Network bonding combines multiple network interfaces into a single logical interface for redundancy or
increased throughput. Common modes include mode 0 (round-robin), mode 1 (active-backup), mode 4 (802.3ad),
and mode 6 (adaptive load balancing). Configuration is done through /etc/sysconfig/network-scripts/ or netplan.
LXC provides operating system-level virtualization through a virtual environment with its own process and
network space. Unlike Docker, which is primarily focused on application containerization , LXC creates
containers that behave more like traditional virtual machines with their own init system and full OS environment.
Control Groups (cgroups) are a kernel feature that allows administrators to allocate resources—such as CPU
time, system memory, network bandwidth, or combinations of these—among user-defined groups of tasks (
processes). Cgroups provide fine-grained control over allocating, prioritizing, denying, managing, and monitoring
system resources. They are fundamental to container technologies like Docker and LXC.
Docker containerization is a lightweight virtualization technology that packages applications and their
dependencies into isolated containers. Unlike traditional virtualization, which runs complete operating systems on a hypervisor, Docker containers share the host OS kernel and run as isolated processes. This makes containers more lightweight, faster to start , and more resource-efficient than traditional virtual machines.
LVM (Logical Volume Manager) is a device mapper framework that provides logical volume management for
the Linux kernel. It allows administrators to create, resize, and delete logical volumes dynamically, without the
need to unmount filesystems or stop services. The advantages of LVM include flexible disk management, the
ability to create snapshots for backups, and the capability to combine multiple physical volumes into a single
logical volume group, simplifying storage management and optimizing disk usage
Linux namespaces are a feature that allows a process to have its own isolated view of system resources,
such as process IDs, user IDs, network interfaces, and mounted filesystems. This isolation is crucial for
containerization , as it enables multiple containers to run on the same host without interfering with each
other. Each container operates within its own namespace, providing security and resource management.
To configure a firewall using iptables, I would first check current rules with iptables -L. I would then
define my policy with commands like iptables -P INPUT DROP to drop all incoming traffic by default. I would
add rules using iptables -A INPUT -p tcp --dport 22 -j ACCEPT to allow SSH traffic. After setting up
rules, I would save the configuration using iptables-save to ensure they persist after a reboot.
valgrind --leak-check=full ./your_program will show you any memory leaks, including the location where they occurred.
The fstab (file system table) file is a configuration file located at /etc/fstab that contains information
about disk partitions and filesystems. It specifies how and where the filesystems are mounted, including the device
name, mount point, filesystem type, options, and dump/pass values. The system uses this file during boot to
automatically mount filesystems.
Fencing is a safety mechanism used in clustered systems to isolate a failed or unresponsive node so it cannot corrupt shared resources such as storage, databases, or virtual machines.
In high-availability (HA) clusters, a node may lose communication with the rest of the cluster but continue running. This can lead to a split-brain situation where two nodes believe they own the same resource. Fencing prevents this by forcibly removing the problematic node from service.
Two-Factor Authentication (2FA) on a Linux host is commonly configured using Google Authenticator PAM.
1. Install Google Authenticator
RHEL/Rocky/Oracle Linux:
sudo dnf install google-authenticator qrencode -y
Older systems:
sudo yum install google-authenticator qrencode -y
2. Configure OTP for a User
google-authenticator
Recommended answers:
- Time-based tokens: y
- Update .google_authenticator file: y
- Disallow multiple uses: y
- Increase time skew: n
- Enable rate limiting: y
3. Configure PAM
Edit /etc/pam.d/sshd and add:
auth required pam_google_authenticator.so
4. Configure SSH
Edit /etc/ssh/sshd_config and set:
ChallengeResponseAuthentication yes
UsePAM yes
PasswordAuthentication yes
For newer OpenSSH:
KbdInteractiveAuthentication yes
UsePAM yes
5. Restart SSH
sudo systemctl restart sshd
6. Test Login
ssh user@server-ip
You should be prompted for:
- Password
- Verification code (OTP)
Verify Logs:
RHEL:
sudo tail -f /var/log/secure
Ubuntu:
sudo tail -f /var/log/auth.log
Rollback:
Remove:
auth required pam_google_authenticator.so
from /etc/pam.d/sshd and restart sshd.
