Linux System Administration

# System information uname -a # Kernel and system info cat /etc/os-release # Distribution info lsb_release -a # Distribution details hostnamectl # System and OS info # Hardware information lscpu # CPU information free -h # Memory usage df -h # Disk usage lsblk # Block devices lspci # PCI devices lsusb # USB devices

# View processes ps aux # All processes top # Real-time process viewer htop # Interactive process viewer # Process control kill -9 PID # Force kill process killall processname # Kill by name nice -n 10 command # Run with priority renice -n 10 PID # Change priority

# Create user useradd -m -s /bin/bash username passwd username # Modify user usermod -aG sudo username # Add to sudo group chage -E 2024-12-31 user # Set expiry userdel -r username # Delete user # User information id username # User ID and groups last # Login history who # Current logins

# Group operations groupadd groupname groupmod -n newname oldname groupdel groupname # Group membership gpasswd -a user group # Add user to group gpasswd -d user group # Remove from group groups username # List user's groups

# Disk partitioning fdisk -l # List partitions fdisk /dev/sda # Partition disk mkfs.ext4 /dev/sda1 # Format partition # Mount operations mount /dev/sda1 /mnt # Mount filesystem umount /mnt # Unmount mount -a # Mount all in fstab # File system maintenance fsck /dev/sda1 # Check filesystem tune2fs -l /dev/sda1 # View parameters dumpe2fs /dev/sda1 # Detailed info

# Change permissions chmod 755 file # Octal notation chmod u+x file # Symbolic notation chown user:group file # Change ownership # Special permissions chmod u+s file # Set SUID chmod g+s directory # Set SGID chmod +t directory # Set sticky bit # Access control lists setfacl -m u:user:rwx file # Set ACL getfacl file # View ACL

# Service control systemctl start service systemctl stop service systemctl restart service systemctl reload service # Service status systemctl status service systemctl is-active service systemctl is-enabled service # Enable/disable at boot systemctl enable service systemctl disable service

# Create service unit cat > /etc/systemd/system/myapp.service << EOF [Unit] Description=My Application After=network.target [Service] Type=simple User=myapp ExecStart=/usr/bin/myapp Restart=on-failure [Install] WantedBy=multi-user.target EOF # Reload systemd systemctl daemon-reload

# Interface information ip addr show ip link show nmcli device show # Configure interface nmcli connection add \ type ethernet \ con-name "eth0" \ ifname eth0 \ ipv4.method manual \ ipv4.addresses "192.168.1.100/24" \ ipv4.gateway "192.168.1.1" # DNS configuration cat > /etc/resolv.conf << EOF nameserver 8.8.8.8 nameserver 8.8.4.4 EOF

# Network testing ping host traceroute host mtr host netstat -tuln ss -tuln # Packet capture tcpdump -i eth0 tcpdump -i any 'port 80'

# UFW (Uncomplicated Firewall) ufw enable ufw allow 22/tcp ufw deny from 192.168.1.0/24 ufw status verbose # iptables iptables -L iptables -A INPUT -p tcp --dport 80 -j ACCEPT iptables -P INPUT DROP iptables-save > /etc/iptables/rules.v4

# SSH hardening cat >> /etc/ssh/sshd_config << EOF PermitRootLogin no PasswordAuthentication no MaxAuthTries 3 Protocol 2 EOF # System limits cat >> /etc/security/limits.conf << EOF * hard core 0 * soft nofile 65535 * hard nofile 65535 EOF

# System resources vmstat 1 # Virtual memory stats iostat -xz 1 # IO statistics mpstat -P ALL 1 # CPU statistics sar -n DEV 1 # Network statistics # Log monitoring tail -f /var/log/syslog journalctl -f journalctl -u service grep "error" /var/log/*

# Performance tools strace command # Trace system calls ltrace command # Trace library calls perf top # CPU analysis perf record command # Record performance data perf report # View report

# Cron jobs crontab -e # Format: min hour day month weekday command 0 2 * * * /backup.sh # Run at 2 AM daily # Systemd timers cat > /etc/systemd/system/backup.timer << EOF [Unit] Description=Daily backup timer [Timer] OnCalendar=*-*-* 02:00:00 Persistent=true [Install] WantedBy=timers.target EOF

#!/bin/bash # System maintenance script # Check disk space df -h | awk '{ print $5 " " $1 }' | while read output do usage=$(echo $output | awk '{ print $1}' | cut -d'%' -f1) partition=$(echo $output | awk '{ print $2 }') if [ $usage -ge 90 ] then echo "Warning: $partition is at $usage%" fi done