Who is admin in Linux?

In Linux, the admin refers to the system administrator, responsible for managing and maintaining the system. Admins have elevated privileges, often using the root or superuser account to perform tasks like system configuration, software installation, user management, and security implementation.

Is Linux admin job easy?

Difficulty varies depending on experience, system complexity, and tasks involved. Proficiency in scripting, problem solving, and continuous learning is important. While managing a simple desktop may be simple, monitoring complex server environments requires a diverse skill set and the ability to adapt to new technologies. Overall, the solid Linux foundation and proactive approach make this job worthwhile for those willing to learn and adapt.

What are the most important skills for Linux?

To use Linux fluently, mastering command line operations is fundamental to effective system management. Using automation technologies in combination with scripting languages like Python and Bash simplifies work. It takes a thorough grasp of system and network administration as well as skilled troubleshooting abilities. Familiarity with processes, services, and version control tools like Git enhances resource optimization and collaborative development.

Why is Linux most used?

Linux's popularity is driven by key factors: open-source nature promoting collaboration and cost-effectiveness, stability minimizing downtime, a robust security model, high flexibility for customization, extensive community support, efficiency in performance, and compatibility across diverse applications.

Top 50 Linux Interview Questions & Answers for Freshers & Experienced

Linux Interview Questions & Answers for Freshers & Experienced

Basic Linux Interview Questions for Freshers {25 Question}

What is Linux? Differentiate between Unix and Linux.

Linux is an open-source operating system widely used for powering everything from computers and smartphones to servers and supercomputers. It’s known for its stability, security, and flexibility. Imagine it as the engine and core functionalities of your device, like the conductor controlling an orchestra.

Unix, on the other hand, is a family of proprietary operating systems with a longer history. Think of it as a broader category of operating systems with shared design principles. While Linux isn’t technically a Unix itself, it’s heavily inspired by Unix philosophies and shares many similarities. Here’s a table summarizing the key differences:

Feature	Linux	Unix
License	Open source (free to use and modify)	Proprietary (requires a license)’
Cost	Free	Costly, depending on vendor and version
Development	Community-driven, diverse contributors	Developed by individual companies like Oracle, IBM
Variations	Numerous distributions (Ubuntu, Fedora, etc.)	Fewer options, each tailored to specific needs
Focus	General-purpose, adaptable to various uses	Primarily for servers and workstations

In essence:

Linux: Free, community-driven, widely used for various purposes.
Unix: Proprietary, historically focused on servers, with fewer variations.

Both Linux and Unix offer powerful command-line interfaces and multitasking capabilities, making them popular choices for technical users and developers. They share a similar foundation but cater to different needs and audiences. For those preparing for Linux interview questions and answers, a solid understanding of these operating systems core principles is essential.

Explain the Linux file system hierarchy.

Think of your computer’s storage as a giant library. To keep things tidy and find information easily, Linux organizes everything into a structured system called the file system hierarchy with a single root directory (/). This root directory branches out into subdirectories, each serving a specific purpose. Here’s a breakdown of some key directories:

/(root): The topmost directory, the foundation of the hierarchy.
/bin: Stores essential executable programs for everyday tasks.
/sbin: Houses system administration tools used by root users.
/boot: Contains files necessary for booting the system.
/dev: Represents devices like hard drives, printers, and network interfaces.
/etc: Holds configuration files for system-wide settings.
/home: The personal space for user accounts, containing their files and documents.
/lib: Libraries containing reusable code used by programs.
/lost+found: Recovers files lost due to system crashes or errors.
/media: Mounts removable media like USB drives and optical discs.
/mnt: Temporary mount points for external filesystems.
/opt: Optional software packages installed by users.
/proc: Provides dynamic information about system processes.
/sys: Represents the system’s hardware and kernel configuration.

/tmp: Temporary files automatically deleted at system shutdown.
/usr: Holds most user-related programs and applications.
/var: Stores variable data like logs, caches, and mail.

Understanding this structure is crucial for navigating the Linux file system efficiently and performing various tasks like installing software, managing files, and configuring the system.

How do you check system information in Linux?

Ever wondered what components power your computer and how much memory it has? Linux provides various tools to explore your system’s inner workings, offering valuable insights. Here are some key commands to get you started:

System Overview:

uname -a: This command displays details like your operating system name, version, kernel version, and even your computer’s unique name. Think of it as reading your device’s identification tag.

Memory Check:

free: Feeling like your computer is sluggish? This command shows your system’s total memory, how much is currently used by applications and processes, and how much is available for new tasks.

Storage Space:

df -h: Curious about how much storage space you have left? This command displays information about different partitions on your hard drive, showing how much space is used and available on each.

Processor Power:

lscpu: Want to know the technical specifications of your computer’s central processing unit (CPU)? This command reveals details like the number of cores, processing speed, and other technical information.

Exploring Further:

Remember, these are just a few examples. Many more commands are available to explore different aspects of your system. Consult the manual pages (accessible with the man command) for specific commands and their options.

What is the purpose of the ‘sudo’ command?

Imagine needing a special key to access restricted sections of the library. In Linux, the sudo command acts as that key which for “superuser do.” It allows authorized users to execute commands with elevated privileges, typically as the root user. This is crucial for performing administrative tasks that require higher access levels.

Example: To install a software package using apt:

sudo apt-get install package_name

The sudo command ensures that the installation process has the necessary permissions to modify system files and directories. It helps prevent unauthorized or accidental changes while enabling users to perform administrative tasks when needed. It’s a fundamental tool for maintaining security and control over a Linux system.

However, use sudo with extreme caution! It’s like giving someone the master key – only use it when necessary and be sure about what you’re doing. Running the wrong command with sudo could harm your system. When exploring the basics of Linux interview questions and answers, understanding the responsible use of sudo becomes crucial.

How to find and kill a process in Linux?

To find and kill a process in Linux, you can use commands like ps, pgrep, and kill. Here’s a step-by-step guide:

Using ps and kill:
ps aux: This command lists all running processes, showing their process ID (PID), user, CPU usage, memory consumption, and command name. It’s like getting a detailed report on all active tasks in your system.
grep: Use this command to filter the output of ps aux based on specific criteria.

ps aux | grep process_name

Once you’ve identified the problematic process, different commands offer varying levels of termination force:

kill PID: This sends a polite termination signal (SIGTERM) to the process, asking it to shut down gracefully. Use this first, as it allows the process to clean up properly.
kill -9 PID: If kill fails, this sends a forceful termination signal (SIGKILL), immediately stopping the process without warning. Use this cautiously, as it might lead to data loss.

kill -9 PID

Using pgrep and pkill:

Alternatively, you can use pgrep to find the process ID based on the process name:

pgrep process_name

To kill the process using pkill:

pkill process_name

Example: If you want to find and kill a process named “nginx”:

ps aux | grep nginx

This will display information about the “nginx” process, including its PID. To kill it:

sudo kill -9 PID

Explain the difference between a soft link and a hard link.

Imagine creating shortcuts to your files. Linux offers two ways: soft links (symbolic links) and hard links. Here’s the difference:

Soft Link (Symbolic Link): Think of it like an alias or bookmark. It points to the actual file location but doesn’t directly store the data itself. If the original file moves or is deleted, the link becomes broken. Created using the ln -s command.

ln -s /path/to/original /path/to/link

Hard Link: This creates a more direct connection. It’s like having multiple entries for the same file on different parts of your disk. Both links point to the same data, and changes made through one affect the other. However, creating hard links is restricted to files within the same filesystem. Created using the ln command without the -s option.

ln /path/to/original /path/to/link

Example: If you have a file named “file.txt,” creating a soft link:

ln -s file.txt soft_link

Now, if “file.txt” is deleted, the soft link “soft_link” will be broken. For a hard link:

ln file.txt hard_link

Even if “file.txt” is deleted, the data is still accessible through the “hard_link” since both point to the same inode.

In essence:

Use soft links for flexible shortcuts that can adapt to file movement.
Use hard links for efficient data sharing within the same filesystem, but remember they’re tightly coupled to the original file. Top of Form

What is the role of the ‘chmod’ command?

Imagine a vault filled with important documents, each with its own access rules. In Linux, the chmod command acts as the keymaster, controlling who can read, write, and execute files and directories. Understanding chmod empowers you to manage file permissions effectively.

Permissions Breakdown:

Each file/directory has three basic permissions:

Read (r): Allows viewing the file’s contents.

Write (w): Allows modifying the file’s contents.
Execute (x): Allows running the file as a program (for executable files).

These permissions apply to three user groups:

User (u): The owner of the file.
Group (g): The group the owner belongs to.
Others (o): Everyone else on the system.

Command Structure:

chmod [options] permissions owner:group file/directory

options: Control how permissions are applied (e.g., recursively).
permissions: A 3-digit code representing read, write, and execute permissions for owner, group, and others (e.g., 755 grants read/write/execute to owner, read/execute to group, and read/execute to others).
owner:group: Specifies the owner and group.
file/directory: The target file or directory.

Examples:

Make a file readable by everyone: chmod ugo+r myfile.txt
Grant writes access to group members: chmod g+w myscript.sh
Revokes execute permission for others: chmod o-x important_data.csv

How to search for a file in Linux?

Ever misplaced a document on your computer? In Linux, several tools help you locate files and directories efficiently. Here are the most common:

find: The ultimate search tool, offering powerful filtering and searching capabilities.

find /path/to/search -name “filename” -type f -size +10k

/path/to/search: Starting directory for the search.
-name “filename”: Searches for files with the specified name.
-type f: Limits results to files (not directories).
-size +10k: Finds files larger than 10 kilobytes.

locate: Indexes frequently used files for faster searches, but the database might not be always up to date.

locate “keyword”

“keyword”: The word or phrase to search for in filenames.

grep: Primarily used for searching text within files but can also find files containing specific text in their names.

grep “keyword” /path/to/file

“keyword”: The text to search for.
/path/to/file: The file to search within

Example: To find a file named “example.txt” in the home directory:

find ~/ -name example.txt

This command searches the home directory (~) and its subdirectories for a file named “example.txt”.

Explain the purpose of the ‘df’ and ‘du’ commands.

Keeping track of your hard drive space is crucial in any operating system. In Linux, two key commands help you understand how your storage is being used:

df: Stands for “disk free.” This command provides a quick overview of the available and used disk space on all mounted file systems. Think of it as a high-level map showing how much free space you have in different storage containers.

df –h

du: Stands for “disk usage.” This command delves deeper, displaying the disk space used by files and directories within a specific location. Imagine taking a closer look inside each container to see what’s taking up space.

du -h /home

Key Differences:

Feature	df	du
Scope	Shows overall disk space on mounted file systems	Shows disk space used by specific files and directories
Output	Summarizes available and used space	Gives detailed breakdown of space usage
Use Case	Quick overview of storage availability	Identifying space-consuming files and directories

Choosing the Right Tool:

Use df when you need a general understanding of how much free space you have on different partitions.
Use du when you want to pinpoint specific files or directories that are using up a lot of storage space.

What is a shell in Linux?

Imagine a powerful interpreter translating your commands directly to the operating system. In Linux, the “shell” acts as this vital interface. It’s a program that accepts your commands (usually typed in text) and executes them on the operating system. Think of it as the command center where you interact with your computer directly.

There are different types of shells in Linux, with Bash being the most popular. While some users prefer a graphical interface, the shell offers power and flexibility for experienced users and automation tasks.

Shell Features:

Accepting and executing commands: You type commands like ls, mkdir, or apt install, and the shell carries them out.
Providing a command history: You can access previously entered commands for easy reuse.
Supporting scripts: You can write a series of commands in a file (shell script) to automate tasks.
Offering command completion: The shell can suggest possible completions as you type commands, saving you time.

Differentiate between a process and a thread.

In the digital world, multitasking happens constantly, but how does it work under the hood? Understanding the difference between processes and threads is key.

Process:

Think of it as a self-contained program instance running on your computer.
It has its own memory space, resources, and execution context.
Multiple processes can run simultaneously, each vying for the CPU’s attention.
Launching a new program or opening a new document creates a new process.

Thread:

A lightweight segment within a process, sharing the same memory space and resources.

Multiple threads can exist within a single process, allowing it to handle multiple tasks concurrently.
Threads share information and communicate efficiently, making them suitable for tasks requiring frequent context switching.

Key Differences:

Feature	Process	Thread
Independence	Independent	Dependent on a process
Resources	Own memory space, resources	Shares memory and resources with other threads in the process
Execution context	Separate	Shares with other threads
Creation	Expensive	Lightweight, faster to create
Communication	Requires complex methods	Efficient communication within the process

Choosing the Right Tool:

Use processes for independent tasks needing isolation and dedicated resources.
Use threads for tasks within a single program that benefit from concurrent execution and quick communication.

Example: If you consider a web browser as a process, each open tab in the browser can be viewed as a thread. The browser process manages the overall execution, and each tab (thread) operates independently but shares resources with the others. When delving into Linux interview questions and answers for experienced professionals, understanding the concept of processes and threads is often a key area of exploration.

Explain the significance of the ‘/etc/passwd’ file.

Deep within the Linux system lies a crucial file: /etc/passwd. This file holds essential information about user accounts, acting as the gatekeeper to system access. Understanding its contents is vital for system administration and security.

Each line in the file represents a user account, containing seven colon-separated fields. A sample entry in the /etc/passwd file looks like this:

username:x:1000:1000:Pratham Bhansali:/home/username:/bin/bash

Username: The unique identifier for the user account.

Password (hashed): The user’s password, stored in a secure in the /etc/shadow file, encrypted format.

User identifier (UID): A unique numerical identifier for the user.

Group identifier (GID): The primary group the user belongs to.

Full Name/Comment: A human-readable description of the user.

Home directory: The directory where the user’s files are stored.

Shell: The default shell program used by the user.

Why is it important?

System access control: The file determines who can log in and access the system.
User permissions: The UID and GID influence file and system access permissions.
System administration: Modifying the file allows adding, removing, or managing user accounts.

Security Considerations:

Never share your password: The actual password is not stored in plain text but as a hash, making it unreadable.
Protect the file: Unauthorized access to /etc/passwd can compromise system security.
Use caution when editing: Improper modifications can lead to system instability or security vulnerabilities.

How do you add a user in Linux?

Adding new users in Linux is a crucial task for system administrators. Here are two common methods:

Method 1: Using adduser command (simple and interactive):

Open a terminal window with administrative privileges (using sudo).

Run the command: sudo adduser <username> (Replace <username> with the desired username).

Follow the prompts to provide information like password, full name, and other details.

The system will create the user account with default settings.

Method 2: Using useradd command (more granular control):

Open a terminal window with administrative privileges.

Run the command: sudo useradd <options> <username>

Use options:

-m: Creates the user’s home directory.
–g: Assigns the user to a specific group.
-s: Sets the user’s login shell.

You’ll need to set a password separately using passwd <username>.

Additional Considerations:

Choose strong and unique passwords for all users.

Assign users to appropriate groups for access control.
Consider using tools like passwd to enforce password complexity.
Document user creation procedures for future reference.

But what if you want to do more than just adding new users in Linux? What if you want to learn how to build full stack web applications using Linux and other technologies? If that sounds interesting to you, then you should enroll in our Full Stack Development Course by IIITB. This course will teach you how to use Linux as a powerful tool for web development, as well as other skills and technologies, such as HTML, CSS, JavaScript, Node.js, MongoDB, and more. You will also learn how to deploy your web applications to the cloud, use Git for version control, and implement security and authentication features

What is the purpose of the ‘tar’ command?

Imagine needing to move a collection of files and folders across your computer. The tar command in Linux is used for archiving files and directories. It creates a compressed or uncompressed archive file that can be easily transferred, stored, or backed up. The basic syntax is:

tar options archive_name files/directories

Commonly used options include:

c: Create a new archive.
x: Extract files from an archive.
v: Verbose mode (show the progress of the operation).
f: Specify the archive file name.

Common tar commands:

Create an archive: tar -cvzf <archive_name>.tar.gz <files_and_folders_to_archive>
Extract an archive: tar –xzvf <archive_name>.tar.gz
List archive contents: tar -tf <archive_name>.tar.gz

Key Features:

Archiving: Create compressed archives of files and directories using various formats like .tar, .tar.gz, .zip.
Extracting: Unpack archived files and directories, restoring them to their original locations.
Flexibility: Supports various options for compression, selection, and filtering of files during archiving and extraction.

Benefits of using tar:

Efficiently manages large groups of files.
Reduces storage space by compressing archives.
Facilitates easy transfer and backup of data.
Versatile for various file management tasks.

How to check for open ports in Linux?

In the digital world, ports act as entry points for communication between your computer and the outside world. Keeping track of open ports is crucial for security, as they can be potential vulnerabilities if not managed properly. Here are ways to check for open ports in Linux:

netstat: This classic command provides information about network connections, including listening ports. Use the following options:

-t: Show TCP connections.
-u: Show UDP connections.
-l: Show only listening ports.
-n: Display numerical addresses instead of resolving hostnames.

sudo netstat -tulpn | grep LISTEN

ss: A modern alternative to netstat, ss offers similar functionality with potentially faster performance. Using the above mentiond options:

sudo ss -tulpn | grep LISTEN

nmap:

This powerful network scanner allows comprehensive scanning of ports, identifying open ports and their associated services.

sudo nmap -sS localhost # Scan your own system

It will display open ports, services running on them, and potential vulnerabilities.

Graphical Tools: Many Linux distributions offer graphical tools like “Gufw” or “Firewall Manager” that provide user-friendly interfaces for viewing and managing firewall rules, which include information on open ports.

Remember:

Only use these commands on systems you have permission to access.
Open ports are potential entry points for attackers, so understand what services use them and consider closing unnecessary ones.
Firewalls can further enhance security by controlling incoming and outgoing traffic.

What is the function of the ‘iptables’ command?

Imagine a security guard controlling who enters and exits your castle. In Linux, iptables acts like a similar firewall, allowing you to define rules for incoming and outgoing network traffic, protecting your system from unauthorized access.

What does it do?

Filters and controls network traffic based on various criteria like source and destination addresses, ports, and protocols.
Can block unwanted traffic, restrict access to specific ports, and route traffic appropriately.
Offers fine-grained control over network security.

How does it work?

iptables uses chains, sets of rules that determine how traffic is handled.
Each chain has rules specifying conditions for matching traffic and actions to take (e.g., allow, drop, or redirect).
You can build complex firewall configurations with different chains and rules.

Some common use cases:

Creating a Rule: This command allows incoming TCP traffic on port 80.

sudo iptables -A INPUT -p tcp –dport 80 -j ACCEPT

Listing Rules: Displays the current set of rules.

sudo iptables -L

Deleting a Rule: Removes the specified rule.

sudo iptables -D INPUT -p tcp –dport 80 -j ACCEPT

Saving Rules: Saves the current rules to a file.

sudo iptables-save > iptables-rules

Restoring Rules: Restores rules from a saved file.

sudo iptables-restore < iptables-rules

Important notes:

iptables requires administrative privileges and careful configuration to avoid unintended consequences.
Incorrectly configured firewalls can block legitimate traffic, so test your rules thoroughly.
Consider exploring simpler tools like “ufw” for basic firewall management before diving into iptables.

Example: Allowing SSH (port 22) traffic:

sudo iptables -A INPUT -p tcp –dport 22 -j ACCEPT

This rule allows incoming TCP traffic on port 22, commonly used for SSH.

Explain the significance of the ‘/etc/fstab’ file.

The /etc/fstab file in Linux is a crucial configuration file that defines how disk drives, partitions, and devices should be mounted into the file system. It stands for “File System Table” and contains entries that specify where and how each device should be mounted, including options like file system type, mount point, and mount options.

Each line in the /etc/fstab file represents a separate file system entry and typically follows the format:

UUID=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX /mount/point file_system_type options 0 0

UUID: Universally Unique Identifier of the device.
/mount/point: The directory where the device will be mounted.
file_system_type: Type of the file system on the device (e.g., ext4, ntfs).
options: Mount options, such as read-only or read-write permissions.

Why is it important?

Ensures essential partitions like the root filesystem (/) are mounted correctly at boot.
Defines mount options for optimal performance or security.
Allows automatic mounting of external drives or network shares.

Editing with caution:

Modifying /etc/fstab incorrectly can lead to boot failures or data loss.
Only edit it with administrative privileges and a clear understanding of the changes you’re making.
Consult system documentation and online resources for detailed information on specific mount options.

Example: An entry in /etc/fstab for mounting the root file system:

UUID=abc-123 / ext4 defaults 0 1

This specifies that the file system with the UUID “abc-123” should be mounted at the root directory (“/”) using the ext4 file system with default options.

How do you schedule tasks in Linux?

Whether you need to automate backups, run scripts at specific times, or simply remind yourself of tasks, Linux offers various tools for scheduling tasks. Here are some popular options:

cron: The classic scheduling tool, cron runs tasks based on predefined schedules set in the /etc/crontab file. You can specify minutes, hours, days, and months for precise control. To schedule recurring tasks, you can use the cron daemon.

crontab -e #Edit the crontab file for a user

0 3 * * * /path/to/script.sh # Runs the script every day at 3 AM.

at: This simpler tool allows scheduling one-time tasks at a specific date and time. It’s useful for tasks requiring a single execution.

at 10:00AM tomorrow /path/to/script.sh # Runs the script at 10 AM tomorrow

Note: Ensure that the cron service is running for scheduled tasks to take effect.

systemd timers:

A more modern approach, offering greater flexibility and control over scheduled tasks. Managed through configuration files in the /etc/systemd/system/ director

Example: Run a service every hour

[Unit]

Description=My Scheduled Service

[Timer]

OnTimerUnit=my-service.service

[Install]

WantedBy=timers.target

GUI Tools:

Many Linux desktops offer graphical tools like “gnome-schedule” or “kde-schedule” for easier task scheduling with a visual interface.

What is a shell script?

Imagine being able to automate repetitive tasks on your computer with simple instructions. In Linux, shell scripts, also known as bash scripts, provide this power. They are plain text files containing a series of commands that are executed by the shell interpreter. It allows users to automate repetitive tasks, execute commands sequentially, and make decisions based on conditions. Shell scripts are written using scripting languages such as Bash, and they can include variables, loops, conditional statements, and functions.

Basic structure:

Shebang line: Specifies the interpreter to use (e.g., #!/bin/bash).
Comments: Explain what the script does and how it works.
Commands: The actual instructions the script executes.
Conditional statements: Control the flow of execution based on conditions.
Loops: Repeat a block of code multiple times.
Variables: Store and manipulate data within the script.

Creating your first script:

Open a text editor and write your script.

Save it with a .sh extension (e.g., myscript.sh).

Make the script executable using chmod +x myscript.sh.

Run the script from the terminal: ./myscript.sh.

Benefits of using shell scripts:

Automation: Repetitive tasks can be automated, reducing manual work and improving efficiency.
Customization: Scripts can be tailored to specific needs and preferences.
Error reduction: Scripts can help avoid manual errors by automating complex steps.
Reproducibility: Scripts ensure tasks are performed consistently every time.

Example:

#!/bin/bash

sudo apt update && sudo apt upgrade

sudo apt autoremove # This script updates the system and cleans up temporary files

rm -rf /tmp/* # Clear temporary files

echo “System updated and cleaned!”

Save this in a file, make it executable (chmod +x script.sh), and run it (./script.sh). When tackling basic Linux interview questions for freshers, demonstrating the ability to create, modify, and execute scripts is a fundamental skill that is often evaluated.

How to check system resource usage in Linux?

Keeping an eye on your system’s resource usage is crucial for maintaining optimal performance and identifying potential issues. Here are some key tools and metrics to monitor in Linux:

CPU Usage:

top: Provides a real-time overview of CPU usage by processes and overall system load.

htop: An interactive and user-friendly alternative to top with additional features.

Memory Usage:

free: Displays information about total memory, used memory, available memory, and swap space usage.
htop: Also shows memory usage information alongside CPU usage.

Disk Usage:

df: Shows disk space usage for different mounted partitions.
du: Estimates the disk space used by individual files and directories.

Network Traffic:

netstat: Provides information about network connections, including bandwidth usage.
iftop: Offers a real-time graphical view of network traffic on different interfaces.

Understanding the Metrics:

High CPU usage might indicate overloaded systems or poorly performing processes.
Low memory availability can lead to performance slowdowns and crashes.
Monitoring disk space helps prevent running out of storage.
Tracking network traffic helps identify potential security risks or bandwidth bottlenecks.

Based on your observations, you can:

Optimize processes or adjust system settings to improve resource utilization.
Add more resources (e.g., RAM, storage) if necessary.
Investigate and address underlying causes of high resource usage.

Top of Form

What is the purpose of the ‘awk’ command?

The awk command in Linux is a powerful text-processing tool that is used for pattern scanning and processing. It is often used in shell scripts and one-liners for data extraction and reporting. awk reads text files line by line, allowing you to perform actions based on patterns within the data.

Basic syntax:

awk ‘pattern { action }’ file

pattern: Specifies a pattern or condition.

action: Specifies the action to be taken when the pattern is matched.

What does it do?

Parses text files line by line, breaking them down into fields based on delimiters (like spaces, tabs, or custom characters).
Performs actions on each field or the entire line based on specified conditions.
Can perform calculations, comparisons, string manipulation, and output formatted results.

Think of it as:

A filtering tool to extract specific information from text files.
A data transformation engine to reshape or modify text data.
A scripting language for automating text processing tasks.

Common uses:

Extracting specific columns from log files.
Counting occurrences of words or patterns in text.
Performing calculations on numerical data in text files.
Converting data formats between different text-based representations.

Example: To print the second column of a file where the first column matches a specific value:

awk ‘$1 == “specific value” { print $2 }’ filename

This command prints the second column whenever the first column matches “specific value.”

How to install software in Linux from source code?

Installing software from source code in Linux involves several steps:

Download the Source Code: Download the source code from the software’s official website or repository.

Extract the Archive: Use tar to extract the downloaded archive:

tar -xzvf software.tar.gz

Navigate to the Source Directory: Move into the extracted directory:

cd software

Configure the Build: Run the configure script to check dependencies and configure the build:

./configure

Compile the Source Code: Use make to compile the source code:

make

Install the Software: Install the compiled software:

sudo make install

Alternatives:

Most Linux distributions offer package managers like apt or yum for convenient installation from pre-built packages.
Consider using containerization technologies like Docker for isolated and portable software environments.

If you want to master the software installation and other essential Linux skills, you should check out our Software Development Courses. These courses will teach you how to use Linux effectively for various software development tasks, such as web development, data analysis, automation, and more. You will also learn how to work with popular tools and frameworks, such as Git, Python, Django, Flask, and more.

Example: Installing a hypothetical software named “example”:

tar -xzvf example.tar.gz

cd example ./configure

make

sudo make install

This sequence of commands downloads, extracts, configures, compiles, and installs the software from source code. Note that you might need to install build dependencies using your package manager before running ./configure.

What is the ‘ssh’ command used for?

The ssh command in Linux is used to establish a secure and encrypted connection to a remote system over a network. It stands for “Secure Shell.” ssh provides a secure alternative to protocols like Telnet, as it encrypts the communication between the client and the server, preventing eavesdropping and unauthorized access, providing a robust and secure way to:

Execute commands remotely on a different machine, as if you were sitting in front of it.
Transfer files securely between your local machine and the remote system.
Manage remote servers efficiently without needing physical access.

Basic syntax:

ssh username@hostname

username: Your username on the remote system.
hostname: The IP address or domain name of the remote server.

Key Features:

Strong encryption: Protects your login credentials and data transfers using industry-standard algorithms.
Public-key authentication: Eliminates the need to enter passwords for each connection, reducing security risks.
Flexibility: Works across various operating systems and network environments.
Versatility: Used for tasks like server administration, code deployment, remote debugging, and more.

Example: To connect to a remote server with the username “pratham” at the IP address “192.168.1.100”:

ssh pratham@192.168.1.100

After entering the correct password (or using key-based authentication), you’ll have a secure shell session on the remote server.

Explain the significance of the ‘/var/log’ directory

The /var/log directory in Linux acts as a central repository for various system and application logs, providing valuable insights into system operation, troubleshooting issues, and security monitoring. Each log file typically records events related to a specific service or component.

Key log files:

/var/log/syslog: Combines multiple system logs into a single file.
/var/log/auth.log: Tracks authentication attempts, successes, and failures.
/var/log/messages: System messages.
/var/log/kern.log: Records major kernel messages, including errors, warnings, and boot information.
/var/log/secure: Security-related events (on some distributions).
Application-specific logs: Many applications keep their own logs in /var/log or subdirectories (e.g., /var/log/apache2 for web server logs).

Significance:

Troubleshooting: Analysing logs can help pinpoint the root cause of errors, crashes, or unexpected behaviour.
Security monitoring: Logs help detect suspicious activity, identify unauthorized access attempts, and monitor security threats.
Compliance: Logs may be required for security audits or regulatory compliance purposes.
Debugging: Developers and system administrators use logs to debug application issues and track system performance.

Managing Logs:

Rotation: Logs are commonly rotated to prevent them from growing too large and consuming disk space.
Compression: Older logs are often compressed for storage efficiency.
Permissions: Restrict access to log files to authorized users based on security best practices.

Log analysis tools: Various tools can help parse and analyse logs for easier understanding.

Example: To view the last few lines of the system log:

tail /var/log/syslog

This command displays the most recent entries in the syslog file, providing insights into system events and activities.

How do you backup and restore important data in Linux?

Backing up your data is crucial in Linux, as it ensures you can recover it in case of accidental deletion, hardware failure, or other unforeseen circumstances. The restoration process depends on the chosen method. With tar, extract the archive using tar -xf backup.tar.gz. For rsync, use the same command with the -r (reverse) option. Most tools offer specific instructions for restoring data. Here are some common methods for backing up and restoring data:

Backup:

rsync: Use rsync to synchronize files and directories to a backup location.

rsync -av –delete /source_directory /backup_destination

tar: Create a compressed archive using tar.

tar -czvf backup.tar.gz /source_directory

Restore:

rsync: Restore using rsync from the backup location to the original directory.

rsync -av /backup_destination /source_directory

tar: Extract the contents of the compressed archive using tar.

tar -xzvf backup.tar.gz -C /

Graphical tools:

Built-in backup utilities: Many desktop environments offer graphical backup tools like “Backups” in GNOME or “Backup” in KDE.
Third-party tools: Popular options include Déjà-Dup, Back in Time, and Lucky Backup, providing user-friendly interfaces and scheduling options.

Key considerations:

Backup frequency: Decide how often you need to back up based on your data criticality.
Backup location: Choose a secure and reliable location, like a separate hard drive, cloud storage, or another computer.
Testing: Regularly test your backups to ensure they are working correctly.

Here’s a sample backup routine:

Choose a backup method and location.

Set up an automated backup schedule (e.g., daily, weekly).

Verify your backups after each run to ensure data integrity.

Advanced Linux Interview Questions and Answers for Experienced Professionals {25 Question}

Explain the concept of Inodes in Linux file systems.

Inodes, short for “index node,” are data structures in Linux file systems that store metadata about files and directories. The inode provides a way for the filesystem to locate and organize data on the storage device efficiently. When you create a file, the filesystem allocates an inode and associates it with the file. The inode, in turn, points to the actual data blocks on disk. They act like metadata labels for each file, storing crucial information like:

File name and location: Identifies the file within the filesystem.
File type (regular file, directory, etc.)
File owner and permissions: Controls access to the file.
File size: Indicates how much disk space the file occupies.
Timestamps (creation, modification, access): Tracks changes made to the file.
Number of hard links pointing to the file: Helps manage multiple references to the same data.

Why are Inodes Important?

Efficiency: Inodes store data efficiently, allowing the file system to track files without replicating their entire contents.
Scalability: Inodes enable file systems to handle large numbers of files without performance issues.

Security: Permissions and ownership information stored in inodes contribute to file system security.

Understanding Inodes:

The number of inodes on a file system is limited and affects the maximum number of files it can store.
You can use the df -hi command to view the number of used and available inodes on a file system.
Some tools like ls -i and stat can display inode information for specific files.

Example: To view the inode number of a file or directory:

ls -i filename

This command displays the inode number along with the file or directory name.

How does the Linux kernel manage system memory? Explain the role of swap space.

Logical Volume Manager (LVM) offers a layer of abstraction over physical storage devices in Linux, allowing you to create and manage logical volumes that span multiple physical disks. This flexibility comes with advantages and disadvantages:

Advantages:

Increased flexibility: Create, resize, and manage logical volumes independently of physical partitions, simplifying storage management and enabling dynamic allocation.
Improved scalability: Easily add or remove physical disks to the volume group, expanding storage capacity without affecting existing data.
Enhanced fault tolerance: Mirror and RAID configurations can protect data from disk failures by replicating data across multiple disks.
Snapshotting: Create point-in-time snapshots of volumes for backups or disaster recovery.

Disadvantages:

Increased complexity: LVM adds another layer of abstraction, requiring more understanding for configuration and troubleshooting.
Performance overhead: Managing LVM can introduce some overhead compared to directly using physical partitions.
Potential data loss: RAID configurations with fewer redundancy levels can still suffer data loss if multiple disks fail.
Limited support on some systems: LVM might not be available or fully supported on older systems or embedded devices.

Overall: LVM provides powerful features for managing and protecting storage in Linux, but it’s important to consider its complexity and potential drawbacks before adopting it. For simple setups, physical partitions might suffice. However, for complex environments requiring flexibility, scalability, and fault tolerance, addressing advanced Linux interview questions and answers becomes crucial in assessing a candidate’s proficiency with intricate storage management systems like LVM.

Example: Adding a new physical volume to an existing volume group:

pvcreate /dev/sdX

vgextend myvg /dev/sdX

How does the Linux kernel manage system memory? Explain the role of swap space.

The Linux kernel employs a sophisticated memory management system to efficiently allocate and utilize physical memory (RAM) for running applications and processes. Here’s a breakdown of the key concepts:

Memory Allocation:

Physical RAM: The main memory hardware installed in your system.
Virtual Memory: An illusion created by the kernel, using RAM and disk space (swap space) to appear larger than physically available RAM.
Page Frames: Fixed-size blocks (typically 4KB) into which RAM and swap space are divided.
Page Tables: Data structures that map virtual memory addresses to physical page frames in RAM or swap space.

Memory Management Strategies:

Demand Paging: Loads pages from swap space into RAM only when needed, reducing RAM usage for inactive processes.
Least Recently Used (LRU): Evicts the least recently used page from RAM to make space for new pages, balancing active and inactive memory usage.
Swapping: When RAM is full, inactive pages are moved to swap space on the disk, freeing up RAM for active processes.

Swap Space:

A dedicated partition or file on a disk used to store inactive memory pages.
Acts as an extension of RAM, allowing the system to run more processes than physically fit in RAM.
Using swap space frequently can degrade system performance due to disk I/O overhead.

Monitoring Memory Usage:

Use the free command to view available and used RAM and swap space.
Tools like htop and top provide real-time memory usage information for processes.

Example:

Viewing swap space usage:

swapon –s # This command displays information about active swap devices and their usage.

To configure additional swap space:

sudo fallocate -l 1G /swapfile sudo chmod 600 /swapfile sudo mkswap /swapfile sudo swapon /swapfile

Properly configured swap space helps ensure system stability and prevents out-of-memory situations. However, excessive swapping should be avoided for optimal performance.

Describe the purpose of the ‘sar’ command in Linux and how it is used for system performance monitoring.

The sar command in Linux is part of the sysstat package in Linux stands for “System Activity Reporter” and serves as a powerful tool for monitoring various aspects of your system’s performance. It gathers and reports data on:

CPU usage: Tracks overall and per-core CPU utilization, helping you identify workloads and potential bottlenecks.
Memory usage: Monitors memory consumption by processes and the system, providing insights into memory pressure and potential swap usage.
Disk activity: Tracks read/write operations on different disks, enabling you to identify I/O-intensive tasks and optimize disk performance.
Network activity: Monitors network traffic in and out, helping you analyze network utilization and identify potential bottlenecks.
Other resources: Can also monitor paging, swap usage, and other system resources depending on flags used.

Usage of the ‘sar’ command:

Installation: Ensure the sysstat package is installed.

sudo apt-get install sysstat

Basic Syntax:

To display CPU usage for the current day:

sar

To display CPU usage for a specific day:

sar -f /var/log/sa/sadd

To display CPU usage for a specific time range:

sar -s hh:mm:ss -e hh:mm:ss

Key Options:

-u: CPU usage.
-r: Memory utilization.
-b: I/O and transfer rate statistics.
-n: Network statistics.

Benefits:

Gain insights into performance bottlenecks and resource utilization.
Identify trends and potential issues before they impact users.
Tune system settings and configurations for optimal performance.
Track the effectiveness of performance improvement measures.

Explain the differences between fork(), exec(), and wait() system calls in Linux.

The fork(), exec(), and wait() system calls form a core trio in Linux process management, enabling creation, transformation, and synchronization of processes. Let’s delve into their differences:

fork(): Creates a new process that is a copy of the calling process. Both processes share the same memory space initially but can later diverge.
exec(): Replaces the current process’s image with a new program, effectively starting a new program in the same process space.

wait(): Causes the calling process to wait for the termination of a child process created using fork().

Understanding the Interplay:

Process Creation: fork() creates a copy of the calling process, effectively doubling the memory footprint.

Program Execution: Typically, one of the child processes (often the new one) calls exec() to load and run a different program, replacing its code and data.

Process Termination: The parent process can use wait() to wait for the child process to finish execution before continuing.

Key Differences:

Feature	fork()	exec()	wait()
Purpose	Creates a new process copy	Replaces current process with a new program	Waits for child process termination
Memory Usage	High (initially shares memory with parent)	Low (replaces current process memory)	No impact
Return Value	Child process: 0, Parent process: child process ID	0 on success, negative on error	Child process exit code

Real-world Usage:

Shell commands: When you execute a command, the shell forks a child process, which then uses exec() to run the actual program.
Multitasking: Forking allows the system to create multiple processes for different tasks, enabling multitasking.
Daemon processes: Daemons often fork child processes to handle specific tasks while the parent process remains active.

Discuss the significance of the ‘systemd’ init system in modern Linux distributions.

systemd is a system and service manager that has become the default init system for many modern Linux distributions. It plays a crucial role in the initialization process and manages various system processes, services, and resources during the system’s lifecycle.

Significance:

Parallel Initialization: systemd allows for parallel and asynchronous initialization of system services, improving boot times.
Dependency Management: Services and processes can be started or stopped based on dependencies, ensuring a controlled and efficient startup sequence.
Service Management: systemd provides tools (systemctl) for managing services, enabling administrators to start, stop, restart, and check the status of services.
Logging and Journaling: systemd includes a centralized logging system (journalctl) that collects and manages log data in a structured and efficient manner.
Resource Management: systemd controls and monitors system resources, aiding in better resource utilization and management.
Security Features: Implements security features like cgroups for process isolation and control.
Socket and D-Bus Activation: Supports socket and D-Bus activation, allowing services to be started on-demand when needed.

Advantages over Traditional Init Systems:

Faster boot times: Efficient parallel execution of tasks during boot speeds up the process.
Improved reliability: Dependency management and robust service supervision enhance system stability.
Flexibility and control: Unit files empower administrators to precisely manage system and service behavior.
Unified logging: Journald provides a centralized and searchable log for easier troubleshooting.
Modern design: Built with modularity and scalability in mind, it adapts to diverse system needs.

Examples:

Start a service: sudo systemctl start service_name
Stop a service: sudo systemctl stop service_name
Check the status of a service: sudo systemctl status service_name

How do you troubleshoot and resolve performance bottlenecks in a Linux server?

Maintaining optimal performance on your Linux server is crucial. But how do you identify and resolve bottlenecks when things slow down? Here’s a roadmap to guide you:

Identify Symptoms:

Slow response times: Applications feel sluggish, users experience delays.
High CPU usage: Processes consistently consume high CPU resources.
Low memory availability: System frequently swaps memory to disk, performance drops.
Network congestion: High network traffic causes slow data transfer.
Disk bottleneck: Disk I/O operations struggle to keep up with demand.

Gather Data:

Monitoring tools: Utilize tools like top, htop, iostat, netstat, and sar to monitor CPU, memory, disk, and network activity.
System logs: Check system logs (often in /var/log) for errors or warnings related to performance issues.
Application logs: Review application logs for specific clues about performance problems.

Analyze and Pinpoint the Bottleneck:

Correlate data: Match performance symptoms with resource usage spikes in monitoring tools.
Application behavior: Understand the resource requirements of your applications and identify potential resource hogs.
Log analysis: Look for clues in logs that might be related to the bottleneck, such as disk errors, high network traffic, or memory allocation failures.

Resolve the Bottleneck:

Hardware upgrades: If bottleneck is due to insufficient hardware resources (CPU, RAM, disk), consider upgrades.
Process optimization: Optimize resource-intensive processes or move them to less-loaded systems.
Application tuning: Optimize application settings or configurations to reduce resource consumption.
Kernel tuning: Advanced users can fine-tune kernel parameters for specific performance needs.
Network optimization: Consider network congestion troubleshooting and bandwidth adjustments if applicable.

Monitor and Test:

After applying changes, monitor performance again to verify improvement.
Be cautious with kernel tuning, as incorrect changes can affect system stability.

Explain the role of SELinux (Security-Enhanced Linux) in enhancing system security.

Security-Enhanced Linux (SELinux) is a mandatory access control (MAC) mechanism implemented in the Linux kernel to provide an additional layer of security for systems. Developed by the National Security Agency (NSA), SELinux goes beyond traditional discretionary access controls (DAC) by enforcing policies that restrict the actions of processes, even those running with elevated privileges.

Key Aspects and Roles:

Mandatory Access Control (MAC): SELinux policies define allowed actions for processes, regardless of user or group permissions, preventing unauthorized access even with elevated privileges.
Labels and Roles:
Each process, file, and resource are assigned a security context label that includes a role, a type, and a level.
Roles define the set of permissions a subject (process) can have.
Types represent the domain of an object (file, process), defining its intended behavior.
Fine-Grained Controls: SELinux provides fine-grained controls, allowing administrators to specify which operations a process can perform on specific types of files.
Default Deny: SELinux follows a default deny policy, meaning that everything is denied unless explicitly allowed.
Security Policies: Security policies are defined through policy modules and are loaded dynamically.

Multi-level security (MLS): Provides additional security layers in sensitive environments, where data is classified based on confidentiality and integrity levels.
Auditing: SELinux logs attempts to violate policies, aiding in intrusion detection and forensic analysis.

Impact on Security:

Reduced attack surface: By restricting process access, SELinux makes it harder for attackers to exploit vulnerabilities and compromise the system.
Enhanced containment: Limits the damage caused by malware or compromised processes, preventing them from spreading or accessing critical resources.
Compliance: SELinux can help organizations meet security compliance requirements, such as those for government or healthcare systems.

Example Commands:

To check the SELinux status: sestatus
To set SELinux to enforcing mode: setenforce 1
To view the SELinux context of a file: ls -Z filename

Example:

To allow the Apache web server to write to a specific directory:

semanage fcontext -a -t httpd_sys_rw_content_t ‘/path/to/directory(/.*)?’ restorecon -Rv /path/to/directory

SELinux enhances system security by implementing mandatory access controls, minimizing the impact of security vulnerabilities, and providing a granular level of control over processes and resources.

Describe the process of setting up and configuring a Linux-based firewall using ‘iptables’.

iptables is a powerful command-line tool in Linux for configuring and managing firewall rules. It provides fine-grained control over network traffic entering and leaving your system, protecting it from unauthorized access and malicious attacks. Here’s a simplified overview of the setup process:

Basic Steps:

Check Current Rules: Use iptables -L to list currently active rules.

sudo iptables -L

Define Default Policies: Chains are groups of rules that process traffic in a specific order. Common chains include INPUT, OUTPUT, and FORWARD.

sudo iptables -P INPUT ACCEPT

sudo iptables -P FORWARD ACCEPT

sudo iptables -P OUTPUT ACCEPT

Create Rules: Each rule specifies criteria for matching traffic (source/destination IP, port, protocol) and the action to take (ACCEPT, DROP, REJECT).

sudo iptables -A INPUT -p tcp –dport 22 -j ACCEPT # Allow SSH

sudo iptables -A INPUT -p tcp –dport 80 -j ACCEPT # Allow HTTP

sudo iptables -A INPUT -j DROP # Drop other traffic

Save Configuration: Save the configuration to make it persistent across reboots:

sudo service iptables save

On some distributions, you may need to use:

sudo iptables-save > /etc/sysconfig/iptables

Enable iptables Service: Ensure the iptables service is enabled and started:

sudo systemctl enable iptables

sudo systemctl start iptables

Monitor Rules: Monitor traffic and test your rules thoroughly and make adjustments as needed to ensure proper functionality and security.

sudo iptables -L -v

Example: Allowing incoming SSH traffic:

sudo iptables -A INPUT -p tcp –dport 22 -j ACCEPT

Denying incoming traffic by default:

sudo iptables -P INPUT DROP

Advanced Features:

NAT (Network Address Translation): Translate IP addresses and ports for network traffic routing.
Logging and Monitoring: Log traffic flow and rule matches for security analysis and troubleshooting.
Firewalld: A newer firewall management tool that provides a user-friendly interface for iptables configuration.

What is kernel tuning, and how can it be performed in a Linux environment?

Kernel tuning refers to the process of adjusting various parameters and settings in the Linux kernel to optimize system performance, stability, and resource utilization. This involves modifying configuration parameters related to memory management, file systems, networking, process scheduling, and other aspects of kernel behaviour.

Performing Kernel Tuning:

Identify Performance Metrics: Use monitoring tools (vmstat, sar, top) to identify system performance metrics such as CPU usage, memory usage, disk I/O, and network activity.
Understand Kernel Parameters: Review the available kernel parameters and their meanings. Documentation is often available in the kernel documentation (/usr/src/linux/Documentation/sysctl/).
Modify Parameters Temporarily: Use the sysctl command to modify kernel parameters temporarily. Changes made with sysctl take effect immediately but are not persistent across reboots.

sudo sysctl -w parameter=value

Modify Parameters Persistently: Edit the /etc/sysctl.conf or create a new file in the /etc/sysctl.d/ directory to make changes persistent across reboots.

sudo nano /etc/sysctl.conf

Apply Changes: Apply changes from the configuration file:

sudo sysctl -p

Monitor and Adjust: Monitor system performance after tuning to ensure improvements and adjust parameters as needed.

Example:

To increase the maximum number of file handles:

sudo sysctl -w fs.file-max=100000

To make the change persistent, add the following line to /etc/sysctl.conf:

fs.file-max=100000

Apply changes:

sudo sysctl -p

Kernel tuning is an essential aspect of system optimization, especially for servers handling specific workloads. When dealing with advanced Linux interview questions for experienced professionals, demonstrating a deep understanding of kernel tuning becomes imperative. It requires careful consideration and testing to ensure that adjustments positively impact system performance.

Discuss the various RAID levels and their applications in Linux storage configurations.

RAID stands for Redundant Array of Independent Disks, is a storage technology that combines multiple physical disk drives into a single logical unit for data redundancy, performance improvement, or a combination of both. Various RAID levels offer different configurations to address specific needs.

Common RAID Levels:

RAID 0 (Striping):

Data is striped across multiple disks for improved performance.
No redundancy; if one disk fails, all data is lost.
Application: Suitable for scenarios where performance is a priority, and data redundancy is not critical (e.g., temporary data, caching).

RAID 1 (Mirroring):

Data is mirrored between pairs of disks for redundancy.
Each disk has a duplicate, and the system can operate with one failed disk.
Application: Used when data integrity and redundancy are crucial (e.g., critical system files, important databases).

RAID 5 (Striping with Parity):

Data is striped across multiple disks, and parity information is distributed.
Provides redundancy, and the system can tolerate the failure of one disk.
Application: Balanced approach suitable for applications where a compromise between performance and redundancy is acceptable.

RAID 6 (Striping with Dual Parity):

Like RAID 5 but with two sets of parity data.
Provides redundancy, and the system can tolerate the failure of two disks.
Application: Suitable for scenarios where additional redundancy is required, such as large capacity drives.

RAID 10 (Combination of RAID 1 and RAID 0):

Combines mirroring and striping.
Provides both performance improvement and redundancy.
Application: Suitable for applications where both high performance and data redundancy are critical (e.g., database servers).

Example in Linux:

To create a RAID 1 array using mdadm:

sudo mdadm –create –verbose /dev/md0 –level=1 –raid-devices=2 /dev/sdX1 /dev/sdY1

RAID configurations are chosen based on the specific requirements of a system, considering factors such as performance needs, data redundancy, and the level of fault tolerance required for a given application or use case.

How does the Linux kernel handle process scheduling? Explain the Completely Fair Scheduler (CFS).

The Linux kernel uses a scheduler to manage the execution of processes on the CPU. The scheduler is responsible for determining which process gets access to the CPU and for how long. The Completely Fair Scheduler (CFS) is one of the scheduling algorithms used in the Linux kernel.

Scheduling Overview:

Processes: Entities requesting CPU time to execute instructions.
Kernel scheduler: Manages process execution by determining which process gets assigned the CPU next.
Scheduling classes: Categorize processes based on their characteristics and apply specific scheduling algorithms.
Scheduling algorithms: Determine when and for how long a process executes based on various factors.

Completely Fair Scheduler (CFS):

Fairness and Balance:

CFS aims to provide fairness by ensuring that each process receives a fair share of CPU time.
It maintains a balance between interactive and CPU-bound processes.

Virtual Runtime:

CFS uses a concept called “virtual runtime” to determine the priority of a process.
Processes with higher virtual runtime values are considered less favorable, and those with lower virtual runtime values are given preference.

Time Quanta:

Each process is assigned a time quantum during which it is allowed to run.
The scheduler tries to distribute CPU time fairly among all processes, ensuring that each gets a share based on its priority.

Red-Black Tree:

CFS uses a red-black tree to maintain a list of runnable processes.
The tree is ordered by virtual runtime, allowing for efficient selection of the process with the least virtual runtime.

Load-Balancing:

CFS includes load-balancing mechanisms to distribute tasks across multiple CPUs, maintaining fairness in a multi-core environment.

Example Commands:

To view the scheduler in use:

cat /sys/kernel/debug/sched_features

To display detailed information about the scheduler:

cat /proc/sys/kernel/sched_debug \

Explain the purpose and usage of the ‘journalctl’ command for viewing system logs.

journalctl is a command-line utility in Linux that allows users to query and display messages from the journal, a centralized logging system introduced by systemd. The journal collects and stores log data, including messages from the kernel, system services, and applications.

Purpose and Usage:

Viewing Logs: To display logs, use the journalctl command without any options. This shows the entire log history, with the most recent entries at the bottom.

journalctl

Filtering by Unit: To filter logs by a specific unit (e.g., a service or application), use the -u option.

journalctl -u apache2

Filtering by Time: To view logs within a specific time range, use the –since and –until options.

journalctl –since “2022-01-01” –until “2022-02-01”

Follow Mode: To continuously follow new log entries as they are generated, use the -f option.

journalctl -f

Filtering by Priority: To filter logs by priority (e.g., errors, warnings), use the -p option.

journalctl -p err

Exporting to File: To save logs to a file, use the –output option.

journalctl –output=mylogs.txt

Displaying Kernel Messages: To show kernel messages, use the -k option.

journalctl -k

Viewing Logs for Specific Process: To view logs for a specific process, use the _PID field.

journalctl _PID=1234

Displaying Messages in a Pager: To display messages in a pager (e.g., less), use the -b option.

journalctl -b | less

journalctl provides a flexible and powerful interface for viewing and analyzing log data. It simplifies log management and facilitates troubleshooting by allowing users to filter and search for specific information within the system logs.

Discuss the differences between TCP and UDP protocols and their use cases.

Understanding the distinctions between TCP and UDP is crucial for selecting the appropriate protocol for your network communication needs. Here’s a breakdown of their key differences and use cases:

TCP (Transmission Control Protocol):

Connection-oriented: Establishes a reliable connection between sender and receiver, ensuring all data packets arrive in the correct order and without errors.
Reliable: Uses retransmission and acknowledgment mechanisms to guarantee data integrity and delivery.
Slower: Introduces overhead due to connection establishment, error checking, and flow control.
Applications: File transfers, web browsing, email, VPNs, where data integrity and order are paramount.

UDP (User Datagram Protocol):

Connectionless: Sends data packets independently without establishing a connection, offering speed and simplicity.
Unreliable: No guarantees about delivery or order of packets. Lost or out-of-order packets are not automatically recovered.
Faster: Lack of connection management and error checking makes it quicker.
Applications: Streaming media, real-time applications (voice, video), gaming, where speed and low latency are essential, and data loss can be tolerated.

Choosing the Right Protocol:

Prioritize reliability: Use TCP for applications where data integrity and correct order are crucial.
Prioritize speed and low latency: Opt for UDP when speed is critical, and some data loss is acceptable.
Hybrid approaches: Some applications (e.g., VoIP) combine TCP and UDP for different aspects of data transmission.

How can you optimize disk I/O performance in a Linux system?

Efficient disk I/O is crucial for a responsive and performant Linux system. Here are some key strategies to optimize it:

1. Use Solid-State Drives (SSDs): SSDs offer faster read and write speeds compared to traditional hard disk drives (HDDs).
2. RAID Configuration: Implement RAID configurations to distribute I/O across multiple disks, enhancing performance and providing fault tolerance.

3. Adjust Filesystem Mount Options: Optimize filesystem mount options. For example, use the noatime option to reduce write operations associated with updating access times.
4. Use I/O Schedulers: Choose appropriate I/O schedulers for your workload. Common schedulers include CFQ, deadline, and noop. Test and select based on performance characteristics.
5. Tune Read-Ahead Settings: Adjust the read-ahead settings to optimize the amount of data read from the disk in a single operation.
6. Allocate Sufficient RAM for Caching: Ensure that the system has sufficient RAM to cache frequently accessed data, reducing the need for frequent disk reads.
7. Monitor Disk Usage: Regularly monitor disk usage and identify any potential bottlenecks using tools like iostat or iotop.
8. Implement Filesystem Journaling: Consider disabling or optimizing filesystem journaling for specific use cases where write performance is critical.
9. Optimize Swap Configuration: Adjust swap settings to optimize disk usage. Ensure that the swap space is appropriately sized and consider using faster devices for swap, such as SSDs.
10. Use Asynchronous I/O: For applications that support it, consider using asynchronous I/O to overlap I/O operations with other processing.
11. Periodic Defragmentation: For filesystems that may become fragmented over time (e.g., ext4), consider periodic defragmentation to optimize disk layout.
12. Monitor and Analyze: Continuously monitor and analyze disk I/O performance using tools like iotop, dstat, or sar.

Explain the concept of chroot jail and its applications in Linux security.

chroot (change root) is a Unix command that changes the root directory for the current running process and its children. In Linux, a chroot jail creates a restricted environment for processes, limiting their access to the system and enhancing security. Imagine it as a walled garden where processes can only access resources within its boundaries.

Do you want to learn more about Linux systems, and other advanced topics in computer science? If yes, then you should consider pursuing a Master of Science in Computer Science from LJMU. This degree will equip you with the skills and knowledge to design, develop, and implement complex software systems, using cutting-edge tools and technologies. You will also have the opportunity to work on real-world projects, collaborate with industry partners, and conduct research under the guidance of expert faculty.

Key Concepts:

chroot system call: Changes the root directory of a process, making a specific directory appear as the root of the filesystem.
Restricted filesystem: The chosen directory contains a limited set of files and programs, mimicking a minimal Linux system.
Process confinement: Confined processes cannot access files or programs outside the chroot jail, effectively limiting their potential damage.

Applications in Linux Security:

Isolation: chroot is used to create isolated environments for processes, restricting their access to the filesystem. This helps contain potential security breaches.
Testing and Development: In software development and testing, chroot is employed to create sandboxed environments, allowing developers to test applications in controlled conditions without affecting the system.
Security Hardening: By limiting the filesystem access of certain processes, chroot helps enhance the overall security of a system. Malicious code within a chroot environment has reduced impact on the host system.
Services and Servers: Some network services, such as FTP or DNS servers, utilize chroot to isolate processes and prevent unauthorized access to the broader filesystem.
Software Deployment: chroot is used in software deployment to create environments with specific library versions or configurations required by an application, ensuring compatibility.

Example: To enter a chroot environment:

sudo chroot /path/to/chroot/environment

Describe the Linux Unified Key Setup (LUKS) and its role in disk encryption.

Linux Unified Key Setup (LUKS) provides a robust and standardized framework for full disk encryption on Linux systems. It safeguards your data by encrypting everything stored on the disk, offering strong protection against unauthorized access even if the physical disk is stolen.

Key Features of LUKS:

Full Disk Encryption: LUKS is designed to encrypt entire block devices, ensuring that all data on the device is protected.
Key Management: LUKS allows users to manage multiple encryption keys, providing flexibility in key storage, rotation, and recovery.
Compatibility: LUKS is widely supported in Linux distributions and can be used with various disk encryption tools, making it a standard for encrypted volumes.
Integration with Cryptsetup: Cryptsetup is a utility that interacts with the device-mapper subsystem of the Linux kernel to provide LUKS functionality. It handles the setup, unlocking, and management of LUKS-encrypted devices.
Passphrase and Keyfile Support: LUKS supports passphrase-based unlocking as well as the use of keyfiles, allowing users to choose the authentication method that best suits their security requirements.
Header Information: LUKS stores metadata, including encryption parameters and key slots, in the header of the encrypted device. This metadata is essential for proper decryption.
Encryption Algorithms: LUKS supports various encryption algorithms, including AES (Advanced Encryption Standard) and Twofish, providing options for users to choose based on their security needs.

Example:

Create an Encrypted Volume:

sudo cryptsetup luksFormat /dev/sdX

Open the Encrypted Volume:

sudo cryptsetup luksOpen /dev/sdX my_encrypted_volume

Create a Filesystem on the Encrypted Volume:

sudo mkfs.ext4 /dev/mapper/my_encrypted_volume

Mount the Encrypted Volume:

sudo mount /dev/mapper/my_encrypted_volume /mnt

Discuss the advantages and disadvantages of containerization technologies like Docker in Linux.

Containerization technologies like Docker are revolutionizing software development and deployment across various industries. When exploring the best linux interview questions, understanding Docker’s role and its impact on application packaging and deployment is often a key focus. Docker’s popularity stems from its ability to package applications with their dependencies into isolated, portable containers, offering several advantages alongside some potential drawbacks:

Advantages of Docker and Containerization:

Portability: Containers encapsulate the application and its dependencies, ensuring consistency across different environments. Applications run consistently on any system that supports Docker.
Isolation: Containers provide process and file-system isolation, allowing multiple applications to run on the same host without interfering with each other. Each container runs in its own user space.
Resource Efficiency: Containers share the host OS kernel, reducing overhead and improving resource utilization compared to virtual machines. Containers can start and stop quickly, scaling applications efficiently.
Rapid Deployment: Docker allows for quick deployment of applications as containers. Images can be easily shared and distributed through container registries, facilitating a streamlined deployment process.
DevOps Integration: Containers align well with DevOps practices, enabling continuous integration and continuous deployment (CI/CD) pipelines. Docker images can be versioned, providing a consistent environment throughout the development lifecycle.
Microservices Architecture: Containers are well-suited for microservices architecture, allowing applications to be broken down into smaller, manageable components that can be developed, deployed, and scaled independently.

Disadvantages of Docker and Containerization:

Security Concerns: While containers provide isolation, vulnerabilities in the host kernel or misconfigurations can pose security risks. Proper security measures, such as container scanning and host hardening, are essential.
Learning Curve: Adopting containerization technologies requires learning new tools and concepts. Teams need to invest time in understanding container orchestration, Dockerfiles, and related technologies.
Resource Overhead: While containers are more lightweight than virtual machines, there is still some overhead associated with running multiple containers on a host. Resource allocation and management become crucial for optimal performance.
Compatibility Challenges: Some legacy applications may not be well-suited for containerization due to dependencies or specific requirements. Compatibility issues can arise during the migration of existing applications to containers.
Persistent Storage: Managing persistent storage for containers can be challenging. While Docker provides volume support, handling data consistency and durability in containerized applications requires careful consideration.
Container Orchestration Complexity: Implementing container orchestration tools like Kubernetes adds complexity to the infrastructure. Configuring and managing clusters, services, and networking may require additional expertise.
Describe the difference between logical and physical volumes in Linux and how Logical Volume Management (LVM) works. What are the benefits of using LVM compared to traditional partitioning?

Understanding the distinction between logical and physical volumes is crucial for efficient storage management in Linux. Here’s a breakdown:

Physical Volumes (PVs):

Representation: The actual physical storage devices, such as hard disks or partitions.
Direct interaction: Limited, requiring specialized tools for low-level operations.
Inflexible: Fixed size and layout, difficult to resize or modify without data loss.

Logical Volumes (LVs):

Abstraction: Created on top of PVs using LVM, offering a flexible and dynamic way to manage storage.
User interaction: Managed through LVM tools, allowing for easier resizing, expansion, and management.
Dynamic: Can be resized, extended, and mirrored (for redundancy) without affecting existing data.

How Logical Volume Management (LVM) Works:

A software layer that sits between the physical storage and the operating system, providing a pool of storage from which logical volumes are carved:

Create PVs: Identify and define physical disks or partitions that will be part of the LVM pool.

Create Volume Groups (VGs): Combine multiple PVs into logical groups for unified management.

Create LVs: Carve out virtual volumes from the available space within a VG.

Format and mount LVs: Apply a filesystem (e.g., ext4) and mount the LV onto a mount point for use.

Benefits of LVM vs. Traditional Partitioning:

Dynamic Resizing: LVM allows for easy resizing of logical volumes, even when the system is online. This flexibility is particularly beneficial for adapting to changing storage requirements without downtime.

Snapshot Creation: LVM enables the creation of snapshots, which are point-in-time copies of logical volumes. This is useful for backups and testing without affecting the original data.

Striping and Mirroring: LVM supports features like striping (dividing data into blocks and spreading them across multiple physical volumes) and mirroring (maintaining identical copies of data on separate physical volumes), enhancing performance and data redundancy.

Improved Space Utilization: LVM offers more efficient space utilization by aggregating space from different physical volumes into a single logical volume, reducing wasted space.

No Fixed Partition Sizes: Unlike traditional partitions with fixed sizes, LVM allows for easy resizing of logical volumes, providing greater adaptability to changing storage needs.

Adding and Removing Storage: Storage can be added or removed dynamically, making it easier to accommodate growing or changing storage requirements without reformatting or repartitioning.

Explain the purpose and usage of the ‘strace’ command for system call tracing.

strace is a diagnostic tool in Linux used for tracing system calls made by a process. It allows users to monitor the interactions between a program and the kernel, providing insight into system calls, signals, and other events.

Purpose and Usage:

Tracing System Calls: strace traces system calls made by a specified process, displaying information such as the call type, arguments, and return values.

strace -p <PID>

Logging to a File: strace can log the trace output to a file, which is useful for analyzing the behavior of a program over time.

strace -o output.txt <command>

Filtering System Calls: Users can filter specific system calls for monitoring, providing a focused view of the interactions.

strace -e open,read,write <command>

Displaying Timestamps: strace can display timestamps for each system call, aiding in the analysis of timing-related issues.

strace -t <command>

Following Forked Processes: strace can follow forked processes, displaying the trace output for child processes as well.

strace -f <command>

Analyzing Signals: strace provides information about signals received by the traced process, helping identify any signal-related issues.

strace -e trace=signal <command>

Displaying Call Summary: strace can summarize the counts and times of each system call, providing an overview of the system call activity.

strace -c <command>

Linux How can you monitor and manage network interfaces in a Linux environment?

Effective network management is crucial for smooth operation and security in Linux environments. Here are some key tools and techniques:

Monitoring:

ifconfig or ip addr: Display information about network interfaces, including IP addresses, MAC addresses, and link status.
netstat -i: View detailed statistics on network traffic, including bytes sent and received, errors, and packet drops.
/proc/net directory: Provides various files with detailed network statistics and information.
tcpdump or wireshark: Capture and analyze network traffic packets for deeper insights into network activity and troubleshooting.
Monitoring tools: Many graphical and command-line tools like iftop, htop, and nethogs offer real-time visualizations of network activity.

Managing:

ifconfig or ip addr: Enable/disable interfaces, configure IP addresses, and set other parameters.
route: Add, modify, and delete routing entries for network traffic.
firewalld or iptables: Implement firewalls to control inbound and outbound network traffic for security purposes.
Network management tools: Explore tools like nmtui or graphical network managers like NetworkManager for user-friendly interface configuration.

Additional Tips:

Use scripts to automate repetitive network tasks.
Regularly update system and kernel for security patches and performance improvements.
Monitor for suspicious network activity and investigate potential threats.

Describe the differences between ‘systemctl’ and ‘service’ commands for managing services in Linux.
Purpose:

systemctl is a more comprehensive and modern tool that serves as a central management utility for controlling system services, examining their status, and managing the system. It integrates with the systemd init system.
service is a traditional command used for controlling services in Unix-like systems. It is more specific and focused on basic service management.

Init System:

systemctl is closely tied to the systemd init system, which is prevalent in modern Linux distributions. It provides advanced features like service dependencies, parallelization, and process tracking.

service is used with traditional init systems like SysVinit or Upstart.

Syntax:

systemctl uses a consistent syntax for managing services, making it easy to remember. For example, to start a service:

systemctl start <service_name>

service follows a slightly different syntax. To start a service:

service <service_name> start

Service States:

systemctl provides more detailed information about the state of a service, including whether it is active, inactive, enabled, or disabled. It also shows logs using journalctl.
service typically provides less detailed information about the service state.

Integration with systemd Features:

systemctl integrates seamlessly with systemd features such as socket activation, user services, and cgroups.
service lacks integration with newer systemd features and is more straightforward in its functionality.

Compatibility:

systemctl is the standard tool for managing services on systems that use systemd as the init system.
service is used on systems with traditional init systems.

Example Usage:

systemctl examples:

systemctl start apache2

systemctl status apache2

service examples:

service apache2 start

service apache2 status

Forward Compatibility:

systemctl is more forward compatible, as it is designed for use with modern init systems.
service may become deprecated on systems adopting systemd.

Uniformity Across Distributions:

systemctl provides a consistent interface across various Linux distributions that use systemd.
service commands might vary between distributions using different init systems.

Explain the use of ‘cron’ and ‘anacron’ for scheduling recurring tasks in Linux.

cron:

Purpose: cron is a time-based job scheduler in Unix-like operating systems. It allows users to schedule tasks (known as cron jobs) that run periodically at specified intervals or fixed times.
Configuration: Users can edit their crontab files using the crontab command. Each user can have their own crontab file, and system-wide tasks can be scheduled in the /etc/crontab file. Example: Edit the current user’s crontab file:

crontab -e

Syntax: The crontab syntax consists of five fields representing minute, hour, day of the month, month, and day of the week. A cron job is defined by specifying the time when the job should run and the command or script to execute. Example, Run a script every day at 3:30 AM:

30 3 * * * /path/to/script.sh

Common Use Cases: Regular backups, log rotation, system maintenance, and other tasks that need to be performed on a scheduled basis.

anacron:

Purpose: anacron is similar to cron but is designed for systems that may not be running continuously. It ensures that scheduled tasks are executed, even if the system is powered off or in a non-operational state during the specified time.
Configuration: Users can set up their anacron jobs by creating files in the /etc/anacrontab configuration file. Example, Edit the anacrontab file:

sudo nano /etc/anacrontab

Syntax: Anacron uses a slightly different syntax compared to cron. Each job is defined by a line specifying the frequency, delay, and command. Example, Run a weekly job with a delay of 5 minutes:

7 5 my_weekly_job /path/to/script.sh

Common Use Cases: Tasks that need to be performed periodically but can tolerate some flexibility in the execution time. This is useful for laptops or systems that are not always online.

Key Differences:

cron assumes the system is always on and runs tasks at precise intervals. It may miss tasks if the system is powered off during the scheduled time.
anacron is designed for systems that are not always running. It adjusts the execution time based on the

Discuss the process of kernel module management in Linux.
Overview: Kernel modules are pieces of code that can be loaded and unloaded into the Linux kernel without requiring a reboot. They extend the functionality of the kernel and can be dynamically added or removed.
insmod Command: The insmod command is used to insert a kernel module into the running kernel.

sudo insmod module_name.ko

rmmod Command: The rmmod command removes a kernel module from the running kernel.

sudo rmmod module_name

If a module is in use, it cannot be removed. Use the -f option to force removal, but it may lead to unpredictable behavior.

modprobe Command: The modprobe command is a more advanced tool that not only loads modules but also resolves and loads dependencies. It automatically loads dependencies required by the specified module.

sudo modprobe module_name

Module Configuration: Module parameters can be configured during insertion. These parameters are specified when using insmod or modprobe.

sudo modprobe module_name param1=value1 param2=value2

Module Information: Use the lsmod command to list currently loaded modules along with information about their usage.

lsmod

Module Blacklisting: To prevent a module from loading automatically, it can be blacklisted by adding its name to the /etc/modprobe.d/blacklist.conf file.

echo “blacklist module_name” | sudo tee -a /etc/modprobe.d/blacklist.conf

Module Documentation: Many kernel modules come with documentation that can be accessed using tools like modinfo:

modinfo module_name

Module Logs: Kernel module loading and unloading information can be found in system logs, typically in /var/log/messages or /var/log/syslog. Example using dmesg:

dmesg | grep module_name

depmod Command: The depmod command generates module dependency information. It is often run after installing a new module manually.

sudo depmod -a

How can you secure SSH access to a Linux server? Discuss best practices.
Use Strong Passwords or SSH Keys: Ensure that strong, unique passwords are set for SSH accounts. Alternatively, use SSH keys for authentication, which enhances security by eliminating the need for password-based logins.
Disable Root Login: Disable direct root login via SSH. Instead, log in as a regular user and use sudo to perform administrative tasks. This reduces the risk of unauthorized access.

# In /etc/ssh/sshd_config

PermitRootLogin no

Change SSH Port: Change the default SSH port (22) to a non-standard port. This can help mitigate automated attacks targeting the default port.

Port <new_port>

Implement Two-Factor Authentication (2FA): Enable two-factor authentication to add an extra layer of security. This typically involves using a password and a temporary code generated by a 2FA app or sent via SMS.
Restrict SSH Protocol Versions: Limit the SSH protocol versions to enhance security. Disable older, potentially vulnerable versions.

Protocol 2

Configure AllowList (Whitelist): Specify which users or IP addresses are allowed to connect to the SSH server. This helps control access and prevents unauthorized logins.

AllowUsers username@allowed_ip

Set Idle Timeout: Configure an idle timeout to automatically disconnect inactive sessions. This helps prevent unauthorized access in case a user forgets to log out.

ClientAliveInterval 300 ClientAliveCountMax 2

Disable Empty Passwords: Ensure that accounts with empty passwords are not allowed to log in via SSH.

PermitEmptyPasswords no

Regularly Update SSH Software: Keep the SSH server software up to date to patch known vulnerabilities. Regularly update the system to include the latest security fixes.

sudo apt-get update sudo apt-get upgrade

Monitor SSH Logs: Regularly review SSH logs for unusual or suspicious activities. Implement logging and monitoring solutions to detect and respond to potential security threats.

tail -f /var/log/auth.log

Harden Operating System: Implement general system hardening measures, such as regularly applying security updates, configuring firewalls, and using intrusion detection systems.
Disable Unused SSH Features: Disable unnecessary SSH features and protocols to minimize the attack surface. For example, disable X11 forwarding if not required.

X11Forwarding no

Use Fail2Ban: Install and configure Fail2Ban to automatically ban IP addresses that exhibit suspicious behavior, such as repeated failed login attempts.
Encrypted Key Exchange: Ensure the use of strong cryptographic algorithms for key exchange. Disable weaker algorithms and use modern ciphers.

KexAlgorithms <strong_kex_algorithm>

Explain the role of the ‘tcpdump’ command in network troubleshooting and packet analysis.

tcpdump is a command-line tool in Linux for capturing and analyzing network traffic on your system. It functions as a powerful “packet sniffer,” enabling you to eavesdrop on network activity and gain valuable insights into various aspects of communication, both for troubleshooting and security purposes.

Key Capabilities:

Real-time Packet Capture: Observe network traffic flowing through your system’s interfaces in real-time, providing immediate visualizations of communication patterns and potential issues.
Offline Analysis: tcpdump allows you to save captured packets for later analysis using various file formats like  .pcap or .pcapng, compatible with other network analysis tools.
Detailed Packet Inspection: Examine individual packets’ headers and payloads, including:

Source and destination IP addresses, ports, and protocols

Sequence numbers, acknowledgment numbers, and flags in TCP/IP connections
Application-layer data (e.g., HTTP requests, emails) if you specify relevant filters

Filtering and Focusing: Narrow down the captured traffic using filter expressions (e.g., tcpdump -i eth0 dst host 8.8.8.8) to isolate specific protocols, hosts, or ports of interest, enhancing efficiency and clarity.
Multiple Interface Support: Capture traffic from different network interfaces on your system (e.g., tcpdump -i eth0 -i wlan0) to gain a comprehensive understanding of activity across all connected networks.

Common Use Cases:

Identifying Network Issues: Isolate performance bottlenecks, diagnose connection problems, and pinpoint the source of abnormal traffic or errors.
Troubleshooting Network Security: Monitor network activity for suspicious behavior, detect potential intrusions, and analyze security vulnerabilities.
Debugging Network Applications: Understand how applications interact with the network, identify protocol-level issues, and optimize communication efficiency.
Network Forensics: Conduct post-mortem analysis of network events, gather evidence for security investigations, and reconstruct past network activity.

Common Commands:

Basic capture: tcpdump -i eth0 (captures all traffic on interface eth0)
Filter by host: tcpdump -i eth0 dst host 192.168.1.100 (captures traffic to/from host 192.168.1.100)
Filter by port: tcpdump -i eth0 port 80 (captures HTTP traffic on port 80)
Filter by protocol: tcpdump -i eth0 tcp (captures only TCP traffic)
Filter by user: tcpdump -i eth0 ‘not port 22 and (tcp[source port] > 1024)’ (captures non-SSH traffic initiated by local processes)
Write to file: tcpdump -i eth0 -w capture.pcap (saves captured packets to capture.pcap)
Read from file: tcpdump -r capture.pcap (analyzes captured packets from capture.pcap)
Follow live updates: tcpdump -i eth0 -C 10000 -w capture.pcap (captures 10000 packets to capture.pcap and updates live)