Ndewo, Habr!
N'ime eziokwu nke oge a, n'ihi ọrụ na-eto eto nke njigide na-eto eto na usoro mmepe, okwu nke ịhụ na nchekwa nke ọkwa dị iche iche na ụlọ ọrụ jikọtara ya na arịa abụghị ihe kachasị mkpa. Ime nyocha akwụkwọ ntuziaka na-ewe oge, yabụ na ọ ga-adị mma ịme ma ọ dịkarịa ala nzọụkwụ mbụ iji megharịa usoro a.
N'ime edemede a, m ga-ekekọrịta edemede emebere maka itinye ọtụtụ ọrụ nchekwa Docker na ntuziaka maka otu esi ebuga obere ngosi ngosi iji nwalee usoro a. Ị nwere ike iji ihe ndị ahụ na-anwale otu esi ahazi usoro nke ịnwale nchekwa nke onyonyo na ntuziaka Dockerfile. O doro anya na mmepe nke onye ọ bụla na mmepụta akụrụngwa dị iche iche, ya mere n'okpuru m ga-enye ọtụtụ nhọrọ nhọrọ.
Ngwa nyocha nchekwa
Enwere ọnụ ọgụgụ buru ibu nke ngwa enyemaka dị iche iche na edemede na-eme nyocha na akụkụ dị iche iche nke akụrụngwa Docker. A kọwalarị ụfọdụ n'ime ha n'isiokwu gara aga (), na n'ime ihe a, ọ ga-amasị m ilekwasị anya na atọ n'ime ha, nke na-ekpuchi ọtụtụ ihe nchebe maka ihe oyiyi Docker wuru n'oge usoro mmepe. Na mgbakwunye, m ga-egosikwa ihe atụ nke otu a ga-esi jikọọ ụlọ ọrụ atọ a n'otu pipeline iji mee nyocha nchekwa.
Hadolint
Ngwa njikwa njikwa dị mfe nke na-enyere aka, dị ka mkpokọta mbụ, nyochaa izi ezi na nchekwa nke ntuziaka Dockerfile (dịka ọmụmaatụ, iji naanị ndebanye aha onyonyo ma ọ bụ iji sudo).
Dockle
Ihe njikwa njikwa na-arụ ọrụ na onyonyo (ma ọ bụ ya na ebe nchekwa tar echekwara), nke na-enyocha izi ezi na nchekwa nke otu onyonyo dị ka nke a, na-enyocha ọkwa ya na nhazi ya - nke ndị ọrụ na-emepụta, ntuziaka ndị a na-eji, nke A na-agbanye mpịakọta, ọnụnọ nke paswọọdụ efu, wdg. d. Ruo ugbu a ọnụ ọgụgụ nke nlele adịghị nnukwu ma dabere na ọtụtụ nyocha na ndụmọdụ anyị. maka Docker.
Ihe na-adịghị mma
Ebumnuche a bụ ịchọta ụdị adịghị ike abụọ - nsogbu na OS na-ewuli elu (nke Alpine, RedHat (EL) na-akwado, CentOS, Debian GNU, Ubuntu) na nsogbu na ịdabere (Gemfile.lock, Pipfile.lock, composer.lock, ngwugwu). -lock.json , yarn. mkpọchi, cargo.lock). Trivy nwere ike nyochaa ma onyonyo dị na ebe nchekwa yana onyonyo mpaghara, ma nwee ike nyochaa dabere na faịlụ .tar ebufere na onyonyo Docker.
Nhọrọ maka mmejuputa utilities
Iji nwalee ngwa ndị akọwara na mpaghara dịpụrụ adịpụ, m ga-enye ntuziaka maka ịwụnye ngwa niile na usoro dị mfe.
Isi echiche bụ igosipụta otu ị ga-esi mejuputa nkwenye ọdịnaya akpaaka nke Dockerfiles na onyonyo Docker nke emepụtara n'oge mmepe.
Nyocha ahụ n'onwe ya nwere usoro ndị a:
- Nyochaa izi ezi na nchekwa nke ntuziaka Dockerfile site na iji ngwa linter Hadolint
- Nyochaa izi ezi na nchekwa nke ihe onyonyo ikpeazụ na nke etiti site na iji ngwa Dockle
- Nyochaa maka ọnụnọ nke adịghị ike nke ọha ama ama (CVE) na onyonyo ntọala yana ọtụtụ dabere - site na iji ngwa. Ihe na-adịghị mma
E mesịa n'isiokwu a, m ga-enye nhọrọ atọ maka imejuputa usoro ndị a:
Nke mbụ bụ site n'ịhazi pipeline CI/CD site na iji GitLab dịka ọmụmaatụ (ya na nkọwa nke usoro iwelite ihe atụ).
Nke abụọ bụ iji script shei.
Nke atọ gụnyere iwulite onyonyo Docker iji nyochaa onyonyo Docker.
Ị nwere ike ịhọrọ nhọrọ nke dabara gị mma, nyefee ya na akụrụngwa gị ma megharịa ya na mkpa gị.
Faịlụ niile dị mkpa na ntuziaka ndị ọzọ dịkwa na ebe nchekwa:
Ntinye n'ime GitLab CI/CD
Na nhọrọ nke mbụ, anyị ga-eleba anya ka ị ga-esi mejuputa nyocha nchekwa site na iji sistemụ nchekwa GitLab dịka ọmụmaatụ. N'ebe a, anyị ga-agafe usoro ahụ wee chọpụta ka esi etinye GitLab gburugburu ule site na ọkọ, mepụta usoro nyocha ma malite ọrụ maka ịlele ule Dockerfile na ihe oyiyi enweghị atụ - ngwa JuiceShop.
Ịwụnye GitLab
1. Wụnye Docker:
sudo apt-get update && sudo apt-get install docker.io2. Tinye onye ọrụ ugbu a na otu docker ka ị nwee ike ịrụ ọrụ na docker na-ejighị sudo:
sudo addgroup <username> docker3. Chọta IP:
ip addr4. Wụnye ma malite GitLab n'ime akpa ahụ, jiri nke gị dochie adreesị IP na aha nnabata:
docker run --detach
--hostname 192.168.1.112
--publish 443:443 --publish 80:80
--name gitlab
--restart always
--volume /srv/gitlab/config:/etc/gitlab
--volume /srv/gitlab/logs:/var/log/gitlab
--volume /srv/gitlab/data:/var/opt/gitlab
gitlab/gitlab-ce:latestAnyị na-echere ruo mgbe GitLab mezuru usoro nrụnye niile dị mkpa (ị nwere ike nyochaa usoro a site na ntinye faịlụ ndekọ: docker logs -f gitlab).
5. Mepee IP mpaghara gị na ihe nchọgharị wee hụ ibe na-arịọ gị ka ị gbanwee paswọọdụ maka onye ọrụ mgbọrọgwụ:
Tọọ paswọọdụ ọhụrụ wee gaa GitLab.
6. Mepụta ọrụ ọhụrụ, dịka ọmụmaatụ cicd-test wee malite faịlụ mmalite README.md:
7. Ugbu a, anyị kwesịrị ịwụnye GitLab Runner: onye ọrụ nke ga-arụ ọrụ niile dị mkpa na arịrịọ.
Budata ụdị kachasị ọhụrụ (na nke a, maka Linux 64-bit):
sudo curl -L --output /usr/local/bin/gitlab-runner https://gitlab-runner-downloads.s3.amazonaws.com/latest/binaries/gitlab-runner-linux-amd648. Mee ka ọ rụọ ọrụ:
sudo chmod +x /usr/local/bin/gitlab-runner9. Tinye onye ọrụ OS maka Runner wee malite ọrụ:
sudo useradd --comment 'GitLab Runner' --create-home gitlab-runner --shell /bin/bash
sudo gitlab-runner install --user=gitlab-runner --working-directory=/home/gitlab-runner
sudo gitlab-runner startỌ kwesịrị ịdị ka nke a:
local@osboxes:~$ sudo gitlab-runner install --user=gitlab-runner --working-directory=/home/gitlab-runner
Runtime platform arch=amd64 os=linux pid=8438 revision=0e5417a3 version=12.0.1
local@osboxes:~$ sudo gitlab-runner start
Runtime platform arch=amd64 os=linux pid=8518 revision=0e5417a3 version=12.0.1
10. Ugbu a, anyị na-edebanye aha onye na-agba ọsọ ka ọ nwee ike ịmekọrịta ihe atụ GitLab anyị.
Iji mee nke a, mepee peeji Ntọala-CI/CD (http://OUR_IP_ADDRESS/root/cicd-test/-/settings/ci_cd) na taabụ Runners chọta URL na ndebanye aha:
11. Debanye aha onye na-agba ọsọ site n'ịgbanwe URL na ndebanye aha:
sudo gitlab-runner register
--non-interactive
--url "http://<URL>/"
--registration-token "<Registration Token>"
--executor "docker"
--docker-privileged
--docker-image alpine:latest
--description "docker-runner"
--tag-list "docker,privileged"
--run-untagged="true"
--locked="false"
--access-level="not_protected"N'ihi ya, anyị na-enweta GitLab na-arụ ọrụ emebere, nke anyị kwesịrị itinye ntụziaka ka ịmalite ọrụ anyị. N'ime ngosi ngosi a, anyị enweghị usoro iji wuo ngwa ahụ ma tinye ya, mana n'ọnọdụ dị adị, ndị a ga-ebute usoro nyocha wee mepụta onyonyo na Dockerfile maka nyocha.
nhazi pipeline
1. Tinye faịlụ na ebe nchekwa mydockerfile.df (nke a bụ ule Dockerfile nke anyị ga-elele) yana faịlụ nhazi usoro GitLab CI/CD .gitlab-cicd.yml, nke depụtara ntuziaka maka nyocha (rịba ama ntụpọ dị na aha faịlụ).
Faịlụ nhazi YAML nwere ntuziaka ka iji rụọ ọrụ atọ (Hadolint, Dockle, na Trivy) nke ga-enyocha Dockerfile ahọpụtara yana onyonyo akọwapụtara na mgbanwe DOCKERFILE. Enwere ike iwere faịlụ niile dị mkpa na ebe nchekwa:
Isi na mydockerfile.df (nke a bụ faịlụ na-adịghị ahụkebe nwere usoro ntuziaka aka ike naanị iji gosipụta ọrụ nke ịba uru). Njikọ ozugbo na faịlụ ahụ:
Ọdịnaya nke mydockerfile.df
FROM amd64/node:10.16.0-alpine@sha256:f59303fb3248e5d992586c76cc83e1d3700f641cbcd7c0067bc7ad5bb2e5b489 AS tsbuild
COPY package.json .
COPY yarn.lock .
RUN yarn install
COPY lib lib
COPY tsconfig.json tsconfig.json
COPY tsconfig.app.json tsconfig.app.json
RUN yarn build
FROM amd64/ubuntu:18.04@sha256:eb70667a801686f914408558660da753cde27192cd036148e58258819b927395
LABEL maintainer="Rhys Arkins <[email protected]>"
LABEL name="renovate"
...
COPY php.ini /usr/local/etc/php/php.ini
RUN cp -a /tmp/piik/* /var/www/html/
RUN rm -rf /tmp/piwik
RUN chown -R www-data /var/www/html
ADD piwik-cli-setup /piwik-cli-setup
ADD reset.php /var/www/html/
## ENTRYPOINT ##
ADD entrypoint.sh /entrypoint.sh
ENTRYPOINT ["/entrypoint.sh"]
USER rootNhazi YAML dị ka nke a (nwere ike ịchọta faịlụ n'onwe ya site na njikọ kpọmkwem ebe a: ):
Ọdịnaya nke .gitlab-ci.yml
variables:
DOCKER_HOST: "tcp://docker:2375/"
DOCKERFILE: "mydockerfile.df" # name of the Dockerfile to analyse
DOCKERIMAGE: "bkimminich/juice-shop" # name of the Docker image to analyse
# DOCKERIMAGE: "knqyf263/cve-2018-11235" # test Docker image with several CRITICAL CVE
SHOWSTOPPER_PRIORITY: "CRITICAL" # what level of criticality will fail Trivy job
TRIVYCACHE: "$CI_PROJECT_DIR/.cache" # where to cache Trivy database of vulnerabilities for faster reuse
ARTIFACT_FOLDER: "$CI_PROJECT_DIR"
services:
- docker:dind # to be able to build docker images inside the Runner
stages:
- scan
- report
- publish
HadoLint:
# Basic lint analysis of Dockerfile instructions
stage: scan
image: docker:git
after_script:
- cat $ARTIFACT_FOLDER/hadolint_results.json
script:
- export VERSION=$(wget -q -O - https://api.github.com/repos/hadolint/hadolint/releases/latest | grep '"tag_name":' | sed -E 's/.*"v([^"]+)".*/1/')
- wget https://github.com/hadolint/hadolint/releases/download/v${VERSION}/hadolint-Linux-x86_64 && chmod +x hadolint-Linux-x86_64
# NB: hadolint will always exit with 0 exit code
- ./hadolint-Linux-x86_64 -f json $DOCKERFILE > $ARTIFACT_FOLDER/hadolint_results.json || exit 0
artifacts:
when: always # return artifacts even after job failure
paths:
- $ARTIFACT_FOLDER/hadolint_results.json
Dockle:
# Analysing best practices about docker image (users permissions, instructions followed when image was built, etc.)
stage: scan
image: docker:git
after_script:
- cat $ARTIFACT_FOLDER/dockle_results.json
script:
- export VERSION=$(wget -q -O - https://api.github.com/repos/goodwithtech/dockle/releases/latest | grep '"tag_name":' | sed -E 's/.*"v([^"]+)".*/1/')
- wget https://github.com/goodwithtech/dockle/releases/download/v${VERSION}/dockle_${VERSION}_Linux-64bit.tar.gz && tar zxf dockle_${VERSION}_Linux-64bit.tar.gz
- ./dockle --exit-code 1 -f json --output $ARTIFACT_FOLDER/dockle_results.json $DOCKERIMAGE
artifacts:
when: always # return artifacts even after job failure
paths:
- $ARTIFACT_FOLDER/dockle_results.json
Trivy:
# Analysing docker image and package dependencies against several CVE bases
stage: scan
image: docker:git
script:
# getting the latest Trivy
- apk add rpm
- export VERSION=$(wget -q -O - https://api.github.com/repos/knqyf263/trivy/releases/latest | grep '"tag_name":' | sed -E 's/.*"v([^"]+)".*/1/')
- wget https://github.com/knqyf263/trivy/releases/download/v${VERSION}/trivy_${VERSION}_Linux-64bit.tar.gz && tar zxf trivy_${VERSION}_Linux-64bit.tar.gz
# displaying all vulnerabilities w/o failing the build
- ./trivy -d --cache-dir $TRIVYCACHE -f json -o $ARTIFACT_FOLDER/trivy_results.json --exit-code 0 $DOCKERIMAGE
# write vulnerabilities info to stdout in human readable format (reading pure json is not fun, eh?). You can remove this if you don't need this.
- ./trivy -d --cache-dir $TRIVYCACHE --exit-code 0 $DOCKERIMAGE
# failing the build if the SHOWSTOPPER priority is found
- ./trivy -d --cache-dir $TRIVYCACHE --exit-code 1 --severity $SHOWSTOPPER_PRIORITY --quiet $DOCKERIMAGE
artifacts:
when: always # return artifacts even after job failure
paths:
- $ARTIFACT_FOLDER/trivy_results.json
cache:
paths:
- .cache
Report:
# combining tools outputs into one HTML
stage: report
when: always
image: python:3.5
script:
- mkdir json
- cp $ARTIFACT_FOLDER/*.json ./json/
- pip install json2html
- wget https://raw.githubusercontent.com/shad0wrunner/docker_cicd/master/convert_json_results.py
- python ./convert_json_results.py
artifacts:
paths:
- results.htmlỌ bụrụ na ọ dị mkpa, ị nwekwara ike nyochaa onyonyo echekwara n'ụdị ebe nchekwa .tar (agbanyeghị, ị ga-achọ ịgbanwe paramita ntinye maka akụrụngwa dị na faịlụ YAML)
NB: Trivy chọrọ arụnyere rpm и gaa. Ma ọ bụghị ya, ọ ga-emepụta mperi mgbe ị na-enyocha onyonyo dabere na RedHat yana nweta mmelite na nchekwa data adịghị ike.
2. Mgbe agbakwunyere faịlụ na ebe nchekwa, dị ka ntuziaka dị na faịlụ nhazi anyị, GitLab ga-amalite na-arụ ọrụ na nyochaa ozugbo. Na CI/CD → Pipeline taabụ ị nwere ike ịhụ ọganihu nke ntuziaka.
N'ihi ya, anyị nwere ọrụ anọ. Atọ n'ime ha na-arụkọ ọrụ ozugbo na nyocha, na nke ikpeazụ (Nkọwa) na-anakọta akụkọ dị mfe site na faịlụ gbasasịa nwere nsonaazụ nyocha.
Site na ndabara, Trivy kwụsịrị ịgba ọsọ ma ọ bụrụ na achọpụtara adịghị ike dị egwu na onyonyo a ma ọ bụ ndabere. N'otu oge ahụ, Hadolint na-eweghachite koodu ịga nke ọma mgbe niile n'ihi na ọ na-ebute nkwupụta mgbe niile, nke na-eme ka ụlọ ahụ kwụsị.
Dabere na ihe ị chọrọ, ị nwere ike hazie koodu ọpụpụ ka mgbe akụrụngwa ndị a chọpụta nsogbu nke otu ihe dị oke mkpa, ha na-akwụsịkwa usoro iwu. N'ọnọdụ anyị, ihe owuwu ahụ ga-akwụsị naanị ma ọ bụrụ na Trivy achọpụta adịghị ike yana oke mkpa anyị akọwapụtara na mgbanwe SHOWSTOPPER na .gitlab-ci.yml.
Enwere ike ịhụ nsonaazụ nke ọrụ ọ bụla na ndekọ nke ọrụ nyocha ọ bụla, ozugbo na faịlụ json dị na ngalaba artifact, ma ọ bụ na akụkọ HTML dị mfe (karịa na nke dị n'okpuru):
3. Iji weta akụkọ ịba uru n'ụdị dị ntakịrị karịa mmadụ, a na-eji obere edemede Python mee ka faịlụ JSON atọ ghọọ otu faịlụ HTML nwere tebụl ntụpọ.
Ebubere edemede a site na ọrụ mkpesa dị iche, na ihe ikpeazụ ya bụ faịlụ HTML nwere akụkọ. Isi mmalite edemede dịkwa na ebe nchekwa ma enwere ike ịmegharị ya ka ọ dabara na mkpa gị, agba, wdg.
Ederede Shell
Nhọrọ nke abụọ dabara maka ikpe mgbe ịchọrọ ịlele onyonyo Docker na mpụga sistemụ CI / CD ma ọ bụ na ịchọrọ ịnwe ntuziaka niile n'ụdị enwere ike igbu ozugbo na onye ọbịa. Nhọrọ a na-ekpuchi script shei emebere nke enwere ike ịgba ọsọ na igwe dị ọcha (ma ọ bụ ọbụna ezigbo). Edemede a na-eme otu ntuziaka ahụ dị ka onye na-agba ọsọ gitlab akọwara n'elu.
Ka edemede ahụ wee na-aga nke ọma, Docker ga-etinyerịrị na sistemụ yana onye ọrụ ugbu a ga-anọrịrị na otu docker.
Enwere ike ịchọta edemede ahụ n'onwe ya ebe a:
Na mbido faịlụ ahụ, mgbanwe dị iche iche na-akọwapụta onyonyo kwesịrị ka enyocha ya yana ntụpọ dị oke mkpa ga-eme ka uru Trivy jiri koodu njehie akọwapụtara.
N'oge mmebe script, a ga-ebudata akụrụngwa niile na ndekọ docker_tools, nsonaazụ ọrụ ha dị na ndekọ docker_tools/json, na HTML nwere akụkọ ga-adị na faịlụ ahụ rịzọlt.html.
Mbupute ederede atụ
~/docker_cicd$ ./docker_sec_check.sh
[+] Setting environment variables
[+] Installing required packages
[+] Preparing necessary directories
[+] Fetching sample Dockerfile
2020-10-20 10:40:00 (45.3 MB/s) - ‘Dockerfile’ saved [8071/8071]
[+] Pulling image to scan
latest: Pulling from bkimminich/juice-shop
[+] Running Hadolint
...
Dockerfile:205 DL3015 Avoid additional packages by specifying `--no-install-recommends`
Dockerfile:248 DL3002 Last USER should not be root
...
[+] Running Dockle
...
WARN - DKL-DI-0006: Avoid latest tag
* Avoid 'latest' tag
INFO - CIS-DI-0005: Enable Content trust for Docker
* export DOCKER_CONTENT_TRUST=1 before docker pull/build
...
[+] Running Trivy
juice-shop/frontend/package-lock.json
=====================================
Total: 3 (UNKNOWN: 0, LOW: 1, MEDIUM: 0, HIGH: 2, CRITICAL: 0)
+---------------------+------------------+----------+---------+-------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | VERSION | TITLE |
+---------------------+------------------+----------+---------+-------------------------+
| object-path | CVE-2020-15256 | HIGH | 0.11.4 | Prototype pollution in |
| | | | | object-path |
+---------------------+------------------+ +---------+-------------------------+
| tree-kill | CVE-2019-15599 | | 1.2.2 | Code Injection |
+---------------------+------------------+----------+---------+-------------------------+
| webpack-subresource | CVE-2020-15262 | LOW | 1.4.1 | Unprotected dynamically |
| | | | | loaded chunks |
+---------------------+------------------+----------+---------+-------------------------+
juice-shop/package-lock.json
============================
Total: 20 (UNKNOWN: 0, LOW: 1, MEDIUM: 6, HIGH: 8, CRITICAL: 5)
...
juice-shop/package-lock.json
============================
Total: 5 (CRITICAL: 5)
...
[+] Removing left-overs
[+] Making the output look pretty
[+] Converting JSON results
[+] Writing results HTML
[+] Clean exit ============================================================
[+] Everything is done. Find the resulting HTML report in results.htmlIhe onyonyo docker nwere akụrụngwa niile
Dịka ụzọ ọzọ nke atọ, achịkọtara m Dockerfiles abụọ dị mfe iji mepụta onyonyo nwere ihe nchekwa. Otu Dockerfile ga-enyere aka wulite ntọala maka inyocha onyonyo site na ebe nchekwa, nke abụọ (Dockerfile_tar) ga-enyere aka wulite ntọala maka iji onyonyo nyochaa faịlụ tar.
1. Were faịlụ Docker kwekọrọ na edemede sitere na ebe nchekwa .
2. Anyị na-amalite ya maka mgbakọ:
docker build -t dscan:image -f docker_security.df .
3. Mgbe emechara mgbakọ ahụ, anyị na-emepụta akpa site na oyiyi ahụ. N'otu oge ahụ, anyị na-agafe mgbanwe gburugburu DOCKERIMAGE na aha onyonyo anyị nwere mmasị na ya wee bulie Dockerfile nke anyị chọrọ nyocha site na igwe anyị gaa na faịlụ ahụ. / Mpempe akwụkwọ (Rịba ama na a chọrọ ụzọ zuru oke na faịlụ a):
docker run --rm -v $(pwd)/results:/results -v $(pwd)/docker_security.df:/Dockerfile -e DOCKERIMAGE="bkimminich/juice-shop" dscan:image
[+] Setting environment variables
[+] Running Hadolint
/Dockerfile:3 DL3006 Always tag the version of an image explicitly
[+] Running Dockle
WARN - DKL-DI-0006: Avoid latest tag
* Avoid 'latest' tag
INFO - CIS-DI-0005: Enable Content trust for Docker
* export DOCKER_CONTENT_TRUST=1 before docker pull/build
INFO - CIS-DI-0006: Add HEALTHCHECK instruction to the container image
* not found HEALTHCHECK statement
INFO - DKL-LI-0003: Only put necessary files
* unnecessary file : juice-shop/node_modules/sqlite3/Dockerfile
* unnecessary file : juice-shop/node_modules/sqlite3/tools/docker/architecture/linux-arm64/Dockerfile
* unnecessary file : juice-shop/node_modules/sqlite3/tools/docker/architecture/linux-arm/Dockerfile
[+] Running Trivy
...
juice-shop/package-lock.json
============================
Total: 20 (UNKNOWN: 0, LOW: 1, MEDIUM: 6, HIGH: 8, CRITICAL: 5)
...
[+] Making the output look pretty
[+] Starting the main module ============================================================
[+] Converting JSON results
[+] Writing results HTML
[+] Clean exit ============================================================
[+] Everything is done. Find the resulting HTML report in results.htmlРезультаты
Anyị lere anya naanị otu ihe eji arụ ọrụ maka nyocha ihe osise Docker, nke, n'uche nke m, na-ekpuchi akụkụ dị mma nke ihe nchekwa ihe oyiyi. E nwekwara ọnụ ọgụgụ buru ibu nke na-akwụ ụgwọ na free ngwá ọrụ ndị nwere ike ịrụ otu ego, ise mara mma akụkọ ma ọ bụ na-arụ ọrụ naanị na console mode, cover akpa management usoro, wdg Nleba nke ngwaọrụ ndị a na otu esi ejikọta ha nwere ike ịpụta obere oge ka e mesịrị. .
Ihe dị mma gbasara ihe ndị a kọwara n'isiokwu a bụ na ha niile bụ ebe mepere emepe ma ị nwere ike ịnwale ha na ngwaọrụ ndị ọzọ yiri ya iji chọta ihe dabara gị mkpa na akụrụngwa gị. N'ezie, a ga-amụ ihe adịghị ike niile a chọtara maka ntinye na ọnọdụ ụfọdụ, ma nke a bụ isiokwu maka isiokwu buru ibu n'ọdịnihu.
Enwere m olileanya na ntuziaka a, scripts na akụrụngwa ga-enyere gị aka wee bụrụ ebe mmalite maka ịmepụta akụrụngwa nchekwa na mpaghara nchekwa.
isi: www.habr.com