关于我:全国7*24高效代维服务

联系我:lianglab@126.com

淘宝店:全国7*24高效代维服务

Apache Log4j2 远程代码执行漏洞-排查和修复建议

TAG Log4j2、JNDI、RCE
漏洞等级: 攻击者利用此漏洞,可实现远程代码执行。
版本: 1.1

简介

Apache Log4j是Apache的一个开源项目,Apache log4j2是Log4j的升级版本,我们可以控制日志信息输送的目的地为控制台、文件、GUI组件等,通过定义每一条日志信息的级别,能够更加细致地控制日志的生成过程。

漏洞概述

12月9日,网上披露Apache Log4j2 远程代码执行漏洞,由于Apache Log4j2某些功能存在递归解析功能,未经身份验证的攻击者通过发送特别构造的数据请求包,可在目标服务器上执行任意代码。漏洞PoC已在网上公开,默认配置即可进行利用,该漏洞影响范围极广,建议相关用户尽快采取措施进行排查与防护。
12月10日,Apache Log4j 2.15.0-rc1 版本仅修复LDAP和增加了host白名单,可以被绕过利用,官方发布了Apache Log4j 2.15.0-rc2版本进行修复,增加了对urI异常的处理。

Apache Log4j2是一款开源的Java日志框架,被广泛地应用在中间件、开发框架与Web应用中,用来记录日志信息。

漏洞成功复现信息:

漏洞细节 漏洞PoC 漏洞EXP 利用
已公开 已公开 已公开 存在

参考链接:
https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-3201?filter=allissues

受影响版本

  • 2.0 <= Apache Log4j <= 2.15.0-rc1

注:使用Apache Log4j 1.X版本的应用,若开发者对JMS Appender利用不当,可对应用产生潜在的安全影响。

供应链影响范围

已知受影响应用及组件:

Apache Solr

Apache Struts2

Apache Flink

Apache Druid

spring-boot-strater-log4j2

更多组件可参考如下链接:

https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-core/usages?p=1

不受影响版本

Apache log4j-2.15.0-rc2(与官网的2.15.0稳定版相同)

漏洞检测

人工检测

1、用户可以更加java jar解压后查看是否存在org/apache/logging/log4j相关路径结构,判断是否存在使用的漏洞组件,如果存在相关java程序包,说明很有可能存在漏洞。

2、程序使用gradle打包,可以查看build.gradle编译配置文件,若在dependencies部分存在org.apache.logging.log4j相关字段,且版本号为小于2.15.0-rc2,说明存在该漏洞。

dependencies {
  compile group: 'org.apache.logging.log4j', name: 'log4j-api', version: '2.12.1'
  compile group: 'org.apache.logging.log4j', name: 'log4j-core', version: '2.12.1'
}

修复后

dependencies {
  compile group: 'org.apache.logging.log4j', name: 'log4j-api', version: '2.15.0'
  compile group: 'org.apache.logging.log4j', name: 'log4j-core', version: '2.15.0'
}

3、若程序使用maven打包,查看项目的pom.xml文件中是否存在下图所示相关字段,若版本号为小于2.15.0-rc2,说明存在该漏洞。

dependencies>
  <dependency>
    <groupId>org.apache.logging.log4j</groupId>
    <artifactId>log4j-api</artifactId>
    <version>2.12.1</version>
  </dependency>
  <dependency>
    <groupId>org.apache.logging.log4j</groupId>
    <artifactId>log4j-core</artifactId>
    <version>2.12.1</version>
  </dependency>
</dependencies>

修复后的

<dependencies>
  <dependency>
    <groupId>org.apache.logging.log4j</groupId>
    <artifactId>log4j-api</artifactId>
    <version>2.15.0</version>
  </dependency>
  <dependency>
    <groupId>org.apache.logging.log4j</groupId>
    <artifactId>log4j-core</artifactId>
    <version>2.15.0</version>
  </dependency>
</dependencies>

攻击排查

  • 攻击者在利用前通常采用 dnslog 方式进行扫描、探测,对于常见
    利用方式可通过应用系统报错日志中的
    “javax.naming.CommunicationException”、
    “javax.naming.NamingException: problem generating object using object factory”、”Error looking up JNDI resource”关键字进行排查。
  • 流量排查:攻击者的数据包中可能存在:“${jndi:rmi”、
    “${jndi:ldap” 字样

漏洞修复方案:

Apache官方已发布补丁,建议受影响的用户尽快升级到安全版本。

补丁下载地址:

https://github.com/apache/logging-log4j2/releases/tag/log4j-2.15.0-rc1

漏洞缓解措施:

(1)jvm参数 -Dlog4j2.formatMsgNoLookups=true

(2)log4j2.formatMsgNoLookups=True

建议 JDK 使用 11.0.1、8u191、7u201、6u211 及以上的高版本。

官方文档:

https://logging.apache.org/log4j/2.x/maven-artifacts.html

https://hxg-packages.%88%BF2%E6%B5%8B%E8%AF%95%E5%8C%85.zip

================================================

安装步骤

tar xfz gromacs-2023.3.tar.gz
cd gromacs-2023.3
mkdir build
cd build
cmake .. -DGMX_BUILD_OWN_FFTW=ON -DREGRESSIONTEST_DOWNLOAD=ON
make
make check
sudo make install
source /usr/local/gromacs/bin/GMXRC

下载地址: https://ftp.gromacs.org/gromacs/gromacs-2023.3.tar.gz

CentOS 7.6 安装部署Gromacs 2023 布朗动力学模拟

安装要求:

获取最新版本的C和C++编译器。
使用:gcc版本9.3,路径加入到bashrc

检查您是否拥有CMake 3.18.4或更高版本。
使用:cmake-3.23.5
获取并打开GROMACS tarball的最新版本。
制作一个单独的生成目录并对其进行更改。
以源路径为参数运行cmake
运行make、make check和make install
来源GMXRC以访问GROMACS

这里对gromcas的编译依赖于python3版本和gcc的高版本(最低要求是5.x版本)
但是在Centos里,默认的python是2.x版本,gcc默认是4.x版本。使用yum对gcc的升级最多到4.x版本。

软件下载地址:

gcc
http://mirror.centos.org/centos/7/extras/x86_64/Packages/centos-release-scl-2-3.el7.centos.noarch.rpm
cmake
https://cmake.org/files/v3.25/

主题简述

Gromacs是研究生物大分子体系的动力学模拟软件,在国内外有着广泛的应用。目前Gromacs只发布了基于Linux/Unix的安装程序包,本教程将介绍在VMware虚拟机上安装Gromacs正式版本2019.6。

工具/原料

VMware 虚拟机容器和Linux系统CentOS7对应镜像文件——官网下载

Cmake和Gromacs程序包——官网下载(Gromacs官网和cmake官网下载安装程序包(http://manual.gromacs.org/documentation/ 以及 https://cmake.org/download/)

Gromacs详细安装教程

1、检查和安装C/C++

检查命令

gcc -v

安装命令

sudo yum install gcc  (这里sudo是获取临时root权限,需要管理员密码;另外用"su"命令进行root操作也可以) 

CentOS7.6 gcc9.3安装方法

更新gcc版本

sudo yum install -y http://mirror.centos.org/centos/7/extras/x86_64/Packages/centos-release-scl-2-3.el7.centos.noarch.rpm

[root@lianglab tmp]# yum -y install centos-release-scl-2-3.el7.centos.noarch.rpm
Loaded plugins: fastestmirror
Examining centos-release-scl-2-3.el7.centos.noarch.rpm: centos-release-scl-2-3.el7.centos.noarch
Marking centos-release-scl-2-3.el7.centos.noarch.rpm to be installed
Resolving Dependencies

2.安装devtoolset:
这里需要注意一下,如果想安装7.版本的,就改成devtoolset-7-gcc,以此类推.
sudo yum install devtoolset-9-gcc-c++
3. 激活对应的devtoolset:

scl enable devtoolset-9 bash
或者
source /opt/rh/devtoolset-9/enable

[root@lianglab tmp]# scl enable devtoolset-9 bash

[root@lianglab tmp]# source /opt/rh/devtoolset-9/enable
[root@lianglab tmp]# gcc -v
Using built-in specs.
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=/opt/rh/devtoolset-9/root/usr/libexec/gcc/x86_64-redhat-linux/9/lto-wrapper
Target: x86_64-redhat-linux
Configured with: ../configure --enable-bootstrap --enable-languages=c,c++,fortran,lto --prefix=/opt/rh/devtoolset-9/root/usr --mandir=/opt/rh/devtoolset-9/root/usr/share/man --infodir=/opt/rh/devtoolset-9/root/usr/share/info --with-bugurl=http://bugzilla.redhat.com/bugzilla --enable-shared --enable-threads=posix --enable-checking=release --enable-multilib --with-system-zlib --enable-__cxa_atexit --disable-libunwind-exceptions --enable-gnu-unique-object --enable-linker-build-id --with-gcc-major-version-only --with-linker-hash-style=gnu --with-default-libstdcxx-abi=gcc4-compatible --enable-plugin --enable-initfini-array --with-isl=/builddir/build/BUILD/gcc-9.3.1-20200408/obj-x86_64-redhat-linux/isl-install --disable-libmpx --enable-gnu-indirect-function --with-tune=generic --with-arch_32=x86-64 --build=x86_64-redhat-linux
Thread model: posix
gcc version 9.3.1 20200408 (Red Hat 9.3.1-2) (GCC)
[root@lianglab tmp]#





若是重新安装gcc,从而提高gcc的版本,就很费时费磁盘空间,这里介绍一种普遍的方法来暂时的更新gcc:

yum安装相关依赖,将gcc提高到8.x版本:
 

yum install centos -release-scl -y
 
yum install devtoolset-8 -y
安装成功后,输入如下命令,打开一个新bash,在里面暂时更新gcc的版本:

scl enable devtoolset-8 bash
查看gcc的版本:

gcc --version
若是上面的方法不能更新gcc,可以使用如下方法使用devtoolset-8的内置脚本:

source /opt/rh/devtoolset-8/enable
这个就不会新开bahs,检查gcc版本:



gcc --version

image-20231201003811477

image-20231201003900643

image-20231201003919658

image-20231201004012273

查看gcc版本

image-20231201004106677

2、检查cmake

cmake -version

说明:

如果没有安装cmake或版本过低,需要到网上下载,yum资源库中的cmake版本一般较低:

下载安装包: https://cmake.org/files/v3.10/cmake-3.10.2-Linux-x86_64.tar.gz
wget https://github.com/Kitware/CMake/releases/download/v3.23.5/cmake-3.23.5-linux-x86_64.tar.gz
(用系统自带的下载工具下载)
3、cmake安装步骤
$ tar zxvf cmake-3.25.1-linux-x86_64.tar.gz  (解压安装包)

cd /opt && mkdir cmake
cd cmake

wget -c https://cmake.org/files/v3.25/cmake-3.25.1-linux-x86_64.tar.gz

tar -zxvf cmake-3.25.1-linux-x86_64.tar.gz

vi /etc/profile.d/cmakeenv.sh
export CMAKE_HOME=/opt/cmake/cmake-3.25.1-linux-x86_64/bin
export PATH=$CMAKE_HOME:$PATH


source /etc/profile


cmake --version


image-20231201005828774

4、Python3安装
解决依赖关系:
yum install zlib-devel bzip2-devel openssl-devel ncurses-devel sqlite-devel readline-devel tk-devel libffi-devel 



tar -zxf Python-3.7.12.tgz -C . 
 
cd Python-3.7.12 && ./configure prefix=/usr/local/python3
进行安装:

make && make -j 4 install

Generating grammar tables from /usr/local/python3/lib/python3.7/lib2to3/PatternGrammar.txt
Writing grammar tables to /usr/local/python3/lib/python3.7/lib2to3/PatternGrammar3.7.12.final.0.pickle
if test "xupgrade" != "xno"  ; then \
        case upgrade in \
                upgrade) ensurepip="--upgrade" ;; \
                install|*) ensurepip="" ;; \
        esac; \
         ./python -E -m ensurepip \
                $ensurepip --root=/ ; \
fi
Looking in links: /tmp/tmpudhcmddy
Processing /tmp/tmpudhcmddy/setuptools-47.1.0-py3-none-any.whl
Processing /tmp/tmpudhcmddy/pip-20.1.1-py2.py3-none-any.whl
Installing collected packages: setuptools, pip
  WARNING: The script easy_install-3.7 is installed in '/usr/local/python3/bin' which is not on PATH.
  Consider adding this directory to PATH or, if you prefer to suppress this warning, use --no-warn-script-location.
  WARNING: The scripts pip3 and pip3.7 are installed in '/usr/local/python3/bin' which is not on PATH.
  Consider adding this directory to PATH or, if you prefer to suppress this warning, use --no-warn-script-location.
Successfully installed pip-20.1.1 setuptools-47.1.0
[root@lianglab Python-3.7.12]#



编译安装成功后,进入到/usr/local/python3文件夹里查看是否成功安装:

[root@lianglab Python-3.7.12]# cd /usr/local/python3/bin && ll
total 31600
lrwxrwxrwx. 1 root root        8 Dec  1 01:07 2to3 -> 2to3-3.7
-rwxr-xr-x. 1 root root      109 Dec  1 01:07 2to3-3.7
-rwxr-xr-x. 1 root root      246 Dec  1 01:08 easy_install-3.7
lrwxrwxrwx. 1 root root        7 Dec  1 01:07 idle3 -> idle3.7
-rwxr-xr-x. 1 root root      107 Dec  1 01:07 idle3.7
-rwxr-xr-x. 1 root root      237 Dec  1 01:08 pip3
-rwxr-xr-x. 1 root root      237 Dec  1 01:08 pip3.7
lrwxrwxrwx. 1 root root        8 Dec  1 01:07 pydoc3 -> pydoc3.7
-rwxr-xr-x. 1 root root       92 Dec  1 01:07 pydoc3.7
lrwxrwxrwx. 1 root root        9 Dec  1 01:07 python3 -> python3.7
-rwxr-xr-x. 2 root root 16161800 Dec  1 01:07 python3.7
lrwxrwxrwx. 1 root root       17 Dec  1 01:07 python3.7-config -> python3.7m-config
-rwxr-xr-x. 2 root root 16161800 Dec  1 01:07 python3.7m
-rwxr-xr-x. 1 root root     2910 Dec  1 01:07 python3.7m-config
lrwxrwxrwx. 1 root root       16 Dec  1 01:07 python3-config -> python3.7-config
lrwxrwxrwx. 1 root root       10 Dec  1 01:07 pyvenv -> pyvenv-3.7
-rwxr-xr-x. 1 root root      449 Dec  1 01:07 pyvenv-3.7
[root@lianglab bin]#

使用软连接将python3编译器和pip链接到/usr/bin里,方便在命令行里调用:
 

ln -s /usr/local/python3/bin/python3 /usr/bin/python3
ln -s /usr/local/python3/bin/pip3 /usr/bin/pip3

[root@lianglab bin]# ln -s /usr/local/python3/bin/python3 /usr/bin/python3
[root@lianglab bin]# ln -s /usr/local/python3/bin/pip3 /usr/bin/pip3
[root@lianglab bin]#



最后在命令行里输入python3查看能否打开python3编译器:

[root@lianglab bin]# python3
Python 3.7.12 (default, Dec  1 2023, 01:06:32)
[GCC 9.3.1 20200408 (Red Hat 9.3.1-2)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>>

————————————————

wget https://www.python.org/ftp/python/3.7.12/Python-3.7.12.tgz

image-20231201010132320

image-20231201010014264

image-20231201010320398

image-20231201010449438

image-20231201010907663

image-20231201011028364

image-20231201011314266

image-20231201011341530

5、安装Gromacs
官网下载

下载安称耍装包: https://ftp.gromacs.org/gromacs/gromacs-2023.3.tar.gz
(用辞泥系统自带的下载工具下载) (如下图)

$   tar xfz gromacs-2019.6.tar.gz  (解压安装包)
$   cd gromacs-2019.6   (进入目录)
$   mkdir build    (新建文件夹build)  (如下图)
$   cd build     (进入目录)
$   cmake .. -DGMX_BUILD_OWN_FFTW=ON -DCMAKE_INSTALL_PREFIX=/usr/local/gromacs-2019.6  (要求安装过程中自动下载FFTW库文件,指定程序安装到目录/usr/local/gromacs-2019.6)
$   make   (编译时间比较长)
$   make check 
$   sudo make install   (安装)

tar xfz gromacs-2023.3.tar.gz
cd gromacs-2023.3
mkdir build
cd build
cmake .. -DGMX_BUILD_OWN_FFTW=ON -DREGRESSIONTEST_DOWNLOAD=ON
make
make check
sudo make install
source /usr/local/gromacs/bin/GMXRC


[root@lianglab tmp]# tar zxvf gromacs-2023.3.tar.gz

[root@lianglab tmp]# cd gromacs-2023.3
[root@lianglab gromacs-2023.3]# ls
admin  AUTHORS       cmake           COPYING          CPackInit.cmake    docs     python_packaging  scripts  src
api    CITATION.cff  CMakeLists.txt  COPYING.derived  CTestConfig.cmake  INSTALL  README            share    tests
[root@lianglab gromacs-2023.3]# mkdir build
[root@lianglab gromacs-2023.3]# cd build
[root@lianglab build]# cmake .. -DGMX_BUILD_OWN_FFTW=ON -DREGRESSIONTEST_DOWNLOAD=ON
------------------------------省略---------------------------
-- [download 99% complete]
-- [download 100% complete]
-- Could NOT find Sphinx (missing: SPHINX_EXECUTABLE pygments) (Required is at least version "4.0.0")
-- Configuring done
-- Generating done
-- Build files have been written to: /tmp/gromacs-2023.3/build
[root@lianglab build]# make
------------------------------省略---------------------------
[ 98%] Linking CXX shared library ../../lib/libnblib_gmx.so
[ 98%] Built target nblib
[ 98%] Building CXX object api/nblib/samples/CMakeFiles/argon-forces-integration.dir/argon-forces-integration.cpp.o
[ 98%] Linking CXX executable ../../../bin/argon-forces-integration
[ 98%] Built target argon-forces-integration
[ 98%] Building CXX object api/nblib/samples/CMakeFiles/methane-water-integration.dir/methane-water-integration.cpp.o
[100%] Linking CXX executable ../../../bin/methane-water-integration
[100%] Built target methane-water-integration
[100%] Building CXX object src/programs/CMakeFiles/mdrun_objlib.dir/mdrun/mdrun.cpp.o
[100%] Building CXX object src/programs/CMakeFiles/mdrun_objlib.dir/mdrun/nonbonded_bench.cpp.o
[100%] Built target mdrun_objlib
[100%] Building CXX object src/programs/CMakeFiles/gmx_objlib.dir/gmx.cpp.o
[100%] Building CXX object src/programs/CMakeFiles/gmx_objlib.dir/legacymodules.cpp.o
[100%] Built target gmx_objlib
[100%] Linking CXX executable ../../bin/gmx
[100%] Built target gmx
[root@lianglab build]# make check

      Start 84: regressiontests/complex
84/87 Test #84: regressiontests/complex ...................   Passed   77.63 sec
      Start 85: regressiontests/freeenergy
85/87 Test #85: regressiontests/freeenergy ................   Passed   41.03 sec
      Start 86: regressiontests/rotation
86/87 Test #86: regressiontests/rotation ..................   Passed    2.48 sec
      Start 87: regressiontests/essentialdynamics
87/87 Test #87: regressiontests/essentialdynamics .........   Passed    1.54 sec

100% tests passed, 0 tests failed out of 87

Label Time Summary:
GTest              = 245.07 sec*proc (81 tests)
IntegrationTest    = 199.80 sec*proc (25 tests)
MpiTest            = 217.99 sec*proc (19 tests)
QuickGpuTest       =  75.73 sec*proc (17 tests)
SlowGpuTest        = 279.87 sec*proc (18 tests)
SlowTest           =  43.14 sec*proc (13 tests)
UnitTest           =   2.13 sec*proc (43 tests)

Total Test time (real) = 367.83 sec
[100%] Built target run-ctest-nophys
[100%] Built target check
[root@lianglab build]#
[root@lianglab build]#
[root@lianglab build]# make install


[root@lianglab build]# source /usr/local/gromacs/bin/GMXRC

image-20231201011525593

image-20231201011623167

image-20231201011701919

image-20231201011904800

image-20231201020811492

image-20231201020923779

image-20231201024550009

image-20231201024616831

image-20231201024631695

6、备注说明:
首先申明不推荐老系统安装新的软件,太费事了

安装软件的话,首先要考虑环境

首要任务:升级gcc和g++,这块比较顺畅

https://www.123pan.com/s/JylVVv-rv1w3.html

我用夸克网盘分享了「Python-3.7.12.tgz」,点击链接即可保存。打开「夸克APP」,无需下载在线播放视频,畅享原画5倍速,支持电视投屏。
链接:
https://pan.quark.cn/s/95ab0a50d455

sudo /opt/schily/bin/mkisofs -iso-level 3 -r -V sblive -cache-inodes -J -l -b isolinux/isolinux.bin -no-emul-boot -boot-load-size 4 -boot-info-table -c isolinux/boot.cat -o sblive.iso sblive

grep 'JAVA_HOME' /etc/profile || {
echo 'export JAVA_HOME=/usr/lib/jdk' >>/etc/profile
echo 'export JRE_HOME=${JAVA_HOME}/jre' >>/etc/profile
echo 'export CLASSPATH=.😒{JAVA_HOME}/lib:${JRE_HOME}/lib' >>/etc/profile
echo 'export PATH=${JAVA_HOME}/bin:$PATH' >> /etc/profile
}
source /etc/profile
update-alternatives --install /usr/bin/java java /usr/lib/jdk/bin/javac 300
update-alternatives --install /usr/bin/javac javac /usr/lib/jdk/bin/javac 300
update-alternatives --install /usr/bin/jps jps /usr/lib/jdk/bin/jps 300
clear
java -version

echo  'export JAVA_HOME=/usr/lib/jdk'   >>/etc/profile.d/jdkenv.sh
echo  'export JRE_HOME=${JAVA_HOME}/jre'   >>/etc/profile.d/jdkenv.sh
echo  'export CLASSPATH=.:${JAVA_HOME}/lib:${JRE_HOME}/lib'  >>/etc/profile.d/jdkenv.sh
echo  'export PATH=${JAVA_HOME}/bin:$PATH'   >> /etc/profile.d/jdkenv.sh
sudo sed -i "s@http://.*archive.ubuntu.com@https://mirrors.tuna.tsinghua.edu.cn@g" /etc/apt/sources.list
sudo sed -i "s@http://.*security.ubuntu.com@https://mirrors.tuna.tsinghua.edu.cn@g" /etc/apt/sources.list
sudo apt-get update && sudo apt-get upgrade -y

# 针对WSL1的问题进行处理,不然在解压缩时可能会出问题。
echo -en '\x10' | sudo dd of=/usr/bin/gzip count=1 bs=1 conv=notrunc seek=$((0x189))

# 安装Geant4依赖
sudo apt-get install cmake build-essential  libgl1-mesa-dev libglu1-mesa-dev libxt-dev libxmu-dev libxi-dev zlib1g-dev libgl2ps-dev libexpat1-dev libxerces-c-dev -y
sudo apt-get install qt5* --fix-missing -y 

# 设置Geant4安装路径
export G4dir=$HOME/Application/Geant4 # Geant4待安装路径
mkdir -p $G4dir
cd $G4dir

# 生成下载地址
wget -O G4temp1 https://geant4.web.cern.ch/support/download# 下载Geant4Release页面,命名为G4temp1
grep -n '^\s*download' G4temp1 > G4temp2 # 使用grep预处理,将download信息提出出来
awk -F'"' '{i = 1; while (i <= NF) {if ($i ~/G4/) print "https://geant4-data.web.cern.ch/datasets/"$(i)"."$(i+2)".tar.gz";i++}}' G4temp2 > G4downloadList # 使用awk提取文件名并拼接成下载地址
awk -F'"' '{i = 1; while (i <= NF) {if ($i ~/geant4.*?gz/) print "https://geant4-data.web.cern.ch/releases/"$(i);i++}}' G4temp2 >> G4downloadList
rm G4temp* # 清理临时文件

# 下载Geant4数据及主程序
wget -i G4downloadList

# 编译安装主程序
tar -xzvf geant4*.tar.gz # 解压出geant4开头的文件,不同版本文件名不同
cd $G4dir/geant4*/
mkdir build
cd build
cmake -DCMAKE_INSTALL_PREFIX=.. -DGEANT4_USE_OPENGL_X11=ON -DGEANT4_BUILD_MULTITHREADED=ON -DGEANT4_USE_RAYTRACER_X11=ON -DGEANT4_USE_GDML=ON -DGEANT4_USE_QT=ON .. # 指定安装内容,这里加入了QT
make -j4 # 编译,可以根据计算机CPU线程数来设置
make install  


# 将之前下载好的DATA文件放到对应的位置
cd  $G4dir
mkdir data
mv G4*gz data
mv data $G4dir/gea*/share/*eant*/ # 需要把data文件放到这里才行
cd $G4dir/gea*/share/*eant*/data
ls *.tar.gz | xargs -n1 tar xzvf # 批量解压

# 将加载Geant4运行环境的命令开机自启
echo "source $G4dir/gea*/bin/geant4.sh" >> ~/.bashrc

# 将绑定X转发端口的命令开机自启(对应于WSL1的操作。WSL2见更下面)
# 注意,这一步针对WSL。需要将Geant4的QT界面通过X转发到windows中,这样才能打开图形化界面。当然,为此需要在windows上配置xServer(比如xming)。下载下来安装运行,输入和下面绑定相同的端口号即可。
# echo "export DISPLAY=localhost:0.0" >> ~/.bashrc  #对应于WSL1

# WSL2的这个DISPLAY地址设置有所不同,应该像下面这样
echo 'host_ip=$(cat /etc/resolv.conf |grep "nameserver" |cut -f 2 -d " ")' >> ~/.bashrc #对应于WSL2
echo 'export DISPLAY=$host_ip:0.0' >> ~/.bashrc #对应于WSL2
# 注意,这里单引号表示将这个文本原封不动的写入文件,这样每次开启终端时都会自动设置 host_ip,可以应对每次重启导致wsl2变更host_ip的情况。

[AppStream]
name=AppStream
baseurl=http://mirrors.aliyun.com/almalinux/9.2/AppStream/x86_64/os/
gpgcheck=0
enabled=1
 
[BaseOS]
name=BaseOS
baseurl=http://mirrors.aliyun.com/almalinux/9.2/BaseOS/x86_64/os/
gpgcheck=0
enabled=1
 
[extras]
name=extras
baseurl=http://mirrors.aliyun.com/almalinux/9.2/extras/x86_64/os/
gpgcheck=0
enabled=1
 
[plus]
name=plus
baseurl=http://mirrors.aliyun.com/almalinux/9.2/plus/x86_64/os/
gpgcheck=0
enabled=1
 
[devel]
name=devel
baseurl=http://mirrors.aliyun.com/almalinux/9.2/devel/x86_64/os/
gpgcheck=0
enabled=1
 
[NFV]
name=NFV
baseurl=https://mirrors.aliyun.com/almalinux/9.2/NFV/x86_64/os/
gpgcheck=0
enabled=1
 
[CRB]
name=CRB
baseurl=https://mirrors.aliyun.com/almalinux/9.2/CRB/x86_64/os/
gpgcheck=0
enabled=1
 
[HighAvailability]
name=HighAvailability
baseurl=https://mirrors.aliyun.com/almalinux/9.2/HighAvailability/x86_64/os/
gpgcheck=0
enabled=1

[epel-USTC]
name=epel-USTC--CentOS-$releasever
baseurl=https://mirrors.ustc.edu.cn/epel/$releasever/Everything/$basearch/
enabled=1
gpgcheck=0

https://cn.download.nvidia.cn/XFree86/Linux-x86_64/535.146.02/NVIDIA-Linux-x86_64-535.146.02.run

1.安装依赖环境、查看内核版本
查看内核版本
[root@localhost ~]# ls /boot | grep vmlinu
[root@localhost ~]# rpm -aq | grep kernel-devel
安装依赖环境
yum -y install gcc dkms
yum install kernel-devel kernel-doc kernel-headers gcc\* glibc\*  glibc-\*

2.禁用nouveau
查看命令
lsmod | grep nouveau

修改dist-blacklist.conf文件:
vim /lib/modprobe.d/dist-blacklist.conf


将nvidiafb注释掉:
#blacklist nvidiafb


然后添加以下语句:
blacklist nouveau
options nouveau modeset=0


重建initramfs image
mv /boot/initramfs-$(uname -r).img /boot/initramfs-$(uname -r).img.bak
dracut /boot/initramfs-$(uname -r).img $(uname -r)

重启
reboot

确认nouveau已被禁用
lsmod | grep nouveau
posted @ 2021-12-10 20:18  亮亮实验室  阅读(8883)  评论(0编辑  收藏  举报