Essential Linux Ops Interview Questions & Answers for Sysadmins

1. What is operations? What is game operations? Operations refer to the maintenance of an organization’s established network hardware and software to ensure services run smoothly, encompassing network, system, database, development, security, and monitoring. Game operations are divided into development operations, application (business) operations, and system operations, where development provides tools and platforms, application handles business deployment and troubleshooting, and system supplies infrastructure.

2. What does an operations staff need to coordinate with operations personnel? Game operations staff must cooperate with operations to schedule server launches, manage user acquisition, plan activities, and communicate with platform partners.

3. How would you manage 300 servers? Use a jump host with unified accounts, employ configuration management tools such as Salt, Ansible, or Puppet, and maintain a simple CMDB for system, configuration, and application information.

4. Explain RAID 0, RAID 1, and RAID 5 principles and characteristics.

RAID 0 stripes data across disks for high read/write performance but offers no redundancy; a single disk failure results in total data loss. RAID 1 mirrors data on two disks, providing redundancy and better read performance but no write speed improvement. RAID 5 uses block-level striping with distributed parity across at least three disks, allowing one disk failure while maintaining data integrity and offering a balance of performance, redundancy, and storage efficiency.

5. Differences between LVS, Nginx, and HAProxy and how to choose them. LVS operates at layer 4 (port forwarding) and is suitable for very high concurrency. HAProxy works at layers 4 and 7, offering professional proxy features. Nginx is a web server, cache, and reverse proxy that operates at layer 7. Choose HAProxy or Nginx for most web scenarios; use LVS for extremely high traffic environments.

6. Differences between Squid, Varnish, and Nginx and selection criteria. All are proxy servers. Squid and Varnish are dedicated caching solutions; Varnish provides superior in‑memory performance and flexible invalidation, while Squid offers extensive documentation. Nginx can act as a reverse proxy via modules but lacks native caching features. For caching services, prefer Squid or Varnish.

7. Tomcat vs. Resin and selection guidance. Tomcat has a larger user base and extensive documentation, offering strong Java compatibility and stability. Resin is lighter and may provide better performance for high‑throughput scenarios. Large enterprises often choose Resin for performance; smaller companies favor Tomcat for stability.

8. What is middleware? What is JDK? Middleware is independent system software that enables distributed applications to share resources across different platforms, sitting between the OS and applications. JDK (Java Development Kit) is the development environment for building Java applications, applets, and components.

9. Meaning of Tomcat ports 8005, 8009, and 8080. 8005 is used for shutdown, 8009 is the AJP port for communication with web servers like Apache, and 8080 is the default HTTP port for applications.

10. What is CDN? A Content Delivery Network distributes website content to edge locations closest to users, reducing latency and improving access speed.

11. What is gray‑release (canary deployment)? It is a gradual rollout method that shifts traffic from version A to version B for a subset of users, allowing issues to be detected and mitigated before full deployment.

12. DNS resolution process. The client checks the local hosts file, then the configured DNS server, followed by root servers, top‑level domain servers, second‑level, and finally authoritative servers to retrieve the IP address.

13. What is RabbitMQ? RabbitMQ is a message‑queue middleware that stores messages during transmission, providing reliable routing and delivery even when consumers are offline.

14. How does Keepalived work? Keepalived implements VRRP; a MASTER router sends periodic advertisements, BACKUP routers listen and take over if the MASTER fails, ensuring high availability.

15. LVS three modes (VS/NAT, VS/DR, VS/TUN) and their operation.

VS/NAT rewrites the destination IP to a real server’s IP, requiring all traffic to pass through the load balancer. VS/TUN encapsulates packets with a new IP header, allowing the real server to reply directly to the client, reducing load balancer bottlenecks. VS/DR uses direct routing where the load balancer changes only the MAC address, keeping the original IP, and requires both load balancer and real servers to be on the same broadcast domain.

16. MySQL InnoDB lock diagnosis and reducing master‑slave replication lag.

Use SHOW ENGINE INNODB STATUS and the information_schema tables innodb_trx, innodb_locks, and innodb_lock_waits to locate lock issues. Reduce replication lag by improving slave hardware, enabling multi‑threaded replication, optimizing slow queries, reducing network latency, balancing load across multiple slaves, and tuning parameters such as --slave-net-timeout and --master-connect-retry.

17. How to reset MySQL root password.

If the current password is known, use mysqladmin -u root -p password 'new_password' or update the mysql.user table directly. If the password is forgotten, stop MySQL, start it with --skip-grant-tables, then set a new password via

UPDATE mysql.user SET password=PASSWORD('new_password') WHERE user='root'; FLUSH PRIVILEGES;

.

18. Advantages and disadvantages of LVS, Nginx, and HAProxy.

Nginx offers layer‑7 routing, flexible regex rules, easy configuration, and good stability, but only supports HTTP/HTTPS. LVS provides high performance at layer‑4 with low CPU/memory usage and broad protocol support, but lacks layer‑7 features and requires more complex setup. HAProxy combines layer‑4 and layer‑7 capabilities, supports TCP load balancing, session persistence, and a rich set of algorithms, offering higher efficiency than Nginx for pure load balancing.

19. MySQL backup tools. mysqldump Logical backup, suitable for small databases. xtrabackup (Percona) provides hot physical backups for InnoDB with fast performance and incremental capabilities. LVM snapshots and tar can be used for physical backups, though they require downtime for consistency.

20. Keepalived health‑check configuration example.

HTTP_GET {
  url {
    path /health
    digest <STRING>
    status_code 200
  }
  connect_port 80
  bindto <IP>
  connect_timeout 3
  nb_get_retry 3
  delay_before_retry 2
}

21. Count top‑10 IPs from Nginx access log.

cat access.log | awk '{print $1}' | uniq -c | sort -rn | head -10

22. Capture traffic to 192.168.1.1 on port 80 with tcpdump.

tcpdump 'host 192.168.1.1 and port 80' > tcpdump.log

23. Forward local port 80 to 8080 on 192.168.2.1.

iptables -A PREROUTING -d 192.168.2.1 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.2.1:8080

24. RAID 0, RAID 1, RAID 5 detailed characteristics.

RAID 0: High read/write speed, no redundancy, unsuitable for critical data.

RAID 1: Mirrors data, provides 100% redundancy, read performance improves, write speed unchanged, storage efficiency 50%.

RAID 5: Distributed parity across at least three disks, tolerates one disk failure, balances performance, redundancy, and capacity.

25. Understanding of a DevOps engineer. They must ensure high availability, performance, and security of services; a single mistake can cause significant loss, so rigor and innovation are essential.

26. Real‑time capture of TCP port 80 traffic. tcpdump -nn tcp port 80 27. Troubleshooting a server that won’t boot.

Possible causes include hardware failure, BIOS issues, or corrupted system files. Steps: check power, BIOS settings, boot logs, and use rescue media to repair or reinstall.

28. Dealing with Linux viruses.

Simplest method is reinstalling the OS. Alternatively, locate malicious files using top, ps aux, and remove them, then verify no persistence mechanisms remain.

29. Persistent virus file that recreates itself.

Identify the parent process (e.g., a hidden .sshd binary), kill it, and delete the executable. Isolate the machine from the network during cleanup.

30. TCP/IP OSI seven‑layer model.

Application: user‑level protocols (HTTP, FTP, etc.).

Presentation: data formatting, encryption, compression.

Session: managing sessions between hosts.

Transport: TCP/UDP, ports, flow control.

Network: IP routing, logical addressing.

Data Link: MAC addressing, error detection.

Physical: transmission media and signaling.

31. Common Nginx modules and their purposes. rewrite: URL rewriting. access: access control. ssl: TLS encryption. gzip: response compression. proxy: reverse proxy. upstream: backend server groups. cache_purge: cache invalidation.

32. Typical web server load‑balancing architectures.

Nginx

HAProxy

Keepalived

LVS

33. View HTTP concurrent requests and TCP connection states.

netstat -n | awk '/^tcp/ {++S[$NF]} END {for(a in S) print a, S[a]}'

34. Find top IPs accessing port 80 with tcpdump.

tcpdump -i eth0 -tnn dst port 80 -c 1000 | awk -F "." '{print $1"."$2"."$3"."$4}' | sort | uniq -c | sort -nr | head -20

35. Script to ping all hosts in 192.168.1.0/24 and report status.

#!/bin/bash
for ip in $(seq 1 255); do
  ping -c 1 192.168.1.$ip > /dev/null 2>&1 && echo "192.168.1.$ip UP" || echo "192.168.1.$ip DOWN"
done

36. Keep only the last 7 days of Apache logs.

find /app/logs -type f -mtime +7 -name "*.log" -exec rm -f {} \;

37. General Linux optimization tips.

Use non‑root users with sudo.

Change default SSH port and disable root login.

Synchronize system time automatically.

Configure domestic yum mirrors.

Disable SELinux and unnecessary iptables rules (if not required).

Increase file descriptor limits.

Trim unnecessary startup services.

Tune kernel parameters via /etc/sysctl.conf.

Set appropriate locale and character set.

Lock critical system files.

Remove banner information from /etc/issue.

38. Extract eth0 IP address using cut (alternatives with awk and sed).

# ifconfig eth0 | sed -n '2p' | cut -d ':' -f2 | cut -d ' ' -f1

40. Daily 12 AM backup of /var/www/html to /data with timestamped archive.

#!/bin/bash
cd /var/www && /bin/tar zcf /data/html-$(date +%Y-%m-%d-%H%M).tar.gz html/
# Add to crontab: 0 0 * * * /bin/bash /root/backup.sh