As a system administrator, it’s your job to ensure your systems are running smoothly. This requires you to identify and solve problems, fix security vulnerabilities, and ensure your IT infrastructure is always working efficiently.
If you’re new to this role, you probably already know that being a sysadmin is a pretty demanding job. You have a lot of responsibilities to manage.
But we’re here to help make your job a little bit easier. Below are seven Linux commands every sysadmin should know.
Let’s get started.
The nmap command is short for “Network Mapper.” It’s an open-source monitoring tool commonly used by sysadmins to scan and discover networks.
Thanks to its versatility, nmap has become one of the most popular tools among administrators. You can use it to:
- Find live hosts on a network
- Scan ports and perform ping sweeps
- Detect operating systems running on your network
- Perform security audits
You can even use nmap to scan for malware. Nmap comes with an expansive library of scripts, making it one of the most comprehensive tools in your arsenal.
You have to download and install nmap before you can use it. If you’re using CentOS or Fedora, use the following command:
sudo dnf install nmap
If you’re using Ubuntu or Debian, use:
sudo apt-get install nmap
But which nmap commands should you know? Good question––there are too many commands to cover here. Check out this guide on the 50 essential nmap commands every sysadmin should know.
Having a bunch of unwanted and unused packages on your system can be a security vulnerability. One of those packages could become an entry point for a cyberattack––and as the system administrator, it’s your job to reduce the threat vectors within your system.
That’s why we suggest removing any packages that you don’t use. This will reduce the chances of you falling victim to a cyberattack because of a software vulnerability or misconfiguration.
Use the autoremove command to delete all unwanted packages from your system. You can do this by running apt-get autoremove. This will remove any uninstalled packages that remain on your server.
Once you’re done with that, use the apt-cache pkgnames command to see a list of all your packages. When you find one or more packages you don’t need, delete them with sudo apt-get purge –auto-remove [packagename].
This command lets you see which services are running in the background, as well as the boot time of every service you have running. You can use this tool to see whether you’ve got potentially harmful services running.
First, you need to install the program. You can do that by entering the following command: apt-get install sysv-rc-conf.
Once you’ve installed sysv-rc-conf, enter this command in your terminal: sysv-rc-conf –list | grep ‘3:on’. This will show you which services started when you booted your computer and which started later.
If you see a service that looks suspicious, disable it with: systemctl disable [servicename].
Iptables is a versatile firewall tool you can use to protect your Linux system from outside threats. You can use it to block malicious parties from attacking your systems by using the following commands:
- iptables -A INPUT -p tcp ! –syn -m state –state NEW -j DROP to force SYN packets check
- iptables -A INPUT -p tcp –tcp-flags ALL NONE -j DROP to drop null packets
- iptables -A INPUT -p tcp –tcp-flags ALL ALL -j DROP to drop XMAS packets
- iptables -A INPUT -f -j DROP to drop incoming packets with fragments
Want to learn more about how to use Iptables to protect your system? Check out this guide on preventing common attacks.
Open ports aren’t inherently dangerous. In fact, you need them to send and receive data over the internet.
However, having open ports that are hidden can be a problem. Hackers can use these ports to gain access to your system––and you won’t even know how they breached your cybersecurity measures.
You can use netstat -antp to scan your system for hidden open ports. This will give you a visual of all the open ports on your system. And when you come across a port you don’t recognize, close it using the following command: sudo kill $(sudo lsof -t -i:[portnumber]). This will effectively reduce the threat vectors that place your system at risk.
A rootkit is a collection of malicious tools that grant attackers remote access to your server. Think of it as a key that unwelcomed visitors can use to gain entry to your system.
Rootkits are designed to be difficult to find. Because once you discover and remove the rootkit, you end up removing the backdoor that’s been granting hackers access.
Chkrotkit is a tool that scans your server for suspicious programs that could be rootkits. You can install this program with the following command: apt-get install chkrootkit.
Once installed, use the chkrootkit command while you’re logged in as the root user. The program will scan your server for malware and notify you of any potential threats.
7. Update and Upgrade
Keeping your systems up to date is an important part of good cybersecurity. Your operating system and applications should be routinely patched to fix any security vulnerabilities that could compromise your server.
You can keep your systems updated and secure with the sudo apt-get update && apt-get upgrade command. The update command is used to update the list of packages, while upgrade downloads and installs them for you.
If you’re too busy to do manual upgrades, you can automate the process with sudo apt-get install unattended-upgrades. This enables automatic security updates, which ensures your system always stays patched.
Give Your Server a Multi-Layered Protection
There you have it. Seven Linux commands that will improve your system’s security and performance.
Combine these with BitNinja’s multi-layered protection to dramatically reduce your chances of being hacked. Cybersecurity is not optional anymore. It is a must! If you haven’t tried BitNinja yet, don’t forget to register for the 7-day free trial! No credit card needed!
Let’s make the internet a safer place together!