Welcome back to the LFCS Certification - Phase 1 series! In our previous posts, we explored remote access tools (SSH, MobaXterm, WinSCP in Posts 42-44). Now we're going to dive into the fundamental building blocks of Linux—understanding the core components that make Linux systems work.
As a system administrator, knowing how Linux components interact is essential. Understanding the kernel, system libraries, shells, and service managers helps you troubleshoot issues, optimize performance, and make informed decisions about system configuration and management.
What Are Linux Core Components?
A Linux system is built from several key components that work together to provide a complete operating system:
- Linux Kernel - The core that manages hardware and system resources
- glibc (GNU C Library) - Standard library for system and application functions
- Shell - Command-line interface for interacting with the system
- systemd - System and service manager that controls processes
- Utilities - GNU coreutils and other essential programs
Understanding these components and their relationships is fundamental to Linux system administration.
The Linux Kernel
The Linux kernel is the heart of the Linux operating system. It's the core program that manages hardware, system resources, and provides essential services to all other software.
What the Kernel Does
The kernel performs several critical functions:
Hardware Management:
- Device drivers: Communicates with hardware (disk drives, network cards, graphics cards)
- Resource allocation: Manages CPU time, memory, and I/O devices
- Interrupt handling: Responds to hardware signals
Process Management:
- Scheduling: Decides which processes run and when
- Context switching: Switches between running processes
- Process creation: Manages fork() and exec() system calls
Memory Management:
- Virtual memory: Provides each process its own memory space
- Page management: Handles memory pages and swap
- Memory protection: Prevents processes from accessing each other's memory
System Calls:
- Interface: Provides API for programs to request kernel services
- Examples: open(), read(), write(), fork(), execve()
File Systems:
- VFS (Virtual File System): Unified interface for different filesystem types
- Filesystem support: ext4, xfs, btrfs, nfs, and many more
Networking:
- Network stack: TCP/IP implementation
- Socket interface: Network communication for applications
- Firewall: netfilter/iptables framework
Kernel Architecture
The Linux kernel operates in kernel space (privileged mode) while applications run in user space (unprivileged mode).
┌─────────────────────────────────────────┐
│ User Space Applications │
│ (bash, firefox, apache, mysql, etc.) │
└─────────────────────────────────────────┘
↓ System Calls ↓
┌─────────────────────────────────────────┐
│ Linux Kernel (Kernel Space) │
├─────────────────────────────────────────┤
│ Process │ Memory │ File │
│ Management │ Management │ System │
├─────────────┴─────────────┴─────────────┤
│ Device Drivers │
└─────────────────────────────────────────┘
↓ Hardware Access ↓
┌─────────────────────────────────────────┐
│ Hardware │
│ (CPU, RAM, Disks, Network, etc.) │
└─────────────────────────────────────────┘
System calls are the interface between user space and kernel space. When a program needs kernel services (like reading a file), it makes a system call.
Checking Your Kernel Version
View kernel version:
uname -r
Example output:
5.15.0-56-generic
Breaking down the version:
5- Major version15- Minor version0- Patch level56- Distribution-specific build numbergeneric- Kernel flavor (generic, lowlatency, etc.)
More detailed kernel information:
uname -a
Output:
Linux hostname 5.15.0-56-generic #62-Ubuntu SMP Tue Nov 22 19:54:14 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
Check kernel type:
uname -s
Output: Linux
Check kernel build date and version details:
cat /proc/version
Output:
Linux version 5.15.0-56-generic (buildd@ubuntu) (gcc version 11.3.0) #62-Ubuntu SMP Tue Nov 22 19:54:14 UTC 2022
Kernel Modules
Linux uses a modular design where device drivers and features can be loaded and unloaded as modules without rebooting.
List loaded kernel modules:
lsmod
Output (truncated):
Module Size Used by
ext4 786432 1
mbcache 16384 1 ext4
jbd2 139264 1 ext4
nvidia 39059456 45
View information about a specific module:
modinfo ext4
Output:
filename: /lib/modules/5.15.0-56-generic/kernel/fs/ext4/ext4.ko
description: Fourth Extended Filesystem
author: Remy Card, Stephen Tweedie, Andrew Morton, Andreas Dilger, Theodore Ts'o
license: GPL
...
Load a kernel module:
sudo modprobe module_name
Unload a kernel module:
sudo modprobe -r module_name
View kernel messages:
dmesg | less
This shows kernel boot messages and hardware detection.
Kernel Location
The kernel binary is typically located at:
ls -lh /boot/vmlinuz*
Output:
-rw------- 1 root root 11M Nov 22 19:54 /boot/vmlinuz-5.15.0-56-generic
vmlinuz is the compressed Linux kernel image.
glibc: The GNU C Library
glibc (GNU C Library) is the standard C library for Linux systems. It provides the core libraries that programs need to function.
What glibc Provides
System call wrappers:
- Simplifies access to kernel system calls
- Example: C's
printf()eventually calls thewrite()system call
Standard C functions:
- String manipulation:
strcpy(),strlen(),strcmp() - Memory management:
malloc(),free() - File I/O:
fopen(),fread(),fwrite() - Math functions:
sqrt(),sin(),cos() - Time functions:
time(),localtime()
POSIX compliance:
- Implements POSIX (Portable Operating System Interface) standards
- Ensures compatibility across Unix-like systems
Thread support:
- POSIX threads (pthreads) implementation
- Mutex, semaphores, and synchronization primitives
Internationalization:
- Locale support for different languages and regions
- Character encoding (UTF-8, etc.)
Dynamic linking:
- Shared library loading and symbol resolution
- Reduces memory usage by sharing code between programs
Why glibc Matters
Every dynamically-linked C program on Linux depends on glibc. Without it, most applications wouldn't work.
Example: When you run a simple program like ls:
- The
lsbinary loads glibc - glibc provides functions like
opendir(),readdir(),printf() - These functions make system calls to the kernel
- The kernel performs the actual work
Checking glibc Version
Method 1: Direct check:
ldd --version
Output:
ldd (Ubuntu GLIBC 2.35-0ubuntu3.1) 2.35
Copyright (C) 2022 Free Software Foundation, Inc.
Method 2: Through the library file:
/lib/x86_64-linux-gnu/libc.so.6
Output:
GNU C Library (Ubuntu GLIBC 2.35-0ubuntu3.1) stable release version 2.35.
Method 3: Check what libraries a program uses:
ldd /bin/ls
Output (truncated):
linux-vdso.so.1 (0x00007ffc8e9f1000)
libselinux.so.1 => /lib/x86_64-linux-gnu/libselinux.so.1
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6
/lib64/ld-linux-x86-64.so.2
The libc.so.6 is the main glibc library.
glibc Location
glibc libraries are typically located at:
ls -lh /lib/x86_64-linux-gnu/libc*
Output:
-rwxr-xr-x 1 root root 2.0M Mar 23 2022 /lib/x86_64-linux-gnu/libc.so.6
Shells: The Command-Line Interface
A shell is a command-line interpreter that provides an interface for users to interact with the Linux kernel and execute commands.
What is a Shell?
The shell:
- Accepts commands: Reads input from the user or scripts
- Interprets commands: Parses and understands what you want to do
- Executes programs: Launches applications and utilities
- Manages environment: Handles variables, paths, and settings
- Provides scripting: Allows automation through shell scripts
Common Linux Shells
bash (Bourne Again Shell):
- Most widely used shell on Linux
- Default on most distributions
- Rich feature set: command history, tab completion, scripting
- Compatible with sh (Bourne shell)
- Location:
/bin/bash
sh (Bourne Shell):
- Original Unix shell
- Simple and POSIX-compliant
- Often a symlink to bash or dash
- Location:
/bin/sh
zsh (Z Shell):
- Enhanced shell with advanced features
- Better tab completion
- Theme support (Oh My Zsh)
- Location:
/bin/zsh
dash (Debian Almquist Shell):
- Lightweight, POSIX-compliant
- Faster than bash for scripts
- Used for
/bin/shon Ubuntu/Debian - Location:
/bin/dash
fish (Friendly Interactive Shell):
- User-friendly shell with modern features
- Auto-suggestions and syntax highlighting
- Different scripting syntax
- Location:
/usr/bin/fish
Checking Your Current Shell
View current shell:
echo $SHELL
Output:
/bin/bash
View current shell process:
ps -p $$
Output:
PID TTY TIME CMD
12345 pts/0 00:00:00 bash
List all available shells:
cat /etc/shells
Output:
/bin/sh
/bin/bash
/usr/bin/bash
/bin/rbash
/usr/bin/rbash
/bin/dash
/usr/bin/dash
/usr/bin/zsh
Bash Features
Command history:
history
Navigate history:
- Up arrow: Previous command
- Down arrow: Next command
- Ctrl+R: Reverse search through history
Tab completion:
- Press Tab to autocomplete commands, filenames, paths
- Press Tab twice to see all options
Command substitution:
echo "Today is $(date +%A)"
Output:
Today is Tuesday
Pipes and redirection:
ls -l | grep ".txt" > textfiles.list
Job control:
sleep 100 & # Run in background
jobs # List background jobs
fg # Bring to foreground
Ctrl+Z # Suspend current job
bg # Resume suspended job in background
Aliases:
alias ll='ls -lah'
Variables:
MY_VAR="Hello"
echo $MY_VAR
Scripts:
#!/bin/bash
echo "This is a bash script"
Shell Configuration Files
bash uses several configuration files:
System-wide:
/etc/profile- Executed for login shells (all users)/etc/bash.bashrc- Executed for interactive non-login shells
Per-user:
~/.bash_profile- Login shells (loaded first)~/.bashrc- Interactive non-login shells~/.bash_logout- Executed when exiting login shell~/.profile- Alternative to .bash_profile (if it doesn't exist)
Typical pattern:
- SSH login → reads
~/.bash_profile(which often sources~/.bashrc) - Opening terminal in desktop → reads
~/.bashrc
Changing Your Default Shell
Change to zsh:
chsh -s /bin/zsh
Change back to bash:
chsh -s /bin/bash
Note: You need to log out and log back in for the change to take effect.
systemd: System and Service Manager
systemd is the init system and service manager for modern Linux distributions. It's the first process started by the kernel (PID 1) and is responsible for starting all other processes.
What is systemd?
systemd replaced older init systems (like SysV init and Upstart) and provides:
System initialization:
- Boots the system
- Starts essential services
- Mounts filesystems
- Configures network
Service management:
- Starts, stops, restarts services
- Manages service dependencies
- Handles service failures (automatic restart)
- Parallel service startup for faster boot
System state management:
- Controls system targets (multi-user, graphical, rescue)
- Manages system power states (reboot, shutdown)
Logging:
- Journal system (journald) for centralized logging
- Replaces traditional syslog
Resource management:
- Control groups (cgroups) for resource limits
- CPU, memory, I/O limits for services
systemd Architecture
┌──────────────────────────────────────────┐
│ systemd (PID 1) │
├──────────────────────────────────────────┤
│ systemctl │ journalctl │
│ (control) │ (logs) │
├────────────────┴─────────────────────────┤
│ Unit Management │
│ ┌────────┬────────┬────────┬────────┐ │
│ │Service │Target │Mount │Timer │ │
│ │Units │Units │Units │Units │ │
│ └────────┴────────┴────────┴────────┘ │
└──────────────────────────────────────────┘
↓
Manages Services and System State
systemd Units
systemd manages different types of units:
Service units (.service):
- Daemons and background processes
- Examples:
sshd.service,nginx.service,mysql.service
Target units (.target):
- Group of units (similar to runlevels)
- Examples:
multi-user.target,graphical.target
Mount units (.mount):
- Filesystem mount points
- Examples:
/home,/var
Timer units (.timer):
- Scheduled tasks (like cron)
- Examples: Automatic updates, cleanup tasks
Socket units (.socket):
- IPC and network sockets
- Socket activation for services
Checking systemd Version
systemctl --version
Output:
systemd 249 (249.11-0ubuntu3.6)
+PAM +AUDIT +SELINUX +APPARMOR +IMA +SMACK +SECCOMP +GCRYPT +GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 -PWQUALITY -P11KIT -QRENCODE +BZIP2 +LZ4 +XZ +ZLIB +ZSTD -XKBCOMMON +UTMP +SYSVINIT
default-hierarchy=unified
Managing Services with systemctl
Start a service:
sudo systemctl start nginx
Stop a service:
sudo systemctl stop nginx
Restart a service:
sudo systemctl restart nginx
Reload configuration without restarting:
sudo systemctl reload nginx
Check service status:
sudo systemctl status nginx
Output:
● nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2025-12-10 10:30:15 UTC; 2h 15min ago
Docs: man:nginx(8)
Main PID: 1234 (nginx)
Tasks: 3 (limit: 4915)
Memory: 6.2M
CPU: 45ms
CGroup: /system.slice/nginx.service
├─1234 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
├─1235 nginx: worker process
└─1236 nginx: worker process
Enable service to start at boot:
sudo systemctl enable nginx
Disable service from starting at boot:
sudo systemctl disable nginx
Check if service is enabled:
sudo systemctl is-enabled nginx
Check if service is active:
sudo systemctl is-active nginx
Listing Services
List all services:
systemctl list-units --type=service
List all active services:
systemctl list-units --type=service --state=active
List all failed services:
systemctl list-units --type=service --state=failed
List all installed service unit files:
systemctl list-unit-files --type=service
System Targets
Targets are like runlevels in traditional init systems.
View current target:
systemctl get-default
Output:
graphical.target
Common targets:
poweroff.target- System shutdownrescue.target- Single-user rescue modemulti-user.target- Multi-user text modegraphical.target- Multi-user graphical mode (desktop)reboot.target- System reboot
Set default target:
sudo systemctl set-default multi-user.target
Change to a different target immediately:
sudo systemctl isolate multi-user.target
Viewing Logs with journalctl
systemd includes journald, a centralized logging system.
View all logs:
sudo journalctl
View logs for a specific service:
sudo journalctl -u nginx
Follow logs in real-time:
sudo journalctl -u nginx -f
View logs since last boot:
sudo journalctl -b
View logs for specific time period:
sudo journalctl --since "2025-12-10 10:00:00" --until "2025-12-10 11:00:00"
View only error messages:
sudo journalctl -p err
View kernel messages:
sudo journalctl -k
systemd Service Files
Services are defined in unit files located in:
/lib/systemd/system/- System-provided units/etc/systemd/system/- Administrator-created or modified units
Example service file (/lib/systemd/system/nginx.service):
[Unit]
Description=A high performance web server and a reverse proxy server
Documentation=man:nginx(8)
After=network.target
[Service]
Type=forking
PIDFile=/run/nginx.pid
ExecStartPre=/usr/sbin/nginx -t -q -g 'daemon on; master_process on;'
ExecStart=/usr/sbin/nginx -g 'daemon on; master_process on;'
ExecReload=/usr/sbin/nginx -g 'daemon on; master_process on;' -s reload
ExecStop=-/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /run/nginx.pid
TimeoutStopSec=5
KillMode=mixed
[Install]
WantedBy=multi-user.target
Sections:
[Unit]- Description and dependencies[Service]- How to start/stop the service[Install]- When to enable the service
After modifying service files:
sudo systemctl daemon-reload
This tells systemd to reload its configuration.
How Components Work Together
Understanding how these components interact provides a complete picture of Linux system operation.
Linux Architecture Layers
┌─────────────────────────────────────────────────┐
│ User Space │
├─────────────────────────────────────────────────┤
│ Applications (firefox, apache, mysql, etc.) │
│ ↕ │
│ Shell (bash, zsh) - User interaction │
│ ↕ │
│ GNU Tools (ls, cat, grep, awk, etc.) │
│ ↕ │
│ glibc - Standard C Library │
│ ↕ │
│ System Call Interface │
└─────────────────────────────────────────────────┘
↕ System Calls ↕
┌─────────────────────────────────────────────────┐
│ Kernel Space │
├─────────────────────────────────────────────────┤
│ Linux Kernel │
│ ├─ Process Management │
│ ├─ Memory Management │
│ ├─ File System │
│ ├─ Device Drivers │
│ └─ Network Stack │
└─────────────────────────────────────────────────┘
↕ Hardware Access ↕
┌─────────────────────────────────────────────────┐
│ Hardware │
│ CPU, RAM, Disk, Network Cards, etc. │
└─────────────────────────────────────────────────┘
Example: Running a Command
When you type ls -l in the shell:
- Shell (bash) receives your input
- Shell parses the command and arguments
- Shell uses
fork()system call (via glibc) to create new process - Kernel creates child process
- Shell uses
execve()system call to replace child process withlsprogram - ls program is loaded by kernel
- ls uses glibc functions to:
- Call
opendir()to open directory - Call
readdir()to read entries - Call
stat()to get file information
- Call
- glibc translates these into system calls to kernel
- Kernel accesses filesystem (ext4, xfs, etc.)
- Kernel reads disk via device drivers
- Results passed back through kernel → glibc → ls
- ls formats output and writes to stdout
- Shell displays output to your terminal
All of this happens in milliseconds!
Boot Process Overview
Understanding how Linux boots shows how components initialize:
1. BIOS/UEFI:
- Hardware initialization
- Finds bootloader on disk
2. Bootloader (GRUB):
- Loads kernel into memory
- Passes parameters to kernel
3. Kernel Initialization:
- Decompresses itself
- Initializes hardware (CPU, memory, devices)
- Mounts root filesystem (usually read-only at first)
- Starts first process: systemd (PID 1)
4. systemd Initialization:
- Reads configuration from
/etc/systemd/ - Starts
default.target(usuallygraphical.targetormulti-user.target) - Mounts filesystems (according to
/etc/fstab) - Starts essential services in parallel:
systemd-journald(logging)systemd-udevd(device management)dbus(inter-process communication)
- Starts configured services:
- Network services (
NetworkManager,systemd-networkd) - SSH server (
sshd) - Web servers (
nginx,apache) - Databases (
mysql,postgresql) - And more...
- Network services (
5. Login Prompt:
getty(or display manager for GUI) started on terminals- User login with credentials
- Shell started for user
- Shell reads configuration files (
~/.bashrc, etc.)
6. System Ready:
- All services running
- User can execute commands
View boot time:
systemd-analyze
Output:
Startup finished in 4.234s (kernel) + 8.765s (userspace) = 13.000s
graphical.target reached after 8.523s in userspace
View service startup times:
systemd-analyze blame
Output:
5.234s NetworkManager-wait-online.service
2.345s mysql.service
1.876s apache2.service
1.234s plymouth-quit-wait.service
...
Practice Labs
Time to explore Linux core components hands-on!
Lab 1: Check Kernel Version
Task: Display your Linux kernel version and detailed kernel information.
Solution
Kernel version:
uname -r
Output example:
5.15.0-56-generic
All kernel info:
uname -a
Kernel version with build details:
cat /proc/version
Understand the version:
- Major.Minor.Patch-Build-Flavor
- Example:
5.15.0-56-generic- 5 = Major version
- 15 = Minor version
- 0 = Patch
- 56 = Distribution build
- generic = Kernel flavor
Lab 2: List Loaded Kernel Modules
Task: Display all currently loaded kernel modules and find modules related to networking.
Solution
List all loaded modules:
lsmod
Output shows: Module name, size, and dependencies
Find networking modules:
lsmod | grep -i net
View module count:
lsmod | wc -l
Get info about a specific module:
modinfo e1000 # Intel network driver
This shows the module description, author, license, and parameters.
Lab 3: View Kernel Boot Messages
Task: Display kernel messages from the current boot, especially hardware detection messages.
Solution
View all kernel messages:
dmesg | less
View recent kernel messages:
dmesg | tail -50
Search for specific hardware (e.g., disk detection):
dmesg | grep -i "sda"
View USB device detection:
dmesg | grep -i "usb"
View network interface detection:
dmesg | grep -i "eth\|ens\|enp"
View with human-readable timestamps:
dmesg -T
Lab 4: Check glibc Version
Task: Find out which version of glibc is installed on your system.
Solution
Method 1:
ldd --version
Output:
ldd (Ubuntu GLIBC 2.35-0ubuntu3.1) 2.35
Method 2:
/lib/x86_64-linux-gnu/libc.so.6
Output shows full version info.
Method 3 - Check what version a program uses:
ldd /bin/ls | grep libc
Output:
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f...)
Lab 5: Check Current Shell
Task: Determine which shell you're currently using.
Solution
Check default shell:
echo $SHELL
Output:
/bin/bash
Check current shell process:
ps -p $$
Output:
PID TTY TIME CMD
12345 pts/0 00:00:00 bash
$$ is a special variable containing the current shell's PID.
Alternative method:
echo $0
Output: -bash (the leading - indicates a login shell)
Lab 6: List Available Shells
Task: Display all shells available on your system.
Solution
cat /etc/shells
Typical output:
/bin/sh
/bin/bash
/usr/bin/bash
/bin/dash
/usr/bin/dash
/usr/bin/zsh
/bin/zsh
These are shells that users can set as their default login shell.
Check which shells are actually installed:
which bash zsh fish dash
This shows the path if the shell is found, or nothing if not installed.
Lab 7: Explore Command History
Task: View your bash command history and search for a specific command you ran previously.
Solution
View history:
history
View last 20 commands:
history 20
Search history for a specific command (e.g., "systemctl"):
history | grep systemctl
Execute a command from history by number:
!123 # Runs command #123 from history
Execute last command that started with "sudo":
!sudo
Search history interactively:
- Press Ctrl+R
- Start typing a command (e.g., "system")
- Press Ctrl+R again to find previous matches
- Press Enter to execute, or Esc to cancel
Clear history:
history -c
Lab 8: Check systemd Version
Task: Display the version of systemd running on your system.
Solution
systemctl --version
Output:
systemd 249 (249.11-0ubuntu3.6)
+PAM +AUDIT +SELINUX +APPARMOR ...
default-hierarchy=unified
The first line shows the systemd version number.
Verify systemd is PID 1:
ps -p 1
Output:
PID TTY TIME CMD
1 ? 00:00:05 systemd
systemd should always be PID 1 (the first process).
Lab 9: List All Services
Task: Display all systemd service units and identify which ones are currently active.
Solution
List all services:
systemctl list-units --type=service
List only active services:
systemctl list-units --type=service --state=active
List only failed services:
systemctl list-units --type=service --state=failed
Count total services:
systemctl list-units --type=service --all | wc -l
List services that are enabled (start at boot):
systemctl list-unit-files --type=service --state=enabled
Lab 10: Check SSH Service Status
Task: Check if the SSH service is running and enabled to start at boot.
Solution
Check status:
sudo systemctl status sshd
Or:
sudo systemctl status ssh
(Name varies by distribution: sshd or ssh)
Output shows:
- Loaded: Whether the service is loaded
- Active: Whether it's running
- Main PID: Process ID
- Memory and CPU usage
- Recent log entries
Check if running (quick check):
sudo systemctl is-active sshd
Output: active or inactive
Check if enabled:
sudo systemctl is-enabled sshd
Output: enabled or disabled
Lab 11: Start and Stop a Service
Task: Practice starting and stopping the SSH service (be careful not to lock yourself out if using SSH!).
Solution
Stop SSH service:
sudo systemctl stop sshd
Verify it stopped:
sudo systemctl is-active sshd
Output: inactive
Start SSH service:
sudo systemctl start sshd
Verify it started:
sudo systemctl is-active sshd
Output: active
Restart service (stop then start):
sudo systemctl restart sshd
Warning: If you're connected via SSH, stopping sshd won't disconnect your current session, but you won't be able to establish new connections until you start it again!
Lab 12: Enable and Disable Service at Boot
Task: Disable SSH from starting at boot, then re-enable it.
Solution
Check current status:
sudo systemctl is-enabled sshd
Disable at boot:
sudo systemctl disable sshd
Output:
Removed /etc/systemd/system/multi-user.target.wants/ssh.service.
Verify:
sudo systemctl is-enabled sshd
Output: disabled
Re-enable at boot:
sudo systemctl enable sshd
Output:
Created symlink /etc/systemd/system/multi-user.target.wants/sshd.service → /lib/systemd/system/sshd.service.
Note: Disabling doesn't stop the service, it only prevents automatic startup at boot. The service remains running until manually stopped or system reboot.
Lab 13: View Service Logs
Task: View logs for the SSH service using journalctl.
Solution
View all SSH logs:
sudo journalctl -u sshd
Or:
sudo journalctl -u ssh
View only recent logs (last 50 lines):
sudo journalctl -u sshd -n 50
Follow logs in real-time:
sudo journalctl -u sshd -f
View logs since last boot:
sudo journalctl -u sshd -b
View logs for specific time range:
sudo journalctl -u sshd --since "1 hour ago"
Search for failed login attempts:
sudo journalctl -u sshd | grep -i "failed"
Exit real-time view: Press Ctrl+C
Lab 14: Check System Target
Task: Display the current default system target and understand what it means.
Solution
Check default target:
systemctl get-default
Common outputs:
graphical.target- Desktop environment (GUI)multi-user.target- Multi-user text mode (no GUI)
List all available targets:
systemctl list-units --type=target
Check which target is currently active:
systemctl list-units --type=target --state=active
Understand targets:
graphical.target≈ Old runlevel 5 (GUI)multi-user.target≈ Old runlevel 3 (text mode)rescue.target≈ Old runlevel 1 (single user mode)
Lab 15: Analyze Boot Time
Task: Check how long your system took to boot and which services took the longest.
Solution
Overall boot time:
systemd-analyze
Output:
Startup finished in 4.234s (kernel) + 8.765s (userspace) = 13.000s
graphical.target reached after 8.523s in userspace
Shows:
- Kernel initialization time
- Userspace (systemd) initialization time
- Total boot time
List services by startup time (slowest first):
systemd-analyze blame
Output:
5.234s NetworkManager-wait-online.service
2.345s mysql.service
1.876s apache2.service
...
Visualize boot process (creates SVG):
systemd-analyze plot > boot.svg
Open boot.svg in a web browser to see a graphical timeline.
Critical chain (bottleneck services):
systemd-analyze critical-chain
Shows the chain of services that delayed boot the most.
Lab 16: View Process Tree
Task: Display the process tree starting from systemd (PID 1) to see parent-child relationships.
Solution
View process tree:
pstree
Output (simplified):
systemd─┬─NetworkManager───2*[{NetworkManager}]
├─accounts-daemon───2*[{accounts-daemon}]
├─sshd───sshd───sshd───bash───pstree
├─systemd-journal
├─systemd-logind
└─...
View with PIDs:
pstree -p
View tree for specific process:
pstree -p $(pidof sshd | awk '{print $1}')
Show threads as well:
pstree -t
Alternative - using ps:
ps auxf
The f flag shows forest (tree) view.
Lab 17: Find Library Dependencies
Task: Check what shared libraries a program depends on (using ldd).
Solution
Check dependencies of ls:
ldd /bin/ls
Output:
linux-vdso.so.1 (0x00007ffc...)
libselinux.so.1 => /lib/x86_64-linux-gnu/libselinux.so.1 (0x00007f...)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f...)
/lib64/ld-linux-x86-64.so.2 (0x00007f...)
Key libraries:
libc.so.6- glibc (standard C library)ld-linux-x86-64.so.2- Dynamic linker
Check bash dependencies:
ldd /bin/bash
Check dependencies of a custom program:
ldd /usr/bin/python3
This shows all shared libraries the program needs to run.
Lab 18: Explore systemd Unit Files
Task: View the systemd unit file for the SSH service and understand its configuration.
Solution
View SSH unit file:
systemctl cat sshd
Or:
systemctl cat ssh
Output (example):
[Unit]
Description=OpenBSD Secure Shell server
Documentation=man:sshd(8) man:sshd_config(5)
After=network.target auditd.service
ConditionPathExists=!/etc/ssh/sshd_not_to_be_run
[Service]
EnvironmentFile=-/etc/default/ssh
ExecStartPre=/usr/sbin/sshd -t
ExecStart=/usr/sbin/sshd -D $SSHD_OPTS
ExecReload=/usr/sbin/sshd -t
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=on-failure
RestartPreventExitStatus=255
Type=notify
RuntimeDirectory=sshd
RuntimeDirectoryMode=0755
[Install]
WantedBy=multi-user.target
Alias=sshd.service
Sections explained:
[Unit]- Description, documentation, dependencies[Service]- How to start/stop/reload the service[Install]- When to enable (which target)
View location of unit file:
systemctl show -p FragmentPath sshd
Output:
FragmentPath=/lib/systemd/system/ssh.service
Lab 19: Monitor System Logs in Real-Time
Task: Watch system logs as they're generated using journalctl.
Solution
Follow all system logs:
sudo journalctl -f
Follow specific service:
sudo journalctl -u sshd -f
Follow kernel messages:
sudo journalctl -k -f
Follow with specific priority (errors and above):
sudo journalctl -f -p err
While logs are streaming:
- New entries appear in real-time
- Useful for troubleshooting
- Press Ctrl+C to exit
In another terminal, generate log entries:
logger "Test message"
sudo systemctl restart sshd
You should see these events in your journalctl output.
Lab 20: Create a Simple systemd Service
Task: Create a custom systemd service that runs a simple script.
Solution
Create a script:
sudo nano /usr/local/bin/hello-service.sh
Script content:
#!/bin/bash
while true; do
echo "Hello from custom service at $(date)" >> /tmp/hello.log
sleep 30
done
Make executable:
sudo chmod +x /usr/local/bin/hello-service.sh
Create service unit file:
sudo nano /etc/systemd/system/hello.service
Unit file content:
[Unit]
Description=Hello World Service
After=network.target
[Service]
Type=simple
ExecStart=/usr/local/bin/hello-service.sh
Restart=always
[Install]
WantedBy=multi-user.target
Reload systemd (to recognize new service):
sudo systemctl daemon-reload
Start the service:
sudo systemctl start hello
Check status:
sudo systemctl status hello
View output:
tail -f /tmp/hello.log
Stop the service:
sudo systemctl stop hello
Remove the service (cleanup):
sudo systemctl disable hello
sudo rm /etc/systemd/system/hello.service
sudo systemctl daemon-reload
Key Takeaways
- Linux kernel is the core that manages hardware, processes, memory, and system resources
- glibc provides standard C library functions that programs use to interact with the kernel
- Shell (like bash) is the command-line interface for user interaction with the system
- systemd is the init system (PID 1) that manages services and system initialization
- Components work together: Applications → glibc → System calls → Kernel → Hardware
- Kernel modules allow dynamic loading of drivers without rebooting
- systemctl is the primary command for managing systemd services
- journalctl provides access to systemd's centralized logging system
- systemd units include services, targets, mounts, timers, and more
- Boot process: BIOS → Bootloader → Kernel → systemd → Services → Login
What's Next?
You've mastered Linux core components! In the next post, we'll explore I/O Redirection and Pipes—learning how to redirect command input and output, chain commands together with pipes, and build powerful command-line workflows.
Coming up:
- Standard input, output, and error (stdin, stdout, stderr)
- Output redirection with
>,>>,2>,&> - Input redirection with
< - Pipes with
| - Command chaining and filtering
- Here documents and here strings
Keep exploring Linux internals, and see you in the next post!
Previous Post: LFCS Part 44: File Transfer with WinSCP
Next Post: LFCS Part 46: Mastering I/O Redirection (Coming Soon)
