document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2025-01-25 23:11:02 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #16652 from wxy/20190725-24-sysadmin-job-interview-questions-you-should-know

Browse Source 
TSL:20190725 24 sysadmin job interview questions you should know
This commit is contained in:
Xingyu.Wang 2019-12-13 09:47:52 +08:00 committed by GitHub
commit d907af0103
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 236 additions and 292 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

292
sources/tech/20190725 24 sysadmin job interview questions you should know.md
View File

@ -1,292 +0,0 @@
[#]: collector: (lujun9972)
[#]: translator: (wxy)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (24 sysadmin job interview questions you should know)
[#]: via: (https://opensource.com/article/19/7/sysadmin-job-interview-questions)
[#]: author: (DirectedSoul https://opensource.com/users/directedsoul)
24 sysadmin job interview questions you should know
======
Have a sysadmin job interview coming up? Read this article for some
questions you might encounter and possible answers.
![Question and answer.][1]
As a geek who always played with computers, a career after my masters in IT was a natural choice. So, I decided the sysadmin path was the right one. In the process of my career, I have grown quite familiar with the job interview process. Here is a look at what to expect, the general career path, and a set of common questions and my answers to them.
### Typical sysadmin tasks and duties
Organizations need someone who understands the basics of how a system works so that they can keep their data safe, and keep their services running smoothly. You might ask: "Wait, isnt there more that a sysadmin can do?"
You are right. Now, in general, lets look at what might be a typical sysadmins day-to-day tasks. Depending on their companys needs and the persons skill level, a sysadmins tasks vary from managing desktops, laptops, networks, and servers, to designing the organizations IT policies. Sometimes sysadmins are even in charge of purchasing and placing orders for new IT equipment.
Those seeking system administration as their career paths might find it difficult to keep their skills and knowledge up to date, as rapid changes in the IT field are inevitable. The next natural question that arises out of anyones mind is how IT professionals keep up with the latest updates and skills.
### Low difficulty questions
Here are some of the more basic questions you will encounter, and my answers:
1. What are the first five commands you type on a *nix server after login?
> * **lsblk** to see information on all block devices
> * **who** to see who is logged into the server
> * **top** to get a sense of what is running on the server
> * **df -khT** to view the amount of disk space available on the server
> * **netstat** to see what TCP network connections are active
>
2. How do you make a process run in the background, and what are the advantages of doing so?
> You can make a process run in the background by adding the special character **&** at the end of the command. Generally, applications that take too long to execute, and dont require user interaction are sent to the background so that we can continue our work in the terminal. ([Citation][2])
3. Is running these commands as root a good or bad idea?
> Running (everything) as root is bad due to two major issues. The first is _risk_. Nothing prevents you from making a careless mistake when you are logged in as **root**. If you try to change the system in a potentially harmful way, you need to use **sudo**, which introduces a pause (while youre entering the password) to ensure that you arent about to make a mistake.
>
> The second reason is _security_. Systems are harder to hack if you dont know the admin users login information. Having access to root means you already have one half of the working set of admin credentials.
4. What is the difference between **rm** and **rm -rf**?
> The **rm** command by itself only deletes the named files (and not directories). With **-rf** you add two additional features: The **-r**, **-R**, or --**recursive** flag recursively deletes the directorys contents, including hidden files and subdirectories, and the **-f**, or --**force**, flag makes **rm** ignore nonexistent files, and never prompt for confirmation.
5. **Compress.tgz** has a file size of approximately 15GB. How can you list its contents, and how do you list them only for a specific file?
> To list the files contents:
>
> **tar tf archive.tgz**
>
> To extract a specific file:
>
> **tar xf archive.tgz filename**
### Medium difficulty questions
Here are some harder questions you might encounter, and my answers:
6. What is RAID? What is RAID 0, RAID 1, RAID 5, RAID 6, and RAID 10?
> A RAID (Redundant Array of Inexpensive Disks) is a technology used to increase the performance and/or reliability of data storage. The RAID levels are:
>
> * RAID 0: Also known as disk striping, which is a technique that breaks up a file, and spreads the data across all of the disk drives in a RAID group. There are no safeguards against failure. ([Citation][3])
> * RAID 1: A popular disk subsystem that increases safety by writing the same data on two drives. Called _mirroring_, RAID1 does not increase write performance, but read performance may increase up to the sum of each disks performance. Also, if one drive fails, the second drive is used, and the failed drive is manually replaced. After replacement, the RAID controller duplicates the contents of the working drive onto the new one.
> * RAID 5: A disk subsystem that increases safety by computing parity data and increasing speed. RAID 5 does this by interleaving data across three or more drives (striping). Upon failure of a single drive, subsequent reads can be calculated from the distributed parity such that no data is lost.
> * RAID 6: Which extends RAID 5 by adding another parity block. This level requires a minimum of four disks, and can continue to execute read/write with any two concurrent disk failures. RAID 6 does not have a performance penalty for reading operations, but it does have a performance penalty on write operations because of the overhead associated with parity calculations.
> * RAID 10: Also known as RAID 1+0, RAID 10 combines disk mirroring and disk striping to protect data. It requires a minimum of four disks, and stripes data across mirrored pairs. As long as one disk in each mirrored pair is functional, data can be retrieved. If two disks in the same mirrored pair fail, all data will be lost because there is no parity in the striped sets. ([Citation][4])
>
7. Which port is used for the **ping** command?
> The **ping** command uses ICMP. Specifically, it uses ICMP echo requests and ICMP echo reply packets.
>
> ICMP does not use either UDP or TCP communication services: Instead, it uses raw IP communication services. This means that the ICMP message is carried directly in an IP datagram data field.
8. What is the difference between a router and a gateway? What is the default gateway?
> _Router_ describes the general technical function (layer 3 forwarding), or a hardware device intended for that purpose, while _gateway_ describes the function for the local segment (providing connectivity to elsewhere). You could also state that you "set up a router as a gateway." Another term is _hop_, which describes forwarding between subnets.
>
> The term _default gateway_ is used to mean the router on your LAN, which has the responsibility of being the first point of contact for traffic to computers outside the LAN.
9. Explain the boot process for Linux.
> BIOS -> Master Boot Record (MBR) -> GRUB -> the kernel -> init -> runlevel
10. How do you check the error messages while the server is booting up?
> Kernel messages are always stored in the kmsg buffer, visible via the **dmesg** command.
>
> Boot issues and errors call for a system administrator to look into certain important files, in conjunction with particular commands, which are each handled differently by different versions of Linux:
>
> * **/var/log/boot.log** is the system boot log, which contains all that unfolded during the system boot.
> * **/var/log/messages** stores global system messages, including the messages logged during system boot.
> * **/var/log/dmesg** contains kernel ring buffer information.
>
11. What is the difference between a symbolic link and a hard link?
> A _symbolic_ or _soft link_ is an actual link to the original file, whereas a _hard link_ is a mirror copy of the original file. If you delete the original file, the soft link has no value, because it then points to a non-existent file. In the case of a hard link, it is entirely the opposite. If you delete the original file, the hard link still contains the data from the original file. ([Citation][5])
12. How do you change kernel parameters? What kernel options might you need to tune?
> To set the kernel parameters in Unix-like systems, first edit the file **/etc/sysctl.conf**. After making the changes, save the file and run the **sysctl -p** command. This command makes the changes permanent without rebooting the machine
13. Explain the **/proc** filesystem.
> The **/proc** filesystem is virtual, and provides detailed information about the kernel, hardware, and running processes. Since **/proc** contains virtual files, it is called the _virtual file system_. These virtual files have unique qualities. Most of them are listed as zero bytes in size.
>
> Virtual files such as **/proc/interrupts**, **/proc/meminfo**, **/proc/mounts** and **/proc/partitions** provide an up-to-the-moment glimpse of the systems hardware. Others, such as **/proc/filesystems** and the **/proc/sys** directory provide system configuration information and interfaces.
14. How do you run a script as another user without their password?
> For example, if you were editing the sudoers file (such as **/private/etc/sudoers**), you might use **visudo** to add the following:
>
> [**user1 ALL=(user2) NOPASSWD: /opt/scripts/bin/generate.sh**][2]
15. What is the UID 0 toor account? Have you been compromised?
> The toor user is an alternative superuser account, where toor is root spelled backward. It is intended to be used with a non-standard shell, so the default shell for root does not need to change.
>
> This purpose is important. Shells which are not part of the base distribution, but are instead installed from ports or packages, are installed in **/usr/local/bin**; which, by default, resides on a different file system. If roots shell is located in **/usr/local/bin** and the file system containing **/usr/local/bin** is not mounted, root could not log in to fix a problem, and the sysadmin would have to reboot into single-user mode to enter the shells path.
### Advanced questions
Here are the even more difficult questions you may encounter:
16. How does **tracert** work and what protocol does it use?
> The command **tracert**—or **traceroute** depending on the operating system—allows you to see exactly what routers you touch as you move through the chain of connections to your final destination. If you end up with a problem where you cant connect to or **ping** your final destination, a **tracert** can help in that you can tell exactly where the chain of connections stops. ([Citation][6])
>
> With this information, you can contact the correct people; whether it be your own firewall, your ISP, your destinations ISP, or somewhere in the middle. The **tracert** command—like **ping**—uses the ICMP protocol, but also can use the first step of the TCP three-way handshake to send SYN requests for a response.
17. What is the main advantage of using **chroot**? When and why do we use it? What is the purpose of the **mount /dev**, **mount /proc**, and **mount /sys** commands in a **chroot** environment? 
> An advantage of having a **chroot** environment is that the filesystem is isolated from the physical host, since **chroot** has a separate filesystem inside your filesystem. The difference is that **chroot** uses a newly created root (**/**) as its root directory.
>
> A **chroot** jail lets you isolate a process and its children from the rest of the system. It should only be used for processes that dont run as **root**, as **root** users can break out of the jail easily.
>
> The idea is that you create a directory tree where you copy or link in all of the system files needed for the process to run. You then use the **chroot()** system call to tell it the root directory now exists at the base of this new tree, and then start the process running in that **chroot**d environment. Since the command then cant reference paths outside the modified root directory, it cant perform operations (read, write, etc.) maliciously on those locations. ([Citation][7])
18. How do you protect your system from getting hacked?
> By following the principle of least privileges and these practices:
>
> * Encrypt with public keys, which provides excellent security.
> * Enforce password complexity.
> * Understand why you are making exceptions to the rules above.
> * Review your exceptions regularly.
> * Hold someone to account for failure. (It keeps you on your toes.) ([Citation][8])
>
19. What is LVM, and what are the advantages of using it?
> LVM, or Logical Volume Management, uses a storage device management technology that gives users the power to pool and abstract the physical layout of component storage devices for easier and flexible administration. Using the device mapper Linux kernel framework, the current iteration (LVM2) can be used to gather existing storage devices into groups and allocate logical units from the combined space as needed.
20. What are sticky ports?
> Sticky ports are one of the network administrators best friends and worst headaches. They allow you to set up your network so that each port on a switch only permits one (or a number that you specify) computer to connect on that port, by locking it to a particular MAC address.
21. Explain port forwarding?
> When trying to communicate with systems on the inside of a secured network, it can be very difficult to do so from the outside—and with good reason. Therefore, the use of a port forwarding table within the router itself, or other connection management device, can allow specific traffic to automatically forward to a particular destination. For example, if you had a web server running on your network and you wanted to grant access to it from the outside, you would set up port forwarding to port 80 on the server in question. This would mean that anyone entering your IP address in a web browser would connect to the servers website immediately.
>
> Please note, it is usually not recommended to allow access to a server from the outside directly into your network.
22. What is a false positive and false negative in the case of IDS?
> When the Intrusion Detection System (IDS) device generates an alert for an intrusion which has actually not happened, this is false positive. If the device has not generated any alert and the intrusion has actually happened, this is the case of a false negative.
23. Explain **:(){ :|:& };:** and how to stop this code if you are already logged into the system?
> This is a fork bomb. It breaks down as follows:
>
> * **:()** defines the function, with **:** as the function name, and the empty parenthesis shows that it will not accept any arguments.
> * **{ }** shows the beginning and end of the function definition.
> * **:|:** loads a copy of the function **:** into memory, and pipes its output to another copy of the **:** function, which also has to be loaded into memory.
> * **&** makes the previous item a background process, so that the child processes will not get killed even though the parent gets auto-killed.
> * **:** at the end executes the function again, and hence the chain reaction begins.
>
>
> The best way to protect a multi-user system is to use Privileged Access Management (PAM) to limit the number of processes a user can use.
>
> The biggest problem with a fork bomb is the fact it takes up so many processes. So, we have two ways of attempting to fix this if you are already logged into the system. One option is to execute a SIGSTOP command to stop the process, such as:
>
> **killall -STOP -u user1**
>
> If you cant use the command line due to all processes being used, you will have to use **exec** to force it to run:
>
> **exec killall -STOP -u user1**
>
> With fork bombs, your best option is preventing them from becoming too big of an issue in the first place
24. What is OOM killer and how does it decide which process to kill first?
> If memory is exhaustively used up by processes to the extent that possibly threatens the systems stability, then the out of memory (OOM) killer comes into the picture.
>
> An OOM killer first has to select the best process(es) to kill. _Best_ here refers to the process which will free up the maximum memory upon being killed, and is also the least important to the system. The primary goal is to kill the least number of processes to minimize the damage done, and at the same time maximize the amount of memory freed.
>
> To facilitate this goal, the kernel maintains an oom_score for each of the processes. You can see the oom_score of each of the processes in the **/proc** filesystem under the **pid** directory:
>
> **$ cat /proc/10292/oom_score**
>
> The higher the value of oom_score for any process, the higher its likelihood is of being killed by the OOM Killer in an out-of-memory situation. ([Citation][9])
### Conclusion
System administration salaries have a [wide range][10] with some sites mentioning $70,000 to $100,000 a year, depending on the location, the size of the organization, and your education level plus years of experience. In the end, the system administration career path boils down to your interest in working with servers and solving cool problems. Now, I would say go ahead and achieve your dream path.
--------------------------------------------------------------------------------
via: https://opensource.com/article/19/7/sysadmin-job-interview-questions
作者:[DirectedSoul][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/directedsoul
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/OSDC_HowToFish_520x292.png?itok=DHbdxv6H (Question and answer.)
[2]: https://github.com/trimstray/test-your-sysadmin-skills
[3]: https://www.waytoeasylearn.com/2016/05/netapp-filer-tutorial.html
[4]: https://searchstorage.techtarget.com/definition/RAID-10-redundant-array-of-independent-disks
[5]: https://www.answers.com/Q/What_is_hard_link_and_soft_link_in_Linux
[6]: https://www.wisdomjobs.com/e-university/network-administrator-interview-questions.html
[7]: https://unix.stackexchange.com/questions/105/chroot-jail-what-is-it-and-how-do-i-use-it
[8]: https://serverfault.com/questions/391370/how-to-prevent-zero-day-attacks
[9]: https://unix.stackexchange.com/a/153586/8369
[10]: https://blog.netwrix.com/2018/07/23/systems-administrator-salary-in-2018-how-much-can-you-earn/

236
translated/tech/20190725 24 sysadmin job interview questions you should know.md Normal file
View File

@ -0,0 +1,236 @@
[#]: collector: (lujun9972)
[#]: translator: (wxy)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (24 sysadmin job interview questions you should know)
[#]: via: (https://opensource.com/article/19/7/sysadmin-job-interview-questions)
[#]: author: (DirectedSoul https://opensource.com/users/directedsoul)
24 个必知必会的系统管理员面试问题
======
> 即将进行系统管理员工作面试吗? 阅读本文,了解你可能会遇到的一些问题以及可能的答案。
![Question and answer.][1]
作为一个经常与计算机打交道的极客,在硕士毕业后在 IT 行业选择我的职业是很自然的选择。因此,我认为走上系统管理员之路是正确的路径。在我的职业生涯中,我对求职面试过程非常熟悉。现在来看一下该职位的预期、职业发展道路,以及一系列常见问题和我的回答。
### 系统管理员的典型任务和职责
组织需要了解系统工作原理的人员,以确保数据安全并保持服务平稳运行。你可能会问:“等等,是不是系统管理员还能做更多的事情?”
你是对的。现在,一般来说,让我们看一下典型的系统管理员的日常任务。根据公司的需求和人员的技能水平,系统管理员的任务从管理台式机、笔记本电脑、网络和服务器到设计组织的 IT 策略不等。有时,系统管理员甚至负责购买和订购新的 IT 设备。
那些寻求系统管理工作作为其职业道路的人可能会发现,由于 IT 领域的快速变化是不可避免的,因此难以保持其技能和知识的最新状态。所有人都会想到的下一个自然而然的问题是 IT 专业人员如何掌握最新的更新和技能。
### 小意思
这是你将遇到的一些最基本的问题,以及我的答案:
1、在 *nix 服务器上登录后键入的前五个命令是什么?
> * `lsblk` 以查看所有的块设备信息
> * `who` 查看谁登录到服务器
> * `top`,以了解服务器上正在运行的进程
> * `df -khT` 以查看服务器上可用的磁盘容量
> * `netstat` 以查看哪些 TCP 网络连接处于活动状态
2、如何使进程在后台运行这样做的好处是什么
> 你可以通过在命令末尾添加特殊字符 `` 来使进程在后台运行。通常,执行时间太长并且不需要用户交互的应用程序会放到后台,以便我们可以在终端中继续工作。([引文][2]
3、以 root 用户身份运行这些命令是好事还是坏事?
> 由于两个主要问题,以 root 身份运行(任何命令)是不好的。第一个是*风险*。当你以 **root** 身份登录时,无法避免你犯粗心大意的错误。如果你尝试以带有潜在危害的方式更改系统,则需要使用 `sudo`,它会引入一个暂停(在你输入密码时),以确保你不会犯错。
>
> 第二个原因是*安全*。如果你不知道管理员用户的登录信息,则系统更难被攻击。拥有 root 的访问权限意味着你已经拥有管理员凭据工作集的一半。
4、`rm` 和 `rm -rf` 有什么区别?
> `rm` 命令本身仅删除指明的文件(而不删除目录)。使用 `-rf` 标志,你添加了两个附加功能:`-r`、`-R` 或 `--recursive` 标志递归删除目录的内容,包括隐藏的文件和子目录;而 `-f``--force` 标志使 `rm` 忽略不存在的文件,并且从不提示你进行确认。
5、有一个大小约为 15GB 的 `Compress.tgz` 文件。你如何列出其内容,以及如何仅提取出特定文件?
> 要列出文件的内容:
>
> `tar tf archive.tgz`
>
> 要提取特定文件:
>
> `tar xf archive.tgz filename`
### 中等意思
这是你可能会遇到的一些较难的问题,以及我的答案:
6、什么是 RAID什么是 RAID 0、RAID 1、RAID 5、RAID 6 和 RAID 10
> RAID<ruby>廉价磁盘冗余阵列<rt>Redundant Array of Inexpensive Disks</rt></ruby>)是一种用于提高数据存储性能和/或可靠性的技术。RAID 级别为:
>
> * RAID 0也称为磁盘条带化这是一种分解文件并将数据分布在 RAID 组中所有磁盘驱动器上的技术。它没有防止磁盘失败的保障。([引文][3]
> * RAID 1一种流行的磁盘子系统通过在两个驱动器上写入相同的数据来提高安全性。 RAID 1 被称为*镜像*它不会提高写入性能但读取性能可能会提高到每个磁盘性能的总和。另外如果一个驱动器发生故障则使用第二个驱动器发生故障的驱动器要手动更换。更换后RAID 控制器将可工作的驱动器的内容复制到新驱动器上。
> * RAID 5一种磁盘子系统可通过计算奇偶校验数据来提高安全性和提高速度。RAID 5 通过跨三个或更多驱动器交错数据(条带化)来实现此目的。在单个驱动器发生故障时,后续读取可以从分布式奇偶校验计算出,从而不会丢失任何数据。
> * RAID 6通过添加另一个奇偶校验块来扩展 RAID 5。此级别至少需要四个磁盘并且可以在任何两个并发磁盘故障的情况下继续执行读/写操作。RAID 6 不会对读取操作造成性能损失,但由于与奇偶校验计算相关的开销,因此确实会对写入操作造成性能损失。
> * RAID 10RAID 10 也称为 RAID 1 + 0它结合了磁盘镜像和磁盘条带化功能来保护数据。它至少需要四个磁盘并且跨镜像对对数据进行条带化。只要每个镜像对中的一个磁盘起作用就可以检索数据。如果同一镜像对中的两个磁盘发生故障则所有数据将丢失因为带区集中没有奇偶校验。[引文][4]
7、`ping` 命令使用哪个端口?
> `ping` 命令使用 ICMP。具体来说它使用 ICMP 回显请求和 ICMP 回显应答包。
>
> ICMP 不使用 UDP 或 TCP 通信服务:相反,它使用原始的 IP 通信服务。这意味着ICMP 消息直接承载在 IP 数据报数据字段中。
8、路由器和网关之间有什么区别 什么是默认网关?
> *路由器*描述的是一种通用技术功能(第 3 层转发)或用于该目的的硬件设备,而*网关*描述的是本地网段的功能(提供到其他地方的连接性)。你还可以说“将路由器设置为网关”。另一个术语是“跳”,它描述了子网之间的转发。
>
>术语*默认网关*表示局域网上的路由器,它的责任是作为向局域网外部计算机通信的第一个联系点。
9、解释一下 Linux 的引导过程。
> BIOS -> 主引导记录MBR -> GRUB -> 内核 -> 初始化 -> 运行级
10、服务器启动时如何检查错误消息
> 内核消息始终存储在 kmsg 缓冲区中,可通过 `dmesg` 命令查看。
>
> 引导的问题和错误要求系统管理员结合某些特定命令来查看某些重要文件,这些文件不同版本的 Linux 处理不同:
>
> * `/var/log/boot.log` 是系统引导日志,其中包含系统引导过程中展开的所有内容。
> * `/var/log/messages` 存储全局系统消息,包括系统引导期间记录的消息。
> * `/var/log/dmesg` 包含内核环形缓冲区信息。
11、符号链接和硬链接有什么区别
> *符号链接*或*软链接*实际是是到原始文件的链接,而*硬链接*是原始文件的镜像副本。如果删除原始文件,则该软链接就没有用了,因为它指向的文件不存在了。如果是硬链接,则完全相反。如果删除原始文件,则硬链接仍然包含原始文件中的数据。([引文][5]
12、如何更改内核参数你可能需要调整哪些内核选项
> 要在类 Unix 系统中设置内核参数,请首先编辑文件 `/etc/sysctl.conf`。进行更改后,保存文件并运行 `sysctl -p` 命令。此命令使更改永久生效,而无需重新启动计算机
13、解释一下 `/proc` 文件系统。
> `/proc` 文件系统是虚拟的,并提供有关内核、硬件和正在运行的进程的详细信息。由于 `/proc` 包含虚拟文件,因此称为“虚拟文件系统”。这些虚拟文件具有独特性。其中大多数列为零字节。
>
> 虚拟文件,例如 `/proc/interrupts`、`/proc/meminfo`、`/proc/mounts` 和 `/proc/partitions`,提供了系统硬件的最新信息。其他诸如 `/proc/filesystems``/proc/sys` 目录提供系统配置信息和接口。
14、如何在没有密码的情况下以其他用户身份运行脚本
> 例如,如果你可以编辑 sudoers 文件(例如 `/private/etc/sudoers`),则可以使用 `visudo` 添加以下[内容][2]
>
> `user1 ALL =user2NOPASSWD/opt/scripts/bin/generate.sh`
>
15、什么是 UID 0 toor 帐户?是被入侵了么?
> `toor` 用户是备用的超级用户帐户,其中 `toor``root` 反向拼写。它预期与非标准 shell 一起使用,因此 `root` 的默认 shell 不需要更改。
>
> 此用途很重要。这些 shell 不是基本发行版的一部分,而是从 ports 或软件包安装的,它们安装在 `/usr/local/bin` 中,默认情况下,位于其他文件系统上。如果 root 的 shell 位于 `/usr/local/bin` 中并且未挂载包含 `/usr/local/bin` 的文件系统,则 root 无法登录以解决问题,并且系统管理员必须重新启动进入为单用户模式来输入 shell 程序的路径。
### 小目标?
这是你可能会遇到的甚至更困难的问题:
16、`tracert` 如何工作,使用什么协议?
> 命令 `tracert`(或 `traceroute`,具体取决于操作系统)使你可以准确地看到在连接到最终目的地的连接链条中触及的路由器。如果你遇到无法连接或无法 `ping` 通最终目的地的问题,则可以使用 `tracert` 来帮助你确定连接链在何处停止。 [引文][6]
>
> 通过此信息你可以联系正确的人无论是你自己的防火墙、ISP、目的地的 ISP 还是中间的某个位置。 `tracert` 命令像 `ping` 一样使用 ICMP 协议,但也可以使用 TCP 三步握手的第一步来发送 SYN 请求以进行响应。
17、使用 `chroot` 的主要优点是什么?我们何时以及为什么使用它?在 chroot 环境中,`mount /dev`、`mount /proc` 和 `mount /sys` 命令的作用是什么?
> chroot 环境的优点是文件系统与物理主机是隔离的,因为 chroot 在文件系统内部有一个单独的文件系统。区别在于 `chroot` 使用新创建的根目录(`/`)作为其根目录。
>
> chroot 监狱可让你将进程及其子进程与系统其余部分隔离。它仅应用于不以 root 身份运行的进程,因为 root 用户可以轻松地脱离监狱。
>
> 该思路是创建一个目录树,在其中复制或链接运行该进程所需的所有系统文件。然后,你可以使用 `chroot()` 系统调用来告诉它根目录现在位于此新树的基点上,然后启动在该 chroot 环境中运行的进程。由于该命令因此而无法引用修改后的根目录之外的路径,因此它无法在这些位置上恶意执行操作(读取、写入等)。([引文][7]
18、如何保护你的系统免遭黑客攻击
> 遵循最低特权原则和这些做法:
>
> * 使用公钥加密,它可提供出色的安全性。
> * 增强密码复杂性。
> * 了解为什么要对上述规则设置例外。
> * 定期检查你的例外情况。
> * 让具体的人对失败负责。(它使你保持警惕。)([引文][8]
19、什么是 LVM使用 LVM 有什么好处?
> LVM逻辑卷管理使用一种存储设备管理技术该技术使用户能够合并和抽象化组件存储设备的物理布局从而可以更轻松、灵活地进行管理。使用设备映射器 Linux 内核框架当前迭代LVM2可用于将现有存储设备收集到组中并根据需要从组合的空间分配逻辑单元。
20、什么是粘性端口
> 粘性端口是网络管理员最好的朋友,也是最头痛的事情之一。它们允许你设置网络,以便通过将交换机上的每个端口锁定到特定的 MAC 地址,仅允许一台(或你指定的数字)计算机在该端口上进行连接。
21、解释一下端口转发
> 尝试与安全的网络内部的系统进行通信时,从外部进行通信可能非常困难,这是很显然的。因此,在路由器本身或其他连接管理设备中使用端口转发表可以使特定流量自动转发到特定目的地。例如,如果你的网络上运行着一台 Web 服务器,并且想从外部授予对该服务器的访问权限,则可以将端口转发设置为该服务器上的端口 80。这意味着在网络浏览器中输入你的外网IP 地址的任何人都将立即连接到服务器的网站。
>
> 请注意,通常不建议允许从你的网络外部直接访问服务器。
22、对于 IDS误报和漏报是什么
> 当入侵检测系统IDS设备为实际上没有发生的入侵生成警报时这是<ruby>误报(假阳性)<rt>false positive</rt></ruby>。如果设备未生成任何警报,而入侵实际上已发生,则为<ruby>漏报(假阴性)</rt></ruby>
23、解释一下 `:(){ :|:& };:`,如果已经登录系统,如何停止此代码?
> 这是一枚复刻炸弹。它分解如下:
>
> * `:()` 定义了函数,以 `:` 作为函数名,并且空括号表示它将不接受任何参数。
> * `{}` 是函数定义的开始和结束。
> * `:|:` 将函数 `:` 的副本加载到内存中,并将其输出通过管道传递给函数 `:` 的另一个副本,该副本也必须加载到内存中。
> * `` 使前一个命令行成为后台进程,因此即使父进程被自动杀死,子进程也不会被杀死。
> * `:` 再次执行该函数,因此连锁反应开始。
>
> 保护多用户系统的最佳方法是使用特权访问管理PAM来限制用户可以使用的进程数。
>
> 复刻炸弹的最大问题是它发起了太多进程。因此,如果你已经登录系统,我们有两种尝试解决此问题的方法。一种选择是执行一个 `SIGSTOP` 命令来停止进程,例如:
>
> `killall -STOP -u user1`
>
> 如果由于占用了所有进程而无法使用命令行,则必须使用 `exec` 强制其运行:
>
> `exec killall -STOP -u user1`
>
> 对于复刻炸弹,最好的选择是防患于未然。
24、什么是 OOM 杀手,它如何决定首先杀死哪个进程?
> 如果内存被进程彻底耗尽,可能会威胁到系统的稳定性,那么<ruby>内存不足<rt>out of memory</rt></ruby>OOM杀手就登场了。
>
> OOM 杀手首先必须选择要杀死的最佳进程。*最佳*在这里指的是在被杀死时将释放最大内存的进程,并且对系统来说最不重要。主要目标是杀死最少数量的进程,以最大程度地减少造成的损害,同时最大化释放的内存量。
>
> 为了实现此目标,内核为每个进程维护一个 `oom_score`。你可以在 `/proc` 文件系统中的 `pid` 目录下的看到每个进程的 `oom_score`
>
> `$ cat /proc/10292/oom_score`
>
> 任何进程的 `oom_score` 值越高,在内存不足的情况下被 OOM 杀手杀死的可能性就越高。 [引文][9]
### 总结
系统管理人员的薪水[差别很大][10],有些网站上说年薪在 70,000 到 100,000 美元之间,具体取决于地点、组织的规模以及你的教育水平以及多年的工作经验。最后,系统管理的职业道路归结为你对使用服务器和解决那些酷问题的兴趣。现在,我要说,继续前进,实现你的梦想之路吧!
--------------------------------------------------------------------------------
via: https://opensource.com/article/19/7/sysadmin-job-interview-questions
作者:[DirectedSoul][a]
选题:[lujun9972][b]
译者:[wxy](https://github.com/wxy)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/directedsoul
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/OSDC_HowToFish_520x292.png?itok=DHbdxv6H (Question and answer.)
[2]: https://github.com/trimstray/test-your-sysadmin-skills
[3]: https://www.waytoeasylearn.com/2016/05/netapp-filer-tutorial.html
[4]: https://searchstorage.techtarget.com/definition/RAID-10-redundant-array-of-independent-disks
[5]: https://www.answers.com/Q/What_is_hard_link_and_soft_link_in_Linux
[6]: https://www.wisdomjobs.com/e-university/network-administrator-interview-questions.html
[7]: https://unix.stackexchange.com/questions/105/chroot-jail-what-is-it-and-how-do-i-use-it
[8]: https://serverfault.com/questions/391370/how-to-prevent-zero-day-attacks
[9]: https://unix.stackexchange.com/a/153586/8369
[10]: https://blog.netwrix.com/2018/07/23/systems-administrator-salary-in-2018-how-much-can-you-earn/