Linux Rhcsa Complete Re Exam

Rakesh Kumar Jangid's photo
Rakesh Kumar Jangid
·

84 min read

PROMPT: Assume you are an experienced Linux engineer with 20 years of experience. You will be given some inputs in the form of Linux topics and their subtopics. For each topic and subtopic, you need to provide the following output in below format:

• Theory:

• Interview Questions and Answers:

• Practical Questions and Answers:

Input is given below:

Imagine you are a seasoned content formatting editor with expertise in organizing and structuring technical documents. You have been provided with a comprehensive Microsoft Word document containing detailed notes on various Linux topics and subtopics. However, the current formatting and organization of the text are not up to the mark. Your task is to meticulously arrange and format the text to ensure it is well-structured, easy to navigate, and aesthetically pleasing. Please transform this document into a perfectly formatted and structured resource.

This is MS-Word file:

Links:

1. Input Output Redirection, Tee Command, vi vs vim:

  • Theory: In Linux, we can redirect the input and output of commands to and from files, and chain commands together using pipes (|). The tee command reads from standard input and writes to standard output and files. vi is a text editor in Linux, while vim is an improved version of vi with more features.

  • Interview Questions and Answers:

    • Q: What is the difference between vi and vim?

    • A: vim stands for Vi IMproved. It’s an implementation of the vi editor with many additional features, including syntax highlighting, comprehensive help, improved search, code folding, and more.

  • Practical Questions and Answers:

    • Q: How to save a file in vi or vim?

    • A: Press Esc and then type :wq to save and quit.

2. Man vs Pinfo Command:

  • Theory: man is a command to display the user manual of any command that we can run on the terminal. It provides a detailed view of the command. pinfo is a command that displays info pages in color.

  • Interview Questions and Answers:

    • Q: What is the difference between man and pinfo?

    • A: man displays the manual pages, while pinfo displays info documents. pinfo provides a more detailed and interactive documentation than man.

  • Practical Questions and Answers:

    • Q: How to get information about the ls command?

    • A: You can use either man ls or pinfo ls.

3. Head vs Tail:

  • Theory: head and tail are commands for outputting the beginning and end of files respectively.

  • Interview Questions and Answers:

    • Q: How to view the first 5 lines of a file using head?

    • A: head -n 5 filename.

  • Practical Questions and Answers:

    • Q: How to view the last 5 lines of a file using tail?

    • A: tail -n 5 filename.

4. Less vs More:

  • Theory: less and more are commands for viewing the contents of a file or output of a command in a page by page manner. less command is more powerful than more command because less allows backward navigation in the file but more doesn’t.

  • Interview Questions and Answers:

    • Q: What is the difference between less and more?

    • A: less allows backward navigation in the file but more doesn’t.

  • Practical Questions and Answers:

    • Q: How to open a file using less?

    • A: less filename.

5. Use of | symbol in Linux, how to use it:

  • Theory: The pipe (|) symbol in Linux is used to combine two or more commands, and in this, the output of one command acts as input to another command, and this command’s output may act as input to the next command and so on.

  • Interview Questions and Answers:

    • Q: How does the pipe (|) symbol work in Linux?

    • A: It takes the output of the command on the left and uses it as input for the command on the right.

  • Practical Questions and Answers:

    • Q: How to use the pipe symbol to combine commands?

    • A: command1 | command2. The output of command1 is used as the input for command2.

Linux

Explore

Sure, let’s go through each of the subtopics:

  1. Types of User

  2. Types of Shell

  3. Primary Group vs Supplementary Group

  4. UID and GID Range

    • Theory: In Linux, each user and group is identified by a unique ID. The User ID (UID) is a unique number assigned to each user, and the Group ID (GID) is a unique number assigned to each group. The UID and GID ranges can vary depending on the system configuration, but typically, system users and groups (like root) have UIDs and GIDs in the range of 0-999, and regular users and groups have UIDs and GIDs in the range of 1000 and above.

    • Interview Questions and Answers: An interview question might be “What is the significance of UID and GID in Linux and what are their typical ranges?” The answer would be similar to the theory explanation above.

    • Practical Questions and Answers: A practical question could be “How do you find the UID and GID of a user in Linux?” The answer would involve using the id command.

/etc/passwd, /etc/group, /etc/shadow, /etc/gshadow file format

  • Theory: These files are crucial for user management in Linux. /etc/passwd stores user account information. /etc/group contains group membership information. /etc/shadow stores encrypted user passwords, and /etc/gshadow holds group passwords.

  • Interview Questions and Answers:

    • Q: What is the purpose of the /etc/passwd file?

    • A: The /etc/passwd file stores essential information for each user account, including the username, user ID, group ID, home directory, shell, etc.

  • Practical Questions and Answers:

    • Q: How can you view the contents of the /etc/passwd file?

    • A: You can use the cat /etc/passwd command to view the contents of the file.

  1. How to gain sudo access

  • Theory: Sudo access allows a permitted user to execute a command as the superuser or another user. To grant sudo access, you need to add the user to the sudo group or specify privileges in the sudoers file.

  • Interview Questions and Answers:

    • Q: How can you give a user sudo privileges?

    • A: You can add the user to the sudo group using the command usermod -aG sudo username, or specify the user in the sudoers file with the visudo command.

  • Practical Questions and Answers:

    • Q: How can you check if a user has sudo access?

    • A: Run a command with sudo. If the user has sudo access, they will be asked for their password. If not, they will receive a message that they are not in the sudoers file.

3. How to configure password policy for a user and all new users

  • Theory: Password policies can be set in the /etc/login.defs file or by using the pam_pwquality.so module. Policies can include minimum length, complexity requirements, and password expiration.

  • Interview Questions and Answers:

    • Q: How can you enforce a minimum password length?

    • A: You can set a minimum password length in the /etc/login.defs file or by configuring the pam_pwquality.so module.

  • Practical Questions and Answers:

    • Q: How can you set a minimum password length of 10 characters?

    • A: Edit the /etc/pam.d/common-password file and add minlen=10 to the line with pam_pwquality.so.

4. How to change existing user’s information with usermod

  • Theory: The usermod command allows you to modify an existing user’s information, such as home directory, login name, and group membership.

  • Interview Questions and Answers:

    • Q: How can you change a user’s home directory using usermod?

    • A: Use the command usermod -d /new/home/dir username to change the user’s home directory.

  • Practical Questions and Answers:

    • Q: How can you add a user to a new group?

    • A: Use the command usermod -aG groupname username to add the user to a new group.

5. Check currently logged in user’s information

  • Theory: The whoami command shows the current user, and id displays the user’s UID, GID, and group memberships.

  • Interview Questions and Answers:

    • Q: How can you check the current user’s group memberships?

    • A: Use the id command to display the current user’s UID, GID, and groups.

  • Practical Questions and Answers:

    • Q: How can you find out who is currently logged in?

    • A: Use the whoami command to display the current user.

6. Check failed login attempt

  • Theory: Failed login attempts are logged in the /var/log/auth.log file. The lastb command shows the last failed login attempts.

  • Interview Questions and Answers:

    • Q: How can you check for failed login attempts?

    • A: You can use the lastb command or check the /var/log/auth.log file.

  • Practical Questions and Answers:

    • Q: How can you display the last five failed login attempts?

    • A: Use the command lastb | head -n 5 to display the last five failed login attempts.

Use of skeleton data

4. Permission:

  • Theory:

    • Types of Permission: In Linux, there are three types of permissions: read (r), write (w), and execute (x). These permissions can be set for three types of users: the file owner, the group members, and others.

    • rwx Permission Explanation and Meaning: rwx stands for read, write, and execute permissions. r allows the file to be read, w allows the file to be written or modified, and x allows the file to be executed.

    • How to Change Permission Symbolically and Numerically: Permissions can be changed using the chmod command. Symbolically, chmod u+x filename would give the user execute permission. Numerically, permissions are represented as a three-digit number, where each digit is the sum of r\=4, w\=2, x\=1. For example, chmod 755 filename sets read, write, execute for the user, and read and execute for the group and others.

    • How to Change Owner and Group Owner: The chown command is used to change the owner of a file/directory, and the chgrp command is used to change the group. For example, chown newowner filename and chgrp newgroup filename.

    • How File and Directory Get Default Permission [umask]: The umask command is used to determine the default permission set when a new file or directory is created. For example, a common umask value is 022, which gives the owner full permissions and only read and execute permissions to the group and others.

    • How to Change Umask Value Permanently for Particular User, All User, New User: The umask value can be changed permanently by adding a umask command to a shell startup file like ~/.bashrc or /etc/profile.

    • ACL (Access Control Lists): ACLs provide more granular permissions than the standard user/group/others system. They can be set for individual users or groups using the setfacl command, like setfacl -m u:username:rwx filename.

    • Default ACL and Clearing ACL Attributes: Default ACLs are used when new objects are created. They can be set with setfacl -d -m u:username:rwx dirname. All ACL attributes can be removed with setfacl -b filename.

    • Special Permissions (suid, sgid, stickybit): These permissions provide additional controls. SUID (s) allows a program to run as the owner, SGID (s) makes new files inherit the group of the directory, and the sticky bit (t) restricts deletion of files to the owner.

    • Linux Attributes and chattr/lsattr Commands: Linux supports extended file attributes like immutability. These can be changed with chattr and viewed with lsattr.

    • Giving Sudo Power and NOPASSWD Option: Users can be given sudo privileges by adding them to the /etc/sudoers file. The NOPASSWD option allows them to use sudo without entering their password.

  • Interview Questions and Answers:

    • Q: What does chmod 644 filename do?

    • A: It sets read and write permissions for the file owner, and only read permission for the group and others.

    • Q: How would you change the owner of a file?

    • A: I would use the chown command, like chown newowner filename.

    • Q: How would you give read and write permissions to a specific user using ACLs?

    • A: I would use the setfacl command, like setfacl -m u:username:rw filename.

    • Q: What does the sticky bit do and how would you set it?

    • A: The sticky bit restricts deletion of files in a directory to their owners. It can be set with chmod +t dirname.

  • Practical Questions and Answers:

    • Q: Write a command to give all permissions to the owner and only read and execute permissions to the group and others.

    • A: The command would be chmod 755 filename.

    • Q: How would you set the default permissions for new files to rw-rw-r--?

    • A: I would use the umask command with the value 022.

    • Q: Write a command to make a file immutable.

    • A: The command would be chattr +i filename.

    • Q: How would you give a user sudo privileges without a password? A: I would add a line to the /etc/sudoers file like username ALL=(ALL) NOPASSWD:ALL.

Topic: Process Management & Service

  1. PID and PPID

    • Theory: PID stands for Process IDentifier, a unique number that identifies a process in the system. PPID is the Parent Process IDentifier, the unique number of the process’s parent.

    • Interview Q&A:

      • Q: What are PID and PPID in Linux?

      • A: PID is the unique identifier for a running process, while PPID is the unique identifier for its parent process.

    • Practical Q&A:

      • Q: How can you find the PID and PPID of a process in Linux?

      • A: You can use the ps command to display PIDs and PPIDs. For example, ps -ef will display a full listing of all processes, including their PIDs and PPIDs.

  2. System Boot and Poweroff

    • Theory: The first process that starts when a Linux system boots is the init process with PID 1. When a Linux system powers off, the last process to shut down is typically also the init process.

    • Interview Q&A:

      • Q: Which process starts first and ends last during a Linux system’s lifecycle?

      • A: The init process is the first to start (with PID 1) and the last to end during a Linux system’s lifecycle.

    • Practical Q&A:

      • Q: How can you verify that the init process is the first to start and last to end on a Linux system?

      • A: You can use the ps command to check the status of the init process. For example, ps -p 1 will show you the status of the process with PID 1, which is typically the init process.

  3. Process Listing Commands

    • Theory: ps, top, and htop are commands used to display information about processes. ps provides a snapshot of current processes, top displays real-time information, and htop shows an interactive process viewer.

    • Interview Q&A:

      • Q: What are the differences between ps, top, and htop?

      • A: ps provides a static snapshot of current processes, top updates its display in real-time, and htop provides an interactive interface for process management.

    • Practical Q&A:

      • Q: How would you use ps, top, and htop to monitor processes on a Linux system?

      • A: ps -ef for a full listing of processes, top to monitor processes in real-time, and htop for an interactive view.

  4. Memory Usage

    • Theory: The free command in Linux is used to check memory usage, including used and available RAM.

    • Interview Q&A:

      • Q: How can you check memory usage on a Linux system?

      • A: You can use the free command to display the amount of free and used memory on your system.

    • Practical Q&A:

      • Q: Show me how to check the amount of free RAM on a Linux system.

      • A: You can use the command free -h to display memory usage in a human-readable format.

  5. Process Signals

    • Theory: Signals are software interrupts that provide a way to handle asynchronous events. For example, the SIGKILL signal forces a process to terminate immediately.

    • Interview Q&A:

      • Q: What are process signals in Linux and give some examples?

      • A: Process signals are software interrupts for handling events. Examples include SIGKILL for terminating a process and SIGSTOP for pausing a process.

    • Practical Q&A:

      • Q: How would you send a SIGKILL signal to a process with PID 123?

      • A: You can use the command kill -9 123 to send a SIGKILL signal to the process.

  6. HANGUP Signal

    • Theory: The SIGHUP (hangup) signal is sent to a process when its controlling terminal is closed. It was originally designed to notify the process that the user had disconnected, but is often used to instruct processes to reload their configuration files.

    • Interview Q&A:

      • Q: What is the SIGHUP signal and when is it used?

      • A: SIGHUP is a signal sent to a process when its controlling terminal is closed. It’s often used to instruct processes to reload configuration files.

    • Practical Q&A:

      • Q: How would you send a SIGHUP signal to a process with PID 123?

      • A: You can use the command kill -HUP 123 to send a SIGHUP signal to the process.

  7. Passing Signals

    • Theory: The kill command is used to send signals to processes. You can specify the signal either by name (e.g., -HUP) or by number (e.g., -1).

    • Interview Q&A:

      • Q: How can you send a signal to a process in Linux?

      • A: You can use the kill command followed by the signal name or number and the PID of the process.

    • Practical Q&A:

      • Q: How would you send a SIGSTOP signal to a process with PID 123?

      • A: You can use the command kill -STOP 123 to send a SIGSTOP signal to the process.

  8. PID and PPID

    • Theory: PID stands for Process IDentifier, a unique number that identifies a process in the system. PPID is the Parent Process IDentifier, the unique number of the process’s parent.

    • Interview Q&A:

      • Q: What are PID and PPID in Linux?

      • A: PID is the unique identifier for a running process, while PPID is the unique identifier for its parent process.

    • Practical Q&A:

      • Q: How can you find the PID and PPID of a process in Linux?

      • A: You can use the ps command to display PIDs and PPIDs. For example, ps -ef will display a full listing of all processes, including their PIDs and PPIDs.

  9. Process State Types

    • Theory: Linux processes can be in one of several states: Running, Sleeping, Stopped, Zombie, or Uninterruptible sleep.

    • Interview Q&A:

      • Q: What are the different states a process can be in Linux?

      • A: A process in Linux can be in one of several states: Running, Sleeping, Stopped, Zombie, or Uninterruptible sleep.

    • Practical Q&A:

      • Q: How can you determine the state of a process in Linux?

      • A: You can use the ps command with the -l option to display process state information.

  10. Zombie State

    • Theory: A Zombie process is a process that has completed execution but still has an entry in the process table.

    • Interview Q&A:

      • Q: What is a Zombie process in Linux?

      • A: A Zombie process in Linux is a process that has completed execution but still has an entry in the process table.

    • Practical Q&A:

      • Q: How can you find Zombie processes in Linux?

      • A: You can use the ps command with the -l option and look for processes with a state of Z.

  11. Load Average and CPU Load

    • Theory: Load average is a measure of the amount of computational work that a computer system performs. CPU load is a measure of the amount of computational work that a computer’s processor performs.

    • Interview Q&A:

      • Q: What are load average and CPU load in Linux?

      • A: Load average is a measure of system activity over time, while CPU load is a measure of the utilization of the computer’s processor.

    • Practical Q&A:

      • Q: How can you check the load average and CPU load in Linux?

      • A: You can use the uptime command to check the load average, and the top command to check the CPU load.

  12. Jobs, bg, and fg Commands

    • Theory: jobs is used to list the jobs running in the background, bg resumes suspended jobs in the background, and fg brings a job to the foreground.

    • Interview Q&A:

      • Q: What are the jobs, bg, and fg commands in Linux?

      • A: jobs lists the jobs running in the background, bg resumes suspended jobs in the background, and fg brings a job to the foreground.

    • Practical Q&A:

      • Q: How would you use the jobs, bg, and fg commands in Linux?

      • A: You can use jobs to list background jobs, bg %jobid to resume a job in the background, and fg %jobid to bring a job to the foreground.

  13. Starting a Process in the Background

    • Theory: In Linux, you can start a process in the background by appending an ampersand (&) to the command.

    • Interview Q&A:

      • Q: How can you start a process in the background in Linux?

      • A: In Linux, you can start a process in the background by appending an ampersand (&) to the command.

    • Practical Q&A:

      • Q: Show me how to start a process in the background in Linux.

      • A: To start a process in the background, append an ampersand to the command. For example, command &.

  14. ps vs top

    • Theory: ps provides a snapshot of current processes, while top displays real-time information about the system.

    • Interview Q&A:

      • Q: What are the differences between ps and top?

      • A: ps provides a static snapshot of current processes, while top updates its display in real-time.

    • Practical Q&A:

      • Q: How would you use ps and top to monitor processes on a Linux system?

      • A: ps -ef for a full listing of processes, top to monitor processes in real-time.

  15. Process Priority and Nice Value

    • Theory: Process priority in Linux is determined by a process’s nice value. The nice value ranges from -20 (highest priority) to 19 (lowest priority). The default nice value for processes is 0.

    • Interview Q&A:

      • Q: What are process priority and nice value in Linux?

      • A: Process priority in Linux is determined by a process’s nice value, which ranges from -20 (highest priority) to 19 (lowest priority). The default nice value is 0.

    • Practical Q&A:

      • Q: How can you check and change the nice value of a process in Linux?

      • A: You can use the top command to check the nice value of a process, and the renice command to change it. For example, renice +5 123 would increase the nice value of the process with PID 123 by 5.

5. Process Management & Service:

  • How to modify process nice value for existing and new process

    • Theory: The nice value of a process in Linux determines the priority of the process. A lower nice value means higher priority. The renice command is used to change the nice value of an existing process, while the nice command is used when starting a new process.

    • Interview Questions and Answers:

      • Q: How do you change the nice value of an existing process?

      • A: You can use the renice command followed by the new nice value and the Process ID (PID).

      • Q: How do you start a new process with a specific nice value?

      • A: You can use the nice command followed by the nice value and the command to start the new process.

    • Practical Questions and Answers:

      • Q: How would you change the nice value of a process with PID 1234 to 10?

      • A: You would use the command renice 10 -p 1234.

      • Q: How would you start a new instance of the top command with a nice value of 5?

      • A: You would use the command nice -n 5 top.

  • What is daemons, how to manage service unit in Linux

    • Theory: A daemon is a background process that is designed to run autonomously, with little or not user intervention. The systemctl command is used to manage service units in Linux.

    • Interview Questions and Answers:

      • Q: What is a daemon in Linux?

      • A: A daemon is a background process that runs autonomously, often providing or helping to provide a specific service.

      • Q: How do you start a service in Linux?

      • A: You can use the systemctl start command followed by the name of the service.

    • Practical Questions and Answers:

      • Q: How would you start the httpd service?

      • A: You would use the command systemctl start httpd.

      • Q: How would you enable the httpd service to start on boot?

      • A: You would use the command systemctl enable httpd.

  • Difference between restart and reload a service

    • Theory: Restarting a service stops it and then starts it again, which can interrupt connections. Reloading a service just reloads its configuration file, without interrupting connections.

    • Interview Questions and Answers:

      • Q: What is the difference between service restart and reload?

      • A: Restarting a service stops it and then starts it again, interrupting connections. Reloading a service just reloads its configuration file, without interrupting connections.

    • Practical Questions and Answers:

      • Q: How to restart and reload a service in Linux?

      • A: Use systemctl restart servicename to restart a service and systemctl reload servicename to reload a service.

  • How to start a service at boot time

    • Theory: To start a service at boot time in Linux, you can enable the service using the systemctl command.

    • Interview Questions and Answers:

      • Q: How can you start a service at boot time in Linux?

      • A: You can enable the service using the systemctl command like systemctl enable servicename.

    • Practical Questions and Answers:

      • Q: How to enable the apache2 service to start at boot time?

      • A: Use the command systemctl enable apache2.

  • What mask and unmask in systemctl command

    • Theory: The mask command in systemctl links the service to /dev/null, preventing the service from being started. The unmask command undoes the masking.

    • Interview Questions and Answers:

      • Q: What do the mask and unmask commands do in systemctl?

      • A: The mask command prevents the service from being started, even manually. The unmask command undoes the masking.

    • Practical Questions and Answers:

      • Q: How to mask and unmask the apache2 service?

      • A: Use systemctl mask apache2 to mask the service and systemctl unmask apache2 to unmask it.

  • Which process signal is used when we reload a service

    • Theory: The SIGHUP signal is often used to reload a service.

    • Interview Questions and Answers:

      • Q: Which signal is used to reload a service in Linux?

      • A: The SIGHUP signal is often used to reload a service.

    • Practical Questions and Answers:

      • Q: How to send a SIGHUP signal to a process?

      • A: Use the command kill -SIGHUP pid.

  • What is the location of service unit file

    • Theory: Service unit files are typically located in /etc/systemd/system or /usr/lib/systemd/system.

    • Interview Questions and Answers:

      • Q: Where are service unit files located in Linux?

      • A: Service unit files are typically located in /etc/systemd/system or /usr/lib/systemd/system.

    • Practical Questions and Answers:

      • Q: How to view the unit file of the apache2 service?

      • A: Use the command systemctl cat apache2.

  • pkill command uses, killall command uses, pidof and pgrep command uses

    • Theory: pkill sends a signal to processes matching a pattern. killall sends a signal to all instances of a particular program. pidof finds the process ID of a running program. pgrep finds processes based on name and other attributes.

    • Interview Questions and Answers:

      • Q: What are the uses of pkill, killall, pidof, and pgrep commands in Linux?

      • A: pkill sends a signal to processes matching a pattern. killall sends a signal to all instances of a particular program. pidof finds the process ID of a running program. pgrep finds processes based on name and other attributes.

    • Practical Questions and Answers:

      • Q: How to kill all instances of the apache2 program?

      • A: Use the command killall apache2.

  • How to check process tree

    • Theory: The pstree command is used to display a tree of processes.

    • Interview Questions and Answers:

      • Q: How can you check the process tree in Linux?

      • A: You can use the pstree command to check the process tree.

    • Practical Questions and Answers:

      • Q: How to display a tree of processes in Linux?

      • A: Use the command pstree.

1. What is SSH, what is the use of SSH, how SSH is different from Telnet

  • Theory: SSH (Secure Shell) is a protocol used to securely log onto remote systems. It can be used for secure data communication, remote command execution, and network services. SSH provides strong host-to-host and user authentication as well as secure encrypted communications over the internet. Unlike Telnet, which sends data in plain text, SSH is secure because it uses various forms of encryption to protect the data in transit.

  • Interview Questions and Answers:

    • Q: What is SSH and why is it used?

    • A: SSH, or Secure Shell, is a protocol used to securely log onto remote systems. It is most commonly used for remote command execution and secure data communication. It provides strong encryption for data in transit, ensuring that the data is secure and private.

    • Q: How is SSH different from Telnet?

    • A: The main difference between SSH and Telnet is security. Telnet sends data in plain text which makes it vulnerable to interception. On the other hand, SSH provides strong encryption, ensuring that the data is secure and private during transit.

  • Practical Questions and Answers:

    • Q: How can you log into a remote server using SSH?

    • A: You can use the ssh command followed by the username and IP address of the remote server. For example, ssh user@192.168.1.1.

2. How to configure SSH server, SSH port number

  1. How to restrict user from login using SSH, how to restrict root login via SSH

  2. How to allow or block SSH login from a specific network

  3. How to change default SSH port

  4. What is SSH tunneling

  1. Location where all the logs are stored

    • Theory: In Linux, system logs are typically stored in the /var/log directory.

    • Interview Questions and Answers:

      • Q: Where are system logs stored in Linux?

      • A: System logs in Linux are typically stored in the /var/log directory.

    • Practical Questions and Answers:

      • Q: How can you list all the log files in a Linux system?

      • A: You can use the command ls /var/log to list all the log files.

  2. How to read log files, which command to use

    • Theory: The cat, less, more, and tail commands are commonly used to read log files in Linux.

    • Interview Questions and Answers:

      • Q: Which commands can be used to read log files in Linux?

      • A: The cat, less, more, and tail commands can be used to read log files in Linux.

    • Practical Questions and Answers:

      • Q: How can you display the contents of a log file named syslog?

      • A: You can use the command cat /var/log/syslog to display the contents of the syslog file.

  3. How to monitor live logs from a file

    • Theory: The tail -f command is used to monitor live logs from a file in Linux.

    • Interview Questions and Answers:

      • Q: How can you monitor live logs from a file in Linux?

      • A: You can use the tail -f command followed by the filename to monitor live logs from a file in Linux.

    • Practical Questions and Answers:

      • Q: How can you monitor live logs from the syslog file?

      • A: You can use the command tail -f /var/log/syslog to monitor live logs from the syslog file.

  4. In which file all the authentication logs and booting logs are stored

    • Theory: Authentication logs are typically stored in the auth.log file and booting logs are stored in the boot.log file in the /var/log directory.

    • Interview Questions and Answers:

      • Q: Where are authentication logs and booting logs stored in Linux?

      • A: Authentication logs are typically stored in the auth.log file and booting logs are stored in the boot.log file in the /var/log directory.

    • Practical Questions and Answers:

      • Q: How can you display the contents of the auth.log and boot.log files?

      • A: You can use the commands cat /var/log/auth.log and cat /var/log/boot.log to display the contents of the auth.log and boot.log files respectively.

  5. What is syslog, what is rsyslog, what is system journal

    • Theory: syslog is a standard for message logging, rsyslog is a rocket-fast system for log processing, and system journal or journald is a system service for collecting and storing logs.

    • Interview Questions and Answers:

      • Q: What are syslog, rsyslog, and system journal?

      • A: syslog is a standard for message logging, rsyslog is a rocket-fast system for log processing, and system journal or journald is a system service for collecting and storing logs.

    • Practical Questions and Answers:

      • Q: How can you display the status of the rsyslog service?

      • A: You can use the command systemctl status rsyslog to display the status of the rsyslog service.

  6. What is the work of systemd-journald service

    • Theory: The systemd-journald service is responsible for collecting and storing log data, making it easier to manage logs in a centralized way.

    • Interview Questions and Answers:

      • Q: What is the role of the systemd-journald service?

      • A: The systemd-journald service is responsible for collecting and storing log data, making it easier to manage logs in a centralized way.

    • Practical Questions and Answers:

      • Q: How can you display the status of the systemd-journald service?

      • A: You can use the command systemctl status systemd-journald to display the status of the systemd-journald service.

  7. Location where system journal are stored

  8. How to check system journals

  9. How to store system journal persistently

  10. In which file all the audit logs are stored

  11. What is auditing?

  12. Best practices to audit Linux OS

1. IP Address Classes, How to Check IP Address Class, How to Check Public and Private IP

  • Theory: IP addresses are divided into five classes (A, B, C, D, E) based on the first octet value. The ifconfig or ip addr command can be used to check the IP address class in Linux. Public IPs are globally unique and are assigned by the ISP, while private IPs are used within local area networks.

  • Interview Questions and Answers:

    • Q: What are the ranges for Class A, B, and C in IP addressing?

    • A: Class A: 1.0.0.0 to 126.0.0.0, Class B: 128.0.0.0 to 191.255.0.0, Class C: 192.0.0.0 to 223.255.255.0

  • Practical Questions and Answers:

    • Q: How to check your IP address in Linux?

    • A: Use the command ifconfig or ip addr.

2. Gateway, CIDR, Subnetting, Broadcast Address

  • Theory: The gateway is an access point to another network. CIDR (Classless Inter-Domain Routing) is a method for allocating IP addresses and routing Internet Protocol packets. Subnetting is the practice of dividing a network into two or more networks. Broadcast addresses are used to send data to all devices in a network.

  • Interview Questions and Answers:

    • Q: What is the purpose of a subnet mask?

    • A: A subnet mask is used to divide an IP address into two parts, one for the network address and one for the host address.

  • Practical Questions and Answers:

    • Q: How to determine the broadcast address of a network?

    • A: The broadcast address is the last address in the IP range. For example, for the network 192.168.1.0/24, the broadcast address is 192.168.1.255.

1. Switch vs Router

2. TCP vs UDP

3. Ports and Sockets

Server-Client Model

Sure, let’s start with the first topic: netstat.

netstat

• Theory: The netstat command is a network statistics tool used to display network connections for TCP, routing tables, and a number of network interface and network protocol statistics1. It is available on Unix-like operating systems and also on IBM Windows NT-based operating systems1. It is used for finding problems in the network and to determine the amount of traffic on the network as a performance measurement1.

• Interview Questions and Answers: 1. What is the netstat command used for? - Answer: The netstat command is used to display network connections, routing tables, interface statistics, masquerade connections, and multicast memberships2. 2. What is the replacement for netstat in Linux? - Answer: On Linux, netstat (part of “net-tools”) is superseded by ss (part of iproute2)2.

• Practical Questions and Answers: 1. How to display all active connections using netstat? - Answer: You can use the command netstat -a to display all active connections2. 2. How to display only listening connections using netstat? - Answer: You can use the command netstat -l to display only listening connections2.

nslookup

• Theory: nslookup is a network administration command-line tool available in many computer operating systems for querying the Domain Name System (DNS) to obtain domain name or IP address mapping, or other DNS records3.

• Interview Questions and Answers: 1. What is nslookup used for? - Answer: nslookup is used to query the Domain Name System (DNS) to obtain domain name or IP address mapping, or other DNS records4. 2. How does nslookup work? - Answer: nslookup sends a DNS query to your ISP’s DNS servers. The servers look up the hostname in their DNS records and return the corresponding IP address4.

• Practical Questions and Answers: 1. How to use nslookup to find the IP address of a website? - Answer: You can use the command nslookup website.com to find the IP address of a website5. 2. How to use nslookup for reverse DNS lookup? - Answer: You can use the command nslookup IP_address for reverse DNS lookup5.

What is the ifconfig command used for? The ifconfig command in Linux is used to configure the kernel-resident network interfaces. It is used at boot time to set up the interfaces as necessary. After that, it is usually used when needed during debugging or when you need system tuning1.

What is the nmcli command used for? nmcli is a command-line tool used for controlling NetworkManager and reporting network status. It can be used to create, display, edit, delete, activate, and deactivate network connections, as well as control and display network device status1.

What is the traceroute command used for? traceroute is a command-line utility that shows the complete route to a destination address. It also shows the time taken (or delays) between intermediate routers2.

What is the route command used for? The route command in Linux is used for managing the IP/kernel routing table. It allows displaying, adding, deleting, and modifying routing table entries3.

Why does traceroute show 3 packets with 3 different types of ms value on every hop? traceroute discovery actually makes three attempts for each TTL value to find out intermediate router hops. This allows to see if there are some alternative next-hops in the path4.

How does route command work? The route command works by managing the IP/kernel routing table. It allows displaying, adding, deleting, and modifying routing table entries. The command is useful for tasks such as setting up static routes, adding a default gateway, rejecting routing to specific hosts/networks, and accessing detailed routing information3.

How does nmcli command work? nmcli is a command-line tool used for controlling NetworkManager and reporting network status. It can be used to create, display, edit, delete, activate, and deactivate network connections, as well as control and display network device status1.

How does ifconfig command work? The ifconfig command in Linux is used to configure the kernel-resident network interfaces. It is used at boot time to set up the interfaces as necessary. After that, it is usually used when needed during debugging or when you need system tuning1.

1. Use of /etc/hosts file

2. Use of /etc/resolv.conf file

3. What is nameserver in /etc/resolv.conf

Backup:

Zip and Unzip Command, Tar Command, Compression Method with Tar:

Popular Backup Tools:

Transfer Data Between Linux Hosts:

Scp vs Rsync:

  1. Package Management in Linux

  2. Package Manager for Debian based distribution and RHEL based distribution

  3. Query for Packages Using RPM, RPM Database Overview

  4. RPM vs YUM, Repository, YUM Server and YUM Client

  5. Configure YUM Client, Repodata, GPGCheck and GPGKey

  6. Modules and Modularity in RHEL 8

    • Theory: Modules in RHEL 8 provide a way to deploy applications in different versions, each with its own set of dependencies. Modularity allows for the coexistence of different versions of the same software on the same system.

    • Interview Questions and Answers:

      • Q: What is modularity in RHEL 8?

      • A: Modularity in RHEL 8 allows for the coexistence of different versions of the same software on the same system, each with its own set of dependencies.

    • Practical Questions and Answers:

      • Q: How would you list all available modules for a package in RHEL 8?

      • A: You can list all available modules for a package in RHEL 8 with the command dnf module list <package-name>.

  7. Why DNF is Better Than YUM

  8. Patching

    • Theory: Patching is the process of applying updates to software packages to improve security, fix bugs, or add features.

    • Interview Questions and Answers:

      • Q: What is patching in the context of Linux?

      • A: Patching in the context of Linux is the process of applying updates to software packages to improve security, fix bugs, or add features.

    • Practical Questions and Answers:

      • Q: How would you apply all available updates to a system using YUM?

      • A: You can apply all available updates to a system using YUM with the command yum update.

  9. Updating and Patching Practical

    • Theory: Updating and patching in Linux involves using a package manager like YUM or DNF to apply updates or patches to installed software packages.

    • Practical Questions and Answers:

      • Q: How would you update a specific package using YUM?

      • A: You can update a specific package using YUM with the command yum update <package-name>.

  10. Kernel Patching and Upgrade

    • Theory: Kernel patching involves applying updates to the Linux kernel, often for security fixes or performance improvements. Upgrading the kernel involves installing a newer version of the kernel.

    • Interview Questions and Answers:

      • Q: What is kernel patching and upgrading in Linux?

      • A: Kernel patching involves applying updates to the Linux kernel, often for security fixes or performance improvements. Upgrading the kernel involves installing a newer version of the kernel.

    • Practical Questions and Answers:

      • Q: How would you upgrade the kernel using YUM?

      • A: You can upgrade the kernel using YUM with the command yum update kernel.

1. Why we use cronjob scheduling

  • Theory: Cron is a time-based job scheduler in Unix-like operating systems. Users can schedule jobs (commands or scripts) to run at specific times or on specific days. It is commonly used for system maintenance tasks, such as log rotation, system updates, or backups.

  • Interview Questions and Answers:

    • Q: Why is cronjob scheduling important in Linux?

    • A: Cronjob scheduling is important as it allows users to automate system maintenance or administration tasks, ensuring they are performed consistently and without manual intervention.

  • Practical Questions and Answers:

    • Q: How would you use a cron job to run a script every day at 3 am?

    • A: You would add the following line to your crontab file: 0 3 * * * /path/to/script.sh

2. How to schedule a cronjob, what is the syntax for crontab file

  • Theory: Cron jobs are scheduled using the crontab command. The syntax of a cron job is: [Minute] [Hour] [Day_of_Month] [Month_of_Year] [Day_of_Week] [Command].

  • Interview Questions and Answers:

    • Q: How do you schedule a cron job to run a script every Monday at 5 pm?

    • A: You would add the following line to your crontab file: 0 17 * * 1 /path/to/script.sh

  • Practical Questions and Answers:

    • Q: How would you schedule a cron job to run a script on the first day of every month?

    • A: You would add the following line to your crontab file: 0 0 1 * * /path/to/script.sh

3. /etc/cron.d, /etc/cron.hourly, /etc/cron.daily, /etc/cron.weekly directory

  • Theory: These directories contain scripts that are run on a regular schedule. Scripts in /etc/cron.hourly are run every hour, scripts in /etc/cron.daily are run once a day, and so on.

  • Interview Questions and Answers:

    • Q: What is the purpose of the /etc/cron.daily directory?

    • A: The /etc/cron.daily directory contains scripts that are run once a day.

  • Practical Questions and Answers:

    • Q: How would you schedule a script to run once a week?

    • A: You would place the script in the /etc/cron.weekly directory.

4. How to allow or deny a user to schedule cronjob

  • Theory: The files /etc/cron.allow and /etc/cron.deny can be used to control which users can use cron. If cron.allow exists, only users listed in it can use cron. If cron.allow does not exist but cron.deny does, all users can use cron except those listed in cron.deny.

  • Interview Questions and Answers:

    • Q: How would you prevent a user from scheduling cron jobs?

    • A: You would add the user’s name to the /etc/cron.deny file.

  • Practical Questions and Answers:

    • Q: How would you allow only a specific user to schedule cron jobs?

    • A: You would create a /etc/cron.allow file containing only that user’s name.

5. Where all the cronjob logs are stored and which service trigger scheduled cronjob

  • Theory: By default, cron job output is mailed to the user who scheduled the job. If you want to log output to a file, you can redirect it in the crontab entry. The cron daemon triggers scheduled cron jobs.

  • Interview Questions and Answers:

    • Q: Where are cron job logs stored?

    • A: By default, cron job output is mailed to the user. To store logs in a file, you can redirect output in the crontab entry.

  • Practical Questions and Answers:

    • Q: How would you schedule a cron job to run a script every day and log output to a file?

    • A: You would add the following line to your crontab file: 0 0 * * * /path/to/script.sh > /path/to/logfile

1. DAS vs NAS vs SAN and the benefits of partitioning:

  • Theory:

    • DAS (Direct Attached Storage) is digital storage directly attached to the computer accessing it, without a network in between.

    • NAS (Network Attached Storage) is a file-level data storage server connected to a network providing data access to clients.

    • SAN (Storage Area Network) is a network providing access to consolidated block-level data storage.

    • Partitioning helps in improving system performance, provides better data organization, and enables multi-boot setups.

  • Interview Questions and Answers:

    • Q: What are the key differences between DAS, NAS, and SAN?

    • A: DAS is directly attached to a computer, NAS is a file-level data storage server connected to a network, and SAN is a network providing access to consolidated block-level data storage.

    • Q: What are the benefits of partitioning?

    • A: Partitioning can improve system performance, provide better data organization, and enable multi-boot setups.

  • Practical Questions and Answers:

    • Q: How would you decide when to use DAS, NAS, or SAN in a given scenario?

    • A: The choice depends on the specific data storage and access requirements of the scenario. DAS could be used for simple, cost-effective storage, NAS for file sharing over a network, and SAN for high-performance, block-level storage.

2. MBR vs GPT, parted and fdisk command, how to create a partition:

  • Theory:

    • MBR (Master Boot Record) and GPT (GUID Partition Table) are two different ways of storing partitioning information on a drive.

    • fdisk and parted are two command-line utilities for disk partitioning.

    • To create a partition, you can use the fdisk or parted command followed by the device name.

  • Interview Questions and Answers:

    • Q: What are the differences between MBR and GPT?

    • A: MBR supports up to 4 primary partitions, while GPT supports up to 128 primary partitions. MBR cannot handle disks above 2TB, while GPT can handle disks of much larger size.

    • Q: How would you create a partition using the fdisk command?

    • A: You can create a partition using fdisk by typing fdisk /dev/sdX (replace X with the drive letter), then use the n command to create a new partition.

  • Practical Questions and Answers:

    • Q: How would you create a 1GB partition on a disk using parted?

    • A: You can do this by typing parted /dev/sdX mkpart primary ext4 1MiB 1GiB (replace X with the drive letter).

3. Most used filesystem in Linux, ext3 vs ext4 filesystem, ext4 vs xfs filesystem:

  • Theory:

    • The most commonly used filesystem in Linux is ext4.

    • ext4 is an improvement over ext3 with new features like support for larger file sizes and volumes.

    • xfs is a high-performance filesystem with excellent support for large files and filesystems, but unlike ext4, it doesn’t support filesystem shrinking.

  • Interview Questions and Answers:

    • Q: What are the differences between ext3 and ext4 filesystems?

    • A: ext4 is an improvement over ext3 with new features like support for larger file sizes and volumes, and improved performance and reliability.

    • Q: How does ext4 compare to xfs?

    • A: xfs is a high-performance filesystem with excellent support for large files and filesystems. Unlike ext4, it doesn’t support filesystem shrinking.

  • Practical Questions and Answers:

    • Q: How would you create an ext4 filesystem on a partition?

    • A: You can create an ext4 filesystem by typing mkfs.ext4 /dev/sdXY (replace X with the drive letter and Y with the partition number).

4. How to format partition with filesystem, mount command understanding with some options:

14–>> Booting:

  • Explain the boot process of Linux OS

    • Theory: The Linux boot process consists of several stages including BIOS, MBR, GRUB, Kernel, Init, Runlevel/Target. Each stage has a specific role in getting the system up and running.

    • Interview Questions and Answers:

      • Q: Can you explain the boot process of a Linux system?

      • A: The boot process of a Linux system involves several stages. It starts with the BIOS (Basic Input Output System), which initializes the hardware and checks for bootable media. The MBR (Master Boot Record) then loads the GRUB (Grand Unified Bootloader). GRUB locates the kernel, loads it into memory, and then control is passed to the kernel. The kernel initializes the system and mounts the root file system. The Init process then starts, which sets the runlevel or target and starts the corresponding services.

    • Practical Questions and Answers:

      • Q: How can you check the current runlevel of your system?

      • A: You can use the runlevel command to check the current runlevel of your system.

  • What is run level, what is target

    • Theory: A runlevel is a mode of operation in the Linux operating system. Linux traditionally uses seven runlevels. A target is a similar concept used in systemd, which replaced the init system in many Linux distributions.

    • Interview Questions and Answers:

      • Q: What is the difference between a runlevel and a target?

      • A: A runlevel is a mode of operation in the Linux operating system. Linux traditionally uses seven runlevels. A target is a similar concept used in systemd, which replaced the init system in many Linux distributions.

    • Practical Questions and Answers:

      • Q: How can you change the default runlevel or target of your system?

      • A: You can use the systemctl set-default command to change the default target of your system.

  • How to resolve fstab issue at boot time

    • Theory: The /etc/fstab file contains information about filesystems on the system. If there’s an error in this file, it can cause issues at boot time. To resolve these issues, you would need to boot into a rescue or single-user mode and correct the errors in the /etc/fstab file.

    • Interview Questions and Answers:

      • Q: How would you resolve an issue with the /etc/fstab file that is preventing the system from booting?

      • A: To resolve an issue with the /etc/fstab file, I would boot the system into rescue or single-user mode, then open the /etc/fstab file in a text editor, correct any errors, and then reboot the system.

    • Practical Questions and Answers:

      • Q: How can you check the syntax of the /etc/fstab file without rebooting the system?

      • A: You can use the mount -a command to mount all filesystems listed in /etc/fstab. This can help you catch any syntax errors before they cause issues at boot time.

  • How to reset root password in RHEL7, RHEL8, RHEL9

    • Theory: To reset the root password in RHEL, you would need to boot into single-user mode or emergency mode, mount the root filesystem, then use the passwd command to change the root password.

    • Interview Questions and Answers:

      • Q: How would you reset the root password in RHEL?

      • A: To reset the root password in RHEL, I would reboot the system and interrupt the boot process to enter the boot menu. Then, I would append rd.break or single to the kernel line for single-user mode or systemd.unit=rescue.target or systemd.unit=emergency.target for emergency mode, then remount the root filesystem with read-write permissions using mount -o remount,rw /sysroot, chroot into the /sysroot directory, and then use the passwd command to change the root password.

    • Practical Questions and Answers:

      • Q: How can you ensure the SELinux context is correct after changing the root password?

      • A: After changing the root password, you can use the touch /.autorelabel command to ensure the SELinux context is correct. This will cause the system to relabel the filesystem for SELinux on the next reboot.