THE LINUX BOOTING

PROCESS

STAGES OF LINUX BOOTING PROCESS

STAGE 1:-BIOS PROCESS
BIOS stand for Basic Input output system.
It is the first stage of the Linux boot process which performs some integrity checks and searches,
load and execute boot loader program.
It searches the boot-loader program in floppy drive, hard drive and cd-rom. Once it gets the bootloader, it loads it into the memory and gives total control to it.
So we can say that BIOS loads and execute MBR.

STAGE2:-MBR PROCESS
MBR stands for master-boot record.
It is located in the first sector of the bootable disk. It is of 512 bytes in memory and contains three
important components.
Primary boot-loader information in first 446 bytes.
Partition table information in next 64 bytes.
MBR validation checks in last 2 bytes.
MBR also contains the information about the GRUB, so we can say that MBR loads and executes
GRUB.

STAGE 3:-GRUB PROCESS

 GRUB stands for Grand-unified boot loader.

In its configuration file, it contains kernel images and initrd images. If you have various kernel
images loads in your system then you can choose which one to execute.
GRUB contain splash images and waits for few seconds, if you do not press anything in that specified
period of time then it loads the default kernel image as specified in the grub configuration file.
The configuration file of GRUB is /boot/grub/grub.conf wherein /etc/grub/grub.conf is the soft link of
that.
GRUB also contains the knowledge of the file-system, so we can say that grub loads and executes
kernel.

STAGE 4:-KERNEL

Kernel is the heart of the Linux operating system.

It acts as an interface between the user and the hardware of the Linux operating system.
Here, kernel mounts the root-file-system as specified in the grub configuration file.
Kernel also executes /sbin/init program and since it is the first program executed by the kernel so its
process id is always 1. We can also view it by using the command ps ef |grep i init.
As grub configuration file contain the initrd image, so that image is useful for the kernel.
Initrd stands for initial RAM disk. And it is used by the kernel as the temporary file-system until kernel
is booted and root file system is not mounted.
Initrd also contains drivers complied inside which will be helpful to access hard-drive partition and
other hardware.
So we can say that kernel loads and executes init program.

STAGE 5:INIT PROGRAM

Init stands for initialization program.

 It is the second last of the Linux boot process.

As the booting process comes to this stage, its looks for the /etc/inittab file and check for the runlevel.
As it got to know the run-level it loads all appropriate program as per the run-level specified.

STAGE 6:RUN-LEVEL
Run-level is the last stage of the Linux boot process.
When the Linux operating system is booting up, you might have seen various services which are
staring up like staring sendmail OK. Those are the run-level programs which are executed from the
run-level directories as defined by your run-level.
Depending upon your default init level setting, the system will execute the program from one of the
following directories.
Run-level 0:- /etc/rc.d/rc0.d/
Run-level 1:- /ect/rc.d/rc1.d/
Run-level2:- /etc/rc.d/rc2.d/
Run-level 3:-/etc/rc.d/rc3.d/
Run-level 4:- /etc/rc.d/rc4.d/
Run-level 5:-/etc/rc.d/rc5.d/
Run-level6:- /etc/rc.d/rc6.d/
Symbolic links to these directories are also present inside /etc directories like
Run level 0:- /etc/rc0.d/ is symbolic link to /etc/rc.d/rc0.d/
Run-level 1:- /etc/rc1.d/ is symbolic link to /etc/rc.d/rc1.d/
Run-level 2:- /etc/rc2.d/ is symbolic link to /etc/rc.d/rc2.d/
Run-level 3:- /etc/rc3.d/ is symbolic link to /etc/rc.d/rc3.d/
Run-level 4:- /etc/rc4.d/ is symbolic link to /etc/rc.d/rc4.d/
Run-level 5:- /etc/rc5.d/ is symbolic link to /etc/rc.d/rc5.d/

Run-level 6:- /etc/rc6.d/ is symbolic link to /etc/rc.d/rc6.d/

Under the directories /etc/rc.d/rc*.d/ you would have seen that programs starts with S and K.
Program thats starts with S are used during startup.
Program thats starts with K are used during shutdown.
There are also the numbers right to S and K in the programs names; these are the sequence
numbers in which program will start and shutdown.
For example S12syslog is to start the syslog daemon which has the sequence number 12, on the
other hand S80sendmail is to start the sendmail daemon which has the sequence number 80. So in
this case syslog program will start before sendmail.

END OF THE TOPIC

RUN-LEVELS

TYPES OF RUN-LEVELS IN LINUX OPERATING SYSTEM

In Linux operating system we have seven distinct types of Run-levels and the lists of those
are as follows.
RUN-LEVEL 0:
This is the run-level which is used in Linux Operating system to shutdown the system or to halt the
system.

RUN-LEVEL 1:
This is the run-level which is used in Linux Operating system to run the system in single user mode.
This run-level is equivalent to maintenance mode in window operating system.

RUN-LEVEL 2:
This is the run-level which is used to run the machine in multi-user CLI mode. But there is no
restriction in this run-level is that it does support network file-sharing services like NFS and SMB.

RUN-LEVEL 3:

 This is the run-level which run the machine in multi-user mode. This is the run-level which is most
widely used in the industries standard. This is the run-level which work in command line interface
mode and support all services.

RUN-LEVEL 4:
This is the run-level which is not so used and reserved for future purpose. This is the run-level which
is used for custom-level only even though this run-level has many more features as compared to runlevel 3.

RUN-LEVEL 5:
This is the run-level which is default run-level in Linux Operating system. This is the run-level which
works in Graphical Interface mode. This run-level also support all services and widely used in
workstation.

RUN-LEVEL 6:
This is the run-level which is used to restart the system.

END OF TOPIC

OVERVIEW OF GRUB
CONFIGURATION FILE

AN APPROACH TO LEARN MORE IN DEPTH OF GRUB

CONFIGURATION FILE
Grub plays the vital role in Linux Operating system. It stands for Grand unified boot-loader
and its configuration file contains almost everything which will help in booting Linux
Operating system. Let learn more in-depth of its configuration file.

GRUB CONFIGURATION FILE:

The configuration file of Linux Operating system is in /boot/grub/grub.conf.
Its symbolic file is also present in Linux Operating system in /etc/grub/grub.conf.
The configuration file of the grub contains the location of the root file-system, kernel and initrd
images and splash images.
Lets learn one by one of its configuration file.

With first line you got to know which drive contain the Linux boot-loader i.e #boot= dev/sda.

With second line you got to know which kernel image grub loads and execute during booting
process i.e default =0, or default=1 or 2. This line will depends when you have various kernel
images loads on your system.

With third line, you got to know till how much time splash image waits for your input. After that
it will executes the kernel image as specified in Linux Operating system i.e timeout=5

With fourth line you got to know the location of the splash image i.e
splashimage=(hd0,0)/boot/grub/splash.xpm.gz.

Fifth line indicates the hidden menu, which you will not see while the Linux booting up, and
these lines are as follows.

First it will contain the Linux version, second it contains the location of root file-system and
third and fourth line contains the kernel and initrd images.

#boot=/dev/sda

default=0

timeout=5

splashimage=(hd0,0)/boot/grub/splash.xpm.gz

hiddenmenu

title CentOS (2.6.18-194.el5PAE)

root (hd0,0)

kernel /boot/vmlinuz-2.6.18-194.el5PAE ro root=LABEL=/

initrd /boot/initrd-2.6.18-194.el5PAE.img

GRUB VS LILO

DIFFERENCE BETWEEN GRUB AND LILO

S.N
O

GRUB

1.
2.

GRUB stands for Grand Unified Boot -loader

GRUB has the knowledge of the file-system

3.
4.

GRUB can boot from the network

GRUB has interactive command line interface

5.
6.

GRUB has come after Linux version 4.

Change made to GRUB configuration file will
auto-load to OS.
GRUB also understands various other
operating systems as well.

7.

LILO
LILO stands for Linux Loader.
LILO does not have the knowledge of the filesystem.
LILO does not boot from the network.
LILO does not have interactive command line
interface.
LILO was present till Linux version 4.
Changes made to LILO do not auto-load to OS.
LILO understand only Linux Operating system.

STAGES OF GRUB

LEVELS OF GRUB
GRUB plays the vital role in the Linux Operating system and it is the default boot-loader to
redhat, Ubuntu and various other Linux variant. Lets discussed the various stage of GRUB
which shows how GRUB loads and execute kernel.

STAGES OF GRUB:
GRUB has three different stages which is called
GRUB stage 1.
GRUB stage 1.5.
GRUB stage 2.
In GRUB stage 1, the code contain in the master- boot record is considered to be GRUB stage 1, in
this stage GRUB looks for the master boot record for the active partition from where it can boot
kernel. This is the stage which calls GRUB stage 1.5.
In GRUB stage 1.5, looks to identify the file-system type which is an optional, this stage directly calls
GRUB stage 2.
GRUB stage 2 is the final stage which calls the kernel and Loads it into the memory. This is the stage
where most of the troubleshooting time will be spend off.

END OF THE TOPIC

HOW TO RECOVER MBR

IN LINUX OPERATING
SYSTEM

RECOVERY OF BROKEN MBR IN LINUX OPERATING

SYSTEM
In this section we will learn how to recover broken MBR in Linux operating system.
STEPS TO RECOVER MBR:
In order to recover broken MBR in Linux operating system, we first have to bring the system in resue
and recovery mode.

 We bring the system in GRUB Command line mode, by using RHEL installation CD, and pressing c
option in GRUB.
Now we have to find out in which partition and disk, the grub.conf file contains, and for this we have
to use the find command as follows. Grub> find /grub/grub.conf.
Now it will return the disk name and partition, now we also can use grub> root. This will show that
the (hd0,0) file does not exist and also show the file-system type.
Now finally, we load the grub to the disk which is returned in the previous command as follows
grub>setup (hd 0)

END OF TOPIC

FREQUENTLY ASKED
QUESTION

MISCELLANEOUS QUESTIONS AND ANSWERS

What is the version of GRUB used in Redhat enterprise Linux 6?

 The version of the GRUB used in Redhat enterprise Linux 6 is .97.

What is the latest version of GRUB available in the market?
The latest version of GRUB available in the market is GRUB version 2.
What is the difference between GRUB version 2 and GRUB version .97?
The difference between GRUB version 2 and GRUB version .97 is that in GRUB version 2 we cannot
change the GRUB configuration file by hand that means they will be some other mechanism to deal
with GRUB configuration file.
Why we use boot-loader?
We used boot-loader so that we can boot into different operating system often called multi boot and
we can boot kernel with special arguments.
What are the options used while dealing with GRUB command line?
The lists of the switches which are used while dealing with the GRUB command line are as follows.
SWITCH e:- This switch is used to edit the command before booting.
SWITCH a:- This switch is used to append or modify the command before booting.
SWITCH c:- This switch is used to bring the GRUB in command line mode.
What is the function of the BIOS?
In Linux boot process- BIOS is the first program that is run, so its basic function is to bring the system
in POWER ON SELF TEST and start loading peripheral devices and also looks for the boot device and
when searched, gives total control to it.
What is the function of the kernel?
The function of the kernel is to initialize and configured computer hardware.
When kernel did execute init program?

Kernel execute init program only when all computer drivers are in place.

What are the commands to view current run-level in Linux Operating system?
The command to view current run-level in Linux Operating system are
Runlevel
Who r
What are the commands to change the run-level in Linux Operating system?
The commands to change the run-level in Linux Operating system are
Init (runlevel) Temporary method.
Make entry in /etc/inittab file- Permanent method
What is the difference between traditional sysv and upstart utility?

S.N
O
1.
2.
3.

4.

SYSV
Traditional sysv was present till redhat Linux
5
It is slower as compared to upstart utility
It calls all services sequentially

It used /etc/rc.d/rc.sysinit as mediator to call

all services from etc/rc.d/rc#.d

UPSTART
Upstart is the new utility comes in red-hat Linux
version 6.
It is faster.
It does call the services sequentially, and worked
upon jobs and event based and all services is with
/etc/init directories as jobs.
It does not any such mediator while calling services
and services start and stop by upstart only.

What are the soft-link files of GRUB?

The symbolic files of GRUB are /boot/grub/menu.lst and /etc/grub/rub.conf.

 What is the path of the filename where all booting information stored?
The path of the filename where all booting information stored is /var/log/dmesg.
What is the command to troubleshoot hardware issues in Linux operating system?
The command to troubleshoot hardware issues in Linux Operating system is lsmod.

END OF THE TOPIC

SHUTDOWN
COMMAND

FUNCTIONALITY OF SHUTDOWN COMMAND

SHUTDOWN COMMAND:
Shutdown command plays vital role in Linux Operating system.
This command is used to bring the system in power off state i.e in HALT state.
It will also used to restart or reboot the system.
With the help of this command we can also warn the user for the shutdown and also set the timings
for the shutdown.
The syntax and the switches used in shutdown command as follows.

SYNTAX:
shutdown[option] time.
SWITCHES:
k- This switch is used to just warn the user, dont reboot.
h- This switch is used to bring the system in power off state after shutdown
r- This switch is used to reboot the system.
F- This switch is used to check file-system while booting.
t SECS This switch is used to sets seconds.
n- This switch is used to kill all process and send the shutdown message and delay the
shutdown by x. This switch is
So Recommended.
FEWS EXAMPLE OF SHUTDOWN:
Shutdown now- This will bring the system in resue mode.
Shutdown h 120- This will power off the system after 120 secs while shutting down the
system.
Shutdown r now- This will reboot the system.

 Shutdown F now- This will force to check file-system while shutdown.

END OF TOPIC

CHKCONFIG COMMAND

FUNCTIONALITY OF CHKCONFIG COMMAND

CHKCONFIG COMMAND:
Chkconfig command also plays vital role in Linux Operating system.
This command is useful when we want to enable or disable services at Linux boot level.
With the help of this command we can also list when the service is enabled at particular run-level or
not.
The syntax of chkconfig and switches used are as follows.

 SYNTAX:
Chkconfig[option] service name.
SWITCHES:
--list This switch is used to check the service at the run-levels.
-- add- This switch is used to add the services at run-levels.
--del This switch is used to remove the services at the run-levels.
--level This switch is used to add or remove the services at particular level.
EXAMPLES OF CHKCONFIG COMMAND:

Chkconfig
Chkconfig
Chkconfig
Chkconfig

list sshd- This command is used to list the services at all run-levels.
add sshd- This command is used to add the sshd services at the run-levels.
del sshd This command is used to remove the services at the run-levels.
level 3 sshd on This command is used to on the sshd services at run-level 3.

IPTABLES

OVERVIEW AND FUNCTIONALITY OF IPTABLES

IPTABLES AN UNDERSTANDING:
IPTABLES is one of the system security tools which are available in Linux Operating system. This tool
acts as the firewall to allow and block network communication through one or more ports, with the
help of this tool we can also filter packets based upon network element such as source and
destination IP address. IPTABLES contain chains and the chains are the group of rules.

RULES OR CHAINS PRESENT IN IPTABLE:

As IPTABLES contains chains and the chains are the groups of rules, so there are mainly five chains
or rules which are present and which we can apply in IPTABLES and those chains or rules are as
follows.

INPUT CHAIN
OUTPUT CHAIN
FORWARD CHAIN
PREROUTING CHAIN
POSTROUTING CHAIN

LIST OF TABLES PRESENT IN IPTABLE:

IPTABLES mainly contains three tables which are as follows.
FILTER TABLE
NAT TABLE
MANGLE TABLE

FUNCTION OF FILTER TABLE:

Function of the filter table is packet filtering.
Filter table is the default table present in IPTABLE, that means group of the chains or rules where
table name is not there, in that case IPTABLE considered that as the part of filter table only.

CHAINS OR RULES APPLICABLE IN FILTER TABLE:

In filter table we can apply only three chains or rules and the list of those are as follows.

 INPUT CHAIN
OUTPUT CHAIN
FORWARD CHAIN

FUNCTION OF INPUT CHAIN IN FILTER TABLE:

The function of input chain in filter table is that, in this rule packet is coming to the firewall, which
means packet is coming to the local server.

FUNCTION OF OUTPUT CHAIN IN FILTER TABLE:

The function of output chain in filter table in that, in this rule packet is originating from the firewall,
which means packet is originating from the local server.

FUNCTION OF FORWARD CHAIN IN FILTER TABLE:

Function of forward chain in filter table is that in this rule, packet is for the different NIC on the same
server which means packet is routed through the local server.

FUNCTION OF NAT TABLE:

Function of NAT table in IPTABLE is network address translation.

CHAINS PRESENT IN NAT TABLE:

In NAT table there are basically three chains or rules which are present and the list of those are as
follows.

 PREROUTING CHAIN
POST ROUTING CHAIN
OUTPUT CHAIN

FUNCTION OF PREROUTING IN NAT TABLE:

The function of pre-routing rule in NAT table is that, this rule is comes in place before the routing
decision is made.

FUNCTION OF POST-ROUTING RULE IN NAT TABLE:

The function of post routing rule in NAT is that, this rule will come in place after the routing decision
is made and before it will enter into the hardware.

FUNCTION OF OUTPUT RULE IN NAT TABLE:

The function of output rule in NAT table is that, this rule performs network address translation before
the routing decision is made.

FUNCTION OF MANGLE TABLE:

Mangle table is the last, but not the least table used in IPTABLES.
The function of mangle table is to modify TCP header i.e TCP header quality of services before
routing decision is made.
With the help of mangle table we can change TTL ie time to live and type of services.

CHAINS PRESENT IN MANGLE TABLE:

In mangle table we can used all five chains and the list of those are as follows.

INPUT CHAIN
OUTPUT CHAIN
FORWARD CHAIN
PRE-ROUTING CHAIN
POST ROUTING CHAIN

TARGET VALUE USED IN IPTABLE:

In IPTABLES there are basically four target values which are used and the list of those are as follows.
ACCEPT:
This is the default target value used in IPTABLE. The function of this target value is to accept
the packet.
DROP:
The function of this target value is to drop the packet, and in this target value no
acknowledgement message will be sent back to sender machine.
REJECT:
The function of this target value is to reject the packet and in this target value an error
message will be sent back to sender machine.
MASQRATE:
The function of this target value is to perform network address translation, which means when
packet goes from internal LAN to outside world it will change its source address to public IP
address.

PROCESS FLOW OF IPTABLES:

The process flow of IP table is important to understand so to have better understanding of IP tables.
So its process flow is as follows.
IP table always process from top to bottom.
If the rule matches the target then no further processing will be done, and the IP table will
process the rule as per the target and process the special value mention in the target.
If the rule does not matched then it will check for next rule.
At the end of the IP table default value is accept, so if none of the rule match then it will pass
the packet.

SYNTAX OF IPTABLES:
The syntax of IP tables is as below.
iptables t tablename [actions reaction][packet pattern] j [what to do]

ACTIONS PRESENT IN IPTABLE:

In IP tables there are basically five actions which are present and the list of those are as follows.
-A:
This action is used to append the line at the end of the rule.
-D:
This action is used to delete the rule from the IP table, and we can also delete specific rule by
giving its number.
-L:
This action will list all the running rules in the IP tables.
-F:
This action is used to flush the rules from the IP tables.
-I:

This action is used to add the rule in the IP tables and we can also add to specific place by
giving the number.

PACKET PATTERN IN IPTABLE:

The lists of packet pattern used in IP table are as follows.
-s ip address:
This packet pattern will looks for the packet coming from the source ip address.
-d ip address:
This packet pattern will looks for the packet going to the destination ip address.
-sport:
This pattern will looks for the packet coming from the incoming port.
-dport:
This pattern will looks for the packet going to the destination port.
-p protocol:
This pattern will looks for the protocol used in the packet.
-i interface:
This pattern will looks for the packet coming from which interface.
-o interface:
This pattern will looks for the packet going to which interface.
-m multiport<>
This pattern is used in assigning multiport to packet.

WHAT TO DO IN IPTABLES?
What to do are the targets values which we already discussed.

HOW TO INSTALL IPTABLES?

 IP tables are installed state by default in Linux operating system, so no need to install.

SERVICES USED IN IPTABLES:

In order to start, stop and restart the services of IP tables then we can used the following path,
/etc/init.d/iptables
Note:- Be caution, do not restart the services, because in the all entries in iptables will erase.

FILE CONTAINS THE IPTABLE NAMES:

In order to view list of the tables present in IP tables we can check it by following file.
/proc/net/iptables_names

HOW TO RESTORE OR SAVE IPTABLES:

In order to restore or save the entries add in IP tables, we used the following command and file.
Command:
service iptables save
File:
iptables restore /etc/sysconfig/iptables.