[Newlug] Debian Server Contract work
richard.knechtel at gmail.com
Tue Nov 18 22:46:27 CST 2008
I know someone here in Wisconsin that is looking for someone to do some
short term contract work on a Debian Linux server. The person -does not-
need to reside in Wisconsin. If someone is good with Linux servers -
specifically Debian distribution. Below are the individuals needs. The work
can be done via VPN from my understanding. Or if you reside here in
Wisconsin that would probably be more helpful to this person. If you have
the knowledge/expertise to do what they need please send me your contact
information and I will forward it on to this person and have the individual
contact you directly.
I am not a recruiter and am making no money on this. I am doing this as a
favor for this person - as they do not have any contacts within the Linux
Here is the information I was given.
We have a dedicated production e-commerce web server ( Apache/2.2.3
(Debian) mod_ssl/2.2.3 OpenSSL/0.9.8c ) that is possibly vulnerable to an
SSL attack. The reference to this attack can be found here:
We would like an estimate for the following tasks.
1. Determine whether or not the servers openssl package has already been
2. If the openssl package needs to be patched, determine the risks if any
and when the client has reviewed the risks and approved the patch, apply
the openssl package patch.
3. Determine which keys need to be regenerated. ( Affected keys include SSH
keys, OpenVPN keys, DNSSEC keys, and key material for use in X.509
certificates and session keys used in SSL/TLS connections. )
4. Create a plan to regenerate / update all the weak keys to ensure the SSL
for the E-Commerce site does not go down. Instructions to do this are
The updates and patches need to happen during non-traditional buying hours
so minimal revenue is lost. More than likely, the updates will need to
happen between 11pm and 2am.
Known website / server configuration dependencies are:
1. Website is using a custom PHP Environment Variable that is set in the
2. Cron jobs.
3. MySql server that is used to run the site.
4. Possible shell commands used by the PHP files running the site, I don't
know what they are.
5. The developers and maintainers of the website / server are no longer in
business and getting additional help from them will either be very
difficult or unavailable.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Newlug