[内容] Linux 是 BIOS 启动模式还是 UEFI 启动模式的判断

内容一:Linux 判断是 BIOS 启动模式还是 UEFI 启动模式的原理

系统的的启动模式分为 BIOS 启动模式和 UEFI 启动模式两种 (截止到本文发表时)。如果 Linux 是使用的 UEFI 启动模式,则系统里会有 /sys/firmware/efi 文件,若没有此文件的话则代表系统的启动模式为 BIOS。

内容二:Linux 判断是 BIOS 启动模式还是 UEFI 启动模式的方法

# [ -d /sys/firmware/efi ] && echo 'The boot is UEFI' || echo 'The boot is BIOS'

补充:BIOS 启动模式和 UEFI 启动模式的特点

UEFI (Unified Extensible Firmware Interface) 是一种比 BIOS (Basic Input/Outpu System) 更新的启动方式,相比而言主要的区别是 UEFI (Unified Extensible Firmware Interface) 支持 Secure Boot。开启 Secure Boot 的系统在启动的时候更安全,但是某些杀毒软件会让开启 Secure Boot 的系统卡住。

[步骤] 系统升级 (从 openSUSE Leap 15.3 升级到 openSUSE Leap 15.4)

步骤一:显示现在的系统版本

# cat /etc/*release*
NAME="openSUSE Leap"
VERSION="15.3"
ID="opensuse-leap"
ID_LIKE="suse opensuse"
VERSION_ID="15.3"
PRETTY_NAME="openSUSE Leap 15.3"
ANSI_COLOR="0;32"
CPE_NAME="cpe:/o:opensuse:leap:15.3"
BUG_REPORT_URL="https://bugs.opensuse.org"
HOME_URL="https://www.opensuse.org/"

(注意:确保显示的系统版本是 openSUSE Leap 15.3)

步骤二:准备升级

2.1 确认已使用的软件库

# zypper ls -d
#  | Alias                     | Name                               | Enabled | GPG Check | Refresh | Priority | Type   | URI
---+---------------------------+------------------------------------+---------+-----------+---------+----------+--------+---------------------------------------------------------------------------------------------
1  | repo-non-oss              | Non-OSS Repository                                           | Yes     | (r ) Yes  | Yes     |   99     | rpm-md | http://download.opensuse.org/distribution/leap/15.3/repo/non-oss/
2  | repo-oss                  | Main Repository                                              | Yes     | (r ) Yes  | Yes     |   99     | rpm-md | http://download.opensuse.org/distribution/leap/15.3/repo/oss/
3  | repo-update               | Main Update Repository                                       | Yes     | (r ) Yes  | Yes     |   99     | rpm-md | http://download.opensuse.org/update/leap/15.3/oss/
4  | repo-update-non-oss       | Update Repository (Non-Oss)                                  | Yes     | (r ) Yes  | Yes     |   99     | rpm-md | http://download.opensuse.org/update/leap/15.3/non-oss/
5  | repo-backports-update     | Update repository of openSUSE Backports                      | Yes     | (r ) Yes  | Yes     |   99     | rpm-md | http://download.opensuse.org/update/leap/15.3/backports/
6  | repo-sle-update           | Update repository with updates from SUSE Linux Enterprise 15 | Yes     | (r ) Yes  | Yes     |   99     | rpm-md | http://download.opensuse.org/update/leap/15.3/sle/


补充:
1) 确保以上软件库已处于 Enabled 状态
2) 手动启动这些软件库的命令如下

# zypper ar -fcg http://download.opensuse.org/distribution/leap/${releasever}/repo/non-oss/ Non-OSS Repository
# zypper ar -fcg http://download.opensuse.org/distribution/leap/${releasever}/repo/oss/ Main Repository
# zypper ar -fcg http://download.opensuse.org/update/leap/${releasever}/oss/ Main Update Repository
# zypper ar -fcg http://download.opensuse.org/update/leap/${releasever}/non-oss/ Update Repository (Non-Oss)
# zypper ar -fcg http://download.opensuse.org/update/leap/${releasever}/backports/ Update repository of openSUSE Backports
# zypper ar -fcg http://download.opensuse.org/update/leap/${releasever}/sle/ Update repository with updates from SUSE Linux Enterprise 15

2.2 刷新已使用的软件库

# zypper ref

(注意:确保刷新成功,否则请检查网络)

2.3 将所有 openSUSE Leap 15.3 软件包更新到最新版本

# zypper -n update

2.4 用 releasever 变量替换所有版本号

# sed -i 's/15.3/${releasever}/g' /etc/zypp/repos.d/*.repo

步骤三:升级系统

3.1 将版本号设置为 15.4 并刷新

# zypper --releasever=15.4 refresh

3.2 提前下载并安装 openSUSE Leap 15.4 所需的软件包

# zypper --releasever=15.4 dup --download-in-advance

3.3 升级系统

# zypper --releasever=15.4 dup

3.4 重启系统

# reboot

步骤四:后续检查

4.1 显示升级后的系统版本

# cat /etc/*release*
NAME="openSUSE Leap"
VERSION="15.4"
ID="opensuse-leap"
ID_LIKE="suse opensuse"
VERSION_ID="15.4"
PRETTY_NAME="openSUSE Leap 15.4"
ANSI_COLOR="0;32"
CPE_NAME="cpe:/o:opensuse:leap:15.4"
BUG_REPORT_URL="https://bugs.opensuse.org"
HOME_URL="https://www.opensuse.org/"

4.2 显示升级后已使用的软件库

# zypper ls -d
#  | Alias                     | Name                                                         | Enabled | GPG Check | Refresh | Priority | Type   | URI
---+---------------------------+------------------------------------+---------+-----------+---------+----------+--------+---------------------------------------------------------------------------------------------
1  | repo-non-oss              | Non-OSS Repository                                           | Yes     | (r ) Yes  | Yes     |   99     | rpm-md | http://download.opensuse.org/distribution/leap/15.4/repo/non-oss/
2  | repo-oss                  | Main Repository                                              | Yes     | (r ) Yes  | Yes     |   99     | rpm-md | http://download.opensuse.org/distribution/leap/15.4/repo/oss/
3  | repo-update               | Main Update Repository                                       | Yes     | (r ) Yes  | Yes     |   99     | rpm-md | http://download.opensuse.org/update/leap/15.4/oss/
4  | repo-update-non-oss       | Update Repository (Non-Oss)                                  | Yes     | (r ) Yes  | Yes     |   99     | rpm-md | http://download.opensuse.org/update/leap/15.4/non-oss/
5  | repo-backports-update     | Update repository of openSUSE Backports                      | Yes     | (r ) Yes  | Yes     |   99     | rpm-md | http://download.opensuse.org/update/leap/15.4/backports/
6  | repo-sle-update           | Update repository with updates from SUSE Linux Enterprise 15 | Yes     | (r ) Yes  | Yes     |   99     | rpm-md | http://download.opensuse.org/update/leap/15.4/sle/

[内容] Linux 查看 auditd 日志的案例

案例一:查看文件创建记录

# /usr/sbin/ausearch --start $(date +\%m/\%d/\%Y -d "-1 month") -i --input-logs | egrep "/test/test.txt.*nametype=CREATE" | awk '{print $2,$3,$6}'

(补充:这里以查看 /test/test.txt 文件有没有被创建为例)

案例二:查看文件删除记录

# /usr/sbin/ausearch --start $(date +\%m/\%d/\%Y -d "-1 month") -i --input-logs | egrep "/test/test.txt.*nametype=DELETE" | awk '{print $2,$3,$6}'

(补充:这里以查看 /test/test.txt 文件有没有被删除为例)

案例三:查看文件有没有存在过

# /usr/sbin/ausearch --start $(date +\%m/\%d/\%Y -d "-1 month") -i --input-logs | egrep "/test/test.txt.*nametype=" | awk '{print $2,$3,$6}' | uniq

(补充:这里以查看 /test/test.txt 文件有没有存在过为例)