Linux Interview Questions With Answers for DevOps

Published on December 18, 2025 by Team SKY | Tags: Linux DevOps, interview answers, practical solutions, command examples

Direct answers to common Linux DevOps interview questions with practical examples, command explanations, and troubleshooting solutions. This guide provides ready-to-use answers for your interview preparation.

1. Essential Linux Commands with Examples

Practical command usage with real examples that you can use directly in interviews and daily work.

Q: How do you find which process is using a specific port?

Networking

Direct Answer:

Use ss (preferred) or netstat command:

# Method 1: Using ss (modern, faster) sudo ss -tulpn | grep :80 # Breakdown: # -t: TCP ports # -u: UDP ports # -l: Listening sockets # -p: Show process/PID # -n: Show numeric addresses/ports # Method 2: Using netstat (older but widely known) sudo netstat -tulpn | grep :80 # Method 3: Find by port number directly sudo lsof -i :80 # Method 4: Using fuser (for checking and killing) sudo fuser 80/tcp sudo fuser -k 80/tcp # Kill process using port 80

Example Output:

$ sudo ss -tulpn | grep :80 LISTEN 0 128 0.0.0.0:80 0.0.0.0:* users:(("nginx",pid=1234,fd=6)) # This shows nginx (PID 1234) is listening on port 80

Practical Scenarios:

  1. Port conflict troubleshooting:
    # When you get "Address already in use" error sudo ss -tulpn | grep :8080 # If something is using it, either kill it or change your port
  2. Security audit:
    # Find all open ports on system sudo ss -tulpn # Check for unexpected services listening on public interfaces
  3. Service verification:
    # Verify your service is listening on correct port sudo ss -tulpn | grep -E "(nginx|apache|your-service)"

Why This Answer Works:

  • Shows multiple methods: Demonstrates knowledge of different tools
  • Includes modern practices: ss is preferred over netstat in modern Linux
  • Practical examples: Provides real commands that can be used immediately
  • Explains options: Breaks down what each flag does
  • Real-world scenarios: Shows when and why you'd use these commands

Q: How to check disk space usage and find large files?

Filesystem

Direct Answer:

For disk space:

# 1. Basic disk usage df -h # -h: Human readable (KB, MB, GB) # Output shows each filesystem's usage # 2. Detailed disk usage with inodes df -hi # -i: Show inode information # 3. Check specific directory usage du -sh /var/log # -s: Summary total # -h: Human readable # 4. Find large files (top 10) find / -type f -exec du -h {} + 2>/dev/null | sort -rh | head -10 # 5. Find large files in specific directory find /var/log -type f -size +100M -exec ls -lh {} + # 6. Interactive disk usage analyzer ncdu /var # Requires ncdu package

For finding large files:

# Method 1: Using find and sort sudo find / -type f -size +500M -exec ls -lh {} \; 2>/dev/null # Method 2: Quick top 10 largest files sudo du -ah / 2>/dev/null | sort -rh | head -10 # Method 3: Find by file type sudo find /var/log -name "*.log" -size +100M # Method 4: Find and delete old large files sudo find /tmp -type f -size +1G -mtime +7 -delete # Method 5: GUI alternative (if available) baobab # Disk Usage Analyzer GUI tool

Practical Scenarios:

๐ŸŽฏ PRACTICAL DISK SPACE SCENARIOS ================================== SCENARIO 1: "/" is 95% full -------------------------------- # Step 1: Check overall usage df -h # Step 2: Find which directory is using most space du -sh /* 2>/dev/null | sort -rh | head -5 # Step 3: Drill down into largest directory du -sh /var/* 2>/dev/null | sort -rh | head -5 # Step 4: Find large files in that directory find /var/log -type f -size +100M -exec ls -lh {} + SCENARIO 2: Inode exhaustion ----------------------------- # df shows space but operations fail df -i # Check inode usage # Find directories with many small files find /path -type f | cut -d/ -f1-3 | sort | uniq -c | sort -rn SCENARIO 3: Docker disk cleanup ------------------------------- # Docker can consume significant disk docker system df # Check Docker disk usage docker system prune -a # Clean unused Docker objects

Common Issues & Solutions:

Issue Command to Diagnose Solution
Disk full df -h Clean /tmp, /var/log, or use largest file finders
Inode exhaustion df -i Remove many small files, increase inode count at format
Docker disk usage docker system df docker system prune
Log files growing find /var/log -size +100M Rotate logs, compress old logs, adjust log level

Pro Tips:

  • Use 2>/dev/null to suppress permission denied errors
  • Combine commands with pipes for efficient analysis
  • Monitor regularly with scripts to prevent disk issues
  • Consider using LVM for easier disk space management
  • Set up log rotation to prevent log file issues

Q: How to view and search through logs effectively?

Commands

Direct Answer:

Essential log viewing commands:

# 1. View logs in real-time (tail with follow) sudo tail -f /var/log/syslog sudo tail -f /var/log/nginx/access.log # 2. View last N lines sudo tail -100 /var/log/syslog # 3. View from beginning sudo cat /var/log/syslog | less # 4. Search for errors sudo grep -i error /var/log/syslog sudo grep -i "failed\|error\|exception" /var/log/syslog # 5. Search with context (lines before/after) sudo grep -B5 -A5 "error" /var/log/syslog # 6. Search in multiple files sudo grep -r "Connection refused" /var/log/ # 7. View logs by time sudo journalctl --since "2023-12-18 10:00:00" --until "2023-12-18 11:00:00" # 8. Follow system logs (systemd) sudo journalctl -f # 9. Filter by service sudo journalctl -u nginx -f sudo journalctl -u docker --since "1 hour ago" # 10. View structured logs (json) sudo journalctl -o json | jq .

Advanced log analysis:

# 1. Count occurrences of errors sudo grep -c "error" /var/log/syslog # 2. Extract unique error messages sudo grep -o "error: .*" /var/log/syslog | sort | uniq -c | sort -rn # 3. Monitor log growth sudo watch -n 60 'du -sh /var/log' # 4. Find most frequent log messages sudo awk '{print $5}' /var/log/nginx/access.log | sort | uniq -c | sort -rn # 5. Parse JSON logs sudo cat /var/log/app.json | jq '. | select(.level == "ERROR")' # 6. Real-time log analysis with multitail sudo multitail /var/log/nginx/access.log /var/log/nginx/error.log # 7. Use logwatch for daily summaries sudo logwatch --detail High # 8. Monitor logs with less (search within) sudo less /var/log/syslog # Then press '/' to search, 'n' for next, 'N' for previous

Log File Locations:

Log Type Location Purpose
System Logs /var/log/syslog
/var/log/messages		 General system messages
Authentication /var/log/auth.log
/var/log/secure		 Login attempts, sudo usage
Kernel /var/log/kern.log
dmesg		 Kernel messages, hardware errors
Web Server /var/log/nginx/*
/var/log/apache2/*		 Web server access/error logs
Database /var/log/mysql/*
/var/log/postgresql/*		 Database operations and errors
Application /var/log/app/* Custom application logs

Practical Troubleshooting Examples:

๐Ÿ” LOG TROUBLESHOOTING SCENARIOS ================================== SCENARIO 1: Service failed to start ------------------------------------ # Check service-specific logs sudo journalctl -u nginx --since "10 minutes ago" sudo tail -f /var/log/nginx/error.log # Look for specific error patterns sudo grep -B5 -A5 "failed to start" /var/log/syslog SCENARIO 2: High server load investigation ------------------------------------------ # Check for resource-related errors sudo grep -i "oom\|out of memory" /var/log/syslog sudo grep -i "cpu\|load" /var/log/syslog # Check for process crashes sudo grep -i "segmentation fault\|core dumped" /var/log/syslog SCENARIO 3: Security investigation ---------------------------------- # Check for failed login attempts sudo grep "Failed password" /var/log/auth.log sudo grep "invalid user" /var/log/auth.log # Count failed attempts per IP sudo grep "Failed password" /var/log/auth.log | awk '{print $11}' | sort | uniq -c | sort -rn SCENARIO 4: Network connectivity issues --------------------------------------- # Check for connection errors sudo grep -i "connection refused\|timeout" /var/log/syslog sudo grep -i "network unreachable" /var/log/syslog # Check DNS resolution issues sudo grep -i "name or service not known" /var/log/syslog

Production Tips:

  • Use log rotation to prevent disk filling:
    # Check logrotate configuration ls /etc/logrotate.d/ # Common configs: nginx, mysql, syslog
  • Centralize logs with ELK stack or Loki for distributed systems
  • Set up alerts for critical errors in logs
  • Use structured logging (JSON format) for easier parsing
  • Implement log retention policies based on compliance needs

2. Process & Performance Management

Managing processes, monitoring performance, and troubleshooting system resource issues.

Q: How to monitor CPU and memory usage in real-time?

Monitoring

Direct Answer:

Real-time monitoring tools:

# 1. top - Basic process viewer top # Press '1' to show all CPUs # Press 'M' to sort by memory # Press 'P' to sort by CPU # Press 'q' to quit # 2. htop - Enhanced top (install with: sudo apt install htop) htop # Features: Tree view, process search, kill processes with F9 # 3. glances - Comprehensive monitoring (sudo apt install glances) glances # Shows CPU, memory, disk, network, processes # 4. vmstat - Virtual memory statistics vmstat 1 # Update every 1 second # 5. mpstat - CPU statistics mpstat -P ALL 1 # All CPUs every 1 second # 6. free - Memory usage free -h # Human readable free -h -s 5 # Update every 5 seconds # 7. sar - System activity reporter (install: sudo apt install sysstat) sar -u 1 3 # CPU usage, 1 second interval, 3 times sar -r 1 3 # Memory usage # 8. nmon - Nigel's performance monitor nmon # Interactive mode nmon -f -s 5 -c 12 # Capture to file, 5 sec interval, 12 times

Monitoring specific processes:

# 1. Monitor specific process by PID top -p 1234 htop -p 1234 # 2. Monitor process tree pstree -p # Show process tree with PIDs pstree -p 1234 # Show tree for specific process # 3. Check process memory usage ps aux --sort=-%mem | head -10 # Top 10 memory using processes ps aux --sort=-%cpu | head -10 # Top 10 CPU using processes # 4. Detailed process information cat /proc/1234/status # Process status cat /proc/1234/statm # Memory information cat /proc/1234/io # I/O statistics # 5. Monitor process in real-time watch -n 1 'ps aux | grep nginx' # Update every second

Performance metrics interpretation:

๐Ÿ“Š PERFORMANCE METRICS GUIDE ================================ CPU METRICS: - %us: User CPU time (application code) - %sy: System CPU time (kernel) - %id: Idle time - %wa: I/O wait time - %st: Steal time (virtualization) MEMORY METRICS: - Total: Total available memory - Used: Currently used memory - Free: Completely free memory - Buff/Cache: Memory used for buffers/cache - Available: Memory available for new processes LOAD AVERAGE (from top/uptime): - 1 min: Recent load - 5 min: Medium-term load - 15 min: Long-term load - Rule of thumb: Load > CPU cores = system overloaded SWAP USAGE: - Swap used: Memory moved to disk - High swap usage indicates memory pressure - Swapping causes performance degradation I/O WAIT: - %wa in top: CPU waiting for I/O - High I/O wait indicates disk bottleneck

Common performance issues:

Symptom Diagnostic Command Possible Cause Solution
High CPU usage top, ps aux --sort=-%cpu Buggy code, infinite loop, high traffic Optimize code, scale horizontally, kill runaway process
High memory usage free -h, ps aux --sort=-%mem Memory leak, insufficient RAM, too many processes Restart service, add RAM, optimize memory usage
High I/O wait iostat -x 1, iotop Slow disk, heavy database queries, logging Use SSD, optimize queries, move logs to separate disk
High load average uptime, top Too many processes, CPU saturation Reduce concurrency, add more CPUs, optimize code
Swap thrashing vmstat 1, free -h Insufficient RAM Add more RAM, reduce memory usage, adjust swappiness

Automated monitoring script:

#!/bin/bash # performance-monitor.sh echo "=== SYSTEM PERFORMANCE SNAPSHOT $(date) ===" echo "" echo "1. UPTIME AND LOAD:" uptime echo "" echo "2. CPU USAGE:" top -bn1 | grep "Cpu(s)" echo "" echo "3. MEMORY USAGE:" free -h echo "" echo "4. TOP 5 PROCESSES BY CPU:" ps aux --sort=-%cpu | head -6 echo "" echo "5. TOP 5 PROCESSES BY MEMORY:" ps aux --sort=-%mem | head -6 echo "" echo "6. DISK USAGE:" df -h | grep -E "^/dev" echo "" echo "7. I/O STATISTICS:" iostat -x 1 1 | tail -n +4 echo "" echo "8. NETWORK CONNECTIONS:" ss -s | head -5

When to Use Which Tool:

  • Quick check: top or htop
  • Detailed analysis: vmstat, mpstat, iostat
  • Historical data: sar (requires sysstat configured)
  • Interactive monitoring: glances or nmon
  • Process-specific: /proc/[pid]/ files
  • Production monitoring: Prometheus + Grafana

Q: How to kill a process that's not responding?

Process

Direct Answer:

Step-by-step process termination:

# 1. Identify the process ps aux | grep process_name ps aux | grep -i "hang\|not responding" # Or find by port sudo ss -tulpn | grep :8080 # 2. Try graceful termination (SIGTERM - signal 15) kill 1234 # Default is SIGTERM kill -15 1234 # Explicit SIGTERM kill -TERM 1234 # Signal name # 3. Check if process terminated ps -p 1234 # or kill -0 1234 2>/dev/null && echo "Still running" || echo "Terminated" # 4. If still running, try stronger signal (SIGKILL - signal 9) kill -9 1234 # SIGKILL - cannot be caught or ignored kill -KILL 1234 # Signal name # 5. Kill by process name pkill process_name pkill -9 process_name # Force kill pkill -f "pattern" # Match full command line # 6. Kill all processes by name killall process_name killall -9 process_name # 7. Kill process tree (parent and children) pkill -TERM -P 1234 # Kill children of PID 1234 # 8. Force kill zombie process (if parent won't reap) # Zombies can't be killed, need to kill parent ps aux | grep defunct # Find zombies kill -9 parent_pid # Kill parent process

Advanced scenarios:

๐ŸŽฏ ADVANCED PROCESS KILLING SCENARIOS ======================================= SCENARIO 1: Process ignoring SIGTERM ------------------------------------- # Some processes catch and ignore SIGTERM # Try SIGQUIT (3) first for core dump kill -3 1234 # Then SIGKILL (9) if still running kill -9 1234 SCENARIO 2: Process in uninterruptible sleep (D state) ------------------------------------------------------ # D state processes can't be killed # Check with: ps aux | awk '$8=="D"' # Usually waiting for I/O # Solution: Fix underlying I/O issue or reboot SCENARIO 3: Too many processes (fork bomb) ------------------------------------------ # Use exec ulimit to prevent ulimit -u # Check max user processes # Kill all except critical pkill -9 -u username # Kill all user processes # Or use skill (if available) skill -KILL -u username SCENARIO 4: Process holding file lock ------------------------------------- # Find which process holds file lock sudo lsof /path/to/locked/file # Kill that process sudo kill -9 $(sudo lsof -t /path/to/locked/file) SCENARIO 5: Docker container process ------------------------------------ # Find container docker ps | grep process_name # Kill container docker kill container_name # Or exec into container and kill process docker exec container_name pkill process_name

Signal reference:

Signal Number Effect When to Use
SIGTERM 15 Graceful termination First attempt, allows cleanup
SIGKILL 9 Forceful termination Process ignoring SIGTERM
SIGINT 2 Interrupt (Ctrl+C) Interactive programs
SIGQUIT 3 Quit with core dump Debugging hung processes
SIGHUP 1 Hangup, reload config Daemon configuration reload
SIGSTOP 19 Pause execution Temporarily stop process
SIGCONT 18 Continue execution Resume stopped process

Prevention and best practices:

# 1. Set process limits to prevent fork bombs ulimit -u 1000 # Max user processes ulimit -n 1024 # Max open files # 2. Use systemd to manage services (auto-restart) sudo systemctl stop service_name sudo systemctl kill -s SIGKILL service_name # 3. Write scripts with proper signal handling trap "cleanup_function" EXIT TERM INT # 4. Monitor for zombie processes #!/bin/bash # zombie-monitor.sh while true; do zombies=$(ps aux | grep -c defunct) if [ $zombies -gt 5 ]; then echo "Warning: $zombies zombie processes found" # Log or alert fi sleep 60 done # 5. Use timeout for long-running commands timeout 30s long_running_command timeout -s SIGKILL 60s hanging_command

Important Notes:

  • Always try SIGTERM first before SIGKILL to allow graceful shutdown
  • Zombie processes can't be killed - you must kill their parent
  • D state processes (uninterruptible sleep) require fixing the underlying I/O issue
  • Use kill -0 to check if process exists without sending signal
  • Consider using timeout command to prevent processes from hanging indefinitely

3. Filesystem Operations & Permissions

Essential filesystem operations, permission management, and troubleshooting file-related issues.

Q: How to change file permissions and ownership?

Security

Direct Answer:

Changing permissions (chmod):

# Symbolic notation (u=user, g=group, o=others, a=all) chmod u+rwx file.txt # Add read, write, execute for user chmod g+rx file.txt # Add read, execute for group chmod o-rwx file.txt # Remove all permissions for others chmod a+x file.txt # Add execute for everyone chmod go-w file.txt # Remove write for group and others # Octal notation (4=read, 2=write, 1=execute) chmod 755 file.txt # rwxr-xr-x chmod 644 file.txt # rw-r--r-- chmod 600 file.txt # rw------- chmod 777 file.txt # rwxrwxrwx (NOT RECOMMENDED for security) # Special permissions chmod u+s file.txt # SetUID - execute with owner's privileges chmod g+s directory/ # SetGID - new files inherit group chmod +t directory/ # Sticky bit - only owner can delete # Recursive permission changes chmod -R 755 directory/ chmod -R u+rwX,g+rX,o+rX directory/ # X adds execute only for directories

Changing ownership (chown):

# Change both user and group chown user:group file.txt chown username:groupname file.txt # Change user only chown username file.txt # Change group only chown :groupname file.txt # OR use chgrp chgrp groupname file.txt # Recursive ownership changes chown -R user:group directory/ # Reference another file's ownership chown --reference=source.txt target.txt # Change ownership with numeric UID/GID chown 1000:1001 file.txt

Understanding permission notation:

๐Ÿ” PERMISSION NOTATION EXPLAINED ================================== Symbolic: -rwxr-xr-- Position: 123456789 Breakdown: 1: File type (- = regular file, d = directory, l = symlink) 2-4: User (owner) permissions 5-7: Group permissions 8-10: Other (world) permissions Permission letters: r = read (4) w = write (2) x = execute (1) - = no permission (0) Octal calculation: rwx = 4+2+1 = 7 rw- = 4+2+0 = 6 r-x = 4+0+1 = 5 r-- = 4+0+0 = 4 --- = 0+0+0 = 0 Examples: -rwxr-xr-- = 754 drwxr-xr-x = 755 -rw-r----- = 640 lrwxrwxrwx = 777 (symlinks show all permissions)

Common permission scenarios:

# SCENARIO 1: Web server permissions # Nginx/Apache runs as www-data user chown -R www-data:www-data /var/www/html chmod -R 755 /var/www/html # Directories: rwxr-xr-x find /var/www/html -type f -exec chmod 644 {} \; # Files: rw-r--r-- # SCENARIO 2: Secure configuration files chmod 600 /etc/secret.conf # Only owner can read/write chmod 640 /etc/database.conf # Owner: rw, Group: r # SCENARIO 3: Shared directory for team mkdir /shared chown :developers /shared chmod 2775 /shared # SetGID for group inheritance # New files will have developers group # SCENARIO 4: User home directory chmod 700 /home/username # Only user can access # This is default for home directories # SCENARIO 5: Log files chmod 640 /var/log/app.log # Owner: rw, Group: r # Logs should not be world-readable if they contain sensitive data # SCENARIO 6: SetUID programs (use with caution!) chmod u+s /usr/bin/passwd # Allows users to change password ls -l /usr/bin/passwd # Shows -rwsr-xr-x

Default permissions with umask:

# View current umask umask # Numeric: 0022 umask -S # Symbolic: u=rwx,g=rx,o=rx # Set umask (affects new file/directory creation) umask 022 # Default: files 644, directories 755 umask 027 # More secure: files 640, directories 750 umask 077 # Very secure: files 600, directories 700 # How umask works: # For files: 666 - umask # For directories: 777 - umask # Example: umask 022 # Files: 666 - 022 = 644 (rw-r--r--) # Directories: 777 - 022 = 755 (rwxr-xr-x) # Set umask in shell profile (~/.bashrc) echo "umask 022" >> ~/.bashrc source ~/.bashrc

Advanced: ACLs (Access Control Lists):

# Install ACL support sudo apt install acl # Debian/Ubuntu sudo yum install acl # RHEL/CentOS # Set ACL for specific user setfacl -m u:username:rwx file.txt setfacl -m g:groupname:rx file.txt # Set default ACL for directory (inherited by new files) setfacl -d -m u:username:rwx directory/ # Remove specific ACL entry setfacl -x u:username file.txt # Remove all ACL entries setfacl -b file.txt # View ACLs getfacl file.txt # Output shows traditional permissions + ACL entries # Copy ACL from one file to another getfacl file1.txt | setfacl --set-file=- file2.txt

Permission troubleshooting:

Error Check Command Solution
"Permission denied" ls -la file.txt chmod +x file.txt or chown user file.txt
Can't delete file ls -ld directory/ Need write permission on directory, not file
Can't cd into directory ls -ld directory/ Need execute permission on directory
Web server can't read file ls -la /var/www/html/ Files need to be readable by www-data user or world-readable
Script won't execute ls -la script.sh
cat script.sh | head -1		 Need execute permission and correct shebang (#!) line

Security Best Practices:

  • Principle of Least Privilege: Give minimum permissions needed
  • Use groups instead of world permissions: Better security control
  • Avoid 777 permissions: Never use unless absolutely necessary
  • Limit SetUID programs: Only essential system binaries should have this
  • Regular permission audits: Find world-writable files with find / -perm -0002 -type f 2>/dev/null
  • Use ACLs for complex permission needs: Instead of creating multiple groups
  • Secure umask: Use 027 or 077 for sensitive environments

Q: How to find and delete files older than X days?

Filesystem

Direct Answer:

Find files older than X days:

# Basic syntax: find [path] -type f -mtime +[days] [action] # 1. Find files older than 30 days find /path/to/search -type f -mtime +30 # 2. Find and list with details find /path -type f -mtime +30 -ls # 3. Find and display human-readable find /path -type f -mtime +30 -exec ls -lh {} \; # 4. Find files modified in last 7 days (negative number) find /path -type f -mtime -7 # 5. Find files between 7 and 30 days old find /path -type f -mtime +7 -mtime -30 # Different time options: # -mtime: Modification time (content changed) # -atime: Access time (last read) # -ctime: Status change time (permissions/ownership changed) # -amin, -cmin, -mmin: Minutes instead of days

Delete files older than X days:

# WARNING: Test with -ls or -print first before deleting! # 1. Safe approach - print first, then delete find /tmp -type f -mtime +30 -print # Review list first find /tmp -type f -mtime +30 -delete # Then delete # 2. Delete files older than 30 days find /var/log -type f -mtime +30 -delete # 3. Delete with confirmation (-ok instead of -exec) find /tmp -type f -mtime +30 -ok rm {} \; # Prompts for each file: "rm file.txt ?" # 4. Delete and log what was deleted find /tmp -type f -mtime +30 -delete -print | tee /var/log/deleted_files.log # 5. Delete based on access time (not modification) find /path -type f -atime +90 -delete # Not accessed in 90 days # 6. Delete empty directories older than X days find /path -type d -empty -mtime +60 -delete

Practical cleanup scenarios:

๐Ÿงน PRACTICAL CLEANUP SCENARIOS ================================== SCENARIO 1: Log file cleanup ----------------------------- # Delete old log files but keep current month find /var/log -name "*.log" -mtime +30 -delete # Compress logs older than 7 days instead of deleting find /var/log -name "*.log" -mtime +7 -exec gzip {} \; # Rotate: Delete logs older than 90 days find /var/log -name "*.log.*" -mtime +90 -delete SCENARIO 2: /tmp cleanup ------------------------ # Delete files older than 7 days in /tmp find /tmp -type f -atime +7 -delete # Delete empty directories older than 3 days find /tmp -type d -empty -mtime +3 -delete # Important: Don't delete socket files or active temp files find /tmp -type f ! -name "*.sock" -atime +7 -delete SCENARIO 3: User home directory cleanup --------------------------------------- # Find large old files in home directories find /home -type f -size +100M -mtime +180 -exec ls -lh {} \; # Clean up downloads older than 90 days find /home/*/Downloads -type f -mtime +90 -delete SCENARIO 4: Docker cleanup -------------------------- # Remove unused Docker containers, images, volumes docker system prune -a --volumes # Remove Docker images older than 30 days docker image prune -a --filter "until=720h" SCENARIO 5: Backup rotation --------------------------- # Keep backups for different time periods # Daily: 7 days, Weekly: 4 weeks, Monthly: 12 months find /backups/daily -type f -mtime +7 -delete find /backups/weekly -type f -mtime +28 -delete find /backups/monthly -type f -mtime +365 -delete

Advanced find operations:

# 1. Find by size and age find /path -type f -size +100M -mtime +30 # Large old files # 2. Find by name pattern and age find /var/log -name "access*.log" -mtime +7 # 3. Find and execute multiple actions find /tmp -type f -mtime +30 -exec ls -lh {} \; -exec rm {} \; # 4. Find and move instead of delete find /path -type f -mtime +90 -exec mv {} /archive/ \; # 5. Find with xargs (more efficient for many files) find /path -type f -mtime +30 -print0 | xargs -0 rm # 6. Find and calculate total size find /path -type f -mtime +30 -exec du -ch {} + | tail -1 # 7. Exclude certain directories find /path -type f -mtime +30 ! -path "*/node_modules/*" ! -path "*/vendor/*" # 8. Find files owned by specific user find /path -type f -user username -mtime +30 -delete # 9. Find files with specific permissions find /path -type f -perm 777 -mtime +7 # World-writable files # 10. Find and email report find /path -type f -mtime +30 -exec ls -lh {} \; | mail -s "Old files report" admin@example.com

Cron jobs for automated cleanup:

# Add to crontab for automated cleanup crontab -e # Daily cleanup at 2 AM 0 2 * * * find /tmp -type f -atime +7 -delete 0 2 * * * find /var/log -name "*.log" -mtime +30 -delete # Weekly cleanup on Sunday at 3 AM 0 3 * * 0 find /home/*/Downloads -type f -mtime +90 -delete # Monthly cleanup on 1st at 4 AM 0 4 1 * * find /backups -type f -mtime +365 -delete # With logging 0 2 * * * find /tmp -type f -atime +7 -delete >> /var/log/cleanup.log 2>&1 # Safety: Test command first, then implement # Use -print before -delete to verify

Safety precautions:

Precaution Command Purpose
Test first find ... -print or -ls See what will be deleted before deleting
Use -ok instead of -exec find ... -ok rm {} \; Prompt for confirmation on each file
Exclude important files ! -name "*.sock" ! -name "*.pid" Don't delete socket or PID files
Limit scope -maxdepth 2 Don't recurse too deeply
Log actions ... -delete -print | tee logfile Keep record of what was deleted

Critical Safety Tips:

  • ALWAYS test with -print or -ls before using -delete
  • Be careful with wildcards: find / -type f -mtime +30 searches entire filesystem!
  • Don't delete files in use: Check with lsof if unsure
  • Consider archiving instead of deleting: Use tar or gzip
  • Set up proper backups before running bulk deletions
  • Use filesystem snapshots if available for easy recovery

4. Networking & Connectivity

Essential networking commands, troubleshooting connectivity issues, and network configuration.

Q: How to check network connectivity and diagnose issues?

Networking

Direct Answer:

Step-by-step network troubleshooting:

# ============================================ # STEP 1: Check local network interface # ============================================ ip addr show # or ifconfig # Older, but widely known # Check specific interface ip addr show eth0 ip link show eth0 # Link status # ============================================ # STEP 2: Check routing table # ============================================ ip route show # or route -n netstat -rn # Alternative # Check default gateway ip route | grep default # ============================================ # STEP 3: Check local connectivity (ping) # ============================================ # Ping localhost (tests TCP/IP stack) ping -c 4 127.0.0.1 # Ping gateway ping -c 4 192.168.1.1 # Replace with your gateway # Ping external IP (bypasses DNS) ping -c 4 8.8.8.8 # ============================================ # STEP 4: Check DNS resolution # ============================================ # Test DNS resolution nslookup google.com dig google.com host google.com # Test with specific DNS server dig @8.8.8.8 google.com nslookup google.com 8.8.8.8 # Check DNS configuration cat /etc/resolv.conf # ============================================ # STEP 5: Check port connectivity # ============================================ # Test TCP connection telnet google.com 80 # or (if telnet not available) nc -zv google.com 80 timeout 5 bash -c "

Common network issues and solutions:

๐Ÿ”ง NETWORK TROUBLESHOOTING SCENARIOS ======================================= SCENARIO 1: "Network is unreachable" ------------------------------------- # Check interface status ip link show eth0 # If DOWN, bring it up sudo ip link set eth0 up # Check IP address assignment ip addr show eth0 # If no IP, check DHCP or set static sudo dhclient eth0 # Request DHCP SCENARIO 2: Can ping IP but not hostname ----------------------------------------- # DNS issue cat /etc/resolv.conf # Check DNS servers ping 8.8.8.8 # Test DNS server connectivity dig @8.8.8.8 google.com # Test DNS resolution # Fix: Update /etc/resolv.conf echo "nameserver 8.8.8.8" | sudo tee /etc/resolv.conf SCENARIO 3: High latency/packet loss ------------------------------------- # Test with different packet sizes ping -c 10 -s 1472 8.8.8.8 # Test MTU issues # Use mtr for continuous analysis mtr --report 8.8.8.8 # Check for network congestion sar -n DEV 1 # Network interface statistics SCENARIO 4: Port connection refused ----------------------------------- # Check if service is listening sudo ss -tulpn | grep :80 # Check firewall sudo iptables -L -n | grep 80 # Check if service is running sudo systemctl status nginx SCENARIO 5: Slow network transfer --------------------------------- # Check bandwidth speedtest-cli # Requires installation # Check interface errors ip -s link show eth0 | grep errors # Check for duplex mismatches ethtool eth0 | grep -i speed SCENARIO 6: SSH connection issues --------------------------------- # Check SSH service sudo systemctl status sshd # Check SSH listening port sudo ss -tulpn | grep :22 # Check firewall for port 22 sudo iptables -L -n | grep 22 # Debug SSH connection ssh -vvv user@hostname # Verbose output

Network diagnostic script:

#!/bin/bash # network-diagnostic.sh echo "=== NETWORK DIAGNOSTIC REPORT $(date) ===" echo "" echo "1. NETWORK INTERFACES:" ip addr show echo "" echo "2. ROUTING TABLE:" ip route show echo "" echo "3. DNS CONFIGURATION:" cat /etc/resolv.conf echo "" echo "4. CONNECTIVITY TESTS:" echo " - Localhost: $(ping -c 1 127.0.0.1 >/dev/null && echo 'โœ“' || echo 'โœ—')" echo " - Gateway: $(ping -c 1 $(ip route | grep default | awk '{print $3}') >/dev/null 2>&1 && echo 'โœ“' || echo 'โœ—')" echo " - Google DNS: $(ping -c 1 8.8.8.8 >/dev/null 2>&1 && echo 'โœ“' || echo 'โœ—')" echo " - DNS Resolution: $(dig +short google.com >/dev/null 2>&1 && echo 'โœ“' || echo 'โœ—')" echo "" echo "5. LISTENING PORTS:" sudo ss -tulpn | head -20 echo "" echo "6. ACTIVE CONNECTIONS:" ss -tun | head -10 echo "" echo "7. FIREWALL STATUS:" sudo iptables -L -n --line-numbers 2>/dev/null | head -20 || echo "iptables not available" echo "" echo "8. NETWORK STATISTICS:" ip -s link | head -20 echo "" echo "9. TRACEROUTE TO GOOGLE (first 5 hops):" traceroute -m 5 8.8.8.8 2>/dev/null | head -10 || echo "traceroute not available" echo "" echo "=== END OF REPORT ==="

Essential networking commands reference:

Task Command Purpose
Interface configuration ip addr, ip link, ip route Modern interface management
Basic connectivity ping, traceroute, mtr Test reachability and path
DNS resolution dig, nslookup, host DNS troubleshooting
Port checking telnet, nc, ss, netstat Check open/listening ports
Firewall iptables, firewall-cmd, ufw Firewall configuration
Packet analysis tcpdump, wireshark Deep packet inspection
Bandwidth testing iperf, speedtest-cli Network performance testing
Network debugging ss, netstat, sar -n Statistics and monitoring

Network Layers Troubleshooting:

OSI Model troubleshooting approach:

  1. Physical Layer (Layer 1):
    • Check cables, lights on network interface
    • Command: ip link show, ethtool eth0
  2. Data Link Layer (Layer 2):
    • Check MAC address, VLANs, switches
    • Command: arp -a, ip neigh
  3. Network Layer (Layer 3):
    • Check IP addresses, routing, ICMP
    • Command: ip addr, ip route, ping
  4. Transport Layer (Layer 4):
    • Check TCP/UDP ports, connections
    • Command: ss, netstat, telnet
  5. Application Layer (Layer 7):
    • Check DNS, HTTP, specific protocols
    • Command: dig, curl, nslookup

Quick Command Reference

Most Frequently Used Commands

Category Command Purpose Example
Files ls List directory contents ls -la
Files find Search for files find / -name "*.log"
Files grep Search text grep -r "error" /var/log
Process ps Process status ps aux | grep nginx
Process kill Terminate process kill -9 1234
System top Process viewer top
System df Disk free space df -h
System du Disk usage du -sh /var
Network ping Test connectivity ping 8.8.8.8
Network netstat/ss Network statistics ss -tulpn
Network curl HTTP requests curl -I http://example.com
Users who Logged in users who
Users sudo Execute as root sudo apt update
Text cat Display file cat file.txt
Text tail End of file tail -f log.txt
Text vi/nano Text editors vi file.txt

DevOps-Specific Commands

Tool Command Purpose Example
Docker docker ps List containers docker ps -a
Docker docker logs Container logs docker logs -f container
Docker docker exec Execute in container docker exec -it bash
Kubernetes kubectl get pods List pods kubectl get pods -A
Kubernetes kubectl logs Pod logs kubectl logs pod-name
Kubernetes kubectl describe Resource details kubectl describe pod
Terraform terraform init Initialize terraform init
Terraform terraform plan Show changes terraform plan
Terraform terraform apply Apply changes terraform apply -auto-approve
Ansible ansible-playbook Run playbook ansible-playbook site.yml
Git git status Check status git status
Git git log Show history git log --oneline
Git git diff Show changes git diff HEAD~1
AWS CLI aws s3 ls List S3 buckets aws s3 ls
AWS CLI aws ec2 describe EC2 instances aws ec2 describe-instances

Common Interview Questions Quick Answers

Q: How to check running processes?
ps aux or top or htop

Q: How to find a file?
find /path -name "filename" or locate filename

Q: How to check disk space?
df -h for free space, du -sh /path for directory usage

Q: How to check memory usage?
free -h or top (press 'M' to sort by memory)

Q: How to check network connections?
ss -tulpn or netstat -tulpn

Q: How to search in files?
grep "pattern" file.txt or grep -r "pattern" /path

Q: How to view logs?
tail -f /var/log/syslog or journalctl -f

Q: How to kill a process?
kill PID (SIGTERM) or kill -9 PID (SIGKILL)

Q: How to check service status?
systemctl status servicename

Q: How to check listening ports?
ss -tulpn | grep LISTEN

Q: How to check CPU info?
lscpu or cat /proc/cpuinfo

Q: How to check kernel version?
uname -r or cat /proc/version

Q: How to check OS version?
cat /etc/os-release or lsb_release -a

Q: How to add user?
useradd username and passwd username

Q: How to schedule a task?
crontab -e to edit cron jobs

Q: How to archive files?
tar -czvf archive.tar.gz /path

Q: How to check file permissions?
ls -la file.txt

Q: How to change permissions?
chmod 755 file.txt or chmod u+rwx file.txt

Q: How to change ownership?
chown user:group file.txt