7 useful Linux commands for system administrators (SYSADMINS)
System administrator or SysAdmin is a person who maintains and manages a system or a computer network. In fact, the complete management of servers, clients, switches and a whole set of computer networks is the responsibility of the system administrator. As a system administrator, it is your job to ensure that your systems are running smoothly. This requires identifying and resolving problems, fixing security vulnerabilities, and ensuring that the IT infrastructure is always operational. If you’re new to the role, you probably already know that being a system administrator can be quite a challenge. You have many responsibilities to manage. But we are here to make it a little easier for you
1) Nmap:
The nmap command stands for “Network Mapper”. This directive is an open-source monitoring tool commonly used by system administrators to scan and discover networks. Thanks to its practicality, nmap has become one of the most popular tools among administrators. You can use it for:
- Find live hosts on a network.
- Scan ports and ping back and forth.
- Identify operating systems running on your network.
- Perform security audits.
You can even use nmap to scan for malware. Combined with an extensive library of scripts, Nmap is one of the most comprehensive tools in your arsenal. Before using it, you need to download and install nmap. If you are using CentOS or Fedora, use the following command:
sudo dnf install nmap
If you are using Ubuntu or Debian, use the following command:
sudo apt-get install nmap
2) Autoremove:
Having an unwanted and unused package on your system can be a security malware. One of these packages can become an entry point for a cyberattack, and your job as a system administrator is to reduce the threat vectors in your system. That’s why we suggest you remove the packages you don’t use. This reduces the possibility of being lost in a cyberattack due to software vulnerability or misconfiguration. Use the autoremove command to remove all unwanted packages from your system. You can do this by running the following command:
apt-get autoremove
This will remove the undeleted packages that remain on your server. After this is done, use the following command to see a list of all your packages:
apt-cache pkgnames
When you find one or more required packages, remove them with the following command:
sudo apt-get purge –auto-remove [packagename]
3) Sysv-rc-conf:
This command allows you to see the boot time of any service you are running and the services that are running in the background. You can use this tool to see if potentially harmful services are running. First you need to install the program. You can do this by entering the following command:
apt-get install sysv-rc-conf
After installing sysv-rc-conf, enter the following command in your terminal:
sysv-rc-conf –list | grep '3
The above command will show you what services are started when the computer boots and after that. If you suspect that a service is malware, disable it using the following command:
systemctl disable [servicename]
4) Iptables:
Iptables directive is a versatile firewall tool that you can use to protect your Linux system from malware. You can protect your system from malware using the following commands:
To control SYN packets:
iptables -A INPUT -p tcp ! –syn -m state –state NEW -j DROP
To drop null packets:
iptables -A INPUT -p tcp –tcp-flags ALL NONE -j DROP
To drop XMAS packages:
iptables -A INPUT -p tcp –tcp-flags ALL ALL -j DROP
To drop incoming packets with fragments:
iptables -A INPUT -f -j DROP
5) Netstat:
Basically, open ports do not cause problems. In fact, you need them to send and receive data over the Internet. However, having hidden ports can be a problem. Hackers can use these ports to access your system and you won’t even know how they are violating your cybersecurity measures. You can use netstat -antp to scan your system for hidden ports. This will give you a snapshot of all the open ports on your system. And when you come across a port you don’t recognize, close it using the following command:
sudo kill $ (sudo lsof -t -i: [portnumber])
The above command effectively reduces threat vectors.
6) Chkrootkit:
A rootkit is a set of malicious tools that allow attackers to gain remote access to your server. Think of it as a key that unwanted visitors can use to log into your system. Rootkits are designed to be difficult to detect. Because once you discover and remove the rootkit, you end up removing the backdoor that gave hackers access. Chkrotkit is a tool that scans your server for suspicious programs that could be rootkits. You can install this program with the following command:
apt-get install chkrootkit
Once you’re logged in as root, use the chkrootkit command. This program scans your server for malware and notifies you of any potential threats.
7) Update and Upgrade:
Keeping systems up to date is an important part of cybersecurity. Your operating system and applications should be patched regularly to address security vulnerabilities that could compromise your server. The update command is used to update the package list, while upgrading and installing downloads for you. Keep your system updated and secure using the following command:
sudo apt-get update && apt-get