***************
Summary
=======

A) START – BIOS (Basic Input Output System) = when BIOS load in RAM Called BOOT STARPPING – CMOS = Called this process KERNAL LANDING –
MBR in Hard Disk – BOOTLOADER – KERNEL – INITRD IMAGE – Inittab = Upto this process called USER LANDING

B) There are two tyeps of boot loader in linux

a) LILO
i) 1st stage
ii) 2nd stage

b) GRUB
i) 1st stage
ii) 1.5 stage(This stage is optional)
iii) 2nd stage

Scratch \ start
============
A) Power on by USER

B) Power goes into SMPS.

C) Power goes into MOTHERBOARD.

D) Power goes then into CPU’s single pin.

E) Then CPU awakes BIOS.

F) Bios goes into RAM and start POST (power on self test) —>means BIOS will
check all hardware and periferels. This step is called BOOTSTRAPPING.

G) Then Bios goes into CMOS (Complementary metal.oxide.semiconductor) to check
the which device load in RAM. We can change the CMOS. CMOS is samll program
which take the information from Bios. CMOS battery supply power to CMOS
program. Therefore always change the CMOS battery after every 6 months.
Bios read the CMOS program for load the device.

H) BIOS load first sector / first track / 0 cylinder of harddisk ie. MBR(master boot record) into RAM.

a) MBR size is 512 MB. It divided into three parts:-
1) Bootsector(446 bytes),partition table(64 bytes),magic number(2 bytes)
Where boot sector contains boot loader (LILO or GRUB for linux and NTLDR
for windows)
2) Partion table contains 4 programs of 16 bytes.So we can create only 4
partition in a harddisk,ie four primary partition and last primary will
be extended by logical partition
3) Magic number of 2 bytes contais 0 or 1.If 0 means no and 1 means yes.
If bootsector and partition table in MBR contains errors then magic
number will be 0 otherwise 1.

##############################################################################
MBR(master Boot Record) First secter of harddisk=512 bytes
********************************************
446 bytes – Boot sector –
LILO or GRUB for linux and NTLDR for windows
===========================================================================

64 bytes – Partition table –
1st primary partition 16 bytes
2nd primary partition 16 bytes
3rd primary partition 16 bytes
4th primary partition 16 bytes / extended partition can be subdivided into logical partitions
===========================================================================
2 bytes – Magic number –
If bootsector and partition table in MBR contains errors |
then magic number will be 0 otherwise 1.

#################################################################################

I) Bios first check whether magic number is yes or no in MBR
If yes it will go for active partition in partition table else displays
error as boot failure. Active partition denoted by * in partition table
of linux and in windows C drive by default.

J) Then goes into first sector of active partition and whatever finds in first
sector of active partition loads in RAM. But its same MBR are there. So
BIOS goes to boot sector of MBR. IN boot sector, there is boot-loader
LILO or GRUB for linux and TLDR for windows. Bios load LILO/GRUB into RAM
for linux and ntldr for windows. NTLDR load windows.

K) In linux ANACONDA INSTALLER load LILO/GRUB in MBR while the time of
installation. LILO/GRUB is powerfull than ntldr. In dual boot first install
windows then install linux.

L) Bios load LILO/GRUB into RAM. This is called the FIRST STAGE OF BOOT
PROCESS. The purpose of first stage to load Second Stage ie boot.b.

M) LILO have a Map Code file. In this file have a address of ‘boot.b’ in CHS
format. LILO can not read this format. Therefore call the Bios to read
this file. If you change the path of LILO in configuration file then you
need to re-read LILO conf file. Using this command ‘/$ lilo -v’

N) Bios read map code and load BOOT.B file in RAM. This step called SECOND
STAGE OF BOOT PROCESS.

O) Map and Message these two file locate in the Boot.b file. Once again boot.b
can’t read these two files, therefore boot.b file again call the Bios for
read this two files. Bios read this files and load into RAM. Message file
show the splash screen to select the OS.

##########################################
Prompt message
************
Timeout (in seconds)
Default OS (if you not select any os)

=============================================
/boot/boot.b (2nd stage of boot loading)
=============================================
/boot/map | /boot/message
/boot/boot.0300 | /boot/boot.0800
=============================================

###########################################

P) After slecet the linux os boot.b load the Linux Kernal in RAM. Kernal
located in /boot/vmlinuz-2.4.20-8, in comparc’d format. At the loading time
LILO un-comparc’d it and load into RAM.
This steps called KERNEL LANDING.

Q) Once kernel load into RAM then kernel himself load the INITRD IMAGE in RAM.
Initrd image also in comparc’d format. Initrd image have a linuxrc script.
Initrd image run the linuxrc script.

R) Linuxrc script load ext3.o filesystem, jbd.o harddisk driver and others
*.o driver. Linuxrc script mount ‘/’ as a read only partition, it is call

S) Init – System Daemon this script run by linuxrc script
(located at /sbin/init )

a) Inittab this is a script file at /etc/inittab

1) check default runlevel

2) RC.SYSINIT this is a important file for boot
processing. This file read only one time at the
booting time and located at /etc/rc.d/rc.sysinit.
(as a sub-shell ). This script called ‘systemv’.

i) Network – reload the /etc/sysconfig/network this file
Set the hostname, this file run command $ hostname,
if hostname found then set it, else set the default
hostname i.e. ‘localhost’

ii) mounts ‘/proc’ filesystem (command mount -n -t proc /proc /proc)

iii) /etc/init.d/functions (same env)
After finish the proc mounting inittab run this file.
This cmd set around 23 functions.

iv) global UMASK
v) global PATH
vi) defines 17 shell functions
1) success
2) failure
3) passed
4) warning
5) echo_success
6) echo_failure
7) echo_passed
8) echo_warning
9) killproc
10) pidofproc
11) pidfileofproc
12) action
13) checkpid
14) confirm
15) status
16) strstr
17) daemon
vii) /etc/redhat-release
This cmnd display redhat version
which install your system.

viii) Then display interactive mode to
customize start. Press ‘I’ option to
boot manually.

ix) Set Localtime /etc/localtime
‘hwclock’ & ‘date’ cmnd change
/etc/localtime & /etc/adjtime file.

x) /proc -to check kernel parameters

xi) /etc/sysctl.conf -for kernal tunning

xii) Keyboard Mapping

xiii) FASTBOOT – if we create a blank
file as a ‘fastboot’ in ‘/’ then
fsck not process

xiv) /etc/sysconfig/readonly-root
– rwtab file, all file system
mounted as a read only

xv) /etc/rwtab.d/* – some exceptional
files in read write mode

xvi) FSCK – goto fstab and check the
parameter in 5th column if there are
‘1’ then run fsck cmnd, else check
next line.

xvii) Mounting tmpfs – /dev/shm shared
application memory.

xviii) Read /etc/fstab file and remounts
‘/’ read-write mode and all others
partition.

xix) Quota on.

xx) Enableing SWAP partition.

xxi) /bin/dmesg – /var/log/dmesg
collect hardware info from
BIOS and display.

b) RC scripts – /etc/rc.d/rc ( as a subshell )
RC manage the which services started and which not started.
This script read any time.

i) checks runlevel ( function )

ii) finding previous runlevel

iii) /etc/init.d/functions (same env)

iv) checks user confirmation mode and
interactive mode / startup. Setting new runlevel

v) /etc/rc.d/rc3.d/K* (K – means stop)
This is used for stop. However here are 5 functions
1) STOP
2) START
3) RESTART
4) STATUS
5) CONDRESTART

vi) /etc/rc.d/rc3.d/S* (S – means start)
This is used for start only. Same as above. However
some files are in this directory, those are symblink
with some files that located in ‘/etc/init.d/’. These
files called Init Script file. These files
run by /etc/init.d/function cmd

vii) /usr/bin/rhgb-client functions,used only stop
( start
stop
restart
status
condrestart )

viii) /etc/rc.d/rc.local this is a last file
run by rc script. If you want to run some cmnd
automatic then you can enter those cmnd or scirpt
in this file.

c) Now part ofthe /sbin/init call /etc/inittab file. inittab read
/sbin/shutdown -t3 -r now
poweroff considerations – /sbin/shutdown -f -h +2
poweron considerations – /sbin/shutdown -c
power ok wait
Now inttab read following line in his file
1:2345:respawn:/sbin/mingetty tty1
IF runlevel 5 then – /etc/X11/predfm -nodaemon

I) Inittab call MINGETTY
a) loads /dev/tty1
b) Reads /etc/issue file
c) /bin/login
1) /usr/bin/passwd
i)PAM (Plugabel Authantication Module) security.
ii) /etc/passwd
iii) /etc/shadow
iv) /etc/group
v) /etc/gshadow

d) puts login daemon in sleep state

e) root/.hushlogin exists ? Ja! mail,motd,lastlog NOT RUN!

f) /etc/motd (Message of the day)

g) lastlog* using /var/log/lastlog

h) Checks user’s mail – /var/spool/mail/root

i) wakes the /bin/login process which forks off as
independent application daemon & mingetty goes to Zombie state.

2) login calls /bin/bash
puts login to sleep state

3) /etc/profile (global sets HOSTNAME, HISTSIZE, PATH etc)
a) /etc/inputrc (sets keyboard mappings)
b) /etc/termcap (sets term. capabilities)
c) /etc/profile.d/*.sh ( 13 files )
customize *.sh files
( colorls.sh
vim.sh
glib2.sh
gnome-ssh-askpass.sh
krb5.sh
lam.sh
lang.sh
less.sh
mc.sh
pvm.sh
qt.sh
vim.sh
which-2.sh
xpvm.sh )

J) /etc/bash.rc – global shell

a) umask – permission set
1) root -0 – 0022
2) above uid 99 (user) – 0022

b) PS1 – define veriable (roota@localhost#). we can change ‘#’ to ‘$’
i.e. ‘root@localohost$’

K) Users profile
a) /root/.bash_profile
b) /root/.bashrc
c) /root/.bash_history
d) /root/.bash_logout

========================
END OF THE BOOT PROCESS.
========================

SSH passwordless multiple login

I’ve already written about howto log in, on your local system, and make passwordless ssh connections using ssh-keygen command. However, you cannot just follow these instructions over and over again, as you will overwrite the previous keys.
It is also possible to upload multiple public keys to your remote server, allowing one or more users to log in without a password from different computers.
Step # 1: Generate first ssh key
Type the following command to generate your first public and private key on a local workstation. Next provide the required input or accept the defaults. Please do not change the filename and directory location.
workstation#1 $ ssh-keygen -t rsa
Finally, copy your public key to your remote server using scp
workstation#1 $ scp ~/.ssh/id_rsa.pub user@remote.server.com:.ssh/authorized_keys
Step # 2: Generate next/multiple ssh key
a) Login to 2nd workstation
b) Download original the authorized_keys file from remote server using scp:
workstation#2 $ scp user@remote.server.com:.ssh/authorized_keys ~/.ssh
c) Now create the new pub/private key:
workstation#2 $ ssh-keygen -t rsa
d) Now you have new public key. APPEND this key to the downloaded authorized_keys file using cat command:
workstation#2 $ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
e) Finally upload authorized_keys to remote server again:
workstation#2 $ scp ~/.ssh/authorized_keys user@remote.server.com:.ssh/
You can repeat step #2 for each user or workstations for remote server.
Step #3: Test your setup
Now try to login from Workstation #1, #2 and so on to remote server. You should not be asked for a password:
workstation#1 $ ssh user@remote.server.com
workstation#2 $ ssh user@remote.server.com
Updated for accuracy.

pam_tally2 command – lock & unlock ssh failed logins in linux

pam_tally2 command is used to lock and unlock ssh failed logins in linux like operating system. To implment a security feature like a user’s account must be locked after a number of failed login attempts . We can achieve this security via pam module called pam_tally2. This module can display user’s login attempts,set counts on individual basis, unlock all user counts.

pam_tally2 comes in two parts: pam_tally2.so and pam_tally2. The former is the PAM module and the latter, a stand-alone program. pam_tally2 is an application which can be used to interrogate and manipulate the counter file

In this article we will discuss how to lock and unlock user’s account after reaching a fixed number of failed ssh attempts inRHEL 6.X / CentOS 6.X

By default pam_tally2 module is already installed in linux. To set the lock and unlock rules, edit the two files : ‘/etc/pam.d/system-auth’ & ‘/etc/pam.d/password-auth’ and add the below line at the starting of auth section in both the files

auth required pam_tally2.so file=/var/log/tallylog deny=3 even_deny_root unlock_time=120

And then add the below line in the account Section in both the files

account required pam_tally2.so

Sample File of /etc/pam.d/system-auth

Sample File of /etc/pam.d/password-auth

whereas :
file=/var/log/tallylog – Default log file whic keep login counts.
deny=3 – Deny access after 3 attempts and lock down user.
even_deny_root – Policy is also apply to root user.
unlock_time=1200 – Account will be locked till 20 Min after that it will be unlocked
Now Try to Login the linux box with incorrect password :

Now check user’s login attempts using pam_tally2 Command
[root@localhost ~]# pam_tally2 -u nextstep4it
Login Failures Latest failure From
nextstep4it 3 06/14/14 02:01:25 192.168.1.8

Now reset or unlock user’s account’s using pam_tally2 command :
[root@localhost ~]# pam_tally2 –user nextstep4it –reset
Login Failures Latest failure From
nextstep4it 4 06/14/14 02:20:42 192.168.1.8

Now Verify the login Attempt is reset or not
[root@localhost ~]# pam_tally2 –user nextstep4it
Login Failures Latest failure From
nextstep4it 0