Hardening AWS EC2 AMI image
|
03-08-2018, 04:29 AM
Post: #4
|
|||
|
|||
RE: Hardening AWS EC2 AMI image
What changes do you make to the agents? They're generally meant to be disposable and auto install the latest OS updates as well as browsers when they are started. They are configured through user data so they can be scaled up and down as needed. I tend to use persistent spot requests to keep the costs down and it's no big deal if the instances get terminated and re-spawned.
The agent waits 30 seconds after starting and then runs /home/ubuntu/agent.sh in a screen session. The shell script runs update, dist-upgrade, autoremove and clean before doing a git update of the agent. Every hour it exits the agent and does a git update of the agent code and every 24 hours it stops completely and reboots. The main thing it doesn't do is a reboot before starting the agent the first time after updating so the kernel update won't get applied but I'm usually not as worried about that. If it is a concern then I can tweak the default images to reboot the first time they start after running the updates to make sure the kernel gets updated as well. |
|||
« Next Oldest | Next Newest »
|
Messages In This Thread |
Hardening AWS EC2 AMI image - Gordo - 03-07-2018, 02:24 AM
RE: Hardening AWS EC2 AMI image - pmeenan - 03-08-2018, 12:27 AM
RE: Hardening AWS EC2 AMI image - Gordo - 03-08-2018, 04:07 AM
RE: Hardening AWS EC2 AMI image - pmeenan - 03-08-2018 04:29 AM
RE: Hardening AWS EC2 AMI image - pmeenan - 03-08-2018, 04:29 AM
RE: Hardening AWS EC2 AMI image - Gordo - 03-08-2018, 06:10 AM
RE: Hardening AWS EC2 AMI image - pmeenan - 03-08-2018, 06:35 AM
RE: Hardening AWS EC2 AMI image - Gordo - 03-09-2018, 07:56 AM
RE: Hardening AWS EC2 AMI image - pmeenan - 03-09-2018, 08:52 AM
RE: Hardening AWS EC2 AMI image - Gordo - 04-01-2018, 12:39 AM
|
User(s) browsing this thread: 1 Guest(s)