diff --git a/Community-task-list.md b/Community-task-list.md index fc0de266bc391a55122e532d5290f31166da101a..12c7ac045be76522faa74c9e59d63355639a665d 100644 --- a/Community-task-list.md +++ b/Community-task-list.md @@ -13,7 +13,7 @@ | 待领取 | 为软件包at开发测试用例,并验证其功能 | 10 |[查看任务](https://gitee.com/opencloudos-testing/at/issues/I7SEUQ)| | 待领取 | 在OpenCloudOS上安装中文输入法 | 10 |[查看任务](https://gitee.com/OpenCloudOS/Contributor/issues/I7TGTX)| | 待领取 | rust-analyzer工具使用 | 10 |[查看任务](https://gitee.com/OpenCloudOS/Contributor/issues/I7TE4L)| -| 待领取 | 使用rustup部署rust编译器,并输出安装/开发指南 | 10 |[查看任务](https://gitee.com/OpenCloudOS/Contributor/issues/I7TE1K)| +| 已完成 | 使用rustup部署rust编译器,并输出安装/开发指南 | 10 |[查看任务](https://gitee.com/OpenCloudOS/Contributor/issues/I7TE1K)| | 待领取 | 部署Elasticsearch | 10 |[查看任务](https://gitee.com/OpenCloudOS/Contributor/issues/I7TGTE)| | 待领取 | 使用国密算法进行用户身份认证 | 10 |[查看任务](https://gitee.com/OpenCloudOS/Contributor/issues/I7TGU2)| diff --git a/OpenSSLSMX/image-20230822164619504.png b/OpenSSLSMX/image-20230822164619504.png new file mode 100644 index 0000000000000000000000000000000000000000..c781d6152e4f1a8c59c9670e9249928768f29015 Binary files /dev/null and b/OpenSSLSMX/image-20230822164619504.png differ diff --git a/OpenSSLSMX/image-20230822164811393.png b/OpenSSLSMX/image-20230822164811393.png new file mode 100644 index 0000000000000000000000000000000000000000..40380448f6964b642674b157ca5ea2d1bc2275f3 Binary files /dev/null and b/OpenSSLSMX/image-20230822164811393.png differ diff --git a/OpenSSLSMX/image-20230822164921422.png b/OpenSSLSMX/image-20230822164921422.png new file mode 100644 index 0000000000000000000000000000000000000000..36b6d317749d79685de5f1d430376ca3c06891ea Binary files /dev/null and b/OpenSSLSMX/image-20230822164921422.png differ diff --git a/OpenSSLSMX/image-20230822165244502.png b/OpenSSLSMX/image-20230822165244502.png new file mode 100644 index 0000000000000000000000000000000000000000..42d3eb6b092a4f7a6389ea8f6ef7d59c8e8295c3 Binary files /dev/null and b/OpenSSLSMX/image-20230822165244502.png differ diff --git "a/OpenSSL\345\233\275\345\257\206\347\256\227\346\263\225\344\275\277\347\224\250.md" "b/OpenSSL\345\233\275\345\257\206\347\256\227\346\263\225\344\275\277\347\224\250.md" new file mode 100644 index 0000000000000000000000000000000000000000..a0eeeecbc15f69bc7da1f56a2d364c15a4bdf07d --- /dev/null +++ "b/OpenSSL\345\233\275\345\257\206\347\256\227\346\263\225\344\275\277\347\224\250.md" @@ -0,0 +1,135 @@ +# OpenSSL国密算法使用 + +OpenSSL对国密算法的支持 + +SM2椭圆曲线: https://github.com/openssl/openssl/pull/4793 +SM3哈希摘要: https://github.com/openssl/openssl/pull/4616 +SM4对称加密: https://github.com/openssl/openssl/pull/4552 + +## OpenSSL安装 + +1. 使用yum命令安装'开发工具'和一些软件包库。 + + ```shell + yum group install 'Development Tools' + yum install perl-core zlib-devel -y + ``` + + + +2. 下载OpenSSL + https://www.openssl.org/source/ 选择1.1.1v + +3. 解压缩 + + ```shell + tar xzvf openssl-1.1.1v.tar.gz + ``` + + 4. 编译 + + ```shell + cd openssl-1.1.1v + ./config + make + ``` + +5. 本地安装 + + ```shell + sudo make install + ``` + +6. 配置LD_LIBRARY_PATH并检查openssl可执行程序版本号 + + ![image-20230822164619504](./OpenSSLSMX/image-20230822164619504.png) + +## 检查是否支持sm2/sm3/sm4 + +### sm2支持 + +![image-20230822164921422](./OpenSSLSMX/image-20230822164921422.png) + + + +### sm3支持 + +![image-20230822164811393](./OpenSSLSMX/image-20230822164811393.png) + + + + + +### sm4支持 + +![image-20230822165244502](./OpenSSLSMX/image-20230822165244502.png) + + + +## 使用sm2算法对文件进行签名,摘要算法指定sm3,同时用sm2完成验签 + + + +```shell +[root@localhost openssl-1.1.1v]# openssl ecparam -name SM2 -genkey -out sm2_ec.key +[root@localhost openssl-1.1.1v]# cat sm2_ec.key +-----BEGIN SM2 PARAMETERS----- +BggqgRzPVQGCLQ== +-----END SM2 PARAMETERS----- +-----BEGIN PRIVATE KEY----- +MIGIAgEAMBQGCCqBHM9VAYItBggqgRzPVQGCLQRtMGsCAQEEIB0lO7VSIfVTG2c5 +rjHMyiZDfp5ijYwGBluj1tNCN9D4oUQDQgAE4nkZXUggrdgi8gNbQvhFwK5tU3Es +MZ2byzoJS1VSlFz7zDCDkzlnLkMHFb/VIbVkgXe63btLpGAkc/8VQIUcVg== +-----END PRIVATE KEY----- +[root@localhost openssl-1.1.1v]# openssl ec -in sm2_ec.key -pubout -out sm2_ec.pubkey +read EC key +writing EC key +[root@localhost openssl-1.1.1v]# cat sm2_ec.pubkey +-----BEGIN PUBLIC KEY----- +MFowFAYIKoEcz1UBgi0GCCqBHM9VAYItA0IABOJ5GV1IIK3YIvIDW0L4RcCubVNx +LDGdm8s6CUtVUpRc+8wwg5M5Zy5DBxW/1SG1ZIF3ut27S6RgJHP/FUCFHFY= +-----END PUBLIC KEY----- +[root@localhost openssl-1.1.1v]# echo "meomeo" > sign.data +[root@localhost openssl-1.1.1v]# openssl dgst -SM3 sign.data +SM3(sign.data)= a627d085b9f67b392daa895dfe307e6470a12c7e8a3f08d6305f3b055210f09b +[root@localhost openssl-1.1.1v]# openssl dgst -SM3 -sign sm2_ec.key -out sm2_ec.sig sign.data +[root@localhost openssl-1.1.1v]# openssl dgst -SM3 -verify sm2_ec.pubkey -signature sm2_ec.sig sign.data +Verified OK +[root@localhost openssl-1.1.1v]# +``` + + + + + +## 使用sm4算法完成对文件的加密和解密 + +### 创建文件 + +```shell +[root@localhost apps]# cat cat.txt +meomeomeo +meomeomeo +meomeomeo +``` + + + +### 加密文件 + +```shell +[root@localhost apps]# ./openssl enc -in cat.txt -out cat1.txt -e -sm4-ctr -pbkdf2 -k 12345678 +``` + + + +### 解密文件 + +```shell +[root@localhost apps]# ./openssl enc -in cat1.txt -out cat2.txt -d -sm4-ctr -pbkdf2 -k 12345678 +``` + + + + + diff --git "a/Rust-analyzer\345\267\245\345\205\267\344\275\277\347\224\250.md" "b/Rust-analyzer\345\267\245\345\205\267\344\275\277\347\224\250.md" new file mode 100644 index 0000000000000000000000000000000000000000..ad9595746da144c6ae72f54c1ce4aa15b3adc061 --- /dev/null +++ "b/Rust-analyzer\345\267\245\345\205\267\344\275\277\347\224\250.md" @@ -0,0 +1,5 @@ +# Rust-analyzer工具使用 + + + +Rust-analyzer功能强大,支持 goto definition、类型推断、符号搜索、重新格式化和代码完成等功能,并支持重命名和重构。 \ No newline at end of file diff --git a/auditinOpenCloudOS/image-20230821154313028.png b/auditinOpenCloudOS/image-20230821154313028.png new file mode 100644 index 0000000000000000000000000000000000000000..76061b22fc0ab5518819b74642d9c43fe13ef6da Binary files /dev/null and b/auditinOpenCloudOS/image-20230821154313028.png differ diff --git a/auditinOpenCloudOS/image-20230821154555078.png b/auditinOpenCloudOS/image-20230821154555078.png new file mode 100644 index 0000000000000000000000000000000000000000..6eeeac594ab76719a92c67126c557bdf5a43fbdd Binary files /dev/null and b/auditinOpenCloudOS/image-20230821154555078.png differ diff --git a/auditinOpenCloudOS/image-20230821154930294.png b/auditinOpenCloudOS/image-20230821154930294.png new file mode 100644 index 0000000000000000000000000000000000000000..f1d0b86cf0bed4c30ecfd52d91e908edac8a6e82 Binary files /dev/null and b/auditinOpenCloudOS/image-20230821154930294.png differ diff --git a/auditinOpenCloudOS/image-20230821155317776.png b/auditinOpenCloudOS/image-20230821155317776.png new file mode 100644 index 0000000000000000000000000000000000000000..9114b11410df4c753c1841f235322687c7d0c28d Binary files /dev/null and b/auditinOpenCloudOS/image-20230821155317776.png differ diff --git a/auditinOpenCloudOS/image-20230821155341052.png b/auditinOpenCloudOS/image-20230821155341052.png new file mode 100644 index 0000000000000000000000000000000000000000..824806e943c5f64a5943c0e485260e3293be0fc7 Binary files /dev/null and b/auditinOpenCloudOS/image-20230821155341052.png differ diff --git a/rustinOpencloudos/image-20230821134443275.png b/rustinOpencloudos/image-20230821134443275.png new file mode 100644 index 0000000000000000000000000000000000000000..519d624e25a8d6073953a822532c2a05b509a253 Binary files /dev/null and b/rustinOpencloudos/image-20230821134443275.png differ diff --git a/rustinOpencloudos/image-20230821134548382.png b/rustinOpencloudos/image-20230821134548382.png new file mode 100644 index 0000000000000000000000000000000000000000..c2ff08409b0e576a8a4e3a96a8b4dddc117e2a68 Binary files /dev/null and b/rustinOpencloudos/image-20230821134548382.png differ diff --git a/rustinOpencloudos/image-20230821134935051.png b/rustinOpencloudos/image-20230821134935051.png new file mode 100644 index 0000000000000000000000000000000000000000..73e6dd16bcdfff65999e16927a444b987e0b60df Binary files /dev/null and b/rustinOpencloudos/image-20230821134935051.png differ diff --git a/rustinOpencloudos/image-20230821141854165.png b/rustinOpencloudos/image-20230821141854165.png new file mode 100644 index 0000000000000000000000000000000000000000..66123dc5f4f2e418bf0b12fc11ed80fa1f054ba9 Binary files /dev/null and b/rustinOpencloudos/image-20230821141854165.png differ diff --git "a/\344\275\277\347\224\250rustup\351\203\250\347\275\262rust\347\274\226\350\257\221\345\231\250.md" "b/\344\275\277\347\224\250rustup\351\203\250\347\275\262rust\347\274\226\350\257\221\345\231\250.md" new file mode 100644 index 0000000000000000000000000000000000000000..29cc89ed972e1e7427557e0f501b20f19e293f57 --- /dev/null +++ "b/\344\275\277\347\224\250rustup\351\203\250\347\275\262rust\347\274\226\350\257\221\345\231\250.md" @@ -0,0 +1,90 @@ +# 使用rustup部署rust编译器 + + + +## 检查rustup在 OpenCloudOS Stream 上是否可用并且可以正确安装 + + + +安装Rust up + +进入Rust Up 官网https://www.rust-lang.org/zh-CN/tools/install + +![image-20230821134443275](./rustinOpencloudos/image-20230821134443275.png) + +复制此命令至终端 + +```shell +curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh +``` + + + +后续安装选择1 默认方式安装 + +![image-20230821134548382](./rustinOpencloudos/image-20230821134548382.png) + +安装成功 + +![image-20230821134634353](./rustinOpencloudos/image-20230821134634353.png) + +您曾经安装过 `rustup`,可以执行 `rustup update` 来升级 Rust。 + + + +## 使用rustup安装rust系列工具(cargo/rustfmt等) + +rust附属工具链已自动安装 + +![image-20230821134935051](./rustinOpencloudos/image-20230821134935051.png) + + + + + +## 基础开发 + +Rust API https://doc.rust-lang.org/std/index.html + +HelloWorld in Rust ! + +```rust +// 这是注释内容,将会被编译器忽略掉 +// 可以单击那边的按钮 "Run" 来测试这段代码 -> +// 若想用键盘操作,可以使用快捷键 "Ctrl + Enter" 来运行 + +// 这段代码支持编辑,你可以自由地修改代码! +// 通过单击 "Reset" 按钮可以使代码恢复到初始状态 -> + +// 这是主函数 +fn main() { + // 调用编译生成的可执行文件时,这里的语句将被运行。 + + // 将文本打印到控制台 + println!("Hello World!"); +} + +``` + + + +如果有报错: + +```shell +error: linker `cc` not found + + | + = note: No such file or directory (os error 2) + +error: aborting due to previous error +``` + + + +这个是没有编译环境,请先安装好环境: `sudo dnf install gcc gcc-c++` + + + +运行成功 + +![image-20230821141854165](./rustinOpencloudos/image-20230821141854165.png) \ No newline at end of file diff --git "a/\351\203\250\347\275\262audit\346\234\215\345\212\241.md" "b/\351\203\250\347\275\262audit\346\234\215\345\212\241.md" new file mode 100644 index 0000000000000000000000000000000000000000..55488727eae6e7fac33a6edd68fa2b499aa421f9 --- /dev/null +++ "b/\351\203\250\347\275\262audit\346\234\215\345\212\241.md" @@ -0,0 +1,68 @@ +# 部署audit服务 + +## 安装软件包 + +```shell + yum -y install audit //安装软件包 +``` + + + +```shell +cat /etc/audit/auditd.conf //查看配置文件,确定日志位置 +``` + +![image-20230821154313028](./auditinOpenCloudOS/image-20230821154313028.png) + + + + + +## 配置审计规则 + +`控制审计系统并设置规则决定哪些行为会被记录日志` + +```shell + auditctl -s //查询状态 +``` + +![image-20230821154555078](./auditinOpenCloudOS/image-20230821154555078.png) + + + +**添加一条新规则** + +```shell +auditctl -w /tmp -p rwxa + +监控/tmp目录 +-w path : 指定要监控的路径 +-p : 指定触发审计的文件/目录的访问权限 +rwxa : 指定的触发条件,r 读取权限,w 写入权限,x 执行权限,a 属性(attr) +``` + + + +新规则已添加 + +![image-20230821154930294](./auditinOpenCloudOS/image-20230821154930294.png) + + + +## **永久保存审计规则** + +```shell +nano /etc/audit/rules.d/audit.rules +例如将-w /data/ -p rwxa加入到最后一行 +service auditd restart +auditctl -l +``` + +![image-20230821155317776](./auditinOpenCloudOS/image-20230821155317776.png) + + + +![image-20230821155341052](./auditinOpenCloudOS/image-20230821155341052.png) + + +