π¦ ClawHub
Sysadmin
by @ivangdavila
Manage Linux servers with user administration, process control, storage, and system maintenance.
TERMINAL
clawhub install sysadminπ About This Skill
name: Sysadmin description: Manage Linux servers with user administration, process control, storage, and system maintenance. metadata: {"clawdbot":{"emoji":"π₯οΈ","os":["linux","darwin"]}}
System Administration Rules
User Management
--system flag β no home directory, no login shellsudo with specific commands, not blanket ALL β principle of least privilegeusermod -L β preserves audit trail and file ownership~/.ssh/authorized_keys with restrictive permissions β 600 for file, 700 for directoryvisudo to edit sudoers β catches syntax errors before saving, prevents lockoutProcess Management
systemctl for services, not service β systemd is standard on modern distrosjournalctl -u service -f for live logs β more powerful than tail on log filesnice and ionice for background tasks β don't compete with production workloadsnohup or screen/tmux for long-running commands β SSH disconnect kills regular processesFile Systems and Storage
df -h for disk usage, du -sh * to find culprits β check before disk fills completelylsof +D /path finds processes using a directory β needed before unmountingncdu for interactive disk usage β faster than repeated du commandsnoexec, nosuid for security on data partitionsLogs and Monitoring
logrotate prevents disk fill β configure size limits and retention/var/log/auth.log or /var/log/secure for login attempts β watch for brute forcedmesg for kernel messages β hardware errors, OOM kills appear herePermissions and Security
chmod 600 for secrets, 640 for configs, 644 for public β world-writable is almost never correctchmod +t) β users can only delete their own filessetfacl for complex permissions β when traditional owner/group/other isn't enoughchattr +i makes files immutable β even root can't modify without removing flagPackage Management
apt update before apt upgrade β upgrade without update uses stale package listsunattended-upgrades β critical patches shouldn't waitapt autoremove β reduces attack surface and disk usageBackups
Performance
top/htop for live view, vmstat for trends β understand baseline before diagnosingiotop for disk I/O bottlenecks β slow disk often blamed on CPUsar for historical data β retroactively diagnose what happened during incidentNetworking Basics
ss -tulpn shows listening ports β netstat is deprecatedip addr and ip route replace ifconfig and route β learn the new tools/etc/hosts for local overrides β quick testing without DNS changescurl -v shows full connection details β headers, timing, TLS handshakeCommon Mistakes
cp file file.bak takes two seconds