Linux server administration is the operational work of keeping a server secure, stable, and observable: managing access, applying updates, running services, monitoring performance, and ensuring you can recover when something goes wrong.
This guide is intentionally practical. It is written for beginners who want a reliable baseline for running small production servers and for developers who need to operate their own apps.
Operator mindset
“Admin work” is mostly risk reduction: fewer surprises, faster recovery, and predictable changes.
1. What Linux Server Administration Covers
A good admin baseline usually includes:
- Access control: SSH, users/groups, sudo, key rotation.
- Patching: security updates and safe maintenance windows.
- Service management: systemd units, restarts, health.
- Logs and troubleshooting: journald, /var/log, root cause.
- Networking: ports, firewall, DNS, connectivity checks.
- Storage: disk usage, mounts, backups, restore testing.
- Monitoring: alerts before users report problems.
2. Day-One Setup Checklist (New Server)
If you just provisioned a VPS or cloud instance, do this first:
- Update packages: apply security patches.
- Create a non-root admin user: use sudo for elevation.
- Harden SSH: key auth, disable root login, restrict users.
- Firewall: allow only required ports.
- Time: correct timezone + NTP (accurate logs matter).
- Backups: confirm backup plan exists and is tested.
- Monitoring: at least disk + CPU + basic service checks.
Non-negotiable
If the server is reachable over the internet, SSH hardening and firewalling should happen before you install and expose applications.
3. Essential Linux Commands for Admins
These commands cover 80% of real-world admin work:
- Navigation: ls, cd, pwd, tree
- Files: cp, mv, rm, mkdir, find, grep, less
- Processes: ps, top/htop, kill, nice
- Disk: df -h, du -sh, lsblk
- Network: ss -tulpn, ip a, curl, dig
- Permissions: chmod, chown, umask
# Find large directories (quick triage)
sudo du -xh / | sort -h | tail -n 204. Users, Groups, Permissions (chmod, chown, sudo)
A secure server has a clear ownership model:
- Users: one per human (no shared accounts).
- Groups: shared access boundaries (e.g., deploy, ops).
- Least privilege: only grant what is needed to do the job.
# Create a user and add to sudo group (Debian/Ubuntu)
sudo adduser norbert
sudo usermod -aG sudo norbert
# Check permissions
ls -l /var/wwwchmod rule
Prefer groups and targeted permissions over broad 777. “It works” is not a security strategy.
5. SSH Hardening: Keys, Root Login, and Access Control
SSH is your front door. A safe baseline:
- Use keys: disable passwords where possible.
- Disable root login: use sudo instead.
- Restrict users: AllowUsers in sshd_config.
- Brute-force protection: fail2ban or rate limiting.
# Edit SSH server config
sudo nano /etc/ssh/sshd_config
# Typical hardening settings (example)
# PermitRootLogin no
# PasswordAuthentication no
# AllowUsers norbert
sudo systemctl restart sshDo this safely
Before disabling password auth, verify you can log in with your SSH key in a second session. Locking yourself out is an avoidable incident.
6. Package Management and Patching (apt, dnf/yum)
Keep servers patched. Common patterns:
- Debian/Ubuntu: apt update / apt upgrade
- RHEL/Fedora: dnf update (or yum on older systems)
# Debian/Ubuntu
sudo apt update
sudo apt upgrade -y
# Check what changed
apt list --upgradableOperational rule
Patch on a schedule. Emergency patching is stressful and error-prone.
7. Services with systemd (systemctl basics)
systemd manages background services (web servers, databases, agents). Key commands:
sudo systemctl status nginx
sudo systemctl restart nginx
sudo systemctl enable nginx
sudo systemctl disable nginxCheck what is running
systemctl --type=service --state=running8. Logs and Troubleshooting (journalctl + /var/log)
When something breaks, start with logs and recent changes:
- journalctl: systemd logs, filtered by unit or time.
- /var/log: traditional log files (varies by distro).
- Auth logs: SSH attempts, sudo activity.
# View logs for a service
sudo journalctl -u nginx --since "1 hour ago" --no-pager
# Follow logs live
sudo journalctl -u nginx -fTroubleshooting loop
Symptoms → logs → hypothesis → minimal change → verify → document.
9. Networking Basics (IP, DNS, ports, connectivity)
Most server issues are ultimately DNS, firewall, or service bindings. Useful checks:
- Listen ports: ss -tulpn
- IP config: ip a, ip r
- DNS: dig, resolvectl status
- Connectivity: curl, ping (if allowed), traceroute
# Confirm a service is listening
sudo ss -tulpn | grep -E ":(80|443)\b"
# Quick HTTP check
curl -I http://localhost10. Firewalls and Exposure (UFW/nftables/iptables)
Only expose what you need. A beginner-friendly approach on Ubuntu is UFW:
# Example (Ubuntu)
sudo ufw allow OpenSSH
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw enable
sudo ufw status verboseAvoid lockout
Always allow SSH before enabling a firewall rule set on a remote server.
11. Storage and Filesystems (df, du, mounts, backups)
Disk pressure is one of the most common causes of outages. Monitor:
- Free space: df -h
- What consumes space: du -sh *
- Block devices: lsblk
- Mounts: /etc/fstab and mount points
df -h
sudo du -sh /var/* | sort -h12. Cron, timers, and scheduled jobs
Use scheduled jobs for backups, cleanup, and recurring tasks. Options:
- cron: classic scheduling (crontab -e).
- systemd timers: modern scheduling with better logging.
# View cron entries (user)
crontab -l
# List systemd timers
systemctl list-timers13. Monitoring Basics (CPU, RAM, disk, logs, alerts)
Monitoring prevents surprise outages. At minimum:
- CPU + load: sustained high load needs investigation.
- Memory: swapping is an early warning.
- Disk: alert before 80–90% usage.
- Service health: HTTP checks for key endpoints.
- Logs: alerts for repeated failures or auth spikes.
# Quick triage
uptime
free -h
topAlert philosophy
Alert on symptoms that require action, not on everything that changes.
14. Backups and Restore Drills (What matters most)
A backup strategy is only real if restores work. For small servers:
- Data backups: databases, uploads, stateful directories.
- Config backups: /etc, app configs, systemd unit files.
- Off-host storage: backups should not live only on the server.
- Restore drills: practice on a staging box or local VM.
Backups are not enough
You need a restore procedure: who runs it, how long it takes, and how you validate data integrity after restore.
15. Practical Hardening Baseline (Beyond SSH)
Beyond SSH and firewalls, focus on a few high-impact controls:
- Automatic security updates: where appropriate and tested.
- Limit sudo: only admins; log sudo usage.
- Remove unused services: fewer attack surfaces.
- Fail2ban: protect SSH and exposed apps.
- File permissions: protect secrets and config files.
- Audit changes: keep a changelog or use IaC.
Infrastructure as code
Even for one server, documenting setup steps (or using Ansible/Terraform) makes recovery and scaling dramatically easier.
16. Common Beginner Mistakes (And How to Avoid Them)
- Using root for everything: high risk. Fix: sudo + separate admin accounts.
- Exposing services publicly: accidental data leaks. Fix: firewall + bind internal services to localhost/private IP.
- Skipping patching: easy compromise path. Fix: patch schedule and alerts.
- No monitoring: outages discovered late. Fix: basic alerts (disk, CPU, service checks).
- No restore testing: backup surprises. Fix: periodic restore drills.
17. Linux Server Admin Checklist
Use this as an operational baseline:
- Access: SSH keys, root login disabled, AllowUsers set.
- Users: per-person accounts, sudo group controlled.
- Firewall: only required ports open.
- Updates: regular patching schedule.
- Services: systemd units checked and enabled.
- Logs: journalctl usage known; auth logs monitored.
- Storage: disk alerts configured; cleanup plan exists.
- Backups: off-host backups + restore drills.
- Monitoring: key metrics + service checks with alerts.
- Docs: runbook for common tasks and incidents.
Fast win
Create a single “server runbook” file: access details, service list, ports, backup location, and common troubleshooting commands.
18. FAQ: Linux Admin Basics
Should I disable SSH password authentication?
If you can reliably use SSH keys and you have a recovery method (console access), yes—key-based auth significantly reduces brute-force risk.
Where should my application logs go?
Ideally to journald (systemd service logs) or to files under /var/log with log rotation. Centralized logging is a strong next step for production.
How often should I patch a Linux server?
Many teams patch security updates weekly or bi-weekly and patch critical vulnerabilities faster. The right schedule depends on exposure and risk.
What is the most common Linux server outage cause?
Disk full events are extremely common (logs, caches, backups, runaway files). Disk monitoring and log rotation prevent most of them.
Do I need configuration management for one server?
It is not mandatory, but even a small Ansible playbook or documented setup steps can save hours during recovery or migration.
Key Linux terms (quick glossary)
- SSH
- Secure Shell: the standard protocol for remote command-line access to servers.
- sudo
- A mechanism to run commands with elevated privileges as an authorized user.
- systemd
- The init system and service manager on many modern Linux distributions.
- systemctl
- The command-line tool used to control systemd services (start/stop, status, enable).
- journalctl
- The command-line tool used to query and follow logs stored by journald.
- UFW
- Uncomplicated Firewall: a user-friendly interface to manage firewall rules on Ubuntu and related distributions.
- Fail2ban
- A tool that bans IPs after repeated failed login attempts, helping reduce brute-force attacks.
- NTP
- Network Time Protocol: keeps server clocks accurate for logs and security.
Worth reading
Recommended guides from the category.
