This is a discussion on Security Enhanced Drupal AMP Stack AMI On OpenSolaris 2009.06 - Solaris Rss ; US AMI Details AMI ID : ami-f2bf5c9b AMI Manifest : sun-opensolaris-2009-06/drupal_amp_stack_hardened_opensolaris_2009.06_32_1 .0.img.manifest.xml AKI / ARI ID: aki-1783627e / ari-9d6889f4 License : Public Europe AMI Details AMI ID : ami-782a010c AMI Manifest : sun-opensolaris-2009-06-eu/drupal_amp_stack_hardened_opensolaris_2009.06_32_1 .0.img.manifest.xml AKI / ARI ID: aki-2181a955 / ...
US AMI Details AMI ID :
ami-f2bf5c9b
AMI Manifest :
sun-opensolaris-2009-06/drupal_amp_stack_hardened_opensolaris_2009.06_32_1 .0.img.manifest.xml AKI / ARI ID:
aki-1783627e / ari-9d6889f4 License :
Public
Europe AMI Details AMI ID :
ami-782a010c AMI Manifest :
sun-opensolaris-2009-06-eu/drupal_amp_stack_hardened_opensolaris_2009.06_32_1 .0.img.manifest.xml AKI / ARI ID:
aki-2181a955 / ari-b49fb7c0 License :
Public
Description:
This 32-bit AMI is based on OpenSolaris 2009.06 Hardened Security AMI (ami-e56e8f8c).
Following components are included in this AMI
Configurations:
- Drupal 6.14 (in a pre-configured state)
- Apache 2.2
- MySQL 5.1
- PHP 5.2
- phpmyadmin 3.2.2
- Drupal (bundled within this AMI in pre-configured state) is available under location /var/drupal-6.14
- Drupal specific configuration for Apache Web Server is available within /etc/apache2/2.2/conf.d/drupal.conf
- Users can launch and configure Drupal by accessing http:// in their
browser.- Apache and MySQL services are pre-configured to start on boot.
- Apache Service: svc:/network/http:apache22
- MySQL Service: svc:/application/database/mysql:version_51
- If you would like to use phpMyAdmin, you will need to do the following:
# cp /etc/apache2/2.2/samples-conf.d/phpmyadmin.conf /etc/apache2/2.2/conf.d/
# svcadm restart http:apache22
AMP Stack Files Layout:
- DTrace probes are available within Apache and PHP runtime. Sample DTrace scripts are available under /opt/DTT/
- More details on security information and image usage instructions is provided in to the '/root/ec2sun/README' file.
Apache PHP MySQL Binary Runtime Files
/usr/apache2/2.2/bin /usr/php/5.2/bin /usr/mysql/5.1/bin Configuration Files
/etc/apache2/2.2 /etc/php/5.2 /etc/mysql/5.1 Web Documents / Data Files
/var/apache2/2.2 /var/php/5.2 /var/mysql/5.1 Administering AMP Stack
Command Apache MySQL Start Service svcadm enable http:apache22 svcadm enable mysql:version_51 Stop Service svcadm disable http:apache22 svcadm disable mysql:version_51 Restart Service svcadm restart http:apache22 svcadm restart mysql:version_51
You can reset MySQL 'root' password by running following command:
# /usr/mysql/5.0/bin/mysqladmin -u root -p password ''It is highly recommended to secure your MySQL database by following the guidelines mentioned within MySQL 5.1 database documentation: http://dev.mysql.com/doc/refman/5.1/en/security-guidelines.html
Rebundling Changes:
You must disable the auditing during re-bundling. You can execute following commands in your clean up tasks before
executing "ec2-bundle-image" command.
# audit -tAs you can see we have introduced the new ARI (ari-9d6889f4) with this AMI, make sure you use the correct ARI with the
# > /var/log/auditlog
# rm -f /var/audit/*
"ec2-bundle-image" command as given below.
# ec2-bundle-image -c $EC2_CERT -k $EC2_PRIVATE_KEY \Note: For Europe use "--kernel aki-2181a955 --ramdisk ari-b49fb7c0"
--kernel aki-1783627e --ramdisk ari-9d6889f4 \
--block-device-mapping "root=rpool/56@0,ami=0,ephemeral0=1" \
--user --arch i386 \
-i $DIRECTORY/$IMAGE -d $DIRECTORY/parts
You can restart the audit daemon on the instance where you disabled it temporarily for re-bundling with following command.
# audit -s
Europe Launch:
To run this AMI in Europe (AMI ID: ami-782a010c), change the following environment variables before launching the AMI:
bash # export EC2_URL="https://eu-west-1.ec2.amazonaws.com"The other env variables remain the same as documented in the getting started guide.
bash # export LOCATION="EU"
NOTE: a unique must be generated for each region before launching an AMI.(Use ec2-add-keypair > keypairfile after setting the above env variables).
Documentation:
- Drupal 6.14 Release Notes: http://drupal.org/node/579476
- Drupal Getting Started Guide: http://drupal.org/getting-started/6
- For questions regarding Apache, MySQL and PHP runtime, please visit Web Stack Getting Started Guide for OpenSolaris 2009.06 at http://wikis.sun.com/display/WebStac...+Started+Guide
- For general questions on OpenSolaris, please visit OpenSolaris on Amazon EC2 Getting Started Guide: http://www.sun.com/third-party/globa...artedGuide.pdf
- For Information on Hardened Security on OpenSolaris 2009.06, Visit
http://blogs.sun.com/ec2/entry/hardened_opensolaris_2009_06_on
Support
- Register at http://www.sun.com/third-party/global/amazon/ to receive latest news on OpenSolaris AMIs
- For technical support during Beta period, please send emails to ec2-solaris-support[AT]SUN[DOT]COM.
- AMP Stack within OpenSolaris are delivered as part of WebStack project. For any questions related to these components, please write to webstack-discuss[AT]opensolaris[DOT]org
More...
