Investigate a slow-boot complaint by validating the boot device
layout, inspecting kernel artifacts in
/boot
, reading kernel boot parameters, and identifying the init system
via symlink inspection. Capture evidence using CLI-only commands
suitable for documentation or escalation.
Your client suspects their system takes too long to boot. You’ve been asked to investigate the boot sequence, identify the boot-relevant filesystem layout, locate kernel artifacts, read boot parameters, and confirm the init system in use.
This is the baseline evidence you collect before deeper timing analysis or service-level root cause work. The goal here is “what is this system booting, from where, with what arguments, and what init process takes over.”
/boot./proc./sbin/init symlink.lsblk
.
/boot
with
ls
.
/proc/cmdline
.
stat
.
ls -l /sbin/init
.
lsblk
This quickly confirms whether
/boot
is a separate partition and which device backs the root
filesystem. It’s your starting point for “what disk is boot
reading from.”
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 40G 0 disk
├─sda1 8:1 0 512M 0 part /boot
└─sda2 8:2 0 39.5G 0 part //boot
.
ls /boot
This confirms the presence of the kernel image
(vmlinuz)
and initramfs
(initrd.img)
that the bootloader loads. It’s also an easy way to spot
multiple installed kernels.
config-5.15.0-91-generic
initrd.img-5.15.0-91-generic
vmlinuz-5.15.0-91-genericcat /proc/cmdline
This shows the exact arguments passed to the kernel at boot,
including the selected kernel image, root device, and flags
like
ro
,
quiet
, and
splash
.
BOOT_IMAGE=/boot/vmlinuz-5.15.0-91-generic root=/dev/sda2 ro quiet splashstat /boot/vmlinuz*This captures file size and timestamps for the kernel image. It’s useful evidence for “when was this kernel installed or last modified” during boot-related investigations.
File: /boot/vmlinuz-5.15.0-91-generic
Size: 11894272
Access: 2025-07-01 09:14:22.000000000
Modify: 2025-06-30 22:51:03.000000000
Change: 2025-06-30 22:51:03.000000000ls -l /sbin/init
On many systems,
/sbin/init
is a symlink to the real init binary. Following this link is
a fast, reliable way to confirm whether the host is running
systemd
or something else.
lrwxrwxrwx 1 root root 20 Jan 1 00:00 /sbin/init -> /lib/systemd/systemdlsblk
: Lists block devices and their mount points.
ls /boot
: Lists boot-related files (kernel images, initramfs, configs).
/boot
: Common location for kernel and initramfs artifacts.
cat /proc/cmdline
: Shows the kernel boot parameters for the current boot.
/proc
: Virtual filesystem exposing process and kernel interfaces.
root=
: Indicates the device used as the root filesystem.
ro
: Root filesystem is initially mounted read-only during early boot.
quiet
: Reduces kernel console output.
splash
: Enables a graphical boot splash on systems that support it.
stat /boot/vmlinuz*
: Displays file metadata for kernel images under
/boot
.
Access
: Last access time.
Modify
: Last content modification time.
Change
: Last metadata change time.
ls -l /sbin/init
: Shows what init binary
/sbin/init
points to.
-l
: Long listing format (shows permissions, owner, and symlink target).
/sbin/init
: Conventional init entrypoint that typically points to the real init system.
/lib/systemd/systemd
: Indicates
systemd
is the init system in use.