LINUX BASICS

OS BASICS

The OS is comprised of a number of pieces:

• The Bootloader: The software that manages the boot process of your computer. For most users,
this will simply be a splash screen that pops up and eventually goes away to boot into the
operating system.
• The kernel: This is the one piece of the whole that is actually called “Linux”. The kernel is the
core of the system and manages the CPU, memory, and peripheral devices. The kernel is the
“lowest” level of the OS.
• Daemons: These are background services (printing, sound, scheduling, etc) that either start up
during boot, or after you log into the desktop.
• The Shell: You’ve probably heard mention of the Linux command line. This is the shell – a
command process that allows you to control the computer via commands typed into a text
interface. This is what, at one time, scared people away from Linux the most (assuming they
had to learn a seemingly archaic command line structure to make Linux work). This is no longer
the case. With modern desktop Linux, there is no need to ever touch the command line.
• Graphical Server: This is the sub-system that displays the graphics on your monitor. It is
commonly referred to as the X server or just “X”.
• Desktop Environment: This is the piece of the puzzle that the users actually interact with.
There are many desktop environments to choose from (Unity, GNOME, Cinnamon,
Enlightenment, KDE, XFCE, etc). Each desktop environment includes built-in applications
(such as file managers, configuration tools, web browsers, games, etc).
• Applications: Desktop environments do not offer the full array of apps. Just like Windows and
Mac, Linux offers thousands upon thousands of high-quality software titles that can be easily
found and installed. Most modern Linux distributions (more on this in a moment) include App
Store-like tools that centralize and simplify application installation. For example: Ubuntu Linux
has the Ubuntu Software Center (Figure 1) which allows you to quickly search among the
thousands of apps and install them from one centralized location.
 FILESYSTEM STRUCTURE

Most Linux distributions will show you the same or a very similar layout.

/bin
/bin is the directory that contains binaries, that is, some of the applications and programs you can run.
You will find the ls program mentioned above in this directory, as well as other basic tools for making
and removing files and directories, moving them around, and so on. There are more bin directories in
other parts of the file system tree.

/boot
The /boot directory contains files required for starting your system. If you mess up one of the files in
here, you may not be able to run your Linux and it is a pain to repair.

/dev
/dev contains device files. Many of these are generated at boot time or even on the fly. For example,
if you plug in a new webcam or a USB pendrive into your machine, a new device entry will
automagically pop up here.
/etc
/etc is the directory where names start to get confusing. /etc gets its name from the earliest Unixes and
it was literally "et cetera" because it was the dumping ground for system files administrators were not
sure where else to put.
Nowadays, it would be more appropriate to say that etc stands for "Everything to configure", as it
contains most, if not all system-wide configuration files. For example, the files that contain the name of
your system, the users and their passwords, the names of machines on your network and when and
where the partitions on your hard disks should be mounted are all in here.

/home
/home is where you will find your users' personal directories.

/lib
/lib is where libraries live. Libraries are files containing code that your applications can use. They
contain snippets of code that applications use to draw windows on your desktop, control peripherals, or
send files to your hard disk.
There are more lib directories scattered around the file system, but this one, the one hanging directly off
of / is special in that, among other things, it contains the all-important kernel modules. The kernel
modules are drivers that make things like your video card, sound card, WiFi, printer, and so on, work.

/media
The /media directory is where external storage will be automatically mounted when you plug it in
and try to access it. As opposed to most of the other items on this list, /media does not hail back to
1970s, mainly because inserting and detecting storage (pendrives, USB hard disks, SD cards, external
SSDs, etc) on the fly, while a computer is running, is a relatively new thing.

/mnt
The /mnt directory, however, is a bit of remnant from days gone by. This is where you would manually
mount storage devices or partitions. It is not used very often nowadays.

/opt
The /opt directory is often where software you compile (that is, you build yourself from source code
and do not install from your distribution repositories) sometimes lands. Applications will end up in the
/opt/bin directory and libraries in the /opt/lib directory.
A slight digression: another place where applications and libraries end up in is /usr/local, When
software gets installed here, there will also be /usr/local/bin and /usr/local/lib directories. What
determines which software goes where is how the developers have configured the files that control the
compilation and installation process.
/proc
/proc, like /dev is a virtual directory. It contains information about your computer, such as
information about your CPU and the kernel your Linux system is running. As with /dev, the files and
directories are generated when your computer starts, or on the fly, as your system is running and things
change.

/root
/root is the home directory of the superuser of the system. It is separate from the rest of the users'
home directories.

/run
/run is another new directory. System processes use it to store temporary data for their own
nefarious reasons.

/sbin
/sbin is similar to /bin, but it contains applications that only the superuser (hence the initial s) will
need. You can use these applications with the sudo command that temporarily concedes you superuser
powers on many distributions. /sbin typically contains tools that can install stuff, delete stuff and format
stuff.

/usr
The /usr directory was where users' home directories were originally kept back in the early days of
UNIX. However, now /home is where users kept their stuff as we saw above. These days, /usr contains
a mish-mash of directories which in turn contain some applications, libraries, documentation,
wallpapers, icons and a long list of other stuff that need to be shared by applications and services.
You will also find bin, sbin and lib directories in /usr. What is the difference with their root-hanging
cousins? Not much nowadays. Originally, the /bin directory (hanging off of root) would contain very
basic commands, like ls, mv and rm; the kind of commands that would come pre-installed in all
UNIX/Linux installations, the bare minimum to run and maintain a system. /usr/bin on the other hand
would contain stuff the users would install and run to use the system as a work station, things like word
processors, web browsers, and other apps.
But many modern Linux distributions just put everything into /usr/bin and have /bin point to /usr/bin
just in case erasing it completely would break something. So, while Debian, Ubuntu and Mint still keep
/bin and /usr/bin (and /sbin and /usr/sbin) separate; others, like Arch and its derivatives just have one
"real" directory for binaries, /usr/bin, and the rest or *bins are "fake" directories that point to /usr/bin.

/srv
The /srv directory contains data for servers. If you are running a web server from your Linux box,
your HTML files for your sites would go into /srv/http (or /srv/www). If you were running an FTP
server, your files would go into /srv/ftp.
/sys
/sys is another virtual directory like /proc and /dev and also contains information from devices
connected to your computer.
In some cases you can also manipulate those devices. I can, for example, change the brightness of the
screen of my laptop by modifying the value stored in the
/sys/devices/pci0000:00/0000:00:02.0/drm/card1/card1-eDP-1/intel_backlight/brightness file (on your
machine you will probably have a different file). But to do that you have to become superuser.

/tmp
/tmp contains temporary files, usually placed there by applications that you are running. The files
and directories often (not always) contain data that an application doesn't need right now, but may need
later on.
You can also use /tmp to store your own temporary files - /tmp is one of the few directories hanging
off / that you can actually interact with without becoming superuser.

/var
/var was originally given its name because its contents was deemed variable, in that it changed
frequently. Today it is a bit of a misnomer because there are many other directories that also contain
data that changes frequently, especially the virtual directories we saw above.
/var contains things like logs in the /var/log subdirectories. Logs are files that register events that
happen on the system. If something fails in the kernel, it will be logged in a file in /var/log; if someone
tries to break into your computer from outside, your firewall will also log the attempt here. It also
contains spools for tasks. These "tasks" can be the jobs you send to a shared printer when you have to
wait because another user is printing a long document, or mail that is waiting to be delivered to users
on the system.
Your system may have some more directories we haven't mentioned above.
BOOT SEQUENCE
BIOS
• BIOS stands for Basic Input/Output System
• Performs some system integrity checks
• Searches, loads, and executes the boot loader program.
• It looks for the bootloader in the floppy, cd-rom, or hard drive. You can press a key (typically
F12 of F2, but it depends on your system) during the BIOS startup to change the boot sequence.
• Once the bootloader program is detected and loaded into the memory, BIOS gives the control to
it.
• So, in simple terms, BIOS loads and executes the MBR boot loader.

MBR
• MBR stands for Master Boot Record.
• It is located in the 1st sector of the bootable disk. Typically /dev/hda, or /dev/sda
• MBR is less than 512 bytes in size. This has three components :
• 1) primary boot loader info in 1st 446 bytes
• 2) partition table info in next 64 bytes
• 3) mbr validation check in last 2 bytes.
• It contains information about GRUB (or LILO in old systems).
• So, in simple terms, MBR loads and executes the GRUB boot loader.

GRUB
• GRUB stands for Grand Unified Bootloader.
• If you have multiple kernel images installed on your system, you can choose which one to be
executed.
• GRUB displays a splash screen, waits for few seconds, if you don’t enter anything, it loads the
default kernel image as specified in the grub configuration file.
• The GRUB has the knowledge of the filesystem (the older Linux loader LILO didn’t understand
filesystem).
• Grub configuration file is /boot/grub/grub.conf (/etc/grub.conf is a link to this).
• So, in simple terms GRUB just loads and executes Kernel and initrd images.

Kernel
• Mounts the root file system as specified in the “root=” in grub.conf
• Kernel executes the /sbin/init program
 • Since init was the 1st program to be executed by Linux Kernel, it has the process id (PID) of 1.
Do a ‘ps -ef | grep init’ and check the pid.
• initrd stands for Initial RAM Disk.
• initrd is used by the kernel as temporary root file system until the kernel is booted and the real
root file system is mounted. It also contains necessary drivers compiled inside, which helps it to
access the hard drive partitions, and other hardware.

Init

• Looks at the /etc/inittab file to decide the Linux run level.

• Following are the available run levels
• 0 – halt
• 1 – Single user mode
• 2 – Multiuser, without NFS
• 3 – Full multiuser mode
• 4 – unused
• 5 – X11
• 6 – reboot
• Init identifies the default initlevel from /etc/inittab and uses that to load all appropriate program.
• Execute ‘grep initdefault /etc/inittab’ on your system to identify the default run level
• If you want to get into trouble, you can set the default run level to 0 or 6. Since you know what
0 and 6 means, probably you might not do that.
• Typically you would set the default run level to either 3 or 5.

Runlevel programs
• When the Linux system is booting up, you might see various services getting started. For
example, it might say “starting sendmail …. OK”. Those are the runlevel programs, executed
from the run level directory as defined by your run level.
• Depending on your default init level setting, the system will execute the programs from one of
the following directories.

• 0 Run level – /etc/rc.d/rc0.d/

• 1 Run level – /etc/rc.d/rc1.d/

• 2 Run level – /etc/rc.d/rc2.d/

• 3 Run level – /etc/rc.d/rc3.d/

• 4 Run level – /etc/rc.d/rc4.d/

 • 5 Run level – /etc/rc.d/rc5.d/

• 6 Run level – /etc/rc.d/rc6.d/

• Please note that there are also symbolic links available for these directory under /etc directly.
So, /etc/rc0.d is linked to /etc/rc.d/rc0.d.
• Under the /etc/rc.d/rc*.d/ directories, you would see programs that start with S and K.
• Programs start with S are used during startup. S for startup.
• Programs start with K are used during shutdown. K for a kill.
• There are numbers right next to S and K in the program names. Those are the sequence number
in which the programs should be started or killed.
• For example, S12syslog is to start the Syslog deamon, which has the sequence number of 12.
S80sendmail is to start the sendmail daemon, which has the sequence number of 80. So, Syslog
program will be started before sendmail.

Init vs systemd

init is a abbreviation for Initialization. The init is a daemon process which starts as soon as the
computer starts and continue running till it is shutdown. In-fact init is the first process that starts when
a computer boots, making it the parent of all other running processes directly or indirectly and hence
typically it is assigned “pid=1“. A init process starts serially i.e., one task starts only after the last
task startup was successful and it was loaded in the memory. This often resulted into delayed and
long booting time.

A systemd is a System Management Daemon named with UNIX convention to add ‘d‘ at the end of
daemon. Similar to init, systemd is the parent of all other processes directly or indirectly and is the first
process that starts at boot hence typically assigned a “pid=1“. Features of systemd:

• Clean, stateforward and efficient design.

• Simpler boot process.
• Concurrent and parallel processing at boot.
• Better API.
• Simple Unit Syntax.
• Ability to remove optional components.
• Low memory footprints.
• Improved technique to express dependencies.
• Initialization instruction written in config file and not in shell script.

Bottlenecks:
• Everything at one place.
• Not POSIX standard.
 PROCESS MANAGEMENT

A program is a series of instructions that tell the computer what to do. When we run a program,
those instructions are copied into memory and space is allocated for variables and other stuff required
to manage its execution. This running instance of a program is called a process and it's processes
which we manage.

Process states in Linux:

• R: running or runnable, it is just waiting for the CPU to process it

• S: Interruptible sleep, waiting for an event to complete, such as input from the terminal

• D: Uninterruptible sleep, processes that cannot be killed or interrupted with a signal, usually to
make them go away you have to reboot or fix the issue
• Z: Zombie, we discussed in a previous lesson that zombies are terminated processes that are
waiting to have their statuses collected
• T: Stopped, a process that has been suspended/stopped

Commands for managing Linux processes:

• top, htop

• ps, pstree

• kill

• bg, fg

• jobs

Process signals:
• SIGHUP 1 Term Hangup detected on controlling terminal or death of controlling
process
• SIGINT 2 Term Interrupt from keyboard
• SIGQUIT 3 Core Quit from keyboard
• SIGILL 4 Core Illegal Instruction
• SIGABRT 6 Core Abort signal from abort(3)
• SIGFPE 8 Core Floating point exception
• SIGKILL 9 Term Kill signal
• SIGSEGV 11 Core Invalid memory reference
• SIGPIPE 13 Term Broken pipe: write to pipe with no readers
• SIGALRM 14 Term Timer signal from alarm(2)
• SIGTERM 15 Term Termination signal
• SIGUSR1 30,10,16 Term User-defined signal 1
• SIGUSR2 31,12,17 Term User-defined signal 2
• SIGCHLD 20,17,18 Ign Child stopped or terminated
• SIGCONT 19,18,25 Cont Continue if stopped
• SIGSTOP 17,19,23 Stop Stop process
• SIGTSTP 18,20,24 Stop Stop typed at terminal
• SIGTTIN 21,21,26 Stop Terminal input for background process
• SIGTTOU 22,22,27 Stop Terminal output for background process
 ADMINISTRATION

Repositories
A Software Repository is basically a database of application installation packages and upgrade
packages available for your Linux distro.
When you install Linux, your Software Center will come pre-configured with a default Repository.
Normally, this is perfectly acceptable, but there are times when the applications you need are not listed
in this repository and it becomes necessary to add additional Repositories to access the additional
functionality.

Package managers:
• yum (dnf) - for rpm packages, Red Hat based Linux

• apt (apt-get, aptitude) - for deb packages, Debian based Linux

• zypper - SUSE Linux

• pacman - Arch, Manjaro

 IPtables

Linux kernel’s network packet processing subsystem is called Netfilter, and iptables is the command
used to configure it.

Iptables is known as a standard firewall included in most Linux distributions by default (a modern
variant called nftables will begin to replace it). It is actually a frontend to the kernel-level netfilter
hooks that can manipulate the Linux network stack. It works by matching each packet that crosses the
networking interface against a set of rules to decide what to do.

Iptables defines five “hook points” in the kernel’s packet processing pathways:
• PREROUTING
• INPUT
• FORWARD
• POSTROUTING
• OUTPUT

Iptables comes with three built-in tables:

• filter
• mangle
• nat

Each is preconfigured with chains corresponding to one or more of the hook points.

filter table
 nat table

mangle table

Iptables targets:
• ACCEPT

• DROP (drops packets dead and will not carry out any further processing)

• REJECT (same as the DROP target, but it also sends back an error message to the host sending
the packet that was blocked)
• SNAT (Source Network Address Translation, which means that this target will rewrite the
Source IP address in the IP header of the packet)
• DNAT (rewrite the Destination IP address of a packet)

• MASQUERADE (same as the SNAT target, but it does not require any --to-source option)
 • LOG (logging detailed information about packets)

• RETURN (cause the current packet to stop traveling through the chain where it hit the rule)

• MARK (used to set Netfilter mark values that are associated with specific packets)

• MIRROR (experimental! Used to invert the source and destination fields in the IP header, and
then to retransmit the packet)
• QUEUE (queue packets to User-land programs and applications)

• REDIRECT (redirect packets and streams to the machine itself)

• TOS (used to set the Type of Service field within the IP header)

• TTL (used to modify the Time To Live field in the IP header)

• ULOG (user space logging)

UFW and firewalld are both frontends to iptables.

UFW is disabled by default in Ubuntu Server edition but is very trivial to learn and enable, but
FirewallD is enabled by default in Fedora and Red Hat Enterprise but the more complex syntax
may require more learning.