GIT

1. What is GIT?
o Git is a distributed version control system (DVCS) that helps track changes in
source code during software development. It allows multiple developers to
collaborate on projects efficiently.
2. What is the difference between GIT & GitHub?
o Git is a version control tool used to manage code repositories, while GitHub
is a cloud-based hosting service for Git repositories that provides additional
collaboration features like pull requests, issue tracking, and CI/CD integration.
3. Why do we use GIT?
o Git is used for:
 Tracking changes in code.
 Collaboration among multiple developers.
 Branching and merging for parallel development.
 Maintaining version history and rollback options.
4. What is SCM & VCS?
o SCM (Software Configuration Management) is a discipline for managing
and tracking software changes.
o VCS (Version Control System) is a tool that helps manage changes in code.
Git is a type of VCS.
5. What are the steps for pushing code to a GitHub Repository?
o Initialize the repository: git init
o Add remote repository: git remote add origin <repo_URL>
o Add files: git add .
o Commit changes: git commit -m "commit message"
o Push changes: git push origin <branch-name>
6. Why do we commit?
o A commit saves changes in the repository history, allowing developers to track
modifications, revert to previous versions, and maintain a record of
contributions.
7. What are the Git commands to push the code?
o git init – Initialize a Git repository
o git add . – Stage changes
o git commit -m "Message" – Commit changes
o git push origin <branch-name> – Push changes to remote repository
8. How can you merge a Git repository with another?
o You can merge another repository using git remote add, git fetch, and
git merge. Example:

sql
CopyEdit
git remote add repo2 <URL-of-repo2>
git fetch repo2
git merge repo2/main

9. What is branching in Git?

o Branching allows developers to create separate environments for new features,
bug fixes, or experiments without affecting the main branch.
10. Different types of branching in Git?
  Feature Branch: Used for developing new features.
 Develop Branch: Holds integrated features before merging into the main branch.
 Main/Master Branch: Stable production-ready branch.
 Release Branch: Created for preparing a production release.
 Hotfix Branch: Used for fixing urgent bugs in production.

11. What is a merge conflict in Git?

 A merge conflict occurs when Git cannot automatically resolve differences between
two branches. This typically happens when two developers edit the same line of code.

12. How can you resolve a merge conflict in the same project and the same branch?

 Identify conflicts using git status.

 Open conflicting files and manually resolve issues.
 Use git add <file> to stage resolved files.
 Commit the changes using git commit.
 Continue the merge with git merge --continue if needed.

Jenkins Basics

1. What is Jenkins?
o Jenkins is an open-source automation server used to implement Continuous
Integration (CI) and Continuous Deployment (CD). It helps automate the
building, testing, and deployment of applications.
2. Why do we use Jenkins?
o Jenkins helps developers to:
 Automate software builds.
 Run tests to detect errors early.
 Deploy applications automatically.
 Integrate with various DevOps tools like Git, Docker, Kubernetes, etc.
3. What are the other tools for CI/CD besides Jenkins?
o TeamCity, Bamboo, GitLab CI/CD, CircleCI, TravisCI, ArgoCD,
Spinnaker, Azure DevOps, and GitHub Actions.

Jenkins Configuration & Management

4. How to move Jenkins from one server to another?

o Steps:
1. Backup Jenkins home directory (/var/lib/jenkins).
2. Copy the backup to the new server.
3. Install Jenkins on the new server.
4. Restore the backup files in the new server’s Jenkins home directory.
5. Restart Jenkins.
5. How to create a Jenkins backup?
o You can back up Jenkins by:
 Copying the Jenkins home directory (/var/lib/jenkins).
  Using the ThinBackup Plugin or Backup Plugin.
6. What are plugins in Jenkins?
o Plugins are add-ons that enhance Jenkins functionality. Example: Git Plugin,
Pipeline Plugin, Docker Plugin.
7. What are the default plugins installed in Jenkins?
o Some default plugins include:
 Git Plugin
 Pipeline Plugin
 Credentials Plugin
 JUnit Plugin
 Matrix Authorization Strategy Plugin
8. How to schedule builds in Jenkins?
o Use cron syntax in "Build Triggers" under job configuration:

cpp
CopyEdit
H 0 * * * // Runs the job daily at midnight
*/5 * * * * // Runs every 5 minutes

Jenkins Comparisons & Integrations

9. Difference between Ant, Maven, and Gradle?

o Ant: XML-based build tool, no lifecycle.
o Maven: Manages dependencies and has a build lifecycle.
o Gradle: Faster and more flexible than Maven, uses Groovy or Kotlin.
10. Difference between Jenkins, TeamCity, and Bamboo?
o Jenkins: Open-source, plugin-based, highly customizable.
o TeamCity: JetBrains product, better UI, enterprise features.
o Bamboo: Atlassian product, integrates well with Jira and Bitbucket.
11. How to configure cloud access in Jenkins?
o Install Cloud plugins (AWS, Azure, Google Cloud).
o Configure credentials in Jenkins Manage Credentials.
o Set up cloud-based agents/slaves.

Jenkins Architecture & Advanced Topics

12. What are Jenkins slaves?

o Jenkins slaves (agents) are worker nodes that execute builds, reducing the
load on the Jenkins master.
13. How to run a Groovy script in Jenkins?
o Use Jenkins Script Console (Manage Jenkins -> Script Console).
o Example Groovy script:

groovy
CopyEdit
println "Hello, Jenkins!"

14. What is a Jenkins Pipeline?

 o Jenkins Pipeline automates CI/CD processes using code written in a
Jenkinsfile.
15. What are different types of Jenkins Pipelines?
o Declarative Pipeline (simpler, structured format).
o Scripted Pipeline (more flexibility, uses Groovy scripting).
16. What is a Declarative Pipeline in Jenkins?
o A Declarative Pipeline uses structured syntax to define pipelines. Example:

groovy
CopyEdit
pipeline {
agent any
stages {
stage('Build') {
steps {
echo 'Building the project'
}
}
stage('Test') {
steps {
echo 'Running tests'
}
}
}
}

17. Is Jenkins a CI tool or both CI/CD?

o Jenkins supports both CI and CD. It automates building, testing, and
deployment processes.
18. How to install Jenkins with non-root access in Linux?
o Install Jenkins manually in a user-owned directory and configure systemd
service for that user.
19. How to manage Jenkins access for 200 employees?
o Use Role-Based Access Control (RBAC) with the Matrix Authorization
Plugin.

Jenkins Tasks
Task 1: Jenkins Pipeline for Java & PHP Application
groovy
CopyEdit
pipeline {
agent any
stages {
stage('Checkout') {
steps {
git 'https://github.com/example-repo.git'
}
}
stage('Build Java') {
steps {
sh 'mvn clean package'
 }
}
stage('Build PHP') {
steps {
sh 'composer install'
}
}
stage('Deploy') {
steps {
echo 'Deploying the application...'
}
}
}
}

Task 2: Jenkinsfile for Java Application with Maven and Error Handling
groovy
CopyEdit
pipeline {
agent any
stages {
stage('Checkout') {
steps {
script {
try {
git 'https://github.com/example-repo.git'
} catch (Exception e) {
echo "Git Checkout Failed: ${e}"
}
}
}
}
stage('Build') {
steps {
script {
try {
sh 'mvn clean package'
} catch (Exception e) {
echo "Build Failed: ${e}"
error("Stopping pipeline due to build failure")
}
}
}
}
}
}

Task 3: Complete CI/CD Setup

1. Jenkins Setup on Linux

o Install Jenkins: sudo yum install jenkins
o Start Jenkins: sudo systemctl start jenkins
2. Setup Apache for Deployment
o Install Apache: sudo yum install httpd
o Start Apache: sudo systemctl start httpd
3. Create 3 Jenkins Jobs
o Job 1: Pull code from Git
 o Job 2: Build application
o Job 3: Deploy application on Apache using Ansible
4. Pipeline to Automate Git Pull, Build, and Deploy

groovy
CopyEdit
pipeline {
agent any
stages {
stage('Checkout') {
steps {
git 'https://github.com/example-repo.git'
}
}
stage('Build') {
steps {
sh 'mvn clean package'
}
}
stage('Deploy') {
steps {
ansiblePlaybook credentialsId: 'ansible-key', playbook:
'deploy.yml'
}
}
}
triggers {
pollSCM('* * * * *')
}
}

Ansible Basics

1. What is Ansible?

 Ansible is an open-source IT automation tool used for configuration management,

application deployment, and task automation. It uses YAML-based playbooks and works
agentless over SSH.

2. What is Configuration Management?

 Configuration Management (CM) is the process of maintaining system consistency by

automating software installation, updates, and system configuration.

3. Is Ansible only a tool for Configuration Management?

 No, Ansible is also used for application deployment, orchestration, cloud provisioning, and
security automation.
Ansible Components & Working

4. What are the components of Ansible?

 Control Node: The system where Ansible is installed.

 Managed Nodes: Remote systems controlled by Ansible.
 Inventory: Defines the target hosts.
 Playbooks: YAML files containing automation scripts.
 Modules: Predefined functions that execute tasks.
 Roles: Collection of tasks, templates, variables, and handlers.

5. How does Ansible work?

 Ansible runs from a control node and connects to remote managed nodes over SSH (or
WinRM for Windows) using inventory files.

6. What are the alternatives to Ansible?

 Chef, Puppet, SaltStack, Terraform, and CFEngine.

7. How is Ansible different from Chef & Puppet?

Feature Ansible Chef Puppet

Setup Agentless Requires agent Requires agent

Language YAML (Declarative) Ruby (Imperative) Puppet DSL

Learning Curve Easy Moderate High

Best Use Case Quick automation Configuration management Infrastructure automation

Ansible Inventory & Execution

8. What is Inventory in Ansible?

 An inventory file defines the target hosts. Example:

csharp
CopyEdit
[webservers]
server1 ansible_host=192.168.1.10
server2 ansible_host=192.168.1.11

9. What are the types of Inventories?

 Static Inventory (manual host listing).

 Dynamic Inventory (script or API-based, e.g., AWS EC2).
10. What is Play & Playbook?

 Play: A single execution of a task on hosts.

 Playbook: A YAML file containing multiple plays.

11. Difference between Hosts & Groups?

 Hosts: Individual machines.

 Groups: Collection of hosts in inventory.

Ansible Roles & Configuration

12. What are Ansible Roles?

 Roles organize tasks, templates, and handlers into a structured format.

13. How to install a Role?

php-template
CopyEdit
ansible-galaxy install <role_name>

14. How to install multiple roles?

CopyEdit
ansible-galaxy install -r requirements.yml

15. How to create a role?

csharp
CopyEdit
ansible-galaxy init myrole

16. What is Dynamic Inventory & when is it used?

 Dynamic inventory is used for cloud environments where hosts change frequently.

17. Where is the Ansible Configuration file located?

 /etc/ansible/ansible.cfg or ~/.ansible.cfg.

Ansible Variables & Templates

18. What are Variables in Ansible?

 Variables store dynamic values and are used in Playbooks.

19. Types of Variables?

 Playbook variables, Inventory variables, Host variables, Group variables, Facts.

20. How to assign variables in group vars & host vars?

 group_vars/all.yml
 host_vars/server1.yml

21. Difference between File & Template directories in Roles?

 Files: Store static files.

 Templates: Store Jinja2 templates.

22. Difference between Default & Vars directories in Roles?

 defaults/: Low-priority variables.

 vars/: High-priority variables.

23. What is Jinja2 Template?

 A templating engine used in Ansible for dynamic content.

Ansible Modules & Commands

24. What is a Module in Ansible?

 A reusable function that executes tasks (e.g., copy, yum, command).

25. Difference between COPY & FILE Modules?

 Copy: Transfers a file from the control node.

 File: Changes file attributes (permissions, ownership).

26. Difference between SHELL & COMMAND Modules?

 Shell: Executes commands inside a shell.

 Command: Executes without a shell.

27. What is the Setup Module?

 It collects system facts.

Error Handling & Debugging

28. What is Register & Debug in Ansible?

yaml
CopyEdit
- name: Capture output
command: uptime
register: result

- debug: var=result

29. What is changed_when in Ansible?

 Used to override change detection.

30. How to ignore failed commands?

yaml
CopyEdit
- command: some_command
ignore_errors: yes

31. What is Handlers in Ansible?

 Handlers trigger actions when notified.

32. What is Privilege Escalation in Ansible?

 Running tasks as root using become: yes.

Ansible Vault & Security

33. What is Ansible Vault?

 A tool to encrypt sensitive data.

34. How to decrypt a vault file?

CopyEdit
ansible-vault decrypt secrets.yml

35. How to encrypt a string using Ansible Vault?

bash
CopyEdit
ansible-vault encrypt_string 'mypassword'
Jenkins & Kubernetes Automation Tasks

Task 1: Deploy Jenkins with Ansible

yaml
CopyEdit
- name: Install Jenkins
hosts: jenkins_server
become: yes
tasks:
- name: Install Java
yum: name=java state=latest

- name: Add Jenkins Repo

get_url:
url: https://pkg.jenkins.io/redhat/jenkins.repo
dest: /etc/yum.repos.d/jenkins.repo

- name: Install Jenkins

yum: name=jenkins state=latest

- name: Start Jenkins

service: name=jenkins state=started enabled=yes

Task 2: Install Apache & Deploy HTML App

yaml
CopyEdit
- name: Deploy Apache & HTML App
hosts: webservers
become: yes
tasks:
- name: Install Apache
yum: name=httpd state=present

- name: Create Directory

file:
path: /var/www/example.com
state: directory

- name: Deploy Sample App

copy:
src: index.html
dest: /var/www/example.com/index.html

- name: Configure Virtual Host

template:
src: vhost.conf.j2
dest: /etc/httpd/conf.d/example.com.conf

- name: Restart Apache

service: name=httpd state=restarted enabled=yes

Docker Basics

1. What is Docker?
  Docker is a containerization platform that allows developers to package applications along
with their dependencies into a lightweight, portable, and isolated unit called a container.

Docker vs Virtualization

2. Difference between Containers & Virtual Machines (VMs)?

Feature Containers Virtual Machines

OS Shares host OS Each VM has its own OS

Boot Time Fast (seconds) Slow (minutes)

Size MBs GBs

Performance Near-native Overhead due to virtualization

Isolation Process-level isolation Full OS-level isolation

Use Case Microservices, lightweight apps Running different OSes

3. Difference between Docker & Virtualization?

 Docker uses OS-level virtualization while traditional virtualization uses hardware-level

virtualization.

4. Difference between a Container & an Image?

 Image: A static, read-only template used to create containers.

 Container: A running instance of an image.

Docker Images

5. How is an Image built?

 Using a Dockerfile with docker build command.

6. What are Image Layers?

 Layers are intermediate images that make up a Docker image, stored in read-only format.

7. How do Image Layers work?

  Each command in a Dockerfile (RUN, COPY, ADD) creates a new layer. Layers are cached to
optimize builds.

8. What is OverlayFS?

 OverlayFS is a union filesystem used by Docker to manage layered filesystems efficiently.

9. Where are Image Layers stored?

 In /var/lib/docker/overlay2/ directory.

10. How to check the content of each layer?

bash
CopyEdit
docker history <image_id>

11. How to check stacked layers of an image?

php-template
CopyEdit
docker inspect <image_id>

Union Mount & AUFS

12. What is Union Mount & AUFS?

 AUFS (Advanced Multi-Layered Unification Filesystem) is a Union Mount filesystem used

by Docker to manage multiple layers efficiently.

13. Why use Union Mount System for Docker?

 To reuse layers, optimize storage, and improve container performance.

14. What are the 3 different directories in /var/lib/docker/aufs?

 diff/ (layer storage), layers/ (layer metadata), mnt/ (mounted layers).

Docker Container Management

15. How to Run an Image?

arduino
CopyEdit
docker run <image_name>

16. How to Tag an Image?

bash
CopyEdit
docker tag <image_id> myrepo/myimage:latest

17. How to Link One Container with Another?

 Using --link (deprecated) or Docker networks.

18. How to Sequence Containers (A before B)?

 Use depends_on in Docker Compose.

19. How to Create a Volume in Docker?

lua
CopyEdit
docker volume create my_volume

20. How to Mount a Local Directory into a Container?

bash
CopyEdit
docker run -v /host/path:/container/path myimage

21. How to Expose a Port to Access a Container?

arduino
CopyEdit
docker run -p 8080:80 myimage

22. What is ENTRYPOINT in Docker?

 Defines the main command that runs inside a container.

23. What is a Dockerfile?

 A script containing instructions to build a Docker image.

Docker Networking

24. Difference between ADD & COPY in Dockerfile?

 ADD: Can download files from URLs.

 COPY: Only copies local files.

25. How to Create a Bridge Network in Docker?

lua
CopyEdit
docker network create my_bridge

26. How Does a Container Get an Internal IP?

 Docker assigns an IP via its network bridge.

Docker Process & Resource Management

27. How to Check Container Process Inside & Outside?

 Inside:

bash
CopyEdit
docker exec -it <container_id> ps aux

 Outside:

css
CopyEdit
docker top <container_id>

28. How Does the Kernel Isolate Containers?

 Using Namespaces and cgroups.

29. What are Namespaces & cgroups?

 Namespaces: Isolate container processes.

 cgroups: Manage container resources (CPU, memory).

30. What is Docker-Compose & Docker-Swarm?

 Docker-Compose: Manages multi-container applications.

 Docker-Swarm: Docker’s built-in orchestration tool.

Container Lifecycle Management

31. How to Stop a Running Container?

arduino
CopyEdit
docker stop <container_id>

32. How to Run a Container in Background?

arduino
CopyEdit
docker run -d myimage

33. How to Go Inside a Running Container?

bash
CopyEdit
docker exec -it <container_id> /bin/bash

34. How to List Running Containers?

nginx
CopyEdit
docker ps

35. How to Remove an Image?

php-template
CopyEdit
docker rmi <image_id>

36. How to Run an Image in TAR Format?

lua
CopyEdit
docker load < myimage.tar

37. How to Check Resource Utilization of a Container?

php-template
CopyEdit
docker stats <container_id>

38. How to Create an Image?

nginx
CopyEdit
docker build -t myimage .

39. How to Save Changes in a Container?

php-template
CopyEdit
docker commit <container_id> mynewimage

40. What are Docker Registries?

 Docker Hub, AWS ECR, GCR, and private registries store Docker images.
Docker Commands: up vs run vs start
Command Purpose

docker up Starts services in docker-compose

docker run Runs a new container from an image

docker start Starts an existing container

41. Can We Run More Than One Process in a Container?

 Yes, using supervisord or a process manager.

Docker Task
Part 1: Dockerfile for WordPress
dockerfile
CopyEdit
FROM wordpress:latest
RUN apt-get update && apt-get install -y wget curl
EXPOSE 80
CMD ["apache2-foreground"]

Part 2: Dockerfile for MySQL Database

dockerfile
CopyEdit
FROM mysql:latest
ENV MYSQL_ROOT_PASSWORD root
ENV MYSQL_DATABASE wordpress
ENV MYSQL_USER wpuser
ENV MYSQL_PASSWORD wppassword
VOLUME ["/etc/mysql"]
EXPOSE 3306
CMD ["mysqld"]

Docker-Compose File
yaml
CopyEdit
version: '3.8'

services:
db:
build: ./db
restart: always
volumes:
- /etc/mysql:/etc/mysql
environment:
MYSQL_ROOT_PASSWORD: root
 wordpress:
build: ./wordpress
restart: always
ports:
- "8080:80"
depends_on:
- db

Kubernetes Basics

1. What is Kubernetes?

 Kubernetes (K8s) is an open-source container orchestration system that automates

deployment, scaling, and management of containerized applications.

Kubernetes Architecture & Components

2. What are Kubernetes Components?

 Master Components:
o API Server: Handles communication via kubectl.
o etcd: Stores cluster data (key-value store).
o Controller Manager: Manages controllers (e.g., ReplicaSet, Node Controller).
o Scheduler: Assigns Pods to Nodes.
 Node (Worker) Components:
o Kubelet: Manages containers on a node.
o Kube Proxy: Handles networking.
o Container Runtime: Runs containers (Docker, containerd, etc.).

3. What is etcd?

 A highly available key-value store used by Kubernetes to store cluster state and
configuration.

4. What is Master & Minion (Worker Node)?

 Master: Controls the cluster, scheduling, and management.

 Minion (Node): Runs application Pods and communicates with the master.

5. How to Make Quorum in Cluster?

 Quorum in etcd: Requires (N/2 + 1) nodes for a majority.

 Example: If there are 5 etcd nodes, at least 3 must be up.
Kubernetes Workloads & Networking

6. What is a Replication Controller & What Does It Do?

 Ensures that a specified number of replicas of a pod are running.

7. What is Ingress?

 Ingress Controller manages external access (HTTP/HTTPS) to services inside the cluster.

8. Difference Between Kubernetes & Docker Swarm?

Feature Kubernetes Docker Swarm

Complexity More complex Simpler setup

Networking Supports advanced networking (Ingress, Service Mesh) Basic networking

Scalability Highly scalable Less scalable

Auto-healing Yes (Self-healing) Limited

9. How to Rollback to a Previous Version in Kubernetes?

php-template
CopyEdit
kubectl rollout undo deployment <deployment_name>

10. Scenario: How Schema Changes Deploy Automatically in Containers?

 Use Kubernetes Jobs or CI/CD Pipelines with kubectl apply.

11. How Does a Container Know That an Application Is Failing?

 Liveness Probes & Readiness Probes:

yaml
CopyEdit
livenessProbe:
httpGet:
path: /health
port: 8080

Kubernetes Services & Communication

12. Difference Between NodePort, ClusterIP, LoadBalancer & Ingress?

 Type Description

ClusterIP Default, internal communication only

NodePort Exposes service on a static port on each node

LoadBalancer Uses cloud provider’s LB for external access

Ingress Routes traffic via domain names

13. What is kubectl & kubelet?

 kubectl: CLI tool for Kubernetes.

 kubelet: Agent running on nodes to manage containers.

14. What is the Role of Kube-Controller Manager?

 Runs controllers like Node Controller, Deployment Controller.

15. What is a Pod?

 Smallest deployable unit in Kubernetes, containing one or more containers.

16. How Many Containers Can Run in a Pod?

 Typically one application container and supporting sidecars.

17. How Many Containers Can Be Launched on a Node?

 Limited by CPU, Memory, and available resources.

18. What is the Role of Kube-Scheduler?

 Assigns Pods to available Nodes based on resource requirements.

19. How Do Two Pods Communicate?

 Through ClusterIP Services and DNS.

20. How Do Two Containers in the Same Pod Communicate?

 Via localhost.
Kubernetes Networking

21. What is Flannel & Why Use It?

 Flannel is a CNI (Container Network Interface) that provides an overlay network for pod-to-
pod communication.

22. Difference Between Flannel & Calico?

 Flannel: Uses VXLAN for overlay networking.

 Calico: Uses BGP and offers Network Policies.

OpenShift

23. What is OpenShift?

 A Kubernetes distribution by Red Hat with built-in security, CI/CD, and developer tools.

24. Difference Between OpenShift & Kubernetes?

 OpenShift has a built-in authentication system, Image Registry, and Developer Console.

25. What is a Service Layer?

 OpenShift's Networking Layer that provides services like Routes & Load Balancing.

26. How to Expose a Service in OpenShift?

lua
CopyEdit
oc expose svc my-service --hostname=myapp.example.com

27. What Are the 3 Components of an OpenShift Project?

 Builds, Deployments, Services.

28. What is a Router in OpenShift?

 Handles external traffic using HAProxy.

29. What is an Identity Provider in OpenShift?

 Manages user authentication (LDAP, OAuth, GitHub, etc.).

30. How to Create a New User Identity?

sql
CopyEdit
oc create user myuser

31. What is a Project in OpenShift?

 Equivalent to a Kubernetes Namespace.

32. How to Check Permissions of a User?

pgsql
CopyEdit
oc policy who-can view pods

33. How to Assign Role to a User?

pgsql
CopyEdit
oc adm policy add-role-to-user admin myuser

34. What is a ClusterRoleBinding in OpenShift?

 Assigns Cluster-wide permissions.

OpenShift Workloads

35. What is the Process of Pod Creation?

 Scheduler assigns Pod → Kubelet runs Pod → Checks health & logs.

36. What is a Builder Pod?

 Used for building container images from source code.

37. What is a Deployer Pod?

 Manages application deployments.

38. How to Create an Application Pod?

cpp
CopyEdit
oc new-app myapp

39. How to Check Logs of a Pod?

nginx
CopyEdit
oc logs mypod

40. What is Deployment Configuration (DC)?

 Defines how an application should be deployed.

41. How to Create a Route in OpenShift?

lua
CopyEdit
oc expose svc myservice --hostname=myapp.example.com

42. What is Persistent Volume (PV) & Persistent Volume Claim (PVC)?

 PV: A storage resource.

 PVC: A request for storage.

43. What Are Access Modes in PV?

 ReadWriteOnce, ReadOnlyMany, ReadWriteMany.

Cluster Migration & Management

44. How to Migrate the Whole Cluster?

 Use Velero or Kubernetes Backup & Restore tools.

45. How to Manually Migrate a Container?

arduino
CopyEdit
kubectl get pod mypod -o yaml > mypod.yaml
kubectl apply -f mypod.yaml --context=new-cluster

Amazon RDS & AWS Storage

1. What is Amazon RDS?

 Amazon RDS (Relational Database Service) is a managed database service supporting

MySQL, PostgreSQL, MariaDB, SQL Server, Oracle & Aurora.

2. What is EC2, S3 & EBS?

 EC2 (Elastic Compute Cloud) → Virtual servers (Instances).

 S3 (Simple Storage Service) → Object storage for files, backups, etc.
 EBS (Elastic Block Store) → Persistent block storage for EC2.
3. What is VPC & Why Do We Create It?

 VPC (Virtual Private Cloud) is a logically isolated network where AWS resources run
securely.
 Required to control networking, subnetting, routing, and security.

EC2 Scaling & Pricing

4. Is It Possible to Scale an EC2 Instance Vertically?

 Yes! Vertical scaling means changing the instance type (e.g., t2.micro → t2.large).
 Requires stopping the instance first:

css
CopyEdit
aws ec2 stop-instances --instance-ids i-12345678
aws ec2 modify-instance-attribute --instance-id i-12345678 --
instance-type m5.large
aws ec2 start-instances --instance-ids i-12345678

5. Difference Between Amazon RDS, Redshift & DynamoDB?

Feature Amazon RDS Amazon Redshift DynamoDB

Type Relational DB Data Warehouse NoSQL DB

Use Case OLTP Analytics (OLAP) High-speed key-value store

Scalability Vertical & Read Replicas Horizontally scalable Fully managed, auto-scaling

6. Spot Instance vs. On-Demand Instance?

 Spot Instances: Up to 90% cheaper but can be terminated anytime.

 On-Demand: Pay as you go, stable pricing.

Infrastructure as Code & AWS Troubleshooting

7. How Is Infrastructure As Code (IaC) Processed & Executed in AWS?

 CloudFormation (YAML or JSON) or Terraform (HCL).

 Example CloudFormation:

yaml
 CopyEdit
Resources:
MyEC2Instance:
Type: "AWS::EC2::Instance"
Properties:
InstanceType: "t2.micro"
ImageId: "ami-123456"

8. If Your Linux-Build Server Slows Down, How to Check?

 Run these checks:

bash
CopyEdit
top
free -m
df -h
iostat
vmstat

EBS Storage & Backups

9. Types of EBS Storage?

 GP3 / GP2 (General Purpose SSD)

 IOPS Optimized (io1, io2)
 Throughput Optimized (st1)
 Cold HDD (sc1)

10. How to Backup a Running Instance?

 Create a snapshot:

pgsql
CopyEdit
aws ec2 create-snapshot --volume-id vol-12345678 --description
"Backup"

 Create an AMI:

css
CopyEdit
aws ec2 create-image --instance-id i-12345678 --name "MyBackupAMI"

S3 Security

11. How to Secure an S3 Bucket?

 Disable public access:

 arduino
CopyEdit
aws s3api put-public-access-block --bucket my-bucket --public-access-
block-configuration BlockPublicAcls=true

 Enable Encryption (AES-256 or KMS).

12. What Security Options Are Available for S3 Users?

 IAM Policies
 Bucket Policies
 ACLs
 MFA Delete

AWS Load Balancing & Auto Scaling

13. Different Types of ELB?

 Application Load Balancer (ALB) → Layer 7, HTTP/HTTPS routing.

 Network Load Balancer (NLB) → Layer 4, high-performance TCP/UDP.
 Classic Load Balancer (CLB) → Deprecated.

14. What is an Auto Scaling Group (ASG)?

 Dynamically scales EC2 instances based on CPU, memory, or request count.

15. Which ELB is Best for Application Load?

 Application Load Balancer (ALB) → Routes traffic based on URL paths & headers.

16. Difference Between ALB & CLB?

Feature ALB (Application) CLB (Classic)

Layer 7 (HTTP/HTTPS) 4&7

Routing URL-based IP-based

Performance Faster Slower

AWS Networking & Security

17. What is a Subnet & How Many Subnets in a VPC?

  Subnet = A segment in VPC.
 You can create up to 200 subnets per VPC.

18. Why Do We Use Subnets?

 Public subnet: For internet-facing resources.

 Private subnet: Internal resources (DB, backend servers).

19. What is a Routing Table?

 Defines how traffic flows between subnets and the internet.

20. How to Connect a Private Subnet to a Public Subnet?

 Use NAT Gateway or Bastion Host.

21. Is VPC Peering Possible Between Two Regions?

 No direct peering, use Transit Gateway or AWS PrivateLink.

AWS Security & EC2 Troubleshooting

22. Is It Possible to Recover a Lost Private Key?

 No, but you can create a new key and replace it using:

css
CopyEdit
aws ec2-instance-connect send-ssh-public-key --instance-id i-12345678
--availability-zone us-east-1a --instance-os-user ec2-user --ssh-
public-key file://new-key.pub

23. How to Connect to EC2 If You Lost the Key?

 Use EC2 Instance Connect (for Amazon Linux).

 Create a new key-pair & update authorized_keys.

24. Common EC2 Connection Issues?

 Incorrect Security Group Rules (Check port 22 open).

 Wrong Key Pair.
 Stopped Instance.
AWS Task 1: Auto Scaling Without ASG

Objective: Scale EC2 & Elasticsearch Nodes Based on ALB Requests

bash
CopyEdit
# Fetch the number of requests metric
requests=$(aws cloudwatch get-metric-statistics --metric-name RequestCount
--namespace AWS/ApplicationELB --statistics Sum --start-time $(date -u -d
'-5 minutes' +%Y-%m-%dT%H:%M:%SZ) --end-time $(date -u +%Y-%m-%dT%H:%M:%SZ)
--period 300 --region us-east-1)

# If requests > 100, scale EC2

if [ "$requests" -gt 100 ]; then
aws ec2 run-instances --image-id ami-123456 --count 1 --instance-type
t3.medium
aws es update-elasticsearch-domain-config --domain-name my-es-cluster -
-instance-type r6g.large.elasticsearch
aws ec2 modify-instance-attribute --instance-id i-12345678 --instance-
type m4.xlarge
fi

AWS Task 2: Architecture Diagram

 VPC (10.0.0.0/16)
o Public Subnet (Web Layer)
o Private Subnet (App Layer)
o Private Subnet (DB Layer)
 ALB → Auto Scaling EC2 (PHP/Java/Python)
 RDS for MySQL/PostgreSQL
 S3 for Static Files
 CloudFront for CDN
 IAM Roles & Security Groups

Scripting

Task 1: LAMP Stack & WordPress Setup

bash
CopyEdit
#!/bin/bash

# Update & install required packages

sudo apt update -y
sudo apt install -y apache2 mysql-server php php-mysql libapache2-mod-php
unzip wget

# Start & enable services

sudo systemctl start apache2
sudo systemctl enable apache2
sudo systemctl start mysql
sudo systemctl enable mysql
# Secure MySQL Installation (Interactive)
sudo mysql_secure_installation

# Set MySQL root password & create DB & User

DB_NAME="wordpress"
DB_USER="wp_user"
DB_PASS="wp_pass"

sudo mysql -e "CREATE DATABASE $DB_NAME;"

sudo mysql -e "CREATE USER '$DB_USER'@'localhost' IDENTIFIED BY
'$DB_PASS';"
sudo mysql -e "GRANT ALL PRIVILEGES ON $DB_NAME.* TO
'$DB_USER'@'localhost';"
sudo mysql -e "FLUSH PRIVILEGES;"

# Download & setup WordPress

cd /var/www/html
sudo wget https://wordpress.org/latest.zip
sudo unzip latest.zip
sudo mv wordpress/* .
sudo rm -rf wordpress latest.zip
sudo chown -R www-data:www-data /var/www/html
sudo chmod -R 755 /var/www/html

# Configure WordPress with DB details

sudo cp wp-config-sample.php wp-config.php
sudo sed -i "s/database_name_here/$DB_NAME/" wp-config.php
sudo sed -i "s/username_here/$DB_USER/" wp-config.php
sudo sed -i "s/password_here/$DB_PASS/" wp-config.php

# Restart Apache
sudo systemctl restart apache2

echo "WordPress installation completed. Access via http://<server-ip>"

Task 2: Java Application (Tomcat) Setup

bash
CopyEdit
#!/bin/bash

# Update & Install Java & required packages

sudo apt update -y
sudo apt install -y openjdk-11-jdk nginx wget unzip

# Download & install Tomcat

TOMCAT_VERSION="10.1.14"
TOMCAT_URL="https://downloads.apache.org/tomcat/tomcat-
10/v$TOMCAT_VERSION/bin/apache-tomcat-$TOMCAT_VERSION.tar.gz"

sudo wget $TOMCAT_URL -P /opt

cd /opt
sudo tar -xvzf apache-tomcat-$TOMCAT_VERSION.tar.gz
sudo mv apache-tomcat-$TOMCAT_VERSION tomcat
sudo rm apache-tomcat-$TOMCAT_VERSION.tar.gz

# Give permissions
sudo chmod +x /opt/tomcat/bin/*.sh
sudo chown -R www-data:www-data /opt/tomcat

# Start Tomcat
sudo /opt/tomcat/bin/startup.sh

# Setup Nginx Reverse Proxy

sudo bash -c 'cat > /etc/nginx/sites-available/tomcat <<EOF
server {
listen 80;
server_name localhost;

location / {
proxy_pass http://localhost:8080;
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
}
}
EOF'

# Enable Nginx config

sudo ln -s /etc/nginx/sites-available/tomcat /etc/nginx/sites-enabled/
sudo systemctl restart nginx

echo "Java application running on Tomcat, accessible at http://<server-ip>"

How to Run the Scripts

1. Make script executable:

bash
CopyEdit
chmod +x setup_wordpress.sh setup_java.sh

2. Run the script:

bash
CopyEdit
sudo ./setup_wordpress.sh
bash
CopyEdit
sudo ./setup_java.sh

These scripts will set up WordPress on Apache and Java (Tomcat) on Nginx.

CI/CD Overview
1. What is CI & CD?

 CI (Continuous Integration): The practice of automatically integrating code changes from

multiple developers into a shared repository several times a day. It includes running
automated tests to ensure code quality.
 CD (Continuous Delivery/Deployment):
 o Continuous Delivery ensures that the latest code is always in a deployable state. The
deployment is still manual.
o Continuous Deployment automates the entire process, pushing changes to
production automatically without human intervention.

2. What is a CI/CD pipeline?

A CI/CD pipeline is an automated workflow that facilitates:

1. Code Integration (CI)

2. Automated Testing
3. Build and Artifact Creation
4. Deployment to Staging/Production (CD)

A typical CI/CD pipeline involves:

 Source Control (Git, GitHub, GitLab)

 Build Process (Maven, Gradle, Docker)
 Automated Tests (Selenium, JUnit, PyTest)
 Artifact Repository (Nexus, JFrog Artifactory)
 Deployment Tools (Ansible, Kubernetes, Terraform)
 Monitoring & Logging (Prometheus, ELK Stack)

3. Difference between Continuous Delivery & Continuous Deployment?

Feature Continuous Delivery Continuous Deployment

Automation Code changes are automatically Code changes are automatically

Level prepared for deployment deployed to production

Deployment Requires manual approval before

Fully automated, no manual approval
Process production deployment

Risk Level Lower risk, human review available Higher risk, but rapid feedback

Example Tools Jenkins, GitHub Actions, GitLab CI/CD ArgoCD, Spinnaker

4. List of Important DevOps Tools & Technologies

1. Source Code Management

 Git, GitHub, GitLab, Bitbucket

2. CI/CD Tools
  Jenkins, GitHub Actions, GitLab CI/CD, CircleCI, Travis CI

3. Configuration Management & Automation

 Ansible, Chef, Puppet, SaltStack

4. Containerization & Orchestration

 Docker, Kubernetes, OpenShift, Helm

5. Infrastructure as Code (IaC)

 Terraform, CloudFormation

6. Monitoring & Logging

 Prometheus, Grafana, ELK (Elasticsearch, Logstash, Kibana), Splunk

7. Security & Compliance

 SonarQube, Snyk, HashiCorp Vault

8. Cloud Providers

 AWS, Azure, Google Cloud, OpenStack

Linux

1. What is Linux?

Linux is an open-source, Unix-like operating system that manages hardware resources and
provides an environment for running applications. It is known for its stability, security, and
flexibility.

2. What are Linux OS Flavors?

Linux has various distributions (flavors) tailored for different needs:

 Debian-based: Ubuntu, Kali Linux, Pop!_OS

 RedHat-based: RHEL, CentOS, Fedora, Rocky Linux
 Arch-based: Arch Linux, Manjaro
 SUSE-based: openSUSE, SUSE Linux Enterprise
 Others: Alpine Linux, Gentoo, Slackware
3. Difference between Debian & RPM-based OS?

Feature Debian-based (Ubuntu) RPM-based (RHEL, CentOS)

Package Manager apt, dpkg yum, dnf, rpm
Package Format .deb files .rpm files
Configuration Files are in /etc/apt/ Files are in /etc/yum.repos.d/
Preferred for Desktop users, general use Enterprise environments, stability

4. What is Kernel?

The kernel is the core of the Linux operating system that manages system resources (CPU,
memory, storage) and allows software to communicate with hardware.

5. Explain the Boot Process of Linux OS

1. BIOS/UEFI: System firmware initializes hardware.

2. Bootloader (GRUB): Loads the Linux kernel.
3. Kernel Initialization: Detects hardware and mounts the root filesystem.
4. Systemd/Init: Starts system services.
5. Login Prompt: User authentication starts.

6. How is RHEL different from CentOS?

 RHEL (Red Hat Enterprise Linux) is commercial, with paid support.

 CentOS was free and community-driven, but it was discontinued in favor of CentOS
Stream.
 Rocky Linux & AlmaLinux are RHEL alternatives that emerged after CentOS's
discontinuation.

7. What is the Latest Version of RHEL?

Check with:

bash
CopyEdit
cat /etc/redhat-release

To get the latest version, refer to Red Hat's official website.

8. What is GRUB?

GRUB (Grand Unified Bootloader) is a bootloader that allows users to select and boot
operating systems.

9. Difference between GRUB & GRUB2?

Feature GRUB GRUB2

Configuration File /boot/grub/grub.conf /boot/grub2/grub.cfg
Support for GPT No Yes
Graphical Menu Limited Advanced

10. What is a Boot Loader?

A boot loader is a program that loads the operating system into memory when the system
starts. Example: GRUB, LILO, SYSLINUX.

11. Is RHEL 7 Boot Process Faster than RHEL 6? If Yes, How?

Yes, RHEL 7 is faster due to:

 Systemd (instead of SysVinit) for parallel service startup.

 Optimized device and service initialization.

12. What is .rpm & .deb?

 .rpm is a package format for Red Hat-based distributions (RHEL, CentOS, Fedora).
 .deb is a package format for Debian-based distributions (Ubuntu, Debian).

13. What is RPM?

RPM (Red Hat Package Manager) is a tool to install, update, and remove .rpm packages.

bash
CopyEdit
rpm -ivh package.rpm # Install package
rpm -q package-name # Check if installed
rpm -e package-name # Remove package
14. What is YUM?

YUM (Yellowdog Updater, Modified) is a package manager for RHEL-based systems that
resolves dependencies automatically.

bash
CopyEdit
yum install httpd # Install Apache
yum remove httpd # Remove Apache
yum update # Update all packages

15. Different Methods to Install RPM-based Packages?

 Using YUM/DNF (recommended):

bash
CopyEdit
yum install package-name

 Using RPM command (manual dependencies required):

bash
CopyEdit
rpm -ivh package.rpm

 From Source Code: Download, compile, and install.

16. What is Bash?

Bash (Bourne Again Shell) is the default command-line shell in most Linux distributions. It
executes commands and scripts.

17. What is Shell?

A shell is a command-line interface that allows users to interact with the Linux system.

18. How Many Types of Shells Are There?

 Bash (/bin/bash) – Default shell in most Linux distros.

 Sh (/bin/sh) – Traditional Bourne Shell.
 Zsh (/bin/zsh) – Advanced shell with customization.
 Ksh (/bin/ksh) – Korn Shell, used in UNIX.
19. Commonly Used Commands

 Copy files: cp file1 file2

 Move/Rename: mv file1 newfile
 Remove file: rm file
 List files: ls -l

20. What is the Significance of the touch Command?

 Creates an empty file:

bash
CopyEdit
touch file.txt

 Updates the timestamp of an existing file.

21. How Many Ways Can You Create a File?

1. touch file.txt
2. echo "content" > file.txt
3. cat > file.txt (Ctrl+D to save)
4. vim file.txt (Insert text, then save with :wq)

22. How to Delete the Content from a File?

bash
CopyEdit
> file.txt # Clears content
echo "" > file.txt # Clears content

23. Explain the Process Behind Accessing Google.com

When you type google.com in a browser:

1. DNS Resolution: Converts google.com to an IP address.

2. TCP Handshake: A connection is established using the 3-way handshake (SYN,
SYN-ACK, ACK).
3. HTTPS Request: A secure request is sent to Google’s servers.
4. Response Received: Google’s server processes the request and sends back a
response.
5. Rendering: The browser renders the received HTML, CSS, and JavaScript.

Commands to check the process:

bash
CopyEdit
nslookup google.com # DNS lookup
ping google.com # Test connectivity
traceroute google.com # Check route to server
curl -I google.com # Fetch headers

24. Types of Permissions in Linux & What is chmod?

 Read (r) → 4: View file contents.

 Write (w) → 2: Modify file contents.
 Execute (x) → 1: Run the file as a program.

Example:

bash
CopyEdit
chmod 755 script.sh # Owner (rwx), Group (r-x), Others (r-x)
chmod u+x file.sh # Add execute permission for the user

25. What is the Sticky Bit?

 Used on directories to restrict file deletion.

 Only the owner or root can delete files in a sticky-bit directory.

Set sticky bit:

bash
CopyEdit
chmod +t /tmp

Check sticky bit:

bash
CopyEdit
ls -ld /tmp

Output:

bash
CopyEdit
drwxrwxrwt 10 root root 4096 Feb 23 /tmp

26. What is ACL (Access Control List)?

ACL provides fine-grained file permissions beyond standard user/group/other permissions.

Commands:

bash
CopyEdit
setfacl -m u:john:rwx file.txt # Grant 'john' full access
getfacl file.txt # View ACLs
setfacl -x u:john file.txt # Remove ACL for user 'john'

27. What is SetUID, SetGID & Sticky Bit?

Permission Symbol Purpose

SetUID s on user (chmod u+s file) Execute file as owner, not the caller.
SetGID s on group (chmod g+s file) Execute file as group owner or inherit group.
Sticky Bit t (chmod +t directory) Prevent file deletion by non-owners.

Check:

bash
CopyEdit
ls -l /usr/bin/passwd # `s` in `-rwsr-xr-x`

28. Where are User Details Stored?

 User accounts: /etc/passwd

 User passwords (hashed): /etc/shadow

Example:

bash
CopyEdit
cat /etc/passwd | grep username
cat /etc/shadow | grep username

29. What is the Default Permission of a File?

 File: -rw-r--r-- (644)

 Directory: drwxr-xr-x (755)

Controlled by umask:

bash
CopyEdit
umask 022 # Default mask (removes write for group & others)

30. What is the Significance of -rvf?

Options used with commands like rm or cp:

 r → Recursive (for directories)

  v → Verbose (show details)
 f → Force (no prompt)

Example:

bash
CopyEdit
rm -rvf /tmp/test # Delete directory without confirmation

31. What is PV, VG & LV? (LVM Concepts)

Term Description
PV (Physical Volume) Raw storage device (HDD/SSD partition).
VG (Volume Group) Combines multiple PVs into a single pool.
LV (Logical Volume) Partition-like structure created from VG.

Commands:

bash
CopyEdit
pvcreate /dev/sdb
vgcreate myvg /dev/sdb
lvcreate -L 10G -n mylv myvg
mkfs.xfs /dev/myvg/mylv

32. What are the Types of File Systems?

 ext2/ext3/ext4 → Common Linux FS.

 XFS → High-performance journaling FS.
 Btrfs → Advanced FS with snapshots.
 vfat/exFAT → Windows-compatible FS.

33. What is XFS?

 A high-performance journaling file system.

 Default FS in RHEL 7+.
 Cannot shrink (reduce) size.

Extend XFS LV:

bash
CopyEdit
lvextend -L +5G /dev/myvg/mylv
xfs_growfs /mnt

34. How to Extend an LV?

bash
CopyEdit
lvextend -L +10G /dev/myvg/mylv
resize2fs /dev/myvg/mylv # For ext4
xfs_growfs /mnt # For XFS

35. Commands to Check System Information

Information Command
Running processes ps aux
RAM usage free -h
Disk usage df -h
CPU usage top or htop
CPU details lscpu

36. Difference Between ps aux & top?

Command Function
ps aux Snapshot of running processes.
top Dynamic process viewer (updates in real time).

37. Steps to Create a Partition & Format It

1. Create partition:

bash
CopyEdit
fdisk /dev/sdb

2. Format as XFS:

bash
CopyEdit
mkfs.xfs /dev/sdb1

3. Mount it:

bash
CopyEdit
mount /dev/sdb1 /mnt

38. Steps to Reset Root Password in RHEL

1. Reboot and enter GRUB menu.

2. Edit boot entry (e key).
 3. Find the line starting with linux and append:

kotlin
CopyEdit
rd.break

4. Press Ctrl+X to boot.

5. Mount root filesystem:

bash
CopyEdit
mount -o remount,rw /sysroot

6. Change root:

bash
CopyEdit
chroot /sysroot

7. Set new password:

bash
CopyEdit
passwd root

8. Exit and reboot.

39. What are Runlevels? How Many Types?

Runlevel Target Purpose

0 poweroff.target Halt system
1 rescue.target Single-user mode
3 multi-user.target CLI mode
5 graphical.target GUI mode
6 reboot.target Reboot

Change runlevel:

bash
CopyEdit
systemctl isolate multi-user.target
systemctl set-default graphical.target

40. How to Check System Logs?

Logs are stored in /var/log/. Common logs include:

 System log: /var/log/messages

  Authentication log: /var/log/secure
 Kernel log: /var/log/dmesg
 Boot log: /var/log/boot.log

Commands:

bash
CopyEdit
journalctl -xe # View system logs
tail -f /var/log/messages # Monitor logs in real-time

41. Difference Between journalctl & tail Command?

Command Function
journalctl Displays logs from systemd-journald
tail -f Shows real-time logs from a file

Example:

bash
CopyEdit
journalctl -u nginx # Logs for Nginx service
tail -f /var/log/nginx/access.log # Real-time web access logs

42. What Does subscription-manager Do?

 Manages RHEL subscriptions and repositories.

 Used for registering a system with Red Hat.

Example:

bash
CopyEdit
subscription-manager register --username=your_username --
password=your_password
subscription-manager list --available
subscription-manager attach --auto

43. How to Archive a File?

 tar (Tape Archive)

bash
CopyEdit
tar -cvf archive.tar file1 file2
tar -xvf archive.tar # Extract

 gzip (Compress with Gzip)

 bash
CopyEdit
tar -czvf archive.tar.gz file1 file2
tar -xzvf archive.tar.gz # Extract

 zip/unzip

bash
CopyEdit
zip archive.zip file1 file2
unzip archive.zip

44. What is umask?

 Defines default permissions for new files.

 Default umask is 022, which results in file permission 644 and directory permission
755.

Check umask:

bash
CopyEdit
umask

Set umask:

bash
CopyEdit
umask 027 # Files: 640, Directories: 750

45. How to Kill a Process?

Find the process ID (PID) and kill it:

bash
CopyEdit
ps aux | grep apache
kill -9 <PID>

Or use:

bash
CopyEdit
pkill apache # Kill by process name

46. How to Assign an IP Address Manually?

 Temporary:

bash
 CopyEdit
ip addr add 192.168.1.100/24 dev eth0

 Permanent (RHEL-based systems): Edit the network config file:

bash
CopyEdit
vi /etc/sysconfig/network-scripts/ifcfg-eth0

Add:

ini
CopyEdit
BOOTPROTO=static
IPADDR=192.168.1.100
NETMASK=255.255.255.0
GATEWAY=192.168.1.1

Restart network:

bash
CopyEdit
systemctl restart network

47. What is a Zombie Process?

 A zombie process has completed execution but still has an entry in the process table.
 It usually occurs when the parent does not read the child’s exit status.

Find zombies:

bash
CopyEdit
ps aux | awk '{ print $8 " " $2 }' | grep -w Z

Kill parent process:

bash
CopyEdit
kill -9 <Parent_PID>

48. What is KVM?

 Kernel-based Virtual Machine (KVM) is a Type-1 hypervisor built into the Linux
kernel.
 Allows running multiple VMs (Virtual Machines) on Linux.

Check if KVM is supported:

bash
CopyEdit
egrep -c '(vmx|svm)' /proc/cpuinfo # vmx (Intel), svm (AMD)
lsmod | grep kvm

49. What is a Hypervisor?

A hypervisor is software that creates and manages virtual machines (VMs).

Types:

 Type-1 (Bare Metal): Runs directly on hardware (e.g., KVM, VMware ESXi).
 Type-2 (Hosted): Runs inside an OS (e.g., VirtualBox, VMware Workstation).

50. Difference Between MBR & GPT?

Feature MBR (Master Boot Record) GPT (GUID Partition Table)

Max partitions 4 primary (or 3 primary + 1 extended) 128 partitions
Max disk size 2TB 9ZB
UEFI Support No Yes
Backup Partition Table No Yes

Check partition type:

bash
CopyEdit
fdisk -l /dev/sda # MBR
gdisk -l /dev/sda # GPT

51. How to Mount a File System Permanently?

1. Find device name:

bash
CopyEdit
lsblk

2. Create a mount point:

bash
CopyEdit
mkdir /mnt/data

3. Mount manually:

bash
CopyEdit
mount /dev/sdb1 /mnt/data

4. Add entry to /etc/fstab:

 bash
CopyEdit
/dev/sdb1 /mnt/data xfs defaults 0 0

5. Remount all:

bash
CopyEdit
mount -a

52. What is cron? How to Setup a Cron Job?

cron is a job scheduler for automating tasks.

Edit cron jobs:

bash
CopyEdit
crontab -e

Example cron jobs:

perl
CopyEdit
0 3 * * * /usr/bin/backup.sh # Run at 3 AM daily
*/5 * * * * /usr/bin/check.sh # Every 5 minutes

List cron jobs:

bash
CopyEdit
crontab -l

53. What is Kickstart?

 Kickstart automates RHEL installations.

 Uses a config file (ks.cfg).

Example Kickstart file:

lua
CopyEdit
install
lang en_US
keyboard us
network --bootproto=dhcp
rootpw mypassword
clearpart --all
autopart

Start installation:
bash
CopyEdit
anaconda --kickstart=/path/to/ks.cfg

54. Difference Between iptables & firewalld?

Feature iptables firewalld

Backend Uses chains and rules Uses zones and services
Configuration Static Dynamic
Command iptables firewall-cmd

Check firewall status:

bash
CopyEdit
systemctl status firewalld

List rules:

bash
CopyEdit
firewall-cmd --list-all

55. What is SELinux?

SELinux (Security-Enhanced Linux) provides mandatory access control (MAC) for

enhanced security.

Check status:

bash
CopyEdit
sestatus

Disable SELinux (not recommended in production):

bash
CopyEdit
setenforce 0 # Temporarily disable
vi /etc/selinux/config
SELINUX=disabled # Disable permanently

56. Difference Between NFS & Samba?

Feature NFS (Network File System) Samba

Protocol Uses NFS protocol Uses SMB protocol
Clients Linux/Unix Windows/Linux
 Feature NFS (Network File System) Samba
Authentication UNIX-based permissions User-based authentication

57. What is Kerberos?

Kerberos is a network authentication protocol that uses tickets to allow secure

authentication over untrusted networks.

Verify Kerberos:

bash
CopyEdit
klist

58. How to Secure NFS with Kerberos?

1. Install Kerberos packages:

bash
CopyEdit
yum install krb5-server krb5-libs nfs-utils

2. Configure /etc/exports:

arduino
CopyEdit
/export *(rw,sec=krb5)

3. Restart NFS:

bash
CopyEdit
systemctl restart nfs-server

59. What is the Difference Between telnet & SSH?

Feature Telnet SSH

Security Unencrypted (plaintext) Encrypted (secure)
Protocol TCP (Port 23) TCP (Port 22)
Usage Remote access Secure remote access
Authentication Username/password Username/password + key-based authentication

Example:

 Connect via Telnet:

bash
CopyEdit
 telnet 192.168.1.100

 Connect via SSH:

bash
CopyEdit
ssh [email protected]

60. What is DHCP?

 DHCP (Dynamic Host Configuration Protocol) dynamically assigns IP addresses to

devices.
 DHCP Server provides IP, subnet mask, gateway, and DNS to clients.

Check DHCP leases:

bash
CopyEdit
cat /var/lib/dhcpd/dhcpd.leases

Restart DHCP service:

bash
CopyEdit
systemctl restart dhcpd

61. What is an NTP Server? How to Configure NTP?

 NTP (Network Time Protocol) synchronizes system time with time servers.
 Chrony is used in RHEL 8+ for time synchronization.

Check current time and synchronization status:

bash
CopyEdit
timedatectl
chronyc tracking

Install and configure NTP:

bash
CopyEdit
yum install chrony -y
vi /etc/chrony.conf # Set NTP server
systemctl enable --now chronyd

62. What is SSH? How Do You Generate SSH Keys?

 SSH (Secure Shell) is used for secure remote login and file transfer.
 SSH Key-based authentication avoids passwords.
Generate SSH key pair:

bash
CopyEdit
ssh-keygen -t rsa -b 4096

Copy key to remote server:

bash
CopyEdit
ssh-copy-id user@remote-server

Now, login without a password:

bash
CopyEdit
ssh user@remote-server

63. What is the Difference Between Public & Private Keys?

Feature Public Key Private Key

Storage Shared with remote server Kept secret on local machine
Authentication Used by server to verify access Used by client to authenticate
Security Can be shared Must be protected

64. SSH Configuration File & Common Settings

The SSH server configuration is in:

bash
CopyEdit
/etc/ssh/sshd_config

Key settings:

bash
CopyEdit
PermitRootLogin no # Disable root login
PasswordAuthentication no # Enforce key-based login
Port 2222 # Change default SSH port

Restart SSH after changes:

bash
CopyEdit
systemctl restart sshd

65. What is a MAC Address? Can We Change It?

  MAC (Media Access Control) Address is the unique hardware address of a network
interface.
 Yes, it can be temporarily changed.

Check MAC address:

bash
CopyEdit
ip link show eth0

Change MAC address:

bash
CopyEdit
ip link set dev eth0 down
ip link set dev eth0 address 00:11:22:33:44:55
ip link set dev eth0 up

66. What is an IP Address? Difference Between IPv4 & IPv6?

Feature IPv4 IPv6

Address Length 32-bit 128-bit
Format 192.168.1.1 2001:db8::1
Address Space 4.3 billion Virtually unlimited
NAT Required? Yes No

67. What is Virtual Hosting? How Do You Configure It?

 Virtual hosting allows multiple websites on a single server.

 Used in Apache and Nginx web servers.

Apache Virtual Host Configuration:

Edit:

bash
CopyEdit
vi /etc/httpd/conf.d/mywebsite.conf

Add:

php-template
CopyEdit
<VirtualHost *:80>
ServerName mywebsite.com
DocumentRoot /var/www/html/mywebsite
</VirtualHost>

Restart Apache:
bash
CopyEdit
systemctl restart httpd

68. What is iptables & How Does It Work?

 iptables is a firewall tool to filter network traffic using rules.

List rules:

bash
CopyEdit
iptables -L -n -v

Block an IP:

bash
CopyEdit
iptables -A INPUT -s 192.168.1.100 -j DROP

Allow SSH:

bash
CopyEdit
iptables -A INPUT -p tcp --dport 22 -j ACCEPT

Save rules:

bash
CopyEdit
service iptables save

69. What is Firewalld?

 Firewalld is the modern firewall in RHEL 7+ using zones instead of rules.

Check status:

bash
CopyEdit
systemctl status firewalld

Allow HTTP traffic:

bash
CopyEdit
firewall-cmd --zone=public --add-service=http --permanent
firewall-cmd --reload

70. What is an SSH Tunnel?

An SSH tunnel allows securely forwarding network traffic between two machines.

Forward local port 8080 to remote server:80:

bash
CopyEdit
ssh -L 8080:localhost:80 user@remote-server

Now, access http://localhost:8080/ on your local machine.

71. How to Secure NFS with Kerberos?

1. Install Kerberos:

bash
CopyEdit
yum install -y krb5-server krb5-workstation nfs-utils

2. Configure Kerberos authentication:

arduino
CopyEdit
/export *(rw,sec=krb5)

3. Restart NFS:

bash
CopyEdit
systemctl restart nfs-server

72. How to Configure a Static IP Address in RHEL?

 Manually (Using nmtui):

bash
CopyEdit
nmtui

 Manually (Edit Network File):

bash
CopyEdit
vi /etc/sysconfig/network-scripts/ifcfg-eth0

Add:

ini
CopyEdit
BOOTPROTO=static
IPADDR=192.168.1.100
NETMASK=255.255.255.0
 GATEWAY=192.168.1.1

Restart network:

bash
CopyEdit
systemctl restart network

73. What is resolv.conf?

 /etc/resolv.conf is the configuration file for DNS resolution.

Example:

nginx
CopyEdit
nameserver 8.8.8.8
nameserver 8.8.4.4

Check current DNS settings:

bash
CopyEdit
cat /etc/resolv.conf

74. How to Check Open Ports on a System?

bash
CopyEdit
netstat -tulnp # Shows open ports and services
ss -tulnp # Alternative to netstat
lsof -i :80 # Check which process is using port 80

75. How to Test Network Connectivity?

1. Ping a Host:

bash
CopyEdit
ping google.com

2. Check Routes:

bash
CopyEdit
ip route show

3. Test Port Connectivity:

bash
CopyEdit
 nc -zv google.com 443

76. What is LVM (Logical Volume Manager)?

 LVM allows dynamic disk management.

 Helps resize, extend, and manage partitions without downtime.
 Key Components:
o PV (Physical Volume) → Represents physical disk/partition.
o VG (Volume Group) → Group of multiple PVs.
o LV (Logical Volume) → Act as a partition, can be resized.

Check existing LVM setup:

bash
CopyEdit
lsblk
pvs # List physical volumes
vgs # List volume groups
lvs # List logical volumes

77. How to Create an LVM Partition in RHEL?

Steps:

1. Create a new partition:

bash
CopyEdit
fdisk /dev/sdb

o Press n → Create new partition

o Press t → Set type as Linux LVM (Hex code 8e)
o Press w → Save & exit
2. Initialize Physical Volume (PV):

bash
CopyEdit
pvcreate /dev/sdb1

3. Create Volume Group (VG):

bash
CopyEdit
vgcreate my_vg /dev/sdb1

4. Create Logical Volume (LV):

bash
CopyEdit
lvcreate -L 5G -n my_lv my_vg

5. Format & Mount the LV:

 bash
CopyEdit
mkfs.xfs /dev/my_vg/my_lv
mkdir /mnt/mydata
mount /dev/my_vg/my_lv /mnt/mydata

6. Make Mount Persistent:

bash
CopyEdit
echo "/dev/my_vg/my_lv /mnt/mydata xfs defaults 0 0" >> /etc/fstab

78. How to Extend an LVM Partition?

1. Extend the Logical Volume:

bash
CopyEdit
lvextend -L +5G /dev/my_vg/my_lv

2. Resize File System:

o XFS File System:

bash
CopyEdit
xfs_growfs /mnt/mydata

o EXT4 File System:

bash
CopyEdit
resize2fs /dev/my_vg/my_lv

79. How to Reduce LVM Partition (EXT4 Only, Not XFS)?

1. Unmount the LV:

bash
CopyEdit
umount /mnt/mydata

2. Resize EXT4 File System:

bash
CopyEdit
e2fsck -f /dev/my_vg/my_lv
resize2fs /dev/my_vg/my_lv 3G

3. Reduce LV:

bash
CopyEdit
 lvreduce -L 3G /dev/my_vg/my_lv

4. Mount Again:

bash
CopyEdit
mount /dev/my_vg/my_lv /mnt/mydata

80. How to Check Disk Usage in Linux?

Command Description
df -h Shows disk usage per filesystem
du -sh /var/log Shows folder size
lsblk Lists block devices (disks, partitions)
fdisk -l Lists partitions

81. What is XFS? Can We Reduce It?

 XFS is a high-performance file system.

 Cannot be reduced after creation.
 Used by default in RHEL 7+.

Extend XFS:

bash
CopyEdit
xfs_growfs /mnt/mydata

82. What is RAID?

 RAID (Redundant Array of Independent Disks) is used for fault tolerance &
performance.
 Types of RAID:
o RAID 0 (Striping) → Fast, No Redundancy
o RAID 1 (Mirroring) → Data Duplication
o RAID 5 (Striping + Parity) → Fault Tolerance
o RAID 10 (RAID 1+0) → High Redundancy

Check RAID:

bash
CopyEdit
cat /proc/mdstat

83. How to Create RAID 1 (Mirroring) in Linux?

 1. Install RAID tools:

bash
CopyEdit
yum install mdadm -y

2. Create RAID 1:

bash
CopyEdit
mdadm --create --verbose /dev/md0 --level=1 --raid-devices=2 /dev/sdb
/dev/sdc

3. Format RAID:

bash
CopyEdit
mkfs.ext4 /dev/md0

4. Mount RAID:

bash
CopyEdit
mount /dev/md0 /mnt/raid1

84. What is NFS & How to Configure It?

 NFS (Network File System) allows sharing directories over a network.

1. Install NFS:

bash
CopyEdit
yum install nfs-utils -y

2. Configure NFS:

bash
CopyEdit
vi /etc/exports

Add:

bash
CopyEdit
/data 192.168.1.0/24(rw,sync,no_root_squash)

3. Restart NFS Service:

bash
CopyEdit
systemctl enable --now nfs-server
85. What is Samba? How is It Different from NFS?

Feature NFS Samba

Protocol Unix/Linux Windows/Linux
Authentication No authentication (by default) Uses usernames & passwords
Best Used for Linux-to-Linux sharing Windows-Linux file sharing

Install Samba:

bash
CopyEdit
yum install samba -y

86. What is nfsnobody in Linux?

 nfsnobody is the default anonymous user for NFS clients.

 Prevents root privileges on shared NFS directories.

87. What is SSHFS?

 SSHFS (SSH File System) allows mounting remote directories via SSH.

Mount a remote folder:

bash
CopyEdit
sshfs user@remote-server:/var/www /mnt/sshfs

Unmount:

bash
CopyEdit
fusermount -u /mnt/sshfs

88. What is ISCSI & targetcli?

 ISCSI (Internet Small Computer System Interface) allows block storage over IP.
 targetcli is used to configure ISCSI targets.

Check ISCSI sessions:

bash
CopyEdit
iscsiadm -m session
89. What is Kerberos & How to Secure NFS with It?

 Kerberos provides secure authentication via ticket-based access.

 Secure NFS with Kerberos:

bash
CopyEdit
/data *(rw,sec=krb5)

90. How to Mount a File System Permanently?

1. Edit /etc/fstab:

bash
CopyEdit
/dev/sdb1 /data ext4 defaults 0 0

2. Apply changes:

bash
CopyEdit
mount -a

91. How to Check System Logs in Linux?

 System Logs are stored in /var/log/.

Command Description
journalctl -xe View system logs
tail -f /var/log/messages Monitor logs in real-time
dmesg View kernel logs

92. What is cron & How to Setup a Cron Job?

 cron schedules repetitive tasks.

Edit cron jobs:

bash
CopyEdit
crontab -e

Example: Run a script every day at 2 AM:

arduino
CopyEdit
0 2 * * * /home/user/backup.sh
93. What is subscription-manager in RHEL?

 Manages Red Hat licenses and repositories.

 Check subscription:

bash
CopyEdit
subscription-manager list

94. Difference Between systemctl & service Commands?

Feature systemctl service

Used in RHEL 7+ RHEL 6 and below
Example systemctl restart sshd service sshd restart

95. How to Check CPU Usage in Linux?

1. top Command (Real-time CPU usage):

bash
CopyEdit
top

o us→ User CPU usage

o sy→ System CPU usage
o id→ Idle CPU percentage
2. htop Command (Graphical top alternative):

bash
CopyEdit
htop

3. mpstat (Per CPU Usage) - Part of sysstat:

bash
CopyEdit
yum install sysstat -y
mpstat -P ALL

4. iostat (CPU & I/O Usage) - Also Part of sysstat:

bash
CopyEdit
iostat -c 2 5

5. sar (Historical CPU Usage) - Also Part of sysstat:

bash
CopyEdit
sar -u 5 10
96. How to Check Memory Usage in Linux?

1. free -h (Human-readable format)

bash
CopyEdit
free -h

o Mem: → Used/free RAM

o Swap: → Used/free swap
2. vmstat (Memory & CPU Usage)

bash
CopyEdit
vmstat 1 5

3. /proc/meminfo (Detailed Memory Stats)

bash
CopyEdit
cat /proc/meminfo

97. How to Check Disk Usage in Linux?

1. df -h (Disk Space Usage)

bash
CopyEdit
df -h

o Shows total, used, and available space for each filesystem.

2. du -sh /path/to/dir (Directory Size)

bash
CopyEdit
du -sh /var/log

oShows size of a specific directory.

3. Find Large Files (Greater than 1GB)

bash
CopyEdit
find / -type f -size +1G

98. How to Check Running Processes in Linux?

Command Description
ps -aux Show all running processes
top Show real-time processes
Command Description
htop Interactive process viewer
pidstat CPU & memory usage per process

99. Difference Between ps -aux & top Command?

Feature ps -aux top

Output Static (snapshot) Dynamic (live update)
Usage One-time check Continuous monitoring
Sorting No sorting Can sort by CPU, memory, etc.

100. How to Check Network Usage in Linux?

1. iftop (Live Network Traffic Monitoring)

bash
CopyEdit
yum install iftop -y
iftop

2. nload (Bandwidth Usage)

bash
CopyEdit
yum install nload -y
nload

3. ss (Socket Statistics - Replaces netstat)

bash
CopyEdit
ss -tulnp

4. ip -s link (Network Interface Stats)

bash
CopyEdit
ip -s link

101. How to Check CPU Details in Linux?

1. lscpu

bash
CopyEdit
lscpu
 o Shows CPU architecture, cores, threads, etc.
2. cat /proc/cpuinfo

bash
CopyEdit
cat /proc/cpuinfo

o Shows detailed CPU information.

102. How to Analyze and Tune System Performance?

1. Install tuned & Enable Performance Profile

bash
CopyEdit
yum install tuned -y
systemctl enable --now tuned
tuned-adm list
tuned-adm profile performance

2. Monitor Performance with sar

bash
CopyEdit
sar -r 5 10 # Memory usage every 5 sec for 10 times
sar -u 5 10 # CPU usage every 5 sec for 10 times

3. Use iotop to Monitor I/O Usage

bash
CopyEdit
yum install iotop -y
iotop

103. How to Reduce CPU Load in Linux?

 Find High CPU Processes:

bash
CopyEdit
ps -eo pid,ppid,cmd,%mem,%cpu --sort=-%cpu | head

 Kill High CPU Process:

bash
CopyEdit
kill -9 <PID>

 Limit CPU Usage for a Process:

bash
 CopyEdit
cpulimit -p <PID> -l 30

104. How to Find and Kill Zombie Processes?

 List Zombie Processes:

bash
CopyEdit
ps aux | grep 'Z'

 Kill Parent Process:

bash
CopyEdit
kill -9 <PARENT_PID>

105. How to Enable Swap in Linux?

1. Check Swap Availability:

bash
CopyEdit
free -h

2. Create a Swap File (1GB)

bash
CopyEdit
dd if=/dev/zero of=/swapfile bs=1M count=1024
chmod 600 /swapfile
mkswap /swapfile
swapon /swapfile

3. Make Swap Permanent

bash
CopyEdit
echo "/swapfile swap swap defaults 0 0" >> /etc/fstab

106. What is OOM Killer & How to Handle It?

 OOM Killer (Out of Memory Killer) terminates processes when memory is low.
 To prevent a process from being killed:

bash
CopyEdit
echo "-1000" > /proc/$(pgrep my_process)/oom_score_adj
107. What is systemd-analyze?

 Analyzes system boot time & performance issues.

bash
CopyEdit
systemd-analyze
systemd-analyze blame

108. What is ulimit in Linux?

 Sets user resource limits.

 Check limits:

bash
CopyEdit
ulimit -a

 Set max file descriptors:

bash
CopyEdit
ulimit -n 65535

109. How to Monitor System Logs in Real Time?

 System Logs:

bash
CopyEdit
journalctl -f

 Kernel Logs:

bash
CopyEdit
dmesg -w

 Monitor Specific Service Logs:

bash
CopyEdit
journalctl -u sshd -f

110. How to Benchmark Performance in Linux?

1. CPU Benchmark:

bash
CopyEdit
 sysbench --test=cpu --cpu-max-prime=20000 run

2. Disk Benchmark:

bash
CopyEdit
dd if=/dev/zero of=testfile bs=1G count=1 oflag=direct

3. Network Speed Test:

bash
CopyEdit
curl -s https://raw.githubusercontent.com/sivel/speedtest-
cli/master/speedtest.py | python

111. How to Optimize Linux for High Performance?

1. Disable Unused Services:

bash
CopyEdit
systemctl disable cups

2. Use noatime to Reduce Disk Writes:

bash
CopyEdit
echo "/dev/sdb1 /data ext4 defaults,noatime 0 0" >> /etc/fstab

3. Increase File Descriptors:

bash
CopyEdit
echo "fs.file-max = 2097152" >> /etc/sysctl.conf

�Networking Basics in Linux

112. How to Check IP Address in Linux?

1. Using ip command (Preferred)

bash
CopyEdit
ip addr show

o Displays IP addresses of all network interfaces.

2. Using ifconfig (Older Method)

bash
CopyEdit
ifconfig

o Requires net-tools package.

 3. Using hostname -I (Quick IP Check)

bash
CopyEdit
hostname -I

o Shows only the assigned IP address.

113. How to Assign a Static IP Address in Linux?

1. Modify Network Configuration File (RHEL 7/8/9)

bash
CopyEdit
vi /etc/sysconfig/network-scripts/ifcfg-eth0

Add/Edit:

ini
CopyEdit
BOOTPROTO=static
IPADDR=192.168.1.100
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
DNS1=8.8.8.8

2. Restart Network Service

bash
CopyEdit
systemctl restart NetworkManager

114. How to Check Active Network Connections?

1. Using ss (Faster Replacement of netstat)

bash
CopyEdit
ss -tulnp

o Shows TCP/UDP connections and associated processes.

2. Using netstat (Older Method)

bash
CopyEdit
netstat -tulnp

115. How to Test Network Connectivity?

 Command Usage

ping <IP/Domain> Check if a host is reachable

traceroute <IP/Domain> Trace the route to a host

nc -zv <IP> <Port> Check if a port is open

telnet <IP> <Port> Connect to a specific port

curl -I <URL> Fetch HTTP headers

Example:

bash
CopyEdit
ping -c 4 google.com
traceroute google.com
nc -zv google.com 443
curl -I https://google.com

116. How to View Routing Table?

1. Using ip route show

bash
CopyEdit
ip route show

2. Using route -n (Older Method)

bash
CopyEdit
route -n

117. How to Add a Static Route?

bash
CopyEdit
ip route add 192.168.2.0/24 via 192.168.1.1 dev eth0

 Persists only until reboot.

 To make it permanent, add it to /etc/sysconfig/network-scripts/route-eth0.

118. What is DNS? How to Configure DNS in Linux?

  DNS (Domain Name System) resolves domain names to IP addresses.

1. Check Current DNS

bash
CopyEdit
cat /etc/resolv.conf

2. Manually Set DNS

bash
CopyEdit
echo "nameserver 8.8.8.8" > /etc/resolv.conf

3. Restart Network Service

bash
CopyEdit
systemctl restart NetworkManager

119. What are the Different Types of DNS Records?

Type Purpose

A Maps domain to IPv4 address

AAAA Maps domain to IPv6 address

CNAME Alias (e.g., www → example.com)

MX Mail Exchange server records

TXT Custom text records (used in SPF, DKIM, etc.)

�Security in Linux

120. What is SSH? How to Secure SSH?

 SSH (Secure Shell) is used for remote login.

 Default port: 22
 SSH configuration file: /etc/ssh/sshd_config

Hardening SSH

1. Change Default SSH Port (Avoid 22)

bash
CopyEdit
 vi /etc/ssh/sshd_config

Change:

yaml
CopyEdit
Port 2222

2. Disable Root Login

nginx
CopyEdit
PermitRootLogin no

3. Allow Specific Users

nginx
CopyEdit
AllowUsers user1 user2

4. Restart SSH

bash
CopyEdit
systemctl restart sshd

121. How to Generate SSH Keys?

1. Generate SSH Key Pair

bash
CopyEdit
ssh-keygen -t rsa -b 4096

2. Copy Public Key to Remote Server

bash
CopyEdit
ssh-copy-id user@remote-server

122. What is a Firewall? How to Manage Firewall in RHEL?

 RHEL uses firewalld (default) instead of iptables.

Check Firewall Status

bash
CopyEdit
systemctl status firewalld
Allow/Block Ports

 Allow Port 80 (HTTP)

bash
CopyEdit
firewall-cmd --add-port=80/tcp --permanent
firewall-cmd --reload

 Deny Port 22 (SSH)

bash
CopyEdit
firewall-cmd --remove-port=22/tcp --permanent
firewall-cmd --reload

123. What is SELinux? How to Manage SELinux?

 SELinux (Security-Enhanced Linux) enforces mandatory access controls.

Check SELinux Status

bash
CopyEdit
sestatus

Disable SELinux (Not Recommended)

bash
CopyEdit
setenforce 0 # Temporary disable
vi /etc/selinux/config # Set SELINUX=disabled for permanent disable

124. How to Monitor Failed Login Attempts?

bash
CopyEdit
grep "Failed password" /var/log/secure

125. How to Block an IP Address in Linux?

1. Using iptables

bash
CopyEdit
iptables -A INPUT -s 192.168.1.100 -j DROP

2. Using firewalld

bash
CopyEdit
firewall-cmd --add-rich-rule='rule family="ipv4" source
address="192.168.1.100" reject' --permanent
 firewall-cmd --reload

126. How to Check System Logs for Security Issues?

1. Authentication Logs

bash
CopyEdit
cat /var/log/secure

2. System Logs

bash
CopyEdit
journalctl -xe

127. What is Fail2Ban? How to Prevent Brute Force Attacks?

 Fail2Ban blocks repeated failed login attempts.

Install & Enable Fail2Ban

bash
CopyEdit
yum install fail2ban -y
systemctl enable --now fail2ban

Configure SSH Protection

bash
CopyEdit
vi /etc/fail2ban/jail.local

Add:

ini
CopyEdit
[sshd]
enabled = true
maxretry = 5
bantime = 600

Restart Fail2Ban
bash
CopyEdit
systemctl restart fail2ban

128. What is tcpdump? How to Capture Network Traffic?

1. Capture All Traffic

bash
CopyEdit
 tcpdump -i eth0

2. Capture Traffic to a Specific IP

bash
CopyEdit
tcpdump -i eth0 host 192.168.1.1

3. Save Capture to a File

bash
CopyEdit
tcpdump -i eth0 -w capture.pcap

�Advanced Security in Linux

1. Linux Security Basics

 Understanding file and directory permissions (rwx, chmod, chown, chgrp)

 Special permissions: SetUID, SetGID, Sticky Bit
 Access Control Lists (ACLs)
 SELinux: enforcing, permissive, and disabled modes
 File integrity monitoring with aide (Advanced Intrusion Detection Environment)

2. Network Security

 Firewall Management:
o iptables vs firewalld
o Configuring zones, services, and ports in firewalld
 Network Intrusion Detection and Prevention Systems (IDS/IPS):
o Tools: Snort, Suricata
 TCP Wrappers and Host-Based Access Control
o /etc/hosts.allow and /etc/hosts.deny
 Securing SSH:
o SSH key-based authentication
o Disabling root login (PermitRootLogin no)
o Changing default SSH port
o SSH tunneling and port forwarding
o Fail2Ban for brute force attack prevention

3. Authentication and Authorization

 PAM (Pluggable Authentication Modules)

o Configuring /etc/pam.d/
o Using pam_tally2 to lock accounts after failed login attempts
 Kerberos Authentication
o Setting up a Kerberos client and server
 LDAP for centralized authentication
 Multi-Factor Authentication (MFA) for SSH access
4. Disk and Data Security

 Encrypting file systems with LUKS (Linux Unified Key Setup)

 Securely wiping data with shred and wipe
 Encrypting directories with encfs
 Using fscrypt for per-user file encryption

5. System Hardening

 Disabling unnecessary services

 Configuring secure boot parameters in /etc/sysctl.conf
 Kernel security parameters (sysctl -a)
 Limiting user access with ulimit and /etc/security/limits.conf
 Auditing with auditd and ausearch

6. Logging and Monitoring

 journalctl for system logs

 Configuring rsyslog for remote logging
 Real-time monitoring with auditd
 Using logwatch for automated log analysis

7. Container and Cloud Security

 Securing Docker and Podman containers

o Running containers as non-root users
o Using seccomp, AppArmor, and SELinux for containers
 OpenShift and Kubernetes Security
o Role-Based Access Control (RBAC)
o Pod Security Policies
o Network policies

Monitoring in Linux (RHEL) & DevOps

1. Why do we use monitoring?

Monitoring is essential for:

 Performance Optimization – Detecting bottlenecks in CPU, memory, disk, and network

usage.
 Availability & Uptime – Ensuring servers, applications, and services are always running.
 Security & Compliance – Detecting unauthorized access, security breaches, or abnormal
activity.
 Troubleshooting & Root Cause Analysis – Debugging issues quickly by analyzing logs and
system metrics.
 Capacity Planning – Predicting future resource needs.
2. Different Tools & Technologies for Monitoring

Monitoring tools are categorized into:

✅Infrastructure Monitoring:

 Nagios – Traditional tool for host and service monitoring.

 Zabbix – Network, hardware, and server monitoring.
 Prometheus – Cloud-native monitoring for containers and microservices.

✅Log Monitoring & Analysis:

 ELK Stack (Elasticsearch, Logstash, Kibana) – Real-time log analysis.

 Graylog – Centralized log management.
 Fluentd – Log collection and processing.

✅Application Performance Monitoring (APM):

 New Relic – Full-stack monitoring for applications.

 Datadog – SaaS-based application and infrastructure monitoring.
 AppDynamics – End-to-end application performance tracking.

✅Container & Kubernetes Monitoring:

 Prometheus + Grafana – Kubernetes-native monitoring.

 cAdvisor – Container-level metrics.
 Kube-state-metrics – Kubernetes cluster state monitoring.

✅Cloud Monitoring Tools:

 AWS CloudWatch – AWS resource monitoring.

 Azure Monitor – Azure cloud monitoring.
 Google Stackdriver – Google Cloud monitoring.

3. How do we monitor applications & servers differently?

✅Application Monitoring focuses on:

 Application logs (/var/log/app.log)

 HTTP request latency
 Database performance
 Error rates and exception tracking

✅Server Monitoring focuses on:

 CPU, Memory, Disk, and Network usage (top, htop, vmstat, iostat)
 System logs (/var/log/syslog, /var/log/messages)
 Process monitoring (ps, systemctl status)
  Disk I/O monitoring (iostat, iotop)

4. What is Prometheus? How is it different from other monitoring tools?

✅Prometheus is an open-source monitoring system designed for dynamic cloud and

container environments.

Features of Prometheus:

 Pull-based monitoring (scrapes metrics from endpoints).

 Uses time-series data (stores metrics with timestamps).
 Powerful query language (PromQL) for custom metrics.
 AlertManager for sending alerts to Slack, email, etc.
 Designed for Kubernetes and microservices.

How is Prometheus different from other monitoring tools?

Feature Prometheus Nagios Zabbix Datadog

Data Collection Pull-based Agent-based Agent-based SaaS-based

Kubernetes, Legacy Network devices, Cloud

Best For
microservices systems servers applications

Query
PromQL NRPE SQL-based API queries
Language

Alerts AlertManager Plugins Built-in Built-in

5. What is the ELK Stack?

✅ELK Stack = Elasticsearch + Logstash + Kibana

A log management and real-time analytics tool.

✅Elasticsearch – Search and analytics engine for indexing logs.

✅Logstash – Collects, processes, and forwards logs to Elasticsearch.
✅Kibana – Web UI for visualizing logs and metrics.

✅Use Case:

 Centralized log storage

 Real-time troubleshooting
 Security analysis
 Compliance auditing
6. Why do we use Grafana?

✅Grafana is a visualization and analytics platform that helps monitor logs, metrics, and
application data.

Why use Grafana?

 Supports multiple data sources (Prometheus, InfluxDB, MySQL, Elasticsearch).

 Custom dashboards for time-series data.
 Alerting system for real-time notifications.
 Integrates with Kubernetes, Docker, AWS CloudWatch, and more.
 Multiple graph types (line, bar, heatmaps, histograms).

7. How do we query different outputs in Prometheus?

Prometheus uses PromQL (Prometheus Query Language) to fetch metrics.

✅Basic Queries:

 up{job="nginx"} → Checks if Nginx is running.

 rate(http_requests_total[5m]) → HTTP requests per second in the last 5 min.
 sum(cpu_usage_seconds_total) by (instance) → Total CPU usage per instance.
 avg_over_time(memory_usage_bytes[10m]) → Avg. memory usage in last 10 min.

✅Alerting Example:

 ALERT HighCPUUsage IF avg(rate(cpu_usage_seconds_total[5m])) > 0.7

FOR 5m

8. What types of graphs can be implemented in Grafana?

Grafana supports:
✅Time-series Graphs – Line charts for CPU, memory, and network usage.
✅Bar Charts – Comparing resource consumption.
✅Heatmaps – Showing anomalies in system performance.
✅Single-Stat Panels – Displaying CPU usage % in a single number.
✅Gauge & Progress Charts – Monitoring real-time metrics like disk space.
✅Geo Maps – Mapping logs or requests by geographic location.