INTRODUCTION: UNIX, Linux, and GNU

The Concept of UNIX

Developed in the 1960s at AT&T Bell Labs by Ken Thompson and Dennis
Ritchie, UNIX changed the world because it was written in the C programming
language, making it "portable."
 The UNIX Philosophy: Write programs that do one thing and do it well.
Programs should work together through text streams.
 Key Characteristics: Multi-user, multi-tasking, and highly secure.
 Significance: Most modern operating systems (including macOS and
Android) are "Unix-like."
The GNU Project
In 1983, Richard Stallman started the GNU Project.
 The Goal: To create a completely "Free" (as in freedom) Unix-compatible
operating system.
 The Missing Link: By the early 90s, GNU had created almost all the tools
(the GCC compiler, Bash shell, GIMP), but they did not have a working
Kernel.
 The GPL: They created the General Public License, which ensures
software remains free for everyone to modify and share.
Linux: The Kernel
In 1991, a Finnish student named Linus Torvalds developed a kernel as a hobby.
 The Marriage: When Linus's kernel was combined with the GNU project's
tools, the result was a complete, functional operating system.
 Technical Definition: Strictly speaking, "Linux" is just the Kernel—the
software that talks to the hardware. The stuff you use (the icons, the
terminal, the apps) is the GNU software. Hence, the correct name is
GNU/Linux.
Linux Distributions (Distros)
Since the source code is free, various organizations bundle the Linux kernel with
different sets of software, installers, and desktop environments. These bundles
are called Distributions.
The "Big Three" Families:

Family Target Audience Key Feature

Uses .deb packages and apt

Debian / Ubuntu Beginners & Servers package manager. Very user-
friendly.

Red Hat (RHEL) / Uses .rpm packages and dnf/yum.

Corporate/Enterprise
Fedora Focuses on stability and security.

Arch Linux Experts / DIY A "rolling release" where you build

the OS from scratch. High learning
Family Target Audience Key Feature

curve.

Professor's A+ Insight: The Architecture Layers

If you are asked to "Define Linux Architecture" in a 5-mark or 10-mark question,
always draw this hierarchy from the inside out:
1. Hardware: The physical machine.
2. Kernel: The core that manages CPU, RAM, and Devices.
3. Shell: The interface that interprets your commands (e.g., Bash).
4. Utilities/Applications: The tools you use (e.g., ls, grep, or a Web
Browser).
---------------------------------------------------------
The Role of a System Administrator
A "System Administrator" (often called a SysAdmin) is defined as the individual
responsible for the configuration, uptime, and reliable operation of computer
systems.
A SysAdmin is the bridge between the Hardware, the Operating System, and the
End User. Their primary goal is to ensure the system is Available, Secure, and
Efficient.
Conceptual Block Diagram
To understand the central role of the SysAdmin, we must visualize their
connectivity across the four pillars of IT:
Core Duties of the System Administrator,
To score high marks, categorize the duties into these five functional areas:
1. User Account Management
 Provisioning: Creating new user accounts using commands like useradd.
 Security: Resetting forgotten passwords and managing account
expirations.
 Permissions: Ensuring users have access only to the files they need (the
Principle of Least Privilege).
2. System Installation & Configuration
 Initial Setup: Installing the Linux OS and partitioning disks.
 Service Configuration: Setting up essential servers like HTTP
(Apache/Nginx), FTP, and DNS.
 Software Updates: Using package managers (apt, yum, or dnf) to keep
the system software current and patched against vulnerabilities.
3. Data Backup and Recovery
 The Golden Rule: A SysAdmin's most important job is protecting data.
 Strategy: Implementing "Grandfather-Father-Son" backup rotations.
 Disaster Recovery: Regularly testing backups to ensure they can
actually be restored if a disk fails.
4. System Security & Monitoring
 Firewalls: Configuring iptables or firewalld to block unauthorized traffic.
  Log Analysis: Checking system logs in /var/log (like [Link] or
messages) for signs of attempted hacking.
 Auditing: Using tools like Top, iostat, and vmstat to monitor system
health and resource usage.
5. Troubleshooting (The "Firefighter" Role)
 When a server goes down at 2:00 AM, the SysAdmin must diagnose the
root cause (Network issue? Hardware failure? Software bug?) and fix it
immediately.
Essential Administrative Commands
In a laboratory exam (Practical), you might be asked to demonstrate these "Duty-
related" commands:

Task Command Description

sudo useradd -m
User Add Creates a new user with a home directory.
username

Shows how much disk space is left (Human

Disk Usage df -h
Readable).

Process
top Real-time view of CPU and Memory usage.
Monitor

Log Viewing tail -f /var/log/syslog Watches the system log in real-time.

----------------------------------------------------------------
The Linux System Administrator: Installing and Configuring Servers
In a Linux environment, a Server is a computer program or device that provides
functionality for other programs or devices, called "clients." The Linux System
Administrator is responsible for the Installation, Configuration, and Hardening of
these servers to ensure they meet the organizational requirements for
performance and security.
Phases of Server Installation
A SysAdmin follows a structured 4-step process to deploy any server (Web,
Database, or Mail):
Phase I: Package Acquisition and Installation
The administrator must use the distribution's package manager to fetch the
server software.
 Red Hat/Fedora/CentOS: Uses dnf or yum.
 Command: sudo dnf install httpd (for Apache Web Server).
 Debian/Ubuntu: Uses apt.
 Command: sudo apt install apache2.
Phase II: Service Configuration
Every Linux server is controlled by configuration files, typically found in the /etc
directory.
 Main Config Files: * Apache: /etc/httpd/conf/[Link]
o SSH: /etc/ssh/sshd_config
o DNS (Bind): /etc/[Link]
 Action: The SysAdmin edits these files to set parameters like port
numbers, document roots, and access restrictions.
Phase III: Service Management (systemd)
Once configured, the SysAdmin must manage the "daemon" (background
process).
 Start Service: systemctl start [service_name]
 Enable at Boot: systemctl enable [service_name] (Crucial for A+ answer—
ensures the server starts automatically after a crash).
 Check Status: systemctl status [service_name]
Phase IV: Security Hardening
A server is not "ready" until it is secured.
 Firewall: Opening specific ports (e.g., Port 80 for HTTP, Port 443 for HTTPS)
using firewall-cmd or ufw.
 Permissions: Ensuring the server process runs under a non-root user to
limit the impact of a potential hack.

Common Servers and Their Technical Details (Exam Table)

To score maximum marks, use this table to show the examiner you know specific
server types:

Software Default Primary Config

Server Type
Name Port File

/etc/httpd/
Web Server Apache (httpd) 80 / 443
[Link]

Remote
SSH (sshd) 22 /etc/ssh/sshd_config
Access

/etc/vsftpd/
File Transfer FTP (vsftpd) 21
[Link]

MySQL /
Database 3306 /etc/[Link]
MariaDB

Best Practices for Configuration

1. Backup Before Edit: Always create a copy of the original config file (e.g.,
cp config [Link]).
 2. Syntax Check: Many servers have a test command (e.g., apachectl
configtest) to check for errors before restarting.
3. Minimalism: Only install the services that are absolutely required to
reduce the "Attack Surface."
Professor's A+ Secret for MRSPTU:
If the question asks about "Configuration," always mention the systemctl
command suite. It is the modern standard for Linux administration. Also, mention
that after changing any file in /etc, the service must be restarted (systemctl
restart) for the changes to take effect.
-------------------------------------------------------------------
Installing and Configuring Application Software
In Linux, application software is typically distributed in the form of Packages.
The System Administrator’s responsibility is to ensure that software is installed
from trusted sources, configured for optimal performance, and kept up-to-date to
prevent security vulnerabilities.
Methods of Installation
To score an A+, you must discuss the three primary ways software is managed in
a Linux environment:
A. Using Package Managers (The Standard Method)
Modern Linux distributions use automated tools that handle Dependencies
(other files required for the software to run).
 RPM-based (Red Hat, MRSPTU favorite): Uses dnf or yum.
o Command: sudo dnf install [package_name]
 Debian-based (Ubuntu): Uses apt.
o Command: sudo apt install [package_name]

B. Using Low-Level Package Tools

Sometimes, an admin has a standalone package file (like a .exe in Windows).
 rpm command: Used for Red Hat packages (.rpm).
 dpkg command: Used for Debian packages (.deb).
 Note: These do not automatically download dependencies.
C. Compiling from Source Code (The Expert Method)
When software is not available in repositories, the SysAdmin must build it
manually.
1. Unpack: tar -xvf [Link]
2. Configure: ./configure (Checks for system compatibility).
3. Compile: make (Converts source code to machine code).
4. Install: sudo make install (Moves binaries to /usr/local/bin).
Configuration of Application Software
Once installed, software must be tailored to the system.
  Configuration Files: Most applications store settings in the /etc directory
(system-wide) or the user’s ~/.config or "dotfiles" (e.g., .bashrc).
 Environment Variables: Administrators configure paths so the system
can "find" the software.
o Example: Editing the PATH variable in /etc/profile.
 Libraries: Ensuring shared libraries (.so files) are linked correctly using
ldconfig.
Key Administrative Tasks (Exam Table)

Command
Task Description
Example

Search dnf search [app] Finds software in the online repository.

Updat Updates all installed apps to the latest

dnf upgrade
e version.

Remov
dnf remove [app] Uninstalls software and cleans up files.
e

Checks if application files have been

Verify rpm -V [package]
tampered with.

Summary: The Role of Repositories

A Repository is a centralized storage location for software. The SysAdmin must
manage repository files located in:
 Red Hat: /etc/[Link].d/
 Ubuntu: /etc/apt/[Link]
Professor's A+ Secret for MRSPTU:
When writing about installation, always mention Dependency Hell. Explain that
modern tools like dnf and apt were created specifically to solve this problem by
automatically identifying and installing all required "helper" files for an
application. This shows deep conceptual knowledge.
-------------------------------------------------------------------

Topic: Creating and Maintaining User Accounts

User Account Management is a core practical and theoretical topic. Examiners
look for your knowledge of the System Files involved and the Administrative
Commands used to manage the multi-user nature of Linux.
Introduction
Linux is a multi-user operating system, meaning multiple people can access
system resources simultaneously.
The System Administrator (Root) is responsible for managing these identities to
ensure system security and accountability. Every user in Linux is identified by a
unique UID (User ID) and belongs to at least one GID (Group ID).
Essential System Files
The four critical files where user data is stored:
1. /etc/passwd: Contains user account information (Username, UID, GID,
Home Directory, Shell).
2. /etc/shadow: Stores encrypted passwords and password expiry
information (Highly secure).
3. /etc/group: Defines the groups and their members.
4. /etc/skel: A "Skeleton" directory containing default files (like .bashrc)
copied to a new user's home directory during creation.
User Management Commands
Examiners look for the connection between the command and the backend
changes in /etc/passwd and /etc/shadow.
The lifecycle of a user account is managed through a specific set of CLI tools that
ensure the security and organized structure of the multi-user environment.
A. Account Creation (Provisioning)
When a SysAdmin creates an account, they aren't just creating a username; they
are defining an environment.
useradd: This is the primary binary used to initialize a user.
Syntax:
sudo useradd -m -s /bin/bash amit
Component Analysis
 sudo: Substitutes the current user's privileges for the Superuser (Root).
Since modifying /etc/passwd requires UID 0, this is mandatory.
 useradd: The binary utility responsible for low-level user creation.
 -m (Make Home): This is a critical flag. It instructs the system to create a
directory in /home/amit. Without this, the user will have no place to store
personal files or configurations.
 -s (Shell): Defines the user's login shell. /bin/bash (Bourne Again Shell) is
the standard interactive shell for Linux. (Assigns the default shell.)
 amit: The Login Name (Username) being assigned to the new account.
Backend Action:
This command creates an entry in /etc/passwd, creates a unique UID, and copies
default configuration files (like .bashrc) from /etc/skel to the new home directory.
passwd: Essential for security. An account created with useradd is usually
"locked" until a password is set.
Action: It updates the second field of /etc/shadow with a salted hash of the
password.

B. Account Modification (Maintenance)

As user roles change, their account attributes must be updated without deleting
the account.
usermod: A versatile tool for changing home directories, shells, or primary
groups.
o Locking: sudo usermod -L amit (Inserts a ! in /etc/shadow to disable
the password).
chage (Change Age): This is a critical security auditing tool. It forces users to
change their passwords periodically to maintain system integrity.
o Example: chage -M 90 amit (Sets maximum password age to 90
days).

C. Account Deletion (Deprovisioning)

When a user leaves the organization, their access must be revoked immediately.
userdel: Removes the user's entry from the system files.
o Crucial Flag: Using -r (recursive) is vital in a server environment as
it deletes the user's home directory and mail spool, preventing
"Orphaned Files" from wasting disk space.

Technical Comparison: User Types

User Type UID Range Purpose

Root User 0 Full system control.

System Used by services (e.g., bin, mail, apache). No

1 – 999
Users login shell.

Normal
1000+ Regular humans using the system.
Users

The Concept of GID (Group ID)

In addition to UIDs, the SysAdmin manages Groups. Groups allow the Admin to
grant permissions to a set of users simultaneously rather than individually.
Groups are used to assign permissions to multiple users at once. groupadd:
Creates a new group. gpasswd -a user group: Adds a user to a specific group.
  Primary Group: Every user must belong to one primary group (usually
named after the user).
 Secondary Groups: Users can be added to supplementary groups (like
sudo or developers) to gain additional access.
 Command: usermod -aG developers amit (Adds 'amit' to the 'developers'
group without removing him from others).
Professor's A+ Conclusion:
"A successful SysAdmin doesn't just run commands; they understand the file-
level changes. When you run useradd, remember that you are modifying
/etc/passwd, /etc/shadow, and /etc/group simultaneously. Mentioning these three
files together shows the examiner that you have a 'System View' of Linux
administration."
----------------------------------------------------------------------
Topic: Backing Up and Restoring Files
Backup and Recovery is considered the "Safety Net" of System Administration.
Introduction
Backup is the process of creating a copy of data to ensure it can be recovered in
the event of hardware failure, accidental deletion, or system corruption.
Restoration is the inverse process of bringing the data back to its original state.
As per Wale Soyinka, "Data is the only part of a computer that cannot be
replaced by money; it can only be replaced by a backup."
Types of Backups
A backup is a representative copy of data stored on a separate medium (tape,
disk, or cloud) to ensure data availability in case of system failure.
For a System Administrator, choosing a backup strategy is a trade-off between
Backup Time (how long it takes to copy) and Restore Time (how long it takes
to recover).
Classification of Backup Types
I. Full Backup
A Full Backup is the foundation of all data protection strategies.
Fill Backup It involves copying every single file, directories and system metadata
to a backup media. It ignores the "Archive Bit" or modification timestamps and
copies everything.
It is usually performed weekly or monthly due to high resource consumption.
Pros: It provides the fastest and simplest restoration process since only one
backup set is needed.
Cons: It is resource-intensive, requiring maximum storage space and a long
"Backup Window" (time to complete).
II. Incremental Backup
This is a time-efficient strategy designed for daily operations.
Incremental Backup only backs up data that has changed since the most recent
backup (whether it was a full or incremental backup). It uses the "Archive Bit" or
modification timestamp to identify changes.
Technical Detail: Once a file is backed up, its "Archive Bit" is reset.
Pros: Very fast to perform and requires minimal storage space.
Cons: Restoration is the most complex. To recover a system, the admin needs
the Last Full Backup + EVERY Incremental Backup created since then, in
strict chronological order. If one incremental link is corrupted, the rest of the
chain may be useless.
III. Differential Backup
This strategy acts as a middle ground between Full and Incremental.
Differential Backup it backs up all files that have changed since the last Full
Backup. Unlike Incremental, it does not care about previous differential backups;
it always looks back to the original full copy.
Technical Detail: It does not reset the "Archive Bit." Therefore, each daily
differential backup grows larger as it includes changes from previous days.
Pros: Faster restoration than Incremental (only 2 steps required).
Cons: Uses more space than Incremental and the backup time increases daily
until the next Full Backup is performed. To restore, you only need two sets of
data: the First Full Backup + the LATEST Differential Backup.
Comparative Summary Table (MRSPTU Exam Format)

Full
Feature Incremental Backup Differential Backup
Backup

Backup
Slowest Fastest Moderate
Speed

Storage
Highest Lowest Moderate
Space

Restore
Fastest Slowest Moderate
Speed

Restore 1 Step Multiple Steps (Full + All 2 Steps (Full + Latest

Process (Full) Incremental) Differential)

Risk of
Low High (Chain dependency) Low
Failure

Professor's A+ Secret: The "Backup Window"

The Backup Window is the time period during which the system can be backed
up without affecting production users. A SysAdmin uses Incremental Backups
to ensure the backup fits within a small nightly window, whereas Full Backups
are reserved for weekends when the window is larger."
Essential Linux Backup Utilities/Commands
1. The tar Utility (Tape Archive)
tar is the most widely used utility in Linux for creating archives. It does not
compress files by default but can be integrated with compression tools like gzip
or bzip2.
The tar Utility (Tape Archive) is the most common tool in Linux. It bundles
multiple files into one .tar file.
 Create Archive: tar -cvf [Link] /home/user
 Create Compressed Archive (Gzip): tar -czvf [Link] /home/user
 Restore/Extract: tar -xvf [Link] -C /restore_path
Deconstructing the Flags:
 -c: Create a new archive.
 -v: Verbose (shows the progress of files being backed up).
 -f: File (specifies the name of the archive file).
 -z: Filter the archive through gzip for compression.
 -x: Extract the files from an archive.
2. The cpio Utility (Copy In, Copy Out)
cpio is a classic Unix utility recommended in the Sumitabha Das text. It is
unique because it reads a list of filenames from the "standard input" (stdin).
 Command: find . | cpio -ov > /dev/st0 (Backing up to a tape drive).
 Mechanism: It is often paired with the find command. find generates the
list of files, and the pipe (|) sends that list to cpio, which archives them to
a destination like a tape drive (/dev/st0).
 Use Case: Excellent for backing up special device files and preserving
hard links.
3. The rsync Utility (Remote Sync)
rsync is the modern administrator's tool of choice for network-based backups and
mirroring.
 Command: rsync -avz /src/directory /backup/destination
 The Delta-Transfer Algorithm: Explain that rsync only copies the
differences between the source and the destination, drastically reducing
bandwidth and time.
Deconstructing the Flags:
 -a: Archive mode (preserves permissions, symlinks, and timestamps).
 -v: Verbose mode.
 -z: Compresses data during the transfer process.

Professor's A+ Secret for MRSPTU:

"If you are asked to write a script for backup, always mention the Verification
step. After running a tar command, a good SysAdmin runs tar -tvf [Link] to
list the table of contents and ensure the data is actually inside the archive. This
'post-backup verification' shows professional maturity in your answer."
Backup Media and Locations
A SysAdmin must decide where to store the data based on cost and speed:
 Magnetic Tapes: High capacity, low cost, but slow access (sequential).
 External Hard Drives/NAS: Fast access, good for local backups.
 Cloud Storage: Off-site protection against physical disasters (fire/flood).
The "3-2-1" Backup Rule (Exam Pro-Tip)
Mention this rule to impress the examiner:
 3 Copies of data (1 Primary + 2 Backups).
 2 Different media types (e.g., Disk and Tape).
 1 Copy stored Off-site (for disaster recovery).
Technical Summary (Comparison Table)

Comman Compression
Best Use Case
d Support

Daily archival and directory Yes (-z for gzip, -j for

tar
bundling. bzip2)

rsync Mirroring directories over a network. Yes (delta-transfer)

Creating an exact "Disk Image" (bit-

dd No
by-bit).

Professor's A+ Secret for MRSPTU:

Always mention the crontab. A real SysAdmin doesn't run backups manually;
they automate them.
"In a professional environment, backups are scheduled using the cron daemon
to run during low-traffic hours (e.g., 2:00 AM) to avoid slowing down the system
for users."
--------------------------------------------------------------
Topic: Monitoring and Tuning Performance
System Monitoring is the continuous process of reviewing and analyzing the
resource utilization of a Linux system. Performance Tuning is the subsequent
process of adjusting system parameters (Kernel or Application level) to improve
efficiency and response time.
As per Wale Soyinka, the goal is to identify and resolve "Bottlenecks."
The Four Pillars of Monitoring
categorize your monitoring tools into these four resource areas:
I. CPU Monitoring
Tracks how much of the processor's power is being used.
 top: The most common real-time monitor. Shows processes, CPU usage,
and "Load Average."
 uptime: Provides a quick view of the system load over 1, 5, and 15
minutes.
 sar (System Activity Reporter): Used for collecting and reporting long-
term system activity.
II. Memory (RAM) Monitoring
Ensures the system isn't running out of physical memory and relying too heavily
on Swap.
 free -m: Displays the amount of free and used memory in Megabytes.
 vmstat: Reports information about processes, memory, paging, and block
I/O.
 A+ Detail: Mention "OOM Killer" (Out of Memory Killer)—a Linux Kernel
feature that kills the largest process to prevent a total system crash when
RAM is exhausted.
III. Disk I/O Monitoring
Tracks how fast data is being read from or written to the hard drive.
 iostat: Provides statistics on CPU usage and I/O statistics for devices.
 df -h: Checks for "Disk Full" conditions which can freeze a system.
IV. Network Monitoring
Ensures that data packets are moving efficiently across the interface.
 netstat or ss: Shows active network connections and ports.
 iptraf: A colorful, text-based LAN monitor.

Performance Tuning Strategies

Once the bottleneck is identified, the SysAdmin must "tune" the system:
1. Adjusting Process Priority (nice and renice):
a. Linux uses a "Nice" value from -20 (Highest priority) to 19
(Lowest priority).
b. Command: renice -n -10 -p 1234 (Makes process 1234 more
important).
2. Kernel Tuning (sysctl):
a. The /proc/sys/ directory contains files that control kernel behavior.
b. Example: Changing the "Swappiness" value to decide how
aggressively Linux uses Swap space.
3. Managing Services:
 a. Disabling unnecessary background "daemons" using systemctl
disable to free up CPU and RAM.

The "Load Average" Logic (A+ Student Tip)

If an examiner asks what a "Load Average" of 2.0 means:
 On a Single-core CPU: It means the CPU is 100% overloaded (1 process
running, 1 waiting).
 On a Dual-core CPU: It means the CPU is at 100% capacity (both cores
busy).
 On a Quad-core CPU: It means the CPU is 50% idle.
 Always relate load average to the number of CPU cores.

Professor's Conclusion:
Performance tuning is an iterative process. An A+ SysAdmin follows the
"Observe -> Analyze -> Tune -> Verify" cycle. Never change multiple
parameters at once, or you won't know which one fixed (or broke) the system.
---------------------------------------------------------
Topic: Configuring a Secure System
Security is not a single product but a continuous process. A System Administrator
must secure the Linux environment against both external attacks (hackers) and
internal threats (unauthorized users).
In Linux, security is managed through a combination of Access Control Lists
(ACLs), Firewalls, and Encryption.
Layered Security Model (The 4-Layer Approach)
To secure a system effectively, an administrator must implement controls at
every stage of the system lifecycle:
I. Physical and Boot-Level Security
The first line of defense starts before the OS even loads.
 BIOS/UEFI Password: Prevents unauthorized users from changing the
boot order to load a rogue OS via USB.
 Bootloader (GRUB) Security: Password-protecting the GRUB menu
ensures that no one can enter "Single User Mode" to reset the root
password.
 Disabling Ctrl+Alt+Del: Modifying system settings to prevent
unauthorized reboots from the keyboard.
II. User and Access Security
Ensuring that only authorized personnel can execute sensitive commands.
 The Principle of Least Privilege: Users are only given the minimum
permissions necessary for their jobs.
  Sudoers Policy: Instead of sharing the root password, admins use the
visudo command to grant specific administrative rights to normal users.
 PAM (Pluggable Authentication Modules): A framework used to define
complex password policies (e.g., minimum 8 characters, use of symbols).
III. Network and Firewall Security
Protecting the "gates" of the server.
 Netfilter/Iptables: The Linux kernel's built-in firewall.
 Firewalld/UFW: High-level tools used to open/close specific ports.
o Example: Closing Port 23 (Telnet - insecure) and opening Port 22
(SSH - secure).
 SSH Hardening: Disabling root login via SSH by editing
/etc/ssh/sshd_config and setting PermitRootLogin no.
IV. File System and Data Security
Protecting the actual data stored on the disks.
 Permissions: Using chmod and chown to restrict file access.
 Disk Encryption (LUKS): Encrypting the entire hard drive so that data
remains unreadable even if the physical disk is stolen.
 SELinux (Security-Enhanced Linux): A mandatory access control
mechanism that adds an extra layer of security "labels" to every process
and file.

Technical Checklist for a Secure System

System Auditing and Logging
A secure system must be auditable. The SysAdmin must regularly check logs to
detect breaches:
 last command: Shows the history of user logins.
 lastb command: Shows failed login attempts (crucial for spotting Brute
Force attacks).
 Auditd: A daemon that tracks specifically who modified a sensitive file
(like /etc/shadow).
----------------------------------------------------------

Part A: Using Tools to Monitor Security

Security monitoring is the proactive phase of administration. A SysAdmin uses
specific utilities to detect unauthorized access and system vulnerabilities.
Log Monitoring (The Primary Audit Trail)
In Linux, almost every security event is recorded in the /var/log directory.
 /var/log/[Link] (or secure): Records all authentication events,
including successful logins and failed attempts.
  last and lastb: Commands used to parse these logs. lastb specifically
shows bad login attempts, helping identify brute-force attacks.
 tail -f /var/log/messages: Used for real-time monitoring of general
system security alerts.

Network Security Tools

 netstat -tulpn: Shows all active connections and the specific "Process ID"
(PID) using each port. This helps identify unauthorized "backdoor"
services.
 nmap: A network exploration tool used to "scan" the system’s own ports
to see which ones are visible to hackers.
Integrity Checkers
 tripwire or aide: These tools create a "fingerprint" (hash) of critical
system files. If a hacker modifies /etc/passwd, these tools will immediately
alert the admin.

Part B: Booting and Shutting Down

The boot process is the sequence of events that occurs from the moment the
power button is pressed until the login prompt appears. In the MRSPTU style, you
must explain the Six Stages of the Linux Boot Process.
The 6 Stages of Booting
1. BIOS (Basic Input/Output System):
o Performs POST (Power-On Self-Test).
o Loads the MBR (Master Boot Record) from the bootable drive.
2. MBR (Master Boot Record):
o Located in the first sector of the disk (512 bytes).
o Contains the primary bootloader (GRUB).
3. GRUB (Grand Unified Bootloader):
o Displays the splash screen and allows the user to select the OS.
o Loads the Kernel and the Initrd (Initial RAM Disk) into memory.
4. Kernel:
o Mounts the root file system.
o Initializes hardware drivers.
o Executes the first process: init (or systemd).
5. Init / Systemd:
o The "Mother of all processes" (PID 1).
o Starts system services based on the Runlevel or Target.
6. Runlevel / Target Phase:
o Runlevel 3: Multi-user mode (Command Line).
o Runlevel 5: Graphical User Interface (GUI).

Managing Shutting Down

A SysAdmin must never simply switch off the power, as this can lead to file
system corruption.
 shutdown -h now: Halts the system immediately.
 shutdown -r +10 "System rebooting for maintenance": Schedules a
reboot in 10 minutes and sends a broadcast message to all logged-in
users.
 init 0: Stops the system.
 init 6: Reboots the system.

Boot Loaders: GRUB vs. LILO

The boot loader is the software that directs the computer's hardware to load the
OS kernel. To score high, you must compare the modern standard (GRUB) with
the legacy loader (LILO).

GRUB (Grand Unified

Feature LILO (Linux Loader)
Bootloader)

Does not understand file systems.

Flexibilit Understands file systems. No need
Must reinstall to MBR after every
y to reinstall after config change.
change.

Interacti Has a powerful command-line Limited interaction; strictly loads

ve interface for recovery. what is defined.

Can boot from network, different Limited functionality compared to

Booting
partitions, or even other OSs. modern hardware.

Uses a configuration file (e.g., Stores boot information in the MBR

Storage
/boot/grub/[Link]). directly.

---------------------------------------------------
Bootstrapping
Bootstrapping (or "booting") is the process of loading the initial set of
instructions into the computer's memory to start the Operating System.
 The Process: It begins with the BIOS/UEFI locating the Boot Loader
(GRUB) in the Master Boot Record (MBR).
 The Result: Once the Boot Loader hands over control to the Kernel, the
kernel initializes the hardware and then launches the very first process,
known as init.
The Init Process
The init process is the "parent of all processes" and always carries PID 1.
 Role: Its primary job is to bring the system into a specific state (Runlevel)
and manage system daemons.
 Evolution: * SysVinit (Legacy): Traditional method used in older Linux
(CentOS 6 and earlier). It starts services one by one (serially).
 o systemd (Modern): Used in current versions (RHEL 7/8/9, Ubuntu
20.04+). It starts services in parallel, making the boot process much
faster.
rc Scripts (Run Control)
In traditional SysVinit systems, the behavior of the system at different runlevels
is controlled by rc scripts.
 Location: Scripts are stored in /etc/init.d/, while symbolic links to these
scripts are found in directories like /etc/rc0.d/ through /etc/rc6.d/.
 Naming Convention:
o S (Start): Scripts starting with 'S' are used to start a service in that
runlevel.
o K (Kill): Scripts starting with 'K' are used to stop/kill a service.
 Example: When switching to Runlevel 3, the system executes all scripts in
/etc/rc3.d/ beginning with 'S'.

Enabling and Disabling Services

A SysAdmin must decide which programs run automatically in the background
(Daemons). In modern systems, we use the systemctl utility to manage these.
A. Immediate Control (Current Session)
 Start a service: sudo systemctl start httpd
 Stop a service: sudo systemctl stop httpd
 Check status: sudo systemctl status httpd
B. Boot-time Control (Persistence)
To ensure a service starts every time the computer turns on (or stays off), we use
enable and disable.
 Enable (On at Boot): sudo systemctl enable httpd
o Backend action: Creates a symbolic link in the target directory.

 Disable (Off at Boot): sudo systemctl disable httpd

o Backend action: Removes the symbolic link.

Summary Table: Legacy vs. Modern Management

Task Legacy (SysVinit) Modern (systemd)

Main Config /etc/inittab /etc/systemd/system/

Service Command service httpd start systemctl start httpd

Boot-time On/Off chkconfig httpd on systemctl enable httpd

Process Execution Serial (One by one) Parallel (Simultaneous)

Runlevels vs. Targets (Exam Special)
MRSPTU exams often ask to map old runlevels to new systemd targets:
 Runlevel 0: [Link] (System Halt)
 Runlevel 1: [Link] (Single-user mode/Maintenance)
 Runlevel 3: [Link] (Command Line Interface)
 Runlevel 5: [Link] (GUI/X-Windows)
 Runlevel 6: [Link] (System Restart)
Professor's A+ Secret for MRSPTU:
"When writing about rc scripts, always mention the /etc/[Link] file. This is a
special script that runs at the very end of the multi-user boot process. It is a
'catch-all' place for administrators to put custom commands they want executed
once the system is fully up."
--------------------------------------------------------------------------------------------------
----------------------
Topic: The Linux File System Structure
Linux treats everything as a file (hardware, directories, processes), and this data
is organized in a hierarchical tree structure.
The Root Directory (/)
The entire Linux file system originates from the Root directory, represented by a
forward slash (/). Every single file and directory on the system is contained within
this root, even if they are stored on different physical hard drives.
The Hierarchical Directory Structure
To score an A+, you must be able to define the purpose of the standard top-level
directories:
 /bin (Essential Binaries): Contains fundamental executable commands
needed for the system to run (e.g., ls, cp, bash).
 /sbin (System Binaries): Contains essential commands for the System
Administrator (e.g., reboot, fdisk).
 /etc (Configuration Files): The most important directory for a SysAdmin.
It contains all system-wide configuration files (e.g., /etc/passwd,
/etc/shadow).
 /dev (Device Files): Contains files representing hardware components.
(e.g., /dev/sda for the hard drive, /dev/lp0 for a printer).
 /home (User Directories): Contains personal folders for regular users.
 /root: The home directory for the Superuser (Root). Note that it is kept
separate from regular users.
 /var (Variable Files): Contains data that changes frequently, such as
logs (/var/log) and mail spools.
 /tmp (Temporary Files): A storage area for temporary files created by
applications.
 /mnt & /media: Points where external devices (USB drives, CD-ROMs) are
"mounted" to become part of the file system.
  /proc & /sys: "Virtual" file systems that provide information about the
kernel, hardware, and running processes.
Logical Structure vs. Physical Storage
A key concept for the exam is the Mount Point.
 In Linux, you can attach a physical partition to any directory.
 For example, you might have your /home directory stored on a completely
different hard drive than your / (root).
 Command to view this: df -h or mount.
Classification of File Types
Linux categorizes files into four main types:
1. Ordinary/Regular Files: Text files, images, programs (-).
2. Directories: Folders containing other files or directories (d).
3. Device Files: Interface for hardware (b for block devices like disks, c for
character devices like keyboards).
4. Link Files: Pointers to other files (Soft links or Hard links) (l).
File System Standards Table

Directory Content Type Importance for SysAdmin

/boot Kernel & GRUB files Critical for System Bootstrapping.

/usr User applications Contains /usr/bin for installed software.

/opt Optional software Used for third-party proprietary apps.

Essential for binaries in /bin and /sbin to

/lib Shared Libraries
function.

Technical Summary: The Inode Concept

To truly impress an examiner, mention Inodes.
"Every file in Linux is associated with an Inode (Index Node). The inode stores
metadata about the file (owner, size, permissions, timestamps) but not the
filename or the actual data. The file system uses inode numbers to locate data
on the physical disk blocks."
Professor's A+ Secret for MRSPTU:
"If a question asks about 'The File System', draw the Directory Tree diagram.
Start with / at the top and branch down into /bin, /etc, and /home. Examiners
love visual representations of the hierarchy—it proves you understand how Linux
organizes data logically."
 -------------------------------------------------------------

Topic: Working with Linux Supported File Systems

"Working with Supported File Systems" topic focuses on the administrator's
ability to prepare storage, format it with a specific structure, and integrate it into
the system hierarchy.
Common Linux File Systems
Linux is famous for supporting a wide variety of file systems. For the exam, you
must be able to differentiate between the most common ones:
 Ext4 (Fourth Extended File System): The current standard for most
Linux distributions. It supports large volumes (up to 1 Exabyte) and uses
Journaling to prevent data corruption during power failures.
 XFS: A high-performance, 64-bit journaling file system. It is the default for
RHEL (Red Hat) and CentOS because it handles large files and parallel I/O
extremely well.
 Btrfs (B-Tree FS): A modern file system focusing on "copy-on-write,"
snapshots, and self-healing features.
 Swap: A special type of file system used for "Virtual Memory." When RAM
is full, the Linux kernel moves inactive data to the Swap partition.
 VFT / NTFS: Supported for compatibility with Windows drives.

The Workflow of Disk Management

As a SysAdmin, adding a new storage device follows a strict 3-step technical
workflow:
Step 1: Partitioning (fdisk / parted)
Before a disk can store files, it must be divided into logical sections.
 Command: sudo fdisk /dev/sdb
 In fdisk, you create a new partition table (MBR or GPT) and define the size
of the partitions.
Step 2: Formatting (mkfs)
This creates the actual "File System" (the grid/table) on the partition.
 Command: sudo mkfs.ext4 /dev/sdb1
 This command writes the Inodes and data blocks to the disk.
Step 3: Mounting (mount)
A formatted partition is useless until it is "attached" to a directory in the Linux
tree.
 Command: sudo mount /dev/sdb1 /mnt/data
 Permanent Mount: To ensure the drive stays connected after a reboot,
the admin must add an entry to the /etc/fstab file.

The /etc/fstab File (Crucial for A+)

This file is the "Mount Table" of the system. If you misconfigure this, the system
may fail to boot. A typical entry looks like this:
UUID=1234-abcd /data ext4 defaults 0 2

Field Purpose

Device The UUID or device name (e.g., /dev/sdb1).

Mount Point The directory where the files will appear (e.g., /data).

File System
ext4, xfs, nfs, etc.
Type

Usually defaults (includes rw, suid, dev, exec, auto,

Options
nouser, async).

Dump Used by the backup utility (0 = ignore).

Order of file system check at boot (1 for root, 2 for

Pass
others).

File System Maintenance Tools

 df -h: (Disk Free) Shows how much space is left on all mounted file
systems in a "human-readable" format.
 du -sh: (Disk Usage) Summarizes the disk usage of a specific directory.
 fsck: (File System Check) Used to repair a corrupted file system. Note:
Never run this on a mounted file system.
Professor's A+ Secret for MRSPTU:
"Always distinguish between Internal and Network file systems. If you mention
NFS (Network File System) as a supported type that allows a server to share
a folder with clients over a network, you demonstrate that you understand
enterprise-level administration beyond just local hardware."
--------------------------------------------------------------------------------------------------
--------------------
Working with Supported File Systems
Linux is "agnostic," meaning it can communicate with almost any file system.
However, for system disks, it relies on specific high-performance types.
 Ext4 (Fourth Extended FS): The reliable standard. It uses Journaling,
which records changes in a log before committing them to the main disk,
preventing corruption during power failure.
 XFS: Optimized for large files and high-performance servers. It is the
default for RHEL-based systems.
 Swap: A special partition used as "Virtual RAM." When physical memory is
full, the kernel moves inactive data here.
 NFS (Network File System): Allows you to mount a folder from a
remote server as if it were a local drive.
Memory and Virtual File Systems
These are "Pseudo File Systems." They do not exist on the hard drive; they are
created by the Kernel in the System RAM to provide a window into the system's
"brain."
 /proc (Process FS): Contains information about running processes and
hardware.
o Key file: /proc/meminfo (shows RAM usage).
 /sys (SysFS): Used to manage and view hardware device drivers and
power settings.
 tmpfs: A high-speed file system located entirely in RAM. Files in /tmp are
often stored here for speed, but they vanish upon reboot.
Linux Disk Management Workflow
For a 10-mark question, you must describe the lifecycle of a disk from "Raw
Metal" to "Usable Storage."
1. Partitioning (fdisk / gdisk): Dividing the physical drive into logical
slices.
2. Formatting (mkfs): Installing the file system (Ext4/XFS) on the partition.
Example: mkfs.ext4 /dev/sdb1
3. Mounting (mount): Attaching the formatted partition to the directory
tree.
4. Persistence (/etc/fstab): This is the most important file for the exam. It
tells Linux which disks to mount automatically at boot.
Network Configuration Files
In Linux, "Configuration is Documentation." Instead of clicking through menus,
you modify specific text files.
The Essential Files Table

File Path Purpose

/etc/hostname Stores the permanent name of the machine.

A local "Address Book" that maps IP addresses to

/etc/hosts
names (Static DNS).

/etc/[Link] Configures DNS Servers (e.g., nameserver [Link]).

/etc/sysconfig/network- (RHEL/CentOS) Contains individual interface settings

scripts/ (IP, Gateway, Subnet).

(Debian/Ubuntu) Primary configuration file for

/etc/network/interfaces
network cards.

Network Management Commands

 ip addr show: To view current IP addresses.
 ping: To test connectivity to another host.
 netstat -rn: To view the Routing Table (where data goes next).
 nmcli: The modern command-line tool for Network Manager.
Professor's A+ Secret for MRSPTU:
"When discussing Network Configuration, always mention the difference
between Static IP and DHCP. In an exam, if you can write down the content of a
sample /etc/hosts file (e.g., [Link] localhost), it proves to the examiner that
you have actually worked on a Linux terminal."

3. The Boot Process (Bootstrapping)

This is a favorite exam question. How does a computer go from "Off" to a "Login
Screen"?
1. BIOS/UEFI: The hardware performs a Power-On Self-Test (POST).
2. Boot Loader (GRUB/LILO): * GRUB (Grand Unified Bootloader): The
modern standard. It allows you to choose which OS to boot.
 o LILO (Linux Loader): An older, simpler loader (rarely used now but
important for theory).
3. Kernel Initialization: The bootloader loads the Linux Kernel into memory.
The Kernel initializes hardware drivers.
4. The Init Process: The Kernel starts the very first process, called init (PID
1).
5. Runlevels/Target Units: The rc (run control) scripts execute to start
services like Networking, SSH, or the Graphical Desktop.

4. The File System Structure

In Linux, "Everything is a file." As Neil Mathew explains, the structure is a
tree:
 Standard Hierarchy (FHS):
o /bin: Essential command binaries.

o /etc: System configuration files (The heart of administration).

o /dev: Hardware device files (your hard drive is a file here!).

o /proc: A Virtual File System that shows real-time kernel and

process information.
Memory & Virtual File Systems
Linux uses Virtual Memory, which combines your physical RAM with a portion
of your hard drive called Swap Space. This allows the system to run more
applications than the physical RAM would normally allow.

5. Disk Management & Network Config

 Partitions: Dividing a physical disk into logical sections (/dev/sda1,
/dev/sda2).
 Mounting: In Linux, you don't just "plug in" a drive. You must "mount" it
to a directory (e.g., mounting a USB to /media/usb).
Key Network Configuration Files (The A+ List): | File Path | Purpose | | :---
| :--- | | /etc/hostname | Sets the name of your computer. | | /etc/hosts | Local
map of IP addresses to names. | | /etc/[Link] | Configures DNS (Domain
Name Servers). | | /etc/network/interfaces | Main network config (on
Debian/Ubuntu). |

🎓 A+ Student Tip: "The Power of Root"

Always mention that the Root User (UID 0) has absolute power. An A+ student
knows that a SysAdmin should use sudo for daily tasks to prevent accidental
system-wide damage. Using root directly is like driving a car without a seatbelt.