MESSAGE
| DATE | 2015-02-02 |
| FROM | Paul Robert Marino
|
| SUBJECT | Re: [NYLXS - HANGOUT] Linux Job Crunch
|
To get started the best book I've found is this one
http://www.amazon.com/Troubleshooting-Linux-Firewalls-Michael-Shinn/dp/0321227239
In truth I think this should be a must read for all Junior SA's not
because of the parts about IPTables but there is an excelent section
on how to handle emergencies which is oddly enough based on the NSA
field agent hand book. There is one warning I have about this book
some of the information about tools you can use for testing is out of
date for example it calls wireshark ethereal.
The next book after that is this one
http://www.informit.com/store/linux-firewalls-9780672327711?aid=F2EC4C2B-BDE1-4FE7-B36A-6033ED27274A
As far as systemd goes the iptables, iptables6, ebtables, and
arptables commands haven't changed but there are some new wrappers
available like firewalld https://fedoraproject.org/wiki/FirewallD.
That said they are slated to be replaced in the future by nftables
http://netfilter.org/projects/nftables/ the bad news about this is its
really not very well documented yet and not quite ready for production
use.
Next you really have to get to know the ip command well no more using
the oldfasion ifconfig and route commands a lot of older SA's resist
this at first but its not that hard to learn and is really far
superior to the legacy ifconfig and route commands. In general every
one should be familiar with all the commands includes in the iproute2
suite you can go to the website here
http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2
for documentation but its not very well maintained so I advise looking
at the man files which are very well maintained.
"
# rpm -ql iproute|grep man
/usr/share/man/man8/arpd.8.gz
/usr/share/man/man8/bridge.8.gz
/usr/share/man/man8/cbq.8.gz
/usr/share/man/man8/ifcfg.8.gz
/usr/share/man/man8/ip.8.gz
/usr/share/man/man8/lnstat.8.gz
/usr/share/man/man8/nstat.8.gz
/usr/share/man/man8/routel.8.gz
/usr/share/man/man8/rtacct.8.gz
/usr/share/man/man8/rtmon.8.gz
/usr/share/man/man8/ss.8.gz
/usr/share/man/man8/tc-bfifo.8.gz
/usr/share/man/man8/tc-cbq-details.8.gz
/usr/share/man/man8/tc-cbq.8.gz
/usr/share/man/man8/tc-htb.8.gz
/usr/share/man/man8/tc-pfifo.8.gz
/usr/share/man/man8/tc-pfifo_fast.8.gz
/usr/share/man/man8/tc-prio.8.gz
/usr/share/man/man8/tc-red.8.gz
/usr/share/man/man8/tc-sfq.8.gz
/usr/share/man/man8/tc-tbf.8.gz
/usr/share/man/man8/tc.8.gz
"
Also an other thing to look at is ipsets http://ipset.netfilter.org/
its a relatively new addition to the kernel but is supported by most
current distros even if they don't ship with the tool.
finally for any production firewalls you want to look at conntrack
tools http://conntrack-tools.netfilter.org/ specifically conntrackd
which allows you to cluster multiple firewalls connection tracking
data connection tracking state data.
Additionally you may want to look at quagga
http://www.nongnu.org/quagga/ which allows you to configure dynamic
routing protocols. one note there is a section of the documentation
which is wrong which talks about assigning an IP to a loopback device
and binding the proccesses to that IP address. Using the Linux
loopback this way is a massive security violation and SELinux doesn't
like it either instead you should create a dummy network interface
which is akin to what network switches, and traditional firewall
appliances call loopback devices. here is a link to some articles that
describe the Linux dummy network driver
http://wiki.networksecuritytoolkit.org/nstwiki/index.php/Dummy_Interface
and http://www.pocketnix.org/posts/Linux%20Networking%3A%20Dummy%20Interfaces%20and%20Virtual%20Bridges
Also an other think you may want to look at is keepalived which
manages IPVS loadbalancing and can manage VIP's using VRRP heartbeats.
the best documentation is here
https://github.com/acassen/keepalived/blob/master/doc/keepalived.conf.SYNOPSIS
DO NOT follow any of the HOWTO's or example configs or scripts they
are all over a decade out of date and do not follow best practices.
for example almost all of them talk about settin state on one to
"MASTER" and the other one to "BACKUP" this is wrong and causes many
people to have significant problems with failovers not working
correctly or behaving the way they expect. instead both should have
the state set to "BACKUP" and allow them to do an election base on the
priority numbers to determine which should be the master.
As far as entry level work I'm not really sure its been a long time
since Ive looked into entry level positions, but I can tell you that a
lot of large companies are switching to in house built Linux firewalls
because they are cheaper, faster, and more flexible than say a Cisco
PIX firewall for example. Also the cost paying of a few in house Linux
iptables experts a little better than a typical network engineers
still works out cheaper then the support contracts on the appliances
if you have a lot of firewalls. So large companies and retail chains
(which are now starting to pay attention to network security in their
stores) are especially hungry for iptables experts right now.
On Mon, Feb 2, 2015 at 11:47 AM, Ruben Safir wrote:
> On Thu, Jan 22, 2015 at 11:42:10PM -0500, prmarino1-at-gmail.com wrote:
>> Well this is a typical issue it's called the politician shuffle lol.
>>
>> A politician want to make it seam as though he's doing something so he's blaming an imaginary problem on Linux.truth be told there are tons of Linux jobs out there if you are up to date in the right things. This week alone I've had 15 GUN jobs sent to me by recruiters and on referral from an old friend for an other.
>>
>> So they are out there. Hell for that matter even my current job the are hungry for more Linux admins but they want people familiar with broadcast video and iptable too. And my job. Is a union job which means I get time and a half overtime and they can't call me once I leave the office withou paying me a minimum of $300 just for the phone call.
>>
>> Infact I've seen a lot of iptable jobs recently it seems to be the most common recurring theme in job requirements these days.
>> ?
>>
>
>
> So how do I find some entry level work? I need to find work
>
> Ruben
>
>> Sent from my BlackBerry 10 smartphone.
>> ? Original Message ?
>> From: Ruben Safir
>> Sent: Tuesday, January 20, 2015 17:32
>> To: hangout-at-nylxs.com
>> Reply To: hangout-at-mrbrklyn.com
>> Subject: Re: [NYLXS - HANGOUT] Linux Job Crunch
>>
>> On 01/15/2015 03:52 PM, Ruben Safir wrote:
>> > Can someone explain this to me? Is there a Linux Desktop Job Crunch
>> > that Ican get work in?
>>
>> Is anyone aware of any GNU Linux jobs like this. I would happily go to
>> Munich for this and I can really really use a Linux position about anywhere.
>>
>> Ruben
>> >
>> > Mayor of Munich Dieter Reiter has been quoted as saying he is a
>> > 'Microsoft fan'
>> > Image: Regani under CC BY-SA 3.0 licence
>> >
>> > Reiter has publicly criticised the move to Limux, having been quoted as
>> > saying open source software is 'lagging behind the proprietary IT
>> > vendor's solutions' and that he is a "Microsoft fan".
>> >
>> > More recently he attacked the performance of the city's IT department as
>> > a whole, describing an email outage as unacceptable. An internal
>> > investigation determined the incident in December had no link to Limux
>> > and was related to the city's external email server accumulating a back
>> > log of some 20,000 messages after an email was sent with a unusually
>> > large Subject header.
>> >
>> > Hofmann asks Reiter to give the IT staff time to adjust to new working
>> > practices.
>> >
>> > "Please give the existing IT organisation - and above all the people
>> > working there - a chance to prove themselves under their own steam," she
>> > said.
>> >
>> > The council needs more IT staff to work on new projects in a variety of
>> > areas, such as e-government and network security, according to a
>> > spokesman. The council undertook some 390 new IT projects in 2014, with
>> > a recent council report describing the number of projects as
>> > "continuously increasing".
>> >
>> > "Currently the shortage in IT specialists and administration staff is
>> > still at about 20 percent. it-at-M [the company responsible for IT at the
>> > city] will continue to look for qualified employees," he said.
>> > What's next for Limux?
>> >
>> > Ahead of a review of how IT is run at Munich, council staff are to be
>> > surveyed about the problems they experience using Limux and how the open
>> > source desktop works with third party applications.
>> >
>> > "The aim of the survey is to get a general idea of user satisfaction
>> > with IT in general and with the desktop computer in particular," said
>> > the council spokesman.
>> >
>> > The survey is expected to be issued at some point within the next few
>> > months and that it will take another two months to compile and evaluate
>> > the results.
>> >
>> > The findings will be used to draw up a definitive list of issues users
>> > have with IT at the council and potential ways to resolve them. It will
>> > also provide a measure of the user satisfaction to the consulting
>> > company that will carry out the review of Munich's IT. The consulting
>> > company is yet to be appointed.
>> > Why other organisations in Munich are sticking with Windows
>> >
>> > To help it decide how to run its IT, the Munich authority also polled
>> > larger affiliate organisations in the city about their IT estates and
>> > what had driven their choices.
>> >
>> > Concerns about not being able to find the staff to manage a large-scale
>> > Linux desktop deployment and free software played a role in persuading
>> > large organisations to stick with Windows.
>> >
>> > The city's municipal works department rolled out Windows 7 and Microsoft
>> > Office 2010, citing the difficulty of finding qualified IT personnel as
>> > a factor that discouraged it from moving away from Windows.
>> >
>> > Commenting on the findings, Jim Zemlin, executive director of The Linux
>> > Foundation, said the foundation is aware of the need for a larger number
>> > of people with the skills to maintain and develop Linux-based operating
>> > systems within large companies and organisations.
>> >
>> > "Preliminary findings from our annual Linux Jobs Report, to be released
>> > in February, show nearly 88 percent of hiring managers are having a very
>> > or somewhat difficult time finding adequate Linux talent. This is why
>> > The Linux Foundation has expanded its efforts to train Linux
>> > professionals with expanded training courses, a free Intro to Linux MOOC
>> > with edX, and the new performance-based Linux certification programs."
>> >
>> > Nevertheless, the difficulty recruiting staff is only one of the issues
>> > raised. Generally the Munich-based organisations surveyed gave the fact
>> > that Microsoft products are the "standard" as justification for sticking
>> > with them - referring to the need for compatibility with third-party
>> > software and to be able to easily swap information with partners.
>> >
>> >
>> >
>>
|
|
