Changes

From Genome Analysis Wiki
Jump to navigationJump to search

Creating an AMI on EC2 (view source)

Revision as of 14:54, 14 October 2014

60 bytes removed ,  14:54, 14 October 2014
→‎Cleanup Instance for AMI Creation
Line 103: Line 103:     
==Cleanup Instance for AMI Creation==
 
==Cleanup Instance for AMI Creation==
 +
First time from generic/starcluster AMI
 
# Disable password-based logins for root
 
# Disable password-based logins for root
 
## Open /etc/ssh/sshd_config
 
## Open /etc/ssh/sshd_config
Line 108: Line 109:  
# Disable root access
 
# Disable root access
 
## <code> sudo passwd -l root</code>
 
## <code> sudo passwd -l root</code>
 +
 +
 +
Each time we generate a new AMI, run:
 +
<pre>sudo shred -u /etc/ssh/*_key /etc/ssh/*_key.pub
 +
sudo find / -name "authorized_keys" -exec rm -f {} \;
 +
rm -rf ~/.ssh
 +
shred -u ~/.*history
 +
sudo find /root/.*history /home/*/.*history -exec rm -f {} \;
 +
history -w
 +
history -c
 +
</pre>
 +
These commands do the following:
 
# Remove SSH host key pairs
 
# Remove SSH host key pairs
## Remove host key pairs located in <code>/etc/ssh</code> (ssh_host_dsa_key, ssh_host_dsa_key.pub, ssh_host_key, ssh_host_key.pub, ssh_host_rsa_key, ssh_host_rsa_key.pub)
  −
## <code>sudo shred -u /etc/ssh/*_key /etc/ssh/*_key.pub</code>
   
# Remove SSH authorized keys
 
# Remove SSH authorized keys
##<code>sudo find / -name "authorized_keys" -exec rm -f {} \;</code>
+
# Remove ssh
 
# Delete shell history
 
# Delete shell history
## <code> shred -u ~/.*history</code>
  −
##<code>sudo find /root/.*history /home/*/.*history -exec rm -f {} \;</code>
      
== Create the AMI ==
 
== Create the AMI ==
Retrieved from "http://genome.sph.umich.edu/wiki/Special:MobileDiff/11709...11713"

Navigation menu