Cybersecurity in the Age of the Machine
As zero-day exploits become increasingly common, keeping the kernel up to date is a top priority.
In CentOS 6.x/7.x and RHEL 6x./7.x, upgrading the Linux Kernel is a painful procedure which requires about a dozen steps. On Fedora, all it takes is a time-saving two-liner. You don’t need to concern yourself with the configuration of the grub boot manager, which is a frequent source of trouble on CentOS and RHEL.
This is easier than you probably think: AWS will expand the EBS boot volume of an EC2 instance running Linux automatically when you launch a new instance off of it with the desired capacity.
Here is how it works in more detail.
In the age of cyber warfare, being paranoid is the only reasonable attitude and that means, among other things, being paranoid about software updates.
If you launch an instance from the official CentOS or RHEL 7.x AMI on AWS, you will be running kernel 3.1 as of this writing. That’s not a good idea. You can easily take advantage of improved security features of newer kernels that are already available in a stable release. The renowned Linux kernel maintainer Greg Kroah-Hartman released the Linux Kernel 4.14.15, which includes important fixes for Spectre & Meltdown. Here is how to update your Linux kernel from 3.1 to 4.16.11 in place.
Your users want to access a web server instance as a staging or production environment for DevOps… They want access to the web server document root of the sites they manage. Your job is to maintain the integrity of the whole system in terms of cyber security.
If you happen to be running a web server on Linux—for example in EC2 on Amazon AWS—and need to provide site owners remote access in a secure and responsible manner, here is how to do it.