This mini project focuses on setting up a secure Linux environment by managing users, automating backups, handling logs, hosting a web service, and securing the system with firewall rules. It helps in combining core Linux administration skills into practical, real-world tasks used in server environments.
User & Permission Setup
This step involves creating system users and assigning appropriate permissions to control access to files and directories. It ensures secure and organized user management in a multi-user Linux environment.
- Create users and groups for specific roles.
- Assign file ownership and permissions using chmod, chown, and chgrp.
- Configure sudo access for administrative privileges.
- Use ACLs to provide controlled access for multiple users.
Step 1: Create a new user (example: webadmin)
sudo useradd -m -s /bin/bash webadmin
sudo passwd webadmin
Step 2: Add user to sudo group
sudo usermod -aG sudo webadminStep 3: Create project folder and set ownership
sudo mkdir -p /var/www/project
sudo chown -R webadmin:webadmin /var/www/project
sudo chmod -R 755 /var/www/project
How to view:
- Check user:
id webadmin
- Check groups:
groups webadmin
- Check directory permissions:
getfacl /var/www/project
Automated Backups
Automated backups protect important files and data by scheduling regular backup tasks using cron. This ensures data safety in case of system failure or accidental data loss.
- Write shell scripts to automate backup tasks.
- Schedule scripts using cron jobs for regular execution.
- Store backups in secure directories.
- Verify backups to ensure data integrity.
Step 1: Create backup directory
sudo mkdir -p /backups
sudo chown webadmin:webadmin /backups
Step 2: Create a backup script
sudo nano /usr/local/bin/project_backup.shScript:
#!/bin/bash
SRC="/var/www/project"
DEST="/backups/project-$(date +%F).tar.gz"
tar -czf "$DEST" "$SRC"
- Save & exit, then:
sudo chmod +x /usr/local/bin/project_backup.shStep 3: Add cron job (for user webadmin)
sudo crontab -e -u webadminAdd this line (backup daily at 2:00 AM):
0 2 * * * /usr/local/bin/project_backup.shHow to view/check this
- List cron jobs:
sudo crontab -l -u webadminYou should see:
0 2 * * * /usr/local/bin/project_backup.sh
Log Archiving
Log archiving involves collecting and storing older log files in compressed formats to save space and maintain system hygiene. It helps in monitoring and troubleshooting system activities efficiently.
- Automatically compress and store old logs using scripts.
- Schedule log archiving using cron.
- Maintain organized log directories for easy access.
- Use logs for system analysis and troubleshooting.
Step 1: Create archive directory
sudo mkdir -p /var/log/nginx/archive
sudo chown root:adm /var/log/nginx/archive
Step 2: Create log archive script
sudo nano /usr/local/bin/archive_nginx_logs.shScript:
#!/bin/bash
LOGDIR="/var/log/nginx"
ARCHIVE="$LOGDIR/archive/access-$(date +%F).log.gz"
if [ -f "$LOGDIR/access.log" ]; then
cp "$LOGDIR/access.log" "$LOGDIR/access-$(date +%F).log"
gzip "$LOGDIR/access-$(date +%F).log"
mv "$LOGDIR/access-$(date +%F).log.gz" "$ARCHIVE"
: > "$LOGDIR/access.log" # truncate current log
fi
Make executable:
sudo chmod +x /usr/local/bin/archive_nginx_logs.shStep 3: Add cron job (root)
sudo crontab -eAdd (run at 1:30 AM):
30 1 * * * /usr/local/bin/archive_nginx_logs.shHow to view/check this
- Check cron:
sudo crontab -l- See archived logs:
ls -lh /var/log/nginx/archive- View one archived file:
zcat /var/log/nginx/archive/access-YYYY-MM-DD.log.gz | headWeb Hosting with Nginx
This step sets up a basic web server using Nginx to host a website on a Linux server. It helps in understanding how web services are deployed and served in real environments.
- Install and configure Nginx web server.
- Set up a web directory and host HTML content.
- Configure virtual host settings.
- Test web services using browser or curl.
Step 1: Install Nginx
sudo nginx -t
sudo systemctl restart nginx
Step 2: Use your project directory as web root
- Edit default site:
sudo nano /etc/nginx/sites-available/default- Find the root line and change it to:
root /var/www/project;- Make sure there’s an index line like:
index index.html;Output:
Step 3: Create a simple web page
sudo -u webadmin bash -c 'cat > /var/www/project/index.html <<EOF
<!DOCTYPE html>
<html>
<head><title>My Linux Mini Project</title></head>
<body>
<h1>Hello from Nginx on Linux!</h1>
<p>This page is served from /var/www/project</p>
</body>
</html>
EOF'
Step 4: Test Nginx config and restart
sudo nginx -t
sudo systemctl restart nginx
How to view/check this
1. Check Nginx status:
systemctl status nginxOutput:
2. Test locally:
curl http://localhost- or open your server’s IP in a browser.
Output:
Sets up Nginx to serve your project files as a website from your Linux server. It ensures your system can deliver web pages correctly through a browser or network request.
3. Check port 80 is listening:
sudo ss -tlnp | grep 80Output:
The Nginx web server is actively listening on port 80 for both IPv4 and IPv6 connections. It confirms that your website is open and ready to accept requests from clients and browsers.
Securing with Firewall
Firewall configuration controls incoming and outgoing network traffic to protect the system from unauthorized access. It ensures only trusted services and ports are accessible from outside.
- Enable and configure firewall using UFW or iptables.
- Allow required ports like SSH, HTTP, and HTTPS.
- Block unnecessary services and ports.
- Monitor firewall rules and network traffic.
Step 1: Install and enable UFW (if not installed)
sudo apt install ufw -yAllow SSH (so you don’t lock yourself out):
sudo ufw allow OpenSSHAllow HTTP (Nginx):
sudo ufw allow "Nginx HTTP"Now enable firewall:
sudo ufw enable(Press y when asked.)
How to view/check this
- View firewall status and rules:
sudo ufw status verboseOutput:
- Your firewall is ON and protecting your system. It blocks all incoming traffic by default, but allows SSH (port 22) for remote login and HTTP (port 80) so your Nginx web server works.
- This means your server is secure while still letting you connect and access your website from anywhere.