)BOOT_PKEY 0EXP_ROM_UEFI_x86_ENABLE False(0)EXP_ROM_PXE_ENABLE True(1)IBM_TUNNELED_ATOMIC_EN False(0)IBM_AS_NOTIFY_EN False(0)ADVANCED_PCI_SETTINGS False(0)SAFE_MODE_THRESHOLD 10SAFE_MODE_ENABLE True(1)*************************************************************************3Modules Loading and UnloadingMellanox modules for ConnectX®-2/ConnectX®-3/ConnectX®-3 Pro are:④mlx4_en, mlx4_core, mlx4_ibMellanox modules for ConnectX®-4/ConnectX®-4 Lx/ConnectX®-5 are:④mlx5_core, mlx5_ibIn order to unload the driver, you need to first unload mlx*_en/ mlx*_ib and then themlx*_core module.④To load and unload the modules, use the commands below:•Loading the driver: modprobe <module name>modprobe mlx5_ib•Unloading the driver: modprobe –r <module name>modprobe –r mlx5_ib4Important Packages and TheirInstallationrdma-corerdma-core RDMA core userspace libraries and daemonslibibmad5: Low layer InfiniBand diagnostic and management programslibibmad5 OpenFabrics Alliance InfiniBand MAD libraryopensm: InfiniBand Subnet Manageropensm OpenIB InfiniBand Subnet Manager and management utilitiesIbutils: OpenIB Mellanox InfiniBand Diagnostic Toolsibutils OpenIB Mellanox InfiniBand Diagnostic Toolsinfiniband-diags: OpenFabrics Alliance InfiniBand Diagnostic Toolsinfiniband-diags OpenFabrics Alliance InfiniBand Diagnostic Toolsperftest: IB Performance testsperftest IB Performance Testsmstflint: Mellanox Firmware Burning and Diagnostics Toolsmstflint Mellanox firmware burning toolTo install the packages above, run:# apt-get install <packages names>5SR-IOV Configuration5.1Setting up SR-IOV1.Download mstflint tools.# apt install mstflint2.lspci | grep MellanoxExample:24:00.0 Ethernet controller: Mellanox Technologies MT28800 Family[ConnectX-5 Ex]3.Check if SR-IOV is enabled in the firmware.mstconfig -d <device pci> qExample:# mstconfig -d 00:06.0 qDevice #1:----------Device type: ConnectX3ProPCI device: 00:06.0Configurations: CurrentSRIOV_EN True(1)NUM_OF_VFS 8LINK_TYPE_P1 ETH(2)LINK_TYPE_P2 IB(1)LOG_BAR_SIZE 3BOOT_PKEY_P1 0BOOT_PKEY_P2 0BOOT_OPTION_ROM_EN_P1 True(1)BOOT_VLAN_EN_P1 False(0)BOOT_RETRY_CNT_P1 0LEGACY_BOOT_PROTOCOL_P1 PXE(1)BOOT_VLAN_P1 1BOOT_OPTION_ROM_EN_P2 True(1)BOOT_VLAN_EN_P2 False(0)BOOT_RETRY_CNT_P2 0LEGACY_BOOT_PROTOCOL_P2 PXE(1)BOOT_VLAN_P2 1IP_VER_P1 IPv4(0)IP_VER_P2 IPv4(04.Enable SR-IOV:mstconfig –d <device pci> s SRIOV_EN=<False|True>5.Configure the needed number of VFs.mstconfig –d <device pci> s NUM_OF_VFS=<NUM>Note: This file will be generated only if IOMMU is set in the grub.conf file (by adding intel_iommu=on to /boot/grub/grub.conf file).6.[mlx4 devices only] Edit the file /etc/modprobe.d/mlx4.conf:options mlx4_core num_vfs=[needed num of VFs] port_type_array=[1/2 for IB/ETH],[ 1/2 for IB/ETH]Example:options mlx4_core num_vfs=8 port_type_array=1,17.[mlx5 devices only] Write to the sysfs file the number of needed VFs.echo [num_vfs] > /sys/class/infiniband/mlx5_0/device/sriov_numvfs 8.Reboot the driver.9.Load the driver and verify that the VFs were created.lspci | grep mellanoxExample:24:00.0 Ethernet controller: Mellanox Technologies MT28800 Family[ConnectX-5 Ex]24:00.1 Infiniband controller: Mellanox Technologies MT28800Family [ConnectX-5 Ex]24:00.2 Ethernet controller: Mellanox Technologies MT28800 Family[ConnectX-5 Ex Virtual Function]24:00.3 Ethernet controller: Mellanox Technologies MT28800 Family[ConnectX-5 Ex Virtual Function]24:00.4 Ethernet controller: Mellanox Technologies MT28800 Family[ConnectX-5 Ex Virtual Function]24:00.5 Ethernet controller: Mellanox Technologies MT28800 Family[ConnectX-5 Ex Virtual Function]For further information, refer to section Setting Up SR-IOV MLNX_OFED User Manual. Default RoCE Mode Setting for RDMA_CM Application1.Mount the configfs file.# mount -t configfs none /sys/kernel/config2.Create a directory for the mlx4/mlx5 device.mkdir -p /sys/kernel/config/rdma_cm/mlx4_0/3.Validate what is the used RoCE mode in the default_roce_mode configfs file.# cat /sys/kernel/config/rdma_cm/mlx4_0/ports/1/default_roce_modeIB/RoCE v14.Change the default RoCE mode,•For RoCE v1: IB/RoCE v1•For RoCE v2: RoCE v2# echo "RoCE v2" >/sys/kernel/config/rdma_cm/mlx4_0/ports/1/default_roce_mode# cat /sys/kernel/config/rdma_cm/mlx4_0/ports/1/default_roce_modeRoCE v2# echo "IB/RoCE v1" >/sys/kernel/config/rdma_cm/mlx4_0/ports/1/default_roce_mode# cat /sys/kernel/config/rdma_cm/mlx4_0/ports/1/default_roce_modeIB/RoCE v1NoticeThis document is provid ed for information purposes only and shall not be regarded as a warranty of a certain functionality, c ondition, or quality of a product. NVIDIA Corporation NVIDIA makes no representations or warranties, expressed or implied, as to the accuracy or completeness of the information contained in this docum ent and assumes no responsibility for any errors contained herein. NVIDIA shall have no li ability for the consequences or use of such information or for any infringement of patents or other rights of third parties that may result f rom its use. This document is not a commitm ent to develop, release, or deliver any Material (defined below), code, or functionality.NVIDIA reserves the right to make corrections, modifications, enhancements, improvements, and any other changes to this docum ent, at any time without notice.Customer should obtain the latest relevant information before placing orders and should verify that such inform ation is curre nt and complete. NVIDIA products are sold subject to the NVIDIA standard term s and conditions of sale supplied at the tim e of order acknowledg ement, unless otherwise agreed in an individual sales agreement signed by authorized representatives of NVIDIA and customer Terms of Sale NVIDIA hereby expressly objects to applying any customer general terms and conditions with regards to the purchase of the NVIDIA product re ferenced in this document. No contractual obligations are formed either directly or indirectly by this document.NVIDIA products are not designed, authorized, or warranted to be suitable for use in medical, military, aircraft, space, or l ife support eq uipment, nor in applications where failure or malfunction of the NVIDIA product can reasonably be expected to result in personal injury, deat h, or property or environmental damage. NVIDIA accepts no liability for inclusion and/or use of NVIDIA products in such equipment or applicatio ns and therefore such inclusion and/or use is at customer s own risk.NVIDIA makes no representation or warranty that products based on this document will be suitable for any specified use. Testi ng of all parameters of each product is not necessarily performed by NVIDIA. It is customer s sole responsibilit y to evaluate and determine the applicability of any inform ation contained in this document, ensure the product is suitable and fit for the application planned by customer, and perform the n ecessary testing for the application in order to avoid a d efault of the application or the product. Weaknesses in customer s product designs may affect the quality and reliability of the NVIDIA product and may result in additional or different conditions and/or requirements beyond those contained in this document. NVIDIA accepts no liability related to any default, dam age, costs, or problem which may be based on or attributable to: (i) the use of the NVIDIA product in any manner that is contrary to this document or (ii) customer product d esigns.No license, either expressed or implied, is granted under any NVIDIA patent right, copyright, or other NVIDIA intellectual pr operty right und er this document. Information p ublished by NVIDIA regard ing third-party products or services does not constitute a license from NVIDIA to use such products or services or a warranty or endorsement thereof. Use of such inform ation may require a license from a third party under the patents or other intellectual property rig hts of the third party, or a license from NVIDIA under the patents or other intellectual property ri ghts of NVIDIA. Reproduction of information in this document is p ermissible only if approved in advance by NVIDIA in writing, reproduced with out alteration and in full compliance with all applicable export laws and regulations, and accomp anied by all associated conditions, limitations, and no tices.TrademarksNVIDIA, the NVIDIA logo, and Mellanox are trademarks and/or registered trademarks of NVIDIA Corporation in the U.S. and other countries. O ther company and product names may b e tradem arks of the respective companies with which they are associated.For the complete and most up dated list of Mellanox trademarks, visit /page/tradem arks.Copyright© 2020 NVIDIA Corporation. All rights reserved.NVIDIA Corporation | 2788 San Tomas Expressway, Santa Clara, CA 95051。

浪潮存储平台用户手册文档版本发布日期适用版本尊敬的用户：衷心感谢您选用浪潮存储！浪潮存储秉承“云存智用运筹新数据”的新存储之道，致力于为您提供符合新数据时代需求的存储产品和解决方案。

本手册用于帮助您更详细地了解和便捷地使用本存储，涉及的截图仅为示例，最终界面请以实际设备显示的界面为准。

由于产品版本升级或其他原因，本手册内容会不定期进行更新，如有变动恕不另行通知。

除非另有约定，本手册仅作为使用指导，本手册中的所有陈述、信息和建议不构成任何明示或暗示的担保。

浪潮拥有本手册的版权，保留随时修改本手册的权利。

未经浪潮许可，任何单位和个人不得以任何形式复制本手册的内容。

如果您对本手册有任何疑问或建议，请向浪潮电子信息产业股份有限公司垂询。

技术服务电话：4008600011地址：中国济南市浪潮路1036号浪潮电子信息产业股份有限公司邮编：250101在您正式使用本存储之前，请先阅读以下声明。

只有您阅读并且同意以下声明后，方可正式开始使用本存储。

如果您对以下声明有任何疑问，请和您的供货商联系或直接与我们联系。

如您在开始使用本系统前未就以下声明向我们提出疑问，则默认您已经同意了以下声明。

1.请不要自行拆卸本存储的机箱及机箱内任何硬件设备。

在本存储出现任何硬件故障或您希望对硬件进行任何升级时，请您将机器的详细硬件配置反映给我们的客户服务中心。

2.请不要将本存储的设备与任何其他型号的相应设备混用。

本存储的内存、CPU、CPU散热片、风扇、硬盘托架、硬盘等都是特殊规格的。

3.在使用本存储时遇到任何软件问题，请您首先和相应软件的提供商联系。

由提供商和我们联系，以方便我们共同沟通和解决您遇到的问题。

对于数据库、网络管理软件或其他网络产品的安装、运行问题，我们尤其希望您能够这样处理。

4.上架安装本存储前，请先仔细阅读相关产品手册中的快速安装指南。

我们致力于产品功能和性能的持续提升，部分功能及操作与手册描述可能会有所差异，但不会影响使用。

Red Hat Enterprise Linux 8使用 SELinux防止用户和进程使用增强安全的 Linux (SELinux)与文件和设备执行未授权的交互Last Updated: 2023-07-26Red Hat Enterprise Linux 8 使用 SELinux防止用户和进程使用增强安全的 Linux (SELinux)与文件和设备执行未授权的交互法律通告Copyright © 2023 Red Hat, Inc.The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.Linux ® is the registered trademark of Linus Torvalds in the United States and other countries. Java ® is a registered trademark of Oracle and/or its affiliates.XFS ® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.MySQL ® is a registered trademark of MySQL AB in the United States, the European Union and other countries.Node.js ® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.The OpenStack ® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.All other trademarks are the property of their respective owners.摘要通过配置 SELinux，您可以增强系统的安全性。