ProHoster > Блог > wararka internetka > Siideynta maareeyaha nidaamka systemd 253

Siideynta maareeyaha nidaamka systemd 253

Saddex bilood iyo badh ka dib horumarinta, maareeyaha nidaamka 253 ayaa la sii daayay.

Waxaa ka mid ah isbeddelada sii deynta cusub:

  • Xirmada waxaa ku jira utility 'ukify', oo loogu talagalay in lagu dhiso, lagu xaqiijiyo, loona soo saaro saxiixyo loogu talagalay sawirrada kernel-ka midaysan (UKI, Sawirka Kernel-ka Midaysan), kaas oo isku daraya gacan-qabte si loogu raro kernel-ka UEFI (boot stub UEFI), sawir kernel ah. Linux iyo jawi nidaamka initrd ah oo lagu shubay xusuusta, oo loo isticmaalo bilowga ka hor inta aan la rakibin nidaamka faylka xididka. Adeeggan wuxuu beddelayaa shaqada uu horey u bixiyay amarka 'dracut --uefi' wuxuuna ku darayaa awoodaha si toos ah loogu xisaabiyo waxyaabaha ka baxsan faylasha PE, lagu daro initrds, lagu saxiixo sawirrada kernel ee ku dhex jira, lagu abuuro sawirro isku dhafan oo leh sbsign, iyadoo la adeegsanayo heuristics si loo go'aamiyo kernel uname, lagu xaqiijiyo sawirka splash, iyo lagu daro siyaasadaha PCR ee saxiixan ee ay soo saartay utility systemd-measure.
  • Taageerada lagu daray ee initrd deegaanka aan ku xaddidnayn qoondaynta xusuusta, kuwaas oo adeegsada dusha sare halkii tmpfs. Deegaannadan oo kale, systemd ma tirtiro dhammaan faylasha ku jira initrd ka dib marka la beddelo nidaamka faylalka xididka.
  • Halbeegga "OpenFile" ayaa lagu daray adeegyada furitaanka feylasha sabab la'aanta ah ee FS (ama isku xirka Unix sockets) iyo u gudbinta sharraxaadaha faylka ee la xiriira habka la bilaabay (tusaale ahaan, marka aad u baahan tahay inaad abaabusho gelitaanka faylka adeegga aan mudnaanta lahayn adigoon beddelin xuquuqda gelitaanka faylka).
  • Markaad diiwaangelinayso furayaal cusub, systemd-cryptenroll hadda waxay taageertaa furitaanka qaybo sir ah iyadoo la adeegsanayo FIDO2 tokens (-unlock-fido2-device) iyada oo aan u baahnayn furaha sirta ah. Lambarka sirta ee isticmaale-ku-sheegga hadda waxa lagu kaydiyaa cusbo si looga dhigo weerarrada xoogga ah mid aad u adag.
  • Kudaray ReloadLimitIntervalSec iyo ReloadLimitBurst settings, iyo sidoo kale xulashooyinka khadka taliska kernel (systemd.reload_limit_interval_sec iyo /systemd.reload_limit_burst) si loo xaddido heerka habka asalka dib loo bilaabo.
  • Unugyada, ikhtiyaarka "MemoryZSwapMax" ayaa loo hirgeliyay habaynta memory.zswap.max, kaas oo go'aaminaya cabbirka ugu sarreeya ee zswap.
  • Unugyada, ikhtiyaarka "LogFilterPatterns" ayaa la hirgeliyay, taasoo kuu ogolaaneysa inaad qeexdo tibaaxaha caadiga ah si aad u shaandheyso macluumaadka soo-saarka log-ka (waxaa loo isticmaali karaa in laga saaro wax soo saarka qaarkood ama lagu keydiyo xogta qaarkood).
  • Unugyada baaxadda leh ayaa hadda taageeraya goobta "OOMpolicy" si loo qeexo habdhaqanka marka la isku dayayo in laga saaro xaaladaha xusuusta oo hooseeya awgeed (xilliyada gelitaanka, qiimaha OOMPolicy=waa sii socotaa si looga hortago in dilaaga OOM uu si qasab ah u joojiyo).
  • Nooc cusub oo adeeg ah ayaa la qeexay — "Type=notify-reload" -kaas oo kordhinaya nooca "Type=notify" oo awood u leh inuu sugo signalka dib u bilawda (SIGHUP) si uu u dhamaystirmo. Adeegyada soo socda ayaa loo haajiray nooca cusub: systemd-networkd.service, systemd-udevd.service, iyo systemd-logind.
  • udev waxay isticmaashaa nidaam magac-bixineed cusub oo ah aaladaha shabakada Farqiga ugu weyni waa in ID_NET_NAME_PATH hadda loo dejiyay aaladaha USB-ga ee aan PCI ahayn si loo hubiyo magacyo badan oo la saadaalin karo. Hawlwadeenka '-=' waxa loo hirgaliyay doorsoomayaasha SYMLINK, isaga oo ka tagaya isku xidhka astaanta ah mid aan habaysanayn haddii xeerka lagu darayo hore loo qeexay.
  • Nidaamka systemd-boot, abuuridda matoorada tirada been abuurka ah ee ku jira kernel-ka iyo qaybta dambe ee diskka ayaa dib loo shaqeeyay. Taageero ayaa lagu daray rarista kernel-ka ilo aan ahayn ESP (Qaybinta Nidaamka EFI), sida firmware-ka ama si toos ah QEMU. Xuduudaha SMBIOS hadda waa la falanqeeyay si loo go'aamiyo in lagu shaqeynayo jawi virtualization ah. Hab cusub oo 'haddii-ammaan ah' ayaa la hirgeliyay, kaas oo shahaadada UEFI Secure Boot laga soo raro ESP oo keliya haddii loo arko mid ammaan ah (oo ku shaqeeya gudaha). mashiinka dalwaddii).
  • Utility bootctl hadda waxay abuurtaa calaamado nidaamka dhammaan nidaamyada EFI marka laga reebo jawiga abuurista. Awaamiirta 'kernel-identify' iyo 'kernel-inspect' ayaa lagu daray si ay u muujiyaan nooca sawirka kernel-ka iyo macluumaadka ku saabsan xulashada khadka taliska iyo nooca kernel-ka; 'unlink' waxay meesha ka saartaa faylka la xidhiidha nooca koowaad ee gelitaanka boot; iyo 'nadiifinta' waxay ka saartaa dhammaan faylasha tusaha 'gelitaanka-token' ee ESP iyo XBOOTLDR ee aan la xiriirin nooca ugu horreeya ee gelitaanka boot. Doorsoomiyaha KERNEL_INSTALL_CONF_ROOT waa la qabtay
  • Amarka 'systemctl list-dependencies' wuxuu hadda qabtaa "--type" iyo "--state", iyo "systemctl kexec" amarka hadda wuxuu taageeraa deegaanka Xen ku salaysan.
  • Faylasha shabakadda .netka, qaybta [DHCPv4] hadda waxay taageertaa SocketPriority iyo fursadaha QuickAck, RouteMetric=high|dhexdhexaad|hoose.
  • Ikhtiyaarada dib-u-qaybinta habaysan "--ay ku jiraan-qayb-qaybs", "--ka-reeb-qayb-qaybs", iyo "--defer-partitions" ayaa lagu daray si loo shaandheeyo qaybaha nooca UUID. Tani waxay u ogolaaneysaa, tusaale ahaan, dhismaha sawirada kaas oo qayb ka mid ah lagu dhisay iyada oo ku saleysan waxa ku jira qayb kale. Xulashada "--sector-size" ayaa sidoo kale lagu daray si loo qeexo cabbirka qaybta la isticmaalo marka la abuurayo qayb. Taageerada abuurista nidaamka faylalka erofs ayaa lagu daray. Dejinta yaree hadda waxay gacanta ku haysaa qiimaha "ugu fiican" si loo doorto cabbirka sawirka ugu yar ee suurtogalka ah.
  • systemd-journal-remote waxa u ogolaanaya isticmaalka MaxUse, KeepFree, MaxFileSize, iyo MaxFiles settings si loo xaddido isticmaalka booska diskka.
  • systemd-cryptsetup hadda waxay taageertaa dirida codsiyada firfircoon ee FIDO2 calaamadaha si loo go'aamiyo helitaankooda kahor intaan la xaqiijin.
  • Qiyaaso cusub tpm2-measure-bank iyo tpm2-measure-pcr ayaa lagu daray crypttab.
  • In systemd-gpt-auto-generator, kordhinta qaybaha ESP iyo XBOOTLDR ee qaababka "noexec, nosuid, nodev" ayaa la hirgeliyay, iyo xisaabinta xididada rootfstype iyo rootflags ee loo maro khadka taliska kernel ayaa lagu daray.
  • systemd-resolved waxa ay siisaa awooda lagu habeeyo cabirada xalinta iyada oo la qeexayo server-ka, domain, network.dns, iyo network.search_domains ee khadka taliska kernel-ka.
  • Amarka "systemd-analyze plot" hadda wuxuu taageeraa wax soo saarka JSON marka la isticmaalayo calanka "-json". Ikhtiyaar cusub "--table" iyo "--no-legend" ayaa sidoo kale lagu daray si loo xakameeyo wax soo saarka.
  • Taageerada kooxaha v1 iyo kala sareynta hagaha hagaha (ku-kordhinta/usr si gooniya xididka, ama qaybinta/bin iyo/usr/bin,/lib iyo/usr/lib) ayaa la qorsheeyay in la joojiyo 2023.

Source: opennet.ru

U soo iibso martigelin lagu kalsoonaan karo oo loogu talagalay bogagga leh ilaalinta DDoS, VPS VDS servers 🔥 Iibso martigelin degel oo lagu kalsoonaan karo oo leh ilaalinta DDoS, VPS VDS servers | ProHoster