LOGS and BOOTUP Process

TOPICS
  1. Boot Process
  2. Kernel
  3. Hardware and Kernel
  4. PROC and SYSCTL
  5. Logs Overview and SYSLOG

  • BIOS initializes .
  • BIOS calls boot loader, in RHEL it is GRUB.
  • Bootloaders loads the first kernel image.
  • GRUB then hands control to kernel which mounts the file system and start appropriates system services.
  • The system services start up and log-in screen is displayed.


    KERNEL BOOT PROCESS
  • kernel detects the hardware on the system and loads device drivers from its initial RAM file system
    initramfs-<kernel version>.img
  • mount the root files system in read-only mode
  • init is loaded

    LAST START UP STAGE

  • init runs the necessary scripts in /etc/init.
  • /etc/inittab is read for the default runlevel.
  • Scripts for appropriate runlevel are started.
  • User is presented with log in screen.


    GRUB (Grand Unified Boootloader)
  • it works in two stages
  • 1st is a small program in first 446 bytes of boot sector
  • 2nd boot partition on the system
grub does not support LVM so it shall be located on a non LVM partition
shows instructions inside grub.conf

password protect grub

grub-md5-crypt generate a md5 encrypted
password: give your desired password
password:
vi /boot/grub/grub.conf
copy the password in grub.conf above the first title as follows
password –md5 password
:wq


UPSTART

  • new system start up service, originally developed for ubuntu linux distribution
  • in rhel 6, replace the old sysV init system
  • SysV init started services sequentially.
  • Upstart treateach service as an event andstarts services in parallel
  • provides much fast boot experience

init
  • init is the first process (PID 1)
  • rest of process are child processes of init
  • location is /sbin/init
  • Configuration files for init/upstarts are in /etc/init

rcs.conf
  • it is first script being called duringstartup byUpstart andlocated in /etc/init/rcS.conf
  • it executes /etc/rc.d/rc.sysinit script
  • reads /etc/inittab for default run level
  • switch to default runlevel

                                                                        rc.init


  • in /etc/rc.d/rc.sysinit
  • sets system hostname
  • starts networking
  • mounts and check file system
  • runs playmouth “progress bar”
  • sets SELinux state
  • sends messages to /var/log/dmesg

                                                                        rc.conf

location /etc/init/rc.conf
called by the /etc/init/rcs.conf file uses defaultrunlevel as set in /etc/inittab
executes the scripts located in /etc/rc.d/rcX.d “X is default runlevel”


                                                                      inittab

  • in /etc/inittab
  • used to be the main scripts file that init used during system start-up
  • sets default runlevel, now it is the onlyjob left for inittab
  • /etc/sysconfig/init------------sets color for plymoth,determines if single user mode will need password
  • /etc/init/tty.conf---------------------creates the terminals (ctrl+alt+F1-F6)


                                                                   KERNEL
  • Linux kernel was started by linus torvalds in aprin in 1991
  • version 1.0 was released in mar, 1994
  • version 2.0 wasreleased in sept, 1996
  • version 2.60 was released in dec, 2003
  • kernel is heart of os and responsible for
  • System startup
  • networking memory mgmt
  • Security (SELinux, firewall, Permissions)
  • RHEL version Scheme is respresented by:
  • <major>.<minor>.<patch>-<build>.elx<architecture>
  • RUN uname -r to see the kernel version
  • NOTE:- rpm -ivh kernelname
          or
  • yum install kernelname
  • linux kernel in monolithic means that os runs within kernel space
  • kernel loads device drivers known as kernel modules.these are loaded/unloaded dinamically
  • kernel modules are located at /lob/modules/<kernel virsion>
  • all the installed kernals are located in the /boot directory
  • Example:
  • -vmlinuz-2.1032-71.el6x86-64
  • vmlinuz refers to the fact that linux kernel is stored in a compressed image file.
  • PROCESS DIRECTORIES
  • during run time, the /proc, /sys and /dev directories are created by kernel
  • /proc is for running processes and kernel parameters
  • /sys isfor system devices and their drives
  • /dev provides acess points for devices and their drives
  • Hardware & Kernel
  • less dmesg display /var/log/dmesg
  • lspci display devices attached PCI bus
  • lspci -k device + kernel module attached
  • lsusb display USB devices
  • lsusb-t display in tree mode
  • dmicode helps display detailed information about any hardware component on system



                                                               Kernel Modules


These are loaded/unloaded dynamically
# lsmod | less display current loaded modules
# modinfo sr_mod display modules info
# modprobe -r -v sr_mod unloads a modules
# lsmod | less shall not show the cd-ROM module
# modprobe sr_mod loads the modules
#lsmod | less
ls /lib/modules/$(uname-r)Kernel Display the kernel modules
PROC AND SYSCTL
  • changes can be made to kernal parameters during the run time through “proc”
  • changes mode in proc does not survive reboot
  • os provides different commands to extract data from proc in good formate.

# ls /proc
# cat /proc/cpuinfo
# cat /proc/meminfo
# free -m
# cat /proc/mounts
# mount

Linux machine avt like router at run time
# cat /proc/sys/net/ipv4/ip_forward
# echo 1> /proc/sys/net/ipv4/ip_forward

it shall be off after reboot use sysctl to modify
vim/etc/sysctl
sysctl -a “shws the kernal parameters that can be modified
                                                     


                                                     LOGS OVERVIEW and SYSLOG

    very important for trouble shooting
  • all system logs are located under /var/log .Each service maintains its own logs under this directory
  • logs need to be monitored constantly for the system safety and uptime
  • primery log file is /var/log/messages.it includes messages from all system software and boot issues not related to kernel
  • /var/log/dmesg includes messages form kernel during the boot process.it also includes information about h/w devices that are connected.
  • Var/log/secure includes messages from SELinux and AVC(Access vector Cache)
  • other logs may be
  • /var/log/yum.log includes software installation logs
  • var/log/boot.log includes system bootup messages
  • var/log/httpd inclyudes logs from web server etc...
  • tai -f logfile display log messages in real time
  • dmesg utility to monitor kernel boot messages
  • tail -f -n20 logfiles shall display 20 lines


                                                                           SYSLOG

  • syslog is replaced by rsyslog daemon, it has certain feature like sending encryptione messages to remote log server or write logs directly to a mysql database



vim/etc/rsyslog.conf
got ot rules section
facility.priority e.g
cron* var/log/cron


cron.* *means priority which meaning
that any priroty message shall be sent to /var/log/cron

modify
kernel.*to

kern.crit /var/log/messages

:wq

service rsyslog reload

                                                   




                                                  SENDS LOGS TO REMOTE SERVER


vim /etc/rsyslog.conf

scroll down to bottom of file

unmark and replace

#*.*@@remotehost:514

@@ means communication only over TCP

@ means comm only over UDP

with

*.*@@ipofserver:514

:wq

service rsyslog reload

Comments

Post a Comment

Popular posts from this blog

How to configure apache server in linux

Image
Apache is the most popular, secure, robust, reliable and powerful web server. Apache is used by more websites than all other web servers combined. RHEL6 includes Apache version 2.2 RHCE6 Exam objectives covered in this article HTTP/HTTPS Configure a virtual host. Configure private directories. Deploy a basic CGI application. Configure group-managed content. In this tutorial I will use three systems Server, linuxclient and windowclient from our LAB environment. I will configure Apache Web Server on Server system and test from inuxclient and windowclient system. If you want to check the network topology used in this article please check following article. Lab set up for RHCE 6 practice Installation of Apache Two packages are required for Apache server httpd mod_ssl elinks httpd package install Apache web server. mod_ssl is the additional package which required to create secure websites elinks is the additional package for text based we
Read more

A Guide to Buying a Motherboard

we have so many question about Motherboard. So first start with LGA. What is LGA   land grid array  ( LGA ) is a type of  surface-mount  packaging for  integrated circuits  (ICs) that is notable for having the pins on the  socket  (when a socket is used) rather than the integrated circuit. [1]  An LGA can be electrically connected to a  printed circuit board  (PCB) either by the use of a socket or by  soldering  directly to the board. LGA is used as a physical interface for microprocessors of the  Intel   Pentium 4  (Prescott), Intel  Xeon ,  Intel Core 2 ,  Intel Core  ( Bloomfield  and  Lynnfield ) and  AMD   Opteron  families. Unlike the  pin grid array  (PGA) interface found on most  AMD  and older  Intel  processors, there are no pins on the chip; in place of the pins are pads of bare gold-plated copper that touch protruding pins on the microprocessor's connector on the  motherboard . The most common Intel desktop LGA socket is dubbed  LGA 1150  (Socket H3), which is
Read more

RHEL 7

RHEL 7 ..... ************************RHCSA Version 7 **************** Initial configuration.txt: *you have been provided a virtual box named as serverX.example.com (hint:where X is your domain number) * password for both virtual machine should be "Postroll" *serverX.example.com provided with ip=172.25.X.10/255.255.255.0 *serverX.example.com are provided with gateway 172.25.254.254 & example.com dns domain with the IP: 172.25.254.254 gateway 172.25.0.1 netmask 255.255.255.0 nameserver 172.25.254.250 1) configure your systems that should be running Enforcing 2) create a new 100MB Physical partition mounted under /Gluster (Note because partition sizes are seldom exactly what is specified when they are created, any thing within the range of 70MB to 120MB is acceptable) 3) create a new 150MB swap partition f/s. (Note because partition sizes are seldom exactly what is specified when they are created, any thing within the range of 13
Read more