1

Chapter 8
OS Installation, Recovery and
System Logs
ITP3901 OPERATING SYSTEMS FUNDAMENTALS
(AY 2019/20)
 2

OS Installation

Chapter 8 - OS Installation, Recovery and System ITP3901 Operating Systems Fundamentals

Logs
 3
OS Installation

 OS installation is the process of creating and copying OS system

files to a hard disk.
 Before installation, check whether the OS supports all the software
that will be loaded on the system.
 To become familiar with the OS itself is advantageous because
during installation process, some important configuration decisions
will have to be made.

Chapter 8 - OS Installation, Recovery and System ITP3901 Operating Systems Fundamentals

Logs
 4
Hardware Compatibility Lists

 Before installation, make sure that the key elements (CPU, RAM and
hard disk space) of the system hardware meet the minimum
requirements of the OS.
 Check with the OS and hardware manufacturers to verify that the
hardware is compatible with the OS.
 The software and hardware manuals may contain compatibility
information.
 The update compatibility information is the World Wide Web.

Chapter 8 - OS Installation, Recovery and System ITP3901 Operating Systems Fundamentals

Logs
 5
Installation Media

 Usually, OS is installed using a DVD that contains the system files

and an installation program.
 It can be installed using local network.
 It may also be installed through Internet if there is a high-speed
connection.

Chapter 8 - OS Installation, Recovery and System ITP3901 Operating Systems Fundamentals

Logs
 6
BIOS Settings

 It is important to set the boot sequence in BIOS before the

installation.
 For example, if we use a CD ( DVD ) to install the OS, we should set
the first boot device to be CD-ROM ( DVD ) in BIOS settings.

Chapter 8 - OS Installation, Recovery and System ITP3901 Operating Systems Fundamentals

Logs
 7
Installation Program

 In MS Windows, the installation program is called setup.exe.

 In a Red Hat Linux system ( including Fedora ), the installation
program is called Anaconda.
 The installation program will guide the user through the OS
installation process.

Chapter 8 - OS Installation, Recovery and System ITP3901 Operating Systems Fundamentals

Logs
 8
Installation Program

 The installation program controls and simplifies the installation process.

 The installation program
prompts the user for configuration
information.
 The installation program
allows partitioning and
formatting of the hard disk before
copying system files.

Chapter 8 - OS Installation, Recovery and System ITP3901 Operating Systems Fundamentals

Example of Fedora 30
Logs
 9
Installation Program (Cont.)

 The installation program will also give the user the option
to install a default set of components or choose the
components manually.
 It is recommended to use the default setting for new users
since it will simplify the installation process and ensure a
successful installation.

Chapter 8 - OS Installation, Recovery and System ITP3901 Operating Systems Fundamentals

Logs
 10
Update OS

 To ensure the security of the OS, update the OS

regularly, and as soon as possible after a security
announcement is issued.
 Updated software packages for the OS will be released
throughout the support period of each version.

Chapter 8 - OS Installation, Recovery and System ITP3901 Operating Systems Fundamentals

Logs
 11
Update OS (Cont.)

 OS will generate a notification message to the user if updates are

found, and you can click the message to update.
 To update the OS in Windows, you can click Start > Programs >
Windows Update.

Chapter 8 - OS Installation, Recovery and System ITP3901 Operating Systems Fundamentals

Logs
 12
OS Recovery

 There are methods in OS to return itself to a usable state even if it is

badly damaged.
 In Windows, the methods are in Recovery of Control Panel.

Chapter 8 - OS Installation, Recovery and System ITP3901 Operating Systems Fundamentals

Logs
 13
Windows Recovery

 The first method uses a type of backup called a system image, which
you need to have created earlier.
 The second method reinstalls Windows, either from a recovery image
provided by your computer manufacturer, or from the original
Windows installation files.

Chapter 8 - OS Installation, Recovery and System ITP3901 Operating Systems Fundamentals

Logs
 14
Windows Recovery

 The first method is better since most of your files, programs, and
settings are preserved on the system image. You will only need to
reinstall or restore any programs, updates, or files that you added after
the date you created the system image.
 However, if the system image was made recently, there is a chance it
could contain the problem you are trying to fix.

Chapter 8 - OS Installation, Recovery and System ITP3901 Operating Systems Fundamentals

Logs
 15

Backup and
Recovery

Chapter 8 - OS Installation, Recovery and System ITP3901 Operating Systems Fundamentals

Logs
 16
Planning for Disaster Recovery

 Administrators need to be prepared for the possibility of

server failure and/or file and folder loss at all times
 Backup utility is designed to restore an operating system
or data in case of failure and operating system may include
this utility
 Types of backups and backup hardware and software is
dictated largely by the size and type of organization

Chapter 8 - OS Installation, Recovery and System ITP3901 Operating Systems Fundamentals

Logs
 17
Backing Up and Restoring Data

 Tasks that can be performed include:

 Back up and restore files and folders
 Schedule a backup

Chapter 8 - OS Installation, Recovery and System ITP3901 Operating Systems Fundamentals

Logs
 18
Backup Types

 Backup types include:

 Full backup
 Incremental backup
 Differential backup

Chapter 8 - OS Installation, Recovery and System ITP3901 Operating Systems Fundamentals

Logs
 19
Full Backup

 Backs up all selected files and folders

 This type of backup can be inefficient because it does not take into
account whether files have changed

Chapter 8 - OS Installation, Recovery and System ITP3901 Operating Systems Fundamentals

Logs
 20
Incremental Backup

 Backs up only files that have changed since last normal or

incremental backup
 Reduces the size of backup jobs
 Restore process is more complicated
 Full backup and incremental backups must be restored in order

Chapter 8 - OS Installation, Recovery and System ITP3901 Operating Systems Fundamentals

Logs
 21
Incremental Backup Restore

Monday Tuesday Wednesday Thursday

Backups
data
data
data

full incremental incremental FAILURE

2 3
1

Restore
data

Chapter 8 - OS Installation, Recovery and System ITP3901 Operating Systems Fundamentals

Logs
 22
Differential Backup

 Backs up only files that have changed since last full backup
 Differential backups are cumulative. Once a file has been changed, it
will be included in all subsequent differential backups
 Reduces the size of backup jobs compared to full backups but not
incremental backups
 Restore process requires only the full backup and the latest
differential backup

Chapter 8 - OS Installation, Recovery and System ITP3901 Operating Systems Fundamentals

Logs
 23
Differential Backup Restore

Monday Tuesday Wednesday Thursday

Backups
data data
data

full differential differential FAILURE

2
1

Restore
data

Chapter 8 - OS Installation, Recovery and System ITP3901 Operating Systems Fundamentals

Logs
 24

System Logging in
Linux

Chapter 8 - OS Installation, Recovery and System ITP3901 Operating Systems Fundamentals

Logs
 25
Why logging is necessary?

 Identify hardware problems

 Identify software problems
 Evidence of hack-in
 e.g. IP-Address, actions
 Record of user’s activities
 e.g. command or script executed

Chapter 8 - OS Installation, Recovery and System ITP3901 Operating Systems Fundamentals

Logs
 26
Type of Logging

 Software logs – Generated by running applications, these show the

status of applications, errors and warnings.
 System logs – Generated by syslogd, these report the status of
disks, hardware and system processes.
 Kernel logs – Generated by klogd, these are concerned with
kernel processes, statistics and so on.

Chapter 8 - OS Installation, Recovery and System ITP3901 Operating Systems Fundamentals

Logs
 27
Log Files

 Log files are files that contain message about the system, including kernel,
services and applications running on it.
 There are different log files for different information. For example, there is a
default system log file, a log file just for security messages, and a log file for
cron tasks.
 Some log files are managed by a daemon called journald, a component of
systemd. The journalctl command lets you interact with the journald.

Chapter 8 - OS Installation, Recovery and System ITP3901 Operating Systems Fundamentals

Logs
 28
Location of Log Files

 Most log files are stored under the /var/log directory.

 There are multiple files in the log file directory with numbers after them.
These are created when the log files are rotated. Log files are rotated so
their file sizes do not become too large.

 Applications such as
 httpd(apache web server) and
 samba(for sharing file with MS Windows clients)
have a directory within /var/log for their log files.

Chapter 8 - OS Installation, Recovery and System ITP3901 Operating Systems Fundamentals

Logs
 29
Default System Log File

 The default system log files are stored in the directory /var/log.
 This log file is typically the recipient of all informational class
messages generated by the system.

Chapter 8 - OS Installation, Recovery and System ITP3901 Operating Systems Fundamentals

Logs
 30
Why logging policy is necessary?

 Disk space is limited (you cannot record all activities related to

your system)
 Data has limited life cycle.
 e.g. log data of hardware may be only useful for a month.

Chapter 8 - OS Installation, Recovery and System ITP3901 Operating Systems Fundamentals

Logs
 31
Logging Policy

1. Throwing away log files

2. Reset log files regularly
3. Rotate log files
4. Compress and archive logs to other media

Chapter 8 - OS Installation, Recovery and System ITP3901 Operating Systems Fundamentals

Logs
 32
Throwing away log files

 Do not keep log at all

 Not recommended
 In real world, it may take long time for you to realize that the system was
hacked.
 Software and hardware within one month is very useful.

Chapter 8 - OS Installation, Recovery and System ITP3901 Operating Systems Fundamentals

Logs
 33
Reset log files regularly

 Allow log file to grow until they reach the pre-defined size, then
restart the log from zero.
 Do not guarantee that log will be kept for expected time
 e.g. if a system is attacked by someone then system write a lot of data to
log file. The size of log file will over the limit and re-set quickly.

Chapter 8 - OS Installation, Recovery and System ITP3901 Operating Systems Fundamentals

Logs
 34
Rotating log files

 Keeping log for a fixed period

 By versioning
 Use a script to rename the log files
 Rename the current log to older log
 Rename the past log to even older log

Chapter 8 - OS Installation, Recovery and System ITP3901 Operating Systems Fundamentals

Logs
 35
Two Approaches on Log Rotation

 “version based”
 Version based rotated the log in such a way that the old file has a
suffix 1, the older file has a suffix 2, etc. Each time log rotate N
files are preserved.
 “date based”
 Date based used daily or weekly of month rotation pattern and
each rotated log is marked by timestamp.

Chapter 8 - OS Installation, Recovery and System ITP3901 Operating Systems Fundamentals

Logs
 36
Example – Rotating log files
(version based)

Monday Tuesday

todayLog => logfile.1 todayLog => logfile.1

logfile.1 => logfile.2 logfile1. => logfile.2

logfile.2 => logfile.3 logfile2 => logfile.3

logfile.3 => Gone … logfile.3 => Gone …

Chapter 8 - OS Installation, Recovery and System

Logs
 37
Example – Rotating log files
(date based)

Chapter 8 - OS Installation, Recovery and System

Logs
 38
Linux Log Files

 By default, the configuration file in /etc/systemd/ contains commented

out entries showing the defaults as a guide to the administrator.
 Can be configured by file /etc/systemd/journald.conf
 Suggested permission set for log files is 600
 Mean only accessible by root
 Log files are useful data for hacker

Chapter 8 - OS Installation, Recovery and System ITP3901 Operating Systems Fundamentals

Logs
 39
Useful commands for Logging

 last
 Command used to list last logged in user

Chapter 8 - OS Installation, Recovery and System ITP3901 Operating Systems Fundamentals

Logs
 40
Useful commands for Logging
(Cont.)
 dmesg
 Command used to print out the bootup messages
e.g. which hardware / software are started / initialized
 Useful for identify problems

Chapter 8 - OS Installation, Recovery and System ITP3901 Operating Systems Fundamentals

Logs
 41
Application-Specific Log Files

 A number of applications, such as Web Server and database

servers, store their log files in other location.
 You should read the individual application’s documentation or
its manual pages for more details.

Chapter 8 - OS Installation, Recovery and System ITP3901 Operating Systems Fundamentals

Logs