Panduan Lengkap Instalasi Kali Linux: Dari Persiapan Hingga Konfigurasi Awal

I still remember the first time I completely bricked a production server because I didn't understand how Linux actually handles file descriptors. It was about seven years ago, working on a CentOS 6 box (yeah, I know), and I thought I was just doing some routine cleanup. I ran a script to log rotate an application that was spewing gigabytes of text, but I didn't signal the process to release the file handle. The disk kept filling up, the application crashed, and I spent four hours sweating through my shirt trying to figure out why df -h said we had space but the system acted like it was choking.

That night taught me a lesson that tutorials usually skip: knowing the commands is easy; understanding the plumbing underneath is what actually keeps your job safe. Most people stop learning Linux once they can navigate directories and edit files with Vim. But the gap between "I can use the terminal" and "I can debug a kernel panic" is massive.

If you've been using Linux for a while but feel like you hit a wall when things go wrong, this post is for you. We aren't going to talk about how to list files. We're going to talk about what the kernel does when you list files, why your memory usage looks weird, and how to track down problems that don't leave error messages.

The Myth of "Free" Memory and the Linux Page Cache

One of the most common panic moments for intermediate admins is running free -m or top and seeing that their 32GB server has only 200MB of "free" RAM. I've seen junior devs reboot perfectly healthy servers because of this, thinking there was a memory leak.

Here’s the thing: unused RAM is wasted RAM. Linux knows this. If your application isn't using that memory, the kernel borrows it for disk caching. It takes data from the hard drive and keeps it in RAM so that the next time you need it, access is instant. This is called the Page Cache.

I had a database server running PostgreSQL a few years back. The monitoring tools were screaming that RAM usage was at 98%. My manager wanted to double the RAM. I had to show him the available column versus the free column. The "free" memory was indeed low, but the "available" memory was huge because that cache is reclaimable instantly. If an application needs the RAM, the kernel drops the cache in nanoseconds and hands it over.

Lesson Learned: Stop looking at the "free" column. Look at "available." If you want to see exactly what's happening, check /proc/meminfo. It's overwhelming at first, but looking at Active(file) vs Inactive(file) tells you how much of that RAM is just cached files waiting to be dropped.

Load Averages: It's Not Just CPU

People treat Load Average like a CPU meter. It isn't. This confused me for the longest time. I’d see a load average of 4.0 on a 4-core machine and think, "Okay, we are at 100% capacity." Then I'd log in, and the CPU usage would be nearly zero. What gives?

In Linux, the load average counts processes that are in a runnable state OR an uninterruptible sleep state. That second part is the kicker. Uninterruptible sleep usually means the process is waiting for disk I/O. It’s blocked. It's waiting for the hard drive to write data, or for an NFS share to respond.

I once debugged a web server that was crawling. The load average was sky-high—something like 25 on an 8-core box. I assumed it was a traffic spike. I was wrong. It turned out to be a failing hard drive. The processes were piling up, waiting for the disk controller to say "okay, wrote it." The CPU was bored, but the system was unusable.

If you see high load but low CPU usage, check iostat -x 1 (part of the sysstat package). Look at the %iowait column. If that's high, your bottleneck is storage, not compute.

Everything is a File (Even When It's Weird)

You hear this phrase a lot, but until you really dig into /proc and /sys, it sounds like a slogan. These aren't real files on a disk; they are direct interfaces to the kernel masquerading as files. This is incredibly powerful because it means you can change kernel parameters on the fly using standard text editors or echo.

For example, let's say you need to enable IP forwarding to turn your Linux box into a router. You don't need a special tool. You just write a "1" to a specific file:

echo 1 > /proc/sys/net/ipv4/ip_forward

I’ve used this trick more times than I can count for performance tuning. There’s a parameter called vm.swappiness. It controls how aggressive the kernel is about moving memory to swap space. The default is usually 60, which I find too aggressive for database servers. I usually drop it to 10. You can do this live without a reboot.

Warning: Be careful here. I once accidentally chmod -R 777 / on a test VM back in my early days. While that's a filesystem disaster, messing with /proc incorrectly can panic the kernel instantly. Always verify what a parameter does before you echo values into it.

Troubleshooting with strace: The X-Ray Vision

If there is one tool that separates the seniors from the juniors, it's strace. Sometimes logs lie. Sometimes logs don't exist. strace shows you exactly what system calls a process is making to the kernel.

I was troubleshooting a Python script last month that kept failing silently. No traceback, no error message, just exit code 1. It drove me crazy. I ran it through strace:

strace -f -e trace=open,read python myscript.py

The output is noisy—it spits out thousands of lines—but right at the end, I saw it trying to open a config file at /etc/my-app/config.json and getting EACCES (Permission denied). The script wasn't programmed to catch the permission error, so it just died. I fixed the permissions, and it worked.

You can even attach it to running processes. If you have a web server process (PID 1234) that is hanging, you can run strace -p 1234 to see what it's doing right now. Is it stuck on a read()? Is it looping? It removes the guesswork.

The Inode Exhaustion Trap

This is a classic "gotcha" that I still see happen in production environments, especially with mail servers or session caching systems. You try to create a file, and Linux says "No space left on device." You check df -h and it says you have 50GB free. You start questioning your sanity.

The filesystem stores data in blocks, but it stores metadata (permissions, ownership, timestamps) in inodes. You have a finite number of inodes. If you have an application that creates millions of tiny 1KB files, you will run out of inodes long before you run out of disk space.

To check this, use df -i. If the Use% is 100%, you are out of inodes. The fix isn't fun—you have to delete files, but rm * will fail because the argument list is too long. You'll usually have to use find . -type f -delete or similar commands to chew through the backlog. I monitor inode usage just as strictly as disk space usage now.

Systemd: It's Here, Deal With It

Look, I know plenty of old-school admins who still miss System V init scripts. I was one of them for a while. But Systemd is the standard now, and honestly, once you get past the learning curve, it solves a lot of problems we used to hack around with shell scripts.

The biggest feature people ignore is the dependency management. You can tell a service "don't start until the network is online AND the database is up." In the old days, we just added sleep 30 at the top of a script and prayed. Systemd handles this gracefully.

The other part is journalctl. Binary logs are annoying when you want to use grep, but being able to say journalctl -u nginx --since "1 hour ago" is incredibly useful compared to digging through rotated text files. Learn to use the filtering flags; they save so much time during an outage.

Frequently Asked Questions

Why does my server slow down even though CPU usage is low?

As mentioned earlier, this is almost always I/O wait. Your CPU is fast, but your disk is slow. When processes have to wait for data to be read from or written to the disk, they enter a generic "blocked" state that drives up the Load Average. Check iotop or iostat to confirm if your disks are thrashing.

Is swap space actually necessary on modern servers with lots of RAM?

This is a massive debate, but my take is yes, you still need it, but you don't need double your RAM like the old rules said. Swap gives the kernel a safety valve. If you have absolutely zero swap and run out of RAM, the OOM (Out of Memory) Killer triggers instantly and shoots a process to save the system. With swap, the system slows down (giving you time to react) before it starts killing things. I usually allocate 2GB-4GB of swap regardless of system size just for safety.

How do I delete a file that is 'locked' by a process?

In Windows, you can't delete open files. In Linux, you can, but the space isn't freed until the process closes the file handle. This is a common issue where you delete a huge log file to free space, but df doesn't show the space returning. You need to find the process holding it (use lsof | grep deleted) and restart that process to release the handle.

What is the difference between a hard link and a soft link?

A soft link (symlink) is like a shortcut in Windows—it points to the path of another file. If you delete the original file, the link breaks. A hard link points to the actual inode (the data on the disk). If you hard link File A to File B, they are effectively the same file with two names. You can delete File A, and File B still works because the data exists as long as at least one hard link points to it.

Where to Go From Here

Linux is an endless rabbit hole. Just when you think you understand it, you discover eBPF or cgroups and realize there is a whole new layer of complexity to learn. But that's also what makes it fun.

My advice? Don't just read about this stuff. Spin up a cheap VPS or a local virtual machine and try to break it. Fill up the inodes. Fork bomb it. mess up the permissions in /etc. The only way you really internalize these advanced concepts is by having to fix them when the stakes are low. The more you break it now, the less you'll panic when it breaks in production.

Related Posts