Learning Linux: Week 3 – Deep Dive into System & Network Internals

MRIDUL TIWARIMRIDUL TIWARI
17 min read

Table of contents

Linux isn’t just about commands — it’s about knowing how things work behind the scenes. This week, I got hands-on with proxies, kernel insights, LVM, and more.

Let’s dive into it.

Proxy server in Linux (Squid)

  • A proxy server is a server app that acts as an intermediary between a client requesting a resource and the server providing that resource

  • Redirects object requests from the client to the server. When requested object arrive from server, it delivers the object to the client and keeps a copy of them in the hard disk cache.

    • This allows for serving the same object from the hard disk cache, enabling faster data receiving

  • It generally proxies only HTTP connections.

    • squid -k check | echo $

    • squidclient → a CLI tool that can output response to web request but unlike wget or curl, it automatically connects to the default proxy setup of Squid (localhost:3128)

  • helps

    • hide you real location

    • secure browsing

    • may boost speed

    • access blocked content

    • Like using a shield for online activity

    • Adds privacy and control

    • manages internet traffic

    • speeds up browsing

    • stores copies of websites and files

    • provides faster access without re-downloading

    • saves bandwidth

    • block websites or control access

  • default port 3128

  • settings for squid are stored in /etc/squid/squid.conf

      acl blocksites url_regex "/etc/squid/blocksites"
  https_access deny blocksites

  acl localnet src <CIDR>
  http_access allow localnet

  # In the /etc/squid/blocksites
  *.facebook.com

Central Logger (rsyslog)

Rocker-fast system for logging processing → A system utility provided in Linux which includes support for message logging.

  • server that receives logs from every server out there

  • Purpose → Generate logs or collect logs from other servers

  • service or package name = rsyslog

  • configuration file : /etc/rsyslog.conf

  • Service:

    • systemctl restart or enable rsyslog

    • rsyslogd -v → command to check version adn details regarding rsyslogs

  • Rsyslog Server Setup

    • In the configuration file, look for

        module(load="imptcp")
  input(type="imtcp" port="514")

  module(load="imudp")
  input(type="imudp" port="514")

  # These lines load the imptcp and imudp modules for listening at specific UDP and TCP port
      • change the firewall rule for opening port 514 as well

    • By default, all logs received from TCP port 514 here will be merged in /var/log directory with the system’s log file.

    • You can change the path to store the logs in

        # /etc/rsyslog.conf

  $template RemoteLogs, "/var/log/%HOSTNAME/%PROGRAMENAME%.log"
  *.* ?RemoteLogs
  & ~

      <aside> 💵

      You should consider mounting the /var/log directory in a separate partition from the one that the host system resides on, so that incoming logs do not fill up the storage of the host server.

      </aside>

      Rsyslog server setup completed

  • Rsyslog Client Setup

    • edit /etc/rsyslog.d/50-default.conf
    # In the beginning of the file there should be a directive like

    *.*@@<your_rsyslog_server_ip>:514

    # replace the ip with your ryslog server ip

  • This will forward all logs to rsyslog server IP at TCP Port

  • If mentioned only @ instead of @@ , then if will forward logs to UDP Port

  • the *.* Specify to forward all the logs to rsyslog server

  • If you want to send only specific logs then just add the service name instead, like

    • cron.*@@<ip>:514 or apache2.*@@<ip:514

  • You can also forward logs to more than one server

Linux OS Hardening

  • Securing Linux from threats

  • User account

    • use user id from 10000 and above

    • Password policy according to industry standards

    • /etc/login.defs → password aging controls

    • /etc/pam.d/system-auth

  • Remove unwanted packages

  • Stop unused services

    • systemctl -a → shows all services active or inactive

  • Check on Listening ports

  • Securing SSH configurations

    • /etc/ssh/sshd_config → change port, set root login to PermitRootLogin no

  • Enable Firewall

    • firewall-config

    • firewall-cmd

    • iptables

      • configuration file : /etc/sysconfig/iptables-config

  • Enable SE Linux (Security-Enhanced Linux)

    • defines access and permission rights for every user

    • sestatus → to check if running or not

    • config file: /etc/sysconfig/selinux

    • stat <filename> → Give detailed info about your file

    • chcon

    • checkpolicy

Traceroute

  • Trace network traffic

  • to map the journey that a data packet undertakes from its source to its destination.

  • It also helps to locate when data loss occurs throughout a network, which could signify a node that’s down

  • Each hop in the record reflects a new server or router between the originating PC and intended target,

  • netstat -rnv

  • Difference between Ping and Traceroute?

    • Ping: Checks if a server is reachable and shows how long it takes to send and receive data

    • Traceroute: shows the exact path data takes to reach the server, listing each stop (router) along the way and how each stop takes

  • physical distance between your computer nad destination computer affects how long the hop time is

  • High Latency is important when data needs to arrive quickly to work properly

  • -4 → allows users to specify the use of IPv4 when performing traceroute operations

  • -6 → allows use of IPv6 addresses for traceroute operation

  • -F → prevents packet fragmentation during traceroute operation.

  • -f → allows to specify starting TTL

    • helpful when you want to start tracing a route from a specific hop rather than the default starting point

    • traceroute -f 10 google.com

  • -g → Route the packet through a specific gateway

  • -m → setting the maximum number of hops for a packet to reach the destination

  • -n → instructs not to resolve IP Addresses to their corresponding domain name (speeds up the process)

  • -p → Specify destination port

  • -q → Specify the number of probes sent to each hop during traceroute

  • using packetlen → We can specify the full packet length

    • By default it’s 60-byte packets

Firewall

  • When data moves in and out of a server, its packet information is tested against the firewall rules to see if it should be allowed or not

  • Types of firewalls

    • Software → runs on os

    • Hardware

  • 2 tools that are used to manage the firewall in most Linux distributions

    • iptables → For older Linux versions

    • firewalld → for newer version like 7 or up

  • iptables

    • function of iptables tool is packet filtering

    • The packet filtering mechanism is organized into 3 different kinds of structures:

      • tables → allows you to process packets in 4 specific ways

        • filter, mangle, nat and raw

      • chains → attached to tables, allows you to inspect traffic at various points

        • INPUT → incoming traffic

        • FORWARD → going to a router, from one device to another

        • OUTPUT → outgoing traffic

          • chains allow you to filter traffic by adding rules to them

          • Rule ⇒ if traffic is coming from <ip> then go to the defined target

      • targets → decides the fate of packet

        • ACCEPT → connection accepted

        • REJECT → send reject response

        • DROP → drop connection without sending any response

    • to check rules → iptables -L

  • firewalld

    • works same as iptables

      • firewall-cmd

    • has predefined service rules that you can turn on and off

    • has few predefined service rules

      • NFS, NTP, HTTPD, etc.

    • has following

      • Table → has all the information about chain rules and targets

      • Chains

      • Rules

      • Targets

    • check rules of firewalld → firewall-cmd --list-all

    • Get listing of all services firewalld is aware of firewall-cmd --get-services

    • Make firewalld re-read the configuration added

      • firewall-cmd --reload

    • firewalld has multiple zones, to get list of all zones

      • firewall-cmd --get-zones

    • to get a list of active zones

      • firewall-cmd --get-active-zones

    • to get firewall rules for public zone

      • firewall-cmd --zone=public --list-all

    • All services are pre-defined by firewalld.

    • For 3rd party service edit /usr/lib/firewalld/services/allservices.xml

    • Simply copy any .xml file and change the service and port number

    • systemctl restart firewalld

    • to add or remove a service (http)

      • firewall-cmd --add-service=http

      • firewall-cmd --remove-service=http

    • to add or remove a port

      • firewall-cmd --add-port=1110/tcp

      • firewall-cmd --remove-port=1110/tcp

    • to reject incoming traffic from an IP address

      • firewall-cmd --add-rich-rule='rule family="ipv4" source address="192.168.0.25" reject'

    • to block and unblock ICMP incoming traffic

      • firewall-cmd --add-icmp-block-inversion

      • firewall-cmd --remove-icmp-block-inversion

    • to block outgoing traffic to a specific website/IP address

      • host -t a www.facebook.com = Find IP Address

      • firewall-cmd --direct --add-rule ipv4 filter OUTPUT 0 -d 31.13.71.36 -j DROP

System Run Levels (0 thru 6)

  • This brings system to different modes (like for Windows safe mode)

  • Main Run Level init <level>

    • 0 → shutdown (or halt) the system

    • 1 → single-user mode; usually aliased as s or S

    • 6 → reboot the system

  • Other Run levels

    • 2 → multi-user mode without networking

    • 3 → multi-user mode with networking (no GUI)

    • 5 → Multi-user mode with networking and GUI

    • 4 → undefined or no user / User-definable]

  • who -r → check which run level u are in

Computer Boot Process

  • it’s similar across most of the hardware platforms

  • Electricity on → powers up motherboard → very first thing that starts is CPU

  • CPU starts and pulls instructions from the BIOS software (Basic Input and Output System), it is a software manufactured by a hardware company that is installed on ROM

  • BIOS software needs to look for some instructions for which it goes to the CMOS chip (Complementary metal-oxide semiconductor)

    • CMOS has BIOS settings including system time, date, and hardware settings

    • It is powered through a battery that is also located on the motherboard (which allows it to keep that information in CMOS even when the computer loses power)

  • One of the instructions that CPU reads from BIOS is POST (Power-on self test) → which asks to go through every device attached and make sure they are in working condition, no device is faulty, if any it will not start for booting up the computer

  • Then BIOS has the instructions to now go to the Disk, Disk is located and on the disk on platter there is this block (1st sector → HDD MBD) Master boot record.

  • This Master Boot Record has the information about the OS. From this point on the OS gets loaded to the RAM or memory. The operating procedure has its on set of instructions

  • Once it loads in the memory , the application goes back to process it

  • This Entire process is called BOOTSTRAP

Linux Boot Process

6 distinct stages in the typical booting process

  • BIOS

    • Basic Input/Output system.

    • first perform some integrity check of HDD or SSD

    • searched for loads and executes boot loader program.

    • executes the Master Boot Record (MBR) boot loader

    • The MBR is sometimes on USB stick or CD ROM such as with live installation of linux

    • once boot loader is detected, its loaded into memory and BIOS gives control of system to it

  • MBR

    • responsible for loading and executing GRUB boot loader

    • located in 1st sector of bootable disk, typically /dev/hda or /dev/sda

    • MBR also contains info about GRUB or LILO in very old systems

  • GRUB

    • GNU GRUB (GNU Grand Unified Bootloader)

    • it’s the first thing you see when boot your computer

    • its the simple menu where you select some options, like multiple kernel images selection

    • The splash screen will wait a few seconds for you to select , if you don’t it will load the default kernel image

    • you can find GRUB config in /boot/grub/grub.conf or /etc/grub.conf

  • Kernel

    • core of OS

    • has complete control over everything in your system

    • the kernel selected by GRUB first mounts the root file system that; specified in grub.conf → then executes /sbin/init program (first program to be executed)

    • You can confirm this with its process id (PID), which should always be 1.

    • Establishes a temp root file system using initial RAM Disk (initrd) until real file system is mounted

  • Init

    • your system executed run level programs

    • look at /etc/inittab → decide the Linux run level

      • Run level 0 is matched by poweroff.target (and runlevel0.target is a symbolic link to poweroff.target)

      • Run level 1 is matched by rescue.target (and runlevel1.target is a symbolic link to rescue.taget)

      • Run level 3 is emulated by multi-user.target ( and runlevel3.target is a symbolic link to multi-user.target)

      • Run level 5 is emulated by graphical.target ( and runlevel5.target is a symbolic link to graphical.target)

      • Run level 6 is emualted by reboot.target ( and runlevel6.target is symbolic link to reboot.target)

      • Emergency is matched by emergency.target

systemd will begin executing runlevel programs

temporary root file system that is used at boot process to initialize the system’s hardware

  • Runlevel programs

    • Run level 0 – /etc/rc0.d/

    • Run level 1 – /etc/rc1.d/

    • Run level 2 – /etc/rc2.d/

    • Run level 3 – /etc/rc3.d/

    • Run level 4 – /etc/rc4.d/

    • Run level 5 – /etc/rc5.d/

    • Run level 6 – /etc/rc6.d/

If you look in the different run level directories, you'll find programs that start with either an "S" or "K" for startup and kill, respectively. Startup programs are executed during system startup, and kill programs during shutdown.

Logical Volume Management

  • LVM allows disks to be combined together

  • Alternative to managing storage than partition-based

  • Here you create logical volumes instead of partitions→ then you mount those volumes in your file system

You cannot use LVM for /boot , as GRUB or its alternative systemd-boot (reads only from vfat filesystems) can’t read from logical volumes

  • Components

    • Physical Volumes

      logical unit of LVM system

      • can be anything → rawdisk, disk partiion.

      • All utilities that manage physical volumes start with letters pv for Physical Volume

        • pvcreate, pvchange, pvs, pvdisplay
            sudo pvcreate /dev/sdc
            # Physical volume "/dev/sdc" successfully created.

  • commands to get list of availanle physical volumes

    • pvscan, pvs, pvdisplay

  • removing physical volume via pvremove

    • pvremove /dev/sdd2

  • even when you remove a physical_volume a partitionor raw disk must be initialized as a physical volume otherwise LVM won’t be able to manage it as part of a volume group

    • Volume Groups → like Disks

  • collection of physical volumes , storage pool that combines storage capacity of multiple raw storage devices

  • Utilities → start with vg → Volume Group

    • vgcreate

    • vgs

    • vgrename

        # Creating Volume Group
        vgcreate <name> <physical_volumes>

        # Listing Physical volumes attached to a voluem group
        pvdispaly -S vgname-<volume_group_name> -C -o pv_name

  • Listing Volumes

  • Extending a volume group

    • adding additional physical volume to a volume group

vgextend lvm_tutorial /dev/sdd2

  • Reducing volume Group

    vgreduce <vgname> <physical_volume1> <physical_volume2> ....

  • Removing a Volume Group

    vgremove lvm_tutorial

    • Logical Volumes → like Partition

    instead of sitting on on top of a raw disk , LVM sits on top of volume groups

  • Utilities → starts with lv → Logical Volume

    • lvcreate

    • lvs

    • lvreduce

  • Creating Logical Volume

    lvcreate -L <size> -n <lvname> <vgname>

    -L → size (GB,MB,KB)

    -n → naming logical volume

  • Once created you can perform any operation on it like:

  • Resizing a logical Volume

    extend via lvextend or reduce via lvreduce or use lvresize for both

    lvresize -L [+|-][Size] <vgname>/<lvname>

    • The symbol + or - after -L depends on whether you're trying to increase the size of the volume or decrease it respectively.

Not all filesystems support hot resizing, Ext4 and XFS are one of the supported ones. I recommend you stick to these.

  • Removing Logical Volume

    lvremove <vgname>/<lvname>

  • Why use LVM?

    • easy to resize the capability of logical volume and volume group

Swap Space

  • used when amount of physical memory (RAM) is full

  • If the system needs more memory resources and the RAM is full, inactive pages in memory are moved to swap space.

  • located on the hard drive , slower access time than physical memory

  • Recommended swap size → Twice the size of RAM

    • M= Amount of RAM in FB

    • S= Amount of Swap in GB

    • if M<2

      then S= M*2

      else S= M+2

  • Commands

    • dd

    • mkswap

    • swapon or swapoff

  • dd if=/dev/zero of =/newswap bs=1M count=1024

    • dd → create a new file

    • if → read from file instead of standard input

    • of → write to a file instead of standard output

    • bs → byte size

    • count → total size of file

  • mkswap /newswap → make swap from your file

  • swapon /newswap → swap of the file

  • To enable swap in boot time you can enable in here /etc/fstab

    • Add the end add

      | filename | data | xfa | defaults | | | | --- | --- | --- | --- | --- | --- | | /newswap | swap | swap | defaults | 0 | 0 |

  • to delete swap space

    • swapoff /newspace

    • rm /newspace

File system check

fsck utility is used to check and repair Linux FS

  • Linux_xfs_repair utility used to check and repair for xfs file system

  • Depending on when was the last time a file system was checked, the system runs the fsck during boot time to check whether the filesystem is in consistent state

  • system admin could also run it manually when there is a problem with filesystem

  • Make sure to execute the fsck on an unmounted file systems to avoid any data corruption issues

  • Make sure to execute the fsck on an unmounted file system to avoid data corruption issues

  • force a filesystem check even if it’s clean using -f

  • attempt to fix detected problems automatically using -y

  • the xfs_repair utility → highly scalable and is designed to repair even very large fs with many inodes efficiently

    • xfs_repair does not run at boot time

  • possible exit codes for fsck command echo $? → to check the exitcode of last run command

    • 0 → No error

    • 1 → file system error correct

    • 2 → System should be rebooted

    • 4 → Filesystem errors left uncorrected

    • 8 → Operational Error

    • 16 → Usage or syntax error

    • 32 → Fsck cancelled by user request

    • 128 → Shared-library error

  • df -hT → check the file system , type and the mounted on which path

  • fsck /dev/sdb1 → works for only ext filesystem

  • for xfs filesystem use → xfs_repair /dev/sdb1 → this will give you error if your filesystem is mounted on some path (/data for here) , to run xfs_repair you need to unmount the filesystem

  • umount /data → umounts the filesystem attached to /data

  • mount /dev/sdb1 /data → mount back the filesystem to the /data

NFS

  • Network File System

  • NAS → Network Attached System

  • It is a client/server system that allows users to access files across a network and treat them as if they resided in a local file directory

  • The Client sends NFS request to the server (which is hosting the filesystem) , based on the rules specified, this server will send an approved response

  • Steps for NFS Server Configuration

    1. Install NFS packages

      yum install nfs-utils libnfsidmap

    2. Enable and start NFS Services

       systemctl enable rpcbind
 systemctl enable nfs-server
 systemctl start rpcbind, nfs-server, rpc-statd, nfs-idmapd

    3. Create NFS share directory adn assign permissions

      mkdir /mypretzels

      chmod a+rwx /mypretzels

    4. Modify /etc/exports file to add new shared filesystems

      /mypretzels <ip> (rw, sync,no_root_squash) = for only 1 host

      /mypretzels * (rw, sync,no_root_squash) = for eveyone

    5. Export the NFS file system

      exportfs -rv

      -r → republish everything that is inside of /etc/exports

      -v → verbose mode

  • Steps for NFS Client Configuration

    1. Install NFS packages

      yum install nfs-utils rpcbind

    2. Enable and start rpcbind service

    3. Make sure firewalld or iptables stopped (if running)

    4. Show mount from NFS server

      showmount -e <NFS Server IP

    5. Create a mount point

      mkdir /mnt/app

    6. Mount the NFS file system

      mount <NFS Server IP>:/mypretzels /mnt/app

    7. Verify mount file system

      df -h

    8. To unmount

      umount /mnt/app

Samba

  • Linux too or utility that allows sharing for Linux resources such as files and printers to with other OS

  • works exactly like NFS, except that NFS shares within Linux or Unix like system whereas Samba shares with other OS

  • Samba shares its file system through a protocol called SMB (Server Message Block) → invented by IBM

    • Another protocol used for this is CIFS (Common Internet File system) invented by Microsoft and NMB (NetBios Named Server)

    • CIFS became extension of SMB

  • Key component

    • smbd → daemon responsible for providing file and print services

      • listens for incoming SMB /CIFS requests and respond accor.

    • nmbd → NetBIOS name service daemon

      • resolves NetBIOS names to IP Add.→ crucial for Windows clients to discover Samba servers on network

    • smb.conf → main config. file for Samba

      • defines how Samba behaves, including shared resources, security settings and network interfaces

sudo nano /etc/samba/smb.conf

[global]
    workgroup = MYGROUP
    server string = Samba Server %v
    netbios name = LINUXSERVER
    security = user
    map to guest = bad user

[shared_folder]
    path = /home/user/shared
    valid users = user
    read only = no
    browsable = yes

  • After making such changes, restart smbd nmbd

  • Accessing Samba Shares from Linux

    smbclient //LINUXSERVER/shared_folder -U user

0
Subscribe to my newsletter

Read articles from MRIDUL TIWARI directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Written by

MRIDUL TIWARI
MRIDUL TIWARI

Software Engineer | Freelancer | Content Creator | Open Source Enthusiast | I Build Websites and Web Applications for Remote Clients.