Quiz: Legacy System Archaeology¶
3 questions
L0 (1 questions)¶
1. When you inherit a system on your first day, what is the very first survey you should run before changing anything?
Show answer
Run: hostname && uname -a && cat /etc/os-release (identity), uptime (stability), systemctl list-units --type=service --state=running (purpose), ss -tlnp (network listeners), ss -tnp to map connections, crontab listings for all users, du -sh /* for disk usage, and awk -F: '$3 >= 1000' /etc/passwd for human users. Observe before touching anything.L1 (1 questions)¶
1. The config in git says max_connections=100 but the running server has max_connections=500. Which is the real config and how do you find what the process is actually using?
Show answer
The server is always the real config — git shows intent, not reality. Find what the process actually uses by:1. Check the process command line for config file paths: cat /proc/
2. Use lsof -p
3. Use strace -e openat on the process to trace file opens.
4. For services that support it, dump running config (e.g., nginx -T, postconf -n, sshd -T).
L2 (1 questions)¶
1. You discover a cron job running a binary with no source code in the repo, as user 'jsmith' who left 2 years ago. How do you investigate what it does and whether it is safe to disable?
Show answer
1. Read the cron entry for schedule, command, and output destination.2. Examine the binary: file
3. Use strace or lsof to trace its system calls and network connections when it runs.
4. Check git log --all --author=jsmith for context.
5. Check if anything depends on its output (files it writes, services it signals).
6. Do NOT delete — disable first by commenting the cron entry. Wait at least one full cycle (month if monthly) to see if anything breaks. Document your findings for the next person.