Security Enhanced OpenSolaris 2009.06 AMP Stack AMI

US AMI Details:
AMI ID :
 ami-e0b05389
 AMI Manifest :
 sun-opensolaris-2009-06/amp_stack_hardened_opensolaris_2009.06_32_1.1.img.manifest.xml
 AKI / ARI ID:
 aki-1783627e / ari-9d6889f4
 License :
Public

Europe AMI Details:
AMI ID :
ami-7a2a010e
AMI Manifest :
sun-opensolaris-2009-06-eu/amp_stack_hardened_opensolaris_2009.06_32_1.1.img.manifest.xml
AKI / ARI ID:
aki-2181a955 / ari-b49fb7c0
License :
Public

Description:

This 32-bit AMI is based on OpenSolaris 2009.06 Hardened Security AMI (ami-e56e8f8c).

Following components are included in this AMI

  • Apache 2.2
  • MySQL 5.1
  • PHP 5.2
  • phpmyadmin 3.2.2

Configurations:

  • Apache and MySQL services are pre-configured to start on boot.
    • Apache Service: svc:/network/http:apache22
    • MySQL Service: svc:/application/database/mysql:version_51
  • If you would like to use phpMyAdmin, you will need to do the following:

# cp /etc/apache2/2.2/samples-conf.d/phpmyadmin.conf /etc/apache2/2.2/conf.d/
# svcadm restart http:apache22

  • DTrace probes are available within Apache and PHP runtime. Sample DTrace scripts are available under /opt/DTT/
  • More details on security information and image usage instructions is provided in to the '/root/ec2sun/README' file.

AMP Stack Files Layout:


 Apache  PHP  MySQL
 Binary Runtime Files
 /usr/apache2/2.2/bin  /usr/php/5.2/bin  /usr/mysql/5.1/bin
 Configuration Files
 /etc/apache2/2.2  /etc/php/5.2  /etc/mysql/5.1
 Web Documents / Data Files
 /var/apache2/2.2  /var/php/5.2  /var/mysql/5.1

Administering AMP Stack

 Command  Apache  MySQL
 Start Service  svcadm enable http:apache22  svcadm enable mysql:version_51
 Stop Service  svcadm disable http:apache22  svcadm disable mysql:version_51
 Restart Service  svcadm restart http:apache22  svcadm restart mysql:version_51


You can reset MySQL 'root' password by running following command:

# /usr/mysql/5.0/bin/mysqladmin -u root -p password '<MySQL password>'


It is highly recommended to secure your MySQL database by following the guidelines mentioned within MySQL 5.1 database documentation: http://dev.mysql.com/doc/refman/5.1/en/security-guidelines.html

Rebundling Changes:

You must disable the auditing during re-bundling. You can execute following commands in your clean up tasks before
executing "ec2-bundle-image" command.

# audit -t
# > /var/log/auditlog
# rm -f /var/audit/\*

As you can see we have introduced the new ARI (ari-9d6889f4) with this AMI, make sure you use the correct ARI with the
"ec2-bundle-image" command as given below.

# ec2-bundle-image -c $EC2_CERT -k $EC2_PRIVATE_KEY \\
--kernel aki-1783627e --ramdisk ari-9d6889f4 \\
--block-device-mapping "root=rpool/56@0,ami=0,ephemeral0=1" \\
--user <userid> --arch i386 \\
-i $DIRECTORY/$IMAGE -d $DIRECTORY/parts

Note: For Europe use "--kernel aki-2181a955 --ramdisk ari-b49fb7c0"

You can restart the audit daemon on the instance where you disabled it temporarily for re-bundling with following
command.

# audit -s

Europe Launch:

To run this AMI in Europe (AMI ID: ami-7a2a010e), change the following environment variables before launching the AMI:

bash # export EC2_URL="https://eu-west-1.ec2.amazonaws.com"
bash # export LOCATION="EU"

The other env variables remain the same as documented in the getting started guide.

NOTE:  a unique <your-keypair-name> must be generated for each region before launching an AMI.(Use ec2-add-keypair <name> > keypairfile after setting the above env variables).

Documentation:

Support

  • Register at http://www.sun.com/third-party/global/amazon/ to receive latest news on OpenSolaris AMIs
  • For technical support during Beta period, please send emails to ec2-solaris-support[AT]SUN[DOT]COM.
  • AMP Stack within OpenSolaris are delivered as part of WebStack project. For any questions related to these components, please write to webstack-discuss[AT]opensolaris[DOT]org
Comments:

Post a Comment:
Comments are closed for this entry.
About

Information about Solaris and OpenSolaris on Amazon Web Services (AWS) EC2. Look here for the latest information on the program and any late breaking information on (Open)Solaris on EC2.

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today