Professional Documents
Culture Documents
The MBR maximum size is 512 byes long. If from some reason the first 448 bytes are overwritten, the CentOS or Red Hat
Enterprise Linux cannot be loaded unless you boot the machine with a CentOS ISO image in rescue mode or
using other boot loading methods and reinstall the MBR GRUB boot loader.
1. While the Bios perform the Post test, press a special key (Esc, F2, F11, F12, Del depending on the motherboard
instructions) in order to enter BIOS settings and modify the boot sequence so that the bootable DVD/USB image
is booted first at machine start-up
2. After the CentOS 7 / RHEL bootable media has been detected, the first screen will appear in your machine
monitor output. From the first menu choose the Troubleshooting option and press [enter] key to continue.
3. On the next screen choose Rescue a CentOS/RHEL system option and press [enter] key to move further. A new
screen will appear with the message ‘Press the Enter key to begin the installation process’. Here, just press
[enter] key again to load the CentOS/RHEL system to memory.
4. After the installer software loads into your machine RAM, the rescue environment prompt will appear on your
screen. On this prompt type 1 in order to Continue with the system recovery process
5. On the next prompt the rescue program will inform you that your system has been mounted under
/mnt/sysimage directory. Here, as the rescue program suggests, type chroot /mnt/sysimage in order to
change Linux tree hierarchy from the ISO image to the mounted root partition under your disk.
6. Next, identify your machine hard drive by issuing the below command in the rescue prompt.
# ls /dev/sd*
after you’ve identified your machine hard disk, you can start installing the GRUB boot loader by issuing the below
commands
/sbin/grub2-install /dev/sda
Exit & again Exit
Q-2. What if Default run level has been changed (Suppose runlevel 6)?
If Default run level got changed to run-level 6 and we have rebooted the system, it’s got rebooted again and again
whenever its go to systemd at boot time.
So in order to resolve the issue first we need to add below term at kernel line “Linux16”
rhgb quiet 3
Press ctrl+x and once system is up change the default run level to run-level3
Ans. Kernel panic issue mostly occurred when the system is patched and the kernel is not updated properly. So in
order to resolve the issue we need to reboot the kernel and boot it with old kernel.
Once system is booted we need to update the system again and also we need to check if vmlinuz and initramfs of
the newly updated kernel is present or not in /boot if initramfas is not there we also need to create it through dracut
command.
Q-4. Error Bootable media not found:
Ans: 1st need to check the BIOS settings to confirm the default bootable media. Sometimes system is booted from
wrong booting device such as Floppy disk.
If Bootable media is correct, might be possible our MBR is got corrupted, so we need to recover it same as Grub.
● Invalid partition table, Error loading operating system, Missing Operating system, Bootable Media not
found.
1. Grub has main configuration file menu.Ist and grub.conf whereas grub2 has only one main configuration file
grub2.cfg
2. In Grub it’s really hard for normal user to modify the configuration file but grub2 is more user-friendly, grub2-
mkconfig will automatically change the configuration.
3. Grub uses physical and logical address to identify the disk whereas, grub2 uses UUID to identify the disks.
(Related to partprobe)
4. We also have choice of create custom menuentry in /erc/grub.d/40_custom
Q-7 MBR?
Master boot record is 512 bytes of record located in the first sector of the hard disk and stored the boot loader as boot
strap code and partition table info and also boot signature. It’s divided into 3 parts:
Description Size
Also called the master Boot Code or the Boot Loader area. Boot Strapping is a simple process activating a more
complicated system. The Boot Strap code is responsible for the following activities:
If the boot strap code cannot complete this function the system displayed one of the following error message:
1. Its first go to BIOS, which perform the POST for all the attached peripheral devices and if all they are working its try to
locate the bootable media from BIOS settings to load the MBR or we can say its handover the process to MBR
2. MBR is Master Boot Record which located in the first sector of hard disk. Size of the MBR is 512 Bytes, which is divided
into three parts:
2: Signature Verifier
Basically its find the Grub and handover the system to Grub boot loader
3. Grub stores all the info of kernel and splash a screen of all the kernel installed on our server to allow us the kernel to
execute, if we did not choose the kernel it will load the default kernel mentioned in /boot/grub2/grub.cfg as per the
menuentry. It’s contained cpio archive of kernel image vmlinuz
4. Kernel load the initrd as temporary root file system until the kernel is booted and actual root file system is mounted
and also execute the systemd process. As its 1st process of kernel its PID is 1. It’s also load all the kernel modules.
Ans: ***MBR works with disks up to 2 TB in size, but it can’t handle disks with more than 2 TB of space. MBR only
supports up to four primary partitions*** or 3 Primary and 1 logical (128 partitions), working with Legacy and UEFI BIOS
both
GPT 128 Primary partition, Boot records / Partition info stored in 2 places 1st sector of disk and last sector of disk,
working with UEFI BIOS.
Q-10 what happen when we browse a website: -?
1. Whenever we browse the any website, browser search it on 1st Browser cache, if it’s not found anything
2. its searched it in the OS/System Cache, if not found
3. Its searched it on router cache, if not found
4. It’s searched it on ISP cache, which browser would check with the last hope.
If the requested URL is not in any cache, the DNS resolver initiate the DNS query to find the IP address of the concern
URL.
1. It sends the server a SYN packet "Hello There, please Open a connection for me"
2. The Server send a SYN-ACK packet to client. Acknowledgment of the client request and SYN packet by asking
"Hello There do you want me to open the connection too and on which port"
3. The client sends ACK to server yes please open a connection for me and on port 80.
1. Once the TCP connection is established the browser send a GetResponse to the Server asking for the concern
URL webpage. If you’re entering credentials or submitting a form this could be a POST request. This request will
also contain additional information such as browser identification (User-Agent header), types of requests that it
will accept (Accept header), and connection headers asking it to keep the TCP connection alive for additional
requests. It will also pass information taken from cookies the browser has in store for this domain.
2. The server passes this request to the concern handler of program (whether it’s in php, ruby, java etc.), then the
handlers assemble the code in particular format xml/html and server send response with requested webpage
with status code
3. At the end you will see the concern URL webpage in browser
- The client asked the server to open an Encrypted connection with its cipher suits and TLS version it’s supported.
- The server then sends the certificate and public key to client by saying hey let’s use this particular cipher suits
and I can use the TLS version you are using.
- The client verifies the server's certificate then extract the public key and use it to encrypt a new pre-master key
and sent the pre-master key to server
- The server uses the private key to decrypt the pre-master key.
- At this point the client and server both are using the pre-master key to compute a shared master key called
"Shared Secret"
- Client send an encrypted message and saying to server please decrypt it and verify that it's up to spec and now
from this point everything I send will be encrypted using our shared secret
- The server decrypts and verifies the message and sends a message back to the client in encrypted format and
saying that your encrypted message check-out here is the encrypted message please decrypt it too. Also from
this point everything I send will be encrypted using our shared secret.
Q-11 Explain “top” commands output
Current time (11:37:19), uptime of the machine (up 1 day, 1:25), users sessions logged in (3 users),
average load on the system (load average: 0.02, 0.12, 0.07) the 3 values refer to the last minute, five minutes
and 15 minutes.
Load Average = tells you how busy your system’s CPU, disk & other resources are.
2° Row – task
Processes running in totals (73 total), Processes running (2 running), Processes sleeping (71 sleeping), Processes
stopped (0 stopped), Processes waiting to be stop at from the parent process (0 zombie)
3° Row – cpu
The third line indicates how the cpu is used. If you sum up all the percentages, the total will be 100% of the cpu. Let’s
see what these values indicate in order:
🡪Percentage of the CPU for user processes (0.3%us)
🡪Percentage of the CPU for system processes (0.0%sy)
🡪Percentage of the CPU processes with priority upgrade nice (0.0%ni)
🡪Percentage of the CPU not used (99.4%id)
🡪Percentage of the CPU processes waiting for I/O operations (0.0%wa)
🡪Percentage of the CPU serving hardware interrupts (0.3% hi — Hardware IRQ)
🡪Percentage of the CPU serving software interrupts (0.0% si — Software Interrupts)
🡪The amount of CPU ‘stolen’ from this virtual machine by the hypervisor for other tasks (such as running another virtual
machine) this will be 0 on desktop and server without Virtual machine. (0.0%st — Steal Time)
The fourth and fifth rows respectively indicate the use of physical memory (RAM) and swap. In this order: Total memory
in use, free, buffers cached.
Let’s see what information we can get in the different columns:
Q-12 Telnet?
Ans: telnet is a computer protocol that was built for interacting with remote computers. It’s a protocol used on the
internet or local area network to provide a bidirectional. It’s used to establish a connection to transmission control
protocol. Where a telnet server application (telnetd) is listening.
Once of the biggest perks of telnet is with a simple command you can test whether a port is open
# telnet <host or IP> <port>.
If the connection succeeds, a blank screen will show up, meaning that the port is open.
A failed connection indicate either a closed port or remote server is not listening on the provided port.
Networking interface Bonding can be as active- Team Driver will support multiple types of teaming
Grouping backup,XoR IEEE and load balancing methods called active-backup,load-balancing and
Broadcast
Kdump Kdump doesn’t support with large Rhel -7 can be supported upto 3TB
Ramsize
UID information System user-id will start from 1 to System uid 1- 999
499, normal user-id will start from Normal uid 1000 – 65534
500 to 65534
Port security Iptables by default service port is Firewalld instead of iptables. Iptables can also
enabled when service is switched supported with RHEL 7. But we can’t use both of
on them at the same time. Firewall will not allow any
port until and unless you enable it
- Each volume within a volume group is segmented into small, fixed-size chunks called extents
- When creating volume group on a physical volume, the whole volume divided into small chunk block of equal size that
we call extents/physical extent.
- Suppose, we have a physical volume of size 2Gib, while creating volume group on that the PV is divide into PE as
Number of PE = total available size/size of one PE (default size is 4MB)
- we can change to size of PE while creating VG.
# vgcreate -s 32M vgname
Ans: DHCP stands for dynamic host configuration protocol. It is used to control the network configuration of a host
through a remote server. DHCP functionality comes installed as a default feature in most of the contemporary operating
systems.
- It is an excellent alternative to the time-consuming manual configuration of network settings on a host
or a network device.
- DHCP works on client-server model. Being a protocol, it has its own set of messages that are
exchanged between the client and server.
Here are the different messages that are used in the process.
1. DHCPDISCOVER: - it is DHCP message that marks the beginning of the DHCP interaction between server
and client. It is sent by a client. It is a broadcast message that used 255.255.255.255 as destination IP
address and 0.0.0.0 as a source address.
2. DHCPOFFER: - It’s a message that is sent in response of DHCPdiscover by the server to client. This message
contains network configuration settings for the client that sent the DHCPDISCOVER message.
3. DHCPREQUEST: - This message is sent in response to DHCPoffer indicating that the client has accepted the
network configuration sent in DHCPOFFER message from the server.
4. DHCPACK: - It is sent by the DHCP server in response to DHCP request received from the client. This
message marks the end of the process that started with
5. DHCPNACK: - It is the exact opposite to DHCPACK described above. This message is sent by the DHCP
server. When it is not able to satisfy the DHCPrequest message from the client.
6. DHCPDECLINE: - It is sent from the client to the server in case the client finds that the IP address assigned
by DHCP server is already in use.
7. DHCPINFORM: - This message is sent from the DHCP client in case the IP address is statically configured on
the client and only other network settings or configuration are desired to be dynamically acquired from
DHCP server.
8. DHCPRELEASE: - this message is sent by the client in case it wants to terminate the lease of network
address it has been provided by DHCP server.
● TCP is used for applications that require high reliability but less time critical whereas UDP is used for applications
that are time sensitive but require less reliability.
Q 19 CPU Cache:
SRAM (static RAM): SRAM is what is used in CPU cache because SRAM doesn't have to be constantly refreshed it is a lot
faster than DRAM and it's also very expensive
CPU cache is CPus internal Memory and its job is to store copies of data and instructions from RAM that's waiting to be
used by the CPU.
** CPU cache holds the common data that its think that CPU is going to access over and over again because when the
CPU needs to access certain data it's always check the faster cache memory first to see if data it needs is there and if it
is not then CPU would have to go back to slower primary memory or RAM to get the data it needs so that's why cache
memory is so important. **
** Because if the CPU can access what it needs onto faster cache the faster the computer will perform. **
** The whole Idea behind cache is to make the computer run faster at a cheaper price. **
** Computer can run without CPU cache but it would be a lot slower. **
** CPU cache acts like a middleman between CPU and RAM to assist in feeding the CPU that data it needs a lot faster
which reduces bottlenecks. **
Level 1 cache
- Also called primary cache.
- Located on the processor.
- Runs as the same speed as the processor.
** And if the CPU is not find the data it needs in the Level 1 cache it then searches the level 2 cache for the data. **
Level 2 cache
- Also called external cache
- Used to catch the recent accesses from the processor that were not caught by Level 1 cache.
- In Earlier Computers, Level 2 cache was located on a separate chip on the motherboard.
- In Modern CPUs it would be located on the processor.
- Level 2 cache is larger than the level 1 cache but it’s not as fast as level 1 cache.
** And if the CPU can't find the data in the Level 2 cache then it searches the last level of cache which is level 3. **
Level 3 cache
- Level 3 cache is also located on the processor.
- Level 3 is often referred to shared cache because its memory is shared between all the cores on the CPU.
- Used to catch recent data access which were not caught by level 2 cache.
- Level 3 is larger than the level 2 but it’s not as fast as level 2 cache.
- Finally if level 3 does not have the data then the CPU has to go back to the slower Ram to find the data its needs.
** Level 3 is often referred to shared cache because its memory is shared between all the cores on the CPU whereas
Level 1 and Level 2 cache are dedicated to their own CPU core. **
2. Micro Kernel. This kernel type uses the minimum set-up required for scheduling, memory
management and inter-process communication. This vastly reduces the amount of memory required
for kernel use. The minimum size of the kernel means that the amount of extra communication
required by device drivers reduces the maximum data flow through the kernel but also decreases
kernel response time to interrupts. Microkernels are typically found in real time systems.
3. Hybrid Kernel. This is a mix between the 2 above. The kernel is larger than micro but smaller than
monolithic. What you normally get is a stripped down monolithic kernel that has the majority of
device drivers removed but still all of the system services within the kernel space. The device drivers
will be attached to the kernel as required when starting up or running. These kernels are typically
found on desktops, Windows, Mac and Linux OS flavors.
4. Nano Kernel. This kernel type only offers hardware abstraction, there are no services and the kernel
space is at a minimum. A Nano kernel forms the basis of a hypervisor upon which you may emulate
multiple systems via virtualization. Nano kernels are also very good for embedded projects.
5. Exo-Kernel. This kernel is the smallest kernel that I know of. It offers process protection and resource
handling and nothing else. The programmer using this kernel is responsible for correctly accessing the
device they wish to use. I do not know of an instance of the kernel type where it is used outside of
academia but I’m happy to be corrected.
Ping Results:
Request Time Out: Host is down or it’s blocking the ping request.
Destination host unreachable: Message comes from router, which means that route to the destination cannot be
found.
Presentation (layer 6): - This layer formats the data in a way that the receiving application can understand it. This
layer is also able to encrypt and decrypt date if needed.
Session (layer 5): - This layer is responsible for establishing and terminating of connections between devices.
Transport (layer 4): - The transport layer of OSI Model is used for error handling and sequencing to unsure no data
is lost. This layer also adds source and destination port numbers
Network (layer 3): - The network layer handles IP address routing. At this stage of the OSI model the source and
destination IP address is added to the data.
Data Link (layer 2): - At this layer the physical address (MAC Address) is added to the data, this includes the source
and destination MAC address.
Physical (layer 1): - The physical layer is the lowest layer of the OSI model. Its key responsibility is to carry the data
across the physical hardware such as an Ethernet cable to the destination.
Up to down:
Suppose we are sending an email.
- Application layer - This layer is where the application and user communicates. Application specific protocols are
used here such as SMTP (simple mail transfer protocol) for sending emails from Outlook.
- Presentation layer - Formatted the data as the receiving device can understand. In this Example probably it’s
ASCII. This layer is also able to encrypt and decrypt data if needed.
- Session layer: Establishing the connection with remote devices
- Transport layer: This layer decide what need to use TCP or UDP. In this case its uses TCP to make sure every packet
will be delivered also the source and destination port added to the data. Uses Segment. End to End Delivery or port
to port
- Network Layer: The IP address of the remoter server added as destination and the source IP address also added to
data. Uses Packet. It’s doing Host to host delivery by using the logical IP address
- Data Link Layer: The MAC address of the Source and Destination server added to the Data. And send packet as
FRAMEs and added header and tailer on it as well. And control the flow of data from hop to hop
- Physical Layer: Convert the frames/bits into Signals and The Data Sent Out to the Network using Ethernet
When the Receiving Device received the data it’s proceed the Data in same way but in reverse
Ans.: All file on a Linux system are stored on the file system which are organized into a single inverted tree of directories
known as file system Hierarchy.
/usr: installed software, shared libraries include files & static read only program data
/var: variable data specific to this system that should persist between boots. Files that dynamically change may
be found under /var
/run: runtime data for processed started since the last boot. The content of this directory are recreated on
reboot.
/home: where regular user stores their personal data & configuration file
/dev: contains special device files which are used by system to access hardware.
/proc: contains all the files of running process and the system stat files as well.
https://www.pcwdld.com/what-is-mtr-and-howto-troubleshoot-connections
https://www.digitalocean.com/community/tutorials/how-to-use-traceroute-and-mtr-to-diagnose-network-
issues
https://www.tecmint.com/linux-performance-monitoring-with-vmstat-and-iostat-commands/
https://www.gmarik.info/blog/2012/orphan-vs-zombie-vs-daemon-processes/
Q 29: What if server is not booting?
Ans:
1. I will goes to Bios first to make sure the first boot device is setup to hard disk drive.
2. If it setup I will check the hard disk cable that its properly attached to the server
3. If it’s still not booting I will assume that MBR might be corrupt. So I will try to reinstall the grub again from
rescue mode through CD or I can attach the concern disk to another working machine to install the grub
again.
4. Assuming now I got the grub screen and it’s stuck there so I will check the boot loader again using attaching
the disk to another working machine or from rescue mode.
5. If system is still not booting then there might be issue with the kernel. Might be there are kernel panic issue
or Kernel image (vmlinuz) and the version of initrd.img is not matched, so we can try to boot the system
with recovery kernel to boot up the system and troubleshoot further.
6. If it’s still not booted then might be the issue with the file system check in that case system might stuck in
Emergency mode. We need to confirm if there are any issue with fstab file or we can also run the filesystem
check on it
Q 30: Traceroute?
Ans: Is a tool that can be used to vary the path that your data will take to reach its destination, without actually
sending the data.
- Each IP that we send on the internet has got a field called as TTL. TTL stands for Time to Live.
- TTL is not measured by no. of seconds but the no. of Hops. It’s a maximum number of Hops that a packet
can travel across the internet before its discarded.
- Hops are nothing but the computers, routers or any device that comes in between the source and
destination.
If the destination is not found after travelling through too many routers in between Hops and the TTL Value
becomes 0, the receiving router will drop the packet and informs the original sender.
If a router received a packet with TTL of 1, the packet is discarded but the router which discarded the packet will
inform the original sender that the TTL value has exceeded.
The information sends by the router receiving a packet with TTL of 1 back to the original sender is called as “ICMP
TTL exceeded message”.
Hence when an ICMP TTL exceeded the message is sent by a router, the original sender will come to know the
address of the router.
Q 31: MTR
MTR combines ping (RTT and Packet loss) with traceroute (Devices in the path between Sender and
receiver). Using this information, you can determine the following in your machine;
● Connectivity to destination device: If the MTR successfully gets the destination, then you know there is
connectivity between source and destination. However, if it is unable to reach the destination, it does not
mean there is no connectivity – there could be something in path blocking traceroute.
● Packet Loss: The packet loss column tells us about the quality of link between source and destination too
many packet losses and you may need to troubleshoot further. Sometimes, packet loss along the path
between source and destination is common as some devices may be rate limiting (or filtering) packets used
by ping/tracerote/mtr
● Round-Trip time: If it’s taking too long for packets to go from source to destination, there may be
something wrong with the quality of your link. It could also be that the distance between source and
destination is quite large.
MTR reports by default, display the following columns:
- Loss% = The percentage of packet for which and ICMP reply was not received.
- Sent = The number of packet sent to each hop.
- Last = The Round Trip time of the last tracerorute packet, in ms.
- Avg = The Average round trip time of all the traceroute packets in ms
- Best = The Shortest round trip time of all traceroute packets, in ms
- Wrst = The longest round trip time of all traceroute packets, in ms
- Stdev = The Standard Deviation