MESSAGE
DATE | 2015-02-02 |
FROM | Paul Robert Marino
|
SUBJECT | Re: [NYLXS - HANGOUT] Linux Job Crunch
|
From owner-hangout-outgoing-at-mrbrklyn.com Mon Feb 2 13:13:20 2015 Return-Path: X-Original-To: archive-at-mrbrklyn.com Delivered-To: archive-at-mrbrklyn.com Received: by mrbrklyn.com (Postfix) id 9D139161162; Mon, 2 Feb 2015 13:13:20 -0500 (EST) Delivered-To: hangout-outgoing-at-mrbrklyn.com Received: by mrbrklyn.com (Postfix, from userid 28) id 881CD1612E5; Mon, 2 Feb 2015 13:13:20 -0500 (EST) Delivered-To: hangout-at-mrbrklyn.com Received: from mail-ob0-f176.google.com (mail-ob0-f176.google.com [209.85.214.176]) by mrbrklyn.com (Postfix) with ESMTP id E70FF161162 for ; Mon, 2 Feb 2015 13:13:19 -0500 (EST) Received: by mail-ob0-f176.google.com with SMTP id wo20so9399081obc.7 for ; Mon, 02 Feb 2015 10:13:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; bh=q8gM5VXu6fI8PjkBbwi3f9dsSN8T6mht8SDHWen/viM=; b=h2e5s4owU8o3gzi66i16IsjpzQDRnhT6YiyODo8qWkGRWZOLxnP3P3ipm9rpQhB4FZ nMLKnrpVUQAiYGaSnQGe25n+RVzb2wUJP1vZlsE40jInZX2fRCCg4xYNebGzfKEO8Vl5 TaWfuBbfPAHKYt9gmpBerhQn9CzYGRjgnzOeJjXxMu8nXC7JgUaaBMCNrPs6ez9ZsoMG sxmJBtX66nqzgj+Y/jdrUCe44pu/WwOTqRWpCjwQJuG1HbZHdtYTbxRlTRpdPHAtS6NR eWDLgtAXBQ5tghQQyVteN1Btj97z1eyrsKPXZ1JcuFmmLTyJQ+XwrvQXzXrPVLQyGpug cs9Q== MIME-Version: 1.0 X-Received: by 10.202.192.11 with SMTP id q11mr11827001oif.41.1422900799038; Mon, 02 Feb 2015 10:13:19 -0800 (PST) Received: by 10.202.108.143 with HTTP; Mon, 2 Feb 2015 10:13:18 -0800 (PST) In-Reply-To: <20150202164726.GA13190-at-panix.com> References: <20150115205212.GA4671-at-panix.com> <54BED789.3050004-at-panix.com> <20150123044210.5927058.68897.932-at-gmail.com> <20150202164726.GA13190-at-panix.com> Date: Mon, 2 Feb 2015 13:13:18 -0500 Message-ID: Subject: Re: [NYLXS - HANGOUT] Linux Job Crunch From: Paul Robert Marino To: "hangout-at-mrbrklyn.com" Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Sender: owner-hangout-at-mrbrklyn.com Precedence: bulk Reply-To: hangout-at-mrbrklyn.com
To get started the best book I've found is this one http://www.amazon.com/Troubleshooting-Linux-Firewalls-Michael-Shinn/dp/0321= 227239 In truth I think this should be a must read for all Junior SA's not because of the parts about IPTables but there is an excelent section on how to handle emergencies which is oddly enough based on the NSA field agent hand book. There is one warning I have about this book some of the information about tools you can use for testing is out of date for example it calls wireshark ethereal.
The next book after that is this one http://www.informit.com/store/linux-firewalls-9780672327711?aid=3DF2EC4C2B-= BDE1-4FE7-B36A-6033ED27274A
As far as systemd goes the iptables, iptables6, ebtables, and arptables commands haven't changed but there are some new wrappers available like firewalld https://fedoraproject.org/wiki/FirewallD. That said they are slated to be replaced in the future by nftables http://netfilter.org/projects/nftables/ the bad news about this is its really not very well documented yet and not quite ready for production use.
Next you really have to get to know the ip command well no more using the oldfasion ifconfig and route commands a lot of older SA's resist this at first but its not that hard to learn and is really far superior to the legacy ifconfig and route commands. In general every one should be familiar with all the commands includes in the iproute2 suite you can go to the website here http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2 for documentation but its not very well maintained so I advise looking at the man files which are very well maintained. " # rpm -ql iproute|grep man /usr/share/man/man8/arpd.8.gz /usr/share/man/man8/bridge.8.gz /usr/share/man/man8/cbq.8.gz /usr/share/man/man8/ifcfg.8.gz /usr/share/man/man8/ip.8.gz /usr/share/man/man8/lnstat.8.gz /usr/share/man/man8/nstat.8.gz /usr/share/man/man8/routel.8.gz /usr/share/man/man8/rtacct.8.gz /usr/share/man/man8/rtmon.8.gz /usr/share/man/man8/ss.8.gz /usr/share/man/man8/tc-bfifo.8.gz /usr/share/man/man8/tc-cbq-details.8.gz /usr/share/man/man8/tc-cbq.8.gz /usr/share/man/man8/tc-htb.8.gz /usr/share/man/man8/tc-pfifo.8.gz /usr/share/man/man8/tc-pfifo_fast.8.gz /usr/share/man/man8/tc-prio.8.gz /usr/share/man/man8/tc-red.8.gz /usr/share/man/man8/tc-sfq.8.gz /usr/share/man/man8/tc-tbf.8.gz /usr/share/man/man8/tc.8.gz " Also an other thing to look at is ipsets http://ipset.netfilter.org/ its a relatively new addition to the kernel but is supported by most current distros even if they don't ship with the tool. finally for any production firewalls you want to look at conntrack tools http://conntrack-tools.netfilter.org/ specifically conntrackd which allows you to cluster multiple firewalls connection tracking data connection tracking state data.
Additionally you may want to look at quagga http://www.nongnu.org/quagga/ which allows you to configure dynamic routing protocols. one note there is a section of the documentation which is wrong which talks about assigning an IP to a loopback device and binding the proccesses to that IP address. Using the Linux loopback this way is a massive security violation and SELinux doesn't like it either instead you should create a dummy network interface which is akin to what network switches, and traditional firewall appliances call loopback devices. here is a link to some articles that describe the Linux dummy network driver http://wiki.networksecuritytoolkit.org/nstwiki/index.php/Dummy_Interface and http://www.pocketnix.org/posts/Linux%20Networking%3A%20Dummy%20Interfac= es%20and%20Virtual%20Bridges
Also an other think you may want to look at is keepalived which manages IPVS loadbalancing and can manage VIP's using VRRP heartbeats. the best documentation is here https://github.com/acassen/keepalived/blob/master/doc/keepalived.conf.SYNOP= SIS DO NOT follow any of the HOWTO's or example configs or scripts they are all over a decade out of date and do not follow best practices. for example almost all of them talk about settin state on one to "MASTER" and the other one to "BACKUP" this is wrong and causes many people to have significant problems with failovers not working correctly or behaving the way they expect. instead both should have the state set to "BACKUP" and allow them to do an election base on the priority numbers to determine which should be the master.
As far as entry level work I'm not really sure its been a long time since Ive looked into entry level positions, but I can tell you that a lot of large companies are switching to in house built Linux firewalls because they are cheaper, faster, and more flexible than say a Cisco PIX firewall for example. Also the cost paying of a few in house Linux iptables experts a little better than a typical network engineers still works out cheaper then the support contracts on the appliances if you have a lot of firewalls. So large companies and retail chains (which are now starting to pay attention to network security in their stores) are especially hungry for iptables experts right now.
On Mon, Feb 2, 2015 at 11:47 AM, Ruben Safir wrote: > On Thu, Jan 22, 2015 at 11:42:10PM -0500, prmarino1-at-gmail.com wrote: >> Well this is a typical issue it's called the politician shuffle lol. >> >> A politician want to make it seam as though he's doing something so he's= blaming an imaginary problem on Linux.truth be told there are tons of Linu= x jobs out there if you are up to date in the right things. This week alone= I've had 15 GUN jobs sent to me by recruiters and on referral from an old = friend for an other. >> >> So they are out there. Hell for that matter even my current job the are = hungry for more Linux admins but they want people familiar with broadcast v= ideo and iptable too. And my job. Is a union job which means I get time and= a half overtime and they can't call me once I leave the office withou payi= ng me a minimum of $300 just for the phone call. >> >> Infact I've seen a lot of iptable jobs recently it seems to be the most = common recurring theme in job requirements these days. >> ? >> > > > So how do I find some entry level work? I need to find work > > Ruben > >> Sent from my BlackBerry 10 smartphone. >> ? Original Message ? >> From: Ruben Safir >> Sent: Tuesday, January 20, 2015 17:32 >> To: hangout-at-nylxs.com >> Reply To: hangout-at-mrbrklyn.com >> Subject: Re: [NYLXS - HANGOUT] Linux Job Crunch >> >> On 01/15/2015 03:52 PM, Ruben Safir wrote: >> > Can someone explain this to me? Is there a Linux Desktop Job Crunch >> > that Ican get work in? >> >> Is anyone aware of any GNU Linux jobs like this. I would happily go to >> Munich for this and I can really really use a Linux position about anywh= ere. >> >> Ruben >> > >> > Mayor of Munich Dieter Reiter has been quoted as saying he is a >> > 'Microsoft fan' >> > Image: Regani under CC BY-SA 3.0 licence >> > >> > Reiter has publicly criticised the move to Limux, having been quoted a= s >> > saying open source software is 'lagging behind the proprietary IT >> > vendor's solutions' and that he is a "Microsoft fan". >> > >> > More recently he attacked the performance of the city's IT department = as >> > a whole, describing an email outage as unacceptable. An internal >> > investigation determined the incident in December had no link to Limux >> > and was related to the city's external email server accumulating a bac= k >> > log of some 20,000 messages after an email was sent with a unusually >> > large Subject header. >> > >> > Hofmann asks Reiter to give the IT staff time to adjust to new working >> > practices. >> > >> > "Please give the existing IT organisation - and above all the people >> > working there - a chance to prove themselves under their own steam," s= he >> > said. >> > >> > The council needs more IT staff to work on new projects in a variety o= f >> > areas, such as e-government and network security, according to a >> > spokesman. The council undertook some 390 new IT projects in 2014, wit= h >> > a recent council report describing the number of projects as >> > "continuously increasing". >> > >> > "Currently the shortage in IT specialists and administration staff is >> > still at about 20 percent. it-at-M [the company responsible for IT at the >> > city] will continue to look for qualified employees," he said. >> > What's next for Limux? >> > >> > Ahead of a review of how IT is run at Munich, council staff are to be >> > surveyed about the problems they experience using Limux and how the op= en >> > source desktop works with third party applications. >> > >> > "The aim of the survey is to get a general idea of user satisfaction >> > with IT in general and with the desktop computer in particular," said >> > the council spokesman. >> > >> > The survey is expected to be issued at some point within the next few >> > months and that it will take another two months to compile and evaluat= e >> > the results. >> > >> > The findings will be used to draw up a definitive list of issues users >> > have with IT at the council and potential ways to resolve them. It wil= l >> > also provide a measure of the user satisfaction to the consulting >> > company that will carry out the review of Munich's IT. The consulting >> > company is yet to be appointed. >> > Why other organisations in Munich are sticking with Windows >> > >> > To help it decide how to run its IT, the Munich authority also polled >> > larger affiliate organisations in the city about their IT estates and >> > what had driven their choices. >> > >> > Concerns about not being able to find the staff to manage a large-scal= e >> > Linux desktop deployment and free software played a role in persuading >> > large organisations to stick with Windows. >> > >> > The city's municipal works department rolled out Windows 7 and Microso= ft >> > Office 2010, citing the difficulty of finding qualified IT personnel a= s >> > a factor that discouraged it from moving away from Windows. >> > >> > Commenting on the findings, Jim Zemlin, executive director of The Linu= x >> > Foundation, said the foundation is aware of the need for a larger numb= er >> > of people with the skills to maintain and develop Linux-based operatin= g >> > systems within large companies and organisations. >> > >> > "Preliminary findings from our annual Linux Jobs Report, to be release= d >> > in February, show nearly 88 percent of hiring managers are having a ve= ry >> > or somewhat difficult time finding adequate Linux talent. This is why >> > The Linux Foundation has expanded its efforts to train Linux >> > professionals with expanded training courses, a free Intro to Linux MO= OC >> > with edX, and the new performance-based Linux certification programs." >> > >> > Nevertheless, the difficulty recruiting staff is only one of the issue= s >> > raised. Generally the Munich-based organisations surveyed gave the fac= t >> > that Microsoft products are the "standard" as justification for sticki= ng >> > with them - referring to the need for compatibility with third-party >> > software and to be able to easily swap information with partners. >> > >> > >> > >>
|
|