Cyber Security Analyst

Basic – Intermediate Hands-on Training Course

Class -1: Linux System Administration Basic

- History and System Understandings

Trainer: A . S. M. Shamim Reza

[email protected]
What is OS ?

Its a software that runs the computer

Major Operating System:

MacOS Windows Linux

Major Distribution of Linux:

2 Cyber Security Analyst Conducted by – A. S. M. Shamim Reza | [email protected]

What is Linux ?

Linux is an Operating system (Based on UNIX) which is isn’t a user friendly at all but it suit a
system admin with whatever a simple to complex network & system want.

Remember “On a UNIX or Linux system, everything is a file; if something is not

a file, it is a process."

Also it’s a multi-tasking and multi-user operating system which can handle many at the same time
easily.

History of Linux:

Linus Torvalds of University of Helsinki has created Linux OS on 1991. At the very first of Linux
invention it actually called “freax = freak free x”. But after getting a first project for FTP server,
coworkers have named it Linux.

Why do we will use Linux???

Advantage of Linux:

 Linux is free:

If you want to spend absolutely nothing, you don't even have to pay the price of a CD. Linux
can be downloaded in its entirety from the Internet completely for free. No registration fees,
no costs per user, free updates, and freely available source code in case you want to change
the behavior of your system.

 Linux is portable to any hardware platform:

A vendor who wants to sell a new type of computer and who doesn't know what kind of OS
his new machine will run, can take a Linux kernel and make it work on his hardware,
because documentation related to this activity is freely available.

 Linux was made to keep on running:

As with UNIX, a Linux system expects to run without rebooting all the time. That is why a
lot of tasks are being executed at night or scheduled automatically for other calm moments,
resulting in higher availability during busier periods and a more balanced use of the
hardware. This property allows for Linux to be applicable also in environments where
people don't have the time or the possibility to control their systems night and day.

 Linux is secure and versatile:

The security model used in Linux is based on the UNIX idea of security, which is known to
be robust and of proven quality. But Linux is not only fit for use as a fort against enemy
attacks from the Internet: it will adapt equally to other situations, utilizing the same high
standards for security. Your development machine or control station will be as secure as
your firewall.

3 Cyber Security Analyst Conducted by – A. S. M. Shamim Reza | [email protected]

  Linux is scalable:

From a Palmtop with 2 MB of memory to a petabyte storage cluster with hundreds of nodes:
add or remove the appropriate packages and Linux fits all. You don't need a supercomputer
anymore, because you can use Linux to do big things using the building blocks provided
with the system. If you want to do little things, such as making an operating system for an
embedded processor or just recycling your old 486, Linux will do that as well.

 The Linux OS and most Linux applications have very short debug-times:

Because Linux has been developed and tested by thousands of people, both errors and
people to fix them are usually found rather quickly. It sometimes happens that there are only
a couple of hours between discovery and fixing of a bug.

 There are too many different distributions.

 Linux is not very user friendly and confusing for beginners.
 Is an Open Source product trustworthy?

Linux users have the choice whether to use Linux or not, which gives them an enormous
advantage compared to users of proprietary software, who don't have that kind of freedom.
After long periods of testing, most Linux users come to the conclusion that Linux is not only
as good, but in many cases better and faster that the traditional solutions. If Linux were not
trustworthy, it would have been long gone, never knowing the popularity it has now, with
millions of users. Now users can influence their systems and share their remarks with the
community, so the system gets better and better every day. It is a project that is never
finished, that is true, but in an ever changing environment, Linux is also a project that
continues to strive for perfection.

Linux File system Hierarchy:

What is File-system?

A file-system is the methods and data structures that an operating system uses to keep track of files on a disk
or partition; that is, the way the files are organized on the disk.

Now some one could ask then what’s the different between a File-system and a partition.

A File-system means how the files and folders are arranged.

And a partition is a logical part of the disk. Just think of a cake as the entire disk, a slice of that cake would
be a partition.

Types of file in Linux: ext2, ext3, ext4, proc, swap etc

4 Cyber Security Analyst Conducted by – A. S. M. Shamim Reza | [email protected]

5 Cyber Security Analyst Conducted by – A. S. M. Shamim Reza | [email protected]
Partition for Linux:

There are two types of Partition.

Primary partition:

A hard disk can contain up to 4 primary partitions and not more than that.

Extended partition:

To overcome some limitation a primary partition is converted to a extended

partition which is then further divided into sub-partitions called logical partitions. And not more than 1
primary partition can be converted to extended partition.

Linux numbers Logical partitions starting with 5: the numbers 1, 2, 3 and 4 are reserved for the
primary partition.

6 Stages of Linux Boot Process (Startup Sequence):

1. BIOS

 BIOS stands for Basic Input/Output System

 Performs some system integrity checks
 Searches, loads, and executes the boot loader program.
 It looks for boot loader in floppy, cd-rom, or hard drive. You can press a key (typically F12 of F2,
but it depends on your system) during the BIOS startup to change the boot sequence.
 Once the boot loader program is detected and loaded into the memory, BIOS gives the control to it.
 So, in simple terms BIOS loads and executes the MBR boot loader.

6 Cyber Security Analyst Conducted by – A. S. M. Shamim Reza | [email protected]

2. MBR

 MBR stands for Master Boot Record.

 It is located in the 1st sector of the bootable disk. Typically /dev/hda, or /dev/sda
 MBR is less than 512 bytes in size. This has three components 1) primary boot loader info in 1st 446
bytes 2) partition table info in next 64 bytes 3) mbr validation check in last 2 bytes.
 It contains information about GRUB (or LILO in old systems).
 So, in simple terms MBR loads and executes the GRUB boot loader.

3. GRUB

 GRUB stands for Grand Unified Bootloader.

 If you have multiple kernel images installed on your system, you can choose which one to be
executed.
 GRUB displays a splash screen, waits for few seconds, if you don’t enter anything, it loads the
default kernel image as specified in the grub configuration file.
 GRUB has the knowledge of the filesystem (the older Linux loader LILO didn’t understand
filesystem).
 Grub configuration file is /boot/grub/grub.conf (/etc/grub.conf is a link to this). The following is
sample grub.conf of CentOS.

#boot=/dev/sda
default=0
timeout=5
splashimage=(hd0,0)/boot/grub/splash.xpm.gz
hiddenmenu
title CentOS (2.6.18-194.el5PAE)
root (hd0,0)
kernel /boot/vmlinuz-2.6.18-194.el5PAE ro root=LABEL=/
initrd /boot/initrd-2.6.18-194.el5PAE.img

 As you notice from the above info, it contains kernel and initrd image.
 So, in simple terms GRUB just loads and executes Kernel and initrd images.

4. Kernel

 Mounts the root file system as specified in the “root=” in grub.conf

 Kernel executes the /sbin/init program
 Since init was the 1st program to be executed by Linux Kernel, it has the process id (PID) of 1. Do a
‘ps -ef | grep init’ and check the pid.
 initrd stands for Initial RAM Disk.
 initrd is used by kernel as temporary root file system until kernel is booted and the real root file
system is mounted. It also contains necessary drivers compiled inside, which helps it to access the
hard drive partitions, and other hardware.

5. Init

 Looks at the /etc/inittab file to decide the Linux run level.

 Following are the available run levels
o 0 – halt
o 1 – Single user mode
o 2 – Multiuser, without NFS
o 3 – Full multiuser mode
o 4 – unused

7 Cyber Security Analyst Conducted by – A. S. M. Shamim Reza | [email protected]

 o 5 – X11
o 6 – reboot

 Init identifies the default initlevel from /etc/inittab and uses that to load all appropriate program.
 Execute ‘grep initdefault /etc/inittab’ on your system to identify the default run level
 If you want to get into trouble, you can set the default run level to 0 or 6. Since you know what 0 and
6 means, probably you might not do that.
 Typically you would set the default run level to either 3 or 5.

6. Runlevel programs

 When the Linux system is booting up, you might see various services getting started. For example, it
might say “starting sendmail …. OK”. Those are the runlevel programs, executed from the run level
directory as defined by your run level.
 Depending on your default init level setting, the system will execute the programs from one of the
following directories.
o Run level 0 – /etc/rc.d/rc0.d/
o Run level 1 – /etc/rc.d/rc1.d/
o Run level 2 – /etc/rc.d/rc2.d/
o Run level 3 – /etc/rc.d/rc3.d/
o Run level 4 – /etc/rc.d/rc4.d/
o Run level 5 – /etc/rc.d/rc5.d/
o Run level 6 – /etc/rc.d/rc6.d/

 Please note that there are also symbolic links available for these directory under /etc directly. So,
/etc/rc0.d is linked to /etc/rc.d/rc0.d.
 Under the /etc/rc.d/rc*.d/ direcotiries, you would see programs that start with S and K.
 Programs starts with S are used during startup. S for startup.
 Programs starts with K are used during shutdown. K for kill.
 There are numbers right next to S and K in the program names. Those are the sequence number in
which the programs should be started or killed.
 For example, S12syslog is to start the syslog daemon, which has the sequence number of 12.
S80sendmail is to start the sendmail daemon, which has the sequence number of 80. So, syslog
program will be started before sendmail.

Linux Start up and Run Levels

Runlevels

Linux utilizes what is called "runlevels". A runlevel is a software configuration of the system that
allows only a selected group of processes to exist. Init can run the system in one of eight runlevels.
These runlevels are 0-6. The system runs in only one of these runlevels at a time. Typically these
runlevels are used for different purposes.

For Redhat Linux / CentOS, the runlevels are:

0 – halt
1 – Single user mode
2 – Multiuser, without NFS
3 – Full multiuser mode
4 – Unused
5 – X11 (GUI)

8 Cyber Security Analyst Conducted by – A. S. M. Shamim Reza | [email protected]

 6 - Reboot

For Debian/Ubuntu, the run levels are -

0 - Halt the system
1 - Single-user / minimal mode
2 through 5 - multiuser modes
6 - Reboot

The inittab file

The "/etc/inittab" file tells init which runlevel to start the system at and describes the processes to be
run at each runlevel. An entry in the inittab file has the following format:

id:runlevels:action:process

Runlevels can be edited manually by editing control scripts in /etc/init.d and symbolic links in
/etc/rc0.d… /etc/rc6.d.

Reference: Google, Youtube, Wikipedia, RedHat Administration Guide, Debian Administration

Guide.

9 Cyber Security Analyst Conducted by – A. S. M. Shamim Reza | [email protected]