BSc CSIT (TU) Science Network and System Administration (BSc CSIT, CSC412) Question Paper 2074 Nepal

System Administration

System administration is the management, configuration, operation, and maintenance of computer systems and servers (especially multi-user systems) so that they run reliably, securely, and efficiently for their users. A system administrator (sysadmin) is the person responsible for these tasks.

Roles and Responsibilities of a System Administrator

1. Installation and configuration — Installing and upgrading operating systems, server software, and applications; configuring hardware and services.
2. User and account management — Creating, modifying, and deleting user/group accounts, managing passwords, permissions, and access control.
3. Resource and performance management — Monitoring CPU, memory, disk, and network usage; tuning the system and managing disk quotas.
4. Backup and recovery — Designing backup policies, taking regular backups, and restoring data after failures.
5. Security — Applying patches, configuring firewalls, managing authentication, detecting intrusions, and enforcing security policies.
6. Network services — Configuring and maintaining services such as DNS, DHCP, mail, web, and file servers.
7. Monitoring and logging — Watching system logs, setting up alerts, and troubleshooting failures.
8. Documentation and support — Maintaining documentation and providing technical support to users.
9. Automation — Writing scripts (shell/Python) to automate repetitive administrative tasks.

Ethical Issues Involved

A sysadmin usually has full (root/administrator) privileges, so ethics are critical:

• Privacy — Administrators can read users' files and emails; they must not access private data without legitimate need or authorization.
• Confidentiality — Information learned through the job (passwords, personal data, business secrets) must be kept confidential.
• Integrity and honesty — Not modifying or destroying data, and not misusing privileges for personal gain.
• Professionalism and fairness — Treating all users equally and applying policies consistently.
• Accountability — Following organizational policies, laws, and acceptable-use agreements, and being answerable for administrative actions.
• Avoiding conflicts of interest and respecting intellectual-property/licensing rules.

Conclusion

System administration keeps an organization's IT infrastructure available and secure. Because sysadmins hold privileged access, they must combine strong technical skills with a high standard of professional ethics.

Domain Name System (DNS)

DNS is a hierarchical, distributed naming system that translates human-readable domain names (e.g. www.example.com) into machine-usable IP addresses (e.g. 93.184.216.34) and vice versa. It works mainly over UDP/TCP port 53 and acts like the "phone book" of the Internet.

DNS Hierarchy

The DNS namespace is an inverted tree read from right to left:

                    . (root)
                  /   |   \
               com   org   np ...        <- Top-Level Domains (TLDs)
               /
          example                          <- Second-Level Domain
            /
          www                              <- subdomain / host

• Root servers (.) — top of the hierarchy; know the TLD servers.
• Top-Level Domain (TLD) servers — generic (.com, .org, .net) and country-code (.np, .in).
• Authoritative name servers — hold the actual records for a domain (the zone).
• Recursive resolvers — query on behalf of clients and cache results.

Resolution example: client -> recursive resolver -> root -> .com TLD -> authoritative server for example.com -> returns IP, which is cached.

Types of DNS Records

Steps to Configure a DNS Server (BIND on Linux)

1. Install the software: sudo apt install bind9 (Debian/Ubuntu) or yum install bind (RHEL).
2. Configure the main file /etc/named.conf (or named.conf.local) to define the zones:

zone "example.com" IN {
    type master;
    file "/etc/bind/db.example.com";
};

3. Create the forward zone file with SOA, NS, A, MX records:

$TTL 86400
@   IN  SOA ns1.example.com. admin.example.com. (
            2074010101 ; serial
            3600 1800 604800 86400 )
    IN  NS  ns1.example.com.
ns1 IN  A   192.168.1.10
www IN  A   192.168.1.20

4. Create a reverse zone file for PTR records (optional).
5. Check syntax: named-checkconf and named-checkzone.
6. Start/enable the service: systemctl restart named and systemctl enable named.
7. Test: use dig, nslookup, or host (e.g. dig www.example.com).

Conclusion

DNS provides scalable, hierarchical, and cached name resolution that is essential for the Internet to function with human-friendly names.

Backup

A backup is a copy of data stored separately from the original so that it can be restored if the original is lost, corrupted, deleted, or destroyed (due to hardware failure, human error, malware, or disaster). Regular backups are a core responsibility of a system administrator.

Backup Strategies

1. Full Backup

A complete copy of all selected data every time.

• Advantages: Simplest restore — only one set needed.
• Disadvantages: Slowest to create; uses the most storage and time.

2. Incremental Backup

Backs up only the data that changed since the last backup of any type (full or incremental).

• Advantages: Fastest backup; least storage per run.
• Disadvantages: Slow, complex restore — needs the last full backup plus every incremental in order.

3. Differential Backup

Backs up all data that changed since the last full backup.

• Advantages: Faster restore than incremental — needs only the last full + the latest differential.
• Disadvantages: Each differential grows larger until the next full backup.

A common real-world policy combines them, e.g. a weekly full + daily incremental/differential backup.

Disaster Recovery (DR) Planning

Disaster recovery is the set of policies and procedures to restore IT systems and data after a major disruptive event (fire, flood, cyber-attack, hardware failure).

Key elements:

1. Risk assessment & Business Impact Analysis (BIA) — identify critical systems and threats.
2. RPO (Recovery Point Objective) — maximum acceptable data loss (how old the recovered data may be); drives backup frequency.
3. RTO (Recovery Time Objective) — maximum acceptable downtime before service is restored.
4. Backup strategy & off-site/cloud storage — keep copies off-site; follow the 3-2-1 rule (3 copies, 2 media types, 1 off-site).
5. Redundancy — RAID, failover servers, replication, hot/warm/cold standby sites.
6. Documented recovery procedures and assigned roles/responsibilities.
7. Regular testing — periodically restore backups and run DR drills to verify they work.

Conclusion

Backups protect data, while a disaster recovery plan ensures the whole organization can resume operations quickly after a major incident. Choosing the right backup strategy and regularly testing the DR plan are essential.

Both manage IT infrastructure, but their focus differs:

In short, a system administrator keeps the machines and services working, while a network administrator keeps the connections between them working. In small organizations one person often performs both roles.

DHCP

DHCP (Dynamic Host Configuration Protocol) is a client-server protocol that automatically assigns IP addresses and other network configuration (subnet mask, default gateway, DNS servers) to hosts on a network, removing the need for manual configuration. It uses UDP ports 67 (server) and 68 (client).

How DHCP Assigns Addresses Dynamically — DORA Process

1. DHCP Discover — The client broadcasts a request to find any available DHCP server (it has no IP yet).
2. DHCP Offer — A server replies with an offered IP address and configuration parameters from its pool.
3. DHCP Request — The client broadcasts acceptance of one offer (important when multiple servers respond).
4. DHCP Acknowledgement (ACK) — The server confirms and leases the address; the client configures its interface.

Leasing

Addresses are given for a limited lease time. Before it expires the client tries to renew the lease; if not renewed, the address returns to the pool for reuse. This dynamic reuse conserves the limited address space.

Benefits: automatic, error-free configuration; efficient reuse of addresses; centralized management; easy to add/move devices.

Linux File System Hierarchy

Linux uses a single inverted-tree structure starting from the root directory / (defined by the Filesystem Hierarchy Standard, FHS). Everything — files, directories, even devices — is represented as a file under /.

Key points: there is no concept of drive letters (C:, D:); additional disks/partitions are mounted onto directories within this single tree, giving a unified namespace.

Daemon

A daemon is a background process in Unix/Linux that runs continuously without direct interactive control from a user, usually to provide a service or wait for requests. Daemons are typically started at boot, run with no controlling terminal, and their names conventionally end in "d".

Characteristics:

• Runs in the background (detached from any terminal).
• Often started/managed by init/systemd.
• Listens for and responds to service requests or performs periodic tasks.

Examples:

• httpd / apache2 — web server daemon
• sshd — secure shell (remote login) daemon
• named (BIND) — DNS server daemon
• crond — runs scheduled jobs
• syslogd / rsyslogd — system logging daemon
• dhcpd — DHCP server daemon
• ftpd — FTP server daemon

User and Group Management in Linux

Linux is a multi-user system; every user has a unique UID and belongs to one or more groups (each with a GID). This controls ownership and permissions.

Key files

• /etc/passwd — user account info (username, UID, GID, home dir, login shell).
• /etc/shadow — encrypted passwords and password-aging info.
• /etc/group — group definitions and memberships.

User management commands

• useradd <name> (or adduser) — create a new user.
• passwd <name> — set/change a user's password.
• usermod — modify an account (e.g. usermod -aG sudo bob adds to a group).
• userdel <name> — delete a user (userdel -r also removes the home directory).

Group management commands

• groupadd <group> — create a group.
• groupmod — modify a group.
• groupdel <group> — delete a group.
• gpasswd / usermod -aG — manage group membership.

Concepts

• Primary group — the user's default group (listed in /etc/passwd).
• Secondary (supplementary) groups — additional groups the user belongs to.
• root (UID 0) — the superuser with full privileges; ordinary admins use sudo to run privileged commands.

Groups simplify permission management by letting an administrator grant access to many users at once instead of one by one.

NFS (Network File System)

NFS is a distributed file-system protocol (originally developed by Sun Microsystems) that lets a client mount and access directories located on a remote server over the network as if they were local. It provides transparent file sharing, mainly among Unix/Linux systems.

How it is used for file sharing

On the server (exports the directory):

1. Install the NFS server package (e.g. nfs-kernel-server).
2. Add the directory to share in /etc/exports:

/data    192.168.1.0/24(rw,sync,no_subtree_check)

(options control read/write, sync writes, allowed clients). 3. Apply with exportfs -a and start/restart the NFS service (systemctl restart nfs-server).

On the client (mounts the share):

mount -t nfs 192.168.1.10:/data /mnt/data

To make it permanent, add an entry to /etc/fstab.

Benefits

• Centralized storage and shared home directories.
• Transparent access — remote files behave like local files.
• Saves local disk space and simplifies administration.

NFS works on a client-server model using RPC (Remote Procedure Calls).

Symmetric vs Asymmetric Encryption

Summary: Symmetric encryption uses one secret key shared by both parties — fast but with a key-distribution problem. Asymmetric encryption uses a mathematically related public/private key pair — slower but solves key distribution and enables digital signatures. In practice they are combined (e.g. TLS): asymmetric encryption securely exchanges a symmetric session key, which then encrypts the actual data.

Firewall

A firewall is a network security system (hardware, software, or both) that monitors and controls incoming and outgoing network traffic based on predefined security rules. It sits between a trusted internal network and an untrusted external network (e.g. the Internet), allowing or blocking traffic to protect against unauthorized access and attacks.

Types of Firewalls

1. Packet-filtering firewall — Examines each packet's header (source/destination IP, port, protocol) against rules; stateless, fast, but no awareness of connection context.
2. Stateful inspection firewall — Tracks the state of active connections and allows packets only if they belong to a valid, established session; more secure than simple packet filtering.
3. Proxy (application-level gateway) firewall — Acts as an intermediary at the application layer, inspecting the full content of traffic for specific protocols (HTTP, FTP); provides deep filtering but is slower.
4. Circuit-level gateway — Works at the session layer, verifying TCP handshakes without inspecting packet contents.
5. Next-Generation Firewall (NGFW) — Combines stateful inspection with deep packet inspection, intrusion prevention, and application awareness.

Firewalls may also be classified as hardware (dedicated appliance) vs software (host-based, e.g. iptables/firewalld).

System Logging (syslog)

Syslog is the standard logging framework in Unix/Linux used to collect, classify, and store messages generated by the kernel, system services, daemons, and applications. It gives administrators a central record of system events for monitoring, troubleshooting, auditing, and security analysis.

Key features

• Facility — the source/category of the message (e.g. kern, auth, mail, daemon, cron, user, local0).
• Severity (level) — importance, from highest to lowest: emerg, alert, crit, err, warning, notice, info, debug.
• Logging daemon — syslogd, or modern implementations rsyslog / syslog-ng, receive messages and route them based on facility and severity.
• Configuration file — /etc/rsyslog.conf (or /etc/syslog.conf) defines rules: which messages go to which file or remote server.

Common log files (in /var/log)

• /var/log/messages or /var/log/syslog — general system messages
• /var/log/auth.log (or secure) — authentication/login events
• /var/log/kern.log — kernel messages
• /var/log/maillog — mail server activity

Other points

• Supports remote logging — sending logs over UDP/TCP port 514 to a central log server for centralized analysis.
• logrotate is used to rotate, compress, and delete old logs to control disk usage.

In modern systemd systems, journald provides a binary journal (journalctl) that often works alongside rsyslog.