Linux Boot Process PDF

Summary

This document provides an overview of the Linux boot process, covering various stages from Power-On Self Test (POST) to kernel initialization. It details the boot loader mechanisms, including GRUB and UEFI, and explores different types of Linux processes. Key concepts like process IDs and the init daemon are also discussed.

Full Transcript

The Boot Process Power On Self Test (POST): BIOS checks hardware functionality during startup. BIOS Boot Device Check: Searches removable media or the MBR/GPT on the hard disk for an OS. Boot Loader Loading: Legacy BIOS: Loads from MBR/GPT with one active partition. UEFI BIO...

The Boot Process Power On Self Test (POST): BIOS checks hardware functionality during startup. BIOS Boot Device Check: Searches removable media or the MBR/GPT on the hard disk for an OS. Boot Loader Loading: Legacy BIOS: Loads from MBR/GPT with one active partition. UEFI BIOS: Loads from UEFI System Partition, with Secure Boot verifying the boot loader. Linux Kernel Loading: Boot loader loads the kernel into memory, then exits. Kernel Initialization: Initializes system daemons, starting with the init daemon, which sets up the system for user interaction. GRUB Legacy GRUB Introduction: Created in 1999, it supports multiple OSs (Linux, macOS, BSD, Solaris, Windows). GRUB Legacy Stages: Stage 1: Resides in MBR, points to Stage 1.5. Stage 1.5: Located in the 30KB after MBR, loads file system support, then moves to Stage 2. Stage 2: Located in /boot/grub, performs boot functions and shows the boot menu. GRUB2 GRUB2 Overview: Used on modern Linux systems, supports MBR, GPT, NVMe, and works with both BIOS and UEFI. GRUB2 Structure: For BIOS: o Stage 1: Resides in MBR or GPT. o Stage 1.5: In the 30KB after MBR or in BIOS Boot partition (for GPT), loads file system support. o Stage 2: Located in /boot/grub or /boot/grub2, loads graphical boot screen. For UEFI: All stages stored in the UEFI System Partition (e.g., grubx64.efi), mounted at /boot/efi. UEFI Secure Boot: Verifies GRUB2’s integrity using digital signatures (e.g., shim.efi). GRUB2 Boot Process: Displays graphical boot screen for selecting a kernel or editing boot options. Configuration: Main config file: grub.cfg or grub2.cfg. Automatically built from /etc/default/grub and /etc/grub.d scripts. Linux Processes Definitions: Program: An executable file on the hard disk. Process: A program running in memory and on the CPU. Types of Processes: User Process: Runs in a terminal, started by a user (e.g., ls, grep). Daemon Process: Runs in the background, provides system or network services (e.g., web servers). Process IDs: PID: Unique identifier for a process. PPID: Parent Process ID, linking a process to its parent. Parent-Child Relationship: init daemon: First process (PID 1), starts other processes. BASH shell: Starts after login, runs user commands. All processes trace back to the init daemon through their PPIDs. Killing Processes Kill Signals: Used to terminate misbehaving processes. 64 different signals, common ones: o SIGINT (2): Interrupts a process. o SIGQUIT (3): Quits a process, generates core dump. o SIGTERM (15): Requests process termination. o SIGHUP (1): Restarts or reloads a process. o SIGKILL (9): Forcefully kills a process (cannot be ignored). Sending Kill Signals: kill: kill -3 sends SIGQUIT to a process. pgrep: Find PIDs by regular expression. killall: killall -15 sample sends SIGTERM to all processes named "sample". pkill: pkill -u bob -3 "^psql" kills processes by name with regex. top: Press 'k', enter PID, and choose kill signal. Process Execution Types of Linux Commands: Binary Programs: Compiled programs (e.g., ls, find, grep) stored in a computer-readable format. Shell Scripts: Sequences of commands (including binary programs, functions, and constructs). Shell Functions: Built-in commands (e.g., cd, exit) run directly in BASH. Execution Process: 1. BASH forks a new subshell. 2. Subshell executes the program/script with exec. 3. Subshell exits after completion. 4. BASH waits for completion, then returns the prompt. Printer Administration Printing is a common need for Linux users. Printing log files and system configurations is useful for system failure backups. Linux server administrators must understand how to: Set up printers. Manage printers. Print files effectively. The Common UNIX Printing System CUPS Overview: Common Unix Printing System (CUPS), developed by Apple, Inc., is the primary printing system on Linux. Print Job Process: A print job consists of files or command output sent to the printer using the lp command. The CUPS daemon (cupsd) assigns a print job ID and places the job in the print queue. Printer Status: Accepting Requests: Jobs enter the queue. Rejecting Requests: Error message appears. Enabled: Jobs are printed and removed from the queue. Disabled: Jobs remain in the queue. Checking Printer Status: Use lpstat -t to view all printers and their statuses. Managing Printers: cupsaccept : Enable accepting print jobs. cupsreject : Stop accepting print jobs. cupsenable : Enable printing. cupsdisable : Disable printing but keep spooling jobs. The LPD Printing System Legacy Printing System: Older Linux systems may use the Line Printer Daemon (LPD) instead of CUPS. Commands Overview: lpr: Print documents (like lp). lpc: View printer status. lpq: Check print jobs in the queue (like lpstat). lprm: Remove print jobs (like cancel). CUPS Compatibility: CUPS supports lpr, lpc, lpq, and lprm for LPD users. Compression Purpose of Compression: Reduces file size to save disk space or speed up transfers. Compression Process: A compression algorithm removes data patterns, and decompression reverses the process. Compression Ratio: Calculated as 100% minus the compressed file size. Example: If a file is reduced to 52% of its original size, the compression ratio is 48%. Common Compression Utilities: 1. compress 2. gzip 3. xz 4. zip 5. bzip2 Using compress compress Command: Compresses files using the LZW algorithm, reducing size by 40-50%. Usage: Compress: compress file1 file2 Files are renamed with a.Z extension. Use -v for verbose output showing the compression ratio. Example: compress -v samplefile samplefile2 Decompressing Files: Use uncompress: o uncompress -v samplefile.Z samplefile2.Z Viewing Compressed Files: Use zcat: o zcat samplefile2.Z Compression with Output: who | compress -v > file.Z Decompressing After Output: zcat file.Z or uncompress -v file.Z Using GNU zip GNU Zip (gzip) Command: o Uses the LZ77 algorithm with a 60-70% compression ratio, better than compress. o Compressed files have a.gz extension. Common Options: o -v: Shows compression ratio and filename. o -f: Forces compression of linked files. o -r: Compresses all files in a directory. o -1 to -9: Specifies compression level (fastest to best). Viewing and Decompressing: o Use zcat, zmore, zless, zgrep to view compressed files. o To decompress: gzip -d or gunzip. Compression Levels: o -1: Fastest compression, lower ratio. o -9: Best compression, slower. o Default: -6. Decompressing Without.gz: o You can omit the.gz extension when decompressing. Using xz XZ Command: Uses the LZMA (Lempel-Ziv) compression algorithm, offering a higher compression ratio (60-80%) compared to compress and gzip. Compressed files have a.xz extension by default. Supports similar options to gzip, such as -v for verbose output and -9 for maximum compression, but does not support the -n or -r options. Decompression: To decompress.xz files, use the -d option with xz or the unxz command. Compression Ratio: XZ typically achieves a better compression ratio than gzip and compress for most file types. Using zip Zip Command: Zip Command: Linux implementation of the PKZIP utility. Compresses multiple files into a single.zip archive, using the same Lempel-Ziv compression as gzip. Preserves file ownership, modification, and access times. Compression: Use zip to compress files into a.zip archive. Use -v to show the compression ratio. Viewing and Extracting: Use unzip to view or extract files from a.zip archive. Networks Computers exchange information through cables (fiber optic, UTP, etc.) or wireless methods (radio, infrared). Networks are classified as: LAN (Local Area Network): Connects computers within a building. WAN (Wide Area Network): Connects computers over large distances (e.g., the internet). Common network protocols in Linux: TCP/IP: Ensures reliable communication. UDP/IP: Fast but unreliable communication. ICMP: Sends network-related information and error messages. The IP Protocol TCP/IP is a suite of protocols with two main components: TCP ensures correct packet assembly and retransmits lost packets. IP labels each packet with a unique destination IP address. IPv4 is the most widely used version. IPv6 is a newer version, used by fewer computers. The IPv4 Protocol To join an IPv4 network, a computer must have: A valid IP address. A subnet mask to define the network's size and range. Optionally, a default gateway can be configured to enable access to larger networks, like the Internet. IPv4 Addresses IP Address: A unique number identifying a computer on the network, like a postal address. Unicast: Communication from one computer to another. IPv4 Format: Four 8-bit numbers (0–255) separated by periods (e.g., 192.168.5.69). Parts of IPv4: Network ID: Identifies the network. Host ID: Identifies the specific computer. Communication: Computers on the same network communicate directly; others require a router. Subnet Masks Subnet Mask: Determines which part of an IP address is the network ID and which is the host ID. Subnet Mask Format: Four octets, like an IP address. Subnet Mask Values: 255: Network ID. 0: Host ID. ANDing: A binary operation used to find the network ID by comparing the IP address and subnet mask. If both bits are 1, the result is 1; otherwise, it's 0. Default Gateway LAN Configuration: All computers share the same network ID but have different host IDs. Router: Connects two LANs, forwards packets between them, and has IP addresses for each network. Default Gateway: Router’s IP address used by computers to send packets to other networks. Router Devices: Can be hardware (e.g., Cisco) or a computer with multiple network cards, routing packets between networks. Router IP Address: Router must have an IP on each network it connects. Packet Sending: Computers send packets only to devices on their own network. IPv4 Classes and Subnetting IP Address Classes: Class A: First octet 1–127, subnet mask 255.0.0.0, 8 bits for network ID, 24 for host ID. Used by large organizations and ISPs. Class B: First octet 128–191, subnet mask 255.255.0.0, 16 bits for network ID, 16 for host ID. Used by governments and universities. Class C: First octet 192–223, subnet mask 255.255.255.0, 24 bits for network ID, 8 for host ID. Used by smaller organizations. Class D: Used for multicast addressing, not assigned to computers. Class E: Reserved for experimental use. Subnetting: Divides large networks (Class A and B) into smaller subnets by borrowing bits from the host ID, creating new subnet masks (e.g., 255.240.0.0). Communication: Computers in the same subnet communicate directly; different subnets need a router. The IPv6 Protocol IPv6 Introduction: Developed to replace IPv4, offering 128-bit addresses for more devices. IPv6 Format: 8 groups of 16-bit hexadecimal numbers, with omitted leading zeros. Loopback is ::1. IPv6 Structure: First 64 bits for Network ID, last 64 bits for Host ID (often based on MAC). Adoption: By 2018, under 20% of devices used IPv6, mostly IoT. IPv4 Workarounds: NAT and proxies allow multiple devices to share one IPv4 address, slowing IPv6 adoption. Configuring a Network Interface in Linux Interfaces: Wired (Ethernet) or wireless. Drivers: Loaded at boot with descriptive names. IP Configuration: Use ifconfig for static IPs or dhclient for DHCP. APIPA assigns 169.254.x.x if no DHCP server is found. Persistence: Fedora configs in /etc/sysconfig/network-scripts/; apply changes with ifdown and ifup. Ubuntu: Legacy uses /etc/network/interfaces; modern uses NetPlan in /etc/netplan/. Tools: Fedora Network utility; Network Manager (nmcli) for management; networkctl for systemd-networkd. Testing: Use ping to check connectivity. Infrastructure Services Some networking services provide network configuration and support for other computers on a network in the form of TCP/IP configuration, name resolution, and time management. These services, which are collectively called infrastructure services, include DHCP, DNS, and NTP. DHCP DHCP (Dynamic Host Configuration Protocol): Configures network interfaces automatically. Sends a broadcast request for IP configuration information. DHCP server assigns an IP address to the client for a set lease time. Prevents IP address conflicts by ensuring no two computers receive the same address. Also provides additional information like default gateway and DNS server. The DHCP Lease Process DHCP Client Request Process: 1. DHCPDISCOVER: Client sends a broadcast to find a server. 2. DHCPOFFER: Server responds with an IP offer. 3. DHCPREQUEST: Client accepts the offer and requests configuration. 4. DHCPACK: Server confirms the request with IP configuration and lease time. 5. Client Configures IP: Client applies the configuration. Lease Renewal Process: At 50% lease time, client sends DHCPREQUEST to renew. At 87.5%, if the server is unreachable, client sends DHCPDISCOVER. After lease expiration, client uses APIPA. Setting up a Linux DHCP Server: Install DHCP daemon. Configuration: o IPv4: /etc/dhcp/dhcpd.conf o IPv6: /etc/dhcp/dhcpd6.conf Starting DHCP: Start the dhcpd service and enable boot-time start. Viewing Leases: o IPv4: /var/lib/dhcpd/dhcpd.leases o IPv6: /var/lib/dhcp/dhcpd6.leases Configuring a Linux DHCP Server Using udhcpd udhcpd Configuration on Ubuntu Server 14.04: Enable DHCP: Set DHCPD_ENABLED="yes" in /etc/default/udhcpd. Configure /etc/udhcpd.conf: o IP lease range: 192.168.1.1 to 192.168.1.100 (eth0). o Lease duration: 36,000 seconds (10 hours). o Default gateway: 192.168.1.254. o DNS server: 192.168.1.200. Lease File: Lease info stored in /var/lib/misc/udhcpd.leases. Use dumpleases to view. Start and Enable udhcpd: Start the service and configure it to start at boot. DNS DNS: A system that maps domain names to IP addresses (forward lookup) and vice versa (reverse lookup) in a hierarchical structure called zones. The DNS Lookup Process The web browser requests www.linux.org from the DNS server. If the address is cached, the DNS server responds immediately. If not, it queries the.org server, which directs it to the linux.org server. The ISP DNS then queries linux.org for the IP address and caches the result before returning it to the browser. The browser uses the IP to connect to the server. Configuring a Linux DNS Server To configure a Linux computer as a DNS server: 1. Install the DNS name daemon (named). 2. Configure the zone and add resource records (FQDNs and IP addresses). 3. Files used for configuration are in BIND format, best modified by copying sample files or using a graphical tool. 4. To install the graphical tool in Fedora, run dnf install system-config-bind. 5. Use the system-config-bind-gui command to configure zones and save the settings to /etc/named.conf and /var/named. 6. Start the DNS daemon and configure it to start at boot. 7. Use the dig command to test name resolution and query specific DNS records on a server (e.g., dig @server record type). This helps verify if zone updates have been applied correctly. NTP To ensure accurate date and time for system components and network services, Linux systems use the Network Time Protocol (NTP). 1. System Clock: Each computer has a BIOS system clock that stores the initial date and time during boot. 2. After boot, Linux systems often sync time with NTP servers on the network to maintain correct time. 3. NTP is a protocol (using TCP/UDP port 123) that helps synchronize time across systems on the Internet. 4. Common NTP daemons on Linux are: o ntpd (NTP daemon) o chronyd (Chrony NTP daemon Security Linux's growing use makes it more vulnerable to security threats. To protect it, enhance both local and network security. Limiting Physical Access Limit physical access: Lock servers in secure rooms. For public workstations: Remove CD/DVD drives, disable USB booting, and set BIOS password. For kiosks: Lock systems in cabinets. Prevent reboot with Ctrl+Alt+Del: SysV: Edit /etc/inittab. upstart: Edit /etc/init/control-alt-delete.conf. Systemd: Run systemctl mask ctrl-alt-del.target. Limiting Access to the Operating System Limit access: Enforce strong passwords with PAM. Lock accounts after 3 failed logins Authentication: Use Kerberos and LDAP for centralized login. Multi-factor authentication Lock screen: Lock screen or exit shell when away from workstation ( Providing Secure Root User Access Minimize root access: Use a regular user account for daily tasks. Use su for root access only when needed, then return to the regular account with exit. Grant limited root access with sudo: Assign specific commands to users via the /etc/sudoers file. Example: Allow mary and bob to run kill and killall as root on server1 and server2. Wheel group for admin access: First regular user is in the wheel group by default, granting full admin rights via sudo. Use sudoedit to edit files as root with a regular user account. Using Encryption to Protect Data Encryption to protect data: Use LUKS for full disk encryption, especially on laptops and public-access computers. Configure LUKS during installation or use cryptsetup for post-installation setup. Mount encrypted volumes after entering a passphrase, and ensure automatic mounting by adding entries to /etc/crypttab and /etc/fstab. Encrypting specific files with GPG: Use GPG for encrypting sensitive files with asymmetric encryption. Generate a GPG key pair using gpg --gen-key. Encrypt and sign files with gpg --encrypt --sign -r. Decrypt and verify files with gpg. Protecting Against Network Attacks To minimize the risk of network attacks: Limit network services and reduce their exposure. Encrypt data for protection. Control access to the network and systems. Ensure proper file permissions. Avoid default service ports. Keep software updated. Regularly scan for vulnerabilities. Use firewalls, SELinux, and AppArmor for system security. Reducing the Number of Network Services To secure your system against network attacks: 1. Minimize Network Services: Run only the essential services to reduce potential attack vectors. 2. Identify Running Services: Use tools like nmap to check which services are active on your system. 3. Disable Unnecessary Services: Stop and prevent unneeded services from starting automatically. 4. Use Encrypted Services: Replace unencrypted services with secure alternatives 5. Secure Essential Services: For services that are necessary, configure them with security best practices.

Use Quizgecko on...
Browser
Browser