Red Hat Boot Loading(Source: Red Hat Reference Guide)

Boot loader is in primary hard drive or device and has reaponsibility to load Linux Kernel with its required files. BIOS checks everything and launches 1st stage boot loader on MBRjust a small machine language code which only is to locate 2nd boat loaderof primary hard disk. This 1st stage boot loader puts itself in the memory and launches the 2nd stage boot loader from /boot/ partition. The second stage boot loader loads the kernel in memory, which in turn loads necessary modules and mounts the root as read-only. The kernel transfers control of the boot process to the /sbin/init program. The /sbin/init program loads all services and user-space tools, and mounts all partitions listed in /etc/fstab.

A Detailed Look at Boot Process First of all, the beginning of the boot process varies with the hardware platform being used. But it is until the kernel is found and loaded. The x86 cpu looks at the end of system memory for BIOS which not only loads 1st boot loader, but also provides with the lowest level interface to the peripherals. BIOS is always available for use in permanent read-only memory of system. Itanium based systems use External Firmware Interface(EFI) Shell and Alpha based machines use SRM console to perform these low level tasks of BIOS. BIOS tries loading whatever 'program' is residing in MBR. MBR is only 512 bytes and contains boot loader with partition table. The Boot Loader GRUB is the newer boot loader and has the advantage of being able read ext2 and ext3 1 partitions and load its configuration file /boot/grub/grub.conf at boot time. Vmlinuz and initrdafter secondary boot loader has chosen the kernel to boot, it locates the binary of that kernel in directory /boot/ which is named according format /boot/vmlinuz- <kernel-version> file (where kernel-version corresponds to the kernel version specified in the boot loaders settings). The boot loader then places the appropriate initial RAM disk image, called an initrd, into memory. The initrd is used by the kernel to load drivers necessary to boot the system. This is particularly important in case of SCSI and ext3. Removing directory /initrd/ will give kernel panic error at booting time. After initial RAM disk image load, boot loader hands over booting process to the kernel. The Kernel As soon as it loads, configures the computers memory and configures the various hardware attached to the system, including all processors, I/O subsystems, and storage devices. it then looks for initrd compressed image in RAM, mounts it, decompresses it and initializes the drivers. After this it loads virtual devices like LVM, RAID etc before unmounting the image and freeing whole of the RAM for use. Kernel then creates a root device and mounts it read-only. And frees all unused space. kernel executes the /sbin/init program to create the user environment. The /sbin/init Program init comman and rc directories: init command starts as soon as user has logged in and becomes parent and grand parent of all processes which should start themselves as soon as red had boots. The init program starts all of the background processes by looking in the appropriate rc directory for the runlevel specified as default in /etc/inittab. The rc directories are numbered to corresponds to the runlevel they represent. For instance,

/etc/rc.d/rc5.d/ is the directory for runlevel 5. First, it runs the /etc/rc.d/rc.sysinit script, which sets the environment path, starts swap, checks the file systems, and takes care of everything the system needs to have done at system initialization . For example, for system clock, rc.sysinit reads /etc/sysconfig/clock to initialize/start hardware clock. Similarly, for initializing/starting serial port processes rc.sysinit will execute /etc/rc.serial init then runs /etc/inittab script which sets system V Runlevels. Setting PID: next, init initializes source function librares--/etc/rc.d/init.d/functions --this spells out how to start and kill processes and how to determine PID. all of the files in /etc/rc.d/rc5.d/ are symbolic links pointing to scripts located in the /etc/rc.d/init.d/ directory. Symbolic links are used in each of the rc directories so that the runlevels can be reconfigured by creating, modifying, and deleting the symbolic links without affecting the actual scripts they reference. The name of each symbolic link begin with either a K or an S. The K links are processes that are killed on that runlevel, while those beginning with an S are started. /etc/rc.d/init.d/<command>stop kills the processes first and then new processes are started. After the system is finished booting, it is possible to log in as root and execute these same scripts to start and stop services. For instance, the command /etc/rc.d/init.d/httpd stop will stop the Apache Web server. rc.local customizes the system. This is the last thing init command does. After the init command has progressed through the appropriate rc directory for the runlevel, the /etc/inittab script forks a /sbin/mingetty process for each virtual console (login prompts) allocated to the runlevel. Runlevels 2 through 5 get all six virtual consoles, while runlevel 1 (single user mode) gets only one and runlevels 0 and 6 get none. The /sbin/mingetty process opens communication pathways to tty devices, sets their modes, prints the login prompt, gets the user name, and initiates the login process for the user. In runlevel 5, the /etc/inittab runs a script called /etc/X11/prefdm. The prefdm script executes the preferred X display manager gdm, kdm, or xdm, depending on the contents of the /etc/sysconfig/desktop file. NOW COMES THE LOGIN SCREEN! To initialize devices you want at startup you are needed to write scripts in /etc/rc.d/init.d/ directory. But for minor tasks, commands can be added to the script /etc/rc.d/rc.local. /etc/rc.serial script is used if serial ports must be setup at boot time . Setserial commands runs to do so. Predefined run levels(Red Hat EL): 0 - Halt 1 - Single user mode 2 - Multiuser, without NFS 3 - Full multiuser mode 4 - unused 5 - X11 6 - reboot The SysV init runlevel system provides a standard process for controlling which programs init launches or halts when initializing a runlevel . configuration files for SysV init are located in the /etc/rc.d/ directory. Within this directory, are the rc, rc.local, rc.sysinit, and, optionally, the rc.serial scripts as well as the following directories: init.d/ rc0.d/ rc1.d/ rc2.d/ rc3.d/

rc4.d/ rc5.d/ rc6.d/ The init.d/ directory contains the scripts used by the /sbin/init command when controlling services. Each of the numbered directories represent the six default runlevels configured by default under Red Hat Linux.
Debian: * * * * * 0 1 2 3-5 6 System Halt Single user Full multi-user mode (Default) Same as 2 System Reboo

Runlevels are a state, or mode, defined by the services listed in the SysV /etc/rc.d/rc x .d/ . The characteristics of a given runlevel determines which services are halted and started by init. For instance, runlevel 1 (single user mode) halts any network services, while runlevel 3 starts these services. By assigning specific services to be halted or started on a given runlevel, init can quickly change the mode of the machine without the user manually stopping and starting services. Users sometimes customize runlevels 2 and 4 to meet specific needs. since they are not used. One of the best ways to configure runlevels is to use an initscript utility. To find out the default runlevel for a system, look for the line similar to the one below near the top of /etc/inittab: id:5:initdefault: If the computer does not power itself down, be careful not turn off the computer until a message appears indicating that the system is halted. Failure to wait for this message can mean that not all the hard drive partitions are unmounted, and can lead to file system corruption.

The Boot Loaders GRUB: The Stage 1.5 boot loader is read into memory by the Stage 1 boot loader, if necessary. Some hardware requires an intermediate step to get to the Stage 2 boot loader. This is sometimes true when the /boot partition is above the 1024 cylinder head of the hard drive or when using LBA mode. The Stage 1.5 boot loader is found either on the /boot partition or on a small part of the MBR and the /boot partition. GRUB can read ext2 partitions. This functionality allows GRUB to access its configuration file, /boot/grub/grub.conf, every time the system boots, eliminating the need for the user to write a new version of the first stage boot loader to MBR when configuration changes are made. The only time a user would need to reinstall GRUB on the MBR is if the physical location of the /boot partition is moved on the disk. It might not be there when RHEL boots for the first time, but can be later installed from packages. But for the 1st stage boot loader open a root shell prompt and run the command /sbin/grub- install<location> , where <location> is the location that the GRUB Stage 1 boot loader should be installed. It is also possible to specify files to GRUB that do not actually appear in the file system, such as a chain loader that appears in the first few blocks of a partition. To specify these files, you must provide a blocklist, which tells GRUB, block by block, where the file is located in the partition . GRUBs root file system has nothing to do with the Linux root file system . The GRUB root file system is the root partition for a particular device which it uses to mount the device and load files from it. The original GRUB root file system and its mounts are forgotten; they only existed to boot the kernel file.

Command Line Interface : The command line interface is the most basic of the GRUB interfaces, but it is also the one that grants the most control. The command line makes it possible to type any relevant GRUB commands followed by the [Enter] key to execute them. This interface features some advanced shell-like features, including [Tab] key completion, based on context, and [Ctrl] key combinations when typing commands, such as [Ctrl]-[a] to move to the beginning of a line, and [Ctrl]-[e] to move to the end of a line. In addition, the arrow, [Home], [End], and [Delete] keys work as they do in the bash shell. The Stage 1 or primary boot loader is read into memory by the BIOS from the MBR. The primary boot loader exists on less than 512 bytes of disk space within the MBR. It only loads the Stage 2 boot loader and passes disk geometry information to it. The Stage 2 boot loader reads the operating system or kernel and initrd into memory .

File System Structure FHS is carved in the way a user might want to talk to the system. It is literally an Operating System. So, it is required from the user that he should have enough knowledge of the system the one he intends to talk to. Compliance with the standard means many things, but the two most important are compatibility with other compliant systems and the ability to mount a /usr/ partition as readonly because it contains common executables and should not be changed by users. Since the /usr/ directory is mounted read-only, it can be mounted from the CD-ROM or from another machine via a read-only NFS mount. The /etc/skel/ directory is for "skeleton" user files, which are used to populate a home directory when a user is first created. The /lib/ directory should contain only those libraries that are needed to execute the binaries in /bin/ and /sbin/. These shared library images are particularly important for booting the system and executing commands within the root file system. The /opt/ directory provides storage for large, static application software packages. A package placing files in the /opt/ directory creates a directory bearing the same name as the package. This directory in turn holds files that otherwise would be scattered throughout the file systemsince all the dependend applications need a chunkgiving the system administrator an easy way to determine the role of each file within a particular package. /sbin typically contains files essential for booting the system in addition to the binaries in /bin. Anything executed after /usr is known to be mounted (when there are no problems) should be placed in /usr/sbin. Local-only system administration binaries should be placed into /usr/local/sbin. /initrd/ is blank directory but is used to mount during booting process. This must never be deleted. The sysconfig Directory The /etc/sysconfig/apmd file is used by apmd as a configuration for what power settings to start/stop/change on suspend or resume. It is configured to turn on or off apmd at boot time, depending on whether the hardware supports Advanced Power Management (APM) or whether or not the user has configured the system to use it. The apm daemon is a monitoring program that works with power management code within the Linux kernel. It capable of alerting users to low battery power on laptops and other power-related settings. The /etc/sysconfig/arpwatch file is used to pass arguments to the arpwatch daemon at boot time. The arpwatch daemon maintains a table of Ethernet MAC addresses and their IP address pairings. The owner of arpwatch process by default is pcap. The /etc/sysconfig/authconfig file sets the kind of authorization to be used on the host . It has options for MD5, Kerberos and DAP. Vim the file for further methods available. The /etc/sysconfig/dhcpd file is used to pass arguments to the dhcpd daemon at boot time.

The dhcpd daemon implements the Dynamic Host Configuration Protocol (DHCP) and the Internet Bootstrap Protocol (BOOTP) . The /etc/sysconfig/hwconf file lists all the hardware that kudzu detected on the system, as well as the drivers used, vendor ID, and device ID information. The kudzu program detects and configures new and/or changed hardware on a system. The /etc/sysconfig/identd file is used to pass arguments to the identd daemon at boot time. The identd daemon returns the username of processes with open TCP/IP connections. Some services on the network, such as FTP and IRC servers, will complain and cause slow responses if identd is not running. The /etc/sysconfig/radvd file is used to pass arguments to the radvd daemon at boot time. The radvd daemon listens to for router requests and sends router advertisements for the IP version 6 protocol. This service allows hosts on a network to dynamically change their default routers based on these router advertisements. The /etc/sysconfig/samba file is used to pass arguments to the smbd and the nmbd daemons at boot time. The smbd daemon offers file sharing connectivity for Windows clients on the network. The nmbd daemon offers NetBIOS over IP naming services. /etc/sysconfig/sendmail file allows messages to be sent to one or more recipients . Its default values are to run as a background daemon and to check its queue once an hour in case something has backed up. The /etc/sysconfig/spamassassin file is used to pass arguments to the spamd daemon (a daemonized version of Spamassassin) at boot time. Spamassassin is an email spam filter application. For a list of available options, see the spamd man page. The /etc/sysconfig/squid file is used to pass arguments to the squid daemon at boot time. The squid daemon is a proxy caching server for Web client applications. The /etc/sysconfig/ups file is used to specify information about any Uninterruptible Power Supplies (UPS) connected to the system. The /etc/sysconfig/vncservers file configures to start up Virtual Network Computing (VNC) servera remote display system which allows users to view the desktop environment across different networks on a variety of architectures. when using a VNC server, communication with it is unencrypted, and so it should not be used on an untrusted network. Also, a password is required by the user whose sustem is going to accessed; it is in vncpasswd. SSH is used to secure VNC communications. The /etc/sysconfig/xinetd file is used to pass arguments to the xinetd daemon at boot time. The xinetd daemon starts programs that provide Internet services when a request to the port for that service is received. /etc/sysconfig/network-scripts/(the directory)This directory contains the following network-related configuration files: Network configuration files for each configured network interface, such as ifcfg-eth0 for theeth0 Ethernet interface. Scripts used to bring up and down network interfaces, such as ifup and ifdown. Scripts used to bring up and down ISDN interfaces, such as ifup-isdn and ifdown-isdn.

The proc File The Linux kernel has two primary functions: to control access to physical devices on the computer and to schedule when and how processes interact with these devices. The /proc/ directory contains a hierarchy of special files which represent the current state of the kernel allowing applications and users to peer into the kernels view of the system. Apart from text and binary kinds of files, /proc/ has the so called virtual files too for which reason /proc/ is often referred to as a virtual file system. These virtual files show to occupy zero byte of space while might have a lot of data. Also, the date and time of these are always recent onesthese are constantly updated. Virtual files such as /proc/interrupts,

/proc/meminfo, /proc/mounts, and /proc/partitions provide an up-to-the-moment glimpse of the systems hardware. cat, more, less work to show contents of these files. But not everything in these can be read for which utilities include lspci, apm, free, and top. Writing into Virtual files: As a general rule, most virtual files within the /proc/ directory are read only. However, some can be used to adjust settings in the kernel. This is especially true for files in the /proc/sys/ subdirectory. To change the value of a virtual file, use the echo command and a to the file. For example, to change the hostname on the fly, type > symbol to redirect the new value, eg echo www.example.com > /proc/sys/kernel/hostname. Other files act as binary or boolean switches. Typing cat /proc/sys/net/ipv4/ip_forward returns either a 0 or a 1. 0 indicates that the kernel is not forwarding network packets. Using the echo command to change the value of the ip_forward file to 1 immediately turns packet forwarding on. Another command used to alter settings in the /proc/sys/ subdirectory is /sbin/sysctl . /proc/cmdline shows the parameters that were passed to thekernel at the time of boot. /proc/filesystems displays a list of the file system types currently supported by the kernel. The mount command cycles through these file systems listed here when one is not specified as an argument. /proc/interrupts: IO APIC Edge interrupt The voltage signal on this interrupt transitions from low to high, creating an edge, where the interrupt occurs and is only signaled once. This kind of interrupt, as well as the IO-APIC-level interrupt, are only seen on systems with processors from the 586 family and higher. /proc/iomem: This file shows you the current map of the systems memory for each physical device. The first column displays the memory registers used by each of the different types of memory. The second column lists the kind of memory located within those registers. In particular, this column displays which memory registers are used by the kernel within the system RAM or, if the network interface card has multiple Ethernet ports, the memory registers assigned for each port. /proc/ksyms contains the symbol definitions used by the module tools to dynamically link and bind kernel modules. /proc/mdstat contains the current information for multiple-disk, RAID configurations.

Using sysctl command /sbin/sysctl command is used to view, set, and automate kernel settings in the /proc/sys/ directory. To get a quick overview of all settings configurable in the /proc/sys/ directory, type the /sbin/sysctl -a command as root. This is the same information seen if each of the files were viewed individually. The only difference is the file location. The /proc/sys/net/ipv4/route/min_delay file is signified by net.ipv4.route.min_delay, with the directory slashes replaced by dots and the proc.sys portion assumed. The sysctl command can be used in place of echo to assign values to writable files in the /proc/sys/ directory. echo 1 > /proc/sys/kernel/sysrq You can use the sysctl command: sysctl -w kernel.sysrq="1" kernel.sysrq = 1 All /proc/sys/ special settings are lost when the machine is rebootedto make permanent to your kernel, add them to the /etc/sysctl.conf file. Every time the system boots, the init program runs the /etc/rc.d/rc.sysinit script. This script contains a command to execute sysctl using /etc/sysctl.conf to dictate the values passed to the kernel. Any values added to /etc/sysctl.conf will take effect each time the system boots.

Using Shadow Passwords Improves system security by moving encrypted password hashes from the world-readable /etc/passwd file to /etc/shadow, which is readable only by the root user. Stores information about password aging. Allows the use the /etc/login.defs file to enforce security policies. Most utilities provided by the shadow-utils package work properly whether or not shadow passwords are enabled. But password aging information does not work because it is stored in /etc/shadow file.