#124 Review Quick-Docs : SilverBlue
Closed 4 years ago by hhlp. Opened 4 years ago by hhlp.
Unknown source SilverBlue  into  master

file modified
+1 -1
@@ -10,7 +10,7 @@

  General appearance issues and publishing issues should be reported against

  the [publishing software](https://pagure.io/fedora-docs/docs-fp-o).

  

- ## Rewievers needed!

+ ## Reviewers needed!

  

  As discussed in [issue #107](https://pagure.io/fedora-docs/quick-docs/issue/107),

  a lot of pages in this repository are in need of a technical review. Pages which need

file modified
+2 -3
@@ -6,8 +6,8 @@

  

  * Usage and customisation

  ** xref:dnf.adoc[Using the DNF software package manager]

- ** xref:finding-and-installing-linux-applications.adoc[Finding and installing Linux applications]

  ** xref:repositories.adoc[Fedora Repositories]

+ ** xref:finding-and-installing-linux-applications.adoc[Finding and installing Linux applications]

  ** xref:adding-or-removing-software-repositories-in-fedora.adoc[Adding or removing software repositories in Fedora]

  ** xref:setup_rpmfusion.adoc[Enabling the RPM Fusion repositories]

  ** xref:installing-chromium-or-google-chrome-browsers.adoc[Installing Chromium or Google Chrome browsers]
@@ -40,9 +40,9 @@

  ** xref:creating-a-disk-partition-in-linux.adoc[Creating disk partitions]

  ** xref:bumblebee.adoc[NVIDIA Optimus Bumblebee]

  ** xref:reset-root-password.adoc[Resetting a root password]

- ** xref:proc_installing-RPM.adoc[Installing an RPM File]

  ** xref:using-aide.adoc[Checking file integrity with AIDE]

  ** xref:getting-started-with-apache-http-server.adoc[Getting started with Apache HTTP Server]

+ ** xref:how-to-edit-iptables-rules.adoc[How to edit iptables rules]

  

  * xref:getting-started-with-selinux.adoc[SELinux]

  ** xref:changing-selinux-states-and-modes.adoc[Changing SELinux states and modes]
@@ -67,7 +67,6 @@

  //FIXME * xref:debug-systemd-problems.adoc[How to debug systemd problems]

  //FIXME * xref:debug-wayland-problems.adoc[How to debug Wayland problems] - note: maintained on wiki, does not fit quick-docs IMHO

  //FIXME * xref:fedora-life-cycle.adoc[Fedora Release Life Cycle] - note: maintained on wiki, does not fit quick-docs IMHO

- //FIXME * xref:edit-iptables-rules.adoc[How to edit iptables rules]

  //FIXME * xref:enable-touchpad-click.adoc[How to enable touchpad click]

  //FIXME * xref:mirroring.adoc[Mirroring]

  //FIXME * xref:openh264.adoc[OpenH264]

@@ -1,1 +1,3 @@

  :MAJOROSVER: 29

+ :NEXTVER: 30

+ :PREVVER: 28

@@ -1,10 +0,0 @@

- [id='about-java']

- = About Java

- 

- Java is a popular programming language that allows you run programs on many platforms, including Fedora. If you want to create Java programs, you need to install a JDK (Java Development Kit). If you want to run a Java program, you can do that on a JVM (Java Virtual Machine), which is provided with the JRE (Java Runtime Environment). If in doubt, install the JDK because this is sometimes required even if the intention is not to write Java programs. 

- 

- Many flavors of Java exist and also many versions of each flavor. If you want to just run a specific application, check the documentation of that software to see what versions of Java are supported or have been tested. Most Java applications run on one of the following:

- 

- * OpenJDK -- an open-source implementation of the Java Platform, Standard Edition

- * Oracle Java SE -- a free JDK from Oracle

- 

@@ -1,27 +1,13 @@

- [id='viewing-logs']

- = Viewing logs

+ [id='viewing-logs in Fedora']

+ = Viewing logs in Fedora

  

- Log files contain messages about the system, including the kernel, services, and applications running on it. There are different log files for different information. For example, there is a default system log file, a log file for security messages, and a log file for cron tasks.

+ Log files contain messages about the system, including the kernel, services, and applications running on it.

+ These contain information that helps troubleshoot issues, or simply monitor system functions.

+ Fedora uses the https://freedesktop.org/wiki/Software/systemd/[systemd] system and service manager.

+ With systemd, messages for most services are now stored in the systemd journal which is a binary file that must be accessed usinng the `journalctl` command.

  

- [id='locating-log-files']

- == Locating log files

- 

- Most log files are located in the `/var/log/` directory.

- 

- `Rsyslog` is a system utility that provides support for logging. To install the _rsyslog_ package:

- ----

- $ sudo dnf install rsyslog

- ----

- To view a list of log files maintained by the related daemon, `rsyslogd`, enter the following command:

- ----

- $ less /etc/rsyslog.conf

- ----

- 

- [id='viewing-log-files']

- == Viewing log files

- 

- In Fedora, there are two ways to open the log files:

+ System tools that do not use systemd for their logs continue to place them as plain text files in the `/var/log/` directory.

+ In Fedora, there are two ways of accessing system logs:

  

  * The command line

- 

- * A GUI application

+ * A GUI applications

modules/ROOT/pages/_partials/iptables-cli.adoc modules/ROOT/pages/edit-iptables-rules.adoc
file renamed
+79 -338
@@ -1,75 +1,30 @@

- = How to edit iptables rules

+ = Command Line Interface

  

- '''

+ == Changes to iptables Rules

  

- [IMPORTANT]

- ======

+ The following procedures allow for changes in the behaviour of the firewall

+ while it is running. It is important to understand that every change

+ is applied immediately.

  

- This page was automatically converted from https://fedoraproject.org/wiki/How_to_edit_iptables_rules

+ Read the man pages (`man iptables`) for further explanations

+ and more sophisticated examples.

  

- It is probably

  

- * Badly formatted

- * Missing graphics and tables that do not convert well from mediawiki

- * Out-of-date

- * In need of other love

+ === Listing Rules

  

- 

- Pull requests accepted at https://pagure.io/fedora-docs/quick-docs

- 

- Once you've fixed this page, remove this notice, and update

- [filename]`modules/ROOT/nav.adoc`.

- 

- Once the document is live, go to the original wiki page and replace its text

- with the following macro:

+ Currently running iptables rules can be viewed with the command:

  

  ....

- {{#fedoradocs: https://docs.fedoraproject.org/whatever-the-of-this-new-page}}

+ # iptables -L

  ....

  

- ======

- 

- '''

- 

- include::{partialsdir}/unreviewed-message.adoc[]

- 

- In this how-to, we will illustrate three ways to edit iptables Rules :

- 

- * *CLI :* iptables command line interface and system configuration file

- /etc/sysconfig/iptables.

- * *TUI (text-based) interface :* setup or system-config-firewall-tui

- * *GUI :* system-config-firewall

- 

- NOTE: This how-to illustrates editing existing iptables Rules, not the

- initial creation of Rules chains.

- 

- __TOC__

- 

- [[cli-command-line-interface]]

- == CLI (command line interface)

- 

- [[hot-changes-to-iptables-rules]]

- === Hot changes to iptables Rules

  

- The following procedures allow changes in the behaviour of the firewall

- while it is running.

- 

- Read the man pages for iptables (man iptables) for further explanations

- and more sophisticated Rules examples.

- 

- [[listing-rules]]

- ==== Listing Rules

- 

- Current running iptables Rules can be viewed with the command

- 

- ....

- iptables -L

- ....

- 

- .

- 

- Example of iptables Rules allowing any connections already established

- or related, icmp requests, all local traffic, and ssh communication:

+ The following example shows four rules. These rules permit

+ established or related connections, any ICMP traffic, any local traffic as

+ well as incoming connections on port 22. Please note that the output has

+ no indication that the third rule applies only to local traffic. Therefore

+ you might want to add the `-v` option. This will reveal that the rule only

+ applies to traffic on the loopback interface.

  

  ....

  [root@server ~]# iptables -L
@@ -87,16 +42,16 @@

  target     prot opt source               destination

  ....

  

- Note that Rules are applied in order of appearance, and the inspection

- ends immediately when there is a match. Therefore, for example, if a

- Rule rejecting ssh connections is created, and afterward another Rule is

- specified allowing ssh, the Rule to reject is applied and the later Rule

- to accept the ssh connection is not.

+ Also remember that rules are applied in order of appearance and that after the

+ first match, no further rules are considered (there are exceptions, please refer

+ to the man pages for details). For example, in case there is a rule rejecting

+ ssh connections and subsequently a second rule permitting ssh connections, the

+ first rule would be applied to incoming ssh connections while the latter would

+ never be evaluated.

  

- [[appending-rules]]

- ==== Appending Rules

+ === Appending Rules

  

- The following adds a Rule at the end of the specified chain of iptables:

+ The following adds a rule at the end of the specified chain of iptables:

  

  ....

  [root@server ~]# iptables -A INPUT -p tcp --dport 80 -j ACCEPT
@@ -116,15 +71,13 @@

  target     prot opt source               destination

  ....

  

- Notice the last line in chain INPUT. There are now five Rules in that

- chain.

+ Notice the last line in the INPUT chain. There are now five rules.

  

- [[deleting-rules]]

- ==== Deleting Rules

+ === Deleting Rules

  

- To delete a Rule, you must know its position in the chain. The following

- example deletes an existing Rule created earlier that is currently in

- the fifth position:

+ To delete a rule you need to know its position in the chain. The following will

+ delete the rule from the previous example. To do so, the rule in the fifth

+ position has to be deleted:

  

  ....

  [root@server ~]# iptables -D INPUT 5
@@ -143,10 +96,10 @@

  target     prot opt source               destination

  ....

  

- [[inserting-rules]]

- ==== Inserting Rules

+ === Inserting Rules

  

- Create a Rule at the top (first) position:

+ You can also insert rules at a specific position. To insert a rule at the top

+ (i.e. first) position, use:

  

  ....

  [root@server ~]# iptables -I INPUT 1 -p tcp --dport 80 -j ACCEPT
@@ -166,20 +119,18 @@

  target     prot opt source               destination

  ....

  

- The number given after the chain name indicates the position *before* an

- existing Rule. So, for example, if you want to insert a Rule *before*

- the third rule you specify the number 3. Afterward, the existing Rule

- will then be in the fourth position in the chain.

+ The number given after the chain name indicates the position of your new rule

+ *after* the insertion. So, for example, if you want to insert a rule at the

+ third position, you specify the number 3. Afterwards your new rule is at

+ position 3, while the old rule from position 3 is now shifted to position 4.

  

- [[replacing-rules]]

- ==== Replacing Rules

+ === Replacing Rules

  

- Rules may be specified to replace existing Rules in the chain.

+ Rules may be specified to replace existing rules in the chain.

  

- In the example shown previously, the first Rule given allows connections

- to the http port (port 80) from anywhere. The following replaces this

- Rule, restricting connections to the standard http port (port 80) only

- from the network address range 192.168.0.0/24:

+ In the previous example, the first rule grants access to tcp port 80 from

+ any source. To restrict the access to sources within a local net, the following

+ command replaces the first rule:

  

  ....

  [root@server ~]# iptables -R INPUT 1 -p tcp -s 192.168.0.0/24 --dport 80 -j ACCEPT
@@ -199,33 +150,33 @@

  target     prot opt source               destination

  ....

  

- [[flushing-rules]]

- ==== Flushing Rules

+ === Flushing Rules

  

- To flush or clear iptables Rules, use the *--flush*, *-F* option :

+ To flush or clear all iptables rules, use the `--flush`, `-F` option:

  

  ....

- iptables -F <chain>

+ # iptables -F <chain>

  ....

  

- Specifying a ** is optional; without a chain specification, all chains

- are flushed.

+ Specifying a chain is optional. Without a given chain, all chains

+ are flushed. Remember that the new rule set is immediately active.

+ Depending on the default policies, you might loose access to a remote machine

+ by flushing the rules.

  

- Example to flush Rules in the *OUTPUT* chain :

+ To flush all rules in the OUTPUT chain use:

  

  ....

- [root@server ~]# iptables -F OUTPUT

+ # iptables -F OUTPUT

  ....

  

- [[making-changes-persistent]]

- === Making changes persistent

+ == Making changes persistent

  

- The iptables Rules changes using CLI commands will be lost upon system

- reboot. However, iptables comes with two useful utilities:

- *iptables-save* and *iptables-restore*.

+ All changes to iptables rules using the CLI commands will be lost upon system

+ reboot. However, `iptables` comes with two useful utilities:

+ `iptables-save` and `iptables-restore`.

  

- * *iptables-save* prints a dump of current iptables rules to *stdout*.

- These may be redirected to a file:

+ `iptables-save` prints a dump of current rule set to *stdout*. This may be

+  redirected to a file:

  

  ....

  [root@server ~]# iptables-save > iptables.dump
@@ -243,7 +194,7 @@

  # Completed on Wed Dec  7 20:10:49 2011

  ....

  

- * iptables-restore : restore a dump of rules made by iptables-save.

+ Use `iptables-restore` to restore a dump of rules made by `iptables-save`.

  

  ....

  [root@server ~]# iptables-restore < iptables.dump
@@ -264,247 +215,37 @@

  

  In the default configuration, stopping or restarting the iptables

  service will discard the running configuration. This behavior can be

- changed by setting IPTABLES_SAVE_ON_STOP="yes" or

- IPTABLES_SAVE_ON_RESTART="yes" in /etc/sysconfig/iptables-config. If

- these values are set, the affected files are:

+ changed by setting `IPTABLES_SAVE_ON_STOP="yes"` or

+ `IPTABLES_SAVE_ON_RESTART="yes"` in `/etc/sysconfig/iptables-config`. If

+ these values are set, the configuration will be automatically dumped to

+ `/etc/sysconfig/iptables` and `/etc/sysconfig/ip6tables` for IPv4 and IPv6

+ respectively.

  

- * ....

- /etc/sysconfig/iptables

- ....

- +

- for IPv4

- * ....

- /etc/sysconfig/ip6tables

- ....

- +

- for IPv6

- 

- If preferred, these files may be edited directly, and iptables service

- restarted to commit the changes. The format is similar to that of the

- iptables CLI commands:

+ If you prefer, you may edit these files directly. Restart the iptables

+ service or restore the rules to apply your changes. The rules are in the same

+ format as you would specify them on the command line:

  

  ....

  # Generated by iptables-save v1.4.12 on Wed Dec  7 20:22:39 2011

- *filter <--------------------------------------------------------- Specify the table of the next rules

- :INPUT DROP [157:36334] <----------------------------------------- This is the three chain belong to filter table, then the policy of the chain

- :FORWARD ACCEPT [0:0] <------------------------------------------- and between brackets [<packet-counter>:<byte-counter>] numbers is for

- :OUTPUT ACCEPT [48876:76493439] <--------------------------------- debug/informations purpose only. Leave them at their current value.

- -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT <--------- A rule.

- -A INPUT -p icmp -j ACCEPT <-------------------------------------- You just have to take all arguments

- -A INPUT -i lo -j ACCEPT <---------------------------------------- of an iptables command.

+ *filter

+ :INPUT DROP [157:36334]

+ :FORWARD ACCEPT [0:0]

+ :OUTPUT ACCEPT [48876:76493439]

+ -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

+ -A INPUT -p icmp -j ACCEPT

+ -A INPUT -i lo -j ACCEPT

  -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT

- COMMIT <---------------------------------------------------------- Needed at each end of table definition. Commit rules in that table.

+ COMMIT

  # Completed on Wed Dec  7 20:22:39 2011

  ....

  

- If needed, to reset packet and byte counters, use *-Z*, *--zero* :

+ The numbers in brackets are counters and usually you don't have to mangle them.

+ If needed, you can reset packet and byte counters using the `-Z` or `--zero`

+ option:

  

  ....

- iptables -Z <chain> <rule_number>

+ # iptables -Z <chain> <rule_number>

  ....

  

- It is possible to reset only reset a single rule counter. It can be

- useful, if you want to know how many packets were captured for a

- specific rule.

- 

- [[tui-text-based-user-interface]]

- == TUI (text-based user interface)

- 

- There is two ways to managing iptables rules with a text-based user

- interface, either using *setup* or *system-config-firewall-tui*. Using

- *system-config-firewall-tui* takes you directly to editing the rules.

- Using *setup* you need to select *firewall configuration* and then you

- can edit rules. Starting with *setup* looks like this:

- 

- image:Firewall-tui.PNG[setup menu

- utility,title="setup menu utility",width=700]

- 

- On the next screen, which is where you start with

- *system-config-firewall-tui*, make sure that "Firewall" is enabled, or

- you cannot edit the settings. Then select *Customize* :

- 

- image:First_menu_firewall_tui.PNG[Firewall Configuration by TUI. First

- screen.,title="Firewall Configuration by TUI. First screen.",width=700]

- 

- There is good chance that a service you want to modify is part of the

- list of standard "Trusted" services. Select the services you want to

- trust (ports to open) and press *Forward* (which means 'next', it is not

- port forwarding):

- 

- image:Firewall_TUI_Trusted_services.PNG[Editing trusted service with

- firewall tui

- interface.,title="Editing trusted service with firewall tui interface.",width=700]

- 

- The Other Ports menu lets you open additional ports not in the list of

- standard Trusted Services, or to edit an existing list of additional

- ports :

- 

- image:Firewall_TUI_other_ports.PNG[Editing Other ports on firewall

- configuration by TUI

- interface.,title="Editing Other ports on firewall configuration by TUI interface.",width=700]

- 

- To add other ports, specify one port or a port range, and choose between

- *tcp* or *udp* for the protocol. The port range format is _beginningPort

- - endingPort_.

- 

- image:Firewall_TUI_adding_other_ports.PNG[Adding other ports on firewall

- configuration by TUI

- interface.,title="Adding other ports on firewall configuration by TUI interface.",width=700]

- 

- The trusted interfaces menu allows you to trust all traffic on a network

- interface. All traffic will be allowed and the port filtering rules will

- never match. You should only select an interface that faces a private

- network, never an interface that directly faces the Internet.

- 

- image:Firewall_TUI_trusted_interfaces.PNG[Trusted

- interfaces.,title="Trusted interfaces.",width=700]

- 

- The Masquerading menu lets you select an interface to be masqueraded.

- Masquerading is better known as

- *http://en.wikipedia.org/wiki/Network_address_translation[NAT]* (Network

- Address Translation), and it is useful for example when your computer is

- used as gateway to access the internet:

- 

- image:Firewall_TUI_masquerading.PNG[Firewall TUI interface :

- masquerading.,title="Firewall TUI interface : masquerading.",width=700]

- 

- Port forwarding, also known as

- *http://en.wikipedia.org/wiki/Network_address_translation#Port_address_translation[PAT]*,

- permits traffic from one port to be rerouted to another port.

- 

- image:Firewall_TUI_Port_Forwarding.PNG[Firewall TUI interface :

- configuring Port

- Forwarding.,title="Firewall TUI interface : configuring Port Forwarding.",width=700]

- 

- For example:

- 

- image:Firewall_TUI_Port_Forwarding_Adding.PNG[Firewall TUI : adding port

- forwarding

- rules.,title="Firewall TUI : adding port forwarding rules.",width=700]

- 

- The ICMP Filter menu lets you reject various types of ICMP packets. By

- default, no limitations are made, but you can define rules to reject

- ICMP traffic, define the return error to an ICMP request, etc.

- 

- image:Firewall_TUI_ICMP_Filter.PNG[Firewall TUI: configuring ICMP

- behaviour.,title="Firewall TUI: configuring ICMP behaviour.",width=700]

- 

- Finally, you can add custom firewall rules. These must be prepared ahead

- of time in files that use the same format as the iptables file.

- 

- image:Firewall_TUI_Custom_Rules.PNG[Firewall TUI: create custom

- rules.,title="Firewall TUI: create custom rules.",width=700]

- 

- For adding custom rules you have specify the protocol between *ipv4* or

- *ipv6* and on what table add the custom rules *filter*, *mangle* or

- *nat* then the path to the file containing rules to add :

- 

- image:Firewall_TUI_Custom_Rules_Adding.PNG[Firewall TUI: adding a custom

- rules.,title="Firewall TUI: adding a custom rules.",width=700]

- 

- When you have completed all menus, *Close* the interface, which brings

- you back to the first screen of firewall configuration. Select *OK* and

- a warning message appear :

- 

- image:Firewall_TUI_Warning.PNG[Firewall TUI

- warning.,title="Firewall TUI warning.",width=700]

- 

- Select *Yes* if the configuration you made fits to you and exit

- interface, or *No* to go back to the firewall configuration screen.

- 

- [[gui]]

- == GUI

- 

- [[red-hat-gui-configuration-tool]]

- === Red Hat GUI configuration tool

- 

- GUI interface allow you exactly the same thing that TUI interface, but

- it is more friendly usable.

- 

- First time you start GUI, you have a welcome message that warning you

- that if you have existing manual rules then this rules will be

- overwritten. image:Firewall_GUI_First_Time_Startup.PNG[First time

- startup message,title="fig:First time startup message"]

- 

- Before all, you need to *Enable* your firewall to use Firewall

- Configuration utility.

- 

- image:FireWwall_GUI_startup.PNG[Firewall Gui startup

- screen,title="Firewall Gui startup screen"]

- 

- Then utility warn you that you don't have any existing configuration and

- want you execute the wizard. Click on *Start wizard*:

- 

- image:No_configuration.PNG[No firewall

- configuration,title="No firewall configuration"]

- 

- Click on forward :

- 

- image:Firewall_Wizard.PNG[Firewall Wizard : welcome

- screen,title="Firewall Wizard : welcome screen"]

- 

- _System with network access_ enable Firewall and _System without network

- access_ disable Firewall, so select _System with network access_ :

- 

- image:Firewall_Wizard_2.PNG[Firewall Wizard : network

- access?,title="Firewall Wizard : network access?"]

- 

- Beginner allow you to modify only _Trusted Services_, it's fine if you

- use only known services like ftp, dns, http, etc but don't allow you to

- configure customs ports range, select _Expert_ to have full featured

- Firewall Configuration utility, you can change this option later in the

- *Options* menu Main windows, in *User Skill Level* :

- 

- image:Firewall_Wizard_3.PNG[Firewall Wizard :

- skill?,title="Firewall Wizard : skill?"]

- 

- *Server* template enable only ssh port on firewall configuration

- _Desktop_ template enable additional ports for _IPsec_, _Multicast DNS_,

- _Network Printing Client_ and _SSH_. For convenience select Desktop, and

- *OK* :

- 

- image:Firewall_Wizard_4.PNG[Firewall Wizard : configuration

- base?,title="Firewall Wizard : configuration base?"]

- 

- As described earlier _Desktop_ template enable 4 services _IPsec_,

- _mDNS_, _IPP_ and _SSH_. If you have services listed in *Trusted

- Services* section that you want to enabled, you just have to click on

- it, that's all. It is possible to change template by using the *Options*

- menu, in *Load Default Configuration*.

- 

- image:Firewall_Wizard_5.PNG[Firewall Main interface :

- enabled,title="Firewall Main interface : enabled"]

- 

- *Other Ports* allow you to edit custom rules if your service port wasn't

- in *Trusted service*. To begin, just click on *Add* button. Then either

- you choose in services list the right service or you tick *User Defined*

- and fill requested information about *Port / Port Range* and *Protocol*.

- 

- image:Firewall_GUI_other_ports.PNG[Firewall GUI : edit other ports

- rules.,title="Firewall GUI : edit other ports rules."]

- 

- *Trusted Interfaces*, *Masquerading*, *Port Forwarding*, *ICMP Filter*

- and _Custom Rules_' have exactly the same effect than in TUI interface.

- 

- When configuration fits to you, just click on the *Apply* button.

- 

- [[others-gui]]

- === Others GUI

- 

- There are others GUI available to configure iptables rules.

- 

- * http://www.fwbuilder.org/_fwbuilder[http://www.fwbuilder.org/

- fwbuilder] : very complete gui tools to configure iptables.

- * http://shorewall.net/_Shorewall[http://shorewall.net/ Shorewall] :

- another very complete gui like fwbuilder.

- * http://www.turtlefirewall.com/_Turtle_firewall_project[http://www.turtlefirewall.com/

- Turtle firewall project] : web interface and integrated to webmin. Fits

- to basic usage of Iptables, can not handle all iptables options like

- fwbuilder

- * http://users.telenet.be/stes/ipmenu.html_IPmenu[http://users.telenet.be/stes/ipmenu.html

- IPmenu] : console based interface that allow you all iptables

- functionalities.

- '''

- 

- See a typo, something missing or out of date, or anything else which can be

- improved? Edit this document at https://pagure.io/fedora-docs/quick-docs.

+ It is possible to reset only a single rule counter. This might become handy

+  if you want to know how many packets were captured for a specific rule.

@@ -0,0 +1,85 @@

+ = Graphical User Interface

+ 

+ There are several graphical user interfaces available to configure iptables.

+ 

+ * link:http://www.fwbuilder.org/_fwbuilder[fwbuilder]: Very complete GUI tools

+  to configure iptables.

+ * link:http://shorewall.net/_Shorewall[Shorewall]: Another very complete GUI

+ like fwbuilder.

+ * link:http://www.turtlefirewall.com/_Turtle_firewall_project[Turtle firewall

+ project]: Web interface and integrated to webmin. But it can not handle all

+ iptables options.

+ * link:http://users.telenet.be/stes/ipmenu.html_IPmenu[IPmenu] :A console based

+ interface that covers all iptables functionality.

+ 

+ The following section describes yet another frontend: `system-config-firewall`.

+ 

+ == system-config-firewall

+ 

+ The GUI interface is similar to the text based interface just more friendly.

+ 

+ The first time you start the GUI you will receive a warning. The program will

+ *not* load your custom configuration. So any preexisting rules will be

+ overwritten.

+ 

+ image:Firewall_GUI_First_Time_Startup.PNG[First time

+ startup message,title="fig:First time startup message"]

+ 

+ Before you start, you have to enable your firewall to activate the

+ configuration utility.

+ 

+ image:FireWwall_GUI_startup.PNG[Firewall Gui startup

+ screen,title="Firewall Gui startup screen"]

+ 

+ The initial configuration is empty and will not allow any network traffic.

+ 

+ image:No_configuration.PNG[No firewall

+ configuration,title="No firewall configuration"]

+ 

+ You can ignore the warning and start the wizard. Click _forward_:

+ 

+ image:Firewall_Wizard.PNG[Firewall Wizard : welcome

+ screen,title="Firewall Wizard : welcome screen"]

+ 

+ Choose _System with network access_ to enable the firewall. The other option

+ _System without network access_ would disable the firewall and don't allow

+ access to any network.

+ 

+ image:Firewall_Wizard_2.PNG[Firewall Wizard : network

+ access?,title="Firewall Wizard : network access?"]

+ 

+ Next, you have to choose your skill level. The *Beginner* options only

+ allows the configuration of _trusted services_. This option is fine if you only

+ want to use services like _ftp_, _dns_, _http_, etc. It does not allow you to

+ configure customs port ranges.  If you select *Expert*, you will have access to

+ firewall options. You can change the skill level later via _Options_ in the

+ main window.

+ 

+ image:Firewall_Wizard_3.PNG[Firewall Wizard :

+ skill?,title="Firewall Wizard : skill?"]

+ 

+ You can choose from a set of default configurations to start with. The *Server*

+ template will only enable SSH on the firewall. The _desktop template_ enables

+ additional ports (_IPsec_, _multicast DNS_, _Network Printing Client_ and

+ _SSH_). For convenience select *Desktop* and continue:

+ 

+ image:Firewall_Wizard_4.PNG[Firewall Wizard : configuration

+ base?,title="Firewall Wizard : configuration base?"]

+ 

+ To enable additional _trusted services_ just choose the services from the list.

+ 

+ image:Firewall_Wizard_5.PNG[Firewall Main interface :

+ enabled,title="Firewall Main interface : enabled"]

+ 

+ You can add custom rules after choosing *Other ports* from the side bar. Click

+ the *Add* button and either choose form services list on the right or tick

+ *User Defined* and fill in the requested information.

+ 

+ image:Firewall_GUI_other_ports.PNG[Firewall GUI : edit other ports

+ rules.,title="Firewall GUI : edit other ports rules."]

+ 

+ The other options in the sidebar *Trusted Interfaces*, *Masquerading*, *Port

+ Forwarding* and so on work exactly as in the text based interface.

+ 

+ When you finished the configuration, click *Apply* to save and activate the

+ firewall.

@@ -0,0 +1,98 @@

+ = Text-based User Interface

+ 

+ There are two ways to manage iptables rules using a text-based user

+ interface. These are `setup` and `system-config-firewall-tui`. If you start

+ `setup`, you will see something similar to the following:

+ 

+ image:Firewall-tui.PNG[setup menu

+ utility,title="setup menu utility",width=700]

+ 

+ If you select "Firewall configuration" you will see the screen below. You could

+ also invoke `system-config-firewall-tui`. This will take you directly to the

+ same screen. Make sure that "Firewall" is enabled, otherwise you cannot edit its

+ rule set. Continue by selecting "Customize":

+ 

+ image:First_menu_firewall_tui.PNG[Firewall Configuration by TUI. First

+ screen.,title="Firewall Configuration by TUI. First screen.",width=700]

+ 

+ There is a good chance, that a service you want to modify is part of the

+ list of standard "trusted services". Select the services you want to

+ trust (i.e. open their ports) and press "Forward". (This has to be read as

+ "next", it has nothing to do with port forwarding):

+ 

+ image:Firewall_TUI_Trusted_services.PNG[Editing trusted service with

+ firewall tui

+ interface.,title="Editing trusted service with firewall tui interface.",width=700]

+ 

+ The "Other ports" menu lets you open additional ports which are not in the list

+ of standard trusted services:

+ 

+ image:Firewall_TUI_other_ports.PNG[Editing Other ports on firewall

+ configuration by TUI

+ interface.,title="Editing Other ports on firewall configuration by TUI interface.",width=700]

+ 

+ To add other ports, specify one port or a port range. Choose between

+ _tcp_ and _udp_ for the protocol. The port range format is: _beginningPort

+ - endingPort_.

+ 

+ The "Trusted interfaces" menu allows you to trust all traffic on a network

+ interface. All traffic will be allowed and the port filtering rules will

+ never apply. You should only select interfaces which face private

+ networks. Never trust an interface that deals with traffic from networks which

+ are not under your full control.

+ 

+ image:Firewall_TUI_trusted_interfaces.PNG[Trusted

+ interfaces.,title="Trusted interfaces.",width=700]

+ 

+ The masquerading menu lets you select an interface to be masqueraded.

+ Masquerading is better known as

+ *http://en.wikipedia.org/wiki/Network_address_translation[NAT]* (Network

+ Address Translation). It is useful, to setup your computer as a gateway

+ between different networks:

+ 

+ image:Firewall_TUI_masquerading.PNG[Firewall TUI interface :

+ masquerading.,title="Firewall TUI interface : masquerading.",width=700]

+ 

+ Port forwarding, also known as

+ *http://en.wikipedia.org/wiki/Network_address_translation#Port_address_translation[PAT]*

+ (Port Address Translation), permits traffic from one port to be "rerouted" to

+ another port.

+ 

+ image:Firewall_TUI_Port_Forwarding.PNG[Firewall TUI interface :

+ configuring Port

+ Forwarding.,title="Firewall TUI interface : configuring Port Forwarding.",width=700]

+ 

+ You have to specify source and destination, as well as the interface and protocol

+ accordingly:

+ 

+ image:Firewall_TUI_Port_Forwarding_Adding.PNG[Firewall TUI : adding port

+ forwarding

+ rules.,title="Firewall TUI : adding port forwarding rules.",width=700]

+ 

+ The ICMP Filter menu lets you reject various types of ICMP packets. By

+ default, no limitations are made. You may define rules to reject

+ ICMP traffic, define the return type to ICMP request, etc.

+ 

+ image:Firewall_TUI_ICMP_Filter.PNG[Firewall TUI: configuring ICMP

+ behaviour.,title="Firewall TUI: configuring ICMP behaviour.",width=700]

+ 

+ Finally, you can add custom firewall rules. These must be prepared ahead

+ of time in files that use the same format for the command line interface.

+ 

+ image:Firewall_TUI_Custom_Rules.PNG[Firewall TUI: create custom

+ rules.,title="Firewall TUI: create custom rules.",width=700]

+ 

+ For adding custom rules you have specify the protocol (i.e. _ipv4_ or

+ _ipv6_) and the table you want your rules add to (_filter_, _mangle_, _nat_,...)

+ and - of course - the file containing your rules:

+ 

+ image:Firewall_TUI_Custom_Rules_Adding.PNG[Firewall TUI: adding a custom

+ rules.,title="Firewall TUI: adding a custom rules.",width=700]

+ 

+ When you have completed all menus, choose "Close" to resume to the first screen.

+ Select "OK" and confirm your changes by choosing "Yes". If you choose "No" you

+ will get back the configuration screen with no changes applied to your

+ firewall.

+ 

+ image:Firewall_TUI_Warning.PNG[Firewall TUI

+ warning.,title="Firewall TUI warning.",width=700]

@@ -7,12 +7,12 @@

  

  . Choose the version of Java you wish to use. Typically, you would navigate to the link:http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html[version 8 page].

  

- . Accept the license agreement and download the appropriate rpm file for your systems architecture. For example, if you run 64-bit Fedora, choose the `jdk-8u151-linux-x64.rpm` file.

+ . Accept the license agreement and download the appropriate tar.gz file for your systems architecture. Do NOT use Oracle rpms as these are NOT compatible with fedora/openjdk packages. Download tar.gz instead and unpack it somewhere.

  

- . Enter the following command to install Oracle Java SE: 

+ . Use tar to unpack downloaded archive e.g.:

  +

  ----

- # dnf install jdk-8u151-linux-x64.rpm

+ # tar -xvzf jdk-8u201-linux-x64.tar.gz

  ----

  

- include::proc_installing-openjdk.adoc[tags=java-alternatives]

+ Note that jdk-8u201-linux-x64.tar.gz is used as example only. Always make sure to download latest version available.

@@ -1,13 +1,27 @@

+ [id='using-gnome-logs-to-view-log-files']

+ = Using Gnome Logs to view log files

  

- [id='using-GUI-to-view-log-files']

- === Using GUI to view log files

+ The `GNOME Logs` application provides a convenient GUI tool to view the systemd journal.

+ `GNOME Logs` is not currently installed by default on Fedora systems.

  

- To view log files in GUI, use the `GNOME Logs` application. `GNOME Logs` is not installed by default, press the `Super` key and type `Software`. In the `Search` field type `Logs` and choose the `GNOME Logs` item from the list of results and install the application.

+ * You can install `Gnome Logs` using the default software installation application on your system.

+   On a Fedora Workstation install running the GNOME desktop:

+ 

+ ** Press the `Super` key

+ ** Type `Software`

+ ** In the `Search` field type `Logs` and choose the `GNOME Logs` item from the list of results

+ ** Install the application

+ 

+ * You can also install `GNOME Logs` using the command line with `dnf`:

+ 

+ ----

+ $ sudo dnf install gnome-logs

+ ----

  

  In `GNOME Logs`, you can filter for time periods, search within logs, and display categories.

  

  * To select a log file type, from the side bar of GNOME Logs, select the type to view.

- * To select a time period, from the menu bar, click *Logs*, and select a time period.

+ * To select a time period, from the menu bar, click `Log`, and select a time period.

  * To search within logs, select a log file from the results pane.

  . Click the search icon.

  . Enter one or more search criterion in the search field.

@@ -1,45 +1,89 @@

  [id='using-the-command-line-to-view-log-files]

- === Using the command line to view log files

+ = Using the command line to view log files

  

- You can use the command line to view logs in different ways, for example:

+ The `journalctl` command can be to view messages in the system journal on the command line.

+ For plain text log files, generic tools may be used:

  

- * Using the *journalctl* command

- * Using the commands for viewing, for example *cat*, *more*, *less*, *tail*, or *head*

- * Combine the commands for viewing with the *grep* command

- * Using a text editor, for example, `nano` or `vim`

+ * `cat`, `more`, `less`, `tail`, or `head`.

+ * the `grep` command to search for specific information.

+ * any text editor of your choosing (nano/pico/vim/emacs)

+ 

+ Please note that you may require `sudo` access to view these files.

  

  [id='using-journalctl-to-view-system-information']

- ==== Using journalctl to view  system information.

+ == Using journalctl to view system information

  

- * To view all collected logs with no filter:

+ * To view all collected journal entries, simply use:

  ----

  $ journalctl

  ----

  

- * To view a specific log file, enter the *journalctl* command with a log filepath. The example command returns all logs of the kernel device node `/dev/sda`:

+ * To view a logs related to a specific file, you can provide the `journalctl` command with a filepath.

+   The example shown below shows all logs of the kernel device node `/dev/sda`:

  ----

  $ journalctl /dev/sda

  ----

  

- * To view the boot logs, run the following command:

+ * To view log for the current boot use the `-b` option :

+ ----

+ $ journalctl -b

+ ----

+ 

+ * To view kernel logs for the current boot, you can add the `-k` option:

  ----

  $ journalctl -k -b -1

  ----

  

- * For more information on *journalctl*, read the man page:

+ 

+ [id='using-journalctl-to-view-log-information-for-a-specific-service']

+ == Using journalctl to view log information for a specific service

+ 

+ * To filter logs to only see ones matching the "foo" systemd service:

  ----

- $ man journalctl

+ $ journalctl -b _SYSTEMD_UNIT=foo

  ----

  

- [id='using-the-command-line-to-open-log-files-in-text-editor']

- ==== Using the command line to open log files in a text editor

+ * Matches can be combined.

+   For example, to view logs for systemd-units that match `foo`, and the PID `number`:

+ ----

+ $ journalctl -b _SYSTEMD_UNIT=foo _PID=number

+ ----

  

- All log files are in plain text. To open a log file in a text editor, enter the following command:

+ * If the separator "+" is used, two expressions may be combined in a logical OR.

+   For example, to view all messages from the `foo` service process with the `PID` plus all messages from the `foo1` service (from any of its processes):

  ----

- $ nano <logfilename>

+ $ journalctl -b _SYSTEMD_UNIT=foo _PID=number + _SYSTEMD_UNIT=foo1

  ----

  

- If the root permissions are required:

+ * If two matches refer to the same field, all entries matching either expression are shown.

+   For example, this command will show logs matching a systemd-unit `foo` or a systemd-unit `foo1`:

+ ----

+ $ journalctl -b _SYSTEMD_UNIT=foo _SYSTEMD_UNIT=foo1

  ----

- $ sudo nano <logfilename>

+ 

+ 

+ NOTE: The files for service modification are stored in a directory within `*/etc/systemd/system*`, to know more about systemd, please refer to <<understanding-and-administering-systemd.adoc#Understanding Systemd Services>>

+ 

+ [id='Using-journalctl-to-view-older-logs']

+ == Using journalctl to view older logs

+ 

+ * To view older logs use the `--list-boots` option :

+ 

+ This will show a tabular list of boot numbers, their IDs, and the timestamps of the first and last message pertaining to the boot:

+ 

+ ----

+ $ journalctl --list-boots

+ -8 42cdeac65d494e938b9cb92f315b08a4 Mon 2018-11-12 10:36:42 CET—Mon 2018-11-12 20:08:24 CET

+ -7 c110d2b8705345b786fe310de628bfc7 Tue 2018-11-13 10:29:27 CET—Tue 2018-11-13 10:04:00 CET

+ ----

+ 

+ with this ID you can use `journalctl` as usual :

+ 

+ ----

+ $ journalctl --boot=ID _SYSTEMD_UNIT=foo

+ ----

+ 

+ * To know more about `journalctl`, read the man page:

+ ----

+ $ man journalctl

  ----

@@ -23,12 +23,8 @@

  # usermod -a -G mock yourusername

  -----------

  +

- . Change from the *root* user to your user name and enter the `newgrp` command or log in and out for this change to take effect:

- +

- -------------

- $ newgrp

- ------------- 

- +

+ . Log out and back in for this change to take effect.

+ 

  . Run the `id` command to verify that the *mock* group appears in your group list:

  +

  ----------------

@@ -1,6 +1,9 @@

  [[chap-dnf-system-upgrade]]

  = DNF System Upgrade

  

+ :experimental:

+ include::{partialsdir}/attributes.adoc[]

+ 

  include::{partialsdir}/unreviewed-message.adoc[]

  

  link:++https://github.com/rpm-software-management/dnf-plugin-system-upgrade++[`dnf-plugin-system-upgrade`] is a plugin for the xref:dnf.adoc[DNF] package manager and is used to upgrade your system to the current release of Fedora.
@@ -28,11 +31,8 @@

  . To update your Fedora release from the command-line do:

  +

  [source,bash]

- 

  ----

- 

  sudo dnf upgrade --refresh

- 

  ----

  +

  and reboot your computer.
@@ -40,31 +40,46 @@

  . Install the dnf-plugin-system-upgrade package if it is not currently installed:

  +

  [source,bash]

- 

  ----

- 

  sudo dnf install dnf-plugin-system-upgrade

- 

  ----

  

- . Download the updated packages (replace N with the release version):

+ . Download the updated packages:

+ +

+ [source,bash,subs="attributes"]

+ ----

+ sudo dnf system-upgrade download --refresh --releasever={MAJOROSVER} --setopt='module_platform_id=platform:f{MAJOROSVER}'

+ ----

+ +

+ Change the `--releasever=` number if you want to upgrade to a different release.

+ Most people will want to upgrade to the latest stable release, which is `{MAJOROSVER}`, but in some cases, such as when you're currently running Fedora `27`, you may want to upgrade just to Fedora `28`.

+ You can also use `{NEXTVER}` to upgrade to a link:https://fedoraproject.org/wiki/Releases/Branched[Branched] release, or `rawhide` to upgrade to link:https://fedoraproject.org/wiki/Releases/Rawhide[Rawhide]. Note that neither of these two are stable releases.

+ +

+ The above also applies to the `module_platform_id=` value.

+ +

+ If you are upgrading to Rawhide, you will need to import the RPM GPG key for it.

+ This will be the highest numbered key version in `/etc/pki/rpm-gpg/`.

+ For example, if there is a Branched release that is `30`, then you should look for a `31`, and if there is currently no Branched release, it will be `30`:

  +

  [source,bash]

- 

  ----

- 

- sudo dnf system-upgrade download --refresh --releasever=N

- 

+ sudo rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-31-primary

  ----

  

+ . If some of your packages have unsatisfied dependencies, the upgrade will refuse to continue until you run it again with an extra `--allowerasing` option.

+ This often happens with packages installed from third-party repositories for which an updated repositories hasn't been yet published.

+ Study the output very carefully and examine which packages are going to be removed.

+ None of them should be essential for system functionality, but some of them might be important for your productivity.

+ +

+ * In case of unsatisfied dependencies, you can sometimes see more details if you add `--best` option to the command line.

+ * If you want to remove/install some packages manually before running `dnf system-upgrade download` again, it is advisable to perform those operations with `--setopt=keepcache=1` dnf command line option.

+ Otherwise the whole package cache will be removed after your operation, and you will need to download all the packages once again.

+ 

  . Trigger the upgrade process. This will restart your machine into the upgrade process:

  +

  [source,bash]

- 

  ----

- 

  sudo dnf system-upgrade reboot

- 

  ----

  

  . Once the upgrade process to complete, your system will reboot into the updated release version of Fedora.
@@ -75,11 +90,8 @@

  These are some of the tasks you can do after a successful upgrade.

  

  [NOTE]

- 

  ====

- 

  This section is mainly intended for power users. If you are a general user who doesn't use the terminal daily, you may skip this section.

- 

  ====

  

  [[sect-update-system-configuration-files]]
@@ -90,21 +102,15 @@

  You can search for these files, or use the `rpmconf` tool that simplifies this process. To install rpmconf, enter:

  

  [source,bash]

- 

  ----

- 

  dnf install rpmconf

- 

  ----

  

  Once the install is complete enter:

  

  [source,bash]

- 

  ----

- 

  sudo rpmconf -a

- 

  ----

  

  For more information you can refer to the man pages (`man rpmconf`).
@@ -115,11 +121,8 @@

  You can see a list of packages with broken dependencies by typing:

  

  [source,bash]

- 

  ----

- 

  sudo dnf repoquery --unsatisfied

- 

  ----

  

  The list should be empty, but if this is not the case consider removing them as they are not likely to work.
@@ -127,11 +130,8 @@

  You can see duplicate packages (packages with multiple versions installed) with:

  

  [source,bash]

- 

  ----

- 

  sudo dnf repoquery --duplicated

- 

  ----

  

  For packages from the official repositories, the latest version should be installed.
@@ -139,62 +139,44 @@

  To see a list of these packages do:

  

  [source,bash]

- 

  ----

- 

  sudo dnf list extras

- 

  ----

  

  If you see a package you do not need, or use, you can remove it with:

  

  [source,bash]

- 

  ----

- 

  sudo dnf remove $(dnf repoquery --extras --exclude=kernel,kernel-\*)

- 

  ----

  

  [NOTE]

- 

  ====

- 

  Run `sudo dnf update` first, as this list is only valid if you have a fully updated system.

  Otherwise, you will see a list of installed packages that are no longer in the repositories because an update is available.

  This list may also contain packages installed from third-party repositories who may not have updated their repositories.

- 

  ====

  

  You can safely remove packages no longer in use with:

  

  [source,bash]

- 

  ----

- 

  sudo dnf autoremove

- 

  ----

  

  [WARNING]

- 

  ====

- 

  DNF decides that a package is no longer needed if you haven't explicitly asked to install it and nothing else requires it.

  However, that doesn't mean that the package is not useful or that you don't use it.

  *Only remove what you are sure you don't need*.

- 

  ====

  

  [[sect-resolving-post-upgrade-issues]]

  == Resolving Post-Upgrade Issues

  

  [NOTE]

- 

  ====

- 

  Only follow these steps if you encounter problems with your upgraded system.

- 

  ====

  

  [[sect-rebuilding-rpm-database]]
@@ -205,11 +187,8 @@

  To rebuild the database, run:

  

  [source,bash]

- 

  ----

- 

  sudo rpm --rebuilddb

- 

  ----

  

  [[sect-using-distro-sync-to-resolve-dependency-issues]]
@@ -220,22 +199,16 @@

  This will attempt to make your installed packages the same version in your currently enabled repositories, even if it must downgrade some packages:

  

  [source,bash]

- 

  ----

- 

  sudo dnf distro-sync

- 

  ----

  

  You can also use the `--allowerasing` option will remove packages with dependencies that can not be satisfied.

  Always review which packages will be removed before confirming this:

  

  [source,bash]

- 

  ----

- 

  sudo dnf distro-sync --allowerasing

- 

  ----

  

  [[sect-relabel-files-with-the-latest-selinux-policy]]
@@ -246,11 +219,8 @@

  To relabel the entire system run:

  

  [source,bash]

- 

  ----

- 

  sudo touch /.autorelabel

- 

  ----

  

  and reboot.
@@ -313,11 +283,8 @@

  When upgrading across multiple releases, you may need to import the GPG key for the release you want to update to. You can do this with:

  

  [source,bash]

- 

  ----

- 

  gpg --quiet --with-fingerprint /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-N-primary

- 

  ----

  

  (where N is the Fedora version.)

@@ -0,0 +1,14 @@

+ = How to edit iptables rules

+ 

+ In this how-to, we will illustrate three ways of editing iptables rules, via:

+ 

+ * Command line interface (CLI): `iptables` and system configuration file `/etc/sysconfig/iptables`.

+ * Text-based interfaces (TUI): `setup` or `system-config-firewall-tui`

+ * Graphical user interface(GUI): `system-config-firewall`

+ 

+ NOTE: This how-to illustrates editing existing iptables rules, not the

+ initial creation of rules chains.

+ 

+ include::{partialsdir}/iptables-cli.adoc[leveloffset=+1]

+ include::{partialsdir}/iptables-tui.adoc[leveloffset=+1]

+ include::{partialsdir}/iptables-gui.adoc[leveloffset=+1]

@@ -3,11 +3,19 @@

  [id="assembly_installing-java"]

  = Installing Java

  

- include::{partialsdir}/unreviewed-message.adoc[]

+ Java is a popular programming language that allows you run programs on many platforms, including Fedora.

+ If you want to create Java programs, you need to install a JDK (Java Development Kit).

+ If you want to run a Java program, you can do that on a JVM (Java Virtual Machine), which is provided with the JRE (Java Runtime Environment).

+ If in doubt, install the JDK because this is sometimes required even if the intention is not to write Java programs.

  

- Java provides a platform for creating and running applications. You can install various versions of Java to suit your requirements.

+ Many flavors of Java exist and also many versions of each flavor.

+ If you want to just run a specific application, check the documentation of that software to see what versions of Java are supported or have been tested.

+ Most Java applications run on one of the following:

  

- include::{partialsdir}/con_about-java.adoc[leveloffset=+1]

+ * OpenJDK -- an open-source implementation of the Java Platform, Standard Edition.

+   This version is preferred, and included in Fedora.

+ * Oracle Java SE -- a free JDK from Oracle.

+   This version is not open-source and we recommend that it only be used if OpenJDK is not sufficient.

  

  include::{partialsdir}/proc_installing-openjdk.adoc[leveloffset=+1]

  
@@ -36,5 +44,6 @@

  * link:https://netbeans.org/[NetBeans]

  * link:https://eclipse.org/[Eclipse]

  * link:https://www.jetbrains.com/idea/[IntelliJ IDEA]

+ 

  ifdef::parent-context[:context: {parent-context}]

  ifndef::parent-context[:!context:]

@@ -1,27 +0,0 @@

- [id='proc_installing-an-RPM-file']

- = Installing an RPM File

- 

- include::{partialsdir}/unreviewed-message.adoc[]

- 

- This procedure shows you how to install an RPM file after you have downloaded the file to your desktop. An RPM file contains the required installation packages for a software.

- 

- ._Prerequisites_

- 

- * You must have administrative permission to install new RPM files on your system. Either root password or sudo access is required.

- 

- ._Procedure_

- 

- . Open a terminal.

- . Change your working directory to the location of the RPM file. If you have downloaded the RPM file to the `Downloads` directory, enter:

- +

- [subs=quotes]

- ----

- $ cd ~/Downloads

- ----

- +

- . Install the RPM file:

- +

- [subs=quotes]

- ----

- $ sudo rpm -i NAME_OF_RPM.rpm

- ----

@@ -1,8 +1,6 @@

  [[ch-Upgrading]]

  = Upgrading to a new release of Fedora

  

- include::{partialsdir}/unreviewed-message.adoc[]

- 

  [IMPORTANT]

  ====

  
@@ -15,6 +13,13 @@

  

  [[sect-upgrading-to-the-next-fedora-workstation-release]]

  == Upgrading to the next Fedora Workstation release

+ [NOTE]

+ ====

+ 

+ This is the recommended upgrade method for the Fedora Workstation.

+ 

+ ====

+ 

  

  As of Fedora Workstation 23, when the next stable release is available a graphical notification will appear similar to the update notifications.

  Clicking this, or running the _Software_ application and going to the _Updates_ pane, will display a simple graphical interface for upgrading the system.
@@ -25,17 +30,38 @@

  

  [[sect-upgrading-using-the-dnf-system-upgrade-plugin]]

  == Upgrading using the DNF System Upgrade plugin

+ [NOTE]

+ ====

+ 

+ This is the recommended upgrade method for all other Fedora installations.

  

- This method is used to upgrade Fedora Workstation from the command-line.

+ ====

+ 

+ This method is used to a upgrade Fedora installation using the command-line.

  It is also used to troubleshoot issues with packages preventing the graphical method from upgrading.

  

  For instructions on upgrading with the DNF system upgrade plugin, refer to the xref:dnf-system-upgrade.adoc[DNF System Upgrade Quick Doc].

  

+ [[sect-online-rebases-for-fedora-atomic-host-via-rpm-ostree]]

+ == Online rebases for Fedora Atomic Host via rpm-ostree

+ [NOTE]

+ ====

+ 

+ This is the recommended upgrade method for link:++https://getfedora.org/en/cloud/download/atomic.html++[Fedora Atomic Host] installations.

+ 

+ ====

+ For instructions on upgrading Fedora Atomic Host installations between Fedora releases, refer to the link:++https://fedoraproject.org/wiki/Atomic_Host_upgrade++[dedicated page].

+ 

  [[sect-can-i-upgrade-between-fedora-releases-using-only-dnf]]

  == Can I upgrade between Fedora releases using only DNF?

+ [WARNING]

+ ====

  

- Upgrading between Fedora releases without the xref:dnf-system-upgrade.adoc[DNF System Upgrade Plugin] is not tested by the Fedora QA team.

- Any issues using this method are not considered blockers for a release but in practice works for many users.

+ This is not a supported upgrade method.

+ 

+ ====

+ 

+ Upgrading between Fedora releases without the xref:dnf-system-upgrade.adoc[DNF System Upgrade Plugin] or Gnome Software are not tested by the Fedora QA team, and are therefore not supported by the community.

  

  [[sect-can-i-update-from-a-pre-release-alpha-beta-or-other-development-snapshot-to-the-final-release]]

  == Can I update from a pre-release (Alpha, Beta, or other development snapshot) to the final release?
@@ -57,8 +83,23 @@

  Upgrading to a Branched release or to Rawhide can be done with the xref:dnf-system-upgrade.adoc[DNF System Upgrade Plugin].

  Carefully read this page as there are some special notes to ensure a successful upgrade.

  

- [[sect-can-i-upgrade-using-the-fedora-installer-anaconda]]

- == Can I upgrade using the Fedora installer (anaconda)?

+ [[sect-upgrading-from-end-of-life-releases]]

+ == Can I upgrade from an End Of Life (EOL) release?

+ 

+ Fedora strongly discourages running an end-of-life release on any production system, or any system connected to the public internet.

+ You should never allow a production Fedora deployment to reach end-of-life in the first place.

+ 

+ With that in mind, if you do have an end-of-life release installed on a system you cannot just discard or re-deploy, you can attempt to upgrade it, though this is not officially tested or supported.

+ 

+ If you have Fedora 21 or later, you can try to upgrade using the instructions at the xref:dnf-system-upgrade.adoc[DNF System Upgrade Quick Doc].

+ 

+ If you have Fedora 20 or earlier, you will have to perform at least part of the upgrade with bare `yum`.

+ You can either use that method to upgrade to Fedora 21 or later and then use DNF system upgrade to upgrade from there to a currently-supported release, or just use bare `dnf` or `yum` for the entire upgrade process.

+ 

+ Note that when upgrading from Fedora 20 or earlier, you are both upgrading from an end-of-life release and using a not-officially-recommended upgrade mechanism; such upgrades are very much performed 'at your own risk' and may well require various kinds of manual intervention to run and clean up the upgraded system, if they work at all.

+ 

+ [[sect-upgrading-using-the-fedora-installer-anaconda]]

+ === Upgrading using the Fedora installer (anaconda)?

  

  Fedora releases up to Fedora 17 included upgrade functionality in the Fedora installer, anaconda.

  This can be a better choice than a package manager upgrade for some End Of Life (EOL) upgrades.
@@ -74,8 +115,3 @@

  

  ====

  

- [[sect-upgrading-from-end-of-life-releases]]

- == Can I upgrade from an End Of Life (EOL) release?

- 

- Fedora strongly discourages running an end-of-life release on any production system, or any system connected to the public internet.

- For more information, see the xref:dnf-system-upgrade.adoc[DNF System Upgrade Quick Doc].

@@ -1,15 +1,11 @@

  ifdef::context[:parent-context: {context}]

  :context: viewing-logs

- 

- = Viewing logs in Fedora

- 

- include::{partialsdir}/unreviewed-message.adoc[]

- 

+  

  include::{partialsdir}/con_viewing-logs.adoc[leveloffset=+1]

- 

+  

  include::{partialsdir}/proc_log-files-command-line.adoc[leveloffset=+1]

- 

+  

  include::{partialsdir}/proc_log-files-GUI.adoc[leveloffset=+1]

- 

+  

  ifdef::parent-context[:context: {parent-context}]

  ifndef::parent-context[:!context:]

@@ -29,7 +29,8 @@

  - Support rollbacks in GNOME Software

  - Support rebases in GNOME Software

  - Support kernel modules in rpm-ostree , What is it? https://docs.fedoraproject.org/en-US/fedora/f29/system-administrators-guide/package-management/rpm-ostree/[rpm-ostree]

- - Doesn't use DNF as packed managery

+ - Doesn't use DNF as packed manager

+ - Offer Toolbox a familiar RPM based environment for developing and debugging software that runs fully unprivileged using Podman.

  

  [IMPORTANT]

  ====
@@ -51,3 +52,4 @@

  - https://fedoramagazine.org/give-fedora-silverblue-a-test-drive[Fedora Magazine]

  - https://github.com/ostreedev/ostree[Ostree]

  - https://github.com/projectatomic/rpm-ostree[Rpm-ostree]

+ - https://github.com/debarshiray/toolbox

@@ -95,6 +95,7 @@

  

  [cols=",",]

  |=================

+ |Fedora 29 |4.5

  |Fedora 28 |3.4

  |Fedora 27 |3.4

  |Fedora 26 |3.4

Review Quick-Docs : SilverBlue

Why this change is needed:

Add SilverBlue Section

What this change accomplishes:

  • Add SilverBlue to Navigator
  • Add Page about SilverBlue

[Ticket: 107] : https://pagure.io/fedora-docs/quick-docs/issue/107

Metadata Update from @ankursinha:
- Pull-request tagged with: needs committer review
- Request assigned

4 years ago

@hhlp: was looking at this now. A couple of questions:

  • Is it needed? All the page seems to do is provide links
  • Should it have its own section on the navbar? There's only one page there, so maybe it should just be a top level link?

As a general, comment, please:

  • remove the top line of the commit that says "Replace this line with a one-line meaningful summary". You are meant to replace that line with a good git commit summary message.
  • There's no need to use the Q&A style in the commit message. You don't need to say "Why this change is needed: ....". You just document what the git commit does.

Check these out:

As a general, comment, please:

remove the top line of the commit that says "Replace this line with a one-line meaningful summary". You are meant to replace that line with a good git commit summary message.
There's no need to use the Q&A style in the commit message. You don't need to say "Why this change is needed: ....". You just document what the git commit does.

Check these out:

https://gist.github.com/matthewhudson/1475276
https://chris.beams.io/posts/git-commit/

@hhlp: was looking at this now. A couple of questions:

Is it needed? All the page seems to do is provide links
Should it have its own section on the navbar? There's only one page there, so maybe it should just be a top level link?

@ankursinha sorry I updated my system to fedora 30 and I have some problem I just finish this , I add it because there is a sticky post in askbot.. about silverblue.. Why a navigator because it open the posibility to news quick-docs about this flavor...

rebased onto 1a67ec4

4 years ago

1 new commit added

  • Add toolbox as a util
4 years ago

@ankursinha, see my post in reddit I earn karma and badged posting this example https://www.reddit.com/r/Fedora/comments/bgbuko/what_is_fedora_silverblue/

I hope you can aprove it

Regards.,

The changes only show 3 lines in whatissilverblue.adoc---otherwise they touch 20 other files. Is that all you've changed @hhlp, or has something been lost in a forced-push/rebase?

I will close it and start again

Pull-Request has been closed by hhlp

4 years ago

No, that shouldnt be needed. Let me have a look tomorrow---git almost never
loses work so it'll be buried in the log tree somewhere. Probably just not
easily visible on pagure :)