Linux Basics

From Network Security Wiki
Jump to navigation Jump to search

Linux Booting Process


The following are the 6 high level stages of a typical Linux boot process:

  1. BIOS
  2. MBR
  3. GRUB
  4. Kernel
  5. Init
  6. Runlevel programs

Detailed explanation of each stage:

  • Performs some system integrity checks (POST-Power On Self Test)
  • Searches, loads, and executes the boot loader program.
  • It looks for boot loader in floppy, cd-rom, or hard drive.
  • You can press a key (typically F12 of F2, but it depends on your system) during the BIOS startup to change the boot sequence.
  • Once the boot loader program is detected and loaded into the memory, BIOS gives the control to it.
  • In simple terms BIOS loads and executes the MBR boot loader.
  • MBR stands for Master Boot Record.
  • It is located in the 1st sector of the bootable disk.
  • Typically /dev/hda, or /dev/sda
  • MBR is less than 512 bytes in size.
  • This has three components:
  1. primary boot loader info in 1st 446 bytes,
  2. partition table info in next 64 bytes(16,16,16,16) 4 partitions,
  3. magic numbers as mbr validation check in last 2 bytes.
  • It contains information about GRUB (or LILO in old systems).
  • In simple terms MBR loads and executes the GRUB boot loader.
  • GRUB stands for Grand Unified Bootloader.
  • It is a Multiboot boot loader.
  • If you have multiple kernel images installed on your system, you can choose which one to be executed.
  • GRUB displays a splash screen, waits for few seconds, if you don’t enter anything, it loads the default kernel image as specified in the grub configuration file.
  • GRUB has the knowledge of the filesystem (the older Linux loader LILO didn’t understand filesystem).
  • Grub configuration file is /boot/grub/grub.conf (/etc/grub.conf is a link to this).
title CentOS (2.6.18-194.el5PAE)
          root (hd0,0)
          kernel /boot/vmlinuz-2.6.18-194.el5PAE ro root=LABEL=/
          initrd /boot/initrd-2.6.18-194.el5PAE.img
  • As you notice from the above info, it contains kernel and initrd image.
  • So, in simple terms GRUB just loads and executes Kernel and initrd images.
  • Once the control is given to kernel which is the central part of all your OS and act as a mediator between hardware and software.
  • Kernel once loaded into to RAM it always resides on RAM until the machine is shutdown.
  • Once the Kernel starts its operations the first thing it do is executing INIT process.
Init (initialization)
  • Looks at the /etc/inittab file to decide the Linux run level.
  • Following are the available run levels
0 – halt
1 – Single user mode
2 – Multiuser, without NFS
3 – Full multiuser mode
4 – unused
5 – X11
6 – reboot
  • Init identifies the default initlevel from /etc/inittab and uses that to load all appropriate program.
  • Execute ‘grep initdefault /etc/inittab’ on your system to identify the default run level
  • Typically you would set the default run level to either 3 or 5.
Runlevel programs
  • When the Linux system is booting up, you might see various services getting started.
  • For example, it might say “starting sendmail …. OK”.
  • Those are the runlevel programs, executed from the run level directory as defined by your run level.
  • Depending on your default init level setting, the system will execute the programs from one of the following directories.
Run level 0 – /etc/rc.d/rc0.d/
Run level 1 – /etc/rc.d/rc1.d/
Run level 2 – /etc/rc.d/rc2.d/
Run level 3 – /etc/rc.d/rc3.d/
Run level 4 – /etc/rc.d/rc4.d/
Run level 5 – /etc/rc.d/rc5.d/
Run level 6 – /etc/rc.d/rc6.d/
  • Please note that there are also symbolic links available for these directory under /etc directly.
  • So, /etc/rc0.d is linked to /etc/rc.d/rc0.d.
  • Under the /etc/rc.d/rc*.d/ directories, you would see programs that start with S and K.
  1. Programs starts with S are used during startup. S for startup.
  2. Programs starts with K are used during shutdown. K for kill.
  3. There are numbers right next to S and K in the program names.
  4. Those are the sequence number in which the programs should be started or killed.
  5. For example, S12syslog is to start the syslog deamon, which has the sequence number of 12.
  6. S80sendmail is to start the sendmail daemon, which has the sequence number of 80.
  7. So, syslog program will be started before sendmail.

Linux file system layout

This is a layout file system structure from a CentOS linux, depends on the system and linux distro, the structure may vary, and directories may be removed or added.

/ – The Root Directory
  • Everything on Linux system is located under the / or root directory.
  • The meaning of / or root and root user are often confusing to new Linux users.
  • In Linux, the root directory “/” is a separator between a file and a directory contains all underlying directories and files, yet root user is a super user or administrator user with has administrative privileges on the system vs Linux privileged users who only have limited privileges to protect system security.
/bin – Essential command binaries
  • The /bin directory is a place contains most commonly essential executable terminal binaries programs or file required during booting, repairing like cat, ls, mount, rm, du, df, tar, rpm, wc, etc.
/boot – Boot loader files
  • All of the required files to boot the system contains in /boot directory, including GRUB boot loader’s files, Linux kernels, the Linux initial RAM disk (initrd),
/dev – Device Files
  • All of the hardware devices on the machine like cdrom, cpu, hard drives, etc will be stored as special device files that represent all the devices in /dev directory. Device files are created during your Linux system installation.
/etc – Configuration Files
  • Contain host-specific files and directories, e.g. information about system and application configuration files like startup, shutdown, start, stop script for every individual program.
  • In another word /etc data is very similar to Control panel in Microsoft Windows.
/home – Home Directory
  • Home directory of the users. Every time you create a new user, a new directory with user’s name is created in /home directory for users to store their own files within their own home’s directory.
  • Most common automatic directories created within /home ‘s user are Desktop, Downloads, Documents, Music, Movie, etc.
  • Most programs configuration file for a specific user will be saved in it’s users /home directory like web browser settings, web browser bookmarks, desktop wallpaper, themes, and passwords.
/lib – Essential Libraries
  • Similar to Windows ‘dll’ files, all Linux shared libraries and kernel modules files stores in /lib directory.
  • These important Linux dynamic libraries are required to boot the system and run commands in the root file system.
/lost+found – Recovering Files
  • Sounds weird but yes we have lost+found in Linux file system structure.
  • Every Linux file system and partitions has a lost+found in it’s directory.
  • In the even your system is crashed or unexpected shutdown, you can run fsck command to check and repair the filesystem, fsck will turn any corrupted or almost-deleted files back into files that you can recover them later in /lost+founddirectory.
/media – Removable Media Devices
  • Every time you insert a removable device such as external hard drive, floppy disk, zip drive, CDs, DVDs, flash drive to a Linux system, a new directory will automatically be created inside the /media directory.
  • It is a temporary mount directory for removable devices.
/mnt – Temporarily mounted filesystems
  • While /media is where the system automatically mounts removable media, /mnt is for you to mount things (partitions, file systems, devices) manually and temporarily.
/opt – Optional software packages
  • The /opt directory is reserved to store addition software or extra and third-party software for your system, those addition software usually don’t follow the standard file system hierarchy and not handled by the package manager.
/proc – Kernel & Process Information
  • Similar to /dev, /proc directory contains information about running process, system resources and information.
  • You can view information about any running process with a specific process-id (pid) or hardware’s information such as memory, cpu, io, etc.
/root – Root Home Directory
  • Don’t be confused with “/” or root directory, /root is a root account’s home directory determined by developer or local preference rather than /home/root to allow for booting the system even if /home/ is not available.
  • Sometimes /home is located on a different partition or even on another separate system and it’s inaccessible to “root”, that is why “root’s home directory” need to be in the same partition as “/” directory.
/sbin – System binaries
  • Similar to /bin, /sbin contains essential binaries that are generally intended to be run by the root user for system administration and maintenance purpose.
  • For example iptables, reboot, fdisk, ifconfig, swapon, init, ip, mount
/selinux – Security-Enhanced Linux
  • Selinux comes with RedHat based distro (fedora, centos), selinux is a security architecture integrated into the 2.6.x kernel using the Linux Security Modules (LSM).
  • For some reason Centos 6 created an emtpry selinux directory in root directory, the real selinux directory with its configuration files are stored in /etc/selinux/ directory.
/srv – Service Data
  • Server (srv) contains data of services such as HTTP, FTP, rsync, cvs
/sys – virtual filesystem
  • Some newer Linux distros have /sys directory with sysfs virtual filesystem to store information and statistics about (physical and virtual) device and device names.
  • It is newly added since Linux kernel 2.6 /sys contains similar information with /proc which display device information about the kernel’s view of the system.
/tmp – Temporary files
  • System’s Temporary Directory, all users and programs in your system can access/read/write in this directory.
  • Most files in this directory are required temporarily.
  • Many programs use /tmp to create lock file to save temporary data or files.
  • Normally don’t delete files from /tmp unless you know what you are doing because most files are required for current running programs.
  • You should not save or store any important files/directories under /tmp since all files will be removed after system is rebooted.
/usr – binaries, documentation, source code, libraries
  • Pronounced as ‘user’, /usr contains the majority of user utilities, programs, libraries, documentation etc for all user-related second level programs rather than applications and files used by the system.
  • Some user programs are stored here like telnet, ftp, etc.. /usr is shareable between various FHS-compliant hosts but can not be written to.
/var – Variable Files
  • Variable or /var contains data that is expected to change and grow as the system is running (system log files, mail, printer spool, temporary files).
  • Some sub directories under /var are not shareable between systems like /var/log, /var/lock, or /var/run, while other sub directories are shareable like /var/mail, var/cache/man, var/cache/fonts, and /var/spool/news

File Details

Passwd file

  • Password file /etc/passwd is human readable file.
  • By default /etc/passwd file permission is 644 i.e. -rw-r–r– and ownership root:root.
  • Means file is world readable and only root users can edit it.
  • However it is not recommended it manually.
# cat /etc/passwd
root:x:0:0:ROOT account:/root:/bin/bash
myuser:x:513:520:Test User:/home/myuser:/bin/bash
----- output truncated -----

  • For every user (row) there are 7 fields defined separated by colon(:)
Encrypted password    x means encrypted password is stored in /etc/shadow file
Home directory

Shadow file

  • Located in /etc/shadow, it is not world readable and can be read by root user only.
  • Shadow file permissions are 400 i.e. -r——– and ownership is root:root.
  • Means it can be only read and by root users only.
  • Reason for such security is password related information which is being stored in this file.
# cat /etc/shadow

There are total of 8 fields in shadow file separated by colon(:)

Encrypted password
Last password change
Min days
Max days
Warn days
Inactive days

Command Editing Shortcuts

   Ctrl + a – go to the start of the command line
   Ctrl + e – go to the end of the command line
   Ctrl + k – delete from cursor to the end of the command line
   Ctrl + u – delete from cursor to the start of the command line
   Ctrl + w – delete from cursor to start of word (i.e. delete backwards one word)
   Ctrl + y – paste word or text that was cut using one of the deletion shortcuts (such as the one above) after the cursor
   Ctrl + xx – move between start of command line and current cursor position (and back again)
   Alt + b – move backward one word (or go to start of word the cursor is currently on)
   Alt + f – move forward one word (or go to end of word the cursor is currently on)
   Alt + d – delete to end of word starting at cursor (whole word if cursor is at the beginning of word)
   Alt + c – capitalize to end of word starting at cursor (whole word if cursor is at the beginning of word)
   Alt + u – make uppercase from cursor to end of word
   Alt + l – make lowercase from cursor to end of word
   Alt + t – swap current word with previous
   Ctrl + f – move forward one character
   Ctrl + b – move backward one character
   Ctrl + d – delete character under the cursor
   Ctrl + h – delete character before the cursor
   Ctrl + t – swap character under cursor with the previous one

Command Recall Shortcuts

   Ctrl + r – search the history backwards
   Ctrl + g – escape from history searching mode
   Ctrl + p – previous command in history (i.e. walk back through the command history)
   Ctrl + n – next command in history (i.e. walk forward through the command history)
   Alt + . – use the last word of the previous command

Command Control Shortcuts

   Ctrl + l – clear the screen
   Ctrl + s – stops the output to the screen (for long running verbose command)
   Ctrl + q – allow output to the screen (if previously stopped using command above)
   Ctrl + c – terminate the command
   Ctrl + z – suspend/stop the command

Bash Bang (!) Commands

Bash also has some handy features that use the ! (bang) to allow you to do some funky stuff with bash commands.

   !! – run last command
   !blah – run the most recent command that starts with ‘blah’ (e.g. !ls)
   !blah:p – print out the command that !blah would run (also adds it as the latest command in the command history)
   !$ – the last word of the previous command (same as Alt + .)
   !$:p – print out the word that !$ would substitute
   !* – the previous command except for the last word (e.g. if you type ‘find some_file.txt /‘, then !* would give you ‘find some_file.txt‘)
   !*:p – print out what !* would substitute

Manually Boot using Grub


Locate where the vmlinuz and initrd.* files are located

grub> ls
(hd0) (hd0,msdos5) (hd1) (hd1,msdos0)

Boot the system:

grub> linux (hd1,msdos1)/install/vmlinuz root=/dev/sdb1
grub> initrd (hd1,msdos1)/install/initrd.gz
grub> boot

This should even work if your BIOS doesn’t support booting off of USB.


blog comments powered by Disqus