Coming up for a system administrator job interview? Read this article to learn about some of the questions you might encounter and the possible answers.

As a geek who often works with computers, IT was a natural choice for me to pursue a career in IT after my master’s degree. Therefore, I think the system administrator path is the right path. Throughout my career, I’ve become familiar with the job interview process. Here’s a look at the expectations for the position, the career path, and a list of common interview questions and my answers.

Typical tasks and responsibilities of a system administrator

Organizations need people who understand how systems work to ensure data security and keep services running smoothly. You may ask, “Wait, is there more that a system administrator can do?”

You’re right. Now, in general, let’s look at the daily tasks of a typical system administrator. Depending on the needs of the company and the skill level of the people, the tasks of a system administrator range from managing desktops, laptops, networks, and servers to designing an organization’s IT strategy. Sometimes, the system administrator is even responsible for purchasing and ordering new IT equipment.

Those seeking systems administration work as a career path may find IT difficult to keep their skills and knowledge up to date because rapid change in the IT field is inevitable. The next natural question on everyone’s mind is how IT professionals keep up with the latest updates and skills.

Simple question

Here are some of the most basic questions you will encounter, and my answers:

1. What were the first five commands you typed after logging in to the *nix server?

  • lsblkTo view all block device information
  • whoSee who is logged in to the server
  • topTo see what processes are running on the server
  • df -khTTo see the disk capacity available on the server
  • netstatTo see which TCP network connections are active

2. How do I make the process run in the background, and what are the benefits of doing so?

You can make the process run in the background by adding the special character & to the end of the command. Often, applications that take too long to execute and don’t require user interaction can be put in the background so that we can continue working in the terminal. (citation)

Is running these commands as root a good thing or a bad thing?

Running (any command) as root is bad for two main reasons. The first is risk. When you log in as root, you can’t avoid making careless mistakes. If you try to change the system in a potentially harmful way, use Sudo, which introduces a pause (while you enter your password) to make sure you don’t make a mistake.

The second reason is security. If you do not know the login information of the administrator user, the system is more difficult to attack. Having root access means you can already perform half of your tasks as an administrator.

4,rmrm -rfWhat’s the difference?

The rm command itself only deletes specified files (not directories). With the -rf flag, you add two additional functions: the -r (or its equivalent, -r, –recursive) flag can recursively delete the contents of a directory, including hidden files and subdirectories; The -f (or –force) flag causes RM to ignore nonexistent files and never prompts you for confirmation.

5, there is a size of about 15GBCompress.tgzFile. How do you list its contents, and how do you extract only specific files?

To list the contents of the file:

tar tf archive.tgz

To extract a specific file:

tar xf archive.tgz filename

A little difficult question

Here are some of the harder questions you might encounter, and my answers:

6. What is RAID? What are RAID 0, RAID 1, RAID 5, RAID 6, and RAID 10?

RAID (Redundant Array of Inexpensive Disks) is a technology used to improve data storage performance and/or reliability. RAID levels are as follows:

  • RAID 0: Also known as disk striping, this is a technique for shredding files and distributing data across all disk drives in a RAID group. It has no protection against disk failure. (citation)
  • RAID 1: A popular disk subsystem that improves security by writing the same data to both drives. RAID 1 is calledThe mirror, it does not improve write performance, but read performance may improve by the sum of each disk performance. In addition, if one drive fails, a second drive is used and the failed drive needs to be replaced manually. After the replacement, the RAID controller card copies the contents of the working drive to the new drive.
  • RAID 5: A disk subsystem that computs parity data to improve security and speed. RAID 5 achieves this by interleaving data across three or more drives (striping). In the event of a single drive failure, subsequent reads can be calculated from distributed parity so that no data is lost.
  • RAID 6: Expand RAID 5 by adding another parity block. At this level, a minimum of four disks are required, and read/write operations can continue in the event of any two concurrent disk failures. RAID 6 does not have a performance penalty for read operations, but it does have a performance penalty for write operations due to the overhead associated with parity calculations.
  • RAID 10: ALSO known as RAID 1 + 0, RAID 10 combines the disk mirroring and striping functions to protect data. It requires at least four disks and strips the data across mirror pairs. As long as one disk in each mirror pair is active, data can be retrieved. If two disks in the same mirror pair fail, all data will be lost because there is no parity in the band set. (citation)

7,pingWhich port does the command use?

The ping command uses ICMP. Specifically, it uses ICMP to echo request and reply packets.

ICMP does not use UDP or TCP communication services: instead, it uses raw IP communication services. This means that ICMP messages are directly hosted in IP datagram data fields.

What is the difference between a router and a gateway? What is the default gateway?

Routers describe a common technical function (Layer 3 forwarding) or the hardware device used for that purpose, while gateways describe the function of local network segments (providing connectivity to other places). You can also say “set router as gateway”. Another term is “hop”, which describes forwarding between subnets.

The term default gateway refers to a router on a LAN whose responsibility is to act as the first point of contact for communication with computers outside the LAN.

Explain the Linux boot process.

BIOS -> Master Boot Record (MBR) -> GRUB -> Kernel -> Initialization -> Run level

10. How do I check for error messages when the server starts?

Kernel messages are always stored in the KMSG buffer and can be viewed with the dmesg command.

Booting problems and errors require the system administrator to combine certain commands to view certain important files, which are handled differently by different versions of Linux:

  • /var/log/boot.logIs the system boot log, which contains all the content expanded during the system boot process.
  • /var/log/messagesStores global system messages, including those logged during system boot.
  • /var/log/dmesgContains kernel ring buffer information.

What’s the difference between a symbolic link and a hard link?

A symbolic link (soft link) is actually a link to the original file, while a hard link is a mirror copy of the original file. If you delete the original file, the soft link is useless because the file it points to no longer exists. If it is a hard link, the opposite is true. If you delete the original file, the hard link still contains the data from the original file. (citation)

12. How do I change kernel parameters? What kernel options might you need to tweak?

To set kernel parameters on a UNIx-like system, first edit the file /etc/sysctl.conf. After making the changes, save the file and run the sysctl -p command. This command makes the changes permanent without the need to restart the computer

13. Explain/procFile system.

The /proc file system is virtual and provides detailed information about the kernel, hardware, and running processes. Because /proc contains virtual files, it is called a “virtual file system.” These virtual files are unique. Most of these are displayed as zero bytes.

Virtual files, such as /proc/interrupts, /proc/meminfo, /proc/mounts, and /proc/partitions, provide up-to-date information about system hardware. Other directories such as /proc/filesystems and /proc/sys provide system configuration information and interfaces.

14. How do I run a script as another user without a password?

For example, if you can edit sudoers files (e.g. /private/etc/sudoers), you can use Visudo to add the following:

User1 ALL = (user2) NOPASSWD: / opt/scripts/bin/generate. Sh

What is a UID 0 toor account? Was it hacked?

The toor user is the alternate superuser account, where toor is root spelled backwards. It is expected to work with non-standard shells, so root’s default shell does not need to change.

This use is important. These shells are not part of the base distribution, but are installed from ports or packages, in /usr/local/bin, and by default, on other file systems. If root’s shell is in /usr/local/bin and the file system containing /usr/local/bin is not mounted, root cannot log in to resolve the problem and the system administrator must reboot into single-user mode to enter the path to the shell program.

Harder questions

Here’s an even more difficult problem you might encounter:

16,tracertHow does it work and what protocol does it use?

The tracert command (or traceroute, depending on the operating system) allows you to see exactly which router is being touched in the chain of connections to the final destination. If you have problems connecting or ping through your final destination, you can use Tracert to help you determine where the connection chain stops. (citation)

Through this information, you can contact the right people; Whether it’s your own firewall, YOUR ISP, your destination’s ISP or somewhere in between. The tracert command uses ICMP like ping, but you can also use the first step of a TCP three-step handshake to send a SYN request in response.

17, the use ofchrootWhat are the main advantages? When and why do we use it? In the chroot environment,mount /dev,mount /procmount /sysWhat does a command do?

The advantage of the chroot environment is that the file system is isolated from the physical host because chroot has a separate file system within the file system. The difference is that chroot uses the newly created root directory (/) as its root directory.

Chroot prison allows you to isolate processes and their children from the rest of the system. It only applies to processes that are not running as root, because root can easily get out of prison.

The idea is to create a directory tree in which to copy or link all the system files needed to run the process. You can then use the chroot() system call to tell it that the root directory is now at the base of the new tree, and then start the process running in that chroot environment. Because the command is therefore unable to reference paths other than the modified root directory, it cannot perform malicious operations (read, write, and so on) at those locations. (citation)

18. How to protect your system from hackers?

Follow the principle of least privilege and these practices:

  • Using public key encryption, it provides excellent security.
  • Enhanced password complexity.
  • Learn why you want to make exceptions to the above rule.
  • Review your exceptions regularly.
  • Hold specific people accountable for failure. (It keeps you on your toes.) (citation)

19. What is LVM and what are the benefits of using it?

LVM (Logical Volume Management) is a storage device management technology that enables users to merge and abstract the physical layout of component storage devices for easier and more flexible management. Using the Linux kernel framework of device mapper, the current iteration (LVM2) can be used to collect existing storage devices into groups and allocate logical units from the combined space as needed.

20. What is a sticky port?

Sticky ports are a network administrator’s best friend and one of the biggest headaches. They allow you to set up your network so that by locking each port on the switch to a specific MAC address, only one computer (or a number you specify) is allowed to connect on that port.

21. Explain port forwarding.

When trying to communicate with systems inside a secure network, it is obvious that it can be very difficult to communicate from outside. Therefore, the use of port forwarding tables in the router itself or other connection management devices enables specific traffic to be automatically forwarded to specific destinations. For example, if you have a Web server running on your network and you want to grant access to that server externally, you can set port forwarding to port 80 on that server. This means that anyone who enters your (extranet) IP address into a Web browser will immediately connect to that server’s Web site.

Please note that it is generally not recommended to allow direct access to the server from outside your network.

22. What are false positives and missed positives for IDS?

This is a false positive when an Intrusion Detection System (IDS) device generates an alert for an intrusion that did not actually occur. If the device does not generate any alerts and an intrusion has actually occurred, it is missed (false negative).

Explain: () {: | : &}; :If you are logged in, how do I stop this code?

This is a replica bomb. It breaks down as follows:

  • : ()Defines the function to:As the function name, and empty parentheses indicate that it does not take any arguments.
  • {}Is the beginning and end of a function definition.
  • : | :The function:Is loaded into memory and its output is piped to the function:That copy must also be loaded into memory.
  • &Makes the previous command line a background process, so that children are not killed even if the parent process is killed automatically.
  • :The function is executed, so a chain reaction begins.

The best way to protect a multi-user system is to use privileged access management (PAM) to limit the number of processes a user can use.

The biggest problem with replica bombs is that they initiate too many processes. So, if you’re already logged in, there are two ways we can try to solve this problem. One option is to execute a SIGSTOP command to stop the process, for example:

killall -STOP -u user1

If the command line cannot be used because all processes are occupied, exec must be used to force it to run:

exec killall -STOP -u user1

With replica bombs, the best option is to nip them in the bud.

24. What is the OOM killer and how does it decide which process to kill first?

The out of memory (OOM) killer comes into play if the process runs out of memory completely, which could threaten the stability of the system.

OOM killer must first choose the best process to kill. Best here refers to the process that will free the most memory when killed and is the least important to the system. The primary goal is to kill the minimum number of processes to minimize the damage done while maximizing the amount of memory released.

To achieve this, the kernel maintains an OOM_score for each process. You can see the oOM_score for each process in the pid directory of the /proc filesystem:

$ cat /proc/10292/oom_score

The higher the OOM_score of any process, the more likely it is to be killed by the OOM killer if out of memory. (citation)

conclusion

Salaries for systems administrators can vary widely, with some websites reporting between $70,000 and $100,000 a year, depending on the location, the size of the organization, and your education level and years of experience. A career path in systems administration boils down to your interest in using servers and solving cool problems. Now, I say go ahead and make your dreams come true!

Via: opensource.com/article/19/…

Written by DirectedSoul lujun9972

This article is originally compiled by LCTT and released in Linux China