need part-time Debian sysadmin for 1-time contract
Lee Fisher <unifex <at> riseup.net>
2015-11-03 23:37:47 GMT
I need a small site built, to represent a new small (1-person)
consulting company. I'm looking for a sysadmin who has time to work on
a 1-time contract to setup a Debian-based server, hosted on Linode,
with a web server, mail sever, and mailing list server, perhaps a DNS
server. Details on main system and 3 servers below:
For the main system and administration:
Help registering a few domains (example.com, example.org, example.biz,
Hosted on Linode.com.
SSH-based shell-based administration.
Perhaps SEL-based (with SEL enabled).
Some sh/Python script to backup/restore data on site.
IPtables firewall integrated with Snort or Suricata.
Clamd with freshclam (like that really does much...)
For security, hardened server with minimal services enabled, hopefully
with each service isolated in a jail/VM/other isolation technology.
OpenSCAP setup to do regular vulnerability reports.
Nagios or other similar monitoring tool.
Extra points for Xen/KVM-based UEFI Secure Boot-based system with
TPM-based TNC remote attestation ability, instead of unverifiable BIOS
box, as long as provider is using fresh Tianocore OVMFs. I don't think
Linode or anyone does that yet.
It also needs a few more security things I've probably missed, feel
free to suggest.
[Why Linode and not some other cloud? I'm doing a FOSS-centric
company, and want a Linux-based provider. So Windows-based Azure is
not an option, etc. Linode is one of the sites supported by Apache
LibCloud, which I was thinking of making some admin scripts with. I am
open to other options besides Linode, if you know something I don't.]
Beyond core system, it needs 3 public-viewing services, web server,
mail server, and mailing list sever:
1) web server, eg, www.example.com
www. prefix optional.
Help getting proper Verisign cert for HTTPS.
Apache httpd, with mod_security, with minimal modules, no script
languages or dynamic content. If mod_security has value in a static site
Site will only host a dozen static HTML files, with a handful of JPEGs
For now, multiple domains all point to same site.
2) mail server, eg support <at> example.com
I don't know which is proper one to use, probably what
Apache/Debian/Python use for their infrastructure. sendmail, postfix,
qmail, courier, etc.
I'd prefer TLS-only -- no cleartext -- versions of IMAP/SMTP/POP3, but
have been warned that TLS-only mail servers are difficult:
Experience dealing with some of these issues useful:
3) mailing list server, eg announce <at> lists.example.com
If it ends up that we should have separate VMs for each of these
services to scale or for security, then probably also a 4th service: a
I'd like to get help building the initial site.
Then one or two follow-up hourly updates to help with the initial 1-2
upgrades, and some emergency help, like if site goes down, I'd like
help with initial restore.
[A few months later, perhaps a second contract in a few months for V2
features: Semantic MediaWiki-based wiki.example.com, git.example.com,
lxr.example.com, some iCalendar server, perhaps an IRC/XMPP/WebRTC
But I'm presuming to take over admin role after site has been
initialized, so after initial contract, and upgrade/emergency or two,
that'll probably be end of the contract. I'd like to have the V1 site
up before EOY, is possible.
If you're a FOSS-centric, Linux-savvy, local sysadmin who has time for
this contract, please email me privately.