Embed Size (px)
Citation preview
THE LINUX BOOTING PROCESS
STAGES OF LINUX BOOTING PROCESS
STAGE 1:-BIOS PROCESS
BIOS stand for Basic –Input output system. It is the first stage of the Linux boot process which performs some integrity checks and searches, load and execute boot –
loader program. It searches the boot-loader program in floppy drive, hard drive and cd-rom. Once it gets the boot-loader, it loads it into the
memory and gives total control to it. So we can say that BIOS loads and execute MBR.
STAGE2:-MBR PROCESS
MBR stands for master-boot record. It is located in the first –sector of the bootable disk. It is of 512 bytes in memory and contains three important components.
Primary boot-loader information in first 446 bytes. Partition –table information in next 64 bytes. MBR validation checks in last 2 bytes.
MBR also contains the information about the GRUB, so we can say that MBR loads and executes GRUB.
STAGE 3:-GRUB PROCESS
GRUB stands for Grand-unified boot –loader. In its configuration file, it contains kernel images and initrd images. If you have various kernel images loads in your system
then you can choose which one to execute.
GRUB contain splash images and waits for few seconds, if you do not press anything in that specified period of time then it loads the default kernel image as specified in the grub configuration file.
The configuration file of GRUB is /boot/grub/grub.conf wherein /etc/grub/grub.conf is the soft –link of that. GRUB also contains the knowledge of the file-system, so we can say that grub loads and executes kernel.
STAGE 4:-KERNEL
Kernel is the heart of the Linux operating system. It acts as an interface between the user and the hardware of the Linux operating system. Here, kernel mounts the root-file-system as specified in the grub configuration file. Kernel also executes /sbin/init program and since it is the first program executed by the kernel so its process id is always 1.
We can also view it by using the command ps –ef |grep –i init. As grub configuration file contain the initrd image, so that image is useful for the kernel. Initrd stands for initial RAM disk. And it is used by the kernel as the temporary file-system until kernel is booted and root –file
system is not mounted. Initrd also contains drivers complied inside which will be helpful to access hard-drive partition and other hardware. So we can say that kernel loads and executes init program.
STAGE 5:INIT PROGRAM
Init stands for initialization program. It is the second –last of the Linux boot process. As the booting process comes to this stage, its looks for the /etc/inittab file and check for the run-level. As it got to know the run-level it loads all appropriate program as per the run-level specified.
STAGE 6:RUN-LEVEL
Run-level is the last stage of the Linux boot process. When the Linux operating system is booting up, you might have seen various services which are staring up like staring
sendmail …OK. Those are the run-level programs which are executed from the run-level directories as defined by your run-level.
Depending upon your default init level setting, the system will execute the program from one of the following directories. Run-level 0:- /etc/rc.d/rc0.d/ Run-level 1:- /ect/rc.d/rc1.d/ Run-level2:- /etc/rc.d/rc2.d/ Run-level 3:-/etc/rc.d/rc3.d/ Run-level 4:- /etc/rc.d/rc4.d/ Run-level 5:-/etc/rc.d/rc5.d/ Run-level6:- /etc/rc.d/rc6.d/
Symbolic links to these directories are also present inside /etc directories like Run –level 0:- /etc/rc0.d/ is symbolic link to /etc/rc.d/rc0.d/ Run-level 1:- /etc/rc1.d/ is symbolic link to /etc/rc.d/rc1.d/ Run-level 2:- /etc/rc2.d/ is symbolic link to /etc/rc.d/rc2.d/ Run-level 3:- /etc/rc3.d/ is symbolic link to /etc/rc.d/rc3.d/ Run-level 4:- /etc/rc4.d/ is symbolic link to /etc/rc.d/rc4.d/ Run-level 5:- /etc/rc5.d/ is symbolic link to /etc/rc.d/rc5.d/ Run-level 6:- /etc/rc6.d/ is symbolic link to /etc/rc.d/rc6.d/
Under the directories /etc/rc.d/rc*.d/ you would have seen that programs starts with S and K. Program that’s starts with S are used during startup. Program that’s starts with K are used during shutdown.
There are also the numbers right to S and K in the programs names; these are the sequence numbers in which program will start and shutdown.
For example S12syslog is to start the syslog daemon which has the sequence number 12, on the other hand S80sendmail is to start the sendmail daemon which has the sequence number 80. So in this case syslog program will start before sendmail.
END OF THE TOPIC
RUN-LEVELS
TYPES OF RUN-LEVELS IN LINUX OPERATING SYSTEM
In Linux operating system we have seven distinct types of Run-levels and the lists of those are as follows.
RUN-LEVEL 0:
This is the run-level which is used in Linux Operating system to shutdown the system or to halt the system.
RUN-LEVEL 1:
This is the run-level which is used in Linux Operating system to run the system in single user mode. This run-level is equivalent to maintenance mode in window operating system.
RUN-LEVEL 2:
This is the run-level which is used to run the machine in multi-user CLI mode. But there is no restriction in this run-level is that it does support network file-sharing services like NFS and SMB.
RUN-LEVEL 3:
This is the run-level which run the machine in multi-user mode. This is the run-level which is most widely used in the industries standard. This is the run-level which work in command line interface mode and support all services.
RUN-LEVEL 4:
This is the run-level which is not so used and reserved for future purpose. This is the run-level which is used for custom-level only even though this run-level has many more features as compared to run-level 3.
RUN-LEVEL 5:
This is the run-level which is default run-level in Linux Operating system. This is the run-level which works in Graphical Interface mode. This run-level also support all services and widely used in workstation.
RUN-LEVEL 6:
This is the run-level which is used to restart the system.
END OF TOPIC
OVERVIEW OF GRUB CONFIGURATION FILE
AN APPROACH TO LEARN MORE IN DEPTH OF GRUB CONFIGURATION FILE
Grub plays the vital role in Linux Operating system. It stands for Grand unified boot-loader and its configuration file contains almost everything which will help in booting Linux Operating system. Let learn more in-depth of its configuration file.
GRUB CONFIGURATION FILE:
The configuration file of Linux Operating system is in /boot/grub/grub.conf. It’s symbolic file is also present in Linux Operating system in /etc/grub/grub.conf. The configuration file of the grub contains the location of the root file-system, kernel and initrd images and splash images. Let’s learn one by one of its configuration file.
With first line you got to know which drive contain the Linux boot-loader i.e #boot= dev/sda.
With second line you got to know which kernel image grub loads and execute during booting process i.e default =0, or default=1 or 2. This line will depends when you have various kernel images loads on your system.
With third line, you got to know till how much time splash image waits for your input. After that it will executes the kernel image as specified in Linux Operating system i.e timeout=5
With fourth line you got to know the location of the splash image i.e splashimage=(hd0,0)/boot/grub/splash.xpm.gz.
Fifth line indicates the hidden menu, which you will not see while the Linux booting up, and these lines are as follows.
First it will contain the Linux version, second it contains the location of root file-system and third and fourth line contains the kernel and initrd images.
#boot=/dev/sda
default=0
timeout=5
splashimage=(hd0,0)/boot/grub/splash.xpm.gz
hiddenmenu
title CentOS (2.6.18-194.el5PAE)
root (hd0,0)
kernel /boot/vmlinuz-2.6.18-194.el5PAE ro root=LABEL=/
initrd /boot/initrd-2.6.18-194.el5PAE.img
GRUB VS LILO
DIFFERENCE BETWEEN GRUB AND LILO
S.NO GRUB LILO1. GRUB stands for Grand Unified Boot -loader LILO stands for Linux Loader.2. GRUB has the knowledge of the file-system LILO does not have the knowledge of the file-system.3. GRUB can boot from the network LILO does not boot from the network.4. GRUB has interactive command line interface LILO does not have interactive command line interface.5. GRUB has come after Linux version 4. LILO was present till Linux version 4.6. Change made to GRUB configuration file will auto-load
to OS.Changes made to LILO do not auto-load to OS.
7. GRUB also understands various other operating systems as well.
LILO understand only Linux Operating system.
STAGES OF GRUB
LEVELS OF GRUB
GRUB plays the vital role in the Linux Operating system and it is the default boot-loader to redhat, Ubuntu and various other Linux variant. Let’s discussed the various stage of GRUB which shows how GRUB loads and execute kernel.
STAGES OF GRUB:
GRUB has three different stages which is called GRUB stage 1. GRUB stage 1.5. GRUB stage 2.
In GRUB stage 1, the code contain in the master- boot record is considered to be GRUB stage 1, in this stage GRUB looks for the master boot record for the active partition from where it can boot kernel. This is the stage which calls GRUB stage 1.5.
In GRUB stage 1.5, looks to identify the file-system type which is an optional, this stage directly calls GRUB stage 2. GRUB stage 2 is the final stage which calls the kernel and Loads it into the memory. This is the stage where most of the
troubleshooting time will be spend off.
END OF THE TOPIC
HOW TO RECOVER MBR IN LINUX OPERATING SYSTEM
RECOVERY OF BROKEN MBR IN LINUX OPERATING SYSTEM
In this section we will learn how to recover broken MBR in Linux operating system.
STEPS TO RECOVER MBR:
In order to recover broken MBR in Linux operating system, we first have to bring the system in resue and recovery mode. We bring the system in GRUB Command line mode, by using RHEL installation CD, and pressing c option in GRUB. Now we have to find out in which partition and disk, the grub.conf file contains, and for this we have to use the find
command as follows. Grub> find /grub/grub.conf. Now it will return the disk name and partition, now we also can use grub> root. This will show that the (hd0,0) file does not
exist and also show the file-system type. Now finally, we load the grub to the disk which is returned in the previous command as follows grub>setup (hd 0)
END OF TOPIC
FREQUENTLY ASKED QUESTION
MISCELLANEOUS QUESTIONS AND ANSWERS
What is the version of GRUB used in Redhat enterprise Linux 6? The version of the GRUB used in Redhat enterprise Linux 6 is .97.
What is the latest version of GRUB available in the market? The latest version of GRUB available in the market is GRUB version 2.
What is the difference between GRUB version 2 and GRUB version .97? The difference between GRUB version 2 and GRUB version .97 is that in GRUB version 2 we cannot change the GRUB
configuration file by hand that means they will be some other mechanism to deal with GRUB configuration file.
Why we use boot-loader? We used boot-loader so that we can boot into different operating system often called multi boot and we can boot kernel
with special arguments.
What are the options used while dealing with GRUB command line? The lists of the switches which are used while dealing with the GRUB command line are as follows.
SWITCH e:- This switch is used to edit the command before booting.
SWITCH a: - This switch is used to append or modify the command before booting.
SWITCH c: - This switch is used to bring the GRUB in command line mode.
What is the function of the BIOS?
In Linux boot process- BIOS is the first program that is run, so its basic function is to bring the system in POWER ON SELF TEST and start loading peripheral devices and also looks for the boot device and when searched, gives total control to it.
What is the function of the kernel? The function of the kernel is to initialize and configured computer hardware.
When kernel did execute init program? Kernel execute init program only when all computer drivers are in place.
What are the commands to view current run-level in Linux Operating system? The command to view current run-level in Linux Operating system are
Runlevel Who –r
What are the commands to change the run-level in Linux Operating system? The commands to change the run-level in Linux Operating system are
Init (runlevel) – Temporary method. Make entry in /etc/inittab file- Permanent method
What is the difference between traditional sysv and upstart utility?
S.NO
SYSV UPSTART
1. Traditional sysv was present till redhat Linux 5 Upstart is the new utility comes in red-hat Linux version 6.2. It is slower as compared to upstart utility It is faster.3. It calls all services sequentially It does call the services sequentially, and worked upon jobs and
event based and all services is with /etc/init directories as jobs.
4. It used /etc/rc.d/rc.sysinit as mediator to call all services from etc/rc.d/rc#.d
It does not any such mediator while calling services and services start and stop by upstart only.
What are the soft-link files of GRUB? The symbolic files of GRUB are /boot/grub/menu.lst and /etc/grub/rub.conf.
What is the path of the filename where all booting information stored? The path of the filename where all booting information stored is /var/log/dmesg.
What is the command to troubleshoot hardware issues in Linux operating system? The command to troubleshoot hardware issues in Linux Operating system is lsmod.
END OF THE TOPIC
SHUTDOWN COMMAND
FUNCTIONALITY OF SHUTDOWN COMMAND
SHUTDOWN COMMAND:
Shutdown command plays vital role in Linux Operating system. This command is used to bring the system in power off state i.e in HALT state. It will also used to restart or reboot the system. With the help of this command we can also warn the user for the shutdown and also set the timings for the shutdown. The syntax and the switches used in shutdown command as follows.
SYNTAX:
shutdown[option] time.
SWITCHES:
k- This switch is used to just warn the user, don’t reboot.h- This switch is used to bring the system in power off state after shutdownr- This switch is used to reboot the system.F- This switch is used to check file-system while booting.t SECS – This switch is used to sets seconds.
n- This switch is used to kill all process and send the shutdown message and delay the shutdown by x. This switch is So Recommended.
FEWS EXAMPLE OF SHUTDOWN:
Shutdown now- This will bring the system in resue mode. Shutdown –h 120- This will power off the system after 120 secs while shutting down the system. Shutdown –r now- This will reboot the system. Shutdown –F now- This will force to check file-system while shutdown.
END OF TOPIC
CHKCONFIG COMMAND
FUNCTIONALITY OF CHKCONFIG COMMAND
CHKCONFIG COMMAND:
Chkconfig command also plays vital role in Linux Operating system. This command is useful when we want to enable or disable services at Linux boot –level. With the help of this command we can also list when the service is enabled at particular run-level or not. The syntax of chkconfig and switches used are as follows.
SYNTAX:
Chkconfig[option] service name.
SWITCHES:
--list – This switch is used to check the service at the run-levels.-- add- This switch is used to add the services at run-levels.--del – This switch is used to remove the services at the run-levels.--level – This switch is used to add or remove the services at particular level.
EXAMPLES OF CHKCONFIG COMMAND:
Chkconfig –list sshd- This command is used to list the services at all run-levels. Chkconfig –add sshd- This command is used to add the sshd services at the run-levels. Chkconfig –del sshd – This command is used to remove the services at the run-levels. Chkconfig –level 3 sshd on – This command is used to on the sshd services at run-level 3.
IPTABLES
OVERVIEW AND FUNCTIONALITY OF IPTABLES
IPTABLES – AN UNDERSTANDING:
IPTABLES is one of the system security tools which are available in Linux Operating system. This tool acts as the firewall to allow and block network communication through one or more ports, with the help of this tool we can also filter packets based upon network element such as source and destination IP address. IPTABLES contain chains and the chains are the group of rules.
RULES OR CHAINS PRESENT IN IPTABLE:
As IPTABLES contains chains and the chains are the groups of rules, so there are mainly five chains or rules which are present and which we can apply in IPTABLES and those chains or rules are as follows.
INPUT CHAIN OUTPUT CHAIN FORWARD CHAIN PREROUTING CHAIN POSTROUTING CHAIN
LIST OF TABLES PRESENT IN IPTABLE:
IPTABLES mainly contains three tables which are as follows.
FILTER TABLE
NAT TABLE MANGLE TABLE
FUNCTION OF FILTER TABLE:
Function of the filter table is packet filtering. Filter table is the default table present in IPTABLE, that means group of the chains or rules where table name is not there, in
that case IPTABLE considered that as the part of filter table only.
CHAINS OR RULES APPLICABLE IN FILTER TABLE:
In filter table we can apply only three chains or rules and the list of those are as follows.
INPUT CHAIN OUTPUT CHAIN FORWARD CHAIN
FUNCTION OF INPUT CHAIN IN FILTER TABLE:
The function of input chain in filter table is that, in this rule packet is coming to the firewall, which means packet is coming to the local server.
FUNCTION OF OUTPUT CHAIN IN FILTER TABLE:
The function of output chain in filter table in that, in this rule packet is originating from the firewall, which means packet is originating from the local server.
FUNCTION OF FORWARD CHAIN IN FILTER TABLE:
Function of forward chain in filter table is that in this rule, packet is for the different NIC on the same server which means packet is routed through the local server.
FUNCTION OF NAT TABLE:
Function of NAT table in IPTABLE is network address translation.
CHAINS PRESENT IN NAT TABLE:
In NAT table there are basically three chains or rules which are present and the list of those are as follows.
PREROUTING CHAIN POST ROUTING CHAIN OUTPUT CHAIN
FUNCTION OF PREROUTING IN NAT TABLE:
The function of pre-routing rule in NAT table is that, this rule is comes in place before the routing decision is made.
FUNCTION OF POST-ROUTING RULE IN NAT TABLE:
The function of post –routing rule in NAT is that, this rule will come in place after the routing decision is made and before it will enter into the hardware.
FUNCTION OF OUTPUT RULE IN NAT TABLE:
The function of output rule in NAT table is that, this rule performs network address translation before the routing decision is made.
FUNCTION OF MANGLE TABLE:
Mangle table is the last, but not the least table used in IPTABLES. The function of mangle table is to modify TCP header i.e TCP header quality of services before routing decision is made. With the help of mangle table we can change TTL ie time to live and type of services.
CHAINS PRESENT IN MANGLE TABLE:
In mangle table we can used all five chains and the list of those are as follows.
INPUT CHAIN OUTPUT CHAIN FORWARD CHAIN PRE-ROUTING CHAIN POST ROUTING CHAIN
TARGET VALUE USED IN IPTABLE:
In IPTABLES there are basically four target values which are used and the list of those are as follows.
ACCEPT: This is the default target value used in IPTABLE. The function of this target value is to accept the packet.
DROP: The function of this target value is to drop the packet, and in this target value no acknowledgement message will be sent back to sender machine.
REJECT: The function of this target value is to reject the packet and in this target value an error message will be sent back to sender machine.
MASQRATE: The function of this target value is to perform network address translation, which means when packet goes from internal LAN to outside world it will change its source address to public IP address.
PROCESS FLOW OF IPTABLES:
The process flow of IP table is important to understand so to have better understanding of IP tables. So its process flow is as follows.
IP table always process from top to bottom. If the rule matches the target then no further processing will be done, and the IP table will process the rule as per the
target and process the special value mention in the target. If the rule does not matched then it will check for next rule. At the end of the IP table default value is accept, so if none of the rule match then it will pass the packet.
SYNTAX OF IPTABLES:
The syntax of IP tables is as below.iptables –t tablename [actions reaction][packet pattern] –j [what to do]
ACTIONS PRESENT IN IPTABLE:
In IP tables there are basically five actions which are present and the list of those are as follows.
-A: This action is used to append the line at the end of the rule.
-D: This action is used to delete the rule from the IP table, and we can also delete specific rule by giving its number.
-L: This action will list all the running rules in the IP tables.
-F: This action is used to flush the rules from the IP tables.
-I: This action is used to add the rule in the IP tables and we can also add to specific place by giving the number.
PACKET PATTERN IN IPTABLE:
The lists of packet pattern used in IP table are as follows.
-s ip address: This packet pattern will looks for the packet coming from the source ip address.
-d ip address: This packet pattern will looks for the packet going to the destination ip address.
-sport: This pattern will looks for the packet coming from the incoming port.
-dport: This pattern will looks for the packet going to the destination port.
-p protocol: This pattern will looks for the protocol used in the packet.
-i interface: This pattern will looks for the packet coming from which interface.
-o interface: This pattern will looks for the packet going to which interface.
-m multiport<> This pattern is used in assigning multiport to packet.
WHAT TO DO IN IPTABLES?
What to do are the targets values which we already discussed.
HOW TO INSTALL IPTABLES?
IP tables are installed state by default in Linux operating system, so no need to install.
SERVICES USED IN IPTABLES:
In order to start, stop and restart the services of IP tables then we can used the following path, /etc/init.d/iptables
Note:- Be caution, do not restart the services, because in the all entries in iptables will erase.
FILE CONTAINS THE IPTABLE NAMES:
In order to view list of the tables present in IP tables we can check it by following file.
/proc/net/iptables_names
HOW TO RESTORE OR SAVE IPTABLES:
In order to restore or save the entries add in IP tables, we used the following command and file.
Command: service iptables save
File: iptables restore /etc/sysconfig/iptables.
