Apache Log4j2 远程代码执行漏洞-排查和修复建议
TAG | Log4j2、JNDI、RCE |
漏洞等级: | 攻击者利用此漏洞,可实现远程代码执行。 |
版本: | 1.1 |
简介
Apache Log4j是Apache的一个开源项目,Apache log4j2是Log4j的升级版本,我们可以控制日志信息输送的目的地为控制台、文件、GUI组件等,通过定义每一条日志信息的级别,能够更加细致地控制日志的生成过程。
漏洞概述
12月9日,网上披露Apache Log4j2 远程代码执行漏洞,由于Apache Log4j2某些功能存在递归解析功能,未经身份验证的攻击者通过发送特别构造的数据请求包,可在目标服务器上执行任意代码。漏洞PoC已在网上公开,默认配置即可进行利用,该漏洞影响范围极广,建议相关用户尽快采取措施进行排查与防护。
12月10日,Apache Log4j 2.15.0-rc1 版本仅修复LDAP和增加了host白名单,可以被绕过利用,官方发布了Apache Log4j 2.15.0-rc2版本进行修复,增加了对urI异常的处理。
Apache Log4j2是一款开源的Java日志框架,被广泛地应用在中间件、开发框架与Web应用中,用来记录日志信息。
漏洞成功复现信息:
漏洞细节 | 漏洞PoC | 漏洞EXP | 利用 |
---|---|---|---|
已公开 | 已公开 | 已公开 | 存在 |
参考链接:
https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-3201?filter=allissues
受影响版本
- 2.0 <= Apache Log4j <= 2.15.0-rc1
注:使用Apache Log4j 1.X版本的应用,若开发者对JMS Appender利用不当,可对应用产生潜在的安全影响。
供应链影响范围
已知受影响应用及组件:
Apache Solr
Apache Struts2
Apache Flink
Apache Druid
spring-boot-strater-log4j2
更多组件可参考如下链接:
https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-core/usages?p=1
不受影响版本
Apache log4j-2.15.0-rc2(与官网的2.15.0稳定版相同)
漏洞检测
人工检测
1、用户可以更加java jar解压后查看是否存在org/apache/logging/log4j相关路径结构,判断是否存在使用的漏洞组件,如果存在相关java程序包,说明很有可能存在漏洞。
2、程序使用gradle打包,可以查看build.gradle编译配置文件,若在dependencies部分存在org.apache.logging.log4j相关字段,且版本号为小于2.15.0-rc2,说明存在该漏洞。
dependencies {
compile group: 'org.apache.logging.log4j', name: 'log4j-api', version: '2.12.1'
compile group: 'org.apache.logging.log4j', name: 'log4j-core', version: '2.12.1'
}
修复后
dependencies {
compile group: 'org.apache.logging.log4j', name: 'log4j-api', version: '2.15.0'
compile group: 'org.apache.logging.log4j', name: 'log4j-core', version: '2.15.0'
}
3、若程序使用maven打包,查看项目的pom.xml文件中是否存在下图所示相关字段,若版本号为小于2.15.0-rc2,说明存在该漏洞。
dependencies>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-api</artifactId>
<version>2.12.1</version>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-core</artifactId>
<version>2.12.1</version>
</dependency>
</dependencies>
修复后的
<dependencies>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-api</artifactId>
<version>2.15.0</version>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-core</artifactId>
<version>2.15.0</version>
</dependency>
</dependencies>
攻击排查
- 攻击者在利用前通常采用 dnslog 方式进行扫描、探测,对于常见
利用方式可通过应用系统报错日志中的
“javax.naming.CommunicationException”、
“javax.naming.NamingException: problem generating object using object factory”、”Error looking up JNDI resource”关键字进行排查。 - 流量排查:攻击者的数据包中可能存在:“${jndi:rmi”、
“${jndi:ldap” 字样
漏洞修复方案:
Apache官方已发布补丁,建议受影响的用户尽快升级到安全版本。
补丁下载地址:
https://github.com/apache/logging-log4j2/releases/tag/log4j-2.15.0-rc1
漏洞缓解措施:
(1)jvm参数 -Dlog4j2.formatMsgNoLookups=true
(2)log4j2.formatMsgNoLookups=True
建议 JDK 使用 11.0.1、8u191、7u201、6u211 及以上的高版本。
官方文档:
https://logging.apache.org/log4j/2.x/maven-artifacts.html
https://hxg-packages.%88%BF2%E6%B5%8B%E8%AF%95%E5%8C%85.zip
================================================
安装步骤
tar xfz gromacs-2023.3.tar.gz
cd gromacs-2023.3
mkdir build
cd build
cmake .. -DGMX_BUILD_OWN_FFTW=ON -DREGRESSIONTEST_DOWNLOAD=ON
make
make check
sudo make install
source /usr/local/gromacs/bin/GMXRC
下载地址: https://ftp.gromacs.org/gromacs/gromacs-2023.3.tar.gz
CentOS 7.6 安装部署Gromacs 2023 布朗动力学模拟
安装要求:
获取最新版本的C和C++编译器。
使用:gcc版本9.3,路径加入到bashrc
检查您是否拥有CMake 3.18.4或更高版本。
使用:cmake-3.23.5
获取并打开GROMACS tarball的最新版本。
制作一个单独的生成目录并对其进行更改。
以源路径为参数运行cmake
运行make、make check和make install
来源GMXRC以访问GROMACS
这里对gromcas的编译依赖于python3版本和gcc的高版本(最低要求是5.x版本)
但是在Centos里,默认的python是2.x版本,gcc默认是4.x版本。使用yum对gcc的升级最多到4.x版本。
软件下载地址:
gcc
http://mirror.centos.org/centos/7/extras/x86_64/Packages/centos-release-scl-2-3.el7.centos.noarch.rpm
cmake
https://cmake.org/files/v3.25/
主题简述
Gromacs是研究生物大分子体系的动力学模拟软件,在国内外有着广泛的应用。目前Gromacs只发布了基于Linux/Unix的安装程序包,本教程将介绍在VMware虚拟机上安装Gromacs正式版本2019.6。
工具/原料
VMware 虚拟机容器和Linux系统CentOS7对应镜像文件——官网下载
Cmake和Gromacs程序包——官网下载(Gromacs官网和cmake官网下载安装程序包(http://manual.gromacs.org/documentation/ 以及 https://cmake.org/download/)
Gromacs详细安装教程
1、检查和安装C/C++
检查命令
gcc -v
安装命令
sudo yum install gcc (这里sudo是获取临时root权限,需要管理员密码;另外用"su"命令进行root操作也可以)
CentOS7.6 gcc9.3安装方法
更新gcc版本
sudo yum install -y http://mirror.centos.org/centos/7/extras/x86_64/Packages/centos-release-scl-2-3.el7.centos.noarch.rpm
[root@lianglab tmp]# yum -y install centos-release-scl-2-3.el7.centos.noarch.rpm
Loaded plugins: fastestmirror
Examining centos-release-scl-2-3.el7.centos.noarch.rpm: centos-release-scl-2-3.el7.centos.noarch
Marking centos-release-scl-2-3.el7.centos.noarch.rpm to be installed
Resolving Dependencies
2.安装devtoolset:
这里需要注意一下,如果想安装7.版本的,就改成devtoolset-7-gcc,以此类推.
sudo yum install devtoolset-9-gcc-c++
3. 激活对应的devtoolset:
scl enable devtoolset-9 bash
或者
source /opt/rh/devtoolset-9/enable
[root@lianglab tmp]# scl enable devtoolset-9 bash
[root@lianglab tmp]# source /opt/rh/devtoolset-9/enable
[root@lianglab tmp]# gcc -v
Using built-in specs.
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=/opt/rh/devtoolset-9/root/usr/libexec/gcc/x86_64-redhat-linux/9/lto-wrapper
Target: x86_64-redhat-linux
Configured with: ../configure --enable-bootstrap --enable-languages=c,c++,fortran,lto --prefix=/opt/rh/devtoolset-9/root/usr --mandir=/opt/rh/devtoolset-9/root/usr/share/man --infodir=/opt/rh/devtoolset-9/root/usr/share/info --with-bugurl=http://bugzilla.redhat.com/bugzilla --enable-shared --enable-threads=posix --enable-checking=release --enable-multilib --with-system-zlib --enable-__cxa_atexit --disable-libunwind-exceptions --enable-gnu-unique-object --enable-linker-build-id --with-gcc-major-version-only --with-linker-hash-style=gnu --with-default-libstdcxx-abi=gcc4-compatible --enable-plugin --enable-initfini-array --with-isl=/builddir/build/BUILD/gcc-9.3.1-20200408/obj-x86_64-redhat-linux/isl-install --disable-libmpx --enable-gnu-indirect-function --with-tune=generic --with-arch_32=x86-64 --build=x86_64-redhat-linux
Thread model: posix
gcc version 9.3.1 20200408 (Red Hat 9.3.1-2) (GCC)
[root@lianglab tmp]#
若是重新安装gcc,从而提高gcc的版本,就很费时费磁盘空间,这里介绍一种普遍的方法来暂时的更新gcc:
yum安装相关依赖,将gcc提高到8.x版本:
yum install centos -release-scl -y
yum install devtoolset-8 -y
安装成功后,输入如下命令,打开一个新bash,在里面暂时更新gcc的版本:
scl enable devtoolset-8 bash
查看gcc的版本:
gcc --version
若是上面的方法不能更新gcc,可以使用如下方法使用devtoolset-8的内置脚本:
source /opt/rh/devtoolset-8/enable
这个就不会新开bahs,检查gcc版本:
gcc --version
查看gcc版本
2、检查cmake
cmake -version
说明:
如果没有安装cmake或版本过低,需要到网上下载,yum资源库中的cmake版本一般较低:
下载安装包: https://cmake.org/files/v3.10/cmake-3.10.2-Linux-x86_64.tar.gz
wget https://github.com/Kitware/CMake/releases/download/v3.23.5/cmake-3.23.5-linux-x86_64.tar.gz
(用系统自带的下载工具下载)
3、cmake安装步骤
$ tar zxvf cmake-3.25.1-linux-x86_64.tar.gz (解压安装包)
cd /opt && mkdir cmake
cd cmake
wget -c https://cmake.org/files/v3.25/cmake-3.25.1-linux-x86_64.tar.gz
tar -zxvf cmake-3.25.1-linux-x86_64.tar.gz
vi /etc/profile.d/cmakeenv.sh
export CMAKE_HOME=/opt/cmake/cmake-3.25.1-linux-x86_64/bin
export PATH=$CMAKE_HOME:$PATH
source /etc/profile
cmake --version
4、Python3安装
解决依赖关系:
yum install zlib-devel bzip2-devel openssl-devel ncurses-devel sqlite-devel readline-devel tk-devel libffi-devel
tar -zxf Python-3.7.12.tgz -C .
cd Python-3.7.12 && ./configure prefix=/usr/local/python3
进行安装:
make && make -j 4 install
Generating grammar tables from /usr/local/python3/lib/python3.7/lib2to3/PatternGrammar.txt
Writing grammar tables to /usr/local/python3/lib/python3.7/lib2to3/PatternGrammar3.7.12.final.0.pickle
if test "xupgrade" != "xno" ; then \
case upgrade in \
upgrade) ensurepip="--upgrade" ;; \
install|*) ensurepip="" ;; \
esac; \
./python -E -m ensurepip \
$ensurepip --root=/ ; \
fi
Looking in links: /tmp/tmpudhcmddy
Processing /tmp/tmpudhcmddy/setuptools-47.1.0-py3-none-any.whl
Processing /tmp/tmpudhcmddy/pip-20.1.1-py2.py3-none-any.whl
Installing collected packages: setuptools, pip
WARNING: The script easy_install-3.7 is installed in '/usr/local/python3/bin' which is not on PATH.
Consider adding this directory to PATH or, if you prefer to suppress this warning, use --no-warn-script-location.
WARNING: The scripts pip3 and pip3.7 are installed in '/usr/local/python3/bin' which is not on PATH.
Consider adding this directory to PATH or, if you prefer to suppress this warning, use --no-warn-script-location.
Successfully installed pip-20.1.1 setuptools-47.1.0
[root@lianglab Python-3.7.12]#
编译安装成功后,进入到/usr/local/python3文件夹里查看是否成功安装:
[root@lianglab Python-3.7.12]# cd /usr/local/python3/bin && ll
total 31600
lrwxrwxrwx. 1 root root 8 Dec 1 01:07 2to3 -> 2to3-3.7
-rwxr-xr-x. 1 root root 109 Dec 1 01:07 2to3-3.7
-rwxr-xr-x. 1 root root 246 Dec 1 01:08 easy_install-3.7
lrwxrwxrwx. 1 root root 7 Dec 1 01:07 idle3 -> idle3.7
-rwxr-xr-x. 1 root root 107 Dec 1 01:07 idle3.7
-rwxr-xr-x. 1 root root 237 Dec 1 01:08 pip3
-rwxr-xr-x. 1 root root 237 Dec 1 01:08 pip3.7
lrwxrwxrwx. 1 root root 8 Dec 1 01:07 pydoc3 -> pydoc3.7
-rwxr-xr-x. 1 root root 92 Dec 1 01:07 pydoc3.7
lrwxrwxrwx. 1 root root 9 Dec 1 01:07 python3 -> python3.7
-rwxr-xr-x. 2 root root 16161800 Dec 1 01:07 python3.7
lrwxrwxrwx. 1 root root 17 Dec 1 01:07 python3.7-config -> python3.7m-config
-rwxr-xr-x. 2 root root 16161800 Dec 1 01:07 python3.7m
-rwxr-xr-x. 1 root root 2910 Dec 1 01:07 python3.7m-config
lrwxrwxrwx. 1 root root 16 Dec 1 01:07 python3-config -> python3.7-config
lrwxrwxrwx. 1 root root 10 Dec 1 01:07 pyvenv -> pyvenv-3.7
-rwxr-xr-x. 1 root root 449 Dec 1 01:07 pyvenv-3.7
[root@lianglab bin]#
使用软连接将python3编译器和pip链接到/usr/bin里,方便在命令行里调用:
ln -s /usr/local/python3/bin/python3 /usr/bin/python3
ln -s /usr/local/python3/bin/pip3 /usr/bin/pip3
[root@lianglab bin]# ln -s /usr/local/python3/bin/python3 /usr/bin/python3
[root@lianglab bin]# ln -s /usr/local/python3/bin/pip3 /usr/bin/pip3
[root@lianglab bin]#
最后在命令行里输入python3查看能否打开python3编译器:
[root@lianglab bin]# python3
Python 3.7.12 (default, Dec 1 2023, 01:06:32)
[GCC 9.3.1 20200408 (Red Hat 9.3.1-2)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>>
————————————————
wget https://www.python.org/ftp/python/3.7.12/Python-3.7.12.tgz
5、安装Gromacs
官网下载
下载安称耍装包: https://ftp.gromacs.org/gromacs/gromacs-2023.3.tar.gz
(用辞泥系统自带的下载工具下载) (如下图)
$ tar xfz gromacs-2019.6.tar.gz (解压安装包)
$ cd gromacs-2019.6 (进入目录)
$ mkdir build (新建文件夹build) (如下图)
$ cd build (进入目录)
$ cmake .. -DGMX_BUILD_OWN_FFTW=ON -DCMAKE_INSTALL_PREFIX=/usr/local/gromacs-2019.6 (要求安装过程中自动下载FFTW库文件,指定程序安装到目录/usr/local/gromacs-2019.6)
$ make (编译时间比较长)
$ make check
$ sudo make install (安装)
tar xfz gromacs-2023.3.tar.gz
cd gromacs-2023.3
mkdir build
cd build
cmake .. -DGMX_BUILD_OWN_FFTW=ON -DREGRESSIONTEST_DOWNLOAD=ON
make
make check
sudo make install
source /usr/local/gromacs/bin/GMXRC
[root@lianglab tmp]# tar zxvf gromacs-2023.3.tar.gz
[root@lianglab tmp]# cd gromacs-2023.3
[root@lianglab gromacs-2023.3]# ls
admin AUTHORS cmake COPYING CPackInit.cmake docs python_packaging scripts src
api CITATION.cff CMakeLists.txt COPYING.derived CTestConfig.cmake INSTALL README share tests
[root@lianglab gromacs-2023.3]# mkdir build
[root@lianglab gromacs-2023.3]# cd build
[root@lianglab build]# cmake .. -DGMX_BUILD_OWN_FFTW=ON -DREGRESSIONTEST_DOWNLOAD=ON
------------------------------省略---------------------------
-- [download 99% complete]
-- [download 100% complete]
-- Could NOT find Sphinx (missing: SPHINX_EXECUTABLE pygments) (Required is at least version "4.0.0")
-- Configuring done
-- Generating done
-- Build files have been written to: /tmp/gromacs-2023.3/build
[root@lianglab build]# make
------------------------------省略---------------------------
[ 98%] Linking CXX shared library ../../lib/libnblib_gmx.so
[ 98%] Built target nblib
[ 98%] Building CXX object api/nblib/samples/CMakeFiles/argon-forces-integration.dir/argon-forces-integration.cpp.o
[ 98%] Linking CXX executable ../../../bin/argon-forces-integration
[ 98%] Built target argon-forces-integration
[ 98%] Building CXX object api/nblib/samples/CMakeFiles/methane-water-integration.dir/methane-water-integration.cpp.o
[100%] Linking CXX executable ../../../bin/methane-water-integration
[100%] Built target methane-water-integration
[100%] Building CXX object src/programs/CMakeFiles/mdrun_objlib.dir/mdrun/mdrun.cpp.o
[100%] Building CXX object src/programs/CMakeFiles/mdrun_objlib.dir/mdrun/nonbonded_bench.cpp.o
[100%] Built target mdrun_objlib
[100%] Building CXX object src/programs/CMakeFiles/gmx_objlib.dir/gmx.cpp.o
[100%] Building CXX object src/programs/CMakeFiles/gmx_objlib.dir/legacymodules.cpp.o
[100%] Built target gmx_objlib
[100%] Linking CXX executable ../../bin/gmx
[100%] Built target gmx
[root@lianglab build]# make check
Start 84: regressiontests/complex
84/87 Test #84: regressiontests/complex ................... Passed 77.63 sec
Start 85: regressiontests/freeenergy
85/87 Test #85: regressiontests/freeenergy ................ Passed 41.03 sec
Start 86: regressiontests/rotation
86/87 Test #86: regressiontests/rotation .................. Passed 2.48 sec
Start 87: regressiontests/essentialdynamics
87/87 Test #87: regressiontests/essentialdynamics ......... Passed 1.54 sec
100% tests passed, 0 tests failed out of 87
Label Time Summary:
GTest = 245.07 sec*proc (81 tests)
IntegrationTest = 199.80 sec*proc (25 tests)
MpiTest = 217.99 sec*proc (19 tests)
QuickGpuTest = 75.73 sec*proc (17 tests)
SlowGpuTest = 279.87 sec*proc (18 tests)
SlowTest = 43.14 sec*proc (13 tests)
UnitTest = 2.13 sec*proc (43 tests)
Total Test time (real) = 367.83 sec
[100%] Built target run-ctest-nophys
[100%] Built target check
[root@lianglab build]#
[root@lianglab build]#
[root@lianglab build]# make install
[root@lianglab build]# source /usr/local/gromacs/bin/GMXRC
6、备注说明:
首先申明不推荐老系统安装新的软件,太费事了
安装软件的话,首先要考虑环境
首要任务:升级gcc和g++,这块比较顺畅
https://www.123pan.com/s/JylVVv-rv1w3.html
我用夸克网盘分享了「Python-3.7.12.tgz」,点击链接即可保存。打开「夸克APP」,无需下载在线播放视频,畅享原画5倍速,支持电视投屏。
链接:
https://pan.quark.cn/s/95ab0a50d455
sudo /opt/schily/bin/mkisofs -iso-level 3 -r -V sblive -cache-inodes -J -l -b isolinux/isolinux.bin -no-emul-boot -boot-load-size 4 -boot-info-table -c isolinux/boot.cat -o sblive.iso sblive
grep 'JAVA_HOME' /etc/profile || {
echo 'export JAVA_HOME=/usr/lib/jdk' >>/etc/profile
echo 'export JRE_HOME=${JAVA_HOME}/jre' >>/etc/profile
echo 'export CLASSPATH=.😒{JAVA_HOME}/lib:${JRE_HOME}/lib' >>/etc/profile
echo 'export PATH=${JAVA_HOME}/bin:$PATH' >> /etc/profile
}
source /etc/profile
update-alternatives --install /usr/bin/java java /usr/lib/jdk/bin/javac 300
update-alternatives --install /usr/bin/javac javac /usr/lib/jdk/bin/javac 300
update-alternatives --install /usr/bin/jps jps /usr/lib/jdk/bin/jps 300
clear
java -version
echo 'export JAVA_HOME=/usr/lib/jdk' >>/etc/profile.d/jdkenv.sh
echo 'export JRE_HOME=${JAVA_HOME}/jre' >>/etc/profile.d/jdkenv.sh
echo 'export CLASSPATH=.:${JAVA_HOME}/lib:${JRE_HOME}/lib' >>/etc/profile.d/jdkenv.sh
echo 'export PATH=${JAVA_HOME}/bin:$PATH' >> /etc/profile.d/jdkenv.sh
sudo sed -i "s@http://.*archive.ubuntu.com@https://mirrors.tuna.tsinghua.edu.cn@g" /etc/apt/sources.list
sudo sed -i "s@http://.*security.ubuntu.com@https://mirrors.tuna.tsinghua.edu.cn@g" /etc/apt/sources.list
sudo apt-get update && sudo apt-get upgrade -y
# 针对WSL1的问题进行处理,不然在解压缩时可能会出问题。
echo -en '\x10' | sudo dd of=/usr/bin/gzip count=1 bs=1 conv=notrunc seek=$((0x189))
# 安装Geant4依赖
sudo apt-get install cmake build-essential libgl1-mesa-dev libglu1-mesa-dev libxt-dev libxmu-dev libxi-dev zlib1g-dev libgl2ps-dev libexpat1-dev libxerces-c-dev -y
sudo apt-get install qt5* --fix-missing -y
# 设置Geant4安装路径
export G4dir=$HOME/Application/Geant4 # Geant4待安装路径
mkdir -p $G4dir
cd $G4dir
# 生成下载地址
wget -O G4temp1 https://geant4.web.cern.ch/support/download# 下载Geant4Release页面,命名为G4temp1
grep -n '^\s*download' G4temp1 > G4temp2 # 使用grep预处理,将download信息提出出来
awk -F'"' '{i = 1; while (i <= NF) {if ($i ~/G4/) print "https://geant4-data.web.cern.ch/datasets/"$(i)"."$(i+2)".tar.gz";i++}}' G4temp2 > G4downloadList # 使用awk提取文件名并拼接成下载地址
awk -F'"' '{i = 1; while (i <= NF) {if ($i ~/geant4.*?gz/) print "https://geant4-data.web.cern.ch/releases/"$(i);i++}}' G4temp2 >> G4downloadList
rm G4temp* # 清理临时文件
# 下载Geant4数据及主程序
wget -i G4downloadList
# 编译安装主程序
tar -xzvf geant4*.tar.gz # 解压出geant4开头的文件,不同版本文件名不同
cd $G4dir/geant4*/
mkdir build
cd build
cmake -DCMAKE_INSTALL_PREFIX=.. -DGEANT4_USE_OPENGL_X11=ON -DGEANT4_BUILD_MULTITHREADED=ON -DGEANT4_USE_RAYTRACER_X11=ON -DGEANT4_USE_GDML=ON -DGEANT4_USE_QT=ON .. # 指定安装内容,这里加入了QT
make -j4 # 编译,可以根据计算机CPU线程数来设置
make install
# 将之前下载好的DATA文件放到对应的位置
cd $G4dir
mkdir data
mv G4*gz data
mv data $G4dir/gea*/share/*eant*/ # 需要把data文件放到这里才行
cd $G4dir/gea*/share/*eant*/data
ls *.tar.gz | xargs -n1 tar xzvf # 批量解压
# 将加载Geant4运行环境的命令开机自启
echo "source $G4dir/gea*/bin/geant4.sh" >> ~/.bashrc
# 将绑定X转发端口的命令开机自启(对应于WSL1的操作。WSL2见更下面)
# 注意,这一步针对WSL。需要将Geant4的QT界面通过X转发到windows中,这样才能打开图形化界面。当然,为此需要在windows上配置xServer(比如xming)。下载下来安装运行,输入和下面绑定相同的端口号即可。
# echo "export DISPLAY=localhost:0.0" >> ~/.bashrc #对应于WSL1
# WSL2的这个DISPLAY地址设置有所不同,应该像下面这样
echo 'host_ip=$(cat /etc/resolv.conf |grep "nameserver" |cut -f 2 -d " ")' >> ~/.bashrc #对应于WSL2
echo 'export DISPLAY=$host_ip:0.0' >> ~/.bashrc #对应于WSL2
# 注意,这里单引号表示将这个文本原封不动的写入文件,这样每次开启终端时都会自动设置 host_ip,可以应对每次重启导致wsl2变更host_ip的情况。
[AppStream]
name=AppStream
baseurl=http://mirrors.aliyun.com/almalinux/9.2/AppStream/x86_64/os/
gpgcheck=0
enabled=1
[BaseOS]
name=BaseOS
baseurl=http://mirrors.aliyun.com/almalinux/9.2/BaseOS/x86_64/os/
gpgcheck=0
enabled=1
[extras]
name=extras
baseurl=http://mirrors.aliyun.com/almalinux/9.2/extras/x86_64/os/
gpgcheck=0
enabled=1
[plus]
name=plus
baseurl=http://mirrors.aliyun.com/almalinux/9.2/plus/x86_64/os/
gpgcheck=0
enabled=1
[devel]
name=devel
baseurl=http://mirrors.aliyun.com/almalinux/9.2/devel/x86_64/os/
gpgcheck=0
enabled=1
[NFV]
name=NFV
baseurl=https://mirrors.aliyun.com/almalinux/9.2/NFV/x86_64/os/
gpgcheck=0
enabled=1
[CRB]
name=CRB
baseurl=https://mirrors.aliyun.com/almalinux/9.2/CRB/x86_64/os/
gpgcheck=0
enabled=1
[HighAvailability]
name=HighAvailability
baseurl=https://mirrors.aliyun.com/almalinux/9.2/HighAvailability/x86_64/os/
gpgcheck=0
enabled=1
[epel-USTC]
name=epel-USTC--CentOS-$releasever
baseurl=https://mirrors.ustc.edu.cn/epel/$releasever/Everything/$basearch/
enabled=1
gpgcheck=0
https://cn.download.nvidia.cn/XFree86/Linux-x86_64/535.146.02/NVIDIA-Linux-x86_64-535.146.02.run
1.安装依赖环境、查看内核版本
查看内核版本
[root@localhost ~]# ls /boot | grep vmlinu
[root@localhost ~]# rpm -aq | grep kernel-devel
安装依赖环境
yum -y install gcc dkms
yum install kernel-devel kernel-doc kernel-headers gcc\* glibc\* glibc-\*
2.禁用nouveau
查看命令
lsmod | grep nouveau
修改dist-blacklist.conf文件:
vim /lib/modprobe.d/dist-blacklist.conf
将nvidiafb注释掉:
#blacklist nvidiafb
然后添加以下语句:
blacklist nouveau
options nouveau modeset=0
重建initramfs image
mv /boot/initramfs-$(uname -r).img /boot/initramfs-$(uname -r).img.bak
dracut /boot/initramfs-$(uname -r).img $(uname -r)
重启
reboot
确认nouveau已被禁用
lsmod | grep nouveau