Linux architecture explained
Understanding the Linux architecture is essential for a security analyst. When you know how a system is organized, it makes it easier to understand how it functions. In this reading, you’ll learn more about the individual components of Linux architecture. A request to complete a task starts with the user and then flows through applications, the shell, the Filesystem Hierarchy Standard, the kernel, and the hardware.
The user is the person interacting with a computer. They initiate and manage computer tasks. Linux is a multi-user system, which means that multiple users can use the same resources at the same time.
An application is a program that performs a specific task. There are many different applications on your computer. Some applications, such as calculators or calendars, typically come pre-installed on your computer. Other applications, such as web browsers or email clients, might have to be installed. In Linux, you’ll often use a package manager to install applications. A package manager is a tool that helps users install, manage, and remove packages or applications. A package is a piece of software that can be combined with other packages to form an application.
The shell is the command-line interpreter. Everything entered into the shell is text based. The shell allows users to give commands to the kernel and receive responses from it. You can think of the shell as a translator between you and your computer. The shell translates the commands you enter so that the computer can perform the tasks you want.
Filesystem Hierarchy Standard (FHS)
The Filesystem Hierarchy Standard (FHS) is the component of the Linux OS that organizes data. It specifies the location where data is stored in the operating system.
A directory is a file that organizes where other files are stored. Directories are sometimes called “folders,” and they can contain files or other directories. The FHS defines how directories, directory contents, and other storage is organized so the operating system knows where to find specific data.
File paths are also related to the FHS. A file path is the location of a file or directory. Everything starts at the root directory. The root directory is the highest level directory in Linux. After this, subdirectories branch away from this. These subdirectories may contain files or additional subdirectories that continue to branch further away from the root directory.
Standard FHS directories
The FHS defines certain standard directories that must be present in Linux. These standard FHS directories are located directly below the root directory. Some examples of these standard directories include:
- /etc: This directory stores the system’s configuration files.
- /bin: This directory is “binary” and contains binary files and other executables. Executables contain a series of commands a computer needs to follow to run programs and perform other functions.
- /tmp: This directory stores many temporary files. The /tmp directory is commonly used by attackers because anyone in the system can modify data in these files.
- /home: Each user in the system gets their own home directory.
- /mnt: This directory stands for “mount” and stores temporary media, such as USB drives.
The kernel is the component of the Linux OS that manages processes and memory. It communicates with the applications to route commands. The Linux kernel is unique to the Linux OS and is critical for allocating resources in the system. The kernel controls all major functions of the hardware, which can help get tasks expedited more efficiently.
The hardware is the physical components of a computer. You might be familiar with some hardware components, such as hard drives or CPUs. Hardware is categorized as either peripheral or internal.
Peripheral devices are hardware components that are attached and controlled by the computer system. They are not core components needed to run the computer system. Peripheral devices can be added or removed freely. Examples of peripheral devices include monitors, printers, the keyboard, and the mouse.
Internal hardware are the components required to run the computer. Internal hardware includes a main circuit board and all components attached to it. This main circuit board is also called the motherboard. Internal hardware includes the following:
- The Central Processing Unit (CPU) is a computer’s main processor and is used to perform general computing tasks on your computer. The CPU executes the instructions provided by programs, which enables these programs to run.
- Random Access Memory (RAM) is a hardware component used for short-term memory. It’s where data is stored temporarily as you perform tasks on your computer. For example, if you’re writing a report on your computer, the data needed for this is stored in RAM. After you’ve finished writing the report and closed down that program, this data is deleted from RAM. Information in RAM cannot be accessed once the computer has been turned off. The CPU takes the data from RAM to run programs.
- The hard drive is a hardware component used for long-term memory. It’s where programs and files are stored for the computer to access later. Information on the hard drive can be accessed even after a computer has been turned off and on again. A computer can have multiple hard drives.