5. System and Network AdministrationΒΆ
The DIMS project primarily uses GNU/Linux operating systems. Integrating multiple open source tools produced by others (with their choice of operating system version, libraries, etc.) requires simultaneously dealing with multiple Linux distributions and versions, where they place configuration files, how they manage service daemons, etc. Using Ansible to control all of these configuration files requires understanding how to identify and provide installation steps for each supported operating system and use of methodical development and testing practices to ensure that playbooks run on all supported operating systems.
Automation of repetitive processes through the use of Makefile and/or
Bash scripts is used heavily in this project to facilitate build
automation. Familiarity with BASH scripting and GNU/Linux command line tools
(e.g, awk, sed, grep, make) is a requirement.
Experience with the following operating systems:
- CentOS 5.x & 6.x
- RedHat Enterprise Linux 5.x, 6.x
- Ubuntu 12.04 and 14.04 LTS releases
- CoreOS
- Experience with bootable Linux ISO and USB distributions (e.g., CAINE, Debian Mint)
- Use of operating system installation automation tools like Kickstart and Preseed
Experience with the following system administration concepts and tasks:
- Backup and restore
- Build automation
- Management of configuration files using a source code control system for version control, differencing between versions and across operating system distributions
- Device naming and device management in multiple Linux distributions
- Production, management, and revocation/replacement of encryption keys and certificates
Experience with the following network administration concepts and tasks:
- TCP/IP networking (routing, VPN tunneling, VLANs,
iptablesfirewalls) - Use of OpenVPN Virtual Private Network (VPN) and Virtual Local Area Network (VLAN) for network isolation
- Fundamentals of routing protocols, static routing tables, subnet allocation and subnet masks, and use of RFC 1918 non-routable address blocks as part of constructing a multi-layer Private network
- Using iptables for firewalling and Network address translation (NAT)
- Designing networks for static and dynamic host provisioning (subnet allocation, device address allocation, VPN with static and dynamic address allocation, VLAN configuration on managed switches)
- The Domain Name System (DNS), DNS recursion, “Split Horizon DNS”, and dnsmasq
- Understanding of Linux network interface card (NIC) device mapping, differences in device naming across multiple Linux operating system distributions, ability to identify and document the mapping of internal logical device names to physical NIC ports to properly cable systems in a multi-switch rack
Experience with the following operating system level tools:
- Ansible
- Vagrant
- Packer
- Virtualization and hypervisors, including Virtualbox
- Docker
Experience and/or ability to install, configure, and maintain the following server software packages:
- Unix
syslogandrsyslog - The ELK stack
- MySQL Ver 14.12 and above
- PostgreSQL 8.4.17 and above
- The Collective Intelligence Framework (CIF) v1.0 and above
- SiLKTools v1.1.3
- flowtools v0.68
- HTML and CGI using Apache and Nginx
- OpenVPN
- RabbitMQ
- Botnets v0.95 (customized)
Experience with rack-mounted hardware:
- Planning rack layout
- Planning network cabling between layered switches/VLANs and to NICs in servers and orderly cable management