HOWTO build a base CentOS 5.6 AMI that is (mostly) cloudpassage compliant

This "script" will build you a "mostly" configuration compliant cloudpassage CentOS 5.6 base AMI. The resultant AMI voliates the following cloudpassage CentOS 5.5 core policies (no CentOS 5.6 policy available):

Disable root login via SSH - this is not done on the AMI Logging services should be running - no rsyslog Verify iptables is running - no iptables installed Security of /var/log/wtmp file - owner and group are root:utmp and not root:root

(see http://www.cloudpassage.com)

Any other CentOS 5.x AMI can be used to build a new AMI via a loopback. In this case the following were utilised.

i386 - ami-efe4cf9b -rightscale-eu/CentOS_5.4_i386_v4.4.10.manifest.xml x86_64 - ami-ebe4cf9f - rightscale-eu/CentOS_5.4_x64_v4.4.10.manifest.xml

Please read through the pages carefully as this AMI build is quite specific and suited to users that want a minimal architecture specific base on which to build.

Notes

Mounts

The mounting of /dev/sdc, /dev/sdd and /dev/sde on m1.large, m1.xlarge, cc1.4xlarge, and c1.xlarge (where applicable) is automated in the AMI start up process with smart.mount.sh. See http://docs.amazonwebservices.com/AWSEC2/latest/UserGuide/index.html?instance-storage-concepts.html

yum

/etc/yum.conf is configured to be architecture specific and exclude packages that are not specific to the architecture. In some cases you may found a dependency fail when installing a package.

It is base

So... /etc/ld.so.conf.d/libc6-xen.conf is not deployed and neither are the custom kernel modules http://s3.amazonaws.com/ec2-downloads/modules-2.6.16-ec2.tgz