DEV Community: shamain anjum

Linux Server Hardening and Auditing Checklist on Red Hat Linux

shamain anjum — Wed, 14 May 2025 18:42:12 +0000

Today marks the end of my #30DaysLinuxChallenge journey!

I’m closing it out with a practical, security-focused project: building and executing a Linux server hardening and auditing checklist on Red Hat Linux.

This is a perfect combination of RHCSA exam skills + real-world system administration practices.

🎯 Objective

Apply basic hardening policies
Configure auditing with auditd
Create a personal security validation checklist
Monitor and analyze system logs

📚 RHCSA Skills Covered

✔ User and password security

✔ SELinux & firewall validation

✔ Service management

✔ Log auditing with journalctl and auditd

✔ Shell scripting for checks

📝 Server Hardening Checklist

✅ 1. Set Strong Password Policy

sudo nano /etc/login.defs

Adjust values:
PASS_MAX_DAYS 90
PASS_MIN_DAYS 7
PASS_WARN_AGE 7

✅ 2. Disable Unnecessary Services

sudo systemctl disable --now cups
sudo systemctl disable --now bluetooth

✅ 3. Set File Permissions on Critical Files
ls -l /etc/shadow /etc/passwd /etc/gshadow

✅ 4. Verify SELinux is Enforcing
sestatus
Expected:

SELinux status: enabled
Current mode: enforcing

✅ 5. Harden SSH Configuration

sudo nano /etc/ssh/sshd_config
Recommended settings:

PermitRootLogin no
PasswordAuthentication no
MaxAuthTries 3

Restart SSH:
sudo systemctl restart sshd

✅ 6. Enable and Check Firewall Rules
sudo firewall-cmd --state
sudo firewall-cmd --list-all

✅ 7. Set Up Auditing with auditd
sudo dnf install -y audit
sudo systemctl enable --now auditd

Monitor file access:

sudo auditctl -w /etc/passwd -p wa -k passwd_changes

View audit logs:
sudo ausearch -k passwd_changes

✅ 8. Monitor Logs
sudo journalctl -p err -b

sudo tail -f /var/log/secure

✅ 9. Create a Custom Validation Script (Bonus)
nano ~/server_check.sh

Example:

!/bin/bash

echo "Checking SELinux status:"
sestatus
echo "Checking firewall state:"
firewall-cmd --state
echo "Checking SSH root login setting:"
grep PermitRootLogin /etc/ssh/sshd_config

Make executable:
chmod +x ~/server_check.sh

Run:
./server_check.sh

✅ Recap

Task	Tool/Command
Password policy	`/etc/login.defs`
Disable services	`systemctl disable --now`
Check file permissions	`ls -l`
Check SELinux	`sestatus`
Harden SSH	`sshd_config`
Enable firewall	`firewall-cmd`
Configure auditing	`auditctl`, `ausearch`
Analyze logs	`journalctl`, `tail`

🎉 Why This Matters

This project combined almost every core RHCSA skill:

Service & user management
SELinux & firewall security
System auditing
Scripting and automation

In the real world, this is the starting point of any secure Red Hat deployment.

Multi-User Secure File Sharing System with ACLs on Red Hat Linux

shamain anjum — Tue, 13 May 2025 18:47:14 +0000

Today I built a secure shared file space using Access Control Lists (ACLs) on Red Hat Linux.

This project is very practical and directly aligns with RHCSA exam tasks around user permissions, groups, and access control.

🔧 Objective

Create a shared folder for multiple users
Apply ACLs to define fine-grained permissions
Test and verify ACL behavior with different users

📚 RHCSA Skills Covered

✔ User and group creation

✔ Setting standard and extended permissions

✔ Using setfacl and getfacl for ACL management

✔ Troubleshooting permissions

1️⃣ Create Users and Groups

sudo useradd alice
sudo useradd bob
sudo useradd charlie
sudo passwd alice
sudo passwd bob
sudo passwd charlie

2️⃣ Create a Shared Directory

sudo mkdir /shared
sudo chown root:root /shared
sudo chmod 770 /shared

This allows only the owner and group members to access by default.

3️⃣ Apply ACLs for Fine-Grained Control

Grant full access to alice, read-only access to bob, and deny access to charlie.

sudo setfacl -m u:alice:rwx /shared
sudo setfacl -m u:bob:r-- /shared
sudo setfacl -m u:charlie:--- /shared

4️⃣ Verify ACLs

getfacl /shared

Example output:

file: shared

owner: root

group: root

user::rwx
user:alice:rwx
user:bob:r--
user:charlie:---
group::---
mask::rwx
other::---

5️⃣ Test Permissions

Switch to each user to test access:
su - alice
cd /shared
touch testfile.txt

su - bob
cd /shared
ls # should work
touch newfile.txt # should fail

su - charlie
cd /shared # should fail

🧪 Try It Yourself

Create a “Finance” group with specific ACL access to /finance

Remove ACLs with setfacl -x

Make default ACLs apply to all new files in /shared:
sudo setfacl -d -m u:alice:rwx /shared

✅ Recap

Task	Tool/Command
Create users	`useradd`, `passwd`
Create shared folder	`mkdir /shared`, `chmod 770`
Apply ACLs	`setfacl -m u:user:perm /path`
View ACLs	`getfacl /shared`
Remove ACLs	`setfacl -x u:user /shared`

🎯 Why This Matters (RHCSA)

ACLs provide fine-grained access control that regular Linux permissions cannot.

RHCSA tests your ability to:

Set, modify, and remove ACLs
Combine ACLs with standard permissions
Troubleshoot permission issues

This is an ideal exam and real-world scenario for securing shared data.

Create a Custom systemd Service and Timer on Red Hat Linux

shamain anjum — Mon, 12 May 2025 17:56:27 +0000

*Day 28: Create a Custom systemd Service and Timer on Red Hat Linux *

Today’s project focused on a powerful automation tool for Red Hat Linux admins: creating a custom systemd service + timer.

This lets you automate any script or task at system startup or on a schedule, without relying on traditional cron jobs.

This task is also a great match for RHCSA exam scenarios!

🔧 Objective

Write a simple shell script
Create a custom systemd service to run the script
Configure a systemd timer to run the service automatically
Verify the timer execution and check logs

📚 RHCSA Skills Covered

✔ Shell scripting basics

✔ Service creation and management with systemctl

✔ Timer creation with systemd

✔ Troubleshooting and log analysis with journalctl

1️⃣ Create a Custom Script

Create a script to log system uptime every 5 minutes.
sudo mkdir -p /opt/scripts
sudo nano /opt/scripts/log_uptime.sh

Example script:

!/bin/bash

echo "$(date): System uptime is: $(uptime)" >> /var/log/uptime.log

Make it executable:
sudo chmod +x /opt/scripts/log_uptime.sh

2️⃣ Create a Custom systemd Service
sudo nano /etc/systemd/system/log-uptime.service

Example unit file:

[Unit]
Description=Log system uptime

[Service]
Type=oneshot
ExecStart=/opt/scripts/log_uptime.sh

3️⃣ Create a systemd Timer

sudo nano /etc/systemd/system/log-uptime.timer

Example timer file:

[Unit]
Description=Run uptime logger every 5 minutes

[Timer]
OnBootSec=5min
OnUnitActiveSec=5min
Unit=log-uptime.service

[Install]
WantedBy=timers.target

4️⃣ Start and Enable the Timer

sudo systemctl daemon-reload
sudo systemctl enable --now log-uptime.timer

Check status:
systemctl list-timers

Verify logs:
cat /var/log/uptime.log

Check systemd logs:
journalctl -u log-uptime.service

🧪 Try It Yourself

Change OnUnitActiveSec=5min to 1min and test faster execution
Replace the script with any custom automation (e.g., backup, cleanup)
Use systemctl status log-uptime.timer to verify next scheduled run

✅ Recap

Task	Tool/Command
Create shell script	`nano /opt/scripts/log_uptime.sh`
Create systemd service	`/etc/systemd/system/log-uptime.service`
Create systemd timer	`/etc/systemd/system/log-uptime.timer`
Enable and start timer	`systemctl enable --now log-uptime.timer`
Check logs	`cat /var/log/uptime.log`, `journalctl`

🎯 Why This Matters (RHCSA)

systemd skills are now explicitly tested on the RHCSA exam.

This project touches:

Unit creation
Timer configuration
Troubleshooting failed services

You’ll likely face a systemd troubleshooting or service creation task in the real exam.

Host a Local RPM Package Repository on Red Hat Linux

shamain anjum — Sun, 11 May 2025 16:11:32 +0000

Today’s project was both interesting and very RHCSA-relevant: creating a private local RPM repository on Red Hat Linux.

This is a must-have skill for organizations managing many systems that rely on custom or internally built RPM packages.

🔧 Objective

Create a local repository of RPM packages
Host it over Apache HTTP
Configure client systems to use the repo via a .repo file
Verify package installation from the local repository

📚 RHCSA Skills Covered

✔ Software installation with dnf and rpm

✔ Web server management (httpd)

✔ Repository creation and configuration

✔ SELinux and firewall troubleshooting

✔ Service enablement and verification

1️⃣ Install Required Packages

On the server:
sudo dnf install -y httpd createrepo

Start and enable Apache:

sudo systemctl enable --now httpd

2️⃣ Create a Repository Directory
sudo mkdir -p /var/www/html/rpms

Copy or download some RPM packages:
sudo cp /path/to/*.rpm /var/www/html/rpms/

3️⃣ Initialize the Repository
sudo createrepo /var/www/html/rpms/
This creates the metadata necessary for clients to use the repo.

4️⃣ Configure Firewall and SELinux

Allow HTTP access:

sudo firewall-cmd --add-service=http --permanent
sudo firewall-cmd --reload

Apply SELinux context:
sudo restorecon -Rv /var/www/html/

Check your repo in browser or via curl:
curl http://localhost/rpms/
You should see a list of RPM files.

5️⃣ Create Client .repo File On any Red Hat client:

sudo nano /etc/yum.repos.d/localrepo.repo

Example content:
[localrepo]
name=My Local RPM Repo
baseurl=http:///rpms/
enabled=1
gpgcheck=0

6️⃣ Test the Repository

sudo dnf clean all
sudo dnf repolist

Install any RPM from the repo:

sudo dnf install

🧪 Try It Yourself

Add more packages to /var/www/html/rpms/ and run createrepo again
Test with gpgcheck=1 and a custom GPG key
Move your repo to an NFS share and try hosting it
Write a script to automate repository updates

✅ Recap
| Task | Tool/Command |
| --------------------------------- | ------------------------------------------ |
| Install required tools | dnf install httpd createrepo |
| Copy RPM packages | cp *.rpm /var/www/html/rpms/ |
| Create repo metadata | createrepo /var/www/html/rpms/ |
| Enable firewall + restore SELinux | firewalld, restorecon |
| Configure client repo | Create .repo file in /etc/yum.repos.d/ |

🎯 Why This Matters (RHCSA)

RHCSA tests your ability to:

Manage packages with rpm and dnf
Configure and troubleshoot repositories
Manage services and SELinux in real-world setups
This project touched all of these core competencies.

Centralized Backup Server with rsync and cron on Red Hat Linux

shamain anjum — Sat, 10 May 2025 10:10:04 +0000

Today’s project is both practical and RHCSA-aligned: setting up a secure, automated backup server using rsync over SSH and scheduled jobs with cron.

This is a real-world admin task and also mirrors RHCSA exam scenarios where backup automation and file transfer are common.

🔧 Objective

Use rsync to transfer files securely over SSH
Automate regular backups with cron
Secure access using SSH keys
Harden access with firewall and permissions

📚 RHCSA Skills Covered

✔ User and permission management

✔ SSH key authentication

✔ Automating jobs with cron

✔ File transfer with rsync

✔ Firewall configuration

1️⃣ Install rsync

sudo dnf install -y rsync

Check version:
rsync --version

2️⃣ Set Up SSH Key Authentication

On client machine (sending data):

ssh-keygen -t rsa

ssh-copy-id backupuser@backupserver

Now the client can connect without a password:

ssh backupuser@backupserver

3️⃣ Create a Backup Directory on the Server

sudo mkdir -p /backups/home
sudo chown backupuser:backupuser /backups/home

4️⃣ Test rsync Manually

From client to server:
rsync -avh /home/backupuser/Documents/
backupuser@backupserver:/backups/home/

Flags:

-a: archive mode (preserves permissions)
-v: verbose
-h: human-readable output

5️⃣ Automate Backups with cron

On the client:
crontab -e

Add this line to run backup every day at 2 AM:

0 2 * * * rsync -az /home/backupuser/Documents/ backupuser@backupserver:/backups/home/

Check your cron jobs:
crontab -l

6️⃣ Secure the Backup Server

Allow SSH and rsync port (default is SSH):
sudo firewall-cmd --add-service=ssh --permanent
sudo firewall-cmd --reload

🧪 Try It Yourself

Schedule hourly or weekly backups
Add logging with rsync -avh --log-file=/var/log/backup.log
Create a backup rotation script (daily, weekly folders)
Test by restoring files from the server

✅ Recap

Task	Tool/Command
Generate SSH keys	`ssh-keygen`, `ssh-copy-id`
Create backup folder	`mkdir`, `chown`
Transfer files securely	`rsync -avh source destination`
Schedule backups	`crontab -e`
Harden backup access	`firewalld`, SSH key-only login

🎯 Why This Matters (RHCSA)

Backups are critical for disaster recovery.

This project tested:

SSH automation
Cron scheduling
Firewall management
Basic scripting and file system management
All of these are RHCSA core competencies.

Build a Secure Web Server on Red Hat Linux

shamain anjum — Fri, 09 May 2025 06:36:19 +0000

Today’s challenge marks the beginning of the final project phase day 25 of my 30-day Red Hat Linux learning journey — with each day now focusing on a full mini-project that strengthens RHCSA exam skills.

🔧 Objective

Set up and secure an Apache web server on Red Hat Linux.

We’ll cover:

Installing Apache (httpd)
Managing the service with systemctl
Configuring firewalld to open port 80
Adjusting SELinux to allow web content
Verifying the server works via browser or curl

📚 RHCSA Skills Covered

✔ Software installation with dnf

✔ Service management with systemctl

✔ Firewall rules with firewalld

✔ SELinux configuration with semanage and restorecon

✔ Log and permission troubleshooting

1️⃣ Install Apache (httpd)

sudo dnf install -y httpd

Verify installation:

httpd -v

2️⃣ Enable and Start Apache

sudo systemctl enable httpd
sudo systemctl start httpd

Check status:

sudo systemctl status httpd

3️⃣ Configure firewalld to Allow Web Traffic

Allow HTTP (port 80):

sudo firewall-cmd --add-service=http --permanent
sudo firewall-cmd --reload

Verify:
sudo firewall-cmd --list-all

4️⃣ Create a Test Web Page

echo "Welcome to my Red Hat Web Server!" | sudo tee /var/www/html/index.html

Test locally:

curl http://localhost

You should see the welcome message.

5️⃣ Adjust SELinux (If Needed)

Check SELinux status:

sestatus

If the page doesn't load from another machine:

📍 Allow Apache to serve content:

sudo setsebool -P httpd_read_user_content 1

📍 Or label custom content:

sudo chcon -Rt httpd_sys_content_t /var/www/html

📍 To persist labels:

sudo restorecon -Rv /var/www/html

6️⃣ Verify from a Browser or Remote Host

If your machine has a static IP, visit:

http://

You should see the message:

"Welcome to my Red Hat Web Server!"

🧪 Try It Yourself

Replace index.html with a real HTML page
Enable HTTPS with a self-signed cert
Test a custom SELinux context with ls -Z
Block/reopen the port using firewalld and observe behavior
Add a systemd restart condition (e.g., restart on failure)

✅ Recap

Task	Tool/Command
Install Apache	`dnf install httpd`
Enable and start service	`systemctl enable --now httpd`
Open port 80	`firewall-cmd --add-service=http`
Check SELinux status	`sestatus`, `ls -Z`, `restorecon`
Serve content	`index.html` in `/var/www/html`

🎯 Why This Matters (RHCSA)

This project simulates real-world service deployment, and tests you on:

Managing packages and services
Configuring security (firewalld + SELinux)
Troubleshooting access and logs
These are core RHCSA exam objectives, especially for tasks involving web, FTP, or custom service exposure.

Firewall and Network Management in Red Hat Linux

shamain anjum — Thu, 08 May 2025 20:38:14 +0000

Welcome to Day 24 of the 30 Days of Linux Challenge!

Today’s focus is on securing and managing network access using firewalld, nmcli, and iptables — tools that are deeply integrated into Red Hat-based systems.

📚 Table of Contents

Why Firewall & Network Management Matters
Start and Enable firewalld
Check Firewall Status and Rules
Allow and Block Services
Port-Based Rules with firewalld
Use Zones for Granular Control
Manage Network Connections with nmcli
Inspect Rules with iptables
Try It Yourself
Why This Matters

Why Firewall & Network Management Matters

🔒 Firewalls protect your system from unauthorized access

🌐 Network tools ensure connectivity, DNS, IP config, and interface control

🚀 Red Hat provides enterprise-grade options to manage both with precision

Start and Enable firewalld

sudo systemctl enable --now firewalld
sudo systemctl status firewalld

Check Firewall Status and Rules

sudo firewall-cmd --state
sudo firewall-cmd --list-all

This shows:

Active zone (usually public)
Allowed services and ports

Allow and Block Services

Allow SSH (if it’s not already):

sudo firewall-cmd --add-service=ssh --permanent

sudo firewall-cmd --reload

Block a service:

sudo firewall-cmd --remove-service=ftp --permanent
sudo firewall-cmd --reload

Port-Based Rules with firewalld

Open a custom port:

sudo firewall-cmd --add-port=8080/tcp --permanent
sudo firewall-cmd --reload

Check open ports:

sudo firewall-cmd --list-ports

Use Zones for Granular Control

List available zones:

sudo firewall-cmd --get-zones

Change zone for a specific interface:

sudo firewall-cmd --zone=internal --change-interface=eth0 --permanent

Manage Network Connections with nmcli

List connections:
nmcli connection show

View device status:
nmcli device status

Static IP configuration:

nmcli connection modify eth0 ipv4.addresses 192.168.1.100/24
nmcli connection modify eth0 ipv4.gateway 192.168.1.1
nmcli connection modify eth0 ipv4.dns 8.8.8.8
nmcli connection modify eth0 ipv4.method manual
nmcli connection up eth0

Inspect Rules with iptables

View raw firewall rules:
sudo iptables -L -n -v

Although firewalld is preferred, iptables is still useful for inspection and legacy troubleshooting.

Try It Yourself

🧪 Practice tasks:

Start and enable firewalld
Add and remove a service or port
View current zone and active rules
Use nmcli to set a static IP (test on a VM or safe machine)
Run iptables -L to inspect low-level rules

Why This Matters

Firewall and network misconfigurations are one of the top causes of downtime.

By learning:

firewalld → fast, zone-based rule management

nmcli → flexible, scriptable network config

iptables → rule-level diagnostics

…you gain complete control over how and when your system communicates.

Getting Started with Ansible on Red Hat Linux

shamain anjum — Wed, 07 May 2025 18:58:30 +0000

Welcome to Day 23 of the 30 Days of Linux Challenge!

Today we’re entering the world of automation using one of the most powerful tools available in the Red Hat ecosystem: Ansible.

Ansible lets you automate repetitive tasks — like updating systems, installing packages, configuring files, and managing entire server fleets — using simple, human-readable YAML files.

📚 Table of Contents

What is Ansible?
Install Ansible on Red Hat Linux
Configure Local Inventory
Run Ad-Hoc Commands
Write Your First Playbook
Run the Playbook
Try It Yourself
Why This Matters

What is Ansible?

Ansible is a declarative automation engine:

Uses YAML playbooks
Connects over SSH (agentless)
Scales from single node to 1000s of systems
Works perfectly with Red Hat Enterprise Linux, CentOS, Fedora, and more

Install Ansible on Red Hat Linux

sudo subscription-manager repos --enable codeready-builder-for-rhel-9-x86_64-rpms
sudo subscription-manager repos --enable ansible-2.9-for-rhel-9-x86_64-rpms

Verify version:

ansible --version

Configure Local Inventory

Create an inventory file:

mkdir ~/ansible
cd ~/ansible
nano hosts

Add this to target your own machine:

localhost ansible_connection=local

Test connection:

ansible localhost -m ping -i hosts

Expected result:

json
Copy
localhost | SUCCESS => {
"changed": false,
"ping": "pong"
}

Run Ad-Hoc Commands

List all users:

ansible localhost -m command -a "whoami" -i hosts

Install a package:

ansible localhost -m dnf -a "name=htop state=present" -i hosts --become

Write Your First Playbook
Create a YAML file:
nano setup.yml

Example playbook:

yaml

Copy

name: Basic Setup Playbook hosts: localhost become: true

tasks:
- name: Install htop
dnf:
name: htop
state: present

- name: Ensure NTP is installed
  dnf:
    name: chrony
    state: present

- name: Start and enable NTP service
  service:
    name: chronyd
    state: started
    enabled: true

Run the Playbook

ansible-playbook -i hosts setup.yml

This will:

Install htop and chrony

Start and enable the chronyd time service

Try It Yourself

🧪 Practice tasks:

Install another package using a playbook (e.g. git, tree)
Use Ansible to start or restart a service
Create a user with the user module
Run an ad-hoc uptime or df -h check across multiple hosts

Why This Matters

With Ansible, you can:

✅ Eliminate repetitive manual tasks
✅ Maintain consistency across systems
✅ Automate patching, provisioning, and configuration
✅ Scale easily from local to cloud infrastructure

Whether you’re a sysadmin or DevOps engineer, Ansible is your command center for intelligent automation.

Backup and File Protection in Red Hat Linux

shamain anjum — Tue, 06 May 2025 19:10:40 +0000

Welcome to Day 22 of the 30 Days of Linux Challenge!

Today I explored the essentials of backup and file protection — a critical skill for system administrators, DevOps engineers, and even developers managing their own environments.

Whether it's user data, server configs, or logs — backups help recover from mistakes, failures, and cyber threats.

📚 Table of Contents

Why Backups Matter
Core Linux Backup Tools
Backup Using tar
Sync Files with rsync
Schedule Backups with cron
Store and Protect Backups
Try It Yourself
Real-World Backup Patterns
Why This Matters

Why Backups Matter

Backups protect you from:

Human error (rm -rf, accidental overwrites)
System crashes and hardware failure
Misconfigurations or security breaches

If you're managing anything important — you need a backup plan.

Core Linux Backup Tools

Tool	Use Case
`cp`	Simple file copy
`tar`	Archive and compress folders
`rsync`	Sync files (local or remote)
`cron`	Schedule automated backups

Backup Using `tar`

Backup /etc directory

sudo tar -czvf etc-backup-$(date +%F).tar.gz /etc

Flags:

-c: create

-z: compress (gzip)

-v: verbose

-f: filename

To extract:

tar -xzvf etc-backup-2024-04-30.tar.gz -C /restore/path

Sync Files with rsync

Basic usage:

rsync -avh /etc/ /backups/etc/

Remote sync over SSH:

rsync -az /var/www/ user@backupserver:/data/web_backup/

Flags:

-a: archive mode (preserves permissions)

-v: verbose

-h: human-readable

Schedule Backups with cron

Open crontab:
crontab -e

Run backup every day at 2 AM:

0 2 * * * /usr/bin/rsync -az /home /backups/home

List jobs:

crontab -l

Store and Protect Backups

🔐 Storage options:

Secondary disk
External drive
Offsite/Cloud (rsync.net, S3, etc.)

🔐 Protect with encryption:

gpg -c mybackup.tar.gz

Or using openssl:

openssl enc -aes-256-cbc -in backup.tar.gz -out backup.enc

Try It Yourself

Create a backup of /etc
sudo tar -czvf etc-$(date +%F).tar.gz /etc

Sync /home to backup drive
rsync -avh /home/ /mnt/backup/home/

Schedule a daily sync with cron
crontab -e

-Add: 0 3 * * * rsync -az /etc /backups/etc

Find the 5 largest folders
du -h / --max-depth=2 | sort -hr | head -n 5

Real-World Backup Patterns

Task	Tool Used
Backup system configs	`tar`, `cron`
Sync user files	`rsync`, `cp`
Automate daily backups	`cron`, `rsync`
Restore backups	`tar`, `cp`, `rsync`
Encrypt sensitive archives	`gpg`, `openssl`

Why This Matters

Linux is powerful — but not immune to failure.

With a smart backup strategy, you can:

Protect critical systems
Respond quickly to accidents
Sleep better knowing your data is safe
Even a simple weekly tar archive can be a lifesaver.

User and Group Management in Red Hat Linux

shamain anjum — Sun, 04 May 2025 07:57:44 +0000

Welcome to Day 21 of the 30 Days of Linux Challenge!

Today I focused on one of the most fundamental sysadmin tasks: managing users and groups.

If you’re running multi-user servers, managing team access, or securing a Linux system, user and group management is at the core of everything.

📚 Table of Contents

Why User Management Matters
Add a New User
Add User with Home Directory and Comment
Modify a User
Lock/Unlock a User
Delete a User
Group Management
View User and Group Details
Create a Sudo User
Try It Yourself
Real-World Scenarios
Why This Matters

Why User Management Matters

In a multi-user system:

Everyone needs secure, isolated access
Permissions are tied to users and groups
Services run under user IDs (UIDs)

Good user management = better control, security, and scalability.

Add a New User

sudo useradd ali
sudo passwd ali

This:

Adds user to /etc/passwd
Sets home directory, shell, and default group

Add User with Home Directory and Comment

sudo useradd -m -c "John Doe" johnd

Flags:

-m → create home directory

-c → add a description/comment

Modify a User

Change username:
sudo usermod -l newname oldname

Move home directory:
sudo usermod -d /new/path -m user

Lock/Unlock a User

Lock:
sudo usermod -L ali

Unlock:
sudo usermod -U ali

Useful for temporarily suspending accounts.

Delete a User

sudo userdel -r johnd

-r: removes home directory too

Group Management

Create a new group:

sudo groupadd developers

Add user to group:
sudo usermod -aG developers john

List user’s groups:
groups john

Change primary group:
sudo usermod -g admins john

View User and Group Details

File Description
/etc/passwd User details (UID, home, shell)
/etc/shadow Encrypted passwords + expiration
/etc/group Group definitions and memberships

View a user's entry:
grep john /etc/passwd

Create a Sudo User

sudo useradd alice

sudo passwd alice

sudo usermod -aG wheel alice

Red Hat-based systems use the wheel group for sudo access.

Try It Yourself

Add a user with a home directory

sudo useradd -m testuser

Set password

sudo passwd testuser

Add to a group

sudo groupadd testers
sudo usermod -aG testers testuser

Lock and unlock

sudo usermod -L testuser
sudo usermod -U testuser

Delete user and home

sudo userdel -r testuser

Real-World Scenarios

Scenario	Tool/Command
Add a new developer	`useradd`, `passwd`, `groupadd`
Add user to project groups	`usermod -aG`
Create a sudo admin	`usermod -aG wheel`
Temporarily suspend user	`usermod -L`
Cleanly remove a user	`userdel -r`

Why This Matters

Linux permissions, access control, and identity management all revolve around users and groups.

As a sysadmin or DevOps engineer, you’ll:

Onboard and offboard users
Grant precise access to services
Protect systems from unauthorized entry
Mastering user management is foundational to secure and efficient Linux administration.

Disk Usage & File System Monitoring in Red Hat Linux

shamain anjum — Fri, 02 May 2025 15:38:17 +0000

Welcome to Day 20 of the 30 Days of Linux Challenge!

Today I focused on disk usage and file system monitoring — a must-have skill for preventing crashes, outages, and silent failures in Linux systems.

If you've ever had a system fail because /var or /tmp filled up, you'll know why this topic is crucial.

📚 Table of Contents

Why Disk Monitoring Matters
Check Disk Space with df
Analyze Directory Size with du
View Block Devices with lsblk
Mounted File Systems with mount
Find Large Files
Clean-Up Tips
Try It Yourself
Real-World Use Cases
Why This Matters

Why Disk Monitoring Matters

Linux won't always alert you when:

Disk space is about to run out
Backups are failing due to full storage
Logs are overwhelming /var

Without monitoring:

Applications can crash
Services may silently fail
You risk total system instability

Check Disk Space with `df`

df -h

Flag Meaning
-h Human-readable (GB, MB, etc.)

Sample output:

Filesystem Size Used Avail Use% Mounted on
/dev/sda3 100G 75G 25G 75% /
tmpfs 16G 0 16G 0% /dev/shm

Analyze Directory Size with du

du -sh /var/log

Break down large folders:

du -h --max-depth=1 /home

Useful for finding:

Disk-heavy users
Log folders gone wild
Forgotten downloads

View Block Devices with lsblk

lsblk

Visualizes:

Disks
Partitions
Mount points
LVM volumes

Example:

NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 100G 0 disk
├─sda1 8:1 0 1G 0 part /boot
└─sda2 8:2 0 99G 0 part /

Mounted File Systems with mount

mount | column -t

See:

Devices
Mount paths
File system types

Alternative:

findmnt

Find Large Files

All files over 1 GB

find / -type f -size +1G 2>/dev/null

Sort by size:
ls -lhS /var/log

Interactive viewer:

sudo dnf install ncdu
sudo ncdu /

Clean-Up Tips

Clear package cache:

sudo dnf clean all

Truncate log files:
sudo truncate -s 0 /var/log/messages

Clear systemd journal logs:
sudo journalctl --vacuum-time=7d

Try It Yourself

-Check overall disk usage
df -h

-Identify large folders
du -h --max-depth=1 /var

-List block devices
lsblk

-Search large files
find / -type f -size +500M

-Check mount points
mount | column -t

Real-World Use Cases

Task	Tool Used
Monitor storage usage	`df`, `lsblk`
Identify large folders/files	`du`, `find`, `ls -lhS`
Visualize partition layout	`lsblk`, `mount`, `findmnt`
Clean unused data	`dnf clean`, `truncate`, `journalctl`
Validate backup targets	`df`, `ncdu`

Why This Matters

Running out of disk space can:

Break services and applications
Cause data loss
Crash entire systems
Monitoring and cleaning storage isn’t optional — it’s survival.

Process Management in Red Hat Linux

shamain anjum — Thu, 01 May 2025 19:40:43 +0000

Welcome to Day 19 of the 30 Days of Linux Challenge!

Today’s focus is all about process management — the backbone of performance monitoring and system control on any Linux-based system.

Processes are everywhere: system daemons, services, shell commands, and user applications. If you want to be a system administrator or DevOps engineer, this is a skill you must master.

📚 Table of Contents

What Are Processes in Linux?
View Running Processes
Real-Time Monitoring with top
Enhanced Process Monitoring with htop
Controlling Processes (kill, pkill)
Foreground vs Background Jobs
Process Priorities with nice and renice
Try It Yourself
Common Process Tools Summary
Why This Matters

What Are Processes in Linux?

A process is an instance of a running program.

Every process has:

A unique PID (Process ID)
A parent process (PPID)
A state (e.g., sleeping, running)
Resource usage (memory, CPU, etc.)

Everything from your terminal to the web server is a process — and they’re all managed by the Linux kernel.

View Running Processes

`ps` – Process Snapshot

ps
ps aux
ps aux | grep sshd

Flag Meaning
a All users
u User format
x Show background processes

Real-Time Monitoring with top

top
Live view of:

CPU & memory usage
PID, user, command

Process states

Keys inside top:

M → Sort by memory
P → Sort by CPU
k → Kill a process
q → Quit

Enhanced Process Monitoring with htop

Flag Meaning
a All users
u User format
x Show background processes

Real-Time Monitoring with top

top
Live view of:

CPU & memory usage
PID, user, command

Process states

Keys inside top:

M → Sort by memory
P → Sort by CPU
k → Kill a process
q → Quit

Enhanced Process Monitoring with htop

sudo dnf install htop

htop

Features:

Color-coded UI
Easier navigation
Interactive kill and renice
Tree view of parent-child relationships

Controlling Processes (kill, pkill)

Kill by PID:
kill 1234

Force kill:
kill -9 1234

Kill by name:
pkill nginx

Foreground vs Background Jobs

Run in background:
./script.sh &

Show jobs:
jobs

Bring back to foreground:
fg %1

Suspend with:
Ctrl + Z

Process Priorities with nice and renice

Start process with lower priority:
nice -n 10 ./heavy_task.sh

Change priority of running process:
renice +5 -p 1234

Lower priority = friendlier to CPU.

Try It Yourself

Check all running processes
ps aux

Use top to monitor usage
top

Install and run htop
sudo dnf install htop
htop

Kill a test process
kill -9

Start a script in the background

./loop_script.sh &
jobs
fg %1

Common Process Tools Summary

Tool Purpose
ps View current running processes
top Live monitoring (CPU, memory)
htop Interactive and visual process tool
kill Stop a process by PID
pkill Kill a process by name
nice Start with specified priority
renice Change priority of running process

Why This Matters

Without proper process management:
Misbehaving programs can hog CPU or RAM
Background scripts may go unnoticed
You may lose control over your own server

Understanding how to view, analyze, and control processes is vital for:

Performance optimization
Stability
Incident response

DEV Community: shamain anjum

Linux Server Hardening and Auditing Checklist on Red Hat Linux

!/bin/bash

Multi-User Secure File Sharing System with ACLs on Red Hat Linux

file: shared

owner: root

group: root

Create a Custom systemd Service and Timer on Red Hat Linux

!/bin/bash

Host a Local RPM Package Repository on Red Hat Linux

🔧 Objective

📚 RHCSA Skills Covered

Centralized Backup Server with rsync and cron on Red Hat Linux

🔧 Objective

📚 RHCSA Skills Covered

1️⃣ Install rsync

2️⃣ Set Up SSH Key Authentication

3️⃣ Create a Backup Directory on the Server

4️⃣ Test rsync Manually

5️⃣ Automate Backups with cron

6️⃣ Secure the Backup Server

Build a Secure Web Server on Red Hat Linux

🔧 Objective

📚 RHCSA Skills Covered

1️⃣ Install Apache (httpd)

Firewall and Network Management in Red Hat Linux

📚 Table of Contents

Why Firewall & Network Management Matters

Start and Enable firewalld

Check Firewall Status and Rules

Allow and Block Services

Port-Based Rules with firewalld

Use Zones for Granular Control

Manage Network Connections with nmcli

Inspect Rules with iptables

Try It Yourself

Why This Matters

Getting Started with Ansible on Red Hat Linux

📚 Table of Contents

What is Ansible?

Install Ansible on Red Hat Linux

Run Ad-Hoc Commands

Copy

Run the Playbook

Try It Yourself

Why This Matters

Backup and File Protection in Red Hat Linux

📚 Table of Contents

Why Backups Matter

Core Linux Backup Tools

Backup Using tar

Sync Files with rsync

Schedule Backups with cron

Store and Protect Backups

Try It Yourself

Real-World Backup Patterns

Why This Matters

User and Group Management in Red Hat Linux

📚 Table of Contents

Why User Management Matters

Add a New User

Add User with Home Directory and Comment

Modify a User

Lock/Unlock a User

Delete a User

Group Management

View User and Group Details

Create a Sudo User

Try It Yourself

Add a user with a home directory

Set password

Add to a group

Lock and unlock

Delete user and home

Real-World Scenarios

Why This Matters

Disk Usage & File System Monitoring in Red Hat Linux

📚 Table of Contents

Why Disk Monitoring Matters

Check Disk Space with df

Backup Using `tar`

Check Disk Space with `df`

`ps` – Process Snapshot