Linux File System Structure
Linux Directory Hierarchy and System Logs
A solid understanding of the Linux directory hierarchy and log files is crucial for system administration and cybersecurity. Linux organizes all files in a tree-like structure starting from the root directory (/), making it easy to manage system files, user data, and logs.
1. Understanding Linux Directory Hierarchy
All Linux files exist under the root directory (/), and other directories branch out from it.
Key Concepts
- Root (
/) – Top-level directory of the file system. - Parent Directory – Directory above the current one.
- Child Directory – Directory inside the current one.
- Absolute Path – Full path from root (e.g.,
/home/student/Documents). - Relative Path – Path relative to current directory (e.g.,
Documents).
View top-level directories:
ls /
2. Important Linux Directories
/etc – Configuration Files
- Stores system-wide configuration files.
- Examples:
/etc/passwd→ User account information/etc/ssh/sshd_config→ SSH service configuration
ls /etc
/var – Variable Data
- Stores files that change frequently, such as logs and cache.
- Subdirectories:
/var/log→ System and application logs/var/spool→ Mail and print queues
Check logs:
ls /var/log
/home – User Home Directories
- Contains personal directories for regular users.
- Each user has a folder (e.g.,
/home/student) to store files, scripts, and configurations.
Navigate to your home:
cd /home/student
/root – Root User Home
- Home directory of the root user (superuser).
- Only accessible by root or via
sudo.
/bin – Essential Binaries
- Contains essential executable programs required for basic system operations.
- Examples:
ls,cp,mv,cat,bash
/usr – User Applications and Utilities
- Contains software and utilities used by normal users.
- Subdirectories:
/usr/bin→ Application binaries/usr/lib→ Libraries/usr/share→ Shared files
3. System Logs and Log Files
Linux maintains log files to record system activity, errors, and security events. Monitoring these logs is essential for troubleshooting and cybersecurity.
Common Logs
| Log File | Purpose |
|---|---|
/var/log/syslog |
General system messages |
/var/log/auth.log |
Authentication events |
/var/log/kern.log |
Kernel messages |
/var/log/dmesg |
Boot-time messages |
/var/log/secure |
Security events (Red Hat-based) |
/var/log/messages |
System messages |
/var/log/faillog |
Failed login attempts |
Viewing Logs
Display entire file:
cat /var/log/syslog
Paginate output:
less /var/log/syslog
Monitor in real-time:
tail -f /var/log/syslog
Cybersecurity Importance
- Detect unauthorized access or malicious activity
- Audit user actions and administrative tasks
- Monitor system errors and performance issues
- Investigate security incidents using logs
Summary
- Linux organizes files in a hierarchical directory structure from
/. - Key directories:
/etc,/var,/home,/root,/bin,/usr. - System logs are stored in
/var/logand are critical for monitoring and cybersecurity.