SANITIZED SAMPLE DELIVERABLE

Know what “verified” means before you buy.

This is a sample of the evidence structure used for the fixed-scope OpenClaw VPS hardening trial. It contains no client data, credentials, hostnames, or claim of completed client work.

Sample, not a case study.
Real handoff evidence is generated from the buyer's throwaway Ubuntu 24.04 VPS after scope acceptance.

Acceptance checklist

  • Ubuntu version and initial package state recorded
  • Dedicated non-sudo service user and pinned OpenClaw version verified
  • systemd enable, restart, health, and failure behavior captured
  • SSH key-only access proven before password authentication is disabled
  • UFW and fail2ban state captured; only agreed public ports exposed
  • Every non-SSH service verified as loopback-bound unless explicitly approved
  • Secrets stored in mode-0600 environment files and absent from unit files, logs, and shell history
  • Monitoring, log access, recovery steps, and rollback notes tested
  • Telegram connectivity checked with redacted output when included in scope
  • Runbook and secret-free screen recording delivered

Example evidence index

01-baseline.txt OS, packages, clock 02-service.txt version, unit, status, restart 03-network.txt listeners, UFW, external exposure 04-access.txt SSH policy, fail2ban status 05-secrets.txt permissions and redacted references 06-telegram.txt redacted connectivity check (if scoped) 07-monitoring.txt alert path and log retrieval RUNBOOK.md operate, restart, recover, roll back

Outputs are redacted before delivery. Secret values are never copied into this index.

Runtime model

OpenClaw runs as a managed service on the new VPS. The buyer can operate it from a local machine and, when included, through Telegram. The VPS remains the runtime, so the local operator machine does not need to stay online.

Buy the fixed-scope trial — $600 →