I currently have a Debian Woody [url removed, login to view] Server, with Dual 500 Celerons, 512MB of RAM and a SCSI hard drive, that until now, I have been using to test a few perl scripts. However, I believe my hard drive is on its last legs, and I intend to replace it very shortly. Before I do that, I would like someone to perform an audit on this server. The purpose of this audit is to provide me with an in depth understanding of what needs to be done in order to make this same machine a viable phpBB and web server.
In order to insure that your suggestions are viable, I will provide you with immediate access to all aspects of this server. With this, I expect your solutions to be implemented, so as to insure that they will in no way interfere with the perl scripts I have running. After this has been accomplished, I will remove the problematic hard drive, and replace it with 2 new ones. Once they are installed, I will install the basic Debian Woody [url removed, login to view] again, as well as OpenSSH to provide you access, with which you will rebuild the system in a very secure manner, so as I can be confident in using it as a web server on the Internet.
Before presenting you with the deliverables, I think it only fair to inform you that time is of the essence on this project. So, when you read the deliverables, please keep in mind how much time you will need to complete the tasks outlined below. As such, please be sure to include your time estimates in your bid. Also, be aware, that because of the severe time constraints, I will not necessarily wait for time to run out on bidding, but accept the first bid that meets my cost and timeframe. So please, get your bids in quickly.
I expect that the implementation and completion of this project will resemble the process outlined here:
1) Perform a hardware analysis to ensure that all current hardware devices are optimized.
2) Perform a system configuration audit to insure that all kernel and system module configurations are optimized.
3) Perform a security audit to identify an possible vulnerabilities my system is currently susceptible to. (Use of nessus or a similar device is acceptable).
Following the completion of these three audits, I expect a brief summary report of your findings, and the work that you will perform. Upon receipt of this, you will try and implement them on the current system. After you have optimized this system, we will back up the most important pieces, and then reinstall Debian from scratch on the new hard drives.
Once the new drives are in, and Debian has been reinstalled, we will rebuild the server using your solutions. I expect that the successful candidate will perform the following tasks before the project is accepted as complete:
4) Upgrade & optimize the kernel to the latest SMP capable version.
5) Partition the hard disks so that each of the components is safely segregated. For example, place /var, /tmp, (phpBB?) on separate partitions.
6) Configure the hard drives for RAID (Optimized for many read/writes to the MySQL database.)
7) Log rotation and management so I can readily identify any hardware or security problems.
8) Create user groups that will enable users to administer specified phpBB and specified MySQL tables.
9) Ensure that when a new user is created, there is a mandatory password complexity.
10) Develop a backup schedule policy, so that we can dump the logs, MySQL and phpBB data out of the DMZ.
11) Set up some sort of intrusion detection system(s). Use P.A.M, or tripwire to protect the local server.
12) Verify that the latest packages are up to date, or at the very least, do not have no security vulnerabilities.
13) Apache optimization: I would like to be able to create a secure area where friends can access web pages that I use to manage someone of MySQL tables mentioned earlier (and created user/group policies for on the system and in MySQL. I would also like Apache optimized for speed, as well as capable of hosting virtual domains.
14) Configure iptables to protect this webserver from attacks from the Internet, or other computers in the DMZ.
15) Log your own activities. I understand that somewhere (bash history?) all commands entered into a Linux command prompt are stored. I would like you to save these to a file and comment them to create a small Howto manual for my future reference. This manual will also serve as validation of tasks having been completed.
16) Complete and fully-functional working program(s) in executable form as well as complete source code of all work done.
17) Deliverables must be in ready-to-run condition, as follows (depending on the nature of the deliverables):
a) For web sites or other server-side deliverables intended to only ever exist in one place in the Buyer's environment--Deliverables must be installed by the Seller in ready-to-run condition in the Buyer's environment.
b) For all others including desktop software or software the buyer intends to distribute: A software installation package that will install the software in ready-to-run condition on the platform(s) specified in this bid request.
18) All deliverables will be considered "work made for hire" under U.S. Copyright law. Buyer will receive exclusive and complete copyrights to all work purchased. (No GPL, GNU, 3rd party components, etc. unless all copyright ramifications are explained AND AGREED TO by the buyer on the site per the coder's Seller Legal Agreement).
This will run on Debian Woody [url removed, login to view], with Apache, MySQL, phpBB2, perl, php all installed.
Please remember to indicate what your previous experience is, when you can start, when you can be done, as well as any other information that may be pertinent to your bid.