Linux System Administration Best Practices

As a Linux system administrator, your role involves maintaining the stability, security, and performance of the systems you manage. Whether you’re working on Ubuntu, CentOS, or any other Linux distribution, following best practices is essential for ensuring that your systems run efficiently and securely. In this blog post, we’ll discuss key best practices in Linux system administration, along with a handy cheatsheet of common commands for both Ubuntu and CentOS.

1. Keep the System Updated

Security vulnerabilities are constantly being discovered, and one of the most critical tasks for a system admin is to ensure that the system is always up to date. Regularly update your system to apply the latest security patches, kernel updates, and software upgrades.

• Ubuntu: sudo apt update && sudo apt upgrade -y
• CentOS: sudo yum update -y

2. Use Strong Password Policies

Weak passwords can be an entry point for unauthorized access. Enforce strong password policies, such as requiring a combination of letters, numbers, and symbols, and setting up password expiration rules.

• Ubuntu: Configure /etc/pam.d/common-password and /etc/login.defs
• CentOS: Configure /etc/pam.d/system-auth and /etc/login.defs

3. Automate with Scripts and Cron Jobs

To streamline repetitive tasks, such as backups, log rotation, or system checks, use shell scripts and cron jobs. Automating these tasks reduces manual intervention and minimizes the risk of human error.

• Cron Job Example: crontab -e
  • Schedule a script to run every day at midnight:

0 0 * * * /path/to/script.sh

4. Monitor System Performance and Logs

Monitoring system performance and analyzing logs is essential for proactive troubleshooting and avoiding potential problems. Tools like htop, dstat, and log analysis utilities (journalctl, logwatch) are very useful for gaining insights into system performance.

• System Monitoring Tools:
  • htop: Interactive process viewer.
  • iostat: Monitor CPU and I/O performance.
  • journalctl: View and filter system logs.

5. Set Up Proper File and Directory Permissions

Misconfigured file permissions can expose sensitive data or grant unauthorized access. Always use the least privilege principle and set proper permissions for files and directories. Be mindful of using commands like chmod and chown to avoid exposing sensitive files.

• Check Permissions: ls -l
• Set Permissions: chmod 750 /path/to/file
• Change Ownership: chown user:group /path/to/file

6. Backup Regularly

Data loss can be catastrophic, so regular backups are crucial. Use tools like rsync, tar, and cloud storage solutions to schedule automatic backups. Ensure that your backups are stored securely, and regularly test them to verify data integrity.

• Basic Backup with Tar:
  • tar -cvpzf backup.tar.gz /directory/to/backup
• Rsync Example:
  • rsync -avz /source/directory/ /backup/directory/

7. Use SSH for Secure Remote Access

SSH is a secure protocol for remote access and management of Linux servers. Make sure to disable root login, use strong SSH keys, and configure firewall rules to limit access.

• Disable Root Login: Edit /etc/ssh/sshd_config and set PermitRootLogin no.
• Generate SSH Keys: ssh-keygen -t rsa -b 4096

8. Enable and Configure a Firewall

Firewalls protect your system by filtering unwanted traffic. Use tools like UFW (on Ubuntu) and firewalld (on CentOS) to configure basic firewall rules and close unnecessary ports.

• Ubuntu:
  • Enable UFW: sudo ufw enable
  • Allow SSH: sudo ufw allow ssh
• CentOS:
  • Start Firewalld: sudo systemctl start firewalld
  • Allow HTTP: sudo firewall-cmd --permanent --add-service=http && sudo firewall-cmd --reload

9. Manage User Accounts and Groups

Proper user and group management is essential for securing system access. Regularly audit user accounts, delete unused accounts, and assign users to appropriate groups to enforce role-based access control.

• Add a User: sudo adduser username
• Add to a Group: sudo usermod -aG groupname username
• Delete a User: sudo deluser username

10. Use SELinux or AppArmor

Security-enhanced Linux (SELinux) on CentOS and AppArmor on Ubuntu provide an additional layer of security by restricting program capabilities based on security policies.

• Check SELinux Status on CentOS: sestatus
• Enable AppArmor on Ubuntu: sudo systemctl enable apparmor

Linux System Administration Command Cheatsheet

1. Package Management

• Ubuntu (APT Package Manager):
  • Update repositories: sudo apt update
  • Upgrade installed packages: sudo apt upgrade
  • Install a package: sudo apt install package_name
  • Remove a package: sudo apt remove package_name
• CentOS (YUM/DNF Package Manager):
  • Update repositories: sudo yum update
  • Install a package: sudo yum install package_name
  • Remove a package: sudo yum remove package_name
  • Check for available updates: sudo yum check-update

2. User and Group Management

• Ubuntu/CentOS:
  • Add a new user: sudo adduser username
  • Change user password: sudo passwd username
  • Add user to a group: sudo usermod -aG groupname username
  • Delete a user: sudo deluser username

3. System Monitoring

• Ubuntu/CentOS:
  • Monitor system performance: top or htop
  • Check disk usage: df -h
  • Check memory usage: free -m
  • View system logs: journalctl -xe

4. File Permissions and Ownership

• Ubuntu/CentOS:
  • Change file permissions: chmod 755 filename
  • Change file ownership: chown user:group filename
  • View file permissions: ls -l filename

5. Networking

• Ubuntu/CentOS:
  • Display IP address: ip addr or ifconfig
  • Check open ports: netstat -tuln or ss -tuln
  • Test connectivity: ping google.com

6. Firewall Management

• Ubuntu (UFW):
  • Enable UFW: sudo ufw enable
  • Allow SSH: sudo ufw allow ssh
  • Check status: sudo ufw status
• CentOS (Firewalld):
  • Start firewalld: sudo systemctl start firewalld
  • Allow a service: sudo firewall-cmd --permanent --add-service=http && sudo firewall-cmd --reload
  • Check status: sudo firewall-cmd --state

7. SSH Management

• Ubuntu/CentOS:
  • Generate SSH keys: ssh-keygen -t rsa -b 4096
  • Copy SSH key to server: ssh-copy-id user@server_ip
  • Restart SSH service: sudo systemctl restart sshd

8. Disk Management

• Ubuntu/CentOS:
  • Check disk space: df -h
  • View mounted drives: lsblk
  • Check disk inodes: df -i
  • Mount a filesystem: mount /dev/sdX /mnt/directory

9. Backup and Restore

• Ubuntu/CentOS:
  • Backup directory using tar: tar -cvpzf backup.tar.gz /path/to/directory
  • Restore from a tar backup: tar -xvpzf backup.tar.gz -C /restore/location

Conclusion

By following these best practices and using the commands outlined in the cheatsheet, you’ll be well on your way to managing Ubuntu and CentOS systems securely and efficiently. System administration requires both proactive and reactive management, and a well-organized, secure, and automated system is key to long-term success. Happy system administering!