Article Title: Linux server security policy details (5 ). Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
Chapter 2 Linux network services and xinetd
4.1 Linux Startup Process
4.1.1 Linux Startup Process details
1. From BIOS to Kernel
(1) BIOS self-check
After the computer is powered On, the BIOS first conducts Self-check, that is, the so-called POST (Power On Self Test ), then, read the boot block from the hard disk, floppy disk, or CDROM according to the boot sequence set in the BIOS ". In PC, boot Linux starts from the BIOS address 0xFFFF0. The first step of BIOS is power-on self-check (POST), which is to detect the hardware. The second step of BIOS is to enumerate and initialize the local device. Given the different usage of BIOS functions, BIOS consists of two parts: POST code and runtime service. After the POST is completed, it is cleaned out from the memory, but the service is still in the memory during BIOS running, which can be used by the target operating system. To Boot an operating system, the BIOS searches active and bootable devices in the order of CMOS settings. The boot device can be a floppy disk, a CD-ROM, a partition on the hard disk, a device on the network, or even a USB flash memory. Generally, Linux boot is from the hard disk. The primary Boot Record (MBR) contains the primary boot loader. MBR is a 512-byte sector located in the first sector of the disk (0-way, 0-way, 1-sector ). When the MBR is loaded into RAM, the BIOS will hand over the control to the MBR.
(2) extract MBR Information
To view the MBR content, run the following command:
# Dd if =/dev/hda of = mbr. bin bs = 512 count = 1 # od-xa mbr. bin
This dd Command needs to be run as the root user. It reads the content of the first 512 bytes from/dev/hda (the first IDE disk) and writes it to mbr. binfile. The od command prints the contents of the binary file in hexadecimal format and ASCII format.
2. Start GRUB/LILO
GRUB and LILO are both boot loaders. In short, boot loader will guide the operating system. When the machine directs its operating system, the BIOS reads the first 512 bytes (master boot record, master boot record, MBR) on the boot media ). In a single MBR, only one operating system boot record can be stored. Therefore, when multiple operating systems are required, problems may occur. Therefore, more flexible boot loader is required.
All boot loaders work in a similar way to achieve a common purpose. However, there are many differences between LILO and GRUB:
-LILO does not have an interactive command interface, but GRUB does.
-LILO does not support network boot, but GRUB does.
-LILO physically stores information about the bootable operating system location in MBR. If you have modified the LILO configuration file, you must rewrite the boot loader of the first stage of LILO to the MBR. For GRUB, this is a dangerous option, because wrong configuration of MBR may make the system unable to boot. If GRUB is used, if the configuration file is incorrect, it is forwarded to the GRUB command line interface by default.
Security Tips for security, anyone who can access the boot disk/CD only needs to use grub without security settings. conf or lilo. conf to bypass all the security measures mentioned in this section. Especially when GRUB is used, it is a serious security vulnerability because it can be guided to the single-user mode. One easy way to solve this problem is to disable boot through CD and floppy disk in the BIOS of the machine, and ensure that a password is set for the BIOS so that others cannot modify these settings.
3. Load the kernel
After the kernel image is loaded into the memory, the kernel stage begins. The kernel image is not an executable kernel, but a compressed kernel image. Generally, it is a zImage (compressed image, smaller than KB) or bzImage (larger compressed image, larger than KB), which is compressed using zlib in advance. In front of this kernel image is a routine that implements a small amount of hardware settings, decompress the kernel contained in the kernel image, and then put it into the high-end memory, if an initial RAM disk image exists, it will be moved to the memory and marked for future use. The routine then calls the kernel and starts the kernel boot process.
[1] [2] [3] [4] [5] [6] [7] Next page