1. What the Kernel Is

• Core of OS: manages CPU, memory, devices, filesystems, networking
• Runs in kernel space (privileged)
• Linux = monolithic kernel (modular via loadable modules)

2. Kernel Space vs User Space

• User space: apps, shells (no hardware access)
• Kernel space: drivers, scheduler, memory mgmt
• Transition via system calls (syscalls)

3. Kernel Architecture (Main Subsystems)

• Scheduler – CPU time allocation
• Memory Management – virtual memory, paging
• VFS – filesystem abstraction
• Block I/O – disks
• Network Stack – TCP/IP
• Device Drivers – hardware interface
• IPC – signals, pipes, shared memory

4. Process Management

• Process = program in execution
• Created by: fork() → exec()
• States: running, sleeping, stopped, zombie
• Scheduler: CFS (Completely Fair Scheduler)

5. Scheduling

• Preemptive, multitasking
• Priorities:
  • Normal (CFS)
  • Real-time: SCHED_FIFO, SCHED_RR
• Inspect: ps, top, htop

6. Memory Management

• Virtual memory per process
• Paging + demand paging
• Swap used when RAM is full
• Page cache for files
• OOM Killer kills processes on memory exhaustion

7. System Calls

• Controlled entry to kernel
• Examples:
  • read(), write()
  • open()
  • fork(), execve()
• Trace: strace

8. Kernel Modules

• Loadable code at runtime
• No reboot required

• Commands:

  lsmod modprobe <module> rmmod <module>

9. Device Model

• Everything as files: /dev
• Character vs block devices
• udev handles device nodes dynamically

10. Interrupts & Context Switching

• Interrupt: hardware signal to CPU
• Context switch: save/restore process state
• Expensive → minimize in performance-critical paths

11. Filesystems (VFS)

• VFS = abstraction layer
• Supports: ext4, xfs, btrfs, nfs
• Mounting connects FS to directory tree

12. Networking (Kernel Side)

• Full TCP/IP stack in kernel
• Netfilter handles firewall (iptables/nftables)
• Sockets implemented in kernel

13. Kernel Boot Flow

1. BIOS/UEFI
2. Bootloader (GRUB)
3. Kernel load
4. initramfs
5. systemd (PID 1)

14. Kernel Logs & Debugging

• View logs:

  dmesg journalctl -k

• Panic = fatal kernel error

15. Tuning & Parameters

• Runtime config via sysctl

  sysctl -a sysctl vm.swappiness=10

• Exposed in /proc and /sys

16. Security

• Capabilities (drop root privileges)
• LSM: SELinux, AppArmor
• Namespaces + cgroups (containers)

17. Kernel Versions

• LTS recommended for servers

• Check version:

  uname -r

Absolute must-know for interviews

• Syscalls vs library calls
• Fork–exec model
• Virtual memory & paging
• CFS scheduler
• Monolithic ≠ non-modular

1. Network Interfaces

• List interfaces: ip link, ip addr
• Bring up/down: ip link set eth0 up|down
• Assign IP: ip addr add 192.168.1.10/24 dev eth0
• Loopback: lo (127.0.0.1)

2. IP Addressing

• IPv4 CIDR: /24 = 255.255.255.0
• View routes: ip route
• Default gateway: default via 192.168.1.1
• ARP cache: ip neigh

3. Routing

• Add route: ip route add 10.0.0.0/24 via 192.168.1.1
• Delete route: ip route del …
• Policy routing: ip rule, multiple routing tables

4. DNS

• Resolver config: /etc/resolv.conf
• Test DNS: dig, nslookup
• Local hosts override: /etc/hosts
• systemd-resolved status: resolvectl status

5. Ports & Sockets

• List listening ports: ss -lntup
• Old tool: netstat -tulnp
• TCP vs UDP:
  • TCP: reliable, ordered
  • UDP: fast, no guarantee

6. Firewall (iptables / nftables)

• Modern backend: nftables

• Allow port (iptables):

  iptables -A INPUT -p tcp --dport 22 -j ACCEPT

• Check rules: iptables -L -n

• UFW (simple):

  ufw allow 80 ufw enable 

7. Network Debugging

• Ping: ping 8.8.8.8
• Path tracing: traceroute, tracepath
• Packet capture: tcpdump -i eth0
• Test port: nc -zv host port, telnet

8. Bandwidth & Traffic

• Interface stats: ip -s link
• Live traffic: iftop, nload
• Per-process: ss, lsof -i

9. Network Services

• SSH: port 22
• HTTP/HTTPS: 80 / 443
• DNS: 53

• Check service bind:

  ss -lntp | grep 80

10. Namespaces & Containers (Important)

• Network namespace: isolated network stack
• Docker:
  • bridge (default)
  • host (no isolation)
  • overlay (multi-node)
• View namespaces: ip netns

11. Common Files

• /etc/hosts
• /etc/resolv.conf
• /etc/network/interfaces (Debian legacy)
• /etc/netplan/*.yaml (Ubuntu)

12. Quick Commands Cheat

ip a ip r ss -tulnp ping dig tcpdump curl

What is systemd?

systemd is the init system and service manager for modern Linux distributions.

It is responsible for:

• Booting the system
• Starting & supervising services
• Managing processes, logs, devices, mounts, users, timers, and networking

It replaced SysVinit & Upstart in most distros (Ubuntu, RHEL, CentOS, Debian, Arch).

Why systemd exists (Problems it solved)

Old init systems:

• Sequential startup (slow)
• Poor dependency handling
• No supervision after start
• Scattered logging

systemd provides:

• Parallel startup → faster boot
• Dependency-aware service management
• Automatic restarts & monitoring
• Unified logging & control interface

Core Concepts

1. Units

Everything in systemd is a unit.

A unit is a configuration file describing something systemd manages.

Common unit types:

Example unit name:

nginx.service

2. Unit File Locations

Priority order:

/etc/systemd/system/     # Admin overrides (highest priority) 

/run/systemd/system/     # Runtime units /lib/systemd/system/     

# Distribution default units

How systemd Boots (Boot Flow)

1. BIOS/UEFI
2. Bootloader (GRUB)
3. Kernel loads
4. PID 1 = systemd
5. systemd:
   • Mounts filesystems
   • Starts default target
   • Launches services in parallel
   • Applies dependencies & ordering

Check PID 1:

ps -p 1 -o comm=

Targets (Runlevels Replacement)

Targets replace SysV runlevels.

Default target:

systemctl get-default

Set default:

systemctl set-default multi-user.target

Services

Service lifecycle

systemctl start nginx 

systemctl stop nginx 

systemctl restart nginx 

systemctl reload nginx 

systemctl status nginx

Enable at boot:

systemctl enable nginx

Disable:

systemctl disable nginx

Anatomy of a Service File

Example:

[Unit] Description=Nginx Web Server After=network.target 

[Service] ExecStart=/usr/sbin/nginx -g 'daemon off;' Restart=always User=www-data

[Install] WantedBy=multi-user.target

Sections explained

• [Unit] → description & dependencies
• [Service] → how process runs
• [Install] → when to start (target linkage)

Dependencies & Ordering

Dependency types

• Requires= → hard dependency
• Wants= → soft dependency
• After= → start order
• Before= → inverse order

Example:

Requires=network.target After=network.target

Socket Activation (Key systemd Feature)

systemd:

• Opens socket before service starts
• Starts service only when traffic arrives

Benefits:

• Faster boot
• Lower memory usage

Example:

sshd.socket → sshd.service

Timers (Cron Replacement)

Timer unit + service unit.

Example:

systemctl list-timers

Timer benefits over cron:

• Missed jobs run after reboot
• Dependency-aware
• Unified logging

Logging — journald

systemd logging is handled by journald.

View logs:

journalctl journalctl -u nginx journalctl -b journalctl -f

Persistent logs:

/var/log/journal/

Process & Resource Management (cgroups)

systemd uses cgroups to:

• Track all processes of a service
• Enforce limits

Examples:

MemoryLimit=500M CPUQuota=50%

Check cgroups:

systemd-cgls

systemd vs traditional init

Common Debugging Commands

systemctl status <service> journalctl -xe systemctl list-units systemctl list-unit-files systemctl show <service>

Key systemd Components

Why interviewers care

systemd shows:

• Linux internals knowledge
• Service reliability understanding
• Debugging ability
• Production readiness

One-line summary (remember this)

systemd is a dependency-aware, parallel init and service management system that controls how Linux boots, runs, logs, and manages resources.