Debian Ubuntu

← Back to all decks

27 cards — 🟢 6 easy | 🟡 12 medium | 🔴 2 hard

🟢 Easy (6)

1. What is the difference between 'apt update' and 'apt upgrade'?

Show answer

apt update refreshes the package index (what's available). apt upgrade installs newer versions of installed packages. Always run update before upgrade.

Remember: apt commands: apt update (refresh package lists), apt upgrade (upgrade packages), apt install (install), apt remove (uninstall), apt autoremove (cleanup unused dependencies).

Gotcha: apt update does NOT upgrade packages — it only refreshes the package index. Always run apt update before apt install to get the latest versions.

2. What is the difference between 'apt remove' and 'apt purge'?

Show answer

remove uninstalls the package but keeps configuration files in /etc/. purge removes the package AND all its config files. Use purge for a clean reinstall.

Remember: apt commands: apt update (refresh package lists), apt upgrade (upgrade packages), apt install (install), apt remove (uninstall), apt autoremove (cleanup unused dependencies).

Gotcha: apt update does NOT upgrade packages — it only refreshes the package index. Always run apt update before apt install to get the latest versions.

3. How do you find which Debian package owns a specific file?

Show answer

dpkg -S /path/to/file
For files from uninstalled packages: apt-file search /path/to/file (requires apt-file package)

Remember: Debian = stable, conservative, community-driven. Ubuntu = Debian-based, user-friendly, backed by Canonical. Ubuntu LTS is the most popular server distro on AWS.

Gotcha: mixing Debian and Ubuntu packages can break your system. They share the apt/dpkg ecosystem but packages may have different dependencies and versions.

4. How do you enable and configure UFW on Ubuntu?

Show answer

sudo ufw enable
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh
sudo ufw allow http
sudo ufw allow 8080/tcp
sudo ufw status
Note: UFW is disabled by default on Ubuntu.

Remember: UFW = Uncomplicated Firewall. Frontend for iptables. ufw allow 22 (SSH), ufw allow 80/tcp (HTTP), ufw enable (activate). Default: deny incoming, allow outgoing.

5. How long are Ubuntu LTS releases supported?

Show answer

5 years standard support + 5 years ESM (Extended Security Maintenance) through Ubuntu Pro = 10 years total.
LTS releases every 2 years in April (18.04, 20.04, 22.04, 24.04).
HWE kernels backport newer kernel versions to LTS.

Remember: Ubuntu releases every 6 months (YY.MM). LTS every 2 years (April of even years): 22.04, 24.04, 26.04. LTS = 5 years of support. Use LTS for servers.

6. How do you fix broken package dependencies on Debian/Ubuntu?

Show answer

sudo apt --fix-broken install
sudo dpkg --configure -a
For stubborn issues: sudo apt purge && sudo apt install

Remember: Debian = stable, conservative, community-driven. Ubuntu = Debian-based, user-friendly, backed by Canonical. Ubuntu LTS is the most popular server distro on AWS.

Gotcha: mixing Debian and Ubuntu packages can break your system. They share the apt/dpkg ecosystem but packages may have different dependencies and versions.

🟡 Medium (12)

1. What are the Ubuntu repository components (main, restricted, universe, multiverse)?

Show answer

main: Canonical-supported free software
restricted: proprietary drivers
universe: community-maintained free software
multiverse: non-free software
Minimal installs may only have main enabled.

Remember: /etc/apt/sources.list defines package repositories. Format: deb http://archive.ubuntu.com/ubuntu jammy main restricted. Modern: use .list files in /etc/apt/sources.list.d/.

2. How do you properly add a third-party APT repository on modern Debian/Ubuntu?

Show answer

1. Download and dearmor the GPG key:
curl -fsSL https://example.com/key.gpg | sudo gpg --dearmor -o /usr/share/keyrings/example.gpg
2. Add the repo with signed-by:
echo "deb [signed-by=/usr/share/keyrings/example.gpg] https://repo.example.com/apt stable main" | sudo tee /etc/apt/sources.list.d/example.list
3. sudo apt update
apt-key is deprecated.

Remember: apt commands: apt update (refresh package lists), apt upgrade (upgrade packages), apt install (install), apt remove (uninstall), apt autoremove (cleanup unused dependencies).

Gotcha: apt update does NOT upgrade packages — it only refreshes the package index. Always run apt update before apt install to get the latest versions.

3. How do you prevent a package from being upgraded on Debian/Ubuntu?

Show answer

sudo apt-mark hold package-name
Unhold: sudo apt-mark unhold package-name
List held: apt-mark showhold

Remember: Debian = stable, conservative, community-driven. Ubuntu = Debian-based, user-friendly, backed by Canonical. Ubuntu LTS is the most popular server distro on AWS.

Gotcha: mixing Debian and Ubuntu packages can break your system. They share the apt/dpkg ecosystem but packages may have different dependencies and versions.

4. How do you enable automatic security updates on Ubuntu?

Show answer

sudo apt install unattended-upgrades
sudo dpkg-reconfigure -plow unattended-upgrades
Config: /etc/apt/apt.conf.d/50unattended-upgrades
Controls which packages to auto-update, reboot policy, and email alerts.

Remember: Debian = stable, conservative, community-driven. Ubuntu = Debian-based, user-friendly, backed by Canonical. Ubuntu LTS is the most popular server distro on AWS.

Gotcha: mixing Debian and Ubuntu packages can break your system. They share the apt/dpkg ecosystem but packages may have different dependencies and versions.

5. How does AppArmor differ from SELinux?

Show answer

AppArmor is path-based (filenames), SELinux is label-based (inodes).
AppArmor only covers profiled binaries; SELinux covers all processes.
AppArmor is simpler to learn; SELinux is more comprehensive.
AppArmor uses complain mode per-profile; SELinux uses permissive system-wide.
Debian/Ubuntu/SUSE use AppArmor; RHEL/Fedora use SELinux.

Remember: Debian package management: apt (high-level, handles dependencies) wraps dpkg (low-level, installs .deb files). When apt fails, dpkg --configure -a often fixes broken state.

6. What are the AppArmor profile modes and how do you switch between them?

Show answer

enforce: violations blocked and logged
complain: violations logged but allowed (for debugging)
disabled: profile not loaded
Switch: sudo aa-enforce /usr/sbin/nginx or sudo aa-complain /usr/sbin/nginx
Check: sudo aa-status

Remember: Debian package management: apt (high-level, handles dependencies) wraps dpkg (low-level, installs .deb files). When apt fails, dpkg --configure -a often fixes broken state.

7. How does Netplan work for network configuration on Ubuntu?

Show answer

Netplan uses YAML config in /etc/netplan/ to generate backend configs for NetworkManager or systemd-networkd.
Apply: sudo netplan apply
Safe test: sudo netplan try (auto-reverts after 120s)
Debug: sudo netplan --debug apply

Remember: Debian package management: apt (high-level, handles dependencies) wraps dpkg (low-level, installs .deb files). When apt fails, dpkg --configure -a often fixes broken state.

8. How do you configure a static IP address using Netplan?

Show answer

In /etc/netplan/01-config.yaml:
network:
version: 2
ethernets:
eth0:
addresses: [192.168.1.100/24]
routes:
- to: default
via: 192.168.1.1
nameservers:
addresses: [8.8.8.8, 8.8.4.4]
Then: sudo netplan apply

Remember: Debian package management: apt (high-level, handles dependencies) wraps dpkg (low-level, installs .deb files). When apt fails, dpkg --configure -a often fixes broken state.

9. What are snap packages and why are they controversial on Ubuntu?

Show answer

Snap is a parallel package system to apt. Packages are containerized, auto-updating, and distribution-agnostic.
Controversy: uses loop mounts (clutter df), auto-updates without control, some packages are snap-only (Firefox, Chromium), slower first launch.
List: snap list. Install: sudo snap install .

Remember: snap = Canonical's universal package format. Self-contained, auto-updating, sandboxed. Some apps (Firefox on Ubuntu) are snap-only. Alternative: Flatpak.

10. What causes 'Could not get lock /var/lib/dpkg/lock-frontend' and how do you fix it?

Show answer

Another apt/dpkg process is running (often unattended-upgrades in background).
Check: sudo lsof /var/lib/dpkg/lock-frontend
If stale lock: sudo rm /var/lib/dpkg/lock-frontend && sudo rm /var/lib/dpkg/lock && sudo dpkg --configure -a
Don't kill running apt processes — wait for them to finish.

Remember: dpkg = low-level package tool. dpkg -i package.deb (install), dpkg -l (list), dpkg -S /path/to/file (find which package owns a file). apt uses dpkg under the hood.

11. How does cloud-init work on Ubuntu cloud instances?

Show answer

cloud-init runs on first boot to configure hostname, users, SSH keys, packages, and scripts.
Config: /etc/cloud/cloud.cfg and /etc/cloud/cloud.cfg.d/*.cfg
Status: cloud-init status
Logs: /var/log/cloud-init.log
Re-run: sudo cloud-init clean && sudo cloud-init init

Remember: Debian package management: apt (high-level, handles dependencies) wraps dpkg (low-level, installs .deb files). When apt fails, dpkg --configure -a often fixes broken state.

12. How do you use Debian backports for newer packages on stable?

Show answer

Add backports repo:
echo "deb http://deb.debian.org/debian bookworm-backports main" | sudo tee /etc/apt/sources.list.d/backports.list
sudo apt update
Install from backports: sudo apt install -t bookworm-backports
Backports are newer packages recompiled for the stable release.

Remember: Debian package management: apt (high-level, handles dependencies) wraps dpkg (low-level, installs .deb files). When apt fails, dpkg --configure -a often fixes broken state.

🔴 Hard (2)

1. How does Docker bypass UFW firewall rules?

Show answer

Docker manipulates iptables directly, inserting its own DOCKER chain before UFW rules. A port published with -p 3306:3306 is open to the world even if UFW denies 3306.
Fix: bind to localhost with -p 127.0.0.1:3306:3306, or set DOCKER_IPTABLES=false and manage rules manually.

Remember: UFW = Uncomplicated Firewall. Frontend for iptables. ufw allow 22 (SSH), ufw allow 80/tcp (HTTP), ufw enable (activate). Default: deny incoming, allow outgoing.

2. How does Debian's Preseed differ from RHEL's Kickstart?

Show answer

Preseed uses debconf key=value format; Kickstart uses a custom scripting format.
Preseed uses partman recipes; Kickstart uses clearpart/part directives.
Preseed uses pkgsel/tasksel; Kickstart uses %packages section.
Preseed post-install: d-i preseed/late_command; Kickstart: %post section.

Remember: Debian package management: apt (high-level, handles dependencies) wraps dpkg (low-level, installs .deb files). When apt fails, dpkg --configure -a often fixes broken state.