Hi Matthew, I'm assuming that you are not relying on the EC2 firewall and want to lock down the server to be stealth apart from the required ports needed for OM?
Are you planning on clustering multiple instances and having S3 as your shared data repository? The tools you will need to do this are not specific to OM it will be the same for any public facing service, Google has many hits for hardening a *nix server, if you followed the guide on the wiki then you will already have a bare minimum system installed and locking the server down wouldn't be too much of a task. (actually you should probably remove the build tools) If the goal is to have a secure instance then you really need to get RTMPS and HTTPS completed too. (Step 12) I've not used EC2 but was planning on building a dev Private Cloud on Eucalyptus and testing out similar options (time permitting of course) I can assist with parts but don't have massive amounts of time at the moment. Best Regards Stephen Cottham Group IT Manager (Associate) Robert Bird Group Level 5, 333 Ann St Brisbane, Queensland, 4000, Australia Phone: +6173 319 2777 (AUS) Phone: +44207 633 2880 (UK) Fax: +6173 319 2799 Mobile: +61400 756 963 (AUS) Mobile: +447900 918 616 (UK) Web: www.robertbird.com This email and any attachments are confidential and may contain legally privileged information or copyright material. Unless expressly stated, confidentiality and/or legal privilege is not intended to be waived by the sending of this email. The contents of this email, including any attachments, are intended solely for the use of the individual or entity to whom they are addressed. If you are not an intended recipient, please contact us immediately by return email and then delete both messages. You may not otherwise read, forward, copy, use or disclose this email or any attachments. Any views expressed in this email are those of the individual sender except where the sender expressly, and with authority, states otherwise. It is your responsibility to check any attachments for viruses or defects before opening or sending them on. None of the sender or its related entities accepts any liability for any consequential damage resulting from this email containing computer viruses. Disclaimer added by CodeTwo Exchange Rules http://www.codetwo.com -----Original Message----- From: Matthew [mailto:[email protected]] Sent: 21 February 2013 17:05 To: [email protected] Subject: Interest in working on an EC2 guide? Is anybody interested in collaborating on an EC2 install guide based on Stephen Cottham's 22/01/2013 Ubuntu 12.10 headless guide? I've got it running, but as I've never administered a server before the learning curve was quite steep. I have worked out all the necessary modifications to the guide up to step 12 (encryption), as well as a quick guide to securely administering using AWS. What I really need help on is securing the server itself - iptables, fail2ban, chkrootkit, etc. I haven't been able to find any info on configuring reasonable security on an Openmeetings install. My thinking is to eventually publish an unofficial AMI, lowering the barrier of getting a server up and running, and perhaps increasing the number of people discovering client side bugs and quirks to be fixed. Maybe not what is desired at his stage of development? :) I have the time to test and update the guide for each major update.
