Linux Operations

Advanced

/etc/environment

Global environment vars are often configured there.

Which file typically stores system-wide environment variables?

Advanced

/etc/fstab

The `/etc/fstab` file (file system table) is used to define how disk partitions, various other block devices, or remote file systems (like NFS or CIFS) should be mounted and unmounted automatically at boot time. `/etc/network/interfaces` is for network configuration, `/etc/rc.local` is for custom boot commands (though often deprecated), and `~/.bashrc` is for user-specific shell configurations.

A DevOps pipeline relies on a network filesystem (NFS) mount located at `/mnt/data`. To ensure this mount persists across reboots, where should its configuration be defined?

Advanced

/etc/hosts

Hosts file resolves names locally.

Which file maps hostnames to IP locally?

Advanced

/etc/sudoers with `builduser ALL=(ALL) NOPASSWD: /usr/bin/systemctl restart nginx`

The `/etc/sudoers` file (or files within `/etc/sudoers.d/`) is used to configure `sudo` access, defining which users can run which commands with elevated privileges, optionally without a password (`NOPASSWD`). The provided entry is the correct syntax. Modifying `/etc/passwd` is incorrect and dangerous. `~/.bashrc` and `/etc/profile` are for environment/shell configuration, not privilege management.

A DevOps engineer needs to grant a specific user, `builduser`, the ability to run `systemctl restart nginx` without requiring a password. Which file should be modified, and with what typical entry?

Advanced

$1

`$1` refers to the first command-line argument passed to a Bash script. `$0` refers to the name of the script itself. `$@` refers to all arguments as separate strings. `$$` refers to the process ID (PID) of the current shell.

In a Bash script, how do you correctly reference the first argument passed to the script?

Advanced

0 3 * * * /usr/local/bin/backup.sh

The `crontab` format is `minute hour day_of_month month day_of_week command`. `0 3 * * *` means at minute 0 past hour 3, every day of the month, every month, every day of the week. `@daily` is a valid crontab shortcut but `0 3 * * *` is the explicit form. Option 2 would run every 3rd minute of every hour. Option 3 would run only on Sunday (day 7 or 0) at 3:00 AM.

A DevOps team wants to schedule a script (`/usr/local/bin/backup.sh`) to run daily at 3:00 AM. Which entry in the crontab for the root user would achieve this?

Advanced

A reference path to another file

Symlink points to target path.

What is a symbolic link?

Advanced

apt-get update

`apt-get update` (or simply `apt update` in newer versions) downloads the latest package information from the repositories on Debian/Ubuntu systems. `yum` and `dnf` are for Red Hat-based systems (CentOS, Fedora), and `pacman` is for Arch Linux.

Which of the following commands is used to update the package index on a Debian-based system, such as Ubuntu?

Advanced

chmod 740 myscript.sh

Owner (u) needs read (4), write (2), execute (1) = 7. Group (g) needs read (4) = 4. Others (o) need no permissions (0) = 0. Therefore, `chmod 740 myscript.sh` is correct. `u+x,g=r,o-rwx` is also correct but `740` is the direct octal representation.

You need to change the permissions of a script file named `myscript.sh` to be executable by the owner, read-only by the group, and no permissions for others. Which `chmod` command achieves this?

Advanced

chmod 754 script.sh

The octal representation `754` corresponds to: owner (7=rwx), group (5=rx), others (4=r). Option 1 provides the correct symbolic mode. While Option 1 is functionally equivalent to Option 0, the question asks for the correct `chmod` command, and 754 is a direct way to set these permissions. Option 2 is not fully correct as `+rwx` would add permissions to existing ones, not set them absolutely. Option 3 (644) would not grant execute permissions.

To change the permissions of a file named `script.sh` to allow the owner to read, write, and execute, the group to read and execute, and others to only read, which `chmod` command would you use?

Intermediate

crontab

crontab configures scheduled jobs.

Where are cron jobs for users commonly managed?

Advanced

CURRENT_DATE=$(date)

Command substitution in modern shell scripting is done using `$()`. Backticks (``) also work but are considered deprecated and can be harder to nest. `CURRENT_DATE = date` assigns the literal string 'date', and `:=` is not standard shell syntax.

In a shell script, how do you correctly assign the output of a command (e.g., `date`) to a variable named `CURRENT_DATE`?

Basics

df -h

df reports mounted filesystem usage.

Which command checks disk usage by filesystem?

Advanced

du -sh /path/to/directory

`du` (disk usage) reports the disk space used by files and directories. `-s` summarizes the total for the given directory, and `-h` provides human-readable output. `df` (disk free) reports filesystem disk space usage, typically for mounted filesystems. `ls -lh` lists file sizes within a directory, but not aggregated subdirectory usage. `free -h` shows memory usage.

Which command would you use to check the disk space usage of a specific directory, including its subdirectories, in a human-readable format?

Advanced

Execute command with elevated privileges

sudo grants temporary admin privileges.

What is the purpose of sudo?

Advanced

Execution permission on script.sh

Executable bit allows running file as program.

What does chmod +x script.sh enable?

Advanced

find /var/log -name error.log

The `find` command is used to search for files and directories in a directory hierarchy. `grep -r` searches *content* of files, not filenames. `locate` uses a pre-built database which might not be up-to-date. `search` is not a standard Linux command for this purpose.

Which command would you use to find all files named `error.log` within the `/var/log` directory and its subdirectories?

Advanced

find /var/log -type f -mtime -7 -name "*.log"

`find` is the appropriate command for searching files based on various criteria. `-type f` specifies regular files, `-mtime -7` means files modified less than 7 days ago (i.e., within the last 7 days), and `-name "*.log"` filters by the file extension. Option 3 would find files *older* than 7 days.

A DevOps engineer needs to find all files in the `/var/log` directory that were modified in the last 7 days and have a `.log` extension. Which command sequence would achieve this effectively?

Advanced

firewall-cmd --zone=public --add-service=http --permanent

`firewall-cmd --zone=public --add-service=http --permanent` is the idiomatic way to open port 80 for HTTP using `firewalld`'s predefined services. This is generally preferred over specifying port numbers directly (`--add-port=80/tcp`) when a service is available, as services often include more than just a single port (e.g., HTTP might also open HTTPS). Both options 0 and 1 are technically correct, but `add-service` is the more semantic approach for common protocols.

Which `firewall-cmd` command would permanently open port 80 (HTTP) for TCP traffic in the public zone on a RHEL/CentOS system?

Advanced

if [ -d /opt/myapp/config ]; then ... fi

`[ -d /path/to/directory ]` is the correct test to check if a path exists and is a directory. `[ -f ... ]` checks if it's a regular file. `[ ! -e ... ]` checks if it does NOT exist. `[ -x ... ]` checks if it's executable.

A Bash script needs to check if a specific directory `/opt/myapp/config` exists before proceeding. Which conditional statement accurately checks for the directory's existence?

Advanced

ip a | awk '/inet /{print $2}' | cut -d '/' -f 1

Option 1 uses `awk` to filter lines containing 'inet ' and extract the second field (which typically contains 'IP_ADDRESS/MASK'), then `cut` to remove the subnet mask. This is a very common and robust method. Option 0 uses `grep` and `cut` relying on field positioning, which can sometimes be less robust. Option 2 (sed) is also very robust using regex capture groups but can be harder to read for some. Option 3 is not robust for general use across different interfaces or outputs.

A script needs to extract the IPv4 address from the primary network interface (e.g., `eth0` or `enp0s3`) from the output of `ip a`. Assuming the IP address is on the line containing 'inet' and follows 'inet ', which command combination is the most robust?

Advanced

It lists directories where the shell looks for executable commands.

The `PATH` environment variable contains a colon-separated list of directories that the shell searches when you type a command, to find the executable program. This allows you to run commands without specifying their full path. Options 0, 1, and 3 describe other unrelated system functions.

What is the primary purpose of the `PATH` environment variable in Linux?

Advanced

journalctl -b -x

`journalctl -b -x` displays messages from the current boot (`-b`) and adds explanations for common log messages (`-x`), providing a comprehensive view of system startup events, including kernel and systemd unit logs. `dmesg` shows kernel buffer messages. `/var/log/boot.log` is not always present or comprehensive on modern systems. `tail -f /var/log/messages` only shows recent messages from a specific log file, not necessarily from boot and not consolidated by boot session.

When troubleshooting a persistent issue after a reboot, a DevOps engineer wants to review all boot messages, including kernel logs and systemd unit failures. Which command provides this consolidated view?

Advanced

journalctl -u <service_name>

`journalctl -u <service_name>` is the standard way to view logs specifically for a `systemd` unit. It retrieves logs from the `systemd` journal, which aggregates logs from various sources. The other options might provide some logs, but `journalctl` is precise for `systemd` services.

A new service has been deployed on a Linux server. The DevOps team needs to review its logs, including messages from its `systemd` unit. Which command is best suited for this task?

Advanced

kill -9 <PID> (SIGKILL)

`kill -9 <PID>` sends the `SIGKILL` signal, which immediately and unconditionally terminates a process. It cannot be caught or ignored by the process, making it a last resort. `SIGTERM` (15) is a polite request to terminate, allowing the process to clean up. `SIGHUP` (1) often reloads configuration, and `SIGINT` (2) is usually generated by Ctrl+C.

If a process becomes unresponsive and cannot be terminated using `kill <PID>`, which signal can be used to forcefully terminate it immediately?

Advanced

ln -s /var/log/application/app.log latest_log

The `ln -s` command is used to create symbolic (soft) links. The syntax is `ln -s <target> <link_name>`. So, `ln -s /var/log/application/app.log latest_log` creates `latest_log` as a symbolic link pointing to `app.log`. Option 0 would create a hard link. Options 2 and 3 are not standard Linux commands.

To create a symbolic link named `latest_log` pointing to `/var/log/application/app.log`, which command should be used?

Advanced

Mandatory Access Control (MAC) security policies

SELinux (Security-Enhanced Linux) is a security mechanism that provides Mandatory Access Control (MAC) for processes and resources. It restricts programs based on a defined security policy, going beyond traditional Discretionary Access Control (DAC) by enforcing rules that users cannot override. It is not directly involved in SSH encryption, password hashing, or disk encryption.

In a Linux environment, what does `SELinux` primarily provide?

Advanced

Memory usage in MB

free reports RAM and swap utilization.

What does free -m report?

Advanced

nc -zv host port

netcat is commonly used for port checks.

Which command tests TCP connectivity to host:port quickly?

Basics

ps aux

ps aux lists process snapshot.

What command displays running processes?

Basics

pwd

pwd prints working directory.

Which command shows current directory in Linux?

Advanced

Query logs from systemd journal

journalctl reads service/system logs.

What is the use of journalctl?

Advanced

Real-time process and resource usage

top is live system monitor.

What does top command show?

Advanced

Reduce blast radius and improve security

Least privilege is a core Linux security principle.

Why use non-root users for services?

Advanced

rsync -avzh local_dir/ user@remote_host:/remote_dir

`rsync` is highly efficient for copying files, especially over networks. The `-a` option means archive mode (preserves permissions, ownership, timestamps, etc.), `-v` for verbose, `-z` for compression, and `-h` for human-readable output. It's designed to synchronize directories, copying only changed parts, and can resume transfers. `scp` is also secure but less efficient for large or many changes. `cp` does not work over SSH directly in this manner, and `ftp` is generally unencrypted and outdated for secure transfers.

To recursively copy files and directories from a local machine to a remote server, securely and efficiently, often resuming interrupted transfers, which command is most suitable?

Advanced

rwx for owner, rx for group and others

755 maps to owner 7, group 5, others 5.

What does chmod 755 set?

Advanced

Search text by pattern

grep filters lines matching regex/string.

What does grep do?

Advanced

sed -i 's/old_value/new_value/' config.ini

`sed -i` performs in-place editing directly on the file, making it ideal for modifying a file without needing temporary files or complex redirection. Option 0 would truncate `config.ini` before the `while` loop starts reading it. Option 2 requires a temporary file and `mv`, which is a common pattern but less direct than `sed -i`. Option 3 is incorrect for in-place editing.

A Bash script needs to read a configuration file (`config.ini`) line by line, process each line, and then update the same line in the file. Which combination of tools is most suitable for this in-place editing scenario?

Advanced

Sends signal to processes named nginx

pkill targets processes by name.

What does pkill nginx do?

Advanced

Service state and recent logs

systemd status gives service diagnostics.

What does systemctl status show?

Advanced

ss -tulnp | grep 8080

`ss` (socket statistics) is a modern utility that replaces `netstat` and is generally faster and more efficient for querying socket information. `ss -tulnp` lists TCP, UDP, listening, numeric, and process information. `lsof -i :8080` is also highly effective but `ss` is often preferred for networking specifics. `ps aux | grep 8080` might show processes with 8080 in their command line, but not necessarily listening on the port.

To check which process is listening on a specific TCP port (e.g., 8080) on a Linux system, which command is most efficient and commonly used in modern distributions?

Intermediate

SSH

SSH provides encrypted remote shell.

Which tool is used to secure remote Linux access?

Advanced

ssh-copy-id devops@remote.example.com

`ssh-copy-id` is specifically designed for securely copying local public keys to remote servers, correctly appending them to the `~/.ssh/authorized_keys` file and setting appropriate permissions. Option 0 and 2 could work but are more manual and prone to errors regarding file permissions or overwriting existing keys. Option 3 copies the public key, but not to the correct `authorized_keys` file.

To establish SSH key-based authentication for a user `devops` from a local machine to a remote host `remote.example.com`, after generating the SSH key pair, what is the most common command to copy the public key?

Advanced

systemctl enable <service_name>

`systemctl enable <service_name>` creates the necessary symbolic links for a service to start automatically during system boot. `start` only starts the service for the current session, `reload` reloads its configuration, and `activate` is not a standard systemctl subcommand for this purpose.

Which `systemctl` subcommand is used to ensure a service starts automatically after a system reboot?

Basics

tail -f

tail -f streams appended log lines.

What command follows logs live?

Advanced

tar -tf archive.tar.gz

`tar -tf archive.tar.gz` lists the contents of the archive (`t` for list, `f` for file) without extracting them. `-xvf` extracts, `-czf` creates a compressed archive, and `-rf` appends files to an uncompressed archive.

Which command is typically used to view the content of compressed tar archives without extracting them?

Advanced

To manage system services and units

`systemctl` is the main command for controlling the `systemd` system and service manager. It allows users to start, stop, enable, disable, and check the status of services and other systemd units.

What is the primary purpose of the `systemctl` command in modern Linux distributions?

Intermediate

top

`top` provides a dynamic, real-time view of running processes and system resource usage, allowing for interactive sorting and killing. `htop` is a more feature-rich, user-friendly alternative to `top`. `ps aux` gives a static snapshot, and `pgrep` finds process IDs by name.

Which command is used to display currently running processes and their resource utilization in a real-time, interactive manner?

Advanced

uname -a

`uname -a` prints all system information, including the kernel name, network node hostname, kernel release, kernel version, machine hardware name, processor type, hardware platform, and operating system. While `lsb_release -a` and `cat /etc/os-release` provide distribution-specific information, `uname -a` focuses on the underlying system and kernel details. `hostnamectl` manages hostname settings.

Which command allows you to view the kernel version and other system information about the current Linux machine?