
Plan your learning around five modular Linux sysadmin projects to gain practical skills. Use video tutorials, quizzes, and practice challenges—not for complete beginners—to become a more valuable sysadmin.
Learn to run a Linux server in the cloud with a Digital Ocean Ubuntu Droplet. Set a static IP, gain root access, and connect by SSH or console.
Generate an rsa key pair with ssh-keygen, copy the public key to the server using ssh-copy-id, then disable password authentication in sshd_config and restart ssh for key-based login.
Master running containerized applications with Docker by installing Docker on Linux, using the Docker CLI, pulling images from Docker Hub, and building custom images with Dockerfile and volumes.
Discover how Docker enables developers and sysadmins to build, deploy, and run containerized applications with images and portability across environments.
Install docker on Ubuntu using the official repository, remove old docker packages, and install docker-ce docker-ce-cli containerd.io, then verify it's running and test an ngnix container in play-with-docker.
Learn how the docker client interfaces with the docker daemon, use management commands like docker container to list, run, and manage images, and verify installation with the hello-world image.
Pull and run containers from Docker Hub images, including official images and tags; search images, pull specific versions, list images, expose ports, and distinguish docker container run from create.
Run a web server in a docker container with nginx, expose port 80 to host ports 8080, 8081, and 8082, and manage multiple containers.
Learn to list docker images and containers, and pull images from docker hub. Run containers with commands, and compare running versus exited containers using docker container ls and docker ps.
Learn to remove docker images and containers, including stopping, force removing, filtering by status, and using prune commands to clean up dangling images and resources.
Learn how to obtain a shell inside a running docker container using interactive mode -it and the exec command, and manage containers with ls -a and stop commands.
Learn to access and manage a running container by starting a Debian image, attaching with -it, and using Docker container exec to run commands inside without stopping.
learn how to inspect running containers, view ids, names, ports, and logs, start an nginx container, and use docker commands to monitor, inspect, and filter container information.
Modify a running container, commit the changes into a new docker image with docker commit, then run containers from that image to verify saved files and installed tools like nmap.
Tag custom docker images with new labels and push them to Docker Hub after logging in. Understand repositories, tags, and the latest tag, plus public vs private access.
Explore how Docker images use multiple read-only layers shared across images to save disk space. A writable container layer on top records changes, with overlay2 as a common storage driver.
Learn to create custom docker images using a dockerfile, with instructions like from, run, env, expose, and copy to tailor an nginx image for containers.
Learn how to use Docker volumes for persistent data by creating and mounting a volume to Nginx's document root, ensuring data survives container restarts.
Secure and harden a Linux system with a project covering bootloader security, password policy, sudo access, intrusion detection with Aide, Nmap scanning, disk encryption, steganography, and iptables firewall on Ubuntu.
Apply a comprehensive Linux security checklist to harden servers, covering physical security, boot protection, patching, least privilege, open ports, monitoring, backups, and vulnerability scanning.
Secure the open ssh server by editing sshd_config, backing up the file, and applying options like nonstandard port, disable root login, disable password authentication, and AllowUsers restrictions.
Secure the grub 2 boot loader by hashing a password with grub-mkpasswd-pbkdf2 and updating grub.cfg via update-grub2, while noting bios password and physical security considerations.
Enforce Linux password policy by configuring aging, length, and complexity with /etc/login.defs and PAM pwquality, and manage expiry with chage for new and existing users.
Lock or disable a user account without deleting it, using passwd -l to lock, verify with password --status and chage -l, unlock with passwd -u, or expire with --expiredate.
Master per-command privilege access in Linux by configuring sudoers with visudo, granting limited root rights to users or groups, while leveraging no password, no exec, and command lists.
Master privilege separation with sudo by editing sudoers via visudo, using sudoers.d, and granting John and Dan restricted commands with absolute paths, aliases, and nopasswd where appropriate.
Demonstrates a fork bomb denial-of-service attack by a non-privileged user that crashes a Linux system, and shows mitigation by setting hard process limits in limits.conf and using ulimit.
Analyze how password audits test strength by simulating hacker techniques such as brute force, dictionary attacks, and rainbow tables, and examine how hashes and breaches threaten security.
Learn to crack passwords with John the Ripper on Kali Linux, using single, dictionary, and incremental modes, including unshadowing password and shadow files and managing cracking results.
Learn to implement file integrity monitoring with AIDE on a Ubuntu server, creating a baseline database, configuring /etc/aide/aide.conf, and performing checks to detect unauthorized changes.
Create an aide.conf to build a baseline aide database, configuring rules for user, owner, group, permissions, inode, size, mtime, sha256, and run checks with optional limits and cron email reports.
Learn how rootkits compromise Linux systems and remain hidden, and use rkhunter and chkrootkit to detect rootkits, review logs, and manage false positives through whitelisting.
Learn to install and run ClamAV on Ubuntu, start clamav-daemon and freshclam, then use clamdscan or clamscan to detect malware and quarantine threats with --move or --remove.
Encrypt disks and partitions in Linux with dm-crypt, LUKS, and cryptsetup. Open, format, and mount the encrypted device, then unmount and close the mapping to protect data at rest.
Generate a random key file with dd and /dev/urandom, add it as authorization to a LUKS drive (which may hold up to 10 keys), then unlock with cryptsetup luksOpen.
Encrypt a file with gpg using symmetric encryption, defaulting to AES. Choose algorithms like blowfish, output binary or ASCII armor, and decrypt with -d while gpg-agent manages the passphrase.
secure notes with EncryptPad, an open source, cross-platform text editor that encrypts files on the fly using AES and SHA-256, with GPG-compatible formats and passphrase or key protection.
Explore steganography, the art of hiding secret information in plain sight by embedding encrypted data into cover files like images or audio, producing stego files.
Explore steganography in depth, showing how an image's least significant bits embed a secret file without noticeable changes, enabling later recovery via RGB 24-bit color and LSB.
Apply steghide to hide data in image and audio files using a passphrase, compression, and the advanced encryption standard, then verify integrity with hashes and steganalysis.
Explore network discovery and security auditing with nmap, covering TCP SYN scan, TCP connect scan, port specification, and version detection for practical use on Linux.
Explore advanced nmap features, including -Pn to bypass ping, -D decoys for IP obfuscation, -iL for reading targets, and -T templates for faster scans with -sV and -A.
Explore Linux firewalls with netfilter and iptables, a kernel space packet filtering framework for filtering, NAT, port forwarding, and packet alteration.
Understand how a packet traverses netfilter tables and chains, filtering with input, output, and forward, and how snat, masquerade, and prerouting nat affect routing.
Use iptables, the userspace tool for netfilter, to craft rules with tables, chains, matches, and -j targets; learn to drop ICMP echo requests and block ports 80 and 443.
Master iptables options and flags, learning how -A and -I insert or append rules in the input chain, match ports, and control traffic with drop or accept while noting order.
Master iptables options like minus l, minus f, minus z, minus n, and minus p to list, flush, reset counters, and manage default policies across filter, input, output, and forward.
Learn to write iptables rules in a script, make it executable, and ensure persistence after reboot. See how to flush the filter and net table to prevent rule duplication.
Explore how iptables manages traffic with the input, output, and forward chains, where packets are matched by rules and the default policy can be set to drop or accept.
Clear the firewall by flushing all iptables rules and setting accept policies on input, output, and forward, removing user defined chains to yield an open, default linux state.
Filter network traffic with iptables by source or destination IP or network, using IPs, nets, or domain names; apply drop rules and consider DNS resolution implications.
Master iptables port filtering by tcp or udp, using -p, -m multiport, and destination or source ports, to drop ssh on port 22 and allow http/https on 80/443.
Explore stateful firewalls with iptables connection tracking, maintaining in-memory connection states (new, established, related, invalid, untracked) to decide packet handling beyond headers.
Build a stateful firewall for a desktop with an iptables script: flush rules, allow loopback, use input and output chains, drop invalid packets, and permit established, related, and new traffic.
Learn to filter traffic by source mac address with iptables on linux, dropping unauthorized packets and permitting only trusted mac addresses on input and forward chains.
Configure time-based access with iptables -m time to permit ssh 10:00 to 16:00 on weekdays and after-hours https access to ubuntu.com, accounting for utc vs system time.
Demonstrate accept and drop targets as terminating rules in the input chain, permitting ICMP echo requests from the management station and dropping others.
Use the log target, a non-terminating target, to log packet headers via the kernel logging facility, with log level and log prefix options; apply this to ssh connections.
Configure a cloud linux server on a provider like Digital Ocean to run a complete lamp stack with BIND DNS, Apache, PHP, MySQL, and WordPress, all secured.
Register a domain name to establish an online presence, then configure authoritative DNS servers and hosting, test DNS with nslookup, dig, or ping, and understand DNS propagation.
Install and configure bind9 on Ubuntu to run a local DNS server in IPv4 mode, learn recursive and iterative queries, set up forwarders, and test with dig.
Configure an authoritative bind9 dns server as the master for crystalmind.academy, creating the zone file with soa, ns, a, and mx records. Test the setup with dig and verify propagation.
Install apache2 on ubuntu and verify it runs and starts at boot. Open the firewall to allow web traffic and test access via ip and domain.
Learn to configure virtual hosting on an Apache server, hosting multiple domains on a single IP by creating per-site document roots, virtual host files, and enabling sites with a2ensite.
Secure apache by enabling https with OpenSSL and Let's Encrypt certificates, using certbot to automate issuing, configuring, and renewing the certificate, with http redirected to https.
Learn to restrict access to website areas with Apache by source IP, creating an admin directory protected by IP whitelists, testing with real IPs and handling 403 errors.
Master the files directive to restrict access by filename, apply rules via require ip or not ip, use wildcards and regex, and nest rules inside directory sections.
Learn how the .htaccess file enables per-directory configuration under Apache, using AllowOverride to restrict access with IP rules and file directives while noting performance considerations.
Discover how to secure a directory with HTTP digest authentication in Apache, using htdigest to create a password file, configuring AuthName and AuthUserFile, enabling auth_digest, and testing in a browser.
Master the options directive and directory indexing in Apache, controlling features per directory with follow symlinks, indexes, and DirectoryIndex, and recognize how misconfigurations risk exposing sensitive files.
Explore http compression with mod_deflate to reduce bandwidth and costs, speeding page loads and improving search performance by compressing html, xml, javascript, json, and more.
Learn to monitor an Apache web server with mod_status, enable and configure server-status, limit access by IP, view live metrics in a status page, and simulate load with ab.
Install php and the php-mysql module for Apache to power dynamic content and support WordPress, Magento, Joomla, Drupal, and PrestaShop, then test with a sample php file.
Install the mysql-server package, secure the installation with mysql_secure_installation, set the root password, remove anonymous users and the test database, and verify access with the mysql client.
Install phpMyAdmin on Apache2 with mbstring, zip, gd, json, and curl extensions to manage MySQL databases via a web interface, and create a dedicated admin user with full privileges.
Update all lamp stack components and restrict phpMyAdmin access by ip, adding an extra apache authentication layer. Rename the access url alias, use https, and enforce strong passwords.
Install WordPress on an Ubuntu server by creating a MySQL database and user, configuring permissions, deploying WordPress files, and completing setup via the WordPress administration dashboard.
Secure WordPress by keeping WordPress core, plugins, and themes up to date; enforce strong passwords, limit login attempts, enable two-factor authentication, use WordFence, protect wp-admin, and perform backups.
Configure a complete virtual mail system for large organizations using Postfix SMTP and Dovecot IMAP/POP, secured with STARTTLS/OpenSSL, with MySQL-backed virtual users, SMTP AUTH, and integrated spam filtering.
Configure mail DNS by setting A and MX records, SPF, and reverse DNS (PTR); verify with dig to ensure reliable email delivery.
Verify prerequisites before configuring the mail system on an Ubuntu server. Confirm a DigitalOcean droplet with an IP, Bind 9 DNS, crystalmind.academy MX, MySQL root access, and Let's Encrypt certificate.
Install essential mail components using apt, following an installation guide to deploy postfix, postfix-mysql, dovecot, imapd and pop3 servers, configure system mail name, and enable services at boot.
Set up a MySQL-backed mail system by creating the mail database, virtual domains, and user tables; configure Postfix and Dovecot with mysql configuration files and a dedicated vmail user.
Configure postfix using postconf and main.cf, edit or set values with postconf -e, and secure mail delivery with sasl authentication, tls, and restricted recipients (mynetworks) for automated, production-ready mail.
Configure smtp auth using saslauthd and MySQL as the backend; learn to set up Postfix with sasl, pam, and tls encryption, and verify services are running.
Configure dovecot as the IMAP and POP server, update postfix master.cf, implement sql-based authentication with dovecot-sql.conf, enable SSL, and verify Dovecot runs.
Build a functional mail system by creating crystalmind.academy domain and two MySQL users, configuring postfix and SASL, testing with testsaslauthd, and validating local and external mail delivery via Thunderbird.
Enable smtp submission on port 465 in Postfix by editing /etc/postfix/master.cf and restarting Postfix; verify 25 and 465 are listening with netstat.
troubleshoot the mail system by testing connectivity with ping, checking ports 25 and 465, and monitoring /var/log/mail.log; enable verbose postfix and inspect /var/log/auth.log for pam and saslauthd issues.
Learn to scan emails for viruses with amavis and clamav, integrate them with postfix, and configure amavisd-new as an SMTP proxy with freshclam updates.
Test the amavis and clamav antivirus integrated with postfix by sending an eicar test file in a mail and observing detection and rejection on the server.
Learn how postfix access restrictions cut spam early using smtpd_helo_restrictions, smtpd_sender_restrictions, and smtpd_recipient_restrictions, configured in /etc/postfix/main.cf, with greylisting and integration with external filters like Rspamd.
Enforce postfix helo restrictions by requiring a valid helo/ehlo hostname, configuring smtpd_helo_restrictions with trusted networks and ssl authentication, and rejecting invalid or non-fqdn hostnames.
Explore postfix sender restrictions and helo checks to fight spam, including smtpd_sender_restrictions, permit_mynetwork, and permit_sasl_authenticated. Understand how rejection rules like reject_unknown_sender_domain, reject_non_fqdn_sender, and reverse DNS checks enforce RFC compliance.
Explains smtpd_recipient_restrictions in postfix, checks client permission to recipients, enforces permit_mynetwork and sasl authentication, and applies rejects like reject_unauth_destination, reject_unauth_pipelining, reject_unknown_recipient_domain, and reject_non_fqdn_recipient to fight spam.
Explore how real-time blacklists, or rbls/dnsbls, help postfix fight spam by checking the helo or ehlo hostname, reverse client, sender domain, and ip address, with a safe whitelist.
Explore spam filtering systems, compare Rspamd with Spam Assassin, and learn how Rspamd uses rules, Lua modules, and milter integration with Postfix to score and filter emails.
Install and configure Rspamd with Redis as storage and cache. Integrate it with Postfix via the milter protocol and use local.d for custom settings.
Configure and test rspamd with postfix to filter mail by a configurable spam score. Tune symbol weights in groups.conf, enable greylisting, and inspect headers like X-Spam.
Learn to monitor postfix logs with pflogsumm, generate daily and yesterday reports from /var/log/mail.log, and set up a cron job to email the summaries with --problems-first and --verbose-msg-detail.
Explore Ansible as a lightweight, agentless network automation framework built in Python, using SSH to configure Linux servers, Windows, and networking devices through hundreds of modules.
Set up an Ansible control node and multiple managed nodes, then verify SSH access from the control machine to each host, using root access on the managed nodes.
Configure an Ansible inventory file to organize hosts into groups, set per-group and per-host variables, test SSH connectivity with the setup module, and secure credentials with key authentication or vault.
Control many systems from a central location with ansible ad-hoc commands and the shell module. Use practical examples like df -h, lsmem, and ip address show across hosts.
Use Ansible's script module to push and run a local script on remote hosts for automating backups across Windows and Linux. Run scripts as root with become for safer automation.
Use the apt module in Ansible to install, update, or remove packages across all hosts, with examples like installing nmap on Ubuntu and purging or upgrading packages.
Install nginx on remote hosts using the apt module, then control its state with the service module, restart, stop, and enable on boot with Ansible ad-hoc commands.
Use Ansible ad-hoc commands to manage groups and users across many servers. Create and remove groups, add users to groups, and configure home, shell, comment, and ssh key.
Automate Linux administration with cron by scheduling user and system jobs, editing crontab, and using cron syntax to run scripts at minutes, hours, and weekdays.
Configure anacron to schedule tasks on systems not always on, ensuring daily or weekly jobs run after startup with a delay, using /etc/anacrontab and root privileges.
Transition to automation with Bash shell scripting to automate repetitive console tasks. Write scripts that execute quickly, letting anyone run them, even beginners.
Block traffic from a specific source ip address or domain with iptables, then automate with a shell script that prompts for or accepts the ip as an argument.
Learn to drop packets from multiple IPs with a bash for loop. Create a drop_ips.sh script that iterates IPs and applies iptables -I input -s $ip -J DROP.
Create a Bash menu script with select to list items, capture the choice in the reply variable, and use case to respond, including a quit option.
Fully Updated for 2025: Master Real-World Linux Administration Projects!
This advanced Linux Administration course, Part 2 of "Master Linux Administration: The Complete Linux Bootcamp," is for those ready to dive deeper into Linux system administration with five hands-on projects designed for real-world applications. This course requires a foundational knowledge of Linux, making it perfect for those with basic Linux skills who want to level up to a professional level. Not recommended for complete beginners!
Disclaimer: This course requires you to download Docker, Apache, MySQL, and Ansible from their official websites. If you are a Udemy Business user, please check with your employer before downloading any software.
What Makes This Course Stand Out?
Unlike any other online Linux course, this project-focused bootcamp teaches through immersive hands-on projects in Linux and system administration, designed to make you a highly skilled Linux administrator. By the end of this course, you’ll master critical skills through practical projects, giving you a competitive edge in today’s job market.
Why Enroll?
This course is the best investment for anyone looking to gain in-depth knowledge in Linux administration and DevOps, from Docker and Linux security to network configuration and task automation with Ansible.
Course Highlights
Project #1 - Running Containerized Applications with Docker
Learn Docker fundamentals for running containerized applications, including setting up and managing Docker images and containers. Perfect for aspiring DevOps professionals.
Project #2 - Securing and Hardening a Linux System
Explore Linux security essentials to secure and harden your system with OpenSSH, password policies, firewalls, and more. This project covers real-world security practices every sysadmin needs.
Project #3 - Setting Up a Web and DNS Server
Develop a full Web Server and DNS Server from scratch, using Apache2, BIND9, and MySQL. This comprehensive project includes securing Apache with SSL, setting up virtual hosting, and deploying WordPress.
Project #4 - Running a Virtual Mail Server
Set up and configure a complete Virtual Mail Server using Postfix, Dovecot, MySQL, and Rspamd for email management and spam protection.
Project #5 - Automating Linux Administrative Tasks with Ansible
Learn Linux automation with Ansible, including configuring ad-hoc commands, scheduling tasks with Cron, and managing systems with Bash scripting.
What Students Are Saying
"I’ve taken several Linux courses, but this practical Linux course is in a league of its own! The real-world projects, DevOps tools, and focus on what matters make it unbeatable. If you want to secure a job as a sysadmin, don’t miss out on this!" — Nina Johansson
"I completed the course, and I’m already rewatching sections! Andrei dives deep into every aspect of Linux and DevOps, leaving no stone unturned. I can confidently say I’m job-ready, and my boss has noticed my new skills. Enroll now – you won’t regret it!" — Emma Sullivan
"For anyone serious about a career in DevOps or Linux administration, this course is essential. I thought I knew Linux, but I learned so much more – especially in the modules covering containerization and security. I now feel ready to tackle real sysadmin roles with confidence. Thank you, Andrei!" — Marcus Schulz
"Andrei, this course is phenomenal! I already had a basic understanding of Linux, but these hands-on projects have taken my skills to a whole new level. The Docker and Ansible projects were exactly what I needed to feel job-ready in Linux system administration and DevOps. If you're serious about mastering Linux, don't miss this!" — Kunal Rathi
"This isn’t just a course – it’s an investment in your career! The in-depth projects on Docker, Linux security, and web and DNS server setup gave me skills that I’ve already applied in my current role. This course will take you from a beginner to a confident Linux administrator ready to tackle complex environments." — Youssef Hamed
Why Learn from Me?
With 15 years in the field as a Senior Network Engineer, I bring real-world experience to every lesson, ensuring you gain skills that matter. In my 10 years of teaching, I’ve trained hundreds of thousands of students in Linux Administration, Security, Networking, and DevOps – helping them master not only commands but also how to apply them in real jobs.
Course Benefits:
Exclusive Online Support Group: Join a private community for faster, course-related support.
Lifetime Access: Revisit any project whenever you need.
30-Day Money-Back Guarantee: Try the course risk-free!
Ready to Master Linux System Administration?
With these hands-on projects, you’ll be equipped to tackle real Linux environments confidently, becoming a sought-after Linux System Engineer or DevOps Sysadmin. Click “Enroll Now” to start your journey to becoming a skilled Linux professional!