HOWTO build a base CentOS 5.6 AMI that is (mostly) cloudpassage compliant

This "script" will build you a "mostly" configuration compliant cloudpassage CentOS 5.6 base AMI. The resultant AMI voliates the following cloudpassage CentOS 5.5 core policies (no CentOS 5.6 policy available):

Disable root login via SSH - this is not done on the AMI Logging services should be running - no rsyslog Verify iptables is running - no iptables installed Security of /var/log/wtmp file - owner and group are root:utmp and not root:root


Any other CentOS 5.x AMI can be used to build a new AMI via a loopback. In this case the following were utilised.

i386 - ami-efe4cf9b -rightscale-eu/CentOS_5.4_i386_v4.4.10.manifest.xml x86_64 - ami-ebe4cf9f - rightscale-eu/CentOS_5.4_x64_v4.4.10.manifest.xml

Please read through the pages carefully as this AMI build is quite specific and suited to users that want a minimal architecture specific base on which to build.



The mounting of /dev/sdc, /dev/sdd and /dev/sde on m1.large, m1.xlarge, cc1.4xlarge, and c1.xlarge (where applicable) is automated in the AMI start up process with See


/etc/yum.conf is configured to be architecture specific and exclude packages that are not specific to the architecture. In some cases you may found a dependency fail when installing a package.

It is base

So... /etc/ is not deployed and neither are the custom kernel modules