Professional Documents
Culture Documents
Process:
BIOS
simple, booted from only one sector of hdd -> we needed 2 part loaders for
modern OSs: bootloader + OS. boot loader has a config file.
Master Boot Record is the first sector on first hard drive. BIOS checks MBR
and boots from it.
boot loader can point to another bootloader!
UEFI
Intel created it in 1998 and 2005 others joined. UEFI (Unified Extensible
Firmware Interface) has EFI System Partition (ESP) to store bootloader pro-
grams so we can have any size bootloader and multiple bootloaders. it is FAT
and most of the times on /boot/efi. UEFI uses its on mini bootloaders which
are called boot-managers. efibootmgr lets you add / remove boot entries or
change boot order.
1
we started with LILO in 1990 but no one uses it anymore. file is /etc/lilo.conf.
NO UEFI.
Grub came into life at 1999 and GRUB2 in 2005. They support UEFI and grub
2 has more features.
it is possible to boot the whole kernel from version 3.3.0 on UEFI.
but we DONT because GRUB has cool features.
Grub Legacy
title Windows
rootnoverify (hd0,0)
the grub-install /dev/sda install the grub on MBR (same ast grub-install
'(hd0)'.
GRUB2
a newer version but kind of similiar. in /boot/grub/ (so you can have both!)
now the config is like this:
menuentry "CentOS Linux" {
set root=(hd1,1)
linux /boot/vmlinuz
initrd /initrd
}
2
menuentry "Windows" {
set root=(hd0,1)
}
Two big differences: - set root= - hd(0,1) instead of (hd0,0)
the config is /boot/grub/grub.cfg but is created by global configs in
/etc/default/grub and OS configs in /etc/grub.d forlder and grub-mkconf >
/boot/grub/grub.cfg.
Lets see some interactions. You can use arrows, use E, F10, Boot, . . .
Others
there ar eothers like systemd-boot & syslinux & ISOLINUX (for live CDs)
Secure bootloaders
UEFI support something called secure boot. here UEFI only manages images
which are signed. they say this is for security but makes headaches for linux.
Solutions: - Disable it on UEFI boot manager - Purchase a digital signature and
sign your images! - use bootloader image signed by others
The 3rd is about companies invested, signed a mini-bootloader which starts
normal boot loaders. We have two. One from Linux Foundation (preloader) and
Fedora (shim).
Process Initialization
you can change the runlevel with init. so init 6 works like reboot. There are
also specific commands like ‘shutdown, halt, poweroff and reboot.
3
shutdown -h now
SysV
chkconfig –-levels 12345 network on #with no levels, turns on on the defulat run level
On debian systems, we use update-rc.d.
update-rc.d program remove #wont start at default runlevel
update-rc.d –f program start 40 2 3 4 5 . stop 80 0 1 6 . # 40 & 80 are the orders
4
systemd
[Service]
Type=notify
NotifyAccess=all
ExecStartPre=/usr/bin/tor --runasdaemon 0 --defaults-torrc /usr/share/tor/defaults-torrc -f
ExecStart=/usr/bin/tor --runasdaemon 0 --defaults-torrc /usr/share/tor/defaults-torrc -f /et
ExecReload=/bin/kill -HUP ${MAINPID}
KillSignal=SIGINT
TimeoutSec=30
Restart=on-failure
RestartSec=1
5
WatchdogSec=1m
LimitNOFILE=32768
# Hardening
PrivateTmp=yes
DeviceAllow=/dev/null rw
DeviceAllow=/dev/urandom r
ProtectHome=yes
ProtectSystem=full
ReadOnlyDirectories=/run
ReadOnlyDirectories=/var
ReadWriteDirectories=/run/tor
ReadWriteDirectories=/var/lib/tor
ReadWriteDirectories=/var/log/tor
CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE CAP_DAC_READ_SEARCH
PermissionsStartOnly=yes
[Install]
WantedBy = multi-user.target
or a target:
[root@funlife system]# cat graphical.target
# SPDX-License-Identifier: LGPL-2.1+
#
# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
[Unit]
Description=Graphical Interface
Documentation=man:systemd.special(7)
Requires=multi-user.target
Wants=display-manager.service
Conflicts=rescue.service rescue.target
After=multi-user.target rescue.service rescue.target display-manager.service
AllowIsolate=yes
the default is /etc/systemd/system/default.target.
program to sue with systemd is systemctl: - list-units: current status - default:
change default - isolate: start one and stop all others - start name - stop name -
reload name: reload the config - restart: shutdown and restart - status name/PID:
status - enable name - disable name
6
we can use isolate with targets to move between targest:
systemctl isolate rescue.target
It has its own logging which is called journalctl.
Upstart
System Recovery
we will talk about kernel / device problems. ### kernel it is possible to use an
older kernel in Grub. it is possible to boot in single user mode if needed, passing
some kernel params may help
drive failure
separated partitions
booting with another disk / usb
mouting the root drive
mount /dev/sda1 /media
fsck /dev/sda1
7
Chapter 2, Maintain the system
wall
logged in users who have their messages set to “yes”. use /bin/mesg to set your
meesage (mesg, mesg y, mesg n)
# who -T # + signs means the write access is granted
# write sara tty2
Hi there! Ctrl-D
to broadcast:
# wall message
# wall
hi there ctrl-D
> systemd sends a wall message in case of emergency, half, reboot, ...
notify-send
is a GUI utility in the form of notify-send title message. To send to others, you
have to use “w” to find the DISPLAY and then use something like this:
DISPLAY=:0 sudo su -c "notify-send "\hi\" \"please call jadi\"
### shutdown
we know it for reboot / halt but can do other things too!
shutdown [options] time [wall message]
-H: halt
-P: power off
-r: reboot
-c: cancel
-k: no new login
--no-wall: no wall
8
- /etc/issue: tty terminal logins. system access policy, outages, ..
- /etc/issue.net: for remote logins (telnet). to enable for ssh, add Banner /etc/issue.net t
- /etc/motd: message-of-the-day. shown after use logged in and before command line prompt.
## System Backup
backup strategy. Data categories. Value of each data category. Maximum data inaccessibility
Media: Magnetic disks (1 cent per gig, tapes upto tera!), CD, HDD, SSD, cloud
Where to backup: show all dirs /etc, /home, /opt, /root, /srv, /usr, /var
### Softwares
There are some specific ones like BackupPC, Duplicity, Bareos, Bacula but you can use normal
tar
-c craete
-u update (add only new /modified)
-z compress gzip
-j compress bzip2
-J compress xz
-v verbose
-g filename create full/inc based on file
9
mt [-f device] operation [count] [arg] status: display status load: load tape (if not
automatically done) erase: erase everything fsf count: skip count (forward) bsf
count: rewind count tell: get current position eod: end of current data rewind:
to the beginning eject: rewind and unload offline: rewind and unload
mt -f /dev/sd0 status tar -Jcvf /dev/st0 /home/jadi
cd /tmp tar xf /dev/st0
rsync
can be used locally and remotely. -a is archive -v verbos -h more human readable
–progress
to use over network you need ssh to be installed (it is secure!)
dd
do not use on mounted! dd if=input of=output bs=4096 count=10 you can use
to write iso to the USB you can use to write ZERO on a disk you can use to
clone . . .
1. Download
2. Unpack
3. Read the docs
4. compile
5. errors? install dependencies
6. compile
7. move the output to somewhere permanent
“You can’t manage what you can’t measure.” ### memory free htop sar top
vmstat #virtual memory
CPU
10
Process
Network
uptime / load
Device IO
sar
you can see sar works in many places. If you run sar with a particular option,
such as networking or disk information, and you get the response “ requested
activities not available in file ,” you will need to modify your sadc configuration.
On Red Hat–based systems, modify the file /etc/sysconfig/sysstat and add the
desired option to the SADC_OPTIONS line. On a Debian-based distribution,
modify the file /etc/default/sysstat and, within the sadc section, either add the
option to the SA1_OPTIONS line or make sure that ENABLE=“true” is set.
sar 1 4 #cpu
htop iftop iostat
to predict usage
understand softwares and you can have helper programs like Cacti, collectd,
MRTG, Nagios, RRDTool
Chapter 3: Kernel
What is kernel. Hardwas > Kernel > GUI/GNU > Applications kernel manages
memory, softwares, hardwares and filesystem. Monolitic
/proc/meminfo
to cehck shared memory between processes
11
ipcs
drivers are compiled in kernel or added to the kernel as modules. device files
can be - character device: data as a char: modems and terminals - block: disks -
network: packets
ls /dev/
file system managemet: ext, ext2, ext3, ext4, msdos, NFS, NTFS, ReiserFS
(good performance and recovery), SMB, XFS (high performance 64bit).
kernel parts
versions
compile a kernel
you dont need it in normal cases but these are the steps: 1. obtain the source
(kernel.org, tar at /usr/src craete short link as /usr/src/linux) 2. create a config
file (what features? /usr/src/linux/.config, you can run make config, or easier
make defconfig make menuconfig) 3. compile (make / make bzImage) 3.5. install
kernel (cp bzImage /boot/vmlinuz-4.3, System.map is for debugging. or do with
make install) 4. compile and install module files (make modules and then make
12
modules_install install in lib/modules/kernel version/) 5. creating initial ram
disk (mkinitrd outputfile version (RH), mkinitramfs -o outputfiel version (deb))
and move to /boot 6. add to grub (edit or update-grub)cat
to install:
# insmod /lib/modules/4.18.11-200.fc28.x86_64/kernel/drivers/net/wireless/intel/iwlwifi/iwlw
# modprobe iwlwifi
insmod is based, need the exact file and does not understands dependencies.
important switches of modprob:
-r remove -n dry run -v verbose -c show current config
hardware
lspci
lsusb
understand the cold/hot plug
udev listens to hotplugs (/etc/udev/udev.conf). it matches the kernel message
with rules (/etc/udev/rules.d and /lib/udev/rules.d)
troubleshoot kernel
13
or you can use “sysctl” utility
concept of partitioning partitions can span whole disk or even larger! LVM
highlevel formatting inode table file nameis not in inode, it is in a table
there are many filesystem types. The natives are:
• btrfs, newer, large files and filesystem size, its own RAID, .. COW (copy
on write)
• ext2, one of the originals, deprecated
• ext3, (2TB, 16TV), with journaling
• ext4, (16TB, 1EB)
• reiserFS (before ext3)
and non natives:
• ntfs
• vfat
• xfs
• zfs
you can learn more with man filesystem.
makig filesystems
attach
14
mount ro: read only rw: read write sync: write buffer on every write user/users:
allows this users to mount
you can check attacheds with
mountpoint /
detach
attach persistently
systemd has mount unit files. for EACH mount point, a new file will be created
at /etc/systemd/system/*.mount
Additional Topics
btrfs
new, special ideas (snapshots and subvolumes), COW, large files, uses B-Tree,
checksum, its own RAID, compression, ..
make one
mkfs -t btrfs /dev/sdb /dev/sdc #2 for RAID mkdir btrfs-test mount /dev/sdb
btrfs-test vi bt/file1.txt btrfs filesystem show
15
subvolumes
can act as subdirectories but can be mounted separately. they are not block
devices.
mount /dev/sdb bt btrfs subvolume create bt/new_subvolume btrfs subvolume
list bt #-t for table
when parent mounted, subvolumes are mounted too.
btrfs subvolume get-default bt umount bt mkdir subv mount -o sub-
vol=new_subvolume /dev/sdb subv
snapshots
snapshots are like subvolumes. easy to create. parent must be mounted
btrfs subvolume snapshot volume_mount_point snapshot_name
mount /dev/sdb bt btrfs subvolume snapshot new_subvolume new_subvolume_snapshot
btrfs subvolume list bt
optical fs
mostly for CD & DVD. - El Torito: lets CD to boot - HFS: created for mac.
read only on linux - HFS+ - ISO 9660: CD/DVD classic - Joliet: additions to
9660 by microsoft (longer filename, unicode, ..)
/dev/cdrom or /dev/dvd
normal mount or even mkfs. you can also mount iso
swap filesystem
concept
free
swapon swapoff
concept CIFS (Common Internet FS) & NFS (later) & Samba we can also include
Network Attached Storage (NAS) which is NFS or CIFS & Storage Attached
Networks (SAN) which is iSCSI.
16
Auto Mounting
AutoFS
AutoFS mounts NFS filesystems. can be at /etc/fstab but AutoFS is better in
performance. config is in /etc/auto.master (called master map) in the form of:
mount-point map-name [options]
and again.. systemd has units for this.
Encrypted FS
dm-crypt uses cryptsetup utility eCryptfs newer. layered on top of current file
system. just need “ecryptfs-utils” on the system! no new tools:
mount -t ext4 /dev/sdd1 /home mount -t eCryptfs /home /home
you can use /etc/fstab for this
Linux Unified Key Setup (luks) is an improved dm-crypt
adjusting
adjusting ext
there many utilities. including: - debugfs interarctive to modify metadata -
e2label change labels - resize2fs enlarge or shrink fs - tune2fs tune (UUID, labels,
...)
to change a label:
blkid /dev/sdc1 uuidgen sudo tune2fs /dev/sdc1 -U NEW_UUID
adjusting xfs
• xfs_admin: tune (UUID, label, ..)
• xfs_fsr: improvements
• xfs_growfs: expand
17
adjusting btrfs
• btrfs balance: relocates and balances
• btrfs-convert: convert and extended to btrfs (and vice versa)
• btrfstune: tune btrfs property set: set values like labels
checking ext
• fsck.* : check and optionaly repair -> will create files in lost+Found. An
example? if a file has an inode but no directory lists its name. fsck.xfs &
fsck.btrfs does nothing! Only fsck will check all the fastab
• debugfs: interactive / extract data
• dumpe2fs: display fs info
• tune2fs: lots of data. use -l to list attributes
checking xfs
• xfs_check: checks but does not repairs
• xfs_repair: checks and reprais. with -n, it will dry run (no fix)
• xfsdump: dumps fs data and attributes
• xfs_metadump: dumps meta to a file
• xfs_info: display and check. like xfs_grow -n
• xfsrestore: restore data and attributes
checking btrfs
• btrfs check: check and optionaly repair fs
• btrfs get property : set property
• btrfs rescue: recovers a damaged fs
• btrfs restore: restores files from a damaged fs
• btrfs scrub: checks all data
• btrfsck: replaced by btrfs check
SMART
Self Monitoring and Reporting Tech. smart devices are SSDs or SCSI and can
inform the software about the status. the package is “smartmontools”. the
daemon is “smartd” and the command line is “smartctl”.
logs are in /var/log/smartd, /var/log/messages & /var/log/syslog
18
configs in /etc/smartd.conf or /etc/smartmontools/smartd.conf
-smartctl -i /dev/sda1 : view devices -smartctl -t [logn|short|selftest] /dev/sda1:
test the device -smartctl -a /dev/sda1 : lots of info -smartctl -H /dev/sda1 :
short summary
RAID
19
then it is normal usage. format, mount, . . .
Tehcnically you dont need a config file (you have superblocks) but it is good to
have it:
mdadm --verbose --detail --scan /dev/md0 >> /etc/mdadm.conf
Monitoring
spare devices
cocepts (extra device which can be added to array if one disk fails)
mdadm --misc --detail /dev/md0 | grep Spare
mdadm --manage --add /dev/md0 /dev/sde1
Remove RAID
First you have to stop it and then remove the super block of devices:
mdadm --manage --stop /dev/md0
mdadm --zero-superblock /dev/sdf1 /dev/sdg1 /dev/sdh1
20
Adjusting Storages
other tools
for SMART devices, there is smartctl and smartd. We can scheduled tests with
this daemon.
for nvme devices: nvme help
SSDs has some problems. specially kidn of fragmentation and too much writes
(can no simply edit). so you need trimming. the command is fstrim. if supportd:
sudo hdparm -I /dev/sda | grep TRI fstrim /home
iSCSI -=-=-=- Internet Small Computer System Interface (iSCSI) RFC3720.
lets remote storages appear as SCSIs. remtoe system with SCSI disk is ‘target’
and the system using the disk is ‘initiator’.
It is kind of SAN (Storage Area Network) which are attached storage devices.
there are protocols other than iSCSI too:
Fibre Channel Protocol: Fibre Channel SAN upto 32gig per seccond. Expensive
using FCP to move SCSI commands
21
ATA over Ethernet Protocol (AoE). runs on level 2 and transfers ATA commands
over Ethernet. can be shared with TCP/IP packets and make it cheaper. Easy
and secure.
FiberC Channel over Ethernet: FCoE not as expensvie as fiber. Encapsulates
Fiber Channel on Ethernet Networks.
iSCSI is cheaper than FCP and can coexists with TCP/IP
Logical Unit Number (LUN) is a number to identify one logical SCSI device on
target. start at 0 (first is lun0). can have aliases.
iSCSI Qualified Name (IQN) is a unique address:
iqn.domain-date.domain:unique-scsi-name (domain-date is year-month, when
the network is registered).
to setup, review the page 237 of LPIC-2: Linux Professional book.
== LVM Logical Volume Management lets multiple partitions to be grouped
and used as one partition.
Physical Volume: PV created by pvcreate. tells LVM to use one partition / disk
Volume Group: VG vgcreate command. adds PV to storage pool
Logical Volume: LV lvcreate. can be formatted as a linux partition
Physical Extent: smallest block size on PV (4MB default but can be changed
with -s switch).
lvm
lvm> help
we need 5 steps:
1. create PV
2. create VG
3. create LV
4. format LV
5. mount LV
lsblk
pvcreate /dev/sdb1
pvcreate /dev/sdb2
pvcreate /dev/sdb3
pvdisplay
for step 2:
vgdisplay
vgcreate vg00 /dev/sdb1 /dev/sdb2 /dev/sdb3
vgdisplay
step 3:
22
lvcreate -L 1G vg00
lvdisplay /dev/vg00/lvol0
lvscan
lvs
other steps are as before:
mkfs.ext3 /dev/vg00/lvl0
mount /dev/vg00/lvl0 /mnt
managing LVM
increase VG & LV
say we have a new vg! lets add it:
pvcreate -d /dev/sdc1
pvscan
pvdisplay /dev/sdc1
vgextend vg00 /dev/sdc1
lvextend -L 2g -v /dev/vg00/lvol0 #2g is the new total size
# during previous action, backup is metadata only
lvdisplay --maps /dev/vg00/lvol0
LV Snapshots
logic is having a snapshot using COW. first only metadata is copied and on each
write, COW happens.
lvcreate -v -L 500m -s -n my_snap /dev/vg00/lvol0
lvdisplay /dev/vg00/lvol0
lvdisplay /dev/vg00/my_snap
switches: - -s: snapshot - -n: name - -L: size! how much space should be used.
grows with each write command and if runs out of space, will be ususable
after using, to remove we can do:
umount /dev/vg00/my_snap
lvremove /dev/vg00/my_snap
sometimes snapshots helps us to create backups. you create a snap-
shot, let the system continue its writes & backup from the snapshot.
renaming
lvrename /dev/vg00/lvol0 /dev/vg00/mylv lvrename vg00 mylv yourlv
23
config file
/etc/lvm/lvm.conf man lvm.conf
Mapper
Device Mapper Kernel module, maps physiacal voluems ot virtual storage blocks.
dmsetup info.
dmsetup info /dev/vg00/yourlv
Chapter 6: Network
Understanding Network
Physical Layer
Network Layer
IP
like 127.0.0.1 or fed1::08d3:1319:8a2e:0370:7334, MAC
Default Route
logic, should be reachable
24
Netmask
using 1s in a 32 bit address, we can decide what is local and what should be
given to router. Say 255.255.255.0 means 8 bits are dedicated to local addresses.
can be shown by /24 (32-8).
Hostname
IP is difficult. Humans use hostnames (DNS)
DHCP
Dynamic Host Configuration Protocol
Transport
• Ports
• User Datagram Protocol
• Transmission Control Protocol
Application Layer
Here is where network programs process data. There are some wellknown ports:
- 21 TCP FTP - 22 TCP SSH - 23 TCP Telnet - 25 TCP SMTP - 53 UDP DNS
- 80 TCP HTTP - 143 TCP IMAP - 443 TCP HTTPS
you can check them in /etc/services
Configuring Network
You should be able to configure these: - host address - network address - default
route / default gateway - hostname - DNS server address
You can configure using the config files, commands or GUI apps
Files
25
auto eth0
iface eth0
address 192.168.1.77
netmask 255.255.255.0
gateway 192.168.1.254
inet static
auto eth1
iface eth1 inet dhcp
And this is sample from RH world:
DEVICE="eth0"
NM_CONTROLLED="no"
ONBOOT=yes
TYPE=Ethernet
BOOTPROTO=static
NAME="System eth0"
IPADDR=192.168.1.77
NETMASK=255.255.255.0
IPV6INIT=yes
IPV6ADDR=2003:aef0::23d1::0a10:00a1/64
for DNSs we have /etc/resolv.conf file:
domain mydomain.com
search mytest.com
nameserver 192.168.1.1
but you can also have /etc/hosts file for commonly used domains or the ones
defined by your own.
/etc/hostname
GUIs
These days, many systems use Network Manager. There are others too.
26
also ifup and ifdown can bring up / down an already configured interface.
When working with wireless:
iwlist wlan0 scan
iwconfig wlan0 essid "MyNetwork" key s:mypassword
the new tool is iw.
routing
netstat -nr
route
route del default gw 192.168.1.1
route add default gw 192.168.1.1
dhcp
to use dhcp you use one of these 3: - dhcpd #server - dhclient - pump
ip
Troubleshooting
27
traceroute traceroute6 mtr google.com (my trace route: ping + traceroute)
nc (netcat or swiss army knife) can read / write from TCP and UDP you can
create a chat session with “nc -l 1234” in one terminal and “nc localhost 1234”
on another window. You can also scan using it but. . . we have:
nmap can map the network, discover hosts, services, even versions, . . . nmap -v
google.com nmap -p 80 192.168.1.1/24
find host info: host google.com dig www.linux.org nslookup
lsof -i #only network lsof -i6
netstat normally shows all the open connections netstat -u #udp netstat -t #tcp
netstat -l #what applications are listening netstat -s #stats
tcpdump can monitor tcp flows: - -D : show available interfaces - -i ens33 : listen
on this one - -w dumpfile.pcap : write to file - -r dumpfile.pcap : read from this
file - -A : ascii - -c N : count of packets before exit - -i eth0 src 192.168.1.100
port 80 - -i eth0 dst 200.200.1.1
Security
tcp-wrapper works as a proxy. /etc/inet.conf you can have also have access lists:
/etc/hosts.allow /etc/hosts.deny
28