🎁 Get the FREE AI Skills Starter Guide β€” Subscribe β†’
BytesAgainBytesAgain
πŸ¦€ ClawHub

Sysadmin

by @ivangdavila

Manage Linux servers with user administration, process control, storage, and system maintenance.

Versionv1.0.0
Downloads3,343
Installs20
Stars⭐ 4
TERMINAL
clawhub install sysadmin

πŸ“– About This Skill


name: Sysadmin description: Manage Linux servers with user administration, process control, storage, and system maintenance. metadata: {"clawdbot":{"emoji":"πŸ–₯️","os":["linux","darwin"]}}

System Administration Rules

User Management

  • Create service accounts with --system flag β€” no home directory, no login shell
  • sudo with specific commands, not blanket ALL β€” principle of least privilege
  • Lock accounts instead of deleting: usermod -L β€” preserves audit trail and file ownership
  • SSH keys in ~/.ssh/authorized_keys with restrictive permissions β€” 600 for file, 700 for directory
  • visudo to edit sudoers β€” catches syntax errors before saving, prevents lockout
  • Process Management

  • systemctl for services, not service β€” systemd is standard on modern distros
  • journalctl -u service -f for live logs β€” more powerful than tail on log files
  • nice and ionice for background tasks β€” don't compete with production workloads
  • Kill signals: SIGTERM (15) first, SIGKILL (9) last resort β€” SIGKILL doesn't allow cleanup
  • nohup or screen/tmux for long-running commands β€” SSH disconnect kills regular processes
  • File Systems and Storage

  • df -h for disk usage, du -sh * to find culprits β€” check before disk fills completely
  • lsof +D /path finds processes using a directory β€” needed before unmounting
  • ncdu for interactive disk usage β€” faster than repeated du commands
  • Mount options matter: noexec, nosuid for security on data partitions
  • Resize filesystems with care: grow is safe, shrink risks data loss β€” always backup first
  • Logs and Monitoring

  • logrotate prevents disk fill β€” configure size limits and retention
  • Centralize logs to external system β€” local logs lost if server dies
  • /var/log/auth.log or /var/log/secure for login attempts β€” watch for brute force
  • dmesg for kernel messages β€” hardware errors, OOM kills appear here
  • Monitor inode usage, not just disk space β€” many small files exhaust inodes
  • Permissions and Security

  • chmod 600 for secrets, 640 for configs, 644 for public β€” world-writable is almost never correct
  • Sticky bit on shared directories (chmod +t) β€” users can only delete their own files
  • setfacl for complex permissions β€” when traditional owner/group/other isn't enough
  • chattr +i makes files immutable β€” even root can't modify without removing flag
  • SELinux/AppArmor in enforcing mode β€” permissive logs but doesn't protect
  • Package Management

  • apt update before apt upgrade β€” upgrade without update uses stale package lists
  • Unattended security updates: unattended-upgrades β€” critical patches shouldn't wait
  • Pin package versions in production β€” unexpected upgrades cause unexpected outages
  • Remove unused packages: apt autoremove β€” reduces attack surface and disk usage
  • Know your package manager: apt/yum/dnf/pacman β€” commands differ, concepts similar
  • Backups

  • Test restores regularly β€” backups that can't restore are worthless
  • Include package lists and configs, not just data β€” recreating environment is painful
  • Offsite backups mandatory β€” local backups don't survive disk failure or ransomware
  • Backup before any risky change β€” "I'll just quickly edit" famous last words
  • Document restore procedure β€” 3am disaster is wrong time to figure it out
  • Performance

  • top/htop for live view, vmstat for trends β€” understand baseline before diagnosing
  • iotop for disk I/O bottlenecks β€” slow disk often blamed on CPU
  • Load average: 1.0 per core is healthy β€” consistently higher means queuing
  • Swap usage isn't inherently bad β€” but consistent swapping indicates memory shortage
  • sar for historical data β€” retroactively diagnose what happened during incident
  • Networking Basics

  • ss -tulpn shows listening ports β€” netstat is deprecated
  • ip addr and ip route replace ifconfig and route β€” learn the new tools
  • Check both host firewall and cloud security groups β€” traffic blocked at either level fails
  • /etc/hosts for local overrides β€” quick testing without DNS changes
  • curl -v shows full connection details β€” headers, timing, TLS handshake
  • Common Mistakes

  • Running services as root β€” one exploit owns the system
  • No monitoring until something breaks β€” reactive is expensive
  • Editing config without backup β€” cp file file.bak takes two seconds
  • Rebooting to "fix" issues β€” masks the problem, it'll return
  • Ignoring disk space warnings β€” 100% full causes cascading failures
  • Forgetting timezone configuration β€” logs from different servers don't correlate