ProHoster > Blog > rongo ipurangi > He tohatoha iti noa a NICE.OS i hangaia mai i te tīmatanga, ā, i arotauhia mō ngā ipu.

He tohatoha iti noa a NICE.OS i hangaia mai i te tīmatanga, ā, i arotauhia mō ngā ipu.

Kei te whanake motuhake te kaupapa NAYS.OS Linux-дистрибутив, собираемый «с нуля» из исходного кода и поддерживающий собственную пакетную базу, не заимствующую сценарии сборки пакетов из других дистрибутивов. Проект развивает свой инструментарий, свой набор патчей и свою политику сборки. Для загрузки доступен iso-образ (603 МБ), ориентированный на установку на виртуальные машины (KVM, Proxmox, VMware, VirtualBox и др.).

Kei te wātea noa te tohatoha mō te whakamahinga tūmataiti me te arumoni, kāore he herenga mō ngā taputapu. E āraia ana e te whakaaetanga raihana te "whakarerekē, te urutau, te whakamāori, te wetewete, te wetewete, te ngana rānei ki te tango i te waehere pūtake, engari mēnā ka whakaaetia e te ture e pā ana, e ngā raihana pūtake tuwhera rānei." E āraia ana hoki te "whakawhiti, te hoko, te rīhi, te tuku nama, te whakaputa, te tohatoha rānei i te pūmanawa me te kore he whakaaetanga a-tuhi a te kaipupuri mana pupuri."

Kua whakaritea a NICE.OS hei pūnaha tūmau tautoko roa (LTS) kua arotauhia mō mihini mariko, ngā pūnaha kapua, me ngā pona taha. Kua huihuia te kernel, ngā kaiwhakaemi, ngā whare pukapuka matua, me te puranga crypto katoa kia tutuki ai ngā whakaritenga ōrite mō te tāruarua me te haumarutanga. Kei roto te kaupapa i te rēhita pūmanawa Rūhia (ko te tikanga o te rēhitatanga ka taea te whakatutuki i ngā whakaritenga mō te "pūmanawa ā-rohe" i roto i te rāngai kāwanatanga me ētahi kiritaki umanga).

E rua ngā huarahi e tautokona ana: te whakahoutanga ā-atomika (kore e taea te whakarerekē, i runga i te OSTree) me te RPM matarohia (dnf/dnf5). I roto i te huarahi whakahoutanga ā-atomika, ka tāutahia te wehenga /usr hei pānui-anake, ka whakamahia ngā whakahoutanga puta noa i te pūnaha, ka whakamahia ngā whakaahua Btrfs hei huri i ngā whakahoutanga i rahua, ā, ka whakaarohia ngā putanga pūnaha turanga hei taonga ka taea te whakahaere me te tuku ki ngā pūnga mā te putunga OSTree. Ka whakamahia e te huarahi RPM matarohia te whakahaere mōkihi mā te dnf me te dnf5, ka tautoko i ngā whakahoutanga ā-ringa me ngā whakahoutanga aunoa, ā, ka whakaratohia he tāuta papatohu, "niceos-installer."

He iti noa iho, he matapae hoki te turanga o te tohatoha mō ngā ipu, kāore he taiao whakairoiro, ko ngā ratonga taketake anake ka whakarewahia (systemd, network utilities, SSH, firewall i runga i te nftables/firewalld, basic monitoring utilities), ā, e whakaarohia ana kia tāutahia ngā pūmanawa tono katoa ki roto i ngā ipu (Docker/Podman/Kubernetes) hei ratonga motuhake rānei i runga i te turanga.

Kei te wātea ngā whakaahua o te ipu mana i runga i te Docker Hub. Kua hangaia ēnei whakaahua i runga i te NiceOS Base iti rawa, e whakahaerehia ana hei kaiwhakamahi kore mana, kei roto ko te SBOM (CycloneDX/SPDX) kua hangaia ki roto me te pūrongo ngoikoretanga (Trivy, Grype), ā, kua rite ki ngā pūrongo kua hangaia mō te arotake tuimotu i roto tonu i te ipu.

Kei reira te tautoko mō te whakamunatanga ā-whare (he puranga kua oti te huihui me te whakamatautau mō te hunga e hiahia ana ki ngā whakaritenga me ngā arotake GOST):

  • GnuPG me te GOST (GOST R 34.10-2012 me te GOST R 34.11-2012), tae atu ki te waitohu, te whakamunatanga me te manatoko;
  • OpenSSL me GOST - Ngā taputapu TLS me CLI me te whakamunatanga GOST;
  • libksba/nettle — tautoko GOST i roto i te CMS me te X.509;
  • OpenVPN с ГОСТ — готовый сервер с ГОСТ-шифрами, есть скрипт, который разворачивает VPN (PKI, pareārai ahi, aroturuki, whakaurunga ki a Prometheus) i roto i ētahi meneti;
  • Ngā taputapu mō te whakahaere i te pono o ngā hash GOST (gost12sum, ngā kōtaha i roto i te openssl dgst, me ētahi atu).

Ngā whai wāhitanga hei whakapai ake i te haumarutanga:

  • SELinux включён по умолчанию;
  • Ka whakamahia ngā haki parenga hanga paerewa (PIE, RELRO, SSP, FORTIFY_SOURCE, me ētahi atu);
  • Kua whakatinanahia ngā āhuatanga whakahaere pono (Secure Boot, IMA, AIDE me ngā rauropi GOST);
  • Kua hainatia ia mōkihi RPM, ā, he tauira PKI Kore-Whakawhirinaki: mā te taunoa, ko ngā mea katoa kāore anō kia paahitia te manatoko kāore e whakawhirinakihia;
  • Ka hangaia ngā pūrongo SBOM me ngā pūrongo ngoikoretanga mō ngā mōkihi me ngā whakaahua.

Ngā āhuatanga mō ngā pūnaha mariko me te kapua:

  • Kua panuitia te tautoko mō ngā mīhini mariko tairongo (AMD SEV-SNP, Intel TDX). Kei te wātea ngā taputapu hei whakamana i ngā mīhini mariko i roto i ēnei āhuatanga.
  • Kei te wātea te ahua mana o te NICE.OS 5.2 i runga i te Yandex Cloud Marketplace hei mīhini mariko, kei roto kē a Docker, glibc, me Python 3.12; kua tohua te tohatoha kei roto i te rēhita pūmanawa Rūhia;
  • I te Cloud.ru Marketplace, e whakaahuatia ana te tohatoha hei "pūnaha whakahaere iti noa iho o Rūhia mō ngā ipu. He whakaahua mō ngā VM, Docker, me Kubernetes."
  • Kua arotauhia tētahi putanga motuhake o NiceOS V mō ngā hypervisor (Proxmox, VMware ESXi, KVM/QEMU, AWS/Yandex Cloud/Google Cloud, me ētahi atu), me te iti noa o ngā ratonga me te arotahi ki ngā tāutanga aunoa mā Kickstart/JSON.

I roto i ngā putanga i whakamahia:

  • Linux 6.13.x,
  • GCC 14.3, Glibc 2.41,
  • OpenSSL 3.5.1 (me ngā toronga i raro i te GOST),
  • pūnaha 257, coreutils 9.6.

Source: opennet.ru

Hokona te manaaki pono mo nga waahi me te tiaki DDoS, nga kaiwhakarato VPS VDS 🔥 Hokona he manaaki paetukutuku pono me te tiakitanga DDoS, ngā tūmau VPS VDS | ProHoster