Security Enhanced Drupal AMP Stack AMI On OpenSolaris 2009.06 provided by Sun Microsystems, Inc.

items>Security Enhanced Drupal AMP Stack AMI On OpenSolaris 2009.06 provided by Sun Microsystems, Inc.
Community Contributed Software

  • Amazon Web Services provides links to these packages as a convenience for our customers, but software not authored by an "@AWS" account has not been reviewed or screened by AWS.
  • Please review this software to ensure it meets your needs before using it.

Security Enhanced Drupal 6.14 AMP Stack on OpenSolaris 2009.06 32-bit AMI is a public AMI provided by Sun Microsystems

Details

Submitted By: nextgenec2
US East AMI ID: ami-f2bf5c9b
Europe AMI ID: ami-782a010c
AMI Manifest: sun-opensolaris-2009-06/drupal_amp_stack_hardened_opensolaris_2009.06_32_1.0.img.manifest.xml
Operating System: Linux/Unix
Created On: November 4, 2009 6:13 PM GMT
Last Updated: November 17, 2009 7:24 PM GMT

Description:

This 32-bit AMI is based on OpenSolaris 2009.06 Hardened Security AMI (ami-e56e8f8c).

Following components are included in this AMI

  • Drupal 6.14 (in a pre-configured state)
  • Apache 2.2
  • MySQL 5.1
  • PHP 5.2
  • phpmyadmin 3.2.2

Configurations:

  • Drupal (bundled within this AMI in pre-configured state) is available under location /var/drupal-6.14
  • Drupal specific configuration for Apache Web Server is available within /etc/apache2/2.2/conf.d/drupal.conf
  • Users can launch and configure Drupal by accessing http://<DNS name associated with the instance> in their
    browser.
  • Apache and MySQL services are pre-configured to start on boot.
    • Apache Service: svc:/network/http:apache22
    • MySQL Service: svc:/application/database/mysql:version_51
  • If you would like to use phpMyAdmin, you will need to do the following:

# cp /etc/apache2/2.2/samples-conf.d/phpmyadmin.conf /etc/apache2/2.2/conf.d/
# svcadm restart http:apache22

  • DTrace probes are available within Apache and PHP runtime. Sample DTrace scripts are available under /opt/DTT/
  • More details on security information and image usage instructions is provided in to the '/root/ec2sun/README' file.

AMP Stack Files Layout:


 Apache  PHP  MySQL
 Binary Runtime Files
 /usr/apache2/2.2/bin  /usr/php/5.2/bin  /usr/mysql/5.1/bin
 Configuration Files
 /etc/apache2/2.2  /etc/php/5.2  /etc/mysql/5.1
 Web Documents / Data Files
 /var/apache2/2.2  /var/php/5.2  /var/mysql/5.1

Administering AMP Stack

 Command  Apache  MySQL
 Start Service  svcadm enable http:apache22  svcadm enable mysql:version_51
 Stop Service  svcadm disable http:apache22  svcadm disable mysql:version_51
 Restart Service  svcadm restart http:apache22  svcadm restart mysql:version_51


You can reset MySQL 'root' password by running following command:

# /usr/mysql/5.0/bin/mysqladmin -u root -p password '<MySQL password>'


It is highly recommended to secure your MySQL database by following the guidelines mentioned within MySQL 5.1 database documentation: http://dev.mysql.com/doc/refman/5.1/en/security-guidelines.html

Rebundling Changes:

You must disable the auditing during re-bundling. You can execute following commands in your clean up tasks before
executing "ec2-bundle-image" command.

# audit -t
# > /var/log/auditlog
# rm -f /var/audit/*

As you can see we have introduced the new ARI (ari-9d6889f4) with this AMI, make sure you use the correct ARI with the
"ec2-bundle-image" command as given below.

# ec2-bundle-image -c $EC2_CERT -k $EC2_PRIVATE_KEY \
--kernel aki-1783627e --ramdisk ari-9d6889f4 \
--block-device-mapping "root=rpool/56@0,ami=0,ephemeral0=1" \
--user <userid> --arch i386 \
-i $DIRECTORY/$IMAGE -d $DIRECTORY/parts

Note: For Europe use "--kernel aki-2181a955 --ramdisk ari-b49fb7c0"

You can restart the audit daemon on the instance where you disabled it temporarily for re-bundling with following command.

# audit -s

Europe Launch:

To run this AMI in Europe (AMI ID: ami-782a010c), change the following environment variables before launching the AMI:

bash # export EC2_URL="https://eu-west-1.ec2.amazonaws.com"
bash # export LOCATION="EU"

The other env variables remain the same as documented in the getting started guide.

NOTE:  a unique <your-keypair-name> must be generated for each region before launching an AMI.(Use ec2-add-keypair <name> > keypairfile after setting the above env variables).

Documentation:

Support

  • Register at http://www.sun.com/third-party/global/amazon/ to receive latest news on OpenSolaris AMIs
  • For technical support during Beta period, please send emails to ec2-solaris-support[AT]SUN[DOT]COM.
  • AMP Stack within OpenSolaris are delivered as part of WebStack project. For any questions related to these components, please write to webstack-discuss[AT]opensolaris[DOT]org
©2015, Amazon Web Services, Inc. or its affiliates. All rights reserved.