Build a Real-World Linux Server Environment

# CHAPTER 20

Build a Real-World Linux Server Environment #

1. Introduction #

2. The Final Project Scenario #

1. 1. Identity Management: Create a dedicated administrative user; disable the master root login.

1. 2. Perimeter Security: Configure a firewall allowing only SSH and HTTP traffic.

1. 3. Application Deployment: Install and enable the NGINX web server.

1. 4. Automation: Write a Bash script to compress the web directory into a tarball and schedule it to run automatically every night.

3. Phase 1: Identity and Access Management #

1. Create the User:

adduser devopsadmin

*(Enter and confirm a secure password when prompted).*

2. Grant Sudo Privileges:

usermod -aG sudo devopsadmin

*(Log out of the server, and log back in as devopsadmin to perform all remaining tasks).*

4. Phase 2: Server Hardening (Firewall & SSH) #

1. Secure the SSH Configuration:

sudo nano /etc/ssh/sshd_config

Change PermitRootLogin yes to PermitRootLogin no. Save (Ctrl+O) and Exit (Ctrl+X). Restart the service to apply the lock: sudo systemctl restart sshd.

2. Configure the Uncomplicated Firewall (UFW):

# Set the baseline to deny everything
sudo ufw default deny incoming
sudo ufw default allow outgoing

# Punch the necessary holes
sudo ufw allow ssh      # Critical: Do this first!
sudo ufw allow http     # Allow Web Traffic (Port 80)

# Arm the defenses
sudo ufw enable
sudo ufw status

5. Phase 3: Application Deployment #

1. Update the Repository Database:

sudo apt update
sudo apt upgrade -y

2. Install the NGINX Web Server:

sudo apt install nginx -y

3. Manage the Daemon: Verify that systemd successfully started the service in the background:

sudo systemctl status nginx

*(Press q to exit the status screen). Ensure it will start on reboot:*

sudo systemctl enable nginx

*(Verification: If you open a web browser on your laptop and type the server's IP address, you will see the "Welcome to nginx!" default page).*

6. Phase 4: DevOps Automation (Bash & Cron) #

1. Write the Bash Script: Create a directory for your scripts: mkdir ~/scripts && cd ~/scripts

nano backup_web.sh

*The Code:*

#!/bin/bash

# Define variables
SOURCE_DIR="/var/www/html"
BACKUP_DIR="/tmp/backups"
DATE=$(date +%F)
FILENAME="website_backup_$DATE.tar.gz"

# Create backup directory if it doesn't exist
mkdir -p $BACKUP_DIR

# Compress the source into a tarball
echo "Starting backup of $SOURCE_DIR..."
tar -czf $BACKUP_DIR/$FILENAME $SOURCE_DIR

# Verify exit status
if [ $? -eq 0 ]; then
    echo "Backup Successful: $FILENAME"
else
    echo "Backup Failed!"
fi

2. Make it Executable and Test It:

chmod +x backup_web.sh
sudo ./backup_web.sh

Verify the tarball was created: ls -lh /tmp/backups.

3. Schedule the Cron Job: We want this to run silently every night at 3:00 AM.

sudo crontab -e

Add this line to the very bottom:

0 3 * * * /home/devopsadmin/scripts/backup_web.sh > /dev/null 2>&1

7. Phase 5: Verification and Monitoring #

1. 1. Check Memory: free -m. Ensure the RAM is not exhausted.

1. 2. Check Listening Ports: sudo ss -tulpn. Verify NGINX is listening tightly on :::80.

1. 3. Audit the Logs: sudo journalctl -u nginx --since "10 minutes ago". Ensure no critical startup errors occurred.

8. Course Conclusion #

The command line is not just a tool; it is the universal language of modern computing. Whether you are managing an on-premise Apache web server, orchestrating a fleet of Kubernetes Docker containers in AWS, or hunting through cybersecurity logs as an ethical hacker—the bash terminal is the environment where all serious work is accomplished.

You are now equipped with the foundational knowledge required to administer enterprise Linux systems, tackle cloud engineering workflows, and pass practical technical assessments. Continue building virtual machines, writing complex Bash scripts, breaking things, and using the logs to fix them.

Congratulations on completing the course! #