I got to my present position because everyone with actual skills went somewhere that they could actually get paid for those skills. I now find myself as -the- Linux sysadmin for about 200 unique RHEL servers with no real training other than just learning stuff as I stumbled along. Like most people, also have "Other duties as assigned" and duties tangentially related to Linux sysadmin'ing. So my training and discovery time is fairly limited.
That said, when/if the time comes that the Network guy says to me that he thinks we are under some kind of attack, DDoS or other, what should I look at to confirm or deny that? What can I do to limit ongoing effects? What logs should I be looking at that will really tell the tale? Do I look for some huge number of ip addresses from a particular location and iptable deny anything from that ip? Is there a standard tool that puts a number on connection attempts per ip? Are there good links to look at that can "train me up" quickly?
Not looking to be a security expert or anything (obviously), just want to be able to type in a few things while the many bosses stare over my shoulder. Instead of me just sitting there doing nothing because I know nothing.
[link] [comments]