運行linux的機器死機了

by Flavio De Stefano

由弗拉維奧·德·斯特凡諾(Flavio De Stefano)

如何在任何機器上輕松運行任何Linux工具 (How to easily run any Linux tool on any machine)

Have you ever encountered a situation like the ones below?

您是否遇到過以下情況？

Situation 1: You’re on your Linux workstation, and there is a PHP code that you must execute. But this code only runs under PHP 7, and your workstation only has PHP 5.

情況1 ：您在Linux工作站上，必須執行一個PHP代碼。 但是此代碼僅在PHP 7下運行，而您的工作站只有PHP 5。

Situation 2: You’re working on your MacBook laptop, and you desperately need your sqlmap tool from your Kali Linux distribution. But you don’t have access to your Virtual Machine.

情況2 ：您正在使用MacBook筆記本電腦，并且迫切需要Kali Linux發行版中的sqlmap工具。 但是您無權訪問虛擬機。

Situation 3: You’re on your Windows PC, and you immediately need an NGINX server that serves your static files from a directory.

情況3 ：您在Windows PC上，立即需要一臺NGINX服務器，該服務器可從目錄中提供靜態文件。

Situation 4: No matter which platform, you have to start your Node.js 10 project. But you don’t have Node.js installed on your platform.

情況4 ：無論使用哪個平臺，都必須啟動Node.js 10項目。 但是您沒有在平臺上安裝Node.js。

Or, in general, have you ever been a situation like this:

或者，總的來說，您是否遇到過以下情況：

Situation X: you are on one platform, and you immediately need a specific Linux tool, without altering your configuration or installing additional software.

情況X：您處于一個平臺上，并且立即需要特定的Linux工具，而無需更改配置或安裝其他軟件。

All these situations can be easily solved with a single tool you may have already heard about. It works without messing up your computer by installing additional software, or editing configurations that worked for a long time.

使用您可能已經聽說過的單個工具，可以輕松解決所有這些情況。 它可以通過安裝其他軟件或編輯長時間運行的配置而不會干擾計算機的工作。

Docker is an OS-level virtualization system. It can potentially run any binary you have in mind. Furthermore, it can run it in an isolated system, so it can’t touch your files and your precious working configurations.

Docker是操作系統級別的虛擬化系統。 它可以潛在地運行您想到的任何二進制文件。 此外，它可以在隔離的系統中運行它，因此它不會影響您的文件和寶貴的工作配置。

All you need is for someone to have already containerized your binary so that you can simply download it as an image. There are already a ton of Docker-built images out there waiting for you.

您需要做的就是讓某人已經將您的二進制文件容器化，以便您可以簡單地將其下載為映像。 已經有大量Docker構建的映像在等著您。

Docker does do more than this. It is a platform for developers and system administrators to develop, deploy, and run applications with containers. If you use it only to run your preferred binary, you’re using 1% of its features.

Docker所做的不只是此事。 它是開發人員和系統管理員使用容器開發，部署和運行應用程序的平臺。 如果僅使用它來運行首選的二進制文件，則使用的是其功能的1％。

But let’s start from the beginning.

但是，讓我們從頭開始。

You can install Docker on your machine by clicking this link and selecting your platform from left menu. Then, follow the guide.

您可以通過單擊此鏈接并從左側菜單選擇平臺來在您的計算機上安裝Docker。 然后，按照指南進行操作。

Once you have installed Docker, open your preferred Terminal or Command Prompt.

安裝Docker后，打開您的首選終端或命令提示符。

基本概念 (Basic concepts)

First of all, let’s test if your Docker configuration is working correctly. From the terminal:

首先，讓我們測試一下您的Docker配置是否正常工作。 從終端：

> docker --version
Docker version 18.03.0-ce, build 0520e24

If Docker is up and running, you should see your version number.

如果Docker已啟動并正在運行，則應該看到您的版本號。

All you need now is the docker run command.

您現在所需要的就是docker run命令。

The first thing to know is the name of the image you want to use. For official images, you usually have the name of the binary with no additions.

首先要知道的是您要使用的圖像的名稱。 對于官方圖像，通常使用二進制名稱，且不添加任何名稱。

For example, in the case of PHP, the image name is simply php. And what about the version? Simple as well, just add the version number (e.g., 7).

例如，對于PHP，映像名稱就是php。 那版本呢？ 同樣簡單，只需添加版本號(例如7)。

Now let’s run our first container.

現在讓我們運行第一個容器。

情況1 (Situation 1)

You’re on your Linux workstation, and there is a PHP code that you must execute. But this code only runs under PHP 7, and your workstation only has PHP 5.

您在Linux工作站上，必須執行一個PHP代碼。 但是此代碼僅在PHP 7下運行，而您的工作站只有PHP 5。

Ok, now let’s imagine we have this simple code. It only works under PHP 7, because of the spaceship operator:

好的，現在讓我們假設我們有這個簡單的代碼。 由于太空飛船，它只能在PHP 7下工作 操作員：

<?php echo 1 <=> 0;

How we can execute this code with Docker? Let’s build our docker run command.

我們如何使用Docker執行此代碼？ 讓我們構建我們的docker run命令。

> docker run -it php:7
Interactive shell
php > echo 1<=>0;
1

Yes — that’s all we need!

是的，這就是我們所需要的！

The extra part is the -it flag, but that’s not difficult. Since we are in the interactive shell, it simply specifies that this container should:

額外的部分是-it標志，但這并不困難。 由于我們位于交互式外殼中，因此只需指定該容器應：

• -t ( — tty): allocate a pseudo-TTY

  -t ( — tty) ：分配一個偽TTY

• -i ( — interactive): keep STDIN open, even if not attached

  -i ( — interactive) ：保持STDIN處于打開狀態，即使未連接也是如此

You should use them most of the time, with some exceptions.

除了某些例外，您應該大部分時間都使用它們。

情況二 (Situation 2)

You’re working on your MacBook laptop, and you desperately need your sqlmap tool from your Kali Linux distribution. But you don’t have access to your Virtual Machine.

您正在使用MacBook筆記本電腦，并且迫切需要Kali Linux發行版中的sqlmap工具。 但是您無權訪問虛擬機。

Unfortunately, sqlmap doesn’t have an official simple image name. But maybe someone else has created an image. Let’s search for it.

不幸的是，sqlmap沒有正式的簡單映像名稱。 但是也許其他人創造了形象。 讓我們搜索一下。

> docker search sqlmap
NAME                     DESCRIPTION                                     STARS               OFFICIAL            AUTOMATED
paoloo/sqlmap            Dockered sqlmap. Build instructions: https:/…   6
k0st/alpine-sqlmap       sqlmap on alpine (size: ~113 MB)                3                                       [OK]
jdecool/sqlmap           sqlmap (Automatic SQL injection) in a contai…   2                                       [OK]
harshk13/kali-sqlmap     Kali Linux base image with Sqlmap               1
marcomsousa/sqlmap       Simple image that execute Automatic SQL inje…   1                                       [OK]
....

We have several choices. This can happen often. For most cases, the image should be the first one (or the one with the greater star count).

我們有幾種選擇。 這可能經常發生。 在大多數情況下，該圖像應該是第一個(或具有較多星數的圖像)。

Let’s use it.

讓我們使用它。

> docker run -it paoloo/sqlmap --url http://localhost____ ___| |_____ ___ ___  {1.0.9.32#dev}
|_ -| . | |     | .'| . |
|___|_  |_|_|_|_|__,|  _||_|           |_|   http://sqlmap.org[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program.
...

All arguments that are after [docker run -it {image}] are passed to the binary executed in Docker, which is sqlmap in this case.

[docker run -it {image}]之后的所有參數 傳遞給在Docker中執行的二進制文件，在這種情況下為sqlmap。

Easy enough, right? Yes, but there is a con.

很容易，對吧？ 是的，但是有一個缺點。

sqlmap writes log files onto the disk in the ~/.sqlmap path. But since Docker containers run in an isolated environment, we lose everything!!

sqlmap將日志文件寫到~/.sqlmap路徑中的磁盤上。 但是由于Docker容器在隔離的環境中運行，我們將失去一切！！

This is a feature, but in this case represents a bug for us — let’s fix it.

這是一項功能，但在這種情況下，對我們來說是一個錯誤-讓我們對其進行修復。

To enable persistence so that we don’t lose that log file, we have to create a bind mount between our workstation (host) and the Docker container.

為了啟用持久性以便不丟失該日志文件，我們必須在工作站(主機)和Docker容器之間創建綁定安裝。

Let’s decide that our host bind mount directory is /tmp/sqlmap. This should be an empty directory created only for this purpose!

讓我們決定我們的主機綁定安裝目錄是/tmp/sqlmap 。 這應該是一個僅為此目的而創建的空目錄！

> docker run -it -v \/tmp/sqlmap:/root/.sqlmap \paoloo/sqlmap \--url http://localhost

With the -v option we’ll create a bind mount. The first argument is the host path, and the second is the path on the container that we want to map.

使用-v選項，我們將創建綁定安裝。 第一個參數是主機路徑，第二個參數是我們要映射的容器上的路徑。

And, in fact, everything has been saved — including our reports.

而且，實際上，所有內容都已保存-包括我們的報告。

情況3 (Situation 3)

You’re on your Windows PC, and you immediately need an NGINX server that serves your static files from a directory.

您在Windows PC上，立即需要一臺NGINX服務器，該服務器可從目錄中提供靜態文件。

As you may have noticed, the first time you run docker run, it downloads the images from the Docker Hub.

您可能已經注意到，第一次運行docker run ，它將從Docker Hub下載映像。

This could be hundreds of hundreds gigabytes. This is because we downloaded the tag latest of the image (the default).

這可能是數百個千兆字節。 這是因為我們下載了圖像的最新標簽(默認)。

But most images have also an ‘alpine’ version of the same image. It uses Linux Alpine OS. This is an optimized version of Linux, which occupies about 130MB.

但是大多數圖像也具有相同圖像的“高山”版本。 它使用Linux Alpine OS。 這是Linux的優化版本，占用約130MB。

Let’s use it in this situation. We know that image name upfront is nginx (since it is an official image).

讓我們在這種情況下使用它。 我們知道，圖像名稱的前期是nginx (因為它是官方圖像)。

So the final image name will be nginx:alpine. If you want a specific version (such as 1.14), use nginx:1.14-alpine.

因此，最終的圖像名稱將為nginx:alpine 。 如果需要特定版本(例如1.14)，請使用nginx:1.14-alpine.

You may have more questions. How do we know which directory the NGINX container uses to serve our files? How we know which port it exposes?

您可能還有其他問題。 我們如何知道NGINX容器使用哪個目錄來提供文件？ 我們如何知道它暴露哪個端口？

Luckily, the answers to all your questions are in the Docker Hub.

幸運的是，所有問題的答案都在Docker Hub中 。

So, to recap:

因此，回顧一下：

• We have to share our directory to serve into the container. Again, this can be done using bind mounts: -v $(pwd):/usr/share/nginx/html

  我們必須共享目錄才能投放到容器中。 同樣，這可以使用綁定掛載完成： -v $(pwd):/usr/share/nginx/html

• By adding :ro at the end, we are sure that container uses our files in read-only mode.

  通過在末尾添加:ro ，可以確保容器以只讀模式使用文件。

• We must bind the port exposed by the container to the host, and then communicate via TCP on our host: -p 80:80

  我們必須將容器公開的端口綁定到主機，然后在主機上通過TCP進行通信-p 80:80

> docker run \-v $(pwd):/usr/share/nginx/html:ro \-p 80:80 \nginx:alpine

情況4 (Situation 4)

No matter which platform, you have to start your Node.js 10 project. But you don’t have Node.js installed on your platform.

無論使用哪種平臺，都必須啟動Node.js 10項目。 但是您沒有在平臺上安裝Node.js。

Perhaps you now understand how it works. Here, we have to share our content and bind ports.

也許您現在了解它是如何工作的。 在這里，我們必須共享我們的內容并綁定端口。

However, we don’t know the container working directory. Instead, we’re gonna explicitly set it with the -w flag to a custom directory of our choice. For example, you might choose/src — just don’t override an existing directory!

但是，我們不知道容器的工作目錄。 相反，我們將使用-w標志將其顯式設置為我們選擇的自定義目錄。 例如，您可以選擇/src只是不覆蓋現有目錄！

> docker run \-p 3000:3000 \-v $(pwd):/src \-w /src \node:10-alpine \node main.js
Example app listening on port 3000!
...

Simple and powerful enough?

簡單而強大？

Additionally, do you want a ‘shortcut’ to just execute binaries without searching for third-party images?

另外，您是否希望“快捷方式”僅執行二進制文件而不搜索第三方圖像？

Why don’t you try my simple tool DR?

您為什么不嘗試使用我的簡單工具DR ？

I hope that you’re gonna use Docker for all your future binaries! :)

希望您將來使用Docker編寫所有二進制文件！ :)

翻譯自: https://www.freecodecamp.org/news/how-to-run-any-binary-of-any-platform-without-messing-up-with-your-workstation-dade18c18801/

運行linux的機器死機了