LPIC2 Certification Journey

Today morning I received a message from LPI that my certificate will expire in 9 months and so it is time to start studying for the second Linux certification, this will advance me to the third Linux information security certification that I will search for, this certification is divided into two and the two parts are marked by two different codes: 201-450, 202-450

In this post I am going to go over each topic as listed on the LPI website, which means I will go over each tool and present it here, in each chapter I will show how to use these tools to get the same information that the subject of the test should deal with, at the end of each chapter I will present a challenge From most of the commands we learned and challenged you and me how to get the information to succeed.

If you want a brochure that deals with the topic extensively regardless of this post I recommend the booklet by Snow B.V. Her name: The LPIC-2 Exam Prep 6th edition, for version 4.5. This booklet helps me a lot and I recommend going through it at the same time, and yet I will try to elaborate as much as possible in the post here to be ready for the test.

Objective 201-450

Chapter 0

Topic 200: Capacity Planning

Before we start I think is good to memorize way we here to learn linux, just think about world without linux, the power that linux give us and the world is limit less, we can take that technologist and use it to bring new ideas and invention to the world. So at the start I think it is good to take a look of some comedy short video that I found.

In this chapter, we need to address computer hardware issues and how to use Linux to make sure that, such as system resources and resources, it is important to know these concepts because these tools can help us deal with the resource utilization problem, and we may run software only after a long time Since running it, or it is possible that only a certain program after a certain operation will consume all the resources on the computer, in this case we want to know how to look at the resources and check which component utilizes it.

In this way we can know which program is the problematic and which program causes the computer to work slowly and even freeze. Most of the tools we present here are tools that show you how to see what your computer’s CPU is used for, what software is currently working, how many free memory we have, and a few other things to help us understand how the Linux operating system works.


In our case we can start some virtual machine to get ready and learn the commands, but how can we demonstrate some memory issues or CPU’s problems? in that case we can use stress, that command can load up our memory and CPU’s to 100 percentage which can be handy if we want to view such issue with the command that supposed to help us find the program that cause to that issue.

I am use Ubuntu, and like on other system operation, I have system monitor that can help me to view my processes on my linux machine, if some program take more CPU than others I may feel like I have sort of slowness in my computer, so, using the system monitor can be handy to find what is the problem in my case.

OSCP Post Figure 1 System Monitor.

If some program utilizes the CPU overly you will see it on system monitor, on the resource the grap will jump up and on processes tab you can find what program utilizes how much from you CPU or memory, let’s run the following command.

stress -c 1

This command will dispatching the hug lol! it utilizes one core of your CPU, in my case I have 4 CPU, so one of them will be loaded and I can see it on my system monitor resource tab.

OSCP Post Figure 2 System Monitor, one CPU are loaded over.

If I check out my processes list I will find that the stress program are running and utilizes at least 25% of my all CPU.

OSCP Post Figure 3 Stress program utilizes.

You can also run stress to utilizes the RAM, in that case you specify how much chunk you want to use, every chunk are 256mb, in my case I have 4 giga memory to use so to load it up I can run 15 chunk which is 3840 megabyte in total.

OSCP Post Figure 4 Stress the RAM.

You can see all of my C^ keys because I freak out, my computer was freezing and I can’t do anything but the ctrl+C command, so now ufter it done I run 6 chunk that will not going to crash my system but at least I will be able to view the RAM used.

OSCP Post Figure 5 Stress the RAM again.

You also can see on the resources that my memory really over load and my RAM is over 55% used and also my swap is over 59%, please remember that the swap is your virtual memory that run on your hard disk, which mean in my case on the hard disk I have 4 giga memory that been used as swap, if you see such of thing this is not normal and maybe the system are loaded, becouse as default the swap memory will never been use unless the regular memory are over and that the swap get to use.

OSCP Post Figure 6 Stress the RAM, in resources.

You can also use stress to load the system by using that hard drive, just type the following command, that command can affect the io which is the input/output wait and called i/o block, this is a processes queue, if for some reason one process can’t run because the CPU are over loaded, that process will wait on until the CPU can handle it, the worst thing about that is that this process is on uninterruptable sleep mode which mean that you can’t even killed it.

stress --hdd 1

But let’s say that you are working at company X, and there you have some linux server without GUI, so in that case you may what to be familiar with the command that can help you to find the problem via terminal.


That command can give us the same as the system monitor, you can view the percentage of CPU, RAM and more in the top table, so let’s look at that.

OSCP Post Figure 7 top on terminal.

By typing the top commend, as you can see, it bring me table that refresh every 3 second by default, you can change that value by using the top -d 5 command for 5 second, or inside the top screen press d and it will ask you to setup new interval for screen update.

OSCP Post Figure 8 Change interval with d.

You also can see the CPU in percentage, if you have 1 CPU that mean using full of that will be 100% and you will see this number on the cpu in the top command, if you have 4 CPU than if one of them are on the 100% utilizes, than in CPU field you will see 25%. You can also view every CPU separately by press 1 on your keyboard.

OSCP Post Figure 9 Display every one of my CPU.

The information for every field over the CPU are as follow:

us: user cpu time (or) % CPU time spent in user space
sy: system cpu time (or) % CPU time spent in kernel space
ni: user nice cpu time (or) % CPU time spent on low priority processes
id: idle cpu time (or) % CPU time spent idle
wa: io wait cpu time (or) % CPU time spent in wait (on disk)
hi: hardware irq (or) % CPU time spent servicing/handling hardware interrupts
si: software irq (or) % CPU time spent servicing/handling software interrupts
st: steal time - - % CPU time in involuntary wait by virtual cpu while hypervisor is servicing another processor (or) % CPU time stolen from a virtual machine

By default the CPU tab are sort, which mean that you can see what program take more CPU than others, if you want to change this sort and resort it by memory, you can press on shift+> that will sort the right column which is the RAM.

OSCP Post Figure 10 Sort the MEM.

If I will run stress now for check the cpu on the top, my cpu can cam up to 100% only if I type the command as follow:

stress -c 4

You can see that my CPU is nearly a hundred percent, so this is mean that if I done stress -c 1 it only load just one CPU core. The same will be in the case of memory as we saw earlier.

OSCP Post Figure 11 CPU on 100%.

If I will load my hard drive which mean in our case to use stress --hdd 1 command, this can change the value of i/o wait time, on the top you can find it under wa field.

OSCP Post Figure 12 Wait time are loaded.

Again, this case mean that we have process that use the hard drive and there is a program that on wait state that in sleep mode that we can’t kill.


In that command we can view the memory that being used and CPU values, i/o and system utilizes, if you type this command you will get that information but that it, not like top that refresh itself every 3 second by default, but you can run it with refresh like, by using delay and count option. In the delay you specify how long to wait between every time it display you the information, the count is how many time it will repeat it self, in that case you can see the changes along the way.

vmstat 3 5

In that case this command display report every 3 seconds and repeat that five times, as you can see on the output I have, the free memory change every 3 second and so in the cpu and i/o.

OSCP Post Figure 12 vmstat, 3 seconds delay, 5 count.

You can view also only the disk i/o that display the read and write statistics by using -d option or memory statistics by using -s option. The following is the way to view the table in wide mode, it’s display more readable table which can help understand more.

vmstat -w

OSCP Post Figure 13 vmstat wide mode.

You can combain the option as follow:

vmstat -w 3 5

I have being seeing people that use that command in their program to track the operation of the memory and CPU, in the case of issue with the resources we have, you can find more useful commands than that.


In that command you can more easily understand your free memory that using mvstate in my opinion, because it allow you to view that memory by using megabyte instead of kilobyte that requires you to calculate these values.

free -m

In my case I have 3823 MB memory in my computer, the memory that are used is 1999 MB and free memory is 124 MB, the shared memory in my case are 208MB, this is mean that there is a two or more process that can access that common memory, the buff/cache are the memory that in the buffer or cache, the consept of that is that if you used some program and close it, that memory going to cache, if you will open that program again, the memory are cached in, so it can bring up the program more quickly. However, if you need this memory, it will allow you to use the memory and get of the cache. In my case the memory that as being cached are 1699MB, available does include free column + a part of buff/cache which can be reused for current needs immediately.

OSCP Post Figure 14 free memory in MB.

free -h

You can also use the -h option which stand for human, it can help you more clearly to view the amount of memory that are used or free.

OSCP Post Figure 15 free memory in GB.

You can also use count which can help display the output several times like in the vmstate, but we haven’t delay option, the delay will be 1 second.

OSCP Post Figure 16 free 3 times count.

The swap memory shouldn’t been used, because as we saw earlier that memory should be available only for case we have no memory to use in our system. In my case the was are use more that 300MB, which is note so good, because as I said that was normally are on value of 0. In Ubuntu the default value of the swap that can being used although we have free space in the memory is 60% of the swap in total, we can view our swap value in by using the command cat /proc/sys/vm/swappiness, in order to change that value we can use the following command:

sudo sysctl vm.swappiness=10

Please note that in the case of sysctl, the changing of swap is temporary value, which mean after reboot the value will go back to the last value, to make sure this value be permanent we need to change the vm.swappiness on the /etc/sysctl.conf file. The recommended value for the swap is 10% as much as I know, but you can experiment it.

I use the following command for look on my memory changing:

stress -m 6

In that case you can see that swap are really working hard and the cache was release a bit, this is mean that my system going buggy behavior, and now we need to find what causes this issue.

OSCP Post Figure 17 Memory are load up.


According to man page, the iostat report Central Processing Unit (CPU) statistics and input/output statistics for devices and partitions. The iostat is a part of the sysstat package which mean that this packets contain several other tools and one of them is iostat, in my case I use Ubuntu, but if you are using some other operation system that doesn’t have that tool, just install it on you distribution, if it’s Debian like, you can use apt-get, if it is Fedora like, you can use yam, in my case to install the sysstat package I run the following:

sudo apt install sysstat

By running the iostat we can find information about our i/o on our system.

OSCP Post Figure 18 Output of iostat.

The ouput contain the linux kernel version, which is Linux 4.15.0-66-generic and my PC name which is zwerd. you can also see the date (although for just date we use date command). we also can see the type of our operation system which is 64 bit in my case, and that I have 4 CPU available. avr-cpu display the CPU for every of the following

%user - The CPU that used at the user or application level.

%nice - Every process consume the CPU, for every process there is a priority that can be use to decide who is more important and who is not, if you have up to 10 process on the backgound and they want to use CPU, the high-priority process will get consume the CPU before other, in that case the nice value will be negative which mean high-priority for that process.

%system - show the percentage of CPU utilization the been use by the kernel.

%iowait - stand for input/output wait, this is show the percentage of time that the CPU or CPUs were idle during which the system had an outstanding disk I/O request.

%steal - Show the percentage of time spent in involuntary wait by the virtual CPU or CPUs while the hypervisor was servicing another virtual processor.

%idle - Show the percentage of time that the CPU or CPUs were idle and the system did not have an outstanding disk I/O request.

Let’s load up my system to see the changes on our output, I use the command stress --hdd 1, if we use top command we will see the wa load up, which mean that we have many process that in wait time state and they wait for CPU that can process them.

OSCP Post Figure 19 I/O wa by using top command.

We can use -x for extended information that include utilization as well, we also can print out the output as that same way we done on vmstat, it can display output multiple time and delay from each as follow:

iostat -x 3 5

In that case it will print out every 3 second, 5 times.

OSCP Post Figure 20 iostat with extended.

After I load up my hard disk by using stress, this what I got on the iostat output, you can see that the values on the output load a lot.

OSCP Post Figure 21 iostat loadup.

If you have more than one partition, you can use the option -p, this option displays statistics for block devices and all their partitions that are used by the system, you can also display it only for one partition by specify that partifion.

iostat -x -p sdb

OSCP Post Figure 22 iostat for specific partition.


If you want to see the iowait like we saw on iostat but in the form of a display like in TOP command, you can use sar command. This command print out the current status of the nice, system, iostat and others, you can use it to see on real time the status of your system activity.

OSCP Post Figure 23 sar command.

In my case I use sar to display state every second for 5 times, as I already write above, sar is part of sysstat, so if you have some issue to run it, you need to check that it’s enable on the file /etc/default/sysstat:

# Default settings for /etc/init.d/sysstat, /etc/cron.d/sysstat
# and /etc/cron.daily/sysstat files

# Should sadc collect system activity informations? Valid values
# are "true" and "false". Please do not put other values, they
# will be overwritten by debconf!

You can run the command sar -r 1 5, the -r option stand for Report memory utilization statistics, on the output you can find the KBCOMMIT and %COMMIT which are the overall memory used including RAM and Swap.

OSCP Post Figure 24 sar memory used.


If we found that we have some issue on the hard disk because let’s say we found on the iostat command that the i/o work really hard by view iowait that jump up to bigger number or by write and read values from the disk are greater then other, we can find out which program causes that problem, just type iotop.

OSCP Post Figure 25 iotop example.

In my case you can see that he tell us that the most utilizes program in the IO of our hard disk is stress, you also can see that he specify the hdd by side of that, which tell us what option has being used in stress command.

In the iotop you can also see the swapin value, and in my case as you saw earlier, my swap are really utilizes by some program, so I checked it out and find what is the program that used my swap.

OSCP Post Figure 25 iotop swapin view.


This command list open files on your system, which mean you will see all files that are use under you username, so if you run that command it is not very useful, but I tell you what, if you feel like you have some memory issue of hard disk working hard and you check and find what program are running, you can run lsof and grep the program you suspect that make you the issue, and then you can see exactly what files are open with that related to this program.

OSCP Post Figure 26 lsof.

Let’s run stress command for utilizes the hard disk and see if we can find the stress files.

OSCP Post Figure 27 lsof stress files that are in use.

As you can see the binary file are in use, if you see that your computer are leak of speed because of some program and you want to check what files are used by that program, the lsof can be the solution for you.


This tool can tell you the how long the system has been running, also you can find out how much users connect to this PC and what is the load average, the load average first number represent the load time average for 1 minute, the second is for 5 minutes and the last one is for 15 minutes.

OSCP Post Figure 28 uptime.

You can view the exec time in nice mode that can be display.

OSCP Post Figure 29 uptime.


This command show who is logged on and what they are doing, you also can use the who command, but this command can be handy in the network cases, let’s say that some one connect to your computer or server remotly, you can use this w command for checking out what is the source ip of that user.

w -fi

The -f option stand for from filed that will be specify on the output, the -i display on that line the ip address rather the

OSCP Post Figure 30 remote connection.

You can see that I have two connection that one of them have IP address, I made this connection from other PC to my local computer, the first line specified my local user. You also can see that the remote user use zsh program remotely, if I change it to bash on my other PC I will see that on the w output

OSCP Post Figure 31 Using bash instead of zsh.


This tool can help us to find out on the network level processes that using the network, and many connection that are open between your computer and the local network. But first of all it is important to know how we can look at the network level using netstat.

netstat -ie

This command will show us our local network interface with his IP address and MAC address which is the physical address of that interface.

OSCP Post Figure 32 My interfaces network.

It is the same as ifconfig, you can also see the TX and RX which stand for transfer and receive of the bytes over that interface, the eno1 is my physical interface while my lo is the loopback, the interface I used right now is wlp2s0 which is my WIFI interface, you can see that the TX and RX on that interface are pretty high, you can grep that by using the “bytes”

OSCP Post Figure 33 TX and RX.

We also can use netstat to get the statistics of our network interfaces, in that case we will see the count of IP pakets that go though our network interface, we can see the icmp packets that are used for PING traffic and also there is the TCP and UDP packets the go through out interfaces. If we see an error in one of the statistics under specific protocol/field we will know that something on our network are stoping us to get that streem of packets.

netstat -s

OSCP Post Figure 33 Statistics by using netstat.

You can also use netstat -tuna, the -t stand for TCP connection only while -u stand for udp, the -n will show the numericla address instead of trying to find the hostname, -a stand for show both listening and non-listening sockets, so by running this command we can see the connection that are running over the network and their address

OSCP Post Figure 34 Statistics by using netstat.

The command I love to use is netstat -aenp that can show you the program who use the connection and their process ID number which can be handy to find some process that use the connection and stop it by that ID number.

OSCP Post Figure 35 Process ID of networking connection.


If you found some program that make some issues on your commputer, let’s say that you run some script or some tool on your command line or you have some program on the GUI and you want to kill it, in that case you may want to know what is the ID number of that process, after you find out what is the process number ID, as example of top command, you can kill it by using the following:

kill -9 <process ID>

If the program was run on the terminal and you type ctrl+z that it is on suspended state, this is mean that you can change that state and load it again or just kill it. For killing it you need the proccess ID, and if you didn’t record the number ID you can’t find that process on the top because is on suspended, so to find this process ID you can type the follow:

ps -aux

This ps command can show you what is the process ID that are suspended and after that you can kill it. in the case of -aux options, you will see all the process that run under your user, you also be able to see the command you type and suspended under the COMMAND column.

If you want to view in more visualize mode you can use pstree, this command display tree of process, that’s mean that you can more quickly understand how is the parent and child of process. if you use pstree -a you will see the agrument of the program or command that are run on your system. If you want to see specific process on the list you can type the pstree -H <PID>, in that way the all tree print out on the screen but every process that related to chrome will be highlighted.

OSCP Post Figure 35 Chrome process ID using pstree.

If you wnat to see just that process without all the tree we can use pstree -s <PID>.

OSCP Post Figure 36 Chrome processes.

In the network cases process you can also use very handy command that can bring you more relevant information, as example let’s say that we want to see the bandwidth and the statistics of the utilization of that bandwidth with connection information like source and destination address, well for that case we can use iftop command that can bring us information in real time about the traffic that go through out network interface, you can see by using that command the amount of bandwidth that are utilize by which host that have connection to our local computer.

OSCP Post Figure 36 bandwidth of connection in real time.

You can to see in real time the traffic that I have on my wlp2s0 interface. The bigest connection trafic will be on the top of the list and that can give you a clue if you have some program that take advantage of all your bandwidth you can see which is the destination address and go back to the netstat to check what is the process that run this connection.

Another handy tool you can use is nload, this tool are monitor your bandwidth load, which mean you can see if you have a lot of traffic going on the incoming side or outgoing of you interface, in my case I connect to Mint Linux site to download some iso file that you can see my graph changing on the nload command.

OSCP Post Figure 37 Using nload and iftop to see the download traffic.

The graph load up and on the iftop we can see the address that have a connection to my computer which from him I download that iso file.

You can also use iptraf or iptraf-ng these tools allow you to see the connectiviry of TCP connection that came to your computer.

OSCP Post Figure 38 TCP traffic.

Network Monitoring

Let’s say you work at the IT position on some organization and you got some call from the support team that tell you they have some client that his computer work slowly in every action over the network or internet, in that case you will need to check and troubleshoot that issue, you need to find out if the slowness appear when the client work on the internet or on his local network, to do so we have many tools that can help us in these cases.

One of that tools are the iperf, this command can check the bandwidth between two point over the network, this is mean that we can use it to check if the local network have the slowness issue of not, the other tool you can use is speed test, you can find one on online website that can check the bandwidth between you and the internet, in that case you will be able to see if the slowness are appear over the internet.

Let’s start with speed test that I found speedtest.net, you just need to click the button and this site will give you the details.

OSCP Post Figure 39 Speed Test.

In the case of iperf we have two mode, server mode and client mode, it dosn’t matter were you run each mode, what is matter is what is the bandwidth between them, on the client side we need to run iperf -c <server address>, on the server side we just need the command iperf -s, after we run it the detail about the bandwidth between the server and client will reveal.

OSCP Post Figure 40 Iperf.

You can see that in my case the bandwidth from my computer to another in my lab is 2.57GB which is good for me, in the case of our example that you have client that complain about slow network, you may have to check several thing, the first one is to check his and other computer connectivity out of the local network with speed test, after that you will go to the second check which is bandwidth test between two local computer. If on the first test using the speed test, let’s say you found that the client computer work slow by speed test and other computer aren’t, then you run the second test which is the iperf and found low bandwidth connectivity between the two, in that case it’s mean that we have local network problem that can be found on the local network interface or the nearly network device like switch or router.

On the LPI site under 200.2 object you can found that they want the student will have awareness of monitoring solutions such as Icinga2, Nagios, collectd, MRTG and Cacti, well these programs can be install on you computer or other server and you can monitor the resource you have, but the Cacti is monitor program for network connectivity and so the collectd, so I don’t really understand way they want to have a knowledge of these program, in the day day life I don’t thing I am going to use such program to monitor my network resource, but in the case of these program, all of them work in the browser, this is mean that you have some URL and you can view the bandwidth or interfaces status etc.


  1. create some large file that contain more that 100MB.
  2. Transfer that file from other computer in your lab by using nc command.
  3. Check and view the transformation and bandwidth utilization.
  4. Check the CPU and RAM used during the transformation and find the PID.

This is simple challenge but it can help us to rule the commands we learn so far, I know that there is a new command in that challenge like nc, but it you going to linux field you need to have a clue how to solve issue and problems alone by searching the solution and be comfortable with new commands on cli.

1. Create file of 100MB

To create large file I used the fallocate, this command can create for you file in any size you will need, in my case it was very useful.

fallocate -l 100M megafile.pno

This is not really matter what extension for that file you will create, what is matter is that file are in the size we want which is 100 MegaByte.

OSCP Post Figure 41 ls -l.

2. Transfer the file you have to other computer in the LAB.

I created that file on my Kali linux so I tryied to transfer it back to my Ubuntu, on my Ubuntu I set up the netcat to play as server with the following command

nc -vlp 1007 > megabyte.png

On the client which going to be my Kali linux, I run the following command:

nc -v 1007 < megabyte.png

Please note that in my segment the subnet contain more than 254 address which is classless of 23 as prefix, also note the redirection, on the client side I redirect the megabyte.txt file to the connection that I am going to have with netcat, on the server side I redirect the output from netcat to the megabyte.txt which will going to be the same as on my Kali.

OSCP Post Figure 42 Netcat on my Ubuntu, the address is of my Kali.

3. Check bandwidth and utilization.

Wile the file are transfer I run on my Ubuntu the command we saw earlier to view the utilization of the bandwidth on the network interface, the first one was nload command that will give us the information in a half of second what go through in your interface.

OSCP Post Figure 43 nload on my Ubuntu.

I can see that there is a tranformation or more likely data that go through my interface network, but I can see the connection it self, that go in and out through my interface, in that case I needed to use iftop which can tell us each connection what is the source address and the destination.

OSCP Post Figure 44 iftop on my Ubuntu.

You can see the address which is my computer, the Kali has the address, so now we know that there is connection between us and other machine and we know that data are transfer in this connection.

4. Find the PID of the utilize program.

Now let’s say that we want to check the state of our system, like checking the CPU and RAM that used, I run the top command and found some process that showed up on the top of my list, so this is the process that I want to look at it.

OSCP Post Figure 45 top on my Ubuntu.

You can see that I have the PID, so now we want to find and check the state of disk IO, because remember, if there is utilize of the CPU and RUN, something like that can be a program that run on our disk, in my case I know that some program are running on my Ubuntu, so I run iotop command which can tell me what was done on the disk.

OSCP Post Figure 46 iotop on my Ubuntu.

Now you can see by filter the PID we found earlier and found the program that run on our PC, in my case it’s nc program and it’s also showed me part the nc command which contain the port 1007.

Summery: it is important to know how to read and found information of some program in our linux operation system to deal with utilization issues or network problem, the PID can be your best friend to address the issue out but it’s important to know that if we decided to kill process, this action may not be the best solution for that issue, because maybe that problem will appear back again tomorrow, the best solution can be found on the dip level of that issue, we just need to understand why that issue appear and for what it depends, after we found that we may have the ultimate solution that can migrate that issue for best.

Chapter 1

Topic 201: Linux Kernel

When we talk about linux kernel we want to be able to find out what is our linux kernel version and how to read that version, which mean how we know if that version is stable or be familiar with more details that this version number contain.

First of all let’s check our version number, we can done that by using the uname -a command, this command will print out the version number and the name of our machine also time and date and even what is out computer architecture, which is 64bit in my case.

LPIC2 Post Figure 47 My linux kernel core.

The first number is the version number, in my case it is kernel version 4, the next number is the major revision which is my case is 15 and the third number is the minor revision number, the fourth number is the patch level. In the past, in the version of the kernel was a general rule in the number version, in the second number every odd number was as developed version, and the even number was as stable version, as example the 1.5.2 kernel was under development and version 1.6.2 was known as stable kernel version, when the kernel version 2.6.x came along it stay for long time without numerate the number except the last one number, because version 2.6.was awesome and fourth number for the patch number, one more thing that you need to know is that after they release the version 2.6, they get ride of the odd/even number and every new release is stable and not under development, every stable version will develop and update on a new version.

When the version of that kernel raise up and was than Linus Torvalds decided update the enumerating to be more like the old one, which is the first number will be major release, the second will be minor release and the third will be the minor revision which is stable or patch to update abilities on the kernel. You may somtime see like a fourth number which play as a path, in my case of 72-generic this is the Ubuntu specific patch they done.

You can find the versions of kernels that you have in you linux machine under the /lib/modules folder and in each one we can found every modules that are run on our system.

LPIC2 Post Figure 48 My kernels.

We can go to the kernel archive and found there the kernel that are stable and under operation release use. the meaning of longterm is that this kernel version will be available for long time because one of the operation system like ubuntu or centOS or red hat and such may maintain and using this kernel version, this is why you may be seeing some old kernel version in that site.

LPIC2 Post Figure 49 Kernels archive.

If we going to the kernel folder under the kernels version that I showed up earlier, we will see that every module lies on the most appropriate folder.

LPIC2 Post Figure 50 Kernels folder.

In the net folder we will find every module that related to the network card and such, in the fs folder we may found thing that related to the file system, if you want to see every module that are enable on your system, you can just type lsmod.

LPIC2 Post Figure 51 lsmod to see the modules.

As you can see the modules that are enable print out on my screen with lsmod, you can see the module name and it’s size, you can also see what modules are depends on which of the modules as example the vboxdrv module is the module that responsible for the vbox on my PC I guess, and there is three modules that relay and depend on that one which are vboxpci, vboxnetadp and vboxnetflt.

You can remove module by using rmmod you just need to know what is the module name, as example, let’s say that we want the floppy out, so we can grep it in lsmod.

LPIC2 Post Figure 52 find out the floppy by lsmod.

Now, in order to pop it out we need to use rmmod with the name of that module.

LPIC2 Post Figure 53 Remove the floppy module.

If we want the module back in, we need to use insmod, but for insert back from the dead some lost module we need to let him know the exact path for it. we can use find for finding that module.

LPIC2 Post Figure 54 finding the path for floppy module.

We now can use this path to insert that module back in. You can see that now I can find that floppy module in the active module list of lsmod

LPIC2 Post Figure 55 Inserting the floppy.

There is another way to remove module from the active list by using modprobe, in this command we can remove module and insert it back without specified the full path.

LPIC2 Post Figure 56 Modprobe for remove and adding module.

The command modprobe know what is the path of every module by using the modules.dep file, this file contain every module and it’s information and dependencies, to update this file we can use depmod -a that will go and insert the information of the modules to this file.

important thing you may want to know is that module that have dependencies can’t be remove out because it in use, in that case we will need to remove the modules that are use this module.

LPIC2 Post Figure 57 Remove module, error because it in used.

We can get more information about the module by using modeinfo, by using this commend we can found the path for that module, dependencies, version and more parameters that module have, so, in case we want some module use specific parameter, we will remove that module and use modprobe to insert it with the relevant parameter.

LPIC2 Post Figure 58 Module info by using modinfo.

As you can see the usbcore have the param nousb which is boolean, you can insert that module and using that param as example modprobe usbcore nousb=N.

Please remember that all we talk about are the modules and not the kernel option itself, like enable the NAT operation for example. Option like that can be found on /proc/sys/kernel, in this folder you will found every option that are enable on your kernel, if you want to watch the configuration file which from there you enable them, you need to check the sysctl.conf that can found on the /etc folder, in that file you can enable more functionality of the system, like enable ip forwording or such.

You also have the command sysctl which can help you to see add change the option of your operation system

LPIC2 Post Figure 59 View the option that enable on my PC.

As an example we want to change some value of the running setting:

sysctl -w vm.vfs_cache_pressure=80

This command will change the vfs_cache_pressure to value of 80, but please note that this change are made on the running kernel, which mean if you go for reboot the default setting will come in place, if you want to make this changes permanent you need to make these changes on the sysctl.conf file.

You may ask how the linux kernel knows when some device pluge in and lunch his appropriate module, this is done by the udev, this udev responsible for such a thing so he know to load up the usb module when some USB device pluge in.

You can see what going on your commputer by using some command that related to udev, such as lsusb which can show us the devices related to usb,lspci that responsible for CPI bridge or the dmesg that show us all the log we have from the system like in the boot which we can see on the boot the logs that our system run while bring the OS up.

We also have the udevadm monitor which can bring to the screen logs from the system in real time, you can see on the next gif how it work, I plug in my sundisk device and the udev found it and load it’s logs to my screen, he also showed us the remove log when I remove my device from that computer

LPIC2 Post Figure 60 UDEV monitor in real time.

You also need to know that there is a blacklist of modules because let’s say that you plug in some device that have number of driver on you kernel that can support it, but you may want to use just one of them that are the best used for you.

LPIC2 Post Figure 61 blacklist.conf file.

In my case you can see that in the blacklist I have the eepro100 module which mean that if Ethernet card plug in, do not use that old driver, so that is the purpose of that blacklist.

Now let’s say that we want to compile our own kernel so that our kernel will be the latest kernel that can be found in the linux kernel archive.

In the reality, if you asking why you ever customize you own kernel, it can be because you have some old linux system that used for just one purpose like FTP server or somthing like that, in that case you may want to compile kernel without any modules that you know you probably won’t be in use.

So first of all, I will display here the compilation and install of new kernel on my kali linux which is virtual machine that I use a lot, you can read more about that in my other PWK post. My current kernel version are 5.2.0 and I am going to compile kernel 5.4.3 which is that latest version in the kernel archive at this writing time.

We need to use the /usr/src/ directory as our kernel, so after we download the source code and decompress it we need to create kernel folder or at least make symbol link to the kernel folder named kernel. After we download the kernel file from the kernel archive we can extract it by using the tar command.

tar -Jxvf <path to the compress file>

LPIC2 Post Figure 62 tar the kernel file.

Than I run the following command in order to make the symbolic line to kernel folder.

 ln -s /linux-5.4.3 linux

Please note that on the linux folder that we created we have the document for every module that can be use under our system.

For compiling the kernel we need tools that can help us to do so, in my case I need build-essential which is the Informational list of build-essential packages.

apt-get install build-essential

If you want to make kernel on fedora like distro you may need to install “Development Tools”, qt-devel and ncurses-devel.

Now we want to customize the kernel, to do so we going to use make command, this command help us to prepare the kernel and create the configuration that needed, the make command work with target, which mean that we choose some target that tall the make what to do, as example

make clear

This make command going to remove most generated files, it also keep the configuration and enough build support to build external modules.

The first thing we going to do is the make mrpreper command which going to remove all generated files + config + various backup files, this will make the kernel as fresh, like let’s say that you make some kernel file but didn’t install it because you has some other thing to do, and after a while you came back to you computer so you can clean up what you did and start over.

After that we going to configure the kernel, to do so we can use make xconfig, this will bring up configuration window in GUI mode that you can setup what you need in your kernel by using you mouse and mark the setting you want.

LPIC2 Post Figure 62 tar the kernel file.

I my Kali linux I hade a lot of issue that related to some pkg that was needed, if you have such an error, the log of that error will tell you what pkg is missing and all you have to do is apt get install that pkg.

In my case I mange to run xconfig which bring me the configuration menu in GUI mode up to the scree,

LPIC2 Post Figure 63 GUI for configuration menu.

After that case I decided to run the kernel compiling stuff under other machine, and we will continue to see more in my VM ubuntu.

On my Ubuntu I run the make menuconfig, and that bring me the menu for the configuration in my terminal, in this menu we can choose line in the xconfig the setting we want to be on our kernel.

LPIC2 Post Figure 64 Setup config in terminal mode.

In that menu we have several option for each device driver, the M stand for module, this is mean that this driver can be use as a module if needed but it is not part of the kernel, however the asterisk sign “*“ stand for that module will be a part of the kernel and if so, you won’t be able to disable that module from your system, now, if you leave the chosen feature (module) empty, this will mean that this module won’t be available, this is mean that we won’t be able to load it to the kernel even as module.

LPIC2 Post Figure 65 My settings.

You can see that the Hardware Monitoring support mark with asterisk which mean that this module will be loaded to the kernel, than we won’t be able to disable it, the Remote controller support will be load up as modularize feature which mean that we will be able to load or disable this module if needed, I unmark the Sound card which mean that this module are disable and can’t be use as a part of the kernel.

Now after we finish we need to save our configuration, this action will create some .config file that can be showed under our linux folder.

LPIC2 Post Figure 66 My .config file.

This file contain all of our configuration, you can also use make config, but this option will bring you a lot of questions that you must answer, and if you done any mistake you will need to start over, this is way the other option are recommended.

If you use make oldconfig it will take the configuration of the running kernel and load it up to your config file which can be very convenient if you want just enable or disable specific module.

Now we want to make the compilation, so we need to run make bzImage, this going to take some time, this command will create for us the image file. Please remember that zImage are used for tiny file (512k) and bzImage are used for more larger files.

In my case when I tried to run make bzImage I got error about the openssl that can be found, after searching this error on google I found that I need to install libssl-dev which used for openssh development pkg.

LPIC2 Post Figure 67 openssl error.

I tried to run the make bzImage again and now it work, I saw few warning messages that complain about pkg that are missing but it keep the process to make the bzImage which going to be our kernel that contain the permanent modules for our operation system.

After it done to do it’s magic, the kernel will be at the arch/x86/boot/bzImage, and now we need to compile the modules, we can done it by using the command make modules and it also will take a mount of time.

At the end of this process it will run depmod which will create the modules.dep file which contain all the modules information and dependencies.

After the make modules finish we can find the modules we compile under the /lib/modules/ folder which will be contain the modules folder as the name of the kernel version we compile.

Now we need to install the modules with the command make modules_install it will install the modules under the /lib/modules/kernel-version which is the kernel version of our modules.

At the end of modules installation you will see that it run depmod which is build the list of every module and it’s dependencies, now all we need to run is make install, this command will install the kernel on our system and it use dracut which going to make some changes in our boot folder and in the GRUB to make some new option to load the new installing kernel so we can choose it one the GRUB menu, it also create the initrd which is minimal file that use in the RAM to load up the kernel.

Just think about that, you boot up your system and your GRUB need to load up your kernel, your kernel contain many modules for manage the devices parts, he need to load them up from the hard disk, but there is a problem, he can’t use the hard disk because he need module to do so and all of the module are in the hard drive, so for this issue there is the initrd, this file contain minimal modules that needed to load the hard disk for example, after that he load the kernel which will be able to load more kernel from the hard disk.

You can find the initrd under boot folder, usually every kernel have it’s own initrd, in my case my ubuntu contain 2 image of the kernel, one is 4.15.0-70 and the other is 4.15.0-72, the same numbering code have on my initrd files.

LPIC2 Post Figure 68 initrd files.

Let’s take a closer look at this file, it will help you understand more about this file, so I’m run the command file on one of the init file to check what is the type of that file, in that way I will be able to find out how to read that file.

LPIC2 Post Figure 69 the file type.

As you can see the type of this file is an archive and it’s cpio file which is compress, so now we know that we need to decompress this file in order to be able to read it, to do so I going to use cpio command.

LPIC2 Post Figure 70 Extract from cpio file.

The option -i stand for extract files from an archive and the -d create leading directories where needed, the -m retain previous file modification times when creating files and -v used for verbose.

In our case we can see the folder that cpio extract to and this can give us a clue about the init file, but if you notice, at the end of the output was print out 56 blocks, and every block is 512 bytes so we viw write now in the first 33280 bytes of this file, but as you saw before, this file contain 54M which are more bigger then 33K we saw, so were is the rest of that file?

This situation lets us know that not all the file was open by the cpio, and the rest of that can be something else or new cpio file because in the cpio there is an header that he knows the start and finish of file, so we need the rest of the file, to achieve that goal we can use dd to take fixed size for that file and output it to use file.

dd if=initrd.img-4.15.0-70-generic of=initrd.img-4.15.0-70-generic_OUT bs=512 skip=56

In this command I specified the input file which is the initrd.img-4.15.0-70-generic and the output file going to be initrd.img-4.15.0-70-generic_OUT, the block size are 512 bytes and we want to skip the first 56 blocks.

LPIC2 Post Figure 71 Create new file using dd.

What we need now is to use file again to see what is the type of our new file we have.

LPIC2 Post Figure 72 The second file.

So this also cpio file, I used cpio to extract that file and found other files that was extracted out.

LPIC2 Post Figure 73 Extract again using cpio.

Now we need to repeat the process again with dd and after that using file command. You can see that we found gzip file so now we need to use gzip to see the contect of that file, in the gzip case the file must contain extension of gzip else we will get some error, so I use mv to change the extension and that use the gzip command.

gzip -dlv initrd.img-4.15.0-72-generic_OUT2.gz

This will bring file name initrd.img-4.15.0-72-generic_OUT2 so now we need to check that file type again. in my case it was cpio. so I decompress it.

LPIC2 Post Figure 74 Extract again using cpio.

To see if this is the end of our search of initrd we can can use dd and if he print out record of zero, it’s mean that this is it.

LPIC2 Post Figure 75 This is it.


  1. Create your minimal linux kernel and archive it as iso file (you can use the minimal linux live project).
  2. Run the file on virtual machine and check if it working correctly.
  3. check if you have network activity, if you haven’t, try to solved it and check connectivity on your local lab.

To solve this issue I will go with you step by step how to make new minimal linux kernel, I am going to use the minimal linux live project that was written by davidov.i@gmail.com, you can find the minimal linux document at the following URL:Minimal Linux Tutorial.

1. Create minimal linux kernel.

So first of all I login to the following URL:http://minimal.linux-bg.org/, I download the file minimal_linux_live_15-Dec-2019_src.tar.xz, I extract the file by using tar -Jxvf and folder with the same name was created on the local directory which are contain the script file for making new ios image, the name of that file is build_minimal_linux_live.sh which is executable file.

By running this file we run all of the script that exist in that folder, like 02_build_kernel.sh and 05_prepare_sysroot.sh.

LPIC2 Post Figure 76 our scripts.

while running that script, on my terminal I saw what he did which going to create new file and setup the .config file and make it and create initramfs which going to be use under the iso file which I am going to have after that script will done it magic, and this take long time to cook, but on the second script 02_build_kernel.sh you can see that we use mrproper to clear the local config file and after that we going to create new config file base on the kernel.config file.

LPIC2 Post Figure 77 make config file.

Now we need to find the iso file which we going to use on our virtual machine, in my case I have vbox to I am going to create new machine with that file image and load the machine up.

The iso was created on the current directory named ./minimal_linux_live.iso, I found that by using the follosing command.

find . | grep "\.iso"

Now I need to transfer that to my local machine, I not going to use usb or any sort of device, I am going to run nc again and transfer the file over my local network.

LPIC2 Post Figure 78 My new iso file.

2. load up the iso file in the vm machine

So now I create new machine and set my iso file as the disk to load it at boot time.

LPIC2 Post Figure 79 My minimal linux.

You can see that it start to boot up, and I need is to wait and see if it going to bring me some minimal linux environment with tools to work with.

LPIC2 Post Figure 79 My minimal linux.

It’s look good and I succesfully run some bash commands. I also have network interface with IP address that he get by DHCP.

3. check network connectivity.

I just run ping to with is google dns server and I saw reply from this server.

LPIC2 Post Figure 80 Checking network connectiviry.

So we finish our challenge, so we can proceed foreword to the next chapter.

Chapter 2

Topic 202: System Startup

In linux systems we have the way to control the system mode we going to load up, we have numbers of system mode type that some of that very useful and some of them are not in use, as example one of them is full system mode that contain everything that normal system can contain for work, we have also single user mode that can be use to do specific thing on the machine, that sort of control tool called runlevel. In the linux world we can use run level to boot up specific mode of our operation system.

We can setup also runlevel as we want, as example we can enable create runlevel that enable on the system the mail service and disable apache2, in that way we can customize the system with specific tools and program that can be work on it, this is quite useful because let’s say you have user on your organization that use tools that related to design pictures or document and he need connectivity to the network and this is it, in that case why we allow the vsftpd service for example, this is not useful for that user, so we can disable that on customize runlevel.

If we talk about systems like Red Hat systems in my case centOS you can run runlevel, this command will show us the runlevel that our system run for, in my case it was N 5.

LPIC2 Post Figure 81 My runlevel on centOS.

The 5 means that we working now with runlevel 5, the N means that the previous runlevel was none, if we change the run level for 3, the numbers will be 5 3. To change the runlevel on the running machine we can use the telinit.

LPIC2 Post Figure 82 init 3 on centOS.

You can see that I on the command line level, so in that case I can change it again to level 5 and it will bring up the GUI environment again, you can see now that if I run runlevel command I can see that the last runlevel was 3, and now it set on level 5.

LPIC2 Post Figure 83 init 5 on centOS.

Now let’s look on the configuration file of that inittab, you can find that file on /etc/inittab, this configuration file contain several init level. 0 - halt which mean that if we use that init, the system will go shutdown, this is why it is recommended not to setup the runlevel at this init level or at level 6, 1 - single user mode for administrative tasks, 2 is multiuser mode without NFS and 3 is fill multiuser mode, 5 is x11 which have the nice GUI view with desktop environment.

LPIC2 Post Figure 84 inittab file on centOS.

You can see on the bottom of that file the line id:5:initdefault:, we can change it value to what init level we want and on the next boot it will bring the new init level up, what you mast not do on that file is to setup the run level for 0 or 6 which cause your system won’t be able to load the user enviroment and we can’t work in that case.

If you want to see your level on Debian like as Ubuntu you can also run runlevel command or check your sysinit.config file on /etc/init.d folder this file contain the init level for distribution like Debian and you can change it what ever you like but please notice that this run level in my case on Ubuntu is pretty different from Red Hat like distrabution, in my case I found that information in the man page of telinit file.

LPIC2 Post Figure 85 Runlevels on Ubuntu.

You can see that the most used are 2, 3, 4, 5 and they call it SysV instead of runlevel. You also can see the current runlevel you run on Ubuntu on the rc-sysinit.conf file.

LPIC2 Post Figure 86 rc-sysinit.conf file on Ubuntu.

Let’s go back to centOS machine, we have folder called rc.d which contain the folders for each runlevel, as example the rc3.d is conatin simbolic link of the utility that going to be active on that run level.

LPIC2 Post Figure 87 rc3 on centOS.

Every simbolic contain in it’s name sign for it’s operation on that system, as example as you can see the first one utility is K01smartd the K stand for KILL which mean that this smartd will kill down if we change the current run level to number 3 on flay, the numbering is the sort of every utility, which mean the system will go every utility and take care of it, in my case the smartd will killed first and oddjobd is the second one service that going to be kill.

We also have service with their name contain S which stand for start, in that case the system will go one by one and start every such service, so as you can see we can change specific runlevel and disable it’s working services or enable others by just chaning the name of the simbolic link, as example in the case of K01smartd.

mv K01smartd S01smartd

In that case if I switch to run level 3, I will be able to use smard service. You may also notice the numbering on every service, this number are allow us to choose the order of execute every service under this run level, We also change use tool to do that task chkconfig, if you run chkconfig --list it will bring you the list of every service and it’s operation state of every run level.

LPIC2 Post Figure 88 list on chkconfig.

In my case I run the following command.

chkconfig smartd on

This will bring the smartd to be active in run level 2 - 5.

LPIC2 Post Figure 89 list on chkconfig - smartd are active.

To change this service mode back you just need to use off option.

chkconfig smartd off

On Ubuntu the rc folders can be found under /etc and the concept is the same as we saw on centOS, the difference is on the change mode utility, in Ubuntu it’s update-rc.d and it’s do the same as we done with chkconfig.

update-rc.d dnsmasq start

If you want to change the operation state permanently you need to use disable or enable instead start or stop. You can also remove it from the symbolic links with the remove option.

So far we saw the command chkconfig that can help us to view all the services on centOS system or any Red Hat like distribution, on Ubuntu we can use the command netstat -tulpn as we saw on chapter 1, but for the matter fact we can use more handy command like service --status-all, this command will show us every service that exist on our system and each status.

LPIC2 Post Figure 90 all services on my system.

We also can use systemd which can bring us more clear state of our services, all we need to do is to run systemctl.

LPIC2 Post Figure 90 Systemctl command.

Systemd can used to define the system state, we have extensions named .target or .service and etc, for example ls /usr/lib/systemd/user this command will bring us list of file in the user folder and you will see some services there.

LPIC2 Post Figure 91 systemd user command.

Of figure 90 you can see that some services are enable and some of them are disable, the services that are on static state means that they have some service that they depend of, so if you want to kill that service it’s can’t be done until we will stop the depended service.

So we saw that the services are lived in /usr/lib/systemd and also in /etc/systemd/system, if we take a look on one of them we will see some lines that systemd use them to know how to start or kill service.

LPIC2 Post Figure 92 the service itself on system.

As you can see this file contain some description and after field, this after field mean that the services - NetworkManager-wait-online.service network.target network-online.dbus.service, must be on enable state and only after that was done, we can bring the teamviewerd.service service up. you can see also the ExecStart field that contain the exact command for running that service.

If you check, you will find that most of the services are symbolic link to other location and most of them are for /lib/systemd/system.

LPIC2 Post Figure 93 Symbolic links.

If we will use the list-units option in systemctl we will may see some services that was failed on the boot time or later, in this case if that service are importance we can bring it up by start it, or enable it.

For summery, this systemd with the systemctl command is another way to check and set the init files, this is also applied on many linux system like Red Hat and opensuse servers for enterprise, there is some distribution that don’t use systemd, but this is only on the desktop linux version, it’s more likely to find systemd in used on enterprises systems.

Now, for this chapter 2 we need also be familiar with GRAB legacy and GRAB2, this GRAB stand for GRand Unified Bootloader, this is bootloader which mean this is the first menu that the computer bring up, in this menu we can choose what operation system we want to load up, let’s say that you have some DELL PC and you want that one partition will be Windows and the other contain Linux, you can do so and the GRAB is the menu which bring you the option to choose between the OS’s.

You must also be familiar with the different between those two, GRAB legacy is the first version of that GRAB project and on the most linux version you may see that GRAB is on version 0.97 like as follow in centOS (version 6)

LPIC2 Post Figure 94 GRAB 1 which is the GRAB legacy.

You can see that in my case the GRAB menu doest contain any other option except centOS 6, I want to show you how this is done, so for that case I download Ubuntu 9 which contain GRAB legacy, I also will install Windows XP on my virtual machine and I will create two partition which one of them will contain the Linux and the other will be Windows, please note that windows contain some different boot loader but this is beyond the scope of our LPIC2 exam.

If you want to do this exercies on you virtual machine you can download Ubuntu 9 from the following URL: http://old-releases.ubuntu.com/releases/9.04/ubuntu-9.04-desktop-i386.iso

You can also find the Windows XP on the following link: https://ia802908.us.archive.org/26/items/WinXPProSP3x86/en_windows_xp_professional_with_service_pack_3_x86_cd_vl_x14-73974.iso

Product key for windows XP:


What we going to do is to install the Windows XP on virtual machine and after that load up the Ubuntu 9 from bootable device and load up the Ubuntu, this Ubuntu will sense the windows and it will ask us to done the installation side by side the Windows and for that he will create partition for it’s installation and will setup the GRAB legacy menu for us.

So first of all I install windows XP on my virtual machine, this task doesn’t take long time to do, just run through the installation processes till it finish.

LPIC2 Post Figure 95 Windows XP setup.

After it done I had clean and nice desktop so now it time to start the Ubuntu through bootable device and checkout what append.

LPIC2 Post Figure 96 Windows XP Desktop.

I am usin virtual box as my virtual machine so I added new optical disk which is my Ubuntu9 and bring that optical disk to be on the first option in my boot order.

LPIC2 Post Figure 97 Boot order.

I start the virtual machine again and my Ubuntu popup it’s installation manu.

LPIC2 Post Figure 98 Boot Ubuntu 9.

In the installation menu my Ubuntu detect that there is an Windows XP installed on the hard disk, so it give me the option for install the Ubuntu OS side by side the Windows OS.

LPIC2 Post Figure 99 OS’s side by side.

After I choose that option it resize the partition size for me, now al I have to do is the usual staff, to choose user name and password for that OS.

LPIC2 Post Figure 100 Ubuntu 9 installation process.

After it finish it restart and bring up the GRUB menu, however it’s doesn’t show me what is the version which normally on the upper bar menu.

LPIC2 Post Figure 101 GRUB menu.

I boot up my Ubuntu 9 to view the GRUB menu, to check the version just run the grub-install --version, this command will print the current version of our GRUB.

LPIC2 Post Figure 102 GRUB version.

in the case of GRUB legacy we have two file that are important, the first is menu.lst which is pointer file to grub.conf, the second is grub.conf which contain the configuration file for the GRUB menu. In Ubuntu 9 we only have menu.lst which we can change if we want to change the GRUB menu.

In the menu.lst file there is many option that comment out, the most importance thing is can be found on the end of that file, the kernel option and initrd.

LPIC2 Post Figure 103 GRUB options in menu.lst.

Please remember that if you have some issue with GRUB and after boot you find yourself in grub> command line, you can type help which will reveal the command that can be use, but you can also setup the kernel path for the kernel file and the initrd as the same you saw in the menu.lst file.

You also need to specify the root partition, which in our case can be a problem because this is some UUID with some long number that must be specified, so if we don’t know the UUID we can bootup from some bootable device and find that information on the /etc/fstab file.

LPIC2 Post Figure 104 fstab file.

We will see more as we proceed, now I want to show you the same on centOS, in the operation system we have the grab.conf which is the pointer to menu.lst

LPIC2 Post Figure 105 menu.lst on centOS.

In that case we have ‘mapper’ which is long, this also can be found in fstab file as we saw earlier.

If for some reason you get stack on grub> and you know shorly that this is GRUB2, for your kernel file you need specified the linux with it’s vmlinuz file and the inited file, you can also use ls command which reveal the partitions and set which will give you clue about all value that are set on your grub, and if needed change every value you need.

Please remember that like in GRAB legacy you must specified the root partition with the linux kernel line on the GRUB2.

You can also practices on the grub menu without to mack changes on your actual system, juest when the grub menu reveal it self, press c for command line or e for edit the chosen line in the menu.

LPIC2 Post Figure 106 GRUB 1 command line.

After you finish up the settings just type boot and it’s will boot up the system with your config, if you set it correctly it will bring up your system, if not it will bring the GRUB menu again and it is the same in the case of GRUB1 and GRUB2.


  1. Upload to your chosen system, it can be any virtual system that contain only GRUB legacy.
  2. Change the run level for number 0 or 6 on the system.
  3. Try to bring up the system by changing the runlevel to the first runlevel again in the GRUB menu.
  4. do the same exercise on GRUB2 system.

1. Upload OS with GRUB legacy.

I am going to use my virtual machine that I show you before, please remember that I have two OS on that machine, the first is Ubuntu 9 with contain the GRUB legacy and the second is Windows XP.

Right now that machine working fine and it load the GRUB and give me the option to choose what operation system I want to load up, so I load my Ubuntu and opened the terminal right after it load succesfully.

LPIC2 Post Figure 107 Ubuntu 9 with terminal open.

2. Change the RUNLEVEL.

To check what is the current runlevel we need to type the command runlevel, in my case my Ubuntu on runlevel 2.

LPIC2 Post Figure 108 Ubuntu runlevel.

if you remember in Ubuntu we have argument for runlevel that are from 2-5 and they specified the multi-user mode like we saw in the man page for telinit, for changing the run level we can using telinit command.

I choose to use telinit 6 for changing the runlevel to 6 which will cause the system to reboot every time you load up the OS.

After I done so the system goes down and restart again, but it load the system and doesn’t restart again like it should do, so I check it again with runlevel command and I found that it on runlevel 2.

LPIC2 Post Figure 109 Ubuntu runlevel 2.

So now I need to find out how to change the runlevel permanently, for doing so I found out that there is some script that set the runlevel by using telinit on startup, that file is /etc/event.d/rc-default and I changed the last statement to run telinit 6 this should run for runlevel 6 permanently.

LPIC2 Post Figure 110 Changing the runlevel 2 to 6 which is reboot.

In the GIF image you can see that I change the rc-default file for telinit 6, this is the default script that run right after the system is bootup, so in that case it reboot itself again, this is cause for reboot loop that if someone that doesn’t have the knowledge in Linux, he won’t be able to bring the system up in that situation.

3. change back to runlevel 2 on the GRUB.

So far for now it’s problem because the changes we made make the system to be in reboot loop, we can solve it simply by made some changes in the GRUB menu, we just need to change the value quiet sptash on the kernel line to single which going to bring us single mode and we will be able to see it on the runlevel after we start up.

LPIC2 Post Figure 111 Changing for signle mode in the GRUB.

Now all I done is press enter and b for boot and the system give me the following menu.

LPIC2 Post Figure 112 Recovery mode.

After I choose the resume normal boot the system load up and I was able to run the terminal in my Ubuntu, I type runlevel and it echoed out S 2, but when I checked on the /etc/event.d/rc-default I saw that the lest telinit is still on 6 which is not good.

I change that file for telinit 2 and save it, after that I reboot the system and it load up again like charm.

4. Do the same on system with GRUB2.

I checked if I have some OS that contain GRUB2, I found that I have virtual machine with Ubuntu 18, the GRUB file in that system need to be at the following path /etc/default/grub, I load that system and didn’t see the GRUB2 menu, so I need to make changes in the GRUB file.

You can see that I comment out the GRUB_DEFAULT and GRUB_TIMEOUT_STYLE, and change the GRUB_TIMEOUT to value 10 instead of 0.

LPIC2 Post Figure 113 GRUB2 file.

Now all I need to do is run update-grub, and I may need to run it with sudo, now if I reboot the system it will bring me the GRUB menu.

LPIC2 Post Figure 113 GRUB2 menu.

Now we need to make the same issue we have done on Ubuntu 9, for that I am using systemctl which can help me to setup the default runlevel.

LPIC2 Post Figure 114 systemctl.

Now if I trying to restart the system it will be boot again in loop which is exactly what we needed.

LPIC2 Post Figure 115 GRUB 2 on Ubuntu 18 in loop mode.

To solve it we need to get in the kernel line in the GRUB and change it. I found the quiet splash and remove it, I write 5 for runlevel 5 and press F10 for reboot and sure enough it boot up the OS GUI.

LPIC2 Post Figure 116 add runlevel5 in GRUB2.

Now all I have to do is to type systemctl set-default runlevel5.target and that it, if I try to reboot the system it will reboot without any problem like we had before.

LPIC2 Post Figure 117 Changing to runlevel5 using systemctl.

Please note that I am using Ubuntu which more like Debian, if you use centOS you may use and change inittab file.