A collection of Linux Sysadmin Test Questions and Answers. Test your knowledge and skills in different fields with these Q/A.
:star:
"A great Admin doesn't need to know everything, but they should be able to come up with amazing solutions to impossible projects." - cwheeler33 (ServerFault)
:star:
"My skills are making things work, not knowing a billion facts. [...] If I need to fix a system I’ll identify the problem, check the logs and look up the errors. If I need to implement a solution I’ll research the right solution, implement and document it, the later on only really have a general idea of how it works unless I interact with it frequently... it’s why it’s documented." - Sparcrypt (Reddit)
:information_source: This project contains 284 test questions and answers that can be used as a test your knowledge or during an interview/exam for position such as Linux (\*nix) System Administrator.
:heavycheckmark: The answers are only examples and do not exhaust the whole topic. Most of them contains useful resources for a deeper understanding.
:warning: Questions marked don't have answer yet or answer is incomplete - make a pull request to add them*!
:traffic_light: If you find something which doesn't make sense, or something doesn't seem right, please make a pull request and please add valid and well-reasoned explanations about your changes or comments.
:books: In order to improve your knowledge/skills please see devops-interview-questions. It looks really interesting.
» All suggestions are welcome «
Table of Contents
| The type of chapter | Number of questions | Short description | | :--- | :--- | :--- | | Introduction ||| | :smallorangediamond: Simple Questions | 14 questions | Relaxed, fun and simple - are great for starting everything. | | General Knowledge ||| | :smallorangediamond: Junior Sysadmin | 65 questions | Reasonably simple and straight based on basic knowledge. | | :smallorangediamond: Regular Sysadmin | 94 questions | The mid level of questions if that you have sound knowledge. | | :smallorangediamond: Senior Sysadmin | 99 questions | Hard questions and riddles. Check it if you want to be good. | | Secret Knowledge || | :smallorangediamond: Guru Sysadmin | 12 questions | Really deep questions are to get to know Guru Sysadmin. |
Introduction
:diamondshapewithadot_inside: Simple Questions
- What did you learn this week?
- What excites or interests you about the sysadmin world?
- What is a recent technical challenge you experienced and how did you solve it?
- Tell me about the last major project you finished.
- Do you contribute to any open source projects?
- Describe the setup of your homelab.
- What personal achievement are you most proud of?
- Tell me about the biggest mistake you've made. How would you do it differently today?
- What software tools are you going to install on the first day at a new job?
- Tell me about how you manage your knowledge database (e.g. wikis, files, portals).
- What news sources do you check daily? (sysadmin, security-related or other)
- Your NOC team has a new budget for sysadmin certifications. What certificate would you like and why?
- How do you interact with developers: us vs. them or all pulling together with a different approach?
- Which sysadmin question would you ask, if you were interviewing me, to know, how good I'm with non-standard situations?
General Knowledge
:diamondshapewithadot_inside: Junior Sysadmin
System Questions (37)
Give some examples of Linux distribution. What is your favorite distro and why?
My favorite Linux distribution:
- Arch Linux, which offers a nice minimalist base system on which one can build a custom operating system. The beauty of it too is that it has the Arch User Repository (AUR), which when combined with its official binary repositories allows it to probably have the largest repositories of any distribution. Its packaging process is also very simple, which means if one wants a package not in its official repositories or the AUR, it should be easy to make it for oneself.
- Linux Mint, which is also built from Ubuntu LTS releases, but features editions featuring a few different desktop environments, including Cinnamon, MATE and Xfce. Mint is quite polished and its aesthetics are rather appealing, I especially like its new icon theme, although I do quite dislike its GTK+ theme (too bland to my taste). I’ve also found a bug in its latest release Mint 19, that is getting quite irritating as I asked for with it over a fortnight ago on their forums and I have received no replies so far and it is a bug that makes my life on it more difficult.
- Kali Linux, is a Debian-based Linux distribution aimed at advanced Penetration Testing and Security Auditing. Kali contains several hundred tools which are geared towards various information security tasks, such as Penetration Testing, Security research, Computer Forensics and Reverse Engineering.
What are the differences between Unix, Linux, BSD, and GNU?
GNU isn't really an OS. It's more of a set of rules or philosophies that govern free software, that at the same time gave birth to a bunch of tools while trying to create an OS. So GNU tools are basically open versions of tools that already existed, but were reimplemented to conform to principals of open software. GNU/Linux is a mesh of those tools and the Linux kernel to form a complete OS, but there are other GNUs, e.g. GNU/Hurd.
Unix and BSD are "older" implementations of POSIX that are various levels of "closed source". Unix is usually totally closed source, but there are as many flavors of Unix as there are Linux (if not more). BSD is not usually considered "open", but it was considered to be very open when it was released. Its licensing also allowed for commercial use with far fewer restrictions than the more "open" licenses of the time allowed.
Linux is the newest of the four. Strictly speaking, it's "just a kernel"; however, in general, it's thought of as a full OS when combined with GNU Tools and several other core components.
The main governing differences between these are their ideals. Unix, Linux, and BSD have different ideals that they implement. They are all POSIX, and are all basically interchangeable. They do solve some of the same problems in different ways. So other then ideals and how they choose to implement POSIX standards, there is little difference.
For more info I suggest your read a brief article on the creation of GNU, OSS, Linux, BSD, and UNIX. They will be slanted towards their individual ideas, but those articles should give you a better idea of the differences.
Useful resources:
- What is the difference between Unix, Linux, BSD and GNU? (original)
- The Great Debate: Is it Linux or GNU/Linux?
What is a CLI? Tell me about your favorite CLI tools, tips, and hacks.
CLI is an acronym for Command Line Interface or Command Language Interpreter. The command line is one of the most powerful ways to control your system/computer.
In Unix like systems, CLI is the interface by which a user can type commands for the system to execute. The CLI is very powerful, but is not very error-tolerant.
The CLI allows you to do manipulations with your system’s internals and with code in a much more fine-tuned way. It offers greater flexibility and control than a GUI regardless of what OS is used. Many programs that you might want to use in your software that are hosted on say Github also require running some commands on the CLI in order to get them running.
My favorite tools
screen- free terminal multiplexer, I can start a session and My terminals will be saved even when you connection is lost, so you can resume later or from homessh- the most valuable over-all command to learn, I can use it to do some amazing things:
sshfs
* forward commands: runs against a rsync server with no rsync deamon by starting one itself via ssh
* run in batch files: I can redirect the output from the remote command and use it within local batch file
vi/vim- is the most popular and powerful text editor, it's universal, it's work very fast, even on large filesbash-completion- contains a number of predefined completion rules for shell
- searches the command history with
CTRL + R popd/pushdand other shell builtins which allow you manipulate the directory stack- editing keyboard shortcuts like a
CTRL + U,CTRL + E - combinations will be auto-expanded:
! - all arguments of last command
* !! - the whole of last command
* !ssh - last command starting with ssh
Useful resources:
- Command Line Interface Definition
- What is your single most favorite command-line trick using Bash?
- What are your favorite command line features or tricks?
What is your favorite shell and why?
BASH is my favorite. It’s really a preferential kind of thing, where I love the syntax and it just "clicks" for me. The input/output redirection syntax (>>, << 2>&1, 2>, 1>, etc) is similar to C++ which makes it easier for me to recognize.
I also like the ZSH shell, because is much more customizable than BASH. It has the Oh-My-Zsh framework, powerful context based tab completion, pattern matching/globbing on steroids, loadable modules and more.
Useful resources:
How do you get help on the command line? *
man[commandname] can be used to see a description of a command (ex.:man less,man cat)
-hor--helpsome programs will implement printing instructions when passed this parameter (ex.:python -handpython --help)
Your first 5 commands on a *nix server after login.
w- a lot of great information in there with the server uptimetop- you can see all running processes, then order them by CPU, memory utilization and morenetstat- to know on what port and IP your server is listening on and what processes are using thosedf- reports the amount of available disk space being used by file systemshistory- tell you what was previously run by the user you are currently connected to
What do the fields in
ls -al output mean?
In the order of output:
-rwxrw-r-- 1 root root 2048 Jan 13 07:11 db.dump
- file permissions,
- number of links,
- owner name,
- owner group,
- file size,
- time of last modification,
- file/directory name
- first character is
-orlord,dindicates a directory, a-represents a file,lis a symlink (or soft link) - special type of file - three sets of characters, three times, indicating permissions for owner, group and other:
r = readable
- w = writable
- x = executable
In your example -rwxrw-r--, this means the line displayed is:
- a regular file (displayed as
-) - readable, writable and executable by owner (
rwx) - readable, writable, but not executable by group (
rw-) - readable but not writable or executable by other (
r--)
How do you get a list of logged-in users?
For a summary of logged-in users, including each login of a username, the terminal users are attached to, the date/time they logged in, and possibly the computer from which they are making the connection, enter:
# It uses /var/run/utmp and /var/log/wtmp files to get the details.
who
For extensive information, including username, terminal, IP number of the source computer, the time the login began, any idle time, process CPU cycles, job CPU cycles, and the currently running command, enter:
# It uses /var/run/utmp, and their processes /proc.
w
Also important for displays a list of last logged in users, enter:
# It uses /var/log/wtmp.
last
Useful resources:
What is the advantage of executing the running processes in the background? How can you do that?
The most significant advantage of executing the running process in the background is that you can do any other task simultaneously while other processes are running in the background. So, more processes can be completed in the background while you are working on different processes. It can be achieved by adding a special character & at the end of the command.
Generally applications that take too long to execute and doesn't require user interaction are sent to background so that we can continue our work in terminal.
For example if you want to download something in background, you can:
wget https://url-to-download.com/download.tar.gz &
When you run the above command you get the following output:
[1] 2203
Here 1 is the serial number of job and 2203 is PID of the job.
You can see the jobs running in background using the following command:
jobs
When you execute job in background it give you a PID of job, you can kill the job running in background using the following command:
kill PID
Replace the PID with the PID of the job. If you have only one job running you can bring it to foreground using:
fg
If you have multiple jobs running in background you can bring any job in foreground using:
fg %#
Replace the # with serial number of the job.
Useful resources:
- How do I run a Unix process in the background?
- Job Control Commands
- What is/are the advantage(s) of running applications in background?
Before you can manage processes, you must be able to identify them. Which tools will you use? *
To be completed.
Running the command as root user. It is a good or bad practices?
Running (everything) as root is bad because:
- Stupidity: nothing prevents you from making a careless mistake. If you try to change the system in any potentially harmful way, you need to use sudo, which ensures a pause (while you're entering the password) to ensure that you aren't about to make a mistake.
- Security: harder to hack if you don't know the admin user's login account. root means you already have one half of the working set of admin credentials.
- You don't really need it: if you need to run several commands as root, and you're annoyed by having to enter your password several times when
sudohas expired, all you need to do issudo -iand you are now root. Want to run some commands using pipes? Then usesudo sh -c "command1 | command2".
- You can always use it in the recovery console: the recovery console allows you to recover from a major mistake, or fix a problem caused by an app (which you still had to run as
sudo). Ubuntu doesn't have a password for the root account in this case, but you can search online for changing that - this will make it harder for anyone that has physical access to your box to be able to do harm.
- Why is it bad to log in as root? (original)
- What's wrong with always being root?
- Why you should avoid running applications as root
How to check memory stats and CPU stats?
You'd use top/htop for both. Using free and vmstat command we can display the physical and virtual memory statistics respectively. With the help of sar command we see the CPU utilization & other stats (but sar isn't even installed in most systems).
Useful resources:
- How do I Find Out Linux CPU Utilization?
- 16 Linux server monitoring commands you really need to know
What is load average?
Linux load averages are "system load averages" that show the running thread (task) demand on the system as an average number of running plus waiting threads. This measures demand, which can be greater than what the system is currently processing. Most tools show three averages, for 1, 5, and 15 minutes.
These 3 numbers are not the numbers for the different CPUs. These numbers are mean values of the load number for a given period of time (of the last 1, 5 and 15 minutes).
Load average is usually described as "average length of run queue". So few CPU-consuming processes or threads can raise load average above 1. There is no problem if load average is less than total number of CPU cores. But if it gets higher than number of CPUs, this means some threads/processes will stay in queue, ready to run, but waiting for free CPU.
It is meant to give you an idea of the state of the system, averaged over several periods of time. Since it is averaged, it takes time for it to go back to 0 after a heavy load was placed on the system.
Some interpretations:
- if the averages are 0.0, then your system is idle
- if the 1 minute average is higher than the 5 or 15 minute averages, then load is increasing
- if the 1 minute average is lower than the 5 or 15 minute averages, then load is decreasing
- if they are higher than your CPU count, then you might have a performance problem (it depends)
- Linux Load Averages: Solving the Mystery (original)
- Linux load average - the definitive summary
- How CPU load averages work (and using them to triage webserver performance!)
Where is my password stored on Linux/Unix?
The passwords are not stored anywhere on the system at all. What is stored in /etc/shadow are so called hashes of the passwords.
A hash of some text is created by performing a so called one way function on the text (password), thus creating a string to check against. By design it is "impossible" (computationally infeasible) to reverse that process.
Older Unix variants stored the encrypted passwords in /etc/passwd along with other information about each account.
Newer ones simply have a * in the relevant field in /etc/passwd and use /etc/shadow to store the password, in part to ensure nobody gets read access to the passwords when they only need the other stuff (shadow is usually protected more strongly than passwd).
For more info consult man crypt, man shadow, man passwd.
Useful resources:
- Where is my password stored on Linux?
- Where are the passwords of the users located in Linux?
- Linux Password & Shadow File Formats
How to recursively change permissions for all directories except files and for all files except directories?
To change all the directories e.g. to 755 (drwxr-xr-x):
find /opt/data -type d -exec chmod 755 {} \;
To change all the files e.g. to 644 (-rw-r--r--):
find /opt/data -type f -exec chmod 644 {} \;
Useful resources:
Every command fails with
command not found. How to trace the source of the error and resolve it?
It looks that at one point or another are overwriting the default PATH environment variable. The type of errors you have, indicates that PATH does not contain e.g. /bin, where the commands (including bash) reside.
One way to begin debugging your bash script or command would be to start a subshell with the -x option:
bash --login -x
This will show you every command, and its arguments, which is executed when starting that shell.
Also very helpful is show PATH variable values:
echo $PATH
If you run this:
PATH=/bin:/sbin:/usr/bin:/usr/sbin
most commands should start working - and then you can edit ~/.bash_profile instead of ~/.bashrc and fix whatever is resetting PATH there. Default PATH variable values for root and other users is in /etc/profile file.
Useful resource:
You typing
CTRL + C but your script still running. How do you stop it?
In most cases, you can stop a running script by using the CTRL + C keyboard combination. This sends an interrupt signal (SIGINT) to the script, which terminates its execution. If this does not work and the script is still running, you can try using the CTRL + \ combination, which sends a quit signal (SIGQUIT) to the script, which may terminate it immediately.
Alternatively, if you are using a terminal or command line interface, you can try using the kill command to send a signal to the script process. You can find the process ID (PID) of the script by using the ps or top command, and then use kill with the PID to stop the script.
In some cases, you may need to use the kill -9 command to force the script to stop, as the regular kill command may not work if the script is stuck or not responding. The -9 option sends a SIGKILL signal, which forces the process to stop immediately.
What is
grep command? How to match multiple strings in the same line?
The grep utilities are a family of Unix tools, including egrep and fgrep.
grep searches file patterns. If you are looking for a specific pattern in the output of another command, grep highlights the relevant lines. Use this grep command for searching log files, specific processes, and more.
For match multiple strings:
grep -E "string1|string2" filename
or
grep -e "string1" -e "string2" filename
Useful resources:
Explain the file content commands along with the description.
head: to check the starting of a file.tail: to check the ending of the file. It is the reverse of head command.cat: used to view, create, concatenate the files.more: used to display the text in the terminal window in pager form.less: used to view the text in the backward direction and also provides single line movement.
SIGHUP, SIGINT, SIGKILL, and SIGTERM POSIX signals. Explain.
- SIGHUP - is sent to a process when its controlling terminal is closed. It was originally designed to notify the process of a serial line drop (a hangup). Many daemons will reload their configuration files and reopen their logfiles instead of exiting when receiving this signal.
- SIGINT - is sent to a process by its controlling terminal when a user wishes to interrupt the process. This is typically initiated by pressing
Ctrl+C, but on some systems, the "delete" character or "break" key can be used. - SIGKILL - is sent to a process to cause it to terminate immediately (kill). In contrast to SIGTERM and SIGINT, this signal cannot be caught or ignored, and the receiving process cannot perform any clean-up upon receiving this signal.
- SIGTERM - is sent to a process to request its termination. Unlike the SIGKILL signal, it can be caught and interpreted or ignored by the process. This allows the process to perform nice termination releasing resources and saving state if appropriate. SIGINT is nearly identical to SIGTERM.
What does
kill command do?
In Unix and Unix-like operating systems, kill is a command used to send a signal to a process. By default, the message sent is the termination signal, which requests that the process exit. But kill is something of a misnomer; the signal sent may have nothing to do with process killing.
Useful resources:
What is the difference between
rm and rm -rf?
rm only deletes the named files (and not directories). With -rf as you say:
-r,-R,--recursiverecursively deletes content of a directory, including hidden files and sub directories-f,--forceignore nonexistent files, never prompt
How do I
grep recursively? Explain on several examples. *
To be completed.
archive.tgz has ~30 GB. How do you list content of it and extract only one file?
# list of content
tar tf archive.tgz
extract file
tar xf archive.tgz filename
Useful resources:
Execute combine multiple shell commands in one line.
If you want to execute each command only if the previous one succeeded, then combine them using the && operator:
cd /my_folder && rm *.jar && svn co path to repo && mvn compile package install
If one of the commands fails, then all other commands following it won't be executed.
If you want to execute all commands regardless of whether the previous ones failed or not, separate them with semicolons:
cd /my_folder; rm *.jar; svn co path to repo; mvn compile package install
In your case, I think you want the first case where execution of the next command depends on the success of the previous one.
You can also put all commands in a script and execute that instead:
#! /bin/sh
cd /my_folder \
&& rm *.jar \
&& svn co path to repo \
&& mvn compile package install
Useful resources:
What symbolic representation can you pass to
chmod to give all users execute access to a file without affecting other permissions?
chmod a+x /path/to/file
a- for all usersx- for execution permissionr- for read permissionw- for write permission
How can I sync two local directories?
To sync the contents of dir1 to dir2 on the same system, type:
rsync -av --progress --delete dir1/ dir2
-a,--archive- archive mode--delete- delete extraneous files from dest dirs-v,--verbose- verbose mode (increase verbosity)--progress- show progress during transfer
Many basic maintenance tasks require you to edit config files. Explain ways to undo the changes you make.
- manually backup of a file before editing (with brace expansion like this:
cp filename{,.orig}) - manual copy of the directory structure where file is stored (e.g.
cp,rsyncortar) - make a backup of original file in your editor (e.g. set rules in your editor configuration file)
- the best solution is to use
git(or any other version control) to keep track of configuration files (e.g.etckeeperfor/etcdirectory)
- Backup file with .bak before filename extension
- Is it a good idea to use git for configuration file version controlling?
You have to find all files larger than 20MB. How you do it?
find / -type f -size +20M
Useful resources:
Why do we use
sudo su - and not just sudo su?
sudo is in most modern Linux distributions where (but not always) the root user is disabled and has no password set. Therefore you cannot switch to the root user with su (you can try). You have to call sudo with root privileges: sudo su.
su just switches the user, providing a normal shell with an environment nearly the same as with the old user.
su - invokes a login shell after switching the user. A login shell resets most environment variables, providing a clean base.
Useful resources:
How to find files that have been modified on your system in the past 60 minutes?
find / -mmin -60 -type f
Useful resources:
What are the main reasons for keeping old log files?
They are essential to investigate issues on the system. Log management is absolutely critical for IT security.
Servers, firewalls, and other IT equipment keep log files that record important events and transactions. This information can provide important clues about hostile activity affecting your network from within and without. Log data can also provide information for identifying and troubleshooting equipment problems including configuration problems and hardware failure.
It’s your server’s record of who’s come to your site, when, and exactly what they looked at. It’s incredibly detailed, showing:
- where folks came from
- what browser they were using
- exactly which files they looked at
- how long it took to load each file
- and a whole bunch of other nerdy stuff
- legal requirements for retention or destruction
- company policies for retention and destruction
- how long the logs are useful
- what questions you're hoping to answer from the logs
- how much space they take up
Useful resources:
What is an incremental backup?
An incremental backup is a type of backup that only copies files that have changed since the previous backup.
Useful resources:
What is RAID? What is RAID0, RAID1, RAID5, RAID6, RAID10?
A RAID (Redundant Array of Inexpensive Disks) is a technology that is used to increase the performance and/or reliability of data storage.
- RAID0: Also known as disk striping, is a technique that breaks up a file and spreads the data across all the disk drives in a RAID group. There are no safeguards against failure
- RAID1: A popular disk subsystem that increases safety by writing the same data on two drives. Called "mirroring," RAID 1 does not increase write performance, but read performance may equal up to the sum of each disks' performance. However, if one drive fails, the second drive is used, and the failed drive is manually replaced. After replacement, the RAID controller duplicates the contents of the working drive onto the new one
- RAID5: It is disk subsystem that increases safety by computing parity data and increasing speed by interleaving data across three or more drives (striping). Upon failure of a single drive, subsequent reads can be calculated from the distributed parity such that no data is lost
- RAID6: RAID 6 extends RAID 5 by adding another parity block. It requires a minimum of four disks and can continue to execute read and write of any two concurrent disk failures. RAID 6 does not have a performance penalty for read operations, but it does have a performance penalty on write operations because of the overhead associated with parity calculations
- RAID10: Also known as RAID 1+0, is a RAID configuration that combines disk mirroring and disk striping to protect data. It requires a minimum of four disks, and stripes data across mirrored pairs. As long as one disk in each mirrored pair is functional, data can be retrieved. If two disks in the same mirrored pair fail, all data will be lost because there is no parity in the striped sets
How is a user’s default group determined? How would you change it?
useradd -m -g initial_group username
-g/--gid: defines the group name or number of the user's initial login group. If specified, the group name must exist; if a group number is provided, it must refer to an already existing group.
If not specified, the behaviour of useradd will depend on the USERGROUPSENAB variable contained in /etc/login.defs. The default behaviour (USERGROUPSENAB yes) is to create a group with the same name as the username, with GID equal to UID.
Useful resources:
What is your best command line text editor for daily working and scripting? *
To be completed.
Why would you want to mount servers in a rack?
- Protecting Hardware
- Proper Cooling
- Organized Workspace
- Better Power Management
- Cleaner Environment
Network Questions (23)
Draw me a simple network diagram: you have 20 systems, 1 router, 4 switches, 5 servers, and a small IP block. *
To be completed.
What are the most important things to understand about the OSI (or any other) model?
The most important things to understand about the OSI (or any other) model are:
- we can divide up the protocols into layers
- layers provide encapsulation
- layers provide abstraction
- layers decouple functions from others
What is the difference between a VLAN and a subnet? Do you need a VLAN to setup a subnet?
VLANs and subnets solve different problems. VLANs work at Layer 2, thereby altering broadcast domains (for instance). Whereas subnets are Layer 3 in the current context.
Subnet - is a range of IP addresses determined by part of an address (often called the network address) and a subnet mask (netmask). For example, if the netmask is 255.255.255.0 (or /24 for short), and the network address is 192.168.10.0, then that defines a range of IP addresses 192.168.10.0 through 192.168.10.255. Shorthand for writing that is 192.168.10.0/24.
VLAN - a good way to think of this is "switch partitioning." Let's say you have an 8 port switch that is VLAN-able. You can assign 4 ports to one VLAN (say VLAN 1) and 4 ports to another VLAN (say VLAN 2). VLAN 1 won't see any of VLAN 2's traffic and vice versa, logically, you now have two separate switches. Normally on a switch, if the switch hasn't seen a MAC address it will "flood" the traffic to all other ports. VLANs prevent this.
Subnet is nothing more than an IP address range of IP addresses that help hosts communicate over layer 2 and 3. Each subnet does not require its own VLAN. VLANs are implemented for isolation (are sandbox for layer two communication, no 2 systems of 2 different VLANs may communicate but it can be done through Inter VLAN routing), ease of management and security.
Useful resources:
- What is the difference between a VLAN and a subnet? (original)
- VLANS vs. subnets for network security and segmentation
List 5 common network ports you should know.
| SERVICE | PORT |
|---|---|
| SMTP | 25 |
| FTP | 20 for data transfer and 21 for connection established |
| DNS | 53 |
| DHCP | 67/UDP for DHCP server, 68/UDP for DHCP client |
| SSH | 22 |
Useful resources:
What POP and IMAP are, and how to choose which of them you should implement?
POP and IMAP are both protocols for retrieving messages from a mail server to a mail client.
POP (Post Office Protocol) uses a one way push from mail server to client. By default this will send messages to the POP mail client and remove them from the mail server, though it is possible to configure the mail server to retain all messages. Any actions you take on the message in your mail client (labeling, deleting, moving to a folder) will not be reflected on the mail server, and thus inaccessible to other mail clients pulling from the mail server. POP uses little storage space on the mail server and can be seen as more secure since messages only exist on one mail client instead of the mail server and multiple clients.
IMAP (Internet Message Access Protocol) uses two way communication between mail server and client. Deleting or labeling a message in your mail client configured with IMAP will also delete or label the message on the mail server. IMAP allows for a similar experience when accessing mail across different clients or devices since messages can existing in the same state across multiple devices. IMAP can also save disk space on the mail client by selectively syncing messages, deleting older messages from the mail client since it can sync them from the mail server later as needed.
Choose IMAP if you need to access messages across multiple devices and you want to save disk space on your client device. Choose POP if you want to save disk space on your mail server, only access messages from one client device, and ensure that messages do not exist on multiple systems.
How to check default route and routing table?
Using the commands netstat -nr, route -n or ip route show we can see the default route and routing tables.
Useful resources:
What is the difference between 127.0.0.1 and localhost?
Well, the most likely difference is that you still have to do an actual lookup of localhost somewhere.
If you use 127.0.0.1, then (intelligent) software will just turn that directly into an IP address and use it. Some implementations of gethostbyname will detect the dotted format (and presumably the equivalent IPv6 format) and not do a lookup at all.
Otherwise, the name has to be resolved. And there's no guarantee that your hosts file will actually be used for that resolution (first, or at all) so localhost may become a totally different IP address.
By that I mean that, on some systems, a local hosts file can be bypassed. The host.conf file controls this on Linux (and many other Unices).
If you use a Unix domain socket it'll be slightly faster than using TCP/IP (because of the less overhead you have). Windows is using TCP/IP as a default, whereas Linux tries to use a Unix Domain Socket if you choose localhost and TCP/IP if you take 127.0.0.1.
Useful resources:
Which port is used for
ping command?
ping uses ICMP, specifically ICMP echo request and ICMP echo reply packets. There is no 'port' associated with ICMP. Ports are associated with the two IP transport layer protocols, TCP and UDP. ICMP, TCP, and UDP are "siblings"; they are not based on each other, but are three separate protocols that run on top of IP.
ICMP packets are identified by the 'protocol' field in the IP datagram header. ICMP does not use either UDP or TCP communications services, it uses raw IP communications services. This means that the ICMP message is carried directly in an IP datagram data field. raw comes from how this is implemented in software, to create and send an ICMP message, one opens a raw socket, builds a buffer containing the ICMP message, and then writes the buffer containing the message to the raw socket.
The IP protocol value for ICMP is 1. The protocol field is part of the IP header and identifies what is in the data portion of the IP datagram.
However, you could use nmap to see whether ports are open or not:
nmap -p 80 example.com
Useful resources:
Server A can't talk to Server B. Describe possible reasons in a few steps.
To troubleshoot communication problems between servers, it is better to ideally follow the TCP/IP stack:
- Application Layer: are the services up and running on both servers? Are they correctly configured (eg. bind the correct IP and correct port)? Do application and system logs show meaningful errors?
- Transport Layer: are the ports used by the application open (try telnet!)? Is it possible to ping the server?
- Network Layer: is there a firewall on the network or on the OS correctly configured? Is the IP stack correctly configured (IP, routes, dns, etc.)? Are switches and routers working (check the ARP table!)?
- Physical Layer: are the servers connected to a network? Are packets being lost?
Why won’t the hostnames resolve on your server? Fix this issue. *
To be completed.
How to resolve the domain name (using external dns) with CLI? Can IPs be resolved to domain names?
Examples for resolve IP address to domain name:
# with host command:
host domain.com 8.8.8.8
with dig command:
dig @9.9.9.9 google.com
with nslookup command:
nslookup domain.com 8.8.8.8
You can (sometimes) resolve an IP Address back to a hostname. IP Address can be stored against a PTR record. You can then do:
dig A <hostname>
To lookup the IPv4 address for a host, or:
dig AAAA <hostname>
To lookup the IPv6 address for a host, or:
dig PTR ZZZ.YYY.XXX.WWW.in-addr.arpa.
To lookup the hostname for IPv4 address WWW.XXX.YYY.ZZZ (note the octets are reversed), or:
dig PTR b.a.9.8.7.6.5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
Useful resources:
- How can I resolve a hostname to an IP address in a Bash script?
- How To Resolve IP Addresses To Domain Names?
How to test port connectivity with
telnet or nc?
# with telnet command:
telnet code42.example.com 5432
with nc (netcat) command:
nc -vz code42.example.com 5432
Why should you avoid
telnet to administer a system remotely?
Modern operating systems have turned off all potentially insecure services by default. On the other hand, some vendors of network devices still allow to establish communication using the telnet protocol.
Telnet uses most insecure method for communication. It sends data across the network in plain text format and anybody can easily find out the password using the network tool.
In the case of Telnet, these include the passing of login credentials in plain text, which means anyone running a sniffer on your network can find the information he needs to take control of a device in a few seconds by eavesdropping on a Telnet login session.
Useful resources:
What is the difference between
wget and curl?
The main differences are: wget's major strong side compared to curl is its ability to download recursively. wget is command line only. curl supports FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, POP3, IMAP, SMTP, RTMP and RTSP.
Useful resources:
What is SSH and how does it work?
SSH stands for Secure Shell. It is a protocol that lets you drop from a server "A" into a shell session to a server "B". It allows you interact with your server "B".
An SSH connection to be established, the remote machine (server A) must be running a piece of software called an SSH daemon and the user's computer (server B) must have an SSH client.
The SSH daemon and SSH client listen for connections on a specific network port (default 22), authenticates connection requests, and spawns the appropriate environment if the user provides the correct credentials.
Useful resources:
Most tutorials suggest using SSH key authentication rather than password authentication. Why it is considered more secure?
An SSH key is an access credential in the SSH protocol. Its function is similar to that of user names and passwords, but the keys are primarily used for automated processes and for implementing single sign-on by system administrators and power users.
Instead of requiring a user's password, it is possible to confirm the client's identity by using asymmetric cryptography algorithms, with public and private keys.
If your SSH service only allows public-key authentication, an attacker needs a copy of a private key corresponding to a public key stored on the server.
If your SSH service allows password based authentication, then your Internet connected SSH server will be hammered day and night by bot-nets trying to guess user-names and passwords. The bot net needs no information, it can just try popular names and popular passwords. Apart from anything else this clogs your logs.
Useful resources:
What is a packet filter and how does it work?
Packet filtering is a firewall technique used to control network access by monitoring outgoing and incoming packets and allowing them to pass or halt based on the source and destination Internet Protocol (IP) addresses, protocols and ports.
Packet filtering is appropriate where there are modest security requirements. The internal (private) networks of many organizations are not highly segmented. Highly sophisticated firewalls are not necessary for isolating one part of the organization from another.
However it is prudent to provide some sort of protection of the production network from a lab or experimental network. A packet filtering device is a very appropriate measure for providing isolation of one subnet from another.
Operating at the network layer and transport layer of the TCP/IP protocol stack, every packet is examined as it enters the protocol stack. The network and transport headers are examined closely for the following information:
- protocol (IP header, network layer) - in the IP header, byte 9 (remember the byte count begins with zero) identifies the protocol of the packet. Most filter devices have the capability to differentiate between TCP, UPD, and ICMP.
- source address (IP header, network layer) - the source address is the 32-bit IP address of the host which created the packet.
- destination address (IP header, network layer) - the destination address is the 32-bit IP address of the host the packet is destined for.
- source port (TCP or UDP header, transport layer) - each end of a TCP or UDP network connection is bound to a port. TCP ports are separate and distinct from UDP ports. Ports numbered below 1024 are reserved – they have a specifically defined use. Ports numbered above 1024 (inclusive) are known as ephemeral ports. They can be used however a vendor chooses. For a list of "well known" ports, refer to RFP1700. The source port is a pseudo-randomly assigned ephemeral port number. Thus it is often not very useful to filter on the source port.
- destination port (TCP or UDP header, transport layer) - the destination port number indicates a port that the packet is sent to. Each service on the destination host listens to a port. Some well-known ports that might be filtered are 20/TCP and 21/TCP - ftp connection/data, 23/TCP - telnet, 80/TCP - http, and 53/TCP - DNS zone transfers.
- connection status (TCP header, transport layer) - the connection status tells whether the packet is the first packet of the network session. The ACK bit in the TCP header is set to “false” or 0 if this is the first packet in the session. It is simple to disallow a host from establishing a connection by rejecting or discarding any packets which have the ACK bit set to "false" or 0.
What are the advantages of using a reverse proxy server?
Hide the topology and characteristics of your back-end servers
The reverse proxy server can hide the presence and characteristics of the origin server. It acts as an intermediate between internet cloud and web server. It is good for security reason especially when you are using web hosting services.
Allows transparent maintenance of backend servers
Changes you make to servers running behind a reverse proxy are going to be completely transparent to your end users.
Load Balancing
The reverse proxy will then enforce a load balancing algorithm like round robin, weighted round robin, least connections, weighted least connections, or random, to distribute the load among the servers in the cluster.
When a server goes down, the system will automatically failover to the next server up and users can continue with their secure file transfer activities.
SSL offloading/termination
Handles incoming HTTPS connections, decrypting the requests and passing unencrypted requests on to the web servers.
IP masking
Using a single ip but different URLs to route to different back end servers.
Useful resources:
What is the difference between a router and a gateway? What is the default gateway?
Router describes the general technical function (layer-3 forwarding) or a hardware device intended for that purpose, while gateway describes the function for the local segment (providing connectivity to elsewhere). You could also state that "you set up a router as gateway". Another term is hop which describes the forwarding in between subnets.
The term default gateway is used to mean the router on your LAN which has the responsibility of being the first point of contact for traffic to computers outside the LAN.
It's just a matter of perspective, the device is the same.
Useful resources:
Explain the function of each of the following DNS records: SOA, PTR, A, MX, and CNAME.
DNS records are basically mapping files that tell the DNS server which I
README truncated. View on GitHub