There is a new release of hardened OpenSolaris 2008.11 AMI on Amazon EC2's cloud computing service. It contains Drupal AMI with AMP stack. Installed and pre-configured on this publicly available AMI are Drupal v6.10, Apache v2.2, MySQL v5.0, and PHP v5.2.

More specifically, the configurations as outlined by Divyen Patel on the OpenSolaris on Amazon EC2 page are:

• Drupal (bundled within this AMI in pre-configured state) is available under location /var/drupal-6.10

• Drupal specific configuration for Apache Web Server is available within /etc/apache2/2.2/conf.d/drupal.conf.

• Users can launch and configure Drupal by accessing http://<;DNS name associated with the instance> in their browser.

• Apache and MySQL services are pre-configured to start on boot.

• If you would like to use phpMyAdmin, you will need to do the following: 1) cp /etc/apache2/2.2/samples-conf.d/phpmyadmin.conf /etc/apache2/2.2/conf.d/ and 2) svcadm restart http:apache22

• Drupal recommends having a database protected with a valid user name and password to be created on the system before configuring Drupal. Hence, users are advised to either use 'ssh' to login to your AMI or phpMyAdmin to create such database before proceeding to configuring Drupal.

• DTrace probes are available within Apache and PHP runtime. Sample Dtrace scripts are available under /opt/DTT/

Patel details the AMP stack file layouts and administering the AMP stack along with support links.

In his introduction of this new release, Sun Distinguished Engineer and Chief Security Architect Glenn Brunette notes that there are two points to be taken in mind:

"First, no security-relevant changes were necessary to successfully install, configure and test Drupal on this security-enhanced image. While this should likely not come as a surprise, it is an important validation that at least for some (many?) classes of applications, a security tuned golden image can be used as a foundation. This is good news for organizations who are interested in the having a common security baseline for their operating systems. The second thing to note is that MySQL was modified on this image to not listen on the network for connections. This means that the image is compliant with our original security objectives in that it is only exposing required services (e.g., Apache, SSH) and no others by default."

More Information

Drupal with AMP Stack AMI build on Hardened Security OpenSolaris 2008.11 AMI - Patel's post

NEW: Security Enhanced OpenSolaris Drupal Stack on EC2 - Brunette's blog

Hardened OpenSolaris 2008.11 on Amazon EC2

Hardened OpenSolaris 2009.06 on Amazon EC2 Released [...read more...]

		fullsource
Print Email Current Profile Archive Blog Generate newsletter

Other articles in the Security section of Volume 139, Issue 2: Drupal with AMP Stack AMI on Hardened OpenSolaris 2008.11 AMI (this article) See all archived articles in the Security section.

Top 10 Most Popular Articles in Current Issue (Vol 151, Issue 1) Two New Sun Netra Servers Introduced Security Configuration Benchmark for Solaris 10 The Line-up of Partner Events at Oracle OpenWorld 2010 San Francisco JUG Gets Two Day Session on Java EE 6 & GlassFish "GlassFish Security" Solving a Zone Attach Fail During a Zone Upgrade InfoWorld Announces Its Bossies Awards for 2010 Oracle's Exadata Storage Server Software Version 11.2.1.3.1 Enabling Smart Card Access for Oracle Virtual Desktop Client Sun Storage 6180 Array Outperforms IBM DS5020 Recent Blog Entries as of September 5, 2010, 11:22 pm Sun Storage 6180 Array Outperforms IBM DS5020 DDRdrive's X1 Proves Itself a Useful Device in Non-clustering ZFS Roles The Line-up of Partner Events at Oracle OpenWorld 2010 Enabling Smart Card Access for Oracle Virtual Desktop Desktop Client Enterprise Java Cloud Strategies Virtual Conference Configuration Directions for Transparent Failover with Solaris MPxIO and Oracle ASM Two New Sun Netra Servers Introduced Light Weight User Interface Toolkit (LWUIT) 1.4 is Now Available InfoWorld Announces Its Bossies Awards for 2010 Security Configuration Benchmark for Solaris 10 Blog RSS Feed