Monday Nov 02, 2009

Security Enhanced OpenSolaris 2009.06 AMP Stack AMI

US AMI Details:
AMI ID :
 ami-e0b05389
 AMI Manifest :
 sun-opensolaris-2009-06/amp_stack_hardened_opensolaris_2009.06_32_1.1.img.manifest.xml
 AKI / ARI ID:
 aki-1783627e / ari-9d6889f4
 License :
Public

Europe AMI Details:
AMI ID :
ami-7a2a010e
AMI Manifest :
sun-opensolaris-2009-06-eu/amp_stack_hardened_opensolaris_2009.06_32_1.1.img.manifest.xml
AKI / ARI ID:
aki-2181a955 / ari-b49fb7c0
License :
Public

Description:

This 32-bit AMI is based on OpenSolaris 2009.06 Hardened Security AMI (ami-e56e8f8c).

Following components are included in this AMI

  • Apache 2.2
  • MySQL 5.1
  • PHP 5.2
  • phpmyadmin 3.2.2

Configurations:

  • Apache and MySQL services are pre-configured to start on boot.
    • Apache Service: svc:/network/http:apache22
    • MySQL Service: svc:/application/database/mysql:version_51
  • If you would like to use phpMyAdmin, you will need to do the following:

# cp /etc/apache2/2.2/samples-conf.d/phpmyadmin.conf /etc/apache2/2.2/conf.d/
# svcadm restart http:apache22

  • DTrace probes are available within Apache and PHP runtime. Sample DTrace scripts are available under /opt/DTT/
  • More details on security information and image usage instructions is provided in to the '/root/ec2sun/README' file.

AMP Stack Files Layout:


 Apache  PHP  MySQL
 Binary Runtime Files
 /usr/apache2/2.2/bin  /usr/php/5.2/bin  /usr/mysql/5.1/bin
 Configuration Files
 /etc/apache2/2.2  /etc/php/5.2  /etc/mysql/5.1
 Web Documents / Data Files
 /var/apache2/2.2  /var/php/5.2  /var/mysql/5.1

Administering AMP Stack

 Command  Apache  MySQL
 Start Service  svcadm enable http:apache22  svcadm enable mysql:version_51
 Stop Service  svcadm disable http:apache22  svcadm disable mysql:version_51
 Restart Service  svcadm restart http:apache22  svcadm restart mysql:version_51


You can reset MySQL 'root' password by running following command:

# /usr/mysql/5.0/bin/mysqladmin -u root -p password '<MySQL password>'


It is highly recommended to secure your MySQL database by following the guidelines mentioned within MySQL 5.1 database documentation: http://dev.mysql.com/doc/refman/5.1/en/security-guidelines.html

Rebundling Changes:

You must disable the auditing during re-bundling. You can execute following commands in your clean up tasks before
executing "ec2-bundle-image" command.

# audit -t
# > /var/log/auditlog
# rm -f /var/audit/\*

As you can see we have introduced the new ARI (ari-9d6889f4) with this AMI, make sure you use the correct ARI with the
"ec2-bundle-image" command as given below.

# ec2-bundle-image -c $EC2_CERT -k $EC2_PRIVATE_KEY \\
--kernel aki-1783627e --ramdisk ari-9d6889f4 \\
--block-device-mapping "root=rpool/56@0,ami=0,ephemeral0=1" \\
--user <userid> --arch i386 \\
-i $DIRECTORY/$IMAGE -d $DIRECTORY/parts

Note: For Europe use "--kernel aki-2181a955 --ramdisk ari-b49fb7c0"

You can restart the audit daemon on the instance where you disabled it temporarily for re-bundling with following
command.

# audit -s

Europe Launch:

To run this AMI in Europe (AMI ID: ami-7a2a010e), change the following environment variables before launching the AMI:

bash # export EC2_URL="https://eu-west-1.ec2.amazonaws.com"
bash # export LOCATION="EU"

The other env variables remain the same as documented in the getting started guide.

NOTE:  a unique <your-keypair-name> must be generated for each region before launching an AMI.(Use ec2-add-keypair <name> > keypairfile after setting the above env variables).

Documentation:

Support

  • Register at http://www.sun.com/third-party/global/amazon/ to receive latest news on OpenSolaris AMIs
  • For technical support during Beta period, please send emails to ec2-solaris-support[AT]SUN[DOT]COM.
  • AMP Stack within OpenSolaris are delivered as part of WebStack project. For any questions related to these components, please write to webstack-discuss[AT]opensolaris[DOT]org

Tuesday Sep 01, 2009

Drupal with AMP Stack AMI build on Hardened Security OpenSolaris 2008.11 AMI

AMI ID: ami-d9ee0eb0
AMI Manifest: sun-opensolaris-2008-11-hardened/hardened_2008.11_32_AMP_Drupal_V1.1.img.manifest.xml
AKI/ARI ID:
aki-6552b60c / ari-6452b60d
License: Public

Description:

Sun Microsystems Inc. is pleased to announce the release of Drupal AMI with AMP Stack based on Hardened OpenSolaris 2008.11 AMI on Amazon EC2's cloud computing service. 

This 32-bit AMI gives you the power and security of OpenSolaris combined with the flexibility of Amazon's cloud computing service, and is optimized for Amazon EC2's cloud computing environment.


Following components are included in the AMI.
  • Drupal 6.10 (pre-configured state) 
  • Apache 2.2, MySQL 5.0 
  • PHP 5.2 (along with extensions like APC, DTrace, Suhosin, Memcache) runtime 
  • phpMyAdmin for administering the MySQL data base
  • OpenSolaris AMI Hardening update.  For Hardening Details, please visit  http://wikis.sun.com/display/ISC/OpenSolaris+AMI+Hardening

Configurations:

  • Drupal (bundled within this AMI in pre-configured state) is available under location /var/drupal-6.10
  • Drupal specific configuration for Apache Web Server is available within /etc/apache2/2.2/conf.d/drupal.conf.
  • Users can launch and configure Drupal by accessing http://<DNS name associated with the instance> in their browser.
  • Apache and MySQL services are pre-configured to start on boot.
  • If you would like to use phpMyAdmin, you will need to do the following:

                  # cp /etc/apache2/2.2/samples-conf.d/phpmyadmin.conf /etc/apache2/2.2/conf.d/

                  # svcadm restart http:apache22

  • Drupal recommends having a database protected with a valid user name and password to be created on the system before configuring Drupal. Hence, users are advised to either use 'ssh' to login to your AMI or phpMyAdmin to create such database before proceeding to configuring Drupal.
  • DTrace probes are available within Apache and PHP runtime. Sample Dtrace scripts are available under /opt/DTT/

For more details on security information and image usage instructions, please refer to the '/root/ec2sun/
README' file.


AMP Stack File Layouts


Apache

PHP

MySQL

Binary Runtime Files

/usr/apache2/2.2/bin

/usr/php/5.2/bin

/usr/mysql/5.0/bin

Configuration Files

/etc/apache2/2.2

/etc/php/5.2

/etc/mysql/5.0

Web Documents / Data Files

/var/apache2/2.2

/var/php/5.2

/var/mysql/5.0

Administering AMP Stack

Command

Apache

MySQL

Start Service

svcadm enable http:apache22

svcadm enable mysql:version_50

Stop Service

svcadm disable http:apache22

svcadm disable mysql:version_50

Restart Service

svcadm restart http:apache22

svcadm restart mysql:version_50


You can reset MySQL 'root'password by running following command:

# /usr/mysql/5.0/bin/mysqladmin -u root -p password '<MySQL password>'

It is highly recommended to secure your MySQL database by following the guidelines mentioned within the MySQL 5 database documentation:

The root file system is ZFS in this AMI and includes the pre-installed packages and tools necessary to get started with using OpenSolaris on Amazon EC2. You can obtain more details about the OpenSolaris project at http://www.opensolaris.org.

Also, just like in our previous AMIs, the "pkg image-update" command updates the kernel and ramdisk which is not allowed in Amazon EC2. Therefore, in order to prevent your instances from becoming non-compatible with the Amazon EC2 environment, we have disabled this command.

More details including re-bundling instructions can be found in the Getting Started Guide



Support:

For technical support during the Beta period, please contact ec2­-solaris­-support[AT]SUN[DOT]COM.

Please check OpenSolaris on Amazon EC2 blog for latest updates and new information about OpenSolaris AMIs.

The "OpenSolaris on Amazon EC2 Getting Started Guide" is located at:
http://www.sun.com/third-party/global/amazon/Sun_AmazonEC2_GettingStartedGuide.pdf


Register for OpenSolaris AMIs here.


Wednesday Apr 01, 2009

Drupal 6.10 AMI with AMP stack on OpenSolaris 2008.11

AMI ID: ami-170aed7e
AMI Manifest: sun-osol-2008-11/Drupal_2008.11_32_1.0.img.manifest.xml
License: Public

Description:

This 32 bit AMI is based on OpenSolaris 2008.11 AMP Stack AMI. Following components are
included in the AMI.

  • Drupal 6.10 (pre-configured state)
  • Apache 2.2
  • MySQL 5.0
  • PHP 5.2 (along with extensions like APC, DTrace, Suhosin, Memcache) runtime
  • phpmyadmin for administering mysql database.

Security Recommendation:

Drupal Installation/configuration pages can be accessible using public DNS address associated with the instance. It is recommended to configure ec2 firewall on port '80' to limit inbound connections.

Configurations:

  • Drupal (bundled within this AMI in pre-configured state) is available under location /var/drupal-6.10
  • Drupal specific configuration for Apache Web Server is available within /etc/apache2/2.2/conf.d/drupal.conf.
  • Users can launch and configure Drupal by accessing http://<DNS name associated with the instance> in their browser.
  • Apache and mysql services are pre-configured to start on boot.
  • If you would like to use phpMyAdmin, you will need to do the following:

                  # cp /etc/apache2/2.2/samples-conf.d/phpmyadmin.conf /etc/apache2/2.2/conf.d/

                  # svcadm restart http:apache22

  • Drupal recommends having a database protected with a valid user name and password to be created on the system before configuring Drupal. Hence, users are advised to either use 'ssh' to login to your AMI or phpMyAdmin to create such database before proceeding to configuring Drupal.
  • DTrace probes are available within Apache and PHP runtime. Sample Dtrace scripts are available under /opt/DTT/

For more details on security information and image usage instructions, Please refer to the '/root/ec2sun/
README' file.


AMP Stack File Layouts


Apache

PHP

MYSQL

Binary Runtime Files

/usr/apache2/2.2/bin

/usr/php/5.2/bin

/usr/mysql/5.0/bin

Configuration Files

/etc/apache2/2.2

/etc/php/5.2

/etc/mysql/5.0

Web Documents / Data Files

/var/apache2/2.2

/var/php/5.2

/var/mysql/5.0

Administering AMP Stack

Command

Apache

MYSQL

Start Service

svcadm enable http:apache22

svcadm enable mysql:version_50

Stop Service

svcadm disable http:apache22

svcadm disable mysql:version_50

Restart Service

svcadm restart http:apache22

svcadm restart mysql:version_50


You can reset mysql 'root'password by running following command:

# /usr/mysql/5.0/bin/mysqladmin -u root -p password '<MySQL password>'

It is highly recommended to secure your MySQL database by following the guidelines mentioned within MySQL 5 database documentation:

http://dev.mysql.com/doc/refman/5.0/en/security-guidelines.html

ZFS + EBS for MYSQL

User can now take advantage of ZFS to manage EBS volumes and can store mysql data on it. It may improve performance for certain workloads and database sizes.

For more information visit

Documentation:

Support

  • Register at http://www.sun.com/third-party/global/amazon/ to receive latest news on OpenSolaris AMIs

  • For technical support during Beta period, please send emails to ec2-solaris-support[AT]SUN[DOT]COM.

  • AMP Stack within OpenSolaris are delivered as part of WebStack project. For any questions related to these components, please write to webstack-discuss[AT]opensolaris[DOT]org

OpenSolaris AMI License for Amazon EC2
http://www.sun.com/third-party/global/amazon/license/ami/

OpenSolaris and MySQL are trademarks or registered trademarks of Sun Microsystems, Inc. or
its subsidiaries in the US and other countries.


About

Information about Solaris and OpenSolaris on Amazon Web Services (AWS) EC2. Look here for the latest information on the program and any late breaking information on (Open)Solaris on EC2.

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today