From Genome Analysis Wiki
Jump to navigationJump to search
60 bytes removed
, 14:54, 14 October 2014
Line 103: |
Line 103: |
| | | |
| ==Cleanup Instance for AMI Creation== | | ==Cleanup Instance for AMI Creation== |
| + | First time from generic/starcluster AMI |
| # Disable password-based logins for root | | # Disable password-based logins for root |
| ## Open /etc/ssh/sshd_config | | ## Open /etc/ssh/sshd_config |
Line 108: |
Line 109: |
| # Disable root access | | # Disable root access |
| ## <code> sudo passwd -l root</code> | | ## <code> sudo passwd -l root</code> |
| + | |
| + | |
| + | Each time we generate a new AMI, run: |
| + | <pre>sudo shred -u /etc/ssh/*_key /etc/ssh/*_key.pub |
| + | sudo find / -name "authorized_keys" -exec rm -f {} \; |
| + | rm -rf ~/.ssh |
| + | shred -u ~/.*history |
| + | sudo find /root/.*history /home/*/.*history -exec rm -f {} \; |
| + | history -w |
| + | history -c |
| + | </pre> |
| + | These commands do the following: |
| # Remove SSH host key pairs | | # Remove SSH host key pairs |
− | ## Remove host key pairs located in <code>/etc/ssh</code> (ssh_host_dsa_key, ssh_host_dsa_key.pub, ssh_host_key, ssh_host_key.pub, ssh_host_rsa_key, ssh_host_rsa_key.pub)
| |
− | ## <code>sudo shred -u /etc/ssh/*_key /etc/ssh/*_key.pub</code>
| |
| # Remove SSH authorized keys | | # Remove SSH authorized keys |
− | ##<code>sudo find / -name "authorized_keys" -exec rm -f {} \;</code> | + | # Remove ssh |
| # Delete shell history | | # Delete shell history |
− | ## <code> shred -u ~/.*history</code>
| |
− | ##<code>sudo find /root/.*history /home/*/.*history -exec rm -f {} \;</code>
| |
| | | |
| == Create the AMI == | | == Create the AMI == |