LOGS and BOOTUP Process

TOPICS
  1. Boot Process
  2. Kernel
  3. Hardware and Kernel
  4. PROC and SYSCTL
  5. Logs Overview and SYSLOG

  • BIOS initializes .
  • BIOS calls boot loader, in RHEL it is GRUB.
  • Bootloaders loads the first kernel image.
  • GRUB then hands control to kernel which mounts the file system and start appropriates system services.
  • The system services start up and log-in screen is displayed.


    KERNEL BOOT PROCESS
  • kernel detects the hardware on the system and loads device drivers from its initial RAM file system
    initramfs-<kernel version>.img
  • mount the root files system in read-only mode
  • init is loaded

    LAST START UP STAGE

  • init runs the necessary scripts in /etc/init.
  • /etc/inittab is read for the default runlevel.
  • Scripts for appropriate runlevel are started.
  • User is presented with log in screen.


    GRUB (Grand Unified Boootloader)
  • it works in two stages
  • 1st is a small program in first 446 bytes of boot sector
  • 2nd boot partition on the system
grub does not support LVM so it shall be located on a non LVM partition
shows instructions inside grub.conf

password protect grub

grub-md5-crypt generate a md5 encrypted
password: give your desired password
password:
vi /boot/grub/grub.conf
copy the password in grub.conf above the first title as follows
password –md5 password
:wq


UPSTART

  • new system start up service, originally developed for ubuntu linux distribution
  • in rhel 6, replace the old sysV init system
  • SysV init started services sequentially.
  • Upstart treateach service as an event andstarts services in parallel
  • provides much fast boot experience

init
  • init is the first process (PID 1)
  • rest of process are child processes of init
  • location is /sbin/init
  • Configuration files for init/upstarts are in /etc/init

rcs.conf
  • it is first script being called duringstartup byUpstart andlocated in /etc/init/rcS.conf
  • it executes /etc/rc.d/rc.sysinit script
  • reads /etc/inittab for default run level
  • switch to default runlevel

                                                                        rc.init


  • in /etc/rc.d/rc.sysinit
  • sets system hostname
  • starts networking
  • mounts and check file system
  • runs playmouth “progress bar”
  • sets SELinux state
  • sends messages to /var/log/dmesg

                                                                        rc.conf

location /etc/init/rc.conf
called by the /etc/init/rcs.conf file uses defaultrunlevel as set in /etc/inittab
executes the scripts located in /etc/rc.d/rcX.d “X is default runlevel”


                                                                      inittab

  • in /etc/inittab
  • used to be the main scripts file that init used during system start-up
  • sets default runlevel, now it is the onlyjob left for inittab
  • /etc/sysconfig/init------------sets color for plymoth,determines if single user mode will need password
  • /etc/init/tty.conf---------------------creates the terminals (ctrl+alt+F1-F6)


                                                                   KERNEL
  • Linux kernel was started by linus torvalds in aprin in 1991
  • version 1.0 was released in mar, 1994
  • version 2.0 wasreleased in sept, 1996
  • version 2.60 was released in dec, 2003
  • kernel is heart of os and responsible for
  • System startup
  • networking memory mgmt
  • Security (SELinux, firewall, Permissions)
  • RHEL version Scheme is respresented by:
  • <major>.<minor>.<patch>-<build>.elx<architecture>
  • RUN uname -r to see the kernel version
  • NOTE:- rpm -ivh kernelname
          or
  • yum install kernelname
  • linux kernel in monolithic means that os runs within kernel space
  • kernel loads device drivers known as kernel modules.these are loaded/unloaded dinamically
  • kernel modules are located at /lob/modules/<kernel virsion>
  • all the installed kernals are located in the /boot directory
  • Example:
  • -vmlinuz-2.1032-71.el6x86-64
  • vmlinuz refers to the fact that linux kernel is stored in a compressed image file.
  • PROCESS DIRECTORIES
  • during run time, the /proc, /sys and /dev directories are created by kernel
  • /proc is for running processes and kernel parameters
  • /sys isfor system devices and their drives
  • /dev provides acess points for devices and their drives
  • Hardware & Kernel
  • less dmesg display /var/log/dmesg
  • lspci display devices attached PCI bus
  • lspci -k device + kernel module attached
  • lsusb display USB devices
  • lsusb-t display in tree mode
  • dmicode helps display detailed information about any hardware component on system



                                                               Kernel Modules


These are loaded/unloaded dynamically
# lsmod | less display current loaded modules
# modinfo sr_mod display modules info
# modprobe -r -v sr_mod unloads a modules
# lsmod | less shall not show the cd-ROM module
# modprobe sr_mod loads the modules
#lsmod | less
ls /lib/modules/$(uname-r)Kernel Display the kernel modules
PROC AND SYSCTL
  • changes can be made to kernal parameters during the run time through “proc”
  • changes mode in proc does not survive reboot
  • os provides different commands to extract data from proc in good formate.

# ls /proc
# cat /proc/cpuinfo
# cat /proc/meminfo
# free -m
# cat /proc/mounts
# mount

Linux machine avt like router at run time
# cat /proc/sys/net/ipv4/ip_forward
# echo 1> /proc/sys/net/ipv4/ip_forward

it shall be off after reboot use sysctl to modify
vim/etc/sysctl
sysctl -a “shws the kernal parameters that can be modified
                                                     


                                                     LOGS OVERVIEW and SYSLOG

    very important for trouble shooting
  • all system logs are located under /var/log .Each service maintains its own logs under this directory
  • logs need to be monitored constantly for the system safety and uptime
  • primery log file is /var/log/messages.it includes messages from all system software and boot issues not related to kernel
  • /var/log/dmesg includes messages form kernel during the boot process.it also includes information about h/w devices that are connected.
  • Var/log/secure includes messages from SELinux and AVC(Access vector Cache)
  • other logs may be
  • /var/log/yum.log includes software installation logs
  • var/log/boot.log includes system bootup messages
  • var/log/httpd inclyudes logs from web server etc...
  • tai -f logfile display log messages in real time
  • dmesg utility to monitor kernel boot messages
  • tail -f -n20 logfiles shall display 20 lines


                                                                           SYSLOG

  • syslog is replaced by rsyslog daemon, it has certain feature like sending encryptione messages to remote log server or write logs directly to a mysql database



vim/etc/rsyslog.conf
got ot rules section
facility.priority e.g
cron* var/log/cron


cron.* *means priority which meaning
that any priroty message shall be sent to /var/log/cron

modify
kernel.*to

kern.crit /var/log/messages

:wq

service rsyslog reload

                                                   




                                                  SENDS LOGS TO REMOTE SERVER


vim /etc/rsyslog.conf

scroll down to bottom of file

unmark and replace

#*.*@@remotehost:514

@@ means communication only over TCP

@ means comm only over UDP

with

*.*@@ipofserver:514

:wq

service rsyslog reload

Comments

Post a Comment

Popular posts from this blog

RHEL 7

RHEL 7 ..... ************************RHCSA Version 7 **************** Initial configuration.txt: *you have been provided a virtual box named as serverX.example.com (hint:where X is your domain number) * password for both virtual machine should be "Postroll" *serverX.example.com provided with ip=172.25.X.10/255.255.255.0 *serverX.example.com are provided with gateway 172.25.254.254 & example.com dns domain with the IP: 172.25.254.254 gateway 172.25.0.1 netmask 255.255.255.0 nameserver 172.25.254.250 1) configure your systems that should be running Enforcing 2) create a new 100MB Physical partition mounted under /Gluster (Note because partition sizes are seldom exactly what is specified when they are created, any thing within the range of 70MB to 120MB is acceptable) 3) create a new 150MB swap partition f/s. (Note because partition sizes are seldom exactly what is specified when they are created, any thing within the range of 13...
Read more

Configure TLS SSL 389 Directory Server CentOS

Image
389 Directory server is an amazing MultiMaster LDAP solution. Out of the box 389 is not configured to use TLS/SSL, so we are going to walk through the setup process. Please note, that we are using this as a test, so we are using a self-signed certificate, but the directions should work for both scenarios. login, and su to root Generate the Self-Signed Certificate: change to the necessary directory, and setup a few files for the CA now generate the key/certificate setup your certificate as appropriate set permissions on the cert key now we need to make sure certificate matching is disabled (unless you are using a full cert) modify lines 85-88 as follows: Generate and Self-Sign Certificate launch the 389-console open the directory server you were just working on, and click "Manage Certificates" Servername –> Directory Server –> Manage Certificates set, and REMEMBER ...
Read more

How to configure apache server in linux

Image
Apache is the most popular, secure, robust, reliable and powerful web server. Apache is used by more websites than all other web servers combined. RHEL6 includes Apache version 2.2 RHCE6 Exam objectives covered in this article HTTP/HTTPS Configure a virtual host. Configure private directories. Deploy a basic CGI application. Configure group-managed content. In this tutorial I will use three systems Server, linuxclient and windowclient from our LAB environment. I will configure Apache Web Server on Server system and test from inuxclient and windowclient system. If you want to check the network topology used in this article please check following article. Lab set up for RHCE 6 practice Installation of Apache Two packages are required for Apache server httpd mod_ssl elinks httpd package install Apache web server. mod_ssl is the additional package which required to create secure websites elinks is the additional package for text based we...
Read more