Sunday, 28 September 2014

Important Intervoew Questions




Q (1) Difference between TCP and UDP?

Acronym for
Transmission Control Protocol
User Datagram Protocol or Universal Datagram Protocol
Connection
TCP is a connection-oriented protocol.
UDP is a connectionless protocol.
Function
As a message makes its way across the internet from one computer to another. This is connection based.
UDP is also a protocol used in message transport or transfer. This is not connection based which means that one program can send a load of packets to another and that would be the end of the relationship.
Usage
TCP is suited for applications that require high reliability, and transmission time is relatively less critical.
UDP is suitable for applications that need fast, efficient transmission, such as games. UDP's stateless nature is also useful for servers that answer small queries from huge numbers of clients.
Use by other protocols
HTTP, HTTPs, FTP, SMTP, Telnet
DNS, DHCP, TFTP, SNMP, RIP, VOIP.
Ordering of data packets
TCP rearranges data packets in the order specified.
UDP has no inherent order as all packets are independent of each other. If ordering is required, it has to be managed by the application layer.
Speed of transfer
The speed for TCP is slower than UDP.
UDP is faster because there is no error-checking for packets.
Reliability
There is absolute guarantee that the data transferred remains intact and arrives in the same order in which it was sent
There is no guarantee that the messages or packets sent would reach at all.
Header Size
TCP header size is 20 bytes
UDP Header size is 8 bytes.
Common Header Fields
Source port, Destination port, Check Sum
Source port, Destination port, Check Sum
Weight
TCP is heavy-weight. TCP requires three packets to set up a socket connection, before any user data can be sent. TCP handles reliability and congestion control.
UDP is lightweight. There is no ordering of messages, no tracking connections, etc. It is a small transport layer designed on top of IP.
Data Flow Control
TCP does Flow Control. TCP requires three packets to set up a socket connection, before any user data can be sent. TCP handles reliability and congestion control.
UDP does not have an option for flow control
Error Checking
TCP does error checking
UDP does error checking, but no recovery options.
Fields
1. Sequence Number, 2. AcK number, 3. Data offset, 4. Reserved, 5. Control bit, 6. Window, 7. Urgent Pointer 8. Options, 9. Padding, 10. Check Sum, 11. Source port, 12. Destination port
1. Length, 2. Source port, 3. Destination port, 4. Check Sum
Acknowledgement
Acknowledgement segments
No Acknowledgment
Handshake
SYN, SYN-ACK, ACK
No handshake (connectionless protocol)
Checksum
checksum
to detect errors


Posted by at No comments:

Thursday, 3 July 2014

Galera with MySQL cluster

Galera







Galera

Galera Replication is a synchronous multi- master replication plug-in for InnoD. It is very different from the regular MYSQL Replication, and addressess a number of issues including  write conflicts when writing on multiple masters, replication lag and slaves being out of sync with the master. Galera easy is an easy-to-use, high-availability solution, which provides high system update, no data loss and scalability for future growth.
  
Galera Replication
-> Galera replication happens at transaction commit time, by broadcasting transaction write set to the cluster for applying

-> Clients connects directly to the DBMS and experiances close to native DBMS behavior

-> wsrep API (write set replication API), define the interface between Galera replication and     
the DBMS


Synchronous vs Asynchronous Replication 
The basic difference between Synchronous and Asynchronous replication is that “synchronous” guarantees that if changes happened on one node of the cluster, they happened on other nodes “sychronously”. “Asynchronous”  give no guarantees about the delay between applying changes on “master”  node and the propagation of changes to “slave” nodes. The delay can be short or long – it is a matter of luck. This also implies that if master node crashes, some of the latest changes my be lost.

Theoretically synchronous replication has a number of advantages over asynchronous.

-> It is always available (there is no data loss when one nodes crashes and data replicas are always consistent.)

-> transactions can be executed on all nodes in parallel.

-> it can guarantee causality across the whole cluster (SELECT S issued after transaction T will always see the effects of transaction even if it is executed on another node)


What is difference between MYSQL Replication and Galera Replication?

MYSQL Replication is part of the standard MYSQL database, and is mainly asynchronous in nature. Update are always done on master, and these are propagated to slaves. It is possible to create a ring topology with multiple masters, howecer that is not recommeneded as it is very easy for the servers to get out of sync on case of a master failing. There is no automatic failover or resynchronization in these cases.

Galera Replication is a plug-in to MySQL, and enables a true master- master setup for InnDB. In a Galera replication cluster, all nodes are masters and applications can read and write from any node. Transactions are synchronously commited on all nodes. In case on node failing, the other nodes will continue to operate and kept up to date. When the failed node comes up again, it automatically sychronizes with the other nodes before it is allowed back into the cluster. No data is lost when a node fails.

Advantages of Galera

-> A high avalibility solution with synchronous replication, failover and resynchroniztion.

-> No less of data

-> All servers have up-to-date data (no slave lag)

-> Read scalability

-> “Pretty good” write scalability

-> High availability across data centers.

-> No need to learn new storage engine technology like NDBCluster. Learning new technology will require some time to learn. It just similar to InnoDB with added of cluster functionality.



Disadvantages of Galera

-> It’s new. There isn’t a huge body of experience with its strengths, weaknesses, and appropriate use cases.

-> It support only InnoDB.
-> The whole cluster performs writes as slowly as the weakest node. Thus, all nodes need similar hardware, and if one node slows down (e.g., because the RAID card does a battery-learn cycle), all of them slow down. If one node has probability P of being slow to accept writes, a three-node cluster has probability 3P of being slow.

-> Because of the cross-node communication required at transaction commit, writes will get slower, and deadlocks and  rollbacks will get more frequent, as you add nodes to the cluster.

-> A minimal Galera cluster consists of 3 nodes. The reason is that, should there be a problem applying a transaction on one node (e.g., network problem or the machine becomes unresponsive), the two other nodes will have a quorum (i.e. a majority) and will be able to proceed with the transaction commit.

-> Both node are depended to each other , means node1 depended on node3, and node2 depended on node1, and node3 depended on node2, you need to start cluster on secuance  way.

 -> With increasing number of writeable masters, the transaction rollback may increase, especially if there is write contention on the same dataset. This increases transaction latency.

-> It is possiable for a slow/overloaded master node to affect performance of the Galera replication cluster, therefore it is recommended to have uniform servers across the cluster.




How to configure Galera cluster on Rhel6.5  

In this Galera cluster setup, I have taken 3 node to illustrate.

node1(RHEL6.5) - 192.168.56.112
node2(RHEL6.5) - 192.168.56.113
node3(RHEL6.5) - 192.168.56.114

Packages Required.

1 galera-25.3.2-1.rhel6.x86_64.rpm                      (https://launchpad.net/galera)
2 mysql-5.6.14_wsrep_25.1-linux-x86_64.tar.gz     (https://launchpad.net/codership-mysql)
3 rsync

Install MySQL Package on all the 3 nodes, using the standard procedure.

1. First install the dependencies

# yum install libaio.x86_64 libaio-devel.x86_64 libdbi-dbd-mysql.x86_64 ibdbi.x86_64 libdbi-drivers.x86_64 perl.x86_64 perl-DBD-MySQL.x86_64

2. Configure Galera


[root@galera1 opt]#  rpm -ivh galera-25.3.2-1.rhel6.x86_64.rpm
Preparing...                ########################################### [100%]
   1:galera                 ########################################### [100%]
[root@galera1 opt]#
[root@galera2 opt]# ls -ltrh /usr/lib64/galera/libgalera_smm.so
-rwxr-xr-x. 1 root root 28M Feb 19 12:07 /usr/lib64/galera/libgalera_smm.so

[root@galera1 ]# rpm -Uvh --force MySQL-server-5.5.31_wsrep_23.7.5-1.rhel6.x86_64.rpm

[root@galera1 ]# rpm -Uvh MySQL-client-5.5.31-2.el6.x86_64.rpm

3. Initial MySQL setup on first node.

service mysql start
mysql
mysql> DROP USER 'root'@'127.0.0.1';
mysql> DELETE FROM mysql.user WHERE user='';
mysql> GRANT ALL ON *.* TO root@'%' IDENTIFIED BY 'P@ssw0rd';
mysql> UPDATE mysql.user SET Password=PASSWORD('P@ssw0rd') WHERE User='root';
mysql> quit


4. Create directory and copy files:


#mkdir /etc/mysql

# cp /usr/share/mysql/wsrep.cnf /etc/mysql/

#cp /usr/share/mysql/my-small.cnf /etc/my.cnf


5. Edit my.cnf:


vi /etc/my.cnf
add line:
!includedir /etc/mysql
6. Edit wsrep.cnf:


vi /etc/mysql/wsrep.cnf
change lines to:
wsrep_provider=/usr/lib64/galera/libgalera_smm.so
wsrep_sst_auth=root:P@ssw0rd
# Group communication system handle
wsrep_cluster_address="gcomm://"
wsrep_cluster_name="mygalera"
wsrep_cluster_method=rsync

7. Restart Msql:

# service mysql restart

8. Log in and check cluster is up:

mysql
mysql> show status like 'wsrep%';
must be :
| wsrep_cluster_size | 1 |
| wsrep_ready | ON |

9. Second node setup:

repeat steps 4-8, in step 6 write:
wsrep_cluster_address="gcomm://IP_of_first_node"
in step 8 you'll see:
must be :
| wsrep_cluster_size | 2 |
| wsrep_ready | ON |

10. Third node setup:


repeat steps 4-8, in step 6 write:
wsrep_cluster_address="gcomm://IP_of_second_node"
in step 8 you'll see:
must be :
| wsrep_cluster_size | 3 |
| wsrep_ready | ON |

11.  Reconfigure the first node:


vi /etc/mysql/wsrep.cnf
change cluster address to:
wsrep_cluster_address="gcomm://IP_of_third_node"

12 Restart mysql.

service mysql restart


Your cluster is ready to accept connection.



Posted by at No comments:

Sunday, 16 February 2014



                 How to create and extract zip, tar, tar.gz and tar.bz2 files in Linux

Data compression has been versy useful to us over the daily life of system admin. Whether its a zip file containing images to be send in a mail or a compressed the data backup stored on a server, we use data compression to save valuable hard drive space or to make downloading of files easier. There are some formats which allow us to compress our data by 60% or more. I am going to show some compression format to compress and decompress files and directoris on a linux machines.

I will cover the basic useage of zip,tar,tar.gz and tar.bz2 formats. These are some most of the popular formats for compressions used on Linux machines.

ZIP

Zip is probably the most commonly used archiving format out there today. Its biggest advantage is the fact that it is available on all operating system platforms such as Linux, Windows, and Mac OS, and generally supported out of the box. The downside of the zip format is that it does not offer the best level of compression. Tar.gz and tar.bz2 are far superior in that respect. Let’s move on to usage now.

To compress a directory with zip do the following:

[root@bhandari ~]# zip -r archive_name.zip directory_to_compress

Here’s how you extract a zip archive:

[root@bhandari ~]# unzip archive_name.zip

Tar

Tar is a very commonly used archiving format on Linux systems. The advantage with tar is that it consumes very little time and CPU to compress files, but the compression isn’t very much either. Tar is probably the Linux/UNIX version of zip – quick and dirty. Here’s how you compress a directory:

[root@bhandari ~]# tar -cvf archive_name.tar directory_to_compress

-> -c: Create archive
-> -v: Verbose i.e display progress while creating archive
-> -f: Archive File name

And to extract the archive:

[root@bhandari ~]# tar -xvf archive_name.tar.gz

-> -x: Extract files

This will extract the files in the archive_name.tar archive in the current directory. Like with the tar format you can optionally extract the files to a different directory:

[root@bhandari ~]# tar -xvf archive_name.tar -C /tmp/extract_here/

TAR.GZ

This format is my weapon of choice for most compression. It gives very good compression while not utilizing too much of the CPU while it is compressing the data. To compress a directory use the following syntax:

[root@bhandari ~]# tar -zcvf archive_name.tar.gz directory_to_compress

To decompress an archive use the following syntax:

[root@bhandari ~]# tar -zxvf archive_name.tar.gz

This will extract the files in the archive_name.tar.gz archive in the current directory. Like with the tar format you can optionally extract the files to a different directory:

[root@bhandari ~]# tar -zxvf archive_name.tar.gz -C /tmp/extract_here/

Tar.bz2

This format has the best level of compression among all of the formats I’ve mentioned here. But this comes at a cost – in time and in CPU. Here’s how you compress a directory using tar.bz2:

[root@bhandari ~]#  tar -jcvf archive_name.tar.bz2 directory_to_compress

-> -j: filter the archive through bzip2

This will extract the files in the archive_name.tar.bz2 archive in the current directory. To extract the files to a different directory use:

[root@bhandari ~]# tar -jxvf archive_name.tar.bz2 -C /tmp/extract_here/

Data compression is very handy particularly for backups. So if you have a shell script that takes a backup of your files on a regular basis you should think about using one of the compression formats you learned about here to shrink your backup size.

Over time you will realize that there is a trade-off between the level of compression and the the time and CPU taken to compress. You will learn to judge where you need a quick but less effective compression, and when you need the compression to be of a high level and you can afford to wait a little while longer.

Regards
Manish Bhandari
Posted by at No comments:

Monday, 27 January 2014

Intruducation of Linux


                                                        Introducation of Linux 

What is Linux ?
Linux is a free open-source operating system based on Unix. Linus Torvalds originally created Linux with the assistance of developers from around the world. Linux is:

-> Free
-> Unix like
-> Open Source
-> Network operating System
-> Stable
-> Robust
-> Secure
-> High performance

It is excellent operating system for:-

-> Desktop computer
-> Web server
-> Software development workstation
-> Network monitoring workstation
-> Workgroup server
-> Killer network services such as DHCP, Firewall, Router, FTP, SSH, Mail, Proxy, Proxy Cache server etc.

                                                        History of Linux

In 1991, Linus Torvalds was studying UNIX at university, where he was using a special educational experimental purpose operating system called Minix (a small version of UNIX to be used in the academic environment). However, Minix had its limitations and Linus felt he could create something better. Therefore he developed his own version of Minix, known as Linux. Linux was Open Source right from the start. Linux is a kernel developed by Linus. The kernel was bundled with system utilities and libraries from the GNU project to create a usable operating system. Sometimes people refer to Linux as GNU/Linux because it has system utilities and libraries from the GNU project. Linus Torvalds is credited for creating the Linux Kernel, not the entire Linux operating system[1].

Linux distribution = Linux kernel + GNU system utilities and libraries + Installation scripts + Management utilities etc.

What is kernel ?

The kernel is the heart of the Linux operating system. Linux is not operating system. Linux is a kernel. A kernel provides access to the computer hardware and control access to resources such as:

-> File management.
-> Multitasking.
-> Memory management.
-> I/O management.
-> Process management.
-> device management.
-> Running programs.
-> Loading programs into memory.
-> Networks.
-> Security and firewall.
-> Other resources etc.

The kernel decides who will use these resources and for how long and when. It runs your programs or sets up to execute binary files. The kernel acts as an intermediary between the computer hardware and various applications.

What is Shell ?

Computers understand the language of zeros and ones known as binary language. In the early days of computing, instructions were provided using binary language, which is difficult for all of us to read and write. Therefore, in an operating system there is a special program called the shell. The shell accepts human readable commands and translates them into something the kernel can read and process.

In short : 

-> It is a command language interpreter that executes commands read from the standard input device such as keyboard or from a file.
-> The shell is not part of system kernel, but uses the system kernel to execute programs, create files etc.

Several shells are available for Linux including:

BASH ( Bourne-Again SHell ) - Most common shell in Linux. It's Open Source.
CSH (C SHell) - The C shell's syntax and usage are very similar to the C programming language.
KSH (Korn SHell) - Created by David Korn at AT & T Bell Labs. The Korn Shell also was the base for the POSIX Shell standard specifications.
TCSH - It is an enhanced but completely compatible version of the Berkeley UNIX C shell (CSH).

Please note that each shell does the same job, but each understands different command syntax and provides different built-in functions. Under MS-DOS, the shell name is COMMAND.COM which is also used for the same purpose, but it is by far not as powerful as our Linux Shells are!

How do I find out my current shell name?

To find all of the available shells in your system, type the following command:

root@bhandari]# cat /etc/shells

In case the /etc/shells file has more than one shell listed under it, then it means that more than one shell is supported by your platform.

Command Line Interface (CLI)

The shell provides an interface to Linux where you can type or enter commands using the keyboard. It is known as the command line interface (CLI).

To find out your current shell type following command.

root@bhandari]# echo $SHELL
root@bhandari]# ps $$
root@bhandari]# ps -p $$

The following sample output indicate that I am using bash shell:

 PID TTY          TIME CMD
13931 pts/4    00:00:00 bash

Basic Command Line Editing

You can use the following key combinations to edit and recall commands:

CTRL + L : Clear the screen.
CTRL + W : Delete the word starting at cursor.
CTRL + U : Clear the line i.e. Delete all words from command line.
Up and Down arrow keys : Recall commands (see command history).
Tab : Auto-complete files, directory, command names and much more.
CTRL + R : Search through previously used commands (see command history)
CTRL + C : Cancel currently running commands.
CTRL + T : Swap the last two characters before the cursor.
ESC + T : Swap the last two words before the cursor.
CTRL + H : Delete the letter starting at cursor.

Getting Help In Linux

Most commands under Linux will come with documentation.

You can view documentation with the man command or info command. In this example, open the manpage for date command:

root@bhandari]# man date

You can read info documentation as follows for the ls command:

root@bhadnari]# info ls

Many commands accepts --help or -h command line option. In this example, display help options for the date command:

root@bhandari]# date --help

In short use any one of the following option to get more information about Linux commands:

man commandName
info commandName
commandName -h
commandName --help

Posted by at No comments:

Wednesday, 8 January 2014

How to configure DNS in Rhel6.4


========How to configure DNS in Rhel6.4=============


[root@master ~]# yum install bind*

[root@master ~]# cp -p /etc/named.* /var/named/chroot/etc/

[root@master ~]# rm -rf /etc/named.*

[root@master ~]# cp -p /var/named/named.* /var/named/chroot/var/named/

[root@master ~]# rm -rf /var/named/named.*

[root@master ~]# cd /var/named/chroot/etc/

[root@master etc]# ll
total 28
-rw-r--r-- 1 root root   265 Jan  8 21:35 localtime
drwxr-x--- 2 root named 4096 Dec  5  2012 named
-rw-r----- 1 root named 1008 Jul 19  2010 named.conf
-rw-r--r-- 1 root named 2389 Dec  5  2012 named.iscdlv.key
-rw-r----- 1 root named  931 Jun 21  2007 named.rfc1912.zones
-rw-r--r-- 1 root named  487 Jul 19  2010 named.root.key
drwxr-x--- 3 root named 4096 Jan  8 21:35 pki


[root@master etc]# cat named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
listen-on port 53 { 127.0.0.1;192.168.122.132; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query     { localhost; };
recursion yes;

dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;

/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
type hint;
file "named.ca";
};

zone "example.com" IN {
        type master;
        file "tom";
        allow-update { none; };
};

zone "122.168.192.in-addr.arpa" IN {
        type master;
        file "jerry";
        allow-update { none; };
};


[root@master ~]# cd /var/named/chroot/var/named/

[root@master named]# cp -p named.localhost tom

[root@master named]# cat tom
$TTL 1D
@ IN SOA master.example.com. root.master.example.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master.example.com.
master A 192.168.122.132

[root@master named]# cp -p named.empty jerry

[root@master named]# cat jerry
$TTL 3H
@ IN SOA master.example.com. root.master.example.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS master.example.com.
132     PTR     master.

[root@master named]# /etc/init.d/named start
Generating /etc/rndc.key:                                  [  OK  ]
Starting named:                                            [  OK  ]


[root@master ~]# nslookup master.example.com   (FQDN)
Server: 127.0.0.1
Address: 127.0.0.1#53

Name: master.example.com
Address: 192.168.122.132


[root@master ~]# dig master.example.com

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6 <<>> master.example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23023
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;master.example.com. IN A

;; ANSWER SECTION:
master.example.com. 86400 IN A 192.168.122.132

;; AUTHORITY SECTION:
example.com. 86400 IN NS master.example.com.

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Jan  8 21:52:46 2014
;; MSG SIZE  rcvd: 66


[root@master ~]# dig -x 192.168.122.132

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6 <<>> -x 192.168.122.132
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35520
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;132.122.168.192.in-addr.arpa. IN PTR

;; ANSWER SECTION:
132.122.168.192.in-addr.arpa. 10800 IN PTR master.

;; AUTHORITY SECTION:
122.168.192.in-addr.arpa. 10800 IN NS master.example.com.

;; ADDITIONAL SECTION:
master.example.com. 86400 IN A 192.168.122.132

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Jan  8 21:53:02 2014
;; MSG SIZE  rcvd: 114

Posted by at No comments:

Friday, 15 November 2013

Boot Process in Linux


                                                              Boot Process in Linux

 Linux booting process is an essential part of every Linux user/administration which will give you a clear picture of how Linux Operating system works. In this post we will see what happens when a Linux OS boots i.e. after powering on the machine to the user login prompt. Below image will give you clear idea what will happen in Linux booting process.




A quick view of booting sequence:
Power on
CPU jumps to BIOS
BIOS runs POST
Finds first bootable device
Load and execute MBR
Load OS
User prompt

1. System Startup (BIOS)
This is the first stage is booting process.  When you power on/Restart your machine the power is supplied to SMPS (switched-mode power supply) which converts AC to DC. The DC power is supplied to all the devices connected to that machine such as Motherboard HDD's, CD/DVD-ROM, Mouse, keyboard etc. The most intelligent device in the computer is Processor(CPU), when supplied with power will start running its sequence operations stored in its memory. The first instruction it will run is to pass control to BIOS(Basic Input/Output System) to do POST(Power On Self Test). Once the control goes to BIOS it will take care of two things.
  • Run POST operation.
  • Selecting first Boot device.
Post operation:  The POST will check all hardware connected to system working correctly or not. 

Selecting Boot device: Once POST completes, it flushes from the memory, but the BIOS runtime services remain and it searches for devices for bootable disk, ( It will select the first boot device and gives back the control to Processor(CPU). Suppose if it does not find first boot device, it will check for next boot device, if not third and so on. If BIOS do not find any boot device it will alert user stating "No boot device found".) that order of preference defined in the complementary metal oxide semiconductor (CMOS) settings. A boot device can be a floppy disk, a CD-ROM, a partition on a hard disk, a device on the network, or even a USB flash memory stick. Once BIOS detects the bootable device then it executes the MBR (Master Boot Recorder).
2. Second Stage ( MBR) 

 Once the BIOS gives control back to CPU, it will try to load MBR of the first boot device(We will consider it as HDD). MBR is a small part of Hard Disk with just a size of 512 Bytes, This MBR resides at the starting of HDD or end of HDD depending on manufacturer.

 What is MBR? ( 1st Stage of the Boot Loader.)

 MBR(Master Boot recorder) is a location on disk which have details about.
  • Primary boot loader code(This is of 446 Bytes)
  • Partition table information(64 Bytes)
  • Magic number(2 Bytes)
 Which will be equal to 512B (446+64+2)Bytes.

 Primary Boot loader code: This code provides boot loader information and location details of actual boot loader code on the hard disk. This is helpful for CPU to load second stage of Boot loader.

 Partition table: MBR contains 64 bytes of data which stores Partition table information such as what is the start and end of each partition, size of partition, type of partition(Whether it's a primary or extended etc). As we all know HDD support only 4 partitions, this is because of the limitation of its information in MBR. For a partition to represent in MBR, it requires 16 Bytes of space in it so at most we will get 4 partitions. to know more about this. ( http://www.linuxnix.com/2009/05/why-we-can-create-only-up-to-4-primary-partations.html)

Magic Number: The magic number service as validation check for MBR. If MBR gets corrupted this magic number is used to retrieve it. What to take backup of your MBR.
http://www.linuxnix.com/2009/11/how-to-take-the-backup-of-mbrmaster-boot-recorder.html

Now the MBR Loads in to RAM.
First Stage of the boot loader loads it-self in to memory, & finds the second stage boot loader, this is done by looking through the active partition table. When it finds an active partition, it scans the remaining partitions in the table to ensure that they are all inactive. After this verification the active partition’s boot record is reads from the RAM, and it will execute it.
In simple MBR loads the GRUB (Grand Unified Boot loader) from 1st sector of the 1st bootable partition(HDD).
3. Third stage Bootloader stage2 ( GRUB loader ).
Once the Bootloader stage 1 is completed and able to find the actual bootloader location, Stage 1 bootloader start second stage by loading Bootloader into memory. In this stage GRUB(Grand Unified Bootloader) which is located in the first 30 kilobytes of hard disk immediately following the MBR is loaded into RAM for reading its configuration and displays the GRUB boot menu (where the user can manually specify the boot parameters) to the user. GRUB loads the user-selected (or default) kernel into memory and passes control on to the kernel. If user do not select the OS, after a defined timeout GRUB will load the default kernel in the memory for starting it.
GRUB has the knowledge of the file system, but older Linux loader LILO didn’t understand filesystem.

 4. Fourth Stage ( kernel) 

 Once the control is given to kernel which is the central part of all your OS and act as a mediator of hardware and software components. Kernel once loaded into to RAM it always resides on RAM until the machine is shutdown. Once the Kernel starts its operations the first thing it do is executing INIT process.

 During the boot of the kernel, the initial-RAM disk (initrd) that was loaded into memory by the stage 2 boot loader is copied into RAM and mounted. This initrd serves as a temporary root file system in RAM and allows the kernel to fully boot without having to mount any physical disks. Since the necessary modules needed to interface with peripherals can be part of the initrd, the kernel can be very small, but still support a large number of possible hardware configurations. After the kernel is booted, the root file system is pivoted (via pivot_root) where the initrd root file system is unmounted and the real root file system is mounted.

 5. Stage (INIT)
init(initialization) process is the root/parent process of all the process which run under Linux/Unix. The first process it runs is a script at /etc/rc.d/rc.sysinit which check all the system properties, hardware, display, SElinux, load kernel modules, file system check, file system mounting etc. Based on the appropriate run-level, scripts are executed to start/stop various processes to run the system and make it functional. INIT process read /etc/inittab which is an initialization table which defines starting of system programs. INIT will start each run level one after the other and start executing scripts corresponds to that runlevel. Know more about runlevels here. The script information is stored in different folders in /etc/ folder
/etc/rc0.d/ –Contain Start/Kill scripts which should be run in Runlevel 0
/etc/rc1.d/ –Contain Start/Kill scripts which should be run in Runlevel 1
/etc/rc2.d/ –Contain Start/Kill scripts which should be run in Runlevel 2
/etc/rc3.d/ –Contain Start/Kill scripts which should be run in Runlevel 3
/etc/rc4.d/ –Contain Start/Kill scripts which should be run in Runlevel 4
/etc/rc5.d/ –Contain Start/Kill scripts which should be run in Runlevel 5
/etc/rc6.d/ –Contain Start/Kill scripts which should be run in Runlevel 6
Once the initialization process completes mandatory run level and reach to default runlevel set in /etc/inittab, init process run one more file /etc/rc.local which are the last commands run in initialization process or even booting process. Once everything is completed the control is given back to the kernel.
6. Stage ( User Prompt )
This is actually not part of booting process but thought of including it here for better understating. Once the Kernel get the control it start multiple instances of "getty" which waits for console logins which spawn one's user shell process and gives you user prompt to login.
Posted by at No comments:

Iptables in Linux



                                                                  Iptables

Linux comes with a host based firewall called Netfilter. Netfilter is a host-based firewall for Linux operating systems. It is included as part of the Linux distribution and it is activated by default. This firewall is controlled by the program called iptables. Netfilter filtering take place at the kernel level, before a program can even process the data from the network packet.

Iptables Config File

The default config files for RHEL / CentOS / Fedora Linux are:

/etc/sysconfig/iptables - The system scripts that activate the firewall by reading this file.

Task: Display Default Rules

Types the following command.

# iptables --line-numbers -n -L

Turn On Firewall

Type the following two commands to turn on firewall

chkconfig iptables on
service iptables start
# restart the firewall
service iptables restart
# stop the firewall
service iptables stop

Understanding Firewall

There are total 4 chains:

INPUT - The default chain is used for packets addressed to the system. Use this to open or close incoming ports (such as 80,25, and 110 etc) and ip addresses / subnet (such as 202.54.1.20/29).

OUTPUT - The default chain is used when packets are generating from the system. Use this open or close outgoing ports and ip addresses / subnets.

FORWARD - The default chains is used when packets send through another interface. Usually used when you setup Linux as router. For example, eth0 connected to ADSL/Cable modem and eth1 is connected to local LAN. Use FORWARD chain to send and receive traffic from LAN to the Internet.

RH-Firewall-1-INPUT - This is a user-defined custom chain. It is used by the INPUT, OUTPUT and FORWARD chains.

Packet Matching Rules
Each packet starts at the first rule in the chain .
A packet proceeds until it matches a rule.
If a match found, then control will jump to the specified target (such as REJECT, ACCEPT, DROP).

Target Meanings
The target ACCEPT means allow packet.
The target REJECT means to drop the packet and send an error message to remote host.
The target DROP means drop the packet and do not send an error message to remote host or sending host.

Open Port

To open port 80 (Http server) add the following before COMMIT line:

-A RH-Firewall-1-INPUT -m tcp -p tcp --dport 80 -j ACCEPT

To open port 53 (DNS Server) add the following before COMMIT line:

-A RH-Firewall-1-INPUT -m tcp -p tcp --dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -m udp -p tcp --dport 53 -j ACCEPT

To open port 443 (Https server) add the following before COMMIT line:

-A RH-Firewall-1-INPUT -m tcp -p tcp --dport 443 -j ACCEPT

To open port 25 (smtp server) add the following before COMMIT line:

-A RH-Firewall-1-INPUT -m tcp -p tcp --dport 25 -j ACCEPT

Only allow SSH traffic From 192.168.1.0/24

-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 22 -j ACCEPT 

Enable Printing Access For 192.168.1.0/24

-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -p tcp -m tcp --dport 631 -j ACCEPT

Allow Legitimate NTP Clients to Access the Server


-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -m state --state NEW -p udp --dport 123 -j ACCEPT

Open FTP Port 21 (FTP)


-A RH-Firewall-1-INPUT -m state --state NEW -p tcp --dport 21 -j ACC



more details





Posted by at No comments:
Subscribe to: Posts (Atom)