Master Linux Sysadmin: 20 Essential Commands & Solutions Explained

Part 1: Linux Basics

Question 1: How to batch download 100 image files and identify those larger than 500KB.

<code>$ echo http://down.xiaomi.com/img/{1..100}.png > url.txt
:s/ /\r/g   # replace spaces with newlines in vim
wget -i url.txt -P .
find . -size +500k</code>

Question 2: Sort

info.txt

by the numeric second column in descending order.

<code>awk -v FS=',' '{print $2}' info.txt | sort -rn</code>

Question 3: Detect if the Linux server is listening on port 80, obtain its PID, and terminate the process.

<code>kill `lsof -i:80 | tail -2 | awk '{print $2}'`</code>

Question 4: Retrieve HTTP header information using

curl

or

wget

.

<code>curl -I www.baidu.com
wget --server-response www.baidu.com</code>

Question 5: Which statement about Linux user accounts is correct?

<code>A. Password stored in plain text in /etc/passwd
B. Password stored as ciphertext in /etc/passwd
C. Password stored as ciphertext in /etc/shadow
D. Login compares plain‑text password with stored value</code>

Answer: C.

Question 6: Identify the incorrect statement about RAID configurations.

<code>A. RAID5 reads faster than RAID1
B. RAID5 has higher disk‑space utilization than RAID1
C. RAID1 tolerates (N‑1) disk failures without data loss
D. RAID0 offers the fastest read/write speed</code>

Question 7: List at least three common load‑balancing software and their drawbacks.

<code>(1) nginx – only supports HTTP/HTTPS/email; health checks limited to ports; no session persistence except IP hash.
(2) LVS – lacks regex handling, cannot do content‑based routing; complex with Windows servers.
(3) HAProxy – good for MySQL read balancing but performance degrades with >10 slaves; lacks built‑in HTTP service.</code>

Question 8: Explain the meaning of

real

,

user

, and

sys

in the output of

time sleep 2

.

<code>real – wall‑clock time from start to finish, including other processes and blocking.
user – CPU time spent in user mode by the process.
sys – CPU time spent in kernel mode (system calls).</code>

Question 9: Meaning of nginx rewrite flags:

last

,

break

,

redirect

,

permanent

.

<code>rewrite break – use the rewritten URI immediately, stop further processing, URL unchanged.
rewrite last – start a new request cycle, re‑evaluate location blocks, URL unchanged.
rewrite redirect – return 302 temporary redirect, URL changes.
rewrite permanent – return 301 permanent redirect, URL changes.</code>

Question 10: Difference between cookies and sessions.

<code>Session – server‑side data structure tracking user state, stored in memory, DB, or files.
Cookie – client‑side storage of small data, often used to hold a session identifier.</code>

Question 11: Differences between HTTP/1.0, HTTP/1.1 and main advantages of HTTP/2.

<code>HTTP/1.0 – non‑persistent connections (one TCP per object).
HTTP/1.1 – default persistent connections, multiple objects per connection.
HTTP/2 advantages: binary framing, header compression (HPACK), multiplexing, server push, backward compatibility.</code>

Part 2: Security

Question 12: Common web security issues.

<code>SQL injection – data theft, corruption.
Cross‑site scripting (XSS) – malicious HTML/JS execution.
Invalid authentication and session management – unauthorized access.</code>

Question 13: Typical DoS attack types with principles and defenses.

<code>Land – source and destination IP identical; filter spoofed packets.
Teardrop – overlapping IP fragments; patch OS fragmentation handling.
Distributed DoS – many compromised hosts flood target; use rate limiting, CDNs.
Ping of Death – oversized ICMP packets; enforce packet size limits.
Smurf – broadcast echo request amplification; disable broadcast replies.
SYN Flood – incomplete TCP handshakes; enable SYN cookies, reduce SYN‑RECEIVED timeout.</code>

Question 14: Steps to handle a compromised server.

<code>1. Cut network connectivity.
2. Identify attack source via logs and open ports.
3. Analyze intrusion vector and root cause.
4. Backup user data securely.
5. Reinstall the operating system.
6. Patch vulnerabilities.
7. Restore data and reconnect to network.</code>

Part 3: Networking

Question 15: TCP three‑way handshake description.

<code>Client sends SYN, server replies with SYN‑ACK, client sends ACK; resources allocated on both sides.</code>

Question 16: Causes of many TIME_WAIT sockets and optimization suggestions.

<code>Cause: server actively closes many short‑lived connections, leaving TIME_WAIT.
Optimizations: 1) Reduce TIME_WAIT timeout, 2) Enable reuse of TIME_WAIT sockets, 3) Enable fast recycling, 4) Use persistent connections.</code>

Part 4: Python

Question 17: Differences between

xrange

and

range

in Python 2.

<code>range([start,] stop[, step]) returns a list; xrange returns a generator‑like object, saving memory.</code>

Question 18: Quickly obtain common elements of lists A and B.

<code>a = set(A)
b = set(B)
print(a.intersection(b))</code>

Question 19: Execute

echo "123"

on 20 servers in parallel batches of 5 using Python/threadpool.

<code>import time, os, threadpool
def cmd(ip):
    os.system('ssh {} echo "123"'.format(ip))
    time.sleep(2)
pool = threadpool.ThreadPool(5)
requests = threadpool.makeRequests(cmd, ip_list)
[pool.putRequest(r) for r in requests]
pool.wait()</code>