9. system administration - mishraxharshit/harshitxmishra.github.io GitHub Wiki

Phase 9 — System Administration

Previous: [Phase 8 — Shell Scripting](Phase-8-Shell-Scripting) | Next: [Phase 10 — Security](Phase-10-Security)

9.1 Package Management

Packages are pre-compiled software bundles. The package manager handles download, installation, dependency resolution, and updates.

Ubuntu and Debian (apt)

# Always update the package index before installing
sudo apt update

# Upgrade all installed packages
sudo apt upgrade

# Upgrade including packages that require installing/removing other packages
sudo apt full-upgrade

# Install a package
sudo apt install nginx
sudo apt install -y nginx    # -y answers yes to all prompts (for scripts)

# Remove a package
sudo apt remove nginx            # remove but keep configuration files
sudo apt purge nginx             # remove including configuration files
sudo apt autoremove              # remove packages that are no longer needed

# Search for packages
apt search "web server"
apt-cache search "web server"    # older syntax, still works

# Show package information
apt show nginx
dpkg -l nginx                    # check if installed and version

# List installed packages
dpkg -l | grep nginx
apt list --installed

# Download a package without installing (for offline installation)
apt download nginx

RHEL, Fedora, CentOS (dnf)

sudo dnf check-update
sudo dnf update
sudo dnf install nginx
sudo dnf remove nginx
dnf search nginx
dnf info nginx
rpm -qa | grep nginx    # query installed RPM packages

9.2 Log Management

Logs are in /var/log/. On modern systems, journald centralises log collection.

# System logs
less /var/log/syslog            # general system messages
less /var/log/auth.log          # authentication, sudo, SSH
less /var/log/kern.log          # kernel messages
less /var/log/dpkg.log          # package installation history
dmesg                           # kernel ring buffer (hardware events, boot messages)
dmesg | grep -i error

# journald: the systemd log aggregator
journalctl                       # all logs
journalctl -f                    # follow live
journalctl -b                    # logs since last boot
journalctl -b -1                 # logs from previous boot
journalctl --since "2 hours ago"
journalctl --since "2024-01-15 10:00" --until "2024-01-15 12:00"
journalctl -p err                # error level and above
journalctl -p warning            # warning level and above
journalctl -u nginx              # logs for nginx service
journalctl -u nginx -f           # follow nginx logs live
journalctl --disk-usage          # how much disk the journal uses

# Configure journal size limit
sudo journalctl --vacuum-size=500M   # keep only 500MB of logs
sudo journalctl --vacuum-time=30d    # keep only 30 days of logs

9.3 Performance Monitoring

# CPU and memory overview
top
htop
vmstat 1 5    # 5 samples, 1 second apart

# CPU detailed
mpstat 1       # per-CPU statistics (install sysstat first)
lscpu          # CPU architecture information
nproc          # number of processing units available

# Memory
free -h
cat /proc/meminfo

# Disk I/O
iostat 1       # disk I/O statistics (sysstat package)
iotop          # per-process disk I/O (requires root)
df -h          # disk space

# Network
iftop          # network traffic by connection (requires root)
nethogs        # network traffic by process (requires root)
ss -s          # socket statistics summary
cat /proc/net/dev    # raw network interface counters

# Find what is using disk I/O
sudo iotop -o     # only processes currently doing I/O

# Load average
uptime
# 14:22:00 up 5 days, 3:15, 2 users, load average: 0.52, 0.41, 0.38
# Three numbers: 1-minute, 5-minute, 15-minute load averages
# Load = 1.0 per CPU core means 100% utilisation
# On a 4-core machine, load of 4.0 means fully loaded

9.4 System Information

# OS version
cat /etc/os-release
lsb_release -a

# Kernel version
uname -r                # just the version
uname -a                # full information

# Hardware info
lshw                    # complete hardware list (install if needed)
lscpu                   # CPU info
lsmem                   # memory info
lspci                   # PCI devices (network card, graphics card)
lsusb                   # USB devices

# Uptime and logged-in users
uptime
who
w

# Check system logs for hardware errors
sudo dmesg | grep -iE "error|fault|fail"

9.5 Kernel Parameters with sysctl

# View all kernel parameters
sysctl -a

# View a specific parameter
sysctl vm.swappiness
sysctl net.ipv4.ip_forward

# Change a parameter temporarily
sudo sysctl vm.swappiness=10
sudo sysctl net.ipv4.ip_forward=1   # enable IP forwarding (for routing)

# Make changes permanent
sudo nano /etc/sysctl.conf
# Add: vm.swappiness=10
sudo sysctl -p    # reload from file

Phase 9 Exercises

Exercise 1: Use apt show to get details about the curl package. Note its dependencies, version, and installed size.

Exercise 2: Use journalctl to view logs from the last 30 minutes. Filter for error level and above. How many errors occurred?

Exercise 3: Use vmstat 1 10 to collect 10 samples. What do the us, sy, and id columns in the CPU section mean?

Exercise 4: Find the total number of installed packages on your system using dpkg -l | wc -l.

Previous: [Phase 8 — Shell Scripting](Phase-8-Shell-Scripting) | Next: [Phase 10 — Security](Phase-10-Security)