auth required pam_google_authenticator.so auth include system-remote-login account include system-remote-login password include system-remote-login session include system-remote-login
Do you want authentication tokens to be time-based (y/n) y Warning: pasting the following URL into your browser exposes the OTP secret to Google:
Your new secret key is: J4T4C4HYT2KIA52WGSDJEOLM2I (验证器配置密钥) Enter code from app (-1 to skip): 269371 (输入验证器生成的验证码) Code confirmed Your emergency scratch codes are: (紧急备用令牌码) 93394730 14394073 33491911 86112157 22174783
Do you want me to update your "/home/username/.google_authenticator" file? (y/n) y (是否重新生成登录配置文件?)
Do you want to disallow multiple uses of the same authentication token? This restricts you to one login about every 30s, but it increases your chances to notice or even prevent man-in-the-middle attacks (y/n) y (是否拒绝多次重复使用相同的令牌?这将限制你每30s仅能登录一次,但会提醒/阻止中间人攻击。) By default, a new token is generated every 30 seconds by the mobile app. In order to compensate for possible time-skew between the client and the server, we allow an extra token before and after the current time. This allows for a time skew of up to 30 seconds between authentication server and client. If you experience problems with poor time synchronization, you can increase the window from its default size of 3 permitted codes (one previous code, the current code, the next code) to 17 permitted codes (the 8 previous codes, the current code, and the 8 next codes). This will permit for a time skew of up to 4 minutes between client and server. Do you want to do so? (y/n) n (是否将验证码有效窗口时间由1分30秒增加到约4分钟?这将缓解时间同步问题。)
If the computer that you are logging into isn't hardened against brute-force login attempts, you can enable rate-limiting for the authentication module. By default, this limits attackers to no more than 3 login attempts every 30s. Do you want to enable rate-limiting? (y/n) y (是否启用此模块的登录频率限制,登录者将会被限制为最多在30秒内登录3次。)
第 2 种“查询传送方式”,也称为程序 I/O、PIO(Programming Input/Output Model),是指传输之前, 由程序先去检测设备的状态。数据源设备在一定的条件下才能传送数据,这类设备通常是低速设备,比 CPU 慢很多。CPU 需要数据时,先检查该设备的状态,如果状态为“准备好了可以发送”,CPU 再去获取数据。硬盘有 status 寄存器,里面保存了工作状态,所以对硬盘可以用此方式来获取数据。
第 3 种“中断传送方式”,也称为中断驱动 I/O。上面提到的“查询传送方式”有这样的缺陷,由于 CPU 需要不断查询设备状态,所以意味着只有最后一刻的查询才是有意义的,之前的查询都是发生在数据尚未准备好的时间段里,所以说效率不高,仅对于不要求速度的系统可以采用。可以改进的地方是如果数据源设备 将数据准备好后再通知 CPU 来取,这样效率就高了。通知 CPU 可以采用中断的方式,当数据源设备准备好数据后,它通过发中断来通知 CPU 来拿数据,这样避免了 CPU 花在查询上的时间,效率较高。
第 4 种“直接存储器存取方式(DMA)”。在中断传送方式中,虽然极大地提高了 CPU 的利用率,但 通过中断方式来通知 CPU,CPU 就要通过压栈来保护现场,还要执行传输指令,最后还要恢复现场。似乎有同学说此方式已经很爽了,你还想怎样?哈哈,其实更爽的是一点都不要浪费 CPU 资源,不让 CPU 参与传输,完全由数据源设备和内存直接传输。CPU 直接到内存中拿数据就好了。这就是此方式中“直接”的意思。不过 DMA 是由硬件实现的,不是软件概念,所以需要 DMA 控制器才行。
第 5 种“I/O 处理机传送方式”。不知大家发现了没有,在说上面每一种的时候都把它们各自说得特别好,似乎完美不可替代了,但该公司一出新产品,就开始自曝曾经无与伦比的老一代产品的问题以突显现在产品更胜一筹。DMA 已经借助其他硬件了,CPU 已经很轻松了,难道还有更爽的方式? 是啊,DMA 方式中 CPU 还嫌爽的不够,毕竟数据输入之后或输出之前还是有一部分工作要由 CPU 来完成的,如数据交换、组合、校验等。 如果 DMA 控制器再强大一点,把这些工作帮 CPU 做了就好了。也是哦,既然为了解放 CPU,都已经引用一个硬件(DMA)了,干脆一不做二不休,再引入一个硬件吧。于是,I/O 处理机诞生啦,听名字就知道它专门用于处理 IO,并且它其实是一种处理器,只不过用的是另一套擅长 IO 的指令系统,随时可以处理数据。有了 I/O 处理机的帮忙,CPU 甚至可以不知道有传输这回事,这下 CPU 才真正爽到家啦。同样, 这也是需要单独的硬件来支持。
### Idle configuration # # Example configuration: # exec swayidle -w \ timeout 300 'lock-screen &' \ timeout 500 'swaymsg "output * dpms off"' \ resume 'swaymsg "output * dpms on"' \ before-sleep 'lock-screen &' # This will lock your screen after 300 seconds of inactivity, then turn off # your displays after another 200 seconds, and turn your screens back on when # resumed. It will also lock your screen before your computer goes to sleep.
if [ "`id -u`" -eq 0 ]; then PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:${JAVA_PATH}" else PATH="/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games:${JAVA_PATH}" fi export PATH
激活环境变量 source /etc/profile
查看配置是否成功则执行java -version,出现版本信息则配置成功:
1 2 3
java version "1.8.0_281" Java(TM) SE Runtime Environment (build 1.8.0_281-b09) Java HotSpot(TM) 64-Bit Server VM (build 25.281-b09, mixed mode)
with aiofiles.open(m3u8_encrypt_file, mode='rb') as f: f = f.read() content_video_part = AES.new(key, AES.MODE_CBC, iv).decrypt(f) with aiofiles.open(dest_decrypt_file, mode='wb') as f: f.write(content_video_part)
asyncdefdecrypt_m3u8_all(): ifnot os.path.exists(class_video_name + '/decryption'): os.makedirs(class_video_name + '/decryption') key = await requests.get(playlist.keys[0].uri) key = key.content iv = bytes(playlist.keys[0].iv, 'UTF-8')[:16] decrypt_m3u8_list = [asyncio.create_task(decrypt_m3u8_video(f'{class_video_name}/downloads/{uri}', key, iv)) for uri in os.listdir(f'{class_video_name}/downloads') if uri[0] != '.'] # 忽略隐藏文件 await asyncio.wait(decrypt_m3u8_list) print(f'[{class_video_name}]——视频全部解密完成')
defmerge_m3u8_all(): download_decrypt_list = [uri for uri in os.listdir(f'{class_video_name}/decryption') if uri[0] != '.'] download_encrypt_list = [uri for uri in os.listdir(f'{class_video_name}/downloads') if uri[0] != '.'] iflen(download_decrypt_list) != len(download_encrypt_list): # 判断是否有漏下的分段视频没有下载 print('解密分段视频出现问题,可能是受限于类Unix系统文件句柄数量限制导致脚本不能获取足够的文件句柄。\n ' '如果你是 Linux 或 Macos 请尝试在运行本脚本的终端内执行 "ulimit -n 5120" 命令,以解除255(Macos)/1024(Linux)数量限制') return withopen(f'{class_video_name}/{class_video_name}.mp4', 'ab') as final_file: print(f'[{class_video_name}]——开始拼接解密后的分段视频') temp_file_uri_list = os.listdir(f'{class_video_name}/decryption') temp_file_uri_list.sort(key=lambda x: int(x[:-6])) for uri in temp_file_uri_list: if uri[0] == '.': continue# 忽略隐藏文件 withopen(f'{class_video_name}/decryption/{uri}', 'rb') as temp_file: final_file.write(temp_file.read()) # 将ts格式分段视频追加到完整视频文件中 print(f'[{class_video_name}]——合成视频成功')
if __name__ == '__main__': playlist = m3u8.load(m3u8_file_uri, verify_ssl=False) del playlist.files[0] # 第一个文件为视频密钥,忽略这个文件。 asyncio.run(download_m3u8_all()) asyncio.run(decrypt_m3u8_all()) merge_m3u8_all() print(f'[{class_video_name}]——视频文件:{os.getcwd()}/{class_video_name}/{class_video_name}.mp4')
# pvcreate -vvvv /dev/rbd0 &> /tmp/out # less /tmp/out .... #filters/filter-type.c:27 /dev/rbd0: Skipping: Unrecognised LVM device type 252 ....
查看设备类型ID
cat /proc/devices
可以找到rbd设备类型ID编号为252,记住它后接下来在LVM过滤器配置文件中添加它。
修改LVM过滤器配置文件
vim /etc/lvm/lvm.conf
找到types参数,将rbd和252修改为如下配置:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
... # Configuration section devices. # How LVM uses block devices. devices { ... # Configuration option devices/types. # List of additional acceptable block device types. # These are of device type names from /proc/devices, followed by the # maximum number of partitions. # # Example types = [ "rbd", 252 ] # # This configuration option is advanced. # This configuration option does not have a default value defined. ...