A few important bits to look at as an Ubuntu server sysadmin

Some useful sysadmin commands

Display all current connections, listening services, and processes

Really useful Ubuntu sysadmin utility:

netstat -tulpn

If its not present, use this to install it: sudo apt install net-tools

To only see the runnign services, use:

service --status-all | grep "[ + ]"
Check for Rootkits

The “rkhunter” package is useful for doing a scan of your system for any known rootkits:

apt-get install rkhunter
rkhunter -C

Configuration file locations

Apache 2:

/etc/apache/apache2.conf

SSH Server

/etc/ssh/sshd_config

MySQL

/etc/mysql/mysql.cnf

Log files

View log files

Good for scrolling through log files:

less /path/to/log/file

Type ‘q’ to quit

Good for viewing the end of a log file and seeing new messages as they get added:

tail /path/to/log/file
Log file locations

Whole system logs and current activity logs:

/var/log/message

Authentication logs

/var/log/auth.log

Kernel logs

/var/log/kern.log

Cron logs

/var/log/cron.log

Mail server logs

/var/log/maillog

System boot log

/var/log/boot.log

MySQL database server log file

/var/log/mysqld.log

Authentication log

/var/log/secure

Login records file

/var/log/utmp or /var/log/wtmp

Apt package manager logs

/var/log/apt