Оффлайн
- Регистрация
- 9 Май 2015
- Сообщения
- 1,480
- Баллы
- 155
Please find the previous class if you missed that . This week we looked at Linux Admin Essentials. Let’s dive in shall we?
Linux Administration Essentials
Linux powers the majority of web servers, enterprise systems, and cloud platforms worldwide. Its reliability, flexibility, and security make it the operating system of choice for businesses and developers alike. However, running Linux systems securely and efficiently requires mastering key components of administration.
In this article, we’ll explore four crucial topics: Systemd, Configuring Apache Service, CIS Security Benchmark, and Linux Firewall. Each one plays a vital role in system stability, application availability, and defense against threats.
1. Systemd: The Heart of Linux Services
Systemd is the default system and service manager in most modern Linux distributions (including Ubuntu, CentOS, Fedora, and Debian). It initializes the system during boot and manages services, daemons, and processes.
Key Features of Systemd:
Common Commands:
systemctl status ssh
sudo systemctl start nginx
sudo systemctl stop nginx
sudo systemctl enable apache2
Real-World Example:
A DevOps engineer managing a production server uses Systemd to ensure that Apache (the web server) restarts automatically after a reboot. Without Systemd, manual intervention would be required, increasing downtime risk.
2. Configuring Apache Service
Apache HTTP Server is one of the world’s most popular open-source web servers. Configuring it correctly ensures smooth delivery of web content.
Basic Apache Configuration Steps:
1. Installation (Ubuntu Example):
sudo apt update
sudo apt install apache2 -y
2. Start the Service:
sudo systemctl start apache2
sudo systemctl enable apache2
4. Check Status:
systemctl status apache2
5. Configuration Files: Located in /etc/apache2/.
Example Scenario:
If a company wants to host multiple websites on a single server, Apache can be configured with virtual hosts:
<VirtualHost *:80>
ServerName example.com
DocumentRoot /var/www/example
</VirtualHost>
This allows one server to serve different sites seamlessly.
3. CIS Security Benchmark
Security is non-negotiable in system administration. The Center for Internet Security (CIS) Security Benchmarks are a set of best practices for securing systems, including Linux.
Why CIS Matters:
Examples of CIS Recommendations for Linux:
Example Scenario:
A financial services company applies CIS benchmarks to its Linux servers. This ensures sensitive customer data is better protected from unauthorized access or attacks.
Tools like Lynis or OpenSCAP can be used to automate CIS compliance checks.
4. Linux Firewall
A firewall is essential for controlling network traffic and protecting systems from malicious access. In Linux, firewalls can be managed with iptables or the more modern firewalld.
Firewalld (Simpler for admins):
Example:
sudo firewall-cmd --zone=public --add-port=80/tcp --permanent
sudo firewall-cmd --reload
Opens port 80 (HTTP) permanently.
iptables (More advanced & granular):
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -j DROP
Real-World Example:
A company hosting an e-commerce platform may only allow ports 80/443 (web traffic) and 22 (SSH for admins). Blocking all other ports significantly reduces attack surface.
Mastering these concepts gives Linux administrators the tools to build reliable and secure systems.
Together, these skills form the backbone of effective Linux administration.
I am Ikoh Sylva a Cloud Computing Enthusiast with few months hands on experience on AWS. I’m currently documenting my Cloud journey here from a beginner’s perspective. If this sounds good to you kindly like and follow, also consider recommending this article to others who you think might also be starting out their cloud journeys to enable us learn and grow together.
You can also consider following me on social media below;
Linux Administration Essentials
Linux powers the majority of web servers, enterprise systems, and cloud platforms worldwide. Its reliability, flexibility, and security make it the operating system of choice for businesses and developers alike. However, running Linux systems securely and efficiently requires mastering key components of administration.
In this article, we’ll explore four crucial topics: Systemd, Configuring Apache Service, CIS Security Benchmark, and Linux Firewall. Each one plays a vital role in system stability, application availability, and defense against threats.
1. Systemd: The Heart of Linux Services
Systemd is the default system and service manager in most modern Linux distributions (including Ubuntu, CentOS, Fedora, and Debian). It initializes the system during boot and manages services, daemons, and processes.
Key Features of Systemd:
Manages services (start, stop, restart)
Handles logging through journald
Improves boot speed with parallel startup
Provides tools like systemctl
Common Commands:
- Check status of a service:
systemctl status ssh
- Start/Stop a service:
sudo systemctl start nginx
sudo systemctl stop nginx
- Enable a service at boot:
sudo systemctl enable apache2
Real-World Example:
A DevOps engineer managing a production server uses Systemd to ensure that Apache (the web server) restarts automatically after a reboot. Without Systemd, manual intervention would be required, increasing downtime risk.
2. Configuring Apache Service
Apache HTTP Server is one of the world’s most popular open-source web servers. Configuring it correctly ensures smooth delivery of web content.
Basic Apache Configuration Steps:
1. Installation (Ubuntu Example):
sudo apt update
sudo apt install apache2 -y
2. Start the Service:
sudo systemctl start apache2
- Enable at Boot:
sudo systemctl enable apache2
4. Check Status:
systemctl status apache2
5. Configuration Files: Located in /etc/apache2/.
sites-available/ → Virtual host configs
apache2.conf → Global settings
Example Scenario:
If a company wants to host multiple websites on a single server, Apache can be configured with virtual hosts:
<VirtualHost *:80>
ServerName example.com
DocumentRoot /var/www/example
</VirtualHost>
This allows one server to serve different sites seamlessly.
3. CIS Security Benchmark
Security is non-negotiable in system administration. The Center for Internet Security (CIS) Security Benchmarks are a set of best practices for securing systems, including Linux.
Why CIS Matters:
Provides industry-standard security guidance
Helps organizations comply with regulations (e.g., GDPR, HIPAA)
Reduces risk of breaches and misconfigurations
Examples of CIS Recommendations for Linux:
Disable unused services
Configure strong password policies
Enforce file permissions on critical files (e.g., /etc/passwd)
Enable auditing to monitor changes
Example Scenario:
A financial services company applies CIS benchmarks to its Linux servers. This ensures sensitive customer data is better protected from unauthorized access or attacks.
Tools like Lynis or OpenSCAP can be used to automate CIS compliance checks.
4. Linux Firewall
A firewall is essential for controlling network traffic and protecting systems from malicious access. In Linux, firewalls can be managed with iptables or the more modern firewalld.
Firewalld (Simpler for admins):
- Zones define trust levels (e.g., public, internal, dmz).
Example:
sudo firewall-cmd --zone=public --add-port=80/tcp --permanent
sudo firewall-cmd --reload
Opens port 80 (HTTP) permanently.
iptables (More advanced & granular):
- Example: Allow SSH and HTTP, block everything else:
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -j DROP
Real-World Example:
A company hosting an e-commerce platform may only allow ports 80/443 (web traffic) and 22 (SSH for admins). Blocking all other ports significantly reduces attack surface.
Mastering these concepts gives Linux administrators the tools to build reliable and secure systems.
Systemd ensures services run reliably.
Apache enables hosting web applications.
CIS benchmarks safeguard systems with best practices.
Firewalls protect against external threats.
Together, these skills form the backbone of effective Linux administration.
I am Ikoh Sylva a Cloud Computing Enthusiast with few months hands on experience on AWS. I’m currently documenting my Cloud journey here from a beginner’s perspective. If this sounds good to you kindly like and follow, also consider recommending this article to others who you think might also be starting out their cloud journeys to enable us learn and grow together.
You can also consider following me on social media below;