We have decided to share with AWS community our basic linux platform. It is based on Debian and includes some security enhancements, that comes from integrating grsecurity into kernel. Previously i have released only kernel builds known as ESK kernel, now we are presenting whole Debian that includes following changes:
- ESK kernel 3.2.58
- gradm 3.0
- paxctl 0.8
- TPE
- special groups for TPE: untrusted, readproc, symlinkrestr
- RBAC ready (disabled by default)
- performance modifications, see sysctl.conf
- default root filesystem is XFS
- you can build your own kernel, see dirty script in /usr/src/
AMI named debian-7.5-amd64-grsec-enhanced-security is available in US-East (ami-64dc300c) and EU-West (ami-818747f6) regions. After starting instance you can login into root account. Uses who need to have root access need to belong to special group ‘admin‘. For more information on using grsecurity kernel see documentation. We will be providing updates to the AMI when it will be necessary. More information about ESK can be found here, also you can track us for updates on twitter: ProcessOne or me.
