Linux Documentation
Comprehensive guide to Linux system administration
Module 1: Introduction to Linux
What is Linux?
Linux is a free, open-source operating system kernel that serves as the core for many Unix-like operating systems. It was created by Linus Torvalds in 1991 and has since become one of the most prominent examples of free and open-source software collaboration.
Linux Distributions
A Linux distribution (often abbreviated as distro) is an operating system made from a Linux kernel combined with package management software and other utilities. Popular distributions include:
- Ubuntu: User-friendly distribution based on Debian
- Fedora: Community-supported distribution sponsored by Red Hat
- Red Hat Enterprise Linux (RHEL): Commercial distribution for enterprise use
- Debian: One of the oldest distributions, known for stability
- Arch Linux: Lightweight and flexible distribution
- CentOS: Community-supported distribution compatible with RHEL
Linux Architecture
Linux follows a layered architecture:
- Hardware: Physical components like CPU, memory, disk
- Kernel: Core component that manages hardware resources
- Shell: Interface between user and kernel (e.g., Bash)
- Utilities/Applications: Software that runs on top of the system
Linux vs. Other Operating Systems
| Feature | Linux | Windows | macOS |
|---|---|---|---|
| Source Code | Open Source | Proprietary | Proprietary (with open components) |
| Cost | Free | Paid | Paid (with hardware) |
| Customization | High | Limited | Limited |
| Security | Strong | Moderate | Strong |
| Software Availability | Extensive (especially for servers) | Extensive (especially for desktop) | Moderate |
Why Use Linux?
- Security: Robust security model and fewer vulnerabilities
- Cost: Free to use and distribute
- Flexibility: Highly customizable and configurable
- Community: Large, active community for support
- Server Performance: Excellent for server applications
- Development: Preferred platform for many developers
Module 2: File System and Navigation
Linux File System Hierarchy
Linux follows a hierarchical file system structure with the root directory (/) at the top:
- / - Root directory
- /bin - Essential command binaries
- /sbin - System binaries (usually for root)
- /etc - System configuration files
- /dev - Device files
- /proc - Process information
- /var - Variable data (logs, spool directories)
- /tmp - Temporary files
- /usr - User programs and data
- /home - User home directories
- /boot - Boot loader files
- /lib - Essential shared libraries
- /opt - Optional application software
- /mnt - Temporary mount point
- /media - Removable media mount point
Module 3: User Management and Permissions
Linux User Types
- Root User: Superuser with complete system control (UID 0)
- System Users: Users created by the system for running services
- Regular Users: Normal users who log in and use the system
User and Group Management
# Create new user
useradd username
useradd -m -s /bin/bash username # Create with home directory and bash shell
# Set user password
passwd username
# Modify user account
usermod -l newname oldname # Change username
usermod -d /new/home username # Change home directory
usermod -s /bin/sh username # Change default shell
# Delete user
userdel username
userdel -r username # Delete user and home directory
# List all users
cat /etc/passwd
# View user information
id username
finger username # If finger is installed
# Create new group
groupadd groupname
# Modify group
groupmod -n newname oldname # Change group name
# Delete group
groupdel groupname
# Add user to group
usermod -aG groupname username # Add to additional group
gpasswd -a username groupname # Alternative method
# Remove user from group
gpasswd -d username groupname
# List all groups
cat /etc/group
# View groups for a user
groups username
id username
# Switch to root user
su -
# Execute command as root
sudo command
# Edit sudoers file (use visudo, not direct editing)
visudo
# Common sudoers entries
username ALL=(ALL) ALL # Full sudo access
%groupname ALL=(ALL) ALL # Full sudo access for group
username ALL=(ALL) NOPASSWD: /usr/bin/apt # No password for specific command
# View sudo privileges
sudo -l
Tip Always use visudo to edit the sudoers file, as it validates syntax before saving.
# Set special permissions
chmod 4755 filename # Set SUID (Set User ID)
chmod 2755 filename # Set SGID (Set Group ID)
chmod 1755 directory # Set sticky bit
# View special permissions
ls -l filename
# Set default ACL (Access Control List)
setfacl -m u:username:rw filename
setfacl -m g:groupname:rw filename
setfacl -m o::r filename
# View ACLs
getfacl filename
# Remove ACL
setfacl -b filename # Remove all ACLs
setfacl -x u:username filename # Remove specific ACL
Note SUID allows a program to run with the permissions of its owner, SGID with its group, and sticky bit prevents users from deleting files they don't own in a shared directory.
Module 4: Package Management (apt)
What is APT?
Advanced Package Tool (APT) is a package management system used by Debian-based distributions like Ubuntu. It simplifies the process of installing, updating, and removing software.
Package Sources
APT retrieves packages from repositories defined in /etc/apt/sources.list and files in /etc/apt/sources.list.d/.
# Update package lists
sudo apt update
# Upgrade installed packages
sudo apt upgrade
# Full system upgrade (may remove packages)
sudo apt full-upgrade
# Install package
sudo apt install package_name
# Install multiple packages
sudo apt install package1 package2 package3
# Remove package
sudo apt remove package_name
# Remove package and configuration files
sudo apt purge package_name
# Remove unnecessary packages
sudo apt autoremove
# Clean downloaded package files
sudo apt clean
# Search for packages
apt search keyword
# Show package details
apt show package_name
# List installed packages
apt list --installed
# List upgradable packages
apt list --upgradable
# Check which package provides a file
apt-file search filename
# Show files installed by a package
dpkg -L package_name
# Check if a package is installed
dpkg -l | grep package_name
# Add repository
sudo add-apt-repository "deb http://archive.ubuntu.com/ubuntu/ focal main"
# Add PPA (Personal Package Archive)
sudo add-apt-repository ppa:user/ppa-name
# Remove repository
sudo add-apt-repository --remove "deb http://archive.ubuntu.com/ubuntu/ focal main"
# Add repository key
wget -qO - https://example.com/archive.key | sudo apt-key add -
# List repositories
apt-cache policy
# Edit sources file
sudo nano /etc/apt/sources.list
# Fix broken dependencies
sudo apt install -f
# Reconfigure packages
sudo dpkg --configure -a
# Clear package cache
sudo apt-get clean
sudo apt-get autoclean
# Fix held packages
sudo apt-mark hold package_name
sudo apt-mark unhold package_name
# Check for broken packages
sudo apt-get check
Module 5: Process Management
Understanding Processes
A process is an instance of a running program. Each process has a unique Process ID (PID) and is associated with a user who owns it.
# List all processes
ps aux
# List processes in tree format
pstree
# List processes with resource usage
top
# Interactive process viewer
htop # More user-friendly alternative to top
# Find process by name
pgrep process_name
# View process details
ps -p PID
# View process tree
ps -ejH
# Run process in background
command &
# Bring background process to foreground
fg
# List background jobs
jobs
# Send job to background
bg %job_number
# Terminate process
kill PID
# Forcefully terminate process
kill -9 PID
# Kill process by name
pkill process_name
# Kill all processes owned by user
pkill -u username
# Suspend process
kill -STOP PID
# Resume suspended process
kill -CONT PID
# View process priority
ps -o pid,ni,comm
# Change process priority (nice value)
renice priority PID
# Run command with specific priority
nice -n priority command
# View I/O priority
ionice -p PID
# Change I/O priority
ionice -c class -n priority PID
Note Nice values range from -20 (highest priority) to 19 (lowest priority). Only root can set negative nice values.
# List all services
systemctl list-units --type=service
# Check service status
systemctl status service_name
# Start service
sudo systemctl start service_name
# Stop service
sudo systemctl stop service_name
# Restart service
sudo systemctl restart service_name
# Reload service configuration
sudo systemctl reload service_name
# Enable service to start at boot
sudo systemctl enable service_name
# Disable service from starting at boot
sudo systemctl disable service_name
# View service logs
journalctl -u service_name
# Follow service logs in real-time
journalctl -u service_name -f
Module 6: System Monitoring and Logs
System Monitoring
Monitoring your Linux system helps you understand resource usage, identify bottlenecks, and troubleshoot issues.
# View system resource usage
top
htop # More user-friendly alternative
# View memory usage
free -h
# View disk usage
df -h
# View directory sizes
du -sh /path/to/directory
# View CPU information
lscpu
# View memory information
cat /proc/meminfo
# View disk I/O statistics
iotop
# View network connections
netstat -tuln
ss -tuln # Modern alternative to netstat
# View system logs (systemd systems)
journalctl
# View logs for specific service
journalctl -u service_name
# View logs from specific time
journalctl --since "2023-01-01" --until "2023-01-02"
# Follow logs in real-time
journalctl -f
# View kernel messages
dmesg
# View authentication logs
sudo cat /var/log/auth.log
# View system logs (traditional systems)
cat /var/log/syslog
tail -f /var/log/syslog
# View application logs
tail -f /var/log/application.log
# View system performance statistics
vmstat 1
# View I/O statistics
iostat 1
# View network statistics
sar -n DEV 1
# View process tree with resource usage
pstree -p
# View detailed process information
ps -eo pid,ppid,cmd,%mem,%cpu --sort=-%mem
# Find processes using high CPU
ps aux --sort=-%cpu | head
# Find processes using high memory
ps aux --sort=-%mem | head
# Monitor system activity
atop
# View logrotate configuration
cat /etc/logrotate.conf
# View specific logrotate configuration
cat /etc/logrotate.d/application
# Force log rotation
sudo logrotate -f /etc/logrotate.conf
# Test logrotate configuration
sudo logrotate -d /etc/logrotate.conf
# View logrotate status
cat /var/lib/logrotate/status
Module 7: Networking Basics
Linux Networking
Linux provides powerful networking capabilities for both client and server applications. Understanding basic networking concepts is essential for system administration.
# View IP addresses
ip addr show
ifconfig # Legacy command
# View network interfaces
ip link show
# View routing table
ip route show
route -n # Legacy command
# View network statistics
netstat -i
ip -s link
# Configure IP address (temporary)
sudo ip addr add 192.168.1.100/24 dev eth0
# Configure IP address (persistent)
sudo nano /etc/netplan/01-netcfg.yaml # Ubuntu
sudo nano /etc/network/interfaces # Debian
# Apply network configuration
sudo netplan apply # Ubuntu
sudo systemctl restart networking # Debian
# Test network connectivity
ping hostname_or_ip
# Trace route to host
traceroute hostname_or_ip
# DNS lookup
nslookup hostname
dig hostname # More detailed
# View network connections
netstat -tuln
ss -tuln # Modern alternative
# View active connections
netstat -tupan
ss -tupan # Modern alternative
# Transfer files over network
scp file user@host:/path/to/destination
rsync -avz source/ user@host:/path/to/destination
# Secure shell
ssh user@host
# Download files from web
wget url
curl -O url
# View firewall status (ufw)
sudo ufw status
# Enable firewall
sudo ufw enable
# Disable firewall
sudo ufw disable
# Allow incoming connections
sudo ufw allow 22/tcp # SSH
sudo ufw allow 80/tcp # HTTP
sudo ufw allow 443/tcp # HTTPS
# Deny incoming connections
sudo ufw deny 23/tcp # Telnet
# View firewall rules (iptables)
sudo iptables -L
# Add iptables rule
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
# Save iptables rules
sudo iptables-save > /etc/iptables/rules.v4
# Check if port is open
telnet hostname port
nc -zv hostname port # Modern alternative
# View network interface statistics
cat /proc/net/dev
# View ARP table
ip neigh show
arp -a # Legacy command
# View network sockets
ss -tuln
# Capture network traffic
sudo tcpdump -i eth0
# Monitor network bandwidth
iftop
nethogs # Show bandwidth by process
Module 8: Shell Scripting
Introduction to Shell Scripting
Shell scripting allows you to automate tasks by writing scripts that execute shell commands. Bash (Bourne Again Shell) is the most commonly used shell for scripting on Linux systems.
#!/bin/bash
# This is a comment
# Variables
name="John"
age=30
# Print variables
echo "Name: $name, Age: $age"
# Command substitution
current_date=$(date)
echo "Current date: $current_date"
# Arithmetic operations
result=$((5 + 3))
echo "5 + 3 = $result"
# Conditional statement
if [ $age -gt 18 ]; then
echo "$name is an adult"
else
echo "$name is a minor"
fi
# Loop
for i in {1..5}; do
echo "Count: $i"
done
# Make script executable
chmod +x script.sh
# Run script
./script.sh
#!/bin/bash
# Command line arguments
echo "Script name: $0"
echo "First argument: $1"
echo "Second argument: $2"
echo "All arguments: $@"
echo "Number of arguments: $#"
# Check if arguments provided
if [ $# -eq 0 ]; then
echo "No arguments provided"
exit 1
fi
# Process all arguments
for arg in "$@"; do
echo "Processing: $arg"
done
# Read user input
echo "Enter your name:"
read name
echo "Hello, $name!"
# Read with prompt
read -p "Enter your age: " age
echo "You are $age years old"
#!/bin/bash
# Define function
function greet() {
local name=$1
echo "Hello, $name!"
}
# Alternative function definition
say_goodbye() {
local name=$1
echo "Goodbye, $name!"
}
# Call functions
greet "John"
say_goodbye "Jane"
# Function with return value
function add() {
local num1=$1
local num2=$2
local result=$((num1 + num2))
echo $result
}
# Use function return value
sum=$(add 5 3)
echo "5 + 3 = $sum"
# Function with default parameters
function greet_with_default() {
local name=${1:-"Guest"}
echo "Hello, $name!"
}
greet_with_default # Uses default value
greet_with_default "Alice" # Uses provided value
#!/bin/bash
# Arrays
fruits=("Apple" "Banana" "Orange")
echo "First fruit: ${fruits[0]}"
echo "All fruits: ${fruits[@]}"
# Add to array
fruits+=("Grape")
# Loop through array
for fruit in "${fruits[@]}"; do
echo "Fruit: $fruit"
done
# File operations
if [ -f "myfile.txt" ]; then
echo "File exists"
else
echo "File does not exist"
fi
# Read file line by line
while IFS= read -r line; do
echo "Line: $line"
done < myfile.txt
# Error handling
set -e # Exit on error
set -u # Exit on undefined variable
# Trap signals
trap 'echo "Script interrupted"; exit 1' INT
# Long-running task with progress bar
for i in {1..100}; do
sleep 0.1
printf "\rProgress: [%-50s] %d%%" "$(printf '=%.0s' $(seq 1 $((i/2))))" "$i"
done
echo
Module 9: System Security
Linux Security
Linux provides robust security features to protect your system from unauthorized access and threats. Understanding these features is essential for maintaining a secure system.
# View failed login attempts
sudo grep "Failed password" /var/log/auth.log
# View successful logins
sudo grep "Accepted password" /var/log/auth.log
# Lock user account
sudo passwd -l username
# Unlock user account
sudo passwd -u username
# Set password expiration
sudo chage -M 90 username # Password expires in 90 days
sudo chage -E 2023-12-31 username # Account expires on specific date
# View password policy
sudo cat /etc/pam.d/common-password
# View user's last login
last username
lastlog
# Update system packages
sudo apt update && sudo apt upgrade
# Remove unnecessary packages
sudo apt autoremove
# Disable unused services
sudo systemctl disable service_name
# View open ports
sudo netstat -tuln
sudo ss -tuln
# Check for listening services
sudo systemctl list-units --type=service --state=running
# Secure SSH
sudo nano /etc/ssh/sshd_config
# Recommended SSH settings:
# PermitRootLogin no
# PasswordAuthentication no
# PubkeyAuthentication yes
# Port 2222 # Change default port
# Restart SSH after changes
sudo systemctl restart sshd
# Enable automatic security updates
sudo apt install unattended-upgrades
sudo dpkg-reconfigure unattended-upgrades
# Install intrusion detection system
sudo apt install fail2ban
# Configure fail2ban
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
sudo nano /etc/fail2ban/jail.local
# Enable fail2ban
sudo systemctl enable fail2ban
sudo systemctl start fail2ban
# Check fail2ban status
sudo fail2ban-client status
# View banned IPs
sudo fail2ban-client status sshd
# Install rootkit detector
sudo apt install rkhunter chkrootkit
# Run rootkit scan
sudo rkhunter --check
sudo chkrootkit
# View system audit logs
sudo ausearch -m AVC -ts recent
# Check file permissions
ls -la filename
# Find files with world-writable permissions
find / -type f -perm -002 -ls 2>/dev/null
# Find files with SUID bit set
find / -type f -perm -4000 -ls 2>/dev/null
# Find files with SGID bit set
find / -type f -perm -2000 -ls 2>/dev/null
# Calculate file checksum
md5sum filename
sha256sum filename
# Verify file integrity
md5sum -c checksums.md5
# Encrypt file with GPG
gpg -c filename
# Decrypt file with GPG
gpg filename.gpg
# Create encrypted archive
tar -czf - directory/ | gpg -c > archive.tar.gz.gpg
Module 10: Server Administration
Linux Server Administration
Server administration involves managing and maintaining Linux servers to ensure they run efficiently and securely. This includes tasks like service management, backup, performance tuning, and troubleshooting.
# List all services
systemctl list-units --type=service
# Check service status
systemctl status service_name
# Start service
sudo systemctl start service_name
# Stop service
sudo systemctl stop service_name
# Restart service
sudo systemctl restart service_name
# Enable service to start at boot
sudo systemctl enable service_name
# Disable service from starting at boot
sudo systemctl disable service_name
# View service logs
journalctl -u service_name
# Follow service logs in real-time
journalctl -u service_name -f
# Check which services failed to start
systemctl --failed
# Create backup with tar
tar -czf backup-$(date +%Y%m%d).tar.gz /path/to/backup
# Create backup with exclusion
tar -czf backup-$(date +%Y%m%d).tar.gz --exclude=/path/to/exclude /path/to/backup
# Extract backup
tar -xzf backup-20230101.tar.gz
# Create backup with rsync
rsync -avz /source/ /destination/
# Create incremental backup with rsync
rsync -avz --delete /source/ /destination/
# Schedule backup with cron
crontab -e
# Add to crontab for daily backup at 2 AM
0 2 * * * /path/to/backup-script.sh
# Backup MySQL database
mysqldump -u username -p database_name > backup.sql
# Restore MySQL database
mysql -u username -p database_name < backup.sql
# View system resource usage
top
htop
# View memory usage
free -h
# View disk I/O
iotop
# View network connections
netstat -tuln
# Optimize system parameters
sudo nano /etc/sysctl.conf
# Add to sysctl.conf for performance tuning:
# vm.swappiness=10
# net.core.rmem_max=16777216
# net.core.wmem_max=16777216
# net.ipv4.tcp_rmem=4096 87380 16777216
# net.ipv4.tcp_wmem=4096 65536 16777216
# Apply sysctl changes
sudo sysctl -p
# Monitor system performance
sar -u 1 10 # CPU usage every second for 10 seconds
sar -r 1 10 # Memory usage every second for 10 seconds
sar -n DEV 1 10 # Network usage every second for 10 seconds
# View system logs
journalctl -f
# View kernel messages
dmesg
# Check disk space
df -h
# Check disk usage
du -sh /path/to/directory
# Find large files
find / -type f -size +100M 2>/dev/null
# Check for zombie processes
ps aux | grep Z
# Check for high CPU usage
ps aux --sort=-%cpu | head
# Check for high memory usage
ps aux --sort=-%mem | head
# Check network connectivity
ping hostname
# Check port availability
telnet hostname port
nc -zv hostname port
# Check service status
systemctl status service_name
# Restart service if needed
sudo systemctl restart service_name