From GRUB 2 to Login Process

Here is the basic overview of the boot process after the GRUB 2 bootloader finds the kernel.  The messages associated with the kernel provide a step-by-step view of the process.

The loading of Linux depends on a temporary filesystem, known as the initial RAM disk.
Once the boot process is complete, control is given to systemd, known as the first process.

In here we will describe the contents of systemd in detail, through the configuration of units and targets.

Note:
Most of Linux distros have replaced Upstart and SysVinit with the new systemd service manager.

Kernels and the Initial RAM Disk

After you select a kernel from the GRUB 2 configuration menu, Linux hands over boot responsibilities to the kernel with the help of the initial RAM disk, also known by its filename in the /boot directory, initramfs.
During the boot process, Linux loads that initramfs into your RAM.  Linux then loads hardware drivers and starts the first process, systemd.
Next, systemd activates all the system units for the initrd.target and mounts the root filesystem under /sysroot. 
Finally systemd restarts itself in the new root directory and activates all units for the default target.

To learn more, after logging in, you can review these messages in the /var/log/dmesg file or by running the dmesg command.

The First Process, Targets, and Units
Kernel continues the boot process by calling the 1st process, systemd.  In RHEL 7, the legacy init process is configured with a symbolic link to systemd.
Units are the basic building blocks of systemd.  The most common are service units, which have a .service extension and activate a system service.
The following command will show a list of all service units:
    # systemctl list-units --type=service --all

The example command below shows sshd services:
    # systemctl list-units --type=service --all | egrep -i sshd

CentOS 8 - Recover the Root Password

 This exercise shows the steps required to reset a lost password for the root user.  For this exercise, we use the following command to change the root password to a random string.
# pwmake 128 | passwd --stdin root

The next thing is to reboot the server.  When you see the GRUB menu press E to edit the current menu entry.  Scroll down until the line starting with linux.  Press CTRL-E or END to move to the end of the line, and then add the string rd.break.

Press CTRL-X to boot the system.

The rd.break directive interrupts the boot sequence before the root filesystem is properly mounted.  Confirm this by running ls /sysroot.  The output should look something below.

Remount the root /sysroot filesystem as read-write and change the root directory to /sysroot:
# mount -o remount, rw /sysroot
# chroot /sysroot

Follow by the passwd command to change the root password:
# passwd

Because SELinux is not running, the passwd command does not preserve  the context of the /etc/passwd file.  To ensure that the /etc/passwd file is labeled with the correct SELinux context, instruct Linux to relabel all files at the next boot with the following command:
# touch / .autorelabel

Type exit to close the chroot jail, and then type exit again to reboot the system.

SSH in RHEL 8

 Configuring SSH
- Hardening the SSH server
- Using other useful sshd options
- Configuring Key-Based authentication with passphrases

Hardening the SSH Server
Dictionary attacks are common against an SSH server. 
The default SSH settings on Linux server uses port 22 and the Linux box has a root account. 

Fortunately, you can take some measures to protect SSH servers against these kinds of attacks:
- Disable root login
- Disable password login
- Configure a nondefault port for SSH to listen on
- Allow specific users only to log in on SSH

Limiting Root Access
The Linux servers by default have root login enabled. 
Disabling root login is easy.
- Modify the PermitRootLogin parameter in /etc/ssh/sshd_config
- Reload
- Restart the service by running systemctl reload servicename command
- Some services pick up changes only after a systemctl restart servicename command

To log in to a remote server using ssh, use one of these commands:
ssh user@servername
ssh -l user servername

Configuring Alternative Ports
Linux server attacker can use port scan to scan all the 65,535 ports and most of the port scans focus on known ports only, and SSH port 22 is always among these ports.
To protect against port scans, you can configure SSH server to listen on another port.