Scribd Logo
Upload

Welcome to Scribd!

  • SysAdmin Test

    Uploaded by

    sharma_rsap
    15 views5 pages
    test for system admin

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    test for system admin

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    15 views5 pages

    SysAdmin Test

    Uploaded by

    sharma_rsap
    test for system admin

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 5

    Checklist for System Administrators

    Rene Pfeiffer
    pfeiffer@luchs.at
    H+43.676.5626390, T+43.720.349387, v+43.1.5036081
    web.luchs.at
    27. November 2011

    1
    1. Tools of the Trade
    1. Name at least three tools that can be used to copy data between hosts.

    2. Name at least three tools that can be used to compare the content of different
    files.

    3. Create a group on a GNU/Linux server.

    4. Create a user account on a GNU/Linux server without password and no possi-


    bility to login.

    5. Create a file-backed loopback device with an Ext4 file system without journal
    and mount it.

    6. Describe the steps required to resize an Ext3 file system mounted on a logical
    volume. Make sure you describe the necessary requirements to successfully in-
    crease the size of the file system as well.

    7. Download the latest Oracle Java installation package by using console tools
    only.

    8. Download the latest Linux kernel from www.kernel.org and check the crypto-
    graphic signature of the source code archive.

    9. Query the package database to see which Linux kernel package is installed. Use
    aptitude/apt/dpkg, yum and rpm.

    10. Kill all processes of a specific name.

    2. Networking
    1. Write a Bash script in order to turn a GNU/Linux system into a simple router
    (no firewalling).

    2. The Linux kernel has a configuration option called rp filter. Why is it useful
    for a network router? Can it be used for asymmetric routing?

    3. Turn a GNU/Linux system into a router without using a Bash script (again no
    firewalling, just use the configuration of a GNU/Linux distribution).

    4. Check to see if a host is online without using ICMP at all.

    5. Find all active neighbours in the same Ethernet segment.

    6. Configure a host name resolutions system for all hosts in your Ethernet seg-
    ment.

    2
    7. Write a Bash script that connects to a WLAN network protected by WPA2+PSK.
    Do not rely on the configuration tools used by your dsitribution. Use all com-
    mands manually and prepare the necessary configuration file(s).

    8. Describe all the checks necessary to deploy Ethernet jumbo frames in your local
    network. How do you compute the size of the jumbo frames?

    9. The local Ethernet network operation is disrupted and you see lots of packets
    with the MAC address 01-80-C2-00-00-01 on the wire. What has happened
    and how can you stop it?

    10. Set up a bridge device and connect to the local Ethernet segment by using one
    network interface card and this bridge. Do you enable or disable STP? Explain
    your choice.

    3. Security
    1. Do you compress/encrypt or encrypt/compress? Explain your choice.

    2. Your task is to copy a large amount of data via a Gigabit Ethernet link. You are
    required to use encryption. Which tool and which options do you use? Explain
    your choice.

    3. Create a file-backed loopback device with an Ext4 file system without journal
    on an encrypted block device and mount it.

    4. Write a Bash script that firewalls the local machine and leaves port 22/TCP,
    25/TCP and 443/TCP open. Take care not to disrupt Path MTU discovery.

    5. Configure a servers SSH daemon not to accept any passwords, only SSH keys.
    Describe the process of creating and configuring SSH keys.

    6. Find all world-writable directories and files on a server and write them to a text
    file.

    7. Configure an SSH account that can only send/receive data and does not get an
    interactive shell.

    8. Create and configure a local Certificate Authority for issuing X.509 certificates.

    9. Send an executable file to an e-mail account protected by anti-virus filters. Ex-


    plain your steps to avoid the filtering software.

    10. Configure IPsec in transport mode between two hosts. Explain your configura-
    tion steps.

    3
    4. Applications
    1. Dump, delete and restore a MySQL database.

    2. Dump, delete and restore a Postgres database.

    3. Configure an Apache virtual host, create the necessary directory and create an
    SCP account for reading/writing to/from this directory.

    4. Install a DNS resolving nameserver with a local zone for the local network
    172.13.20.0/22. Make sure you have zones for reverse and forward lookup. Ge-
    nerate the zone files by using a script.

    5. Install and configure an FTP server that chroots login users to their home di-
    rectory.

    6. Install and configure an OpenVPN server and configure it to give clients ac-
    cess to a local Ethernet segment.

    7. Install and configure an SMTP relay server (Postfix preferred) that accepts connec-
    tions from local clients and secures all transmissions with SSL/TLS. Explain
    your configuration steps.

    8. Install and configure an IMAP server (Dovecot preferred) with local user ac-
    counts. Make sure the IMAP server secures all transmissions with SSL/TLS. Do
    not use system accounts for the owner of the mailboxes. Explain your configu-
    ration steps.

    9. Install and configure a HTTP/HTTPS reverse proxy for www.orf.at (Squid pre-
    ferred, but you can use any other proxy software working on layer 7) so that
    local users can connect to this proxy and see the www.orf.at web site.

    10. Install and configure a HTTP/HTTPS proxy for local users (again Squid prefer-
    red). Turn this proxy into a transparent proxy for HTTP on port 80.

    5. Tasks
    1. How do you convert a GNU/Linux server from a physical machine to a virtual
    server by using an arbitrary GNU/Linux Live-CD? Describe your steps.

    2. Copy the /var directory tree from host A to B by preserving all file meta infor-
    mation. Use encryption while copying.

    3. Write a shell script that runs daily at 2000 except Sunday, creates an archive of
    /etc, dumps it to /home/archive and reports success/failure by e-mail to
    your e-mail address.

    4
    A. Revisionen dieses Dokuments
    Diese Tabelle zahlt die Revisionen dieses Dokuments zusammen mit den Anderun-
    gen auf. Bitte beim Vergleichen der Versionen auf das Datum auf dem Deckblatt ach-
    ten.
    22. November 2011 Erstellung der Dokumentenvorlage in erster Version. (Rene
    Pfeiffer)
    27. November 2011 Revision. (Rene Pfeiffer)

    You might also like