A System Administrator does not configure a server once and leave it. Ongoing operations require Scripting to automate repetitive tasks and eliminate human error. Simultaneously, the administrator must implement aggressive Security measures to harden the servers against constant external threats.
Detailed Explanation: System Administrators write scripts (Bash, Python, PowerShell) to automate tasks like log rotation, bulk user creation, system health checks, and backups. This transforms manual, multi-step processes into single commands, saving time and ensuring consistency.
This script securely dumps a MySQL database, compresses it, and automatically deletes backups older than 7 days to conserve disk space.
#!/bin/bash
# automated_backup.sh
# Scheduled via Cron: "0 2 * * * /opt/scripts/automated_backup.sh" (Runs daily at 2 AM)
# Configuration Variables
DB_USER="backup_admin"
DB_PASS="SecureP@ssw0rd!"
DB_NAME="production_db"
BACKUP_DIR="/var/backups/mysql"
DATE=$(date +"%Y-%m-%d_%H%M")
RETENTION_DAYS=7
echo "Starting database backup for $DB_NAME..."
# Ensure backup directory exists
mkdir -p $BACKUP_DIR
# 1. Dump and compress the database
mysqldump -u$DB_USER -p$DB_PASS $DB_NAME | gzip > $BACKUP_DIR/${DB_NAME}_${DATE}.sql.gz
if [ $? -eq 0 ]; then
echo "Backup successfully created: ${DB_NAME}_${DATE}.sql.gz"
else
echo "ERROR: Database backup failed!" >&2
exit 1
fi
# 2. Delete backups older than RETENTION_DAYS
echo "Cleaning up backups older than $RETENTION_DAYS days..."
find $BACKUP_DIR -type f -name "*.sql.gz" -mtime +$RETENTION_DAYS -exec rm {} \;
echo "Backup and cleanup process completed."
Detailed Explanation: Server hardening minimizes the attack surface. This includes applying Principle of Least Privilege, enforcing Key-Based Authentication over passwords, configuring host-based firewalls (UFW/Firewalld), and installing intrusion prevention systems like Fail2Ban.
The default SSH configuration is often too permissive. Administrators must edit /etc/ssh/sshd_config to disable insecure practices.
# Edit /etc/ssh/sshd_config for aggressive security # 1. Change default port to reduce automated script kiddie attacks (Optional but common) Port 2222 # 2. STRICTLY Disable Root Login (Admins must log in as normal user and use sudo) PermitRootLogin no # 3. Disable Password Authentication (Force the use of SSH RSA/Ed25519 Keys) PasswordAuthentication no # 4. Limit SSH access to only specific admin users AllowUsers sysadmin devops_lead # 5. Automatically disconnect idle sessions after 10 minutes (600 seconds) ClientAliveInterval 600 ClientAliveCountMax 0 # Apply changes by restarting the service # Command: sudo systemctl restart sshd