Linux Administration

Linux Directory Structure

1. Operations Deployment

1.1 What is Kernel and Kernel Parameters

1. Optimize performance (e.g., memory, network).

2. Enhance security (e.g., ASLR, IP forwarding).

3. Troubleshoot issues (e.g., logging, memory management).

4. Tune hardware behavior (e.g., drivers, power settings).

5. Configure virtualization/containers (e.g., CPU, memory limits).

1.2 Diagnosing, Identifying, Managing, and Troubleshooting ‘Web Server (Apache) is Unresponsive’

• Run top or htop to view system load and Apache process activity.

• Check disk space with df -h to ensure the system isn't out of space, which could affect service operation.

• Use ps aux | grep apache to list Apache processes (like httpd or apache2), showing their PID, CPU, and memory usage.

• Alternatively, run systemctl status apache2 (or httpd for some distributions) to see if the service is active, failed, or stopped.

• Restart Apache with sudo systemctl restart apache2 to attempt fixing the issue.

• If Apache isn't running, start it with sudo systemctl start apache2.

• Stop and restart the service using sudo systemctl stop apache2 && sudo systemctl start apache2 if restarting alone doesn’t help.

• Check Apache logs with tail -f /var/log/apache2/error.log to find error messages related to crashes or misconfigurations.

• Examine system logs using journalctl -xe for more clues.

• Test Apache’s configuration by running sudo apachectl configtest to ensure there are no configuration errors. If errors are found, correct them by editing the configuration file (/etc/apache2/apache2.conf) and then restart the service.

1.3 Recurring and One-time Executing Commands

• crontab -e: Opens the cron table to schedule recurring tasks.
Example: 0 3 * * * /path/to/script.sh — Schedule a script to run every day at 3 AM.

• cron: The service that executes scheduled cron jobs.
Example: sudo systemctl status cron — Check if cron is running.

• at 2pm tomorrow: Schedule a one-time command or script to run tomorrow at 2 PM.
After entering the at command, type the commands to execute, then press Ctrl+D to submit.

• atq: Shows the list of scheduled one-time jobs.
Example: atq — View the queue of pending jobs.

• atrm <job_number>: Removes a scheduled job from the queue.
Example: atrm 2 — Remove job number 2 from the queue.

1.4 Software Package Management

• apt search <package_name>: Search for a package in Debian/Ubuntu systems.
Example: apt search apache2 — Search for the Apache package.

• yum search <package_name>: Search for a package in CentOS/RHEL systems.
Example: yum search httpd — Search for the Apache package.

• dnf search <package_name>: Search for a package in newer Fedora/RHEL/CentOS systems.
Example: dnf search httpd — Search for the Apache package.

• apt install <package_name>: Install a package in Debian/Ubuntu systems.
Example: sudo apt install apache2 — Install Apache on Ubuntu.

• yum install <package_name>: Install a package in CentOS/RHEL systems.
Example: sudo yum install httpd — Install Apache on CentOS.

• dnf install <package_name>: Install a package in newer Fedora/RHEL/CentOS systems.
Example: sudo dnf install httpd — Install Apache on Fedora.

• apt list --installed: List all installed packages in Debian/Ubuntu systems.
Example: apt list --installed | grep apache2 — Check if Apache is installed.

• rpm -q <package_name>: Query installed packages in RHEL/CentOS/Fedora systems.
Example: rpm -q httpd — Check if Apache is installed.

• apt update && apt upgrade: Update package lists and upgrade all packages in Debian/Ubuntu.
Example: sudo apt update && sudo apt upgrade — Update and upgrade system packages.

• yum update: Update all packages in CentOS/RHEL.
Example: sudo yum update — Update all system packages.

• dnf update: Update all packages in Fedora/RHEL/CentOS.
Example: sudo dnf update — Update all system packages.

• add-apt-repository <repository_url>: Add a new repository in Debian/Ubuntu.
Example: sudo add-apt-repository ppa:example/repo — Add a new PPA repository.

• yum-config-manager --add-repo <repository_url>: Add a repository in CentOS/RHEL.
Example: sudo yum-config-manager --add-repo https://example.repo — Add a new repo.

• dnf config-manager --add-repo <repository_url>: Add a repository in Fedora/RHEL/CentOS.
Example: sudo dnf config-manager --add-repo https://example.repo — Add a new repo.

1.5 Recovering from Hardware, Operating System, or Filesystem Failures

• dmesg: Check for hardware-related errors in the kernel message buffer.
Example: dmesg | grep -i error — Look for hardware error messages.

• lshw: Display detailed information about hardware components.
Example: sudo lshw -short — List hardware components to check for failures.

• smartctl -a /dev/sdX: Check the health of a hard drive using SMART data.
Example: sudo smartctl -a /dev/sda — Check the health of the primary hard drive.

• fsck /dev/sdX: Run the filesystem check on a specific partition or disk.
Example: sudo fsck /dev/sda1 — Check and repair the root partition.

• Boot into Recovery Mode: Use the GRUB menu to boot into recovery mode for troubleshooting.
Example: In the GRUB menu, select "Advanced options for Ubuntu" → "Recovery mode".

• systemctl: Check and repair services that failed during startup.
Example: systemctl status <service_name> — Check the status of a failed service.

• mount -o remount,rw /: Remount the filesystem as read-write if it’s currently read-only.
Example: sudo mount -o remount,rw / — Remount the root filesystem.

• tune2fs -l /dev/sdX: Check the filesystem superblock for errors.
Example: sudo tune2fs -l /dev/sda1 — Display the superblock information for the root filesystem.

• fdisk -l: List all partitions and check if they are detected correctly.
Example: sudo fdisk -l — Display all disk partitions.

• Restore from Backup: If filesystem corruption is severe, restore data from a backup using backup tools like rsync, tar, or your specific backup solution.
Example: rsync -av /backup /restore_location — Restore files from a backup location.

• journalctl -xe: Check system logs for errors that could indicate underlying hardware, OS, or filesystem failures.
Example: journalctl -xe — View detailed error logs for system recovery information.

• Check Disk Space: Ensure that low disk space isn’t causing failures.
Example: df -h — Check available disk space.

1.6 Managing Virtual Machines with libvirt

• virsh start <vm_name>: Start a virtual machine.
Example: virsh start myVM — Start the virtual machine named "myVM".

• virsh shutdown <vm_name>: Gracefully shut down a virtual machine.
Example: virsh shutdown myVM — Shut down the virtual machine "myVM".

• virsh destroy <vm_name>: Forcefully stop a virtual machine.
Example: virsh destroy myVM — Forcefully power off "myVM".

• virsh list --all: List all virtual machines, including those that are not running.
Example: virsh list --all — See the status of all VMs.

• virt-install: Create a new virtual machine.
Example: virt-install --name myVM --vcpus 2 --memory 2048 --disk path=/var/lib/libvirt/images/myVM.img,size=10 --os-variant ubuntu20.04 --cdrom /path/to/iso
This creates a VM with 2 CPUs, 2GB RAM, and a 10GB disk.

• virsh undefine <vm_name>: Remove a virtual machine’s configuration (without deleting its disk).
Example: virsh undefine myVM — Remove the VM configuration.

• virsh edit <vm_name>: Edit the configuration of a virtual machine.
Example: virsh edit myVM — Modify VM settings such as memory, CPU, and network configurations.

• virsh attach-disk <vm_name> <path_to_disk>: Attach a new disk to a virtual machine.
Example: virsh attach-disk myVM /path/to/disk.img — Add a disk to "myVM".

• virsh setmem <vm_name> <size>: Dynamically change the memory of a running virtual machine.
Example: virsh setmem myVM 4096M — Set "myVM" memory to 4GB.

• virsh snapshot-create-as <vm_name> <snapshot_name>: Create a snapshot of a virtual machine.
Example: virsh snapshot-create-as myVM snap1 — Create a snapshot named "snap1" for "myVM".

• virsh snapshot-list <vm_name>: List all snapshots of a virtual machine.
Example: virsh snapshot-list myVM — View all snapshots for "myVM".

• virsh snapshot-revert <vm_name> <snapshot_name>: Revert to a snapshot of a virtual machine.
Example: virsh snapshot-revert myVM snap1 — Revert "myVM" to the "snap1" snapshot.

• virsh net-list --all: List all virtual networks managed by libvirt.
Example: virsh net-list --all — View the status of all virtual networks.

• virsh net-start <network_name>: Start a virtual network.
Example: virsh net-start default — Start the default virtual network.

• virsh net-destroy <network_name>: Stop a virtual network.
Example: virsh net-destroy default — Stop the default network.

1.7 Configuring Container Engines and Managing Containers

• Install Docker: sudo apt install docker.io (Debian/Ubuntu) or sudo yum install docker (CentOS/RHEL).

• Start Docker Service: sudo systemctl start docker && sudo systemctl enable docker — Starts and enables Docker at boot.

• Check Docker Status: sudo systemctl status docker — Checks the status of Docker.

• Configure Docker for Non-root Users: sudo usermod -aG docker $USER — Allows the user to run Docker without sudo.

• Pull a Container Image: docker pull <image_name> — Downloads a container image (e.g., docker pull nginx).

• Run a Container: docker run -d --name <container_name> -p <host_port>:<container_port> <image_name> — Runs a container (e.g., docker run -d --name mynginx -p 80:80 nginx).

• List Running Containers: docker ps — Lists all running containers.

• Stop a Container: docker stop <container_name> — Stops a running container (e.g., docker stop mynginx).

• Remove a Container: docker rm <container_name> — Removes a stopped container (e.g., docker rm mynginx).

• List All Containers (Running and Stopped): docker ps -a — Lists all containers.

• View Container Logs: docker logs <container_name> — Views logs of a container (e.g., docker logs mynginx).

• Execute Commands in a Running Container: docker exec -it <container_name> /bin/bash — Executes commands inside a container (e.g., docker exec -it mynginx /bin/bash).

• Remove Unused Images: docker image prune — Cleans up unused Docker images.

• Inspect Network Information: docker network inspect <network_name> — Inspects network details (e.g., docker network inspect bridge).

• Create a New Docker Network: docker network create <network_name> — Creates a new Docker network (e.g., docker network create mynetwork).

• Connect a Running Container to a Network: docker network connect <network_name> <container_name> — Connects a container to a network (e.g., docker network connect mynetwork mynginx).

• Create a Docker Volume: docker volume create <volume_name> — Creates a new volume (e.g., docker volume create myvolume).

• Mount a Volume to a Container: docker run -d --name <container_name> -v <volume_name>:/path/in/container <image_name> — Mounts a volume to a container (e.g., docker run -d --name mynginx -v myvolume:/data nginx).

1.8 Creating and Enforcing Mandatory Access Control (MAC) Using SELinux

• SELinux: In enterprise environments like Red Hat Enterprise Linux (RHEL), SELinux enforces MAC policies to control which processes can access which files, devices, or network resources.

• AppArmor: In Ubuntu, AppArmor provides MAC to enforce restrictions on what applications can do, even if they are compromised.

• Trusted Systems: In military systems, MAC is used to ensure that classified information is only accessible to those with the proper clearance, irrespective of their user permissions.

• Check if SELinux is enabled: sestatus — Displays the current status of SELinux (enabled or disabled).

• Temporarily switch SELinux to permissive mode: sudo setenforce 0 — Temporarily disables SELinux enforcement.

• Temporarily switch SELinux to enforcing mode: sudo setenforce 1 — Re-enables SELinux enforcement.

• Configure SELinux mode permanently:Edit /etc/selinux/config and set SELINUX=enforcing or SELINUX=permissive.Example:

• List current SELinux security contexts: ls -Z — Displays SELinux security contexts for files and directories.

• Change SELinux context for a file: sudo chcon -t <type> <file> — Changes the SELinux type for a specific file.Example: sudo chcon -t httpd_sys_content_t /var/www/html — Changes the SELinux context to allow Apache to access files in /var/www/html.

• Restore default SELinux context for a file: sudo restorecon <file> — Resets SELinux context to the default.Example: sudo restorecon -Rv /var/www/html — Recursively restores SELinux context for files in /var/www/html.

• Allow a service in SELinux: sudo setsebool -P <boolean_name> on — Turns on a boolean value to allow certain services.Example: sudo setsebool -P httpd_can_network_connect on — Allows Apache to make network connections.

• List all SELinux booleans: getsebool -a — Lists all SELinux boolean settings.

• Allow a port for a service: sudo semanage port -a -t <type> -p <protocol> <port> — Adds a new port to SELinux for a service.Example: sudo semanage port -a -t http_port_t -p tcp 8080 — Allows HTTP traffic on port 8080.

• Check SELinux logs for denials: sudo ausearch -m avc -ts recent — Shows recent SELinux denials to troubleshoot issues.

• Generate a report for troubleshooting: sudo sealert -a /var/log/audit/audit.log — Analyzes audit logs and provides suggestions to resolve SELinux denials.

2. Network and Firewall

2.1 Configuring IPv4 and IPv6 Networking and Hostname Resolution

• Set static IPv4 (temporary): sudo ip addr add <ip_address>/<subnet_mask> dev <interface>.Example: sudo ip addr add 192.168.1.100/24 dev eth0.

• Bring up the network interface: sudo ip link set <interface> up.Example: sudo ip link set eth0 up.

• Set static IPv6 (temporary): sudo ip -6 addr add <ipv6_address>/<prefix_length> dev <interface>.Example: sudo ip -6 addr add 2001:db8::1/64 dev eth0.

• Bring up the IPv6 interface: sudo ip -6 link set <interface> up.Example: sudo ip -6 link set eth0 up.

• Edit network config file: /etc/sysconfig/network-scripts/ifcfg-<interface> (RHEL/CentOS) or /etc/network/interfaces (Debian/Ubuntu), then restart: sudo systemctl restart NetworkManager.

• Set hostname temporarily: sudo hostnamectl set-hostname <hostname>.Example: sudo hostnamectl set-hostname server1.

• Edit /etc/hosts: Add entries like 192.168.1.100 server1 for local resolution.

• Set DNS servers: Add nameserver <dns_ip_address> to /etc/resolv.conf.Example: nameserver 8.8.8.8 and nameserver 1.1.1.1.

2.2 Setting and Synchronizing System Time Using Time Servers

• Check system date and time: date.Example: date — Displays the current system date and time.

• Install NTP: sudo apt install ntp (Debian/Ubuntu) or sudo yum install ntp (RHEL/CentOS).

• Install Chrony: sudo apt install chrony (Debian/Ubuntu) or sudo yum install chrony (RHEL/CentOS).

• Edit NTP configuration: /etc/ntp.conf — Add your preferred time servers.Example: server 0.pool.ntp.org (For global NTP pool).

• Restart NTP service: sudo systemctl restart ntp.

• Edit Chrony configuration: /etc/chrony/chrony.conf — Add time servers like server 0.pool.ntp.org iburst.

• Restart Chrony service: sudo systemctl restart chronyd.

• Enable NTP time sync: sudo timedatectl set-ntp true.

• Check time sync status: timedatectl status — Shows if NTP synchronization is active.

• Force sync with NTP: sudo ntpdate <ntp_server>.Example: sudo ntpdate 0.pool.ntp.org.

• Manually sync Chrony: sudo chronyc -a makestep — Forces Chrony to step the system clock.

2.3 Monitoring and Troubleshooting Networking

• List all network interfaces: ip a.Example: ip a — Displays all interfaces and their IP addresses.

• Check network interface statistics: ifconfig or ip -s link.Example: ifconfig eth0 — Displays network stats for eth0.

• Ping a remote host: ping <hostname_or_ip>.Example: ping google.com — Checks if a remote host is reachable.

• Check if a port is open: nc -zv <hostname_or_ip> <port>.Example: nc -zv 192.168.1.1 80 — Tests if port 80 is open on a remote host.

• Monitor real-time network usage: iftop (install via package manager if not available).Example: sudo iftop — Displays bandwidth usage per connection.

• Display detailed network statistics: netstat -i or ss -tuln.Example: ss -tuln — Shows listening ports and connections.

• Check DNS resolution: dig <hostname>.Example: dig google.com — Checks DNS resolution for google.com.

• Check current DNS settings: cat /etc/resolv.conf.Example: cat /etc/resolv.conf — Displays configured DNS servers.

• Trace the route to a host: traceroute <hostname_or_ip> (or tracepath).Example: traceroute google.com — Displays the path packets take to reach google.com.

• Trace a route using IPv6: traceroute6 <hostname_or_ip>.Example: traceroute6 ipv6.google.com — Traces the path using IPv6.

• List firewall rules (iptables): sudo iptables -L.Example: sudo iptables -L — Lists all firewall rules.

• Check ufw (Uncomplicated Firewall) status: sudo ufw status.Example: sudo ufw status — Shows the current status of ufw firewall.

• View system logs for networking issues: journalctl -u NetworkManager.Example: journalctl -u NetworkManager — Displays network manager logs.

• Check dmesg for network errors: dmesg | grep -i eth.Example: dmesg | grep -i eth — Searches for Ethernet-related messages in the kernel log.

2.4 Configuring the OpenSSH Server and Client

• Install OpenSSH server: sudo apt install openssh-server (Debian/Ubuntu) or sudo yum install openssh-server (RHEL/CentOS).

• Install OpenSSH client: sudo apt install openssh-client (Debian/Ubuntu) or sudo yum install openssh-clients (RHEL/CentOS).

• Start SSH server: sudo systemctl start ssh (Debian/Ubuntu) or sudo systemctl start sshd (RHEL/CentOS).

• Enable SSH at boot: sudo systemctl enable ssh (Debian/Ubuntu) or sudo systemctl enable sshd (RHEL/CentOS).

• Edit SSH server configuration: sudo nano /etc/ssh/sshd_config.Common configurations:
• Change default SSH port: Port 2222.
• Disable root login: PermitRootLogin no.
• Limit users: AllowUsers <username>.

• Restart SSH service after changes: sudo systemctl restart ssh or sudo systemctl restart sshd.

• Generate SSH key pair: ssh-keygen -t rsa -b 4096.Example: ssh-keygen -t rsa -b 4096 — Generates a 4096-bit RSA key pair.

• Copy public key to remote server: ssh-copy-id <user>@<hostname_or_ip>.Example: ssh-copy-id user@192.168.1.100 — Copies your public key to 192.168.1.100.

• Disable password authentication (optional): In /etc/ssh/sshd_config, set PasswordAuthentication no, then restart SSH.

• Connect to a remote server: ssh <user>@<hostname_or_ip>.Example: ssh user@192.168.1.100 — Connects to the server at 192.168.1.100 as user.

• Connect using a specific port: ssh -p <port> <user>@<hostname_or_ip>.Example: ssh -p 2222 user@192.168.1.100 — Connects to the SSH server on port 2222.

• List active SSH sessions: who or w.Example: who — Displays active user sessions, including SSH connections.

• Terminate an SSH session: Type exit or logout in the SSH terminal.

• Check SSH server status: sudo systemctl status ssh (or sshd).Example: sudo systemctl status ssh — Verifies if the SSH service is running.

• View SSH logs: sudo journalctl -u ssh.Example: sudo journalctl -u ssh — Shows logs for SSH service activity.

2.5 Configuring Packet Filtering, Port Redirection, and NAT

• List rules: sudo iptables -L — View current packet filtering rules.

• Allow port: sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT — Allow HTTP traffic on port 80.

• Block IP: sudo iptables -A INPUT -s 192.168.1.10 -j DROP — Block traffic from 192.168.1.10.

• Save rules: sudo iptables-save > /etc/iptables/rules.v4 (Debian/Ubuntu) or sudo service iptables save (RHEL/CentOS).

• Redirect port: sudo iptables -t nat -A PREROUTING -p tcp --dport 8080 -j REDIRECT --to-port 80 — Redirect port 8080 to 80.

• Enable IP forwarding: sudo sysctl -w net.ipv4.ip_forward=1 — Enable IP packet forwarding.

• Set up NAT: sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE — Set up NAT on interface eth0.

• Forward traffic: sudo iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT — Forward traffic from eth1 to eth0.

• List NAT rules: sudo iptables -t nat -L — View NAT rules.

• Flush rules: sudo iptables -F && sudo iptables -t nat -F — Clear all iptables and NAT rules.

• Start Firewalld: sudo systemctl start firewalld && sudo systemctl enable firewalld — Start and enable Firewalld.

• Allow service: sudo firewall-cmd --permanent --add-service=http && sudo firewall-cmd --reload — Allow HTTP.

• Forward port: sudo firewall-cmd --permanent --add-forward-port=port=8080:proto=tcp:toport=80 — Forward port 8080 to 80.

2.6 Configuring Static Routing

• Add a static route: sudo ip route add 10.0.0.0/24 via 192.168.1.1 dev eth0.

• View routing table: ip route show.

2.7 Configuring Bridge and Bonding Devices

• Create bridge: sudo ip link add name br0 type bridge && sudo ip link set dev br0 up — Creates and brings up the bridge br0.

• Add interface to bridge: sudo ip link set dev eth0 master br0 — Adds eth0 to bridge br0.

• Assign IP to bridge: sudo ip addr add 192.168.1.10/24 dev br0 — Assigns IP to br0.

• Create bonding interface: sudo ip link add bond0 type bond && sudo ip link set dev bond0 up — Creates bonding interface bond0.

• Set bonding mode: echo +bonding > /sys/class/net/bond0/bonding/mode — Sets bonding mode (e.g., balance-rr).

• Add interfaces to bond: sudo ip link set dev eth0 master bond0 && sudo ip link set dev eth1 master bond0 — Adds eth0 and eth1 to bond0.

• Assign IP to bond: sudo ip addr add 192.168.1.20/24 dev bond0 — Assigns IP to bond0.

• Bridge status: bridge link show — Displays bridge interfaces.

• Bonding status: cat /proc/net/bonding/bond0 — Shows bonding status.

2.8 Implementing Reverse Proxies and Load Balancers

1. Reverse Proxy: Acts as an intermediary, forwarding client requests to backend servers based on load or specific routing rules.

2. Load Balancer: Distributes incoming traffic across multiple backend servers, ensuring no single server is overloaded. Load balancing can be done at the network (Layer 4) or application (Layer 7) levels.

• Install NGINX: Install the NGINX web server using package managers like apt or yum.

• Configure Reverse Proxy: Modify NGINX's configuration to specify the backend server's IP and port where requests should be forwarded.

• Restart NGINX: Restart the NGINX service to apply the changes and start forwarding traffic.

• Install Apache: Install Apache using package managers like apt or yum.

• Enable Proxy Modules: Enable the necessary modules (proxy and proxy_http) to allow Apache to act as a reverse proxy.

• Configure Reverse Proxy: Edit the Apache configuration to specify the backend server and set the rules for passing traffic.

• Restart Apache: Restart the Apache service to activate the reverse proxy functionality.

• Configure Load Balancing: In NGINX, set up multiple backend servers in the configuration file and define how traffic should be distributed (e.g., round-robin).

• Restart NGINX: After configuring the load balancing, restart the service to begin distributing traffic across the backend servers.

• Install HAProxy: Install the HAProxy load balancer using a package manager.

• Configure Load Balancing: Define the frontend (incoming traffic) and backend (multiple servers) in the HAProxy configuration file. Choose a load balancing strategy (e.g., round-robin) for distributing the traffic.

• Restart HAProxy: Restart the service to apply the configuration and start load balancing.

• NGINX status: Use systemctl to check the status of the NGINX reverse proxy and load balancer service.

• Apache status: Verify that Apache is running and forwarding traffic by checking its service status.

• HAProxy status: Ensure HAProxy is active and balancing traffic by checking its service status.

3. Storage and File System

3.1 Configuring and Managing LVM Storage

• LVM allows you to expand or shrink volumes without downtime.

• It combines multiple physical disks into a single logical volume.

• Snapshots can be created for read-only backups of a volume.

1. Create Physical Volume: sudo pvcreate /dev/sdX. A Physical Volume is the raw disk or partition allocated to LVM.

2. Create Volume Group: sudo vgcreate <vg_name> /dev/sdX. A Volume Group pools storage from one or more Physical Volumes.

3. Create Logical Volume: sudo lvcreate -L <size> -n <lv_name> <vg_name>. A Logical Volume is the usable storage carved out of the Volume Group.

1. Extend Logical Volume: sudo lvextend -L +<size> /dev/<vg_name>/<lv_name>.Example: sudo lvextend -L +20G /dev/my_vg/my_lv.

2. Resize File System: sudo resize2fs /dev/<vg_name>/<lv_name>.Example: sudo resize2fs /dev/my_vg/my_lv.

3. Create Snapshot: sudo lvcreate --size <size> --snapshot --name <snapshot_name> /dev/<vg_name>/<lv_name>.Example: sudo lvcreate --size 10G --snapshot --name snap_lv /dev/my_vg/my_lv.

• List physical volumes: sudo pvs.

• List volume groups: sudo vgs.

• List logical volumes: sudo lvs.

3.2 Managing and Configuring the Virtual File System (VFS)

• Mount a file system: sudo mount <device> <mount_point>.Example: sudo mount /dev/sdb1 /mnt/usb.

• Unmount a file system: sudo umount <mount_point>.Example: sudo umount /mnt/usb.

• Check file system type: df -T.Example: df -T.

• List mounted file systems: mount.Example: mount.

• Mount with options: sudo mount -o <option> <device> <mount_point>.Example: sudo mount -o noatime /dev/sdb1 /mnt/usb.

• Configure auto-mount: Add an entry to /etc/fstab to auto-mount at boot.Example: /dev/sdb1 /mnt/usb ext4 defaults 0 0.

3.3 Creating, Managing, and Troubleshooting Filesystems

• Create an ext4 filesystem: sudo mkfs.ext4 /dev/<device>.Example: sudo mkfs.ext4 /dev/sdb1.

• Create an NTFS filesystem: sudo mkfs.ntfs /dev/<device>.Example: sudo mkfs.ntfs /dev/sdb1.

• Check available space: df -h.Example: df -h.

• Check filesystem health: sudo fsck /dev/<device>.Example: sudo fsck /dev/sdb1.

• Resize a filesystem (after resizing a logical volume): sudo resize2fs /dev/<device>.Example: sudo resize2fs /dev/sdb1.

• Mount a filesystem: sudo mount <device> <mount_point>.Example: sudo mount /dev/sdb1 /mnt/data.

• Unmount a filesystem: sudo umount <mount_point>.Example: sudo umount /mnt/data.

• View disk usage by directory: du -sh <directory>.Example: du -sh /home.

• Check filesystem type: lsblk -f.Example: lsblk -f.

• View file system logs: dmesg | grep -i ext4.Example: dmesg | grep -i ext4.

3.4 Using Remote Filesystems and Network Block Devices

• Install NFS client: sudo apt install nfs-common or sudo yum install nfs-utils.

• Mount NFS share: sudo mount <remote_server_ip>:/remote/share /local/mount_point.Example: sudo mount 192.168.1.100:/export/data /mnt/data.

• Auto-mount in /etc/fstab: <remote_server_ip>:/remote/share /local/mount_point nfs defaults 0 0.

• Unmount NFS share: sudo umount /local/mount_point.Example: sudo umount /mnt/data.

• Install iSCSI initiator: sudo apt install open-iscsi or sudo yum install iscsi-initiator-utils.

• Discover iSCSI targets: sudo iscsiadm -m discovery -t sendtargets -p <target_ip>.Example: sudo iscsiadm -m discovery -t sendtargets -p 192.168.1.200.

• Log in to iSCSI target: sudo iscsiadm -m node -T <target_name> -p <target_ip> --login.Example: sudo iscsiadm -m node -T iqn.2024-10.com.example:target1 -p 192.168.1.200 --login.

• Check block devices: lsblk.

• Mount iSCSI device: sudo mount /dev/sdX /mnt/iscsi.Example: sudo mount /dev/sdb /mnt/iscsi.

• Logout from iSCSI target: sudo iscsiadm -m node -T <target_name> -p <target_ip> --logout.Example: sudo iscsiadm -m node -T iqn.2024-10.com.example:target1 -p 192.168.1.200 --logout.

3.5 Configuring and Managing Swap Space

• Check current swap space: swapon --show — Displays active swap spaces.

• Check memory and swap usage: free -h — Shows used and available memory, including swap.

• Create a swap file: sudo fallocate -l <size> /swapfile — Allocates a swap file of the specified size.Example: sudo fallocate -l 2G /swapfile.

• Secure the swap file: sudo chmod 600 /swapfile — Sets proper permissions for the swap file.

• Format the file as swap: sudo mkswap /swapfile — Formats the file as swap space.

• Enable the swap file: sudo swapon /swapfile — Activates the swap file.

• Make swap permanent: Add to /etc/fstab: /swapfile none swap sw 0 0 — Ensures the swap file is enabled at boot.

• Disable swap file: sudo swapoff /swapfile — Disables the swap file.

• Remove swap file: sudo rm /swapfile — Deletes the swap file.

• Remove entry from /etc/fstab: Edit /etc/fstab to remove the swap file entry.

• Adjust swappiness: sudo sysctl vm.swappiness=<value> — Controls how often the system uses swap (0 = less, 100 = more).Example: sudo sysctl vm.swappiness=10.

• Make swappiness persistent: Add to /etc/sysctl.conf: vm.swappiness=<value>.Example: vm.swappiness=10.

• Check swap partition: lsblk — Lists block devices and indicates if swap is in use.

• Check swap space usage: free -h — Shows current swap usage.

3.6 Configuring Filesystem Automounters

3.7 Monitoring Storage Performance

• Install iostat: sudo apt install sysstat or sudo yum install sysstat — Installs the iostat tool.

• Run: iostat — Displays CPU and disk I/O performance.

• Install iotop: sudo apt install iotop or sudo yum install iotop — Installs the iotop tool.

• Run: sudo iotop — Shows real-time I/O usage by processes.

• Run: df -h — Shows available and used disk space on mounted file systems.

• Install dstat: sudo apt install dstat or sudo yum install dstat — Installs the dstat tool.

• Run: dstat -d — Displays disk read/write statistics.

• Run: iostat -dx <device> — Shows detailed I/O stats for a specific device (e.g., /dev/sda).

• Run: blkid — Identifies block device attributes and performance details.

4. Essential Commands

4.1 Basic Git Operations

• Clone a repository: git clone <repo_url> — Clones a remote repository to your local machine.
Example: git clone https://github.com/user/repo.git.

• Check status: git status — Shows the status of your working directory (modified files, untracked files, etc.).

• Commit changes: git commit -m "<message>" — Commits staged changes with a descriptive message.

• Push changes: git push origin <branch_name> — Pushes local commits to the remote branch.
Example: git push origin main.

4.2 Create, Configure, and Troubleshoot Services

• Start a service: sudo systemctl start <service_name> — Starts a service.
Example: sudo systemctl start apache2.

• Enable a service at boot: sudo systemctl enable <service_name> — Configures a service to start at boot.
Example: sudo systemctl enable apache2.

• Check service status: sudo systemctl status <service_name> — Shows the current status of a service.
Example: sudo systemctl status apache2.

• Restart a service: sudo systemctl restart <service_name> — Restarts a running service.
Example: sudo systemctl restart apache2.

4.3 Monitor and Troubleshoot System Performance and Services

• Check system resource usage: top or htop — Shows real-time usage of CPU, memory, and processes.

• Monitor disk usage: iostat — Displays CPU and I/O stats for system disks.

• Check logs: journalctl -xe — Shows detailed logs for system services and performance issues.

• View system load: uptime — Displays system uptime and load averages.

4.4 Determine Application and Service-Specific Constraints

• Check open ports: sudo netstat -tuln — Lists services and the ports they are listening on.

• Check memory limits: ulimit -a — Displays the current user process limits, including memory and CPU.

• Check application logs: tail -f /var/log/<service_name>.log — Monitors real-time logs of a specific service.
Example: tail -f /var/log/nginx/access.log.

4.5 Troubleshoot Disk Space Issues

• Check disk usage: df -h — Shows available and used disk space on mounted file systems.

• Identify large files: du -sh * | sort -h — Lists all files and directories by size.

• Clear system logs: sudo journalctl --vacuum-time=1d — Cleans system logs older than one day.

4.6 Work with SSL Certificates

• Generate a new SSL certificate: openssl req -new -newkey rsa:2048 -nodes -keyout <key_file> -out <csr_file> — Generates an SSL certificate request and private key.

• Check certificate details: openssl x509 -in <cert_file> -text -noout — Displays the details of an SSL certificate.

• Renew a certificate: certbot renew — Automatically renews Let's Encrypt certificates.

• Test certificate: openssl s_client -connect <domain>:443 — Checks the SSL certificate of a domain.

5. Users and Groups

5.1 Create and Manage Local User and Group Accounts

• Create a new user: sudo adduser <username> — Creates a new user with a home directory.
Example: sudo adduser john.

• Delete a user: sudo deluser <username> — Deletes a user and optionally their home directory.
Example: sudo deluser john.

• Create a new group: sudo groupadd <groupname> — Creates a new group.
Example: sudo groupadd developers.

• Add user to group: sudo usermod -aG <groupname> <username> — Adds a user to a specific group.
Example: sudo usermod -aG developers john.

• View user and group info: id <username> — Displays user ID (UID), group ID (GID), and group memberships.

5.2 Manage Personal and System-Wide Environment Profiles

• Edit user-specific profile: nano ~/.bashrc — Modify a user’s personal environment variables and aliases.

• Edit system-wide profile: sudo nano /etc/profile — Edit system-wide environment settings for all users.

• Apply changes: source ~/.bashrc — Reloads the user's .bashrc file to apply changes immediately.

5.3 Configure User Resource Limits

• Set user limits: Edit /etc/security/limits.conf — Configure limits on the number of processes, file handles, and memory usage for specific users or groups.
Example: john hard nofile 1024.

• Check current limits: ulimit -a — Displays the current limits for the logged-in user.

5.4 Configure and Manage ACLs (Access Control Lists)

• Check current ACL: getfacl <file> — Shows the current ACLs for a file or directory.
Example: getfacl /home/john.

• Set an ACL: setfacl -m u:<username>:rwx <file> — Grants read, write, and execute permissions to a user on a file.
Example: setfacl -m u:john:rwx /home/john/documents.

• Remove an ACL: setfacl -x u:<username> <file> — Removes a user’s access to a file.
Example: setfacl -x u:john /home/john/documents.

5.5 Configure the System to Use LDAP User and Group Accounts

• Install LDAP client: sudo apt install libnss-ldap libpam-ldap ldap-utils — Installs LDAP client packages.
Example: sudo apt install ldap-utils.

• Configure LDAP client: Run sudo dpkg-reconfigure ldap-auth-config — Configures the system to use LDAP for user and group authentication.

• Update NSS and PAM: Edit /etc/nsswitch.conf to include ldap for passwd, group, and shadow entries.
Example:

• Test LDAP configuration: getent passwd <username> — Verifies that the user information is retrieved from the LDAP directory.