[SASAG] need part-time Debian sysadmin for 1-time contract

Blibbet blibbet at gmail.com
Tue Nov 3 15:39:21 PST 2015 

Hi,

I need a small site built, to represent a new small (1-person)
consulting company. I'm looking for a sysadmin who has time to work on
a 1-time contract to setup a Debian-based server, hosted on Linode,
with a web server, mail sever, and mailing list server, perhaps a DNS
server. Details on main system and 3 servers below:

For the main system and administration:
Help registering a few domains (example.com, example.org, example.biz,
etc.)
Hosted on Linode.com.
Debian-based server.
SSH-based shell-based administration.
Full-disk encryption.
Perhaps SEL-based (with SEL enabled).
Some sh/Python script to backup/restore data on site.
IPtables firewall integrated with Snort or Suricata.
Clamd with freshclam (like that really does much...) :-(
For security, hardened server with minimal services enabled, hopefully
with each service isolated in a jail/VM/other isolation technology.
OpenSCAP setup to do regular vulnerability reports.
Nagios or other similar monitoring tool.

Extra points for Xen/KVM-based UEFI Secure Boot-based system with
TPM-based TNC remote attestation ability, instead of unverifiable BIOS
box, as long as provider is using fresh Tianocore OVMFs. I don't think
Linode or anyone does that yet. :-)

It also needs a few more security things I've probably missed, feel
free to suggest.

[Why Linode and not some other cloud? I'm doing a FOSS-centric
company, and want a Linux-based provider. So Windows-based Azure is
not an option, etc. Linode is one of the sites supported by Apache
LibCloud, which I was thinking of making some admin scripts with. I am
open to other options besides Linode, if you know something I don't.]

Beyond core system, it needs 3 public-viewing services, web server,
mail server, and mailing list sever:

1) web server, eg, www.example.com
www. prefix optional.
Help getting proper Verisign cert for HTTPS.
Apache httpd, with mod_security, with minimal modules, no script
languages or dynamic content. If mod_security has value in a static site
.
Site will only host a dozen static HTML files, with a handful of JPEGs
and PDFs/ODTs.
For now, multiple domains all point to same site.

2) mail server, eg support at example.com
I don't know which is proper one to use, probably what
Apache/Debian/Python use for their infrastructure. sendmail, postfix,
qmail, courier, etc.
I'd prefer TLS-only -- no cleartext -- versions of IMAP/SMTP/POP3, but
have been warned that TLS-only mail servers are difficult:
https://www.google.com/transparencyreport/saferemail/
Experience dealing with some of these issues useful:
https://twitter.com/astrobiased/status/655512405363982336

3) mailing list server, eg announce at lists.example.com
GNU Mailman-based

If it ends up that we should have separate VMs for each of these
services to scale or for security, then probably also a 4th service: a
DNS server.

I'd like to get help building the initial site.

Then one or two follow-up hourly updates to help with the initial 1-2
upgrades, and some emergency help, like if site goes down, I'd like
help with initial restore.

[A few months later, perhaps a second contract in a few months for V2
features: Semantic MediaWiki-based wiki.example.com, git.example.com,
lxr.example.com, some iCalendar server, perhaps an IRC/XMPP/WebRTC
server.]

But I'm presuming to take over admin role after site has been
initialized, so after initial contract, and upgrade/emergency or two,
that'll probably be end of the contract. I'd like to have the V1 site
up before EOY, is possible.

If you're a FOSS-centric, Linux-savvy, local sysadmin who has time for
this contract, please email me privately.

Thanks,
Lee

More information about the Members mailing list