Security updates and features - Amazon Linux 2023

Security updates and features

Amazon Linux 2023 (AL2023) provides many security updates and solutions.

Manage updates

Apply security updates using DNF and repository versions. For more information, see Managing packages and operating system updates.

Security in the cloud

Understand how to apply the shared responsibility model for security in the cloud and of the cloud when using AL2023. For more information, see Security and Compliance in Amazon Linux 2023.

SELinux modes

By default, SELinux is enabled and set to permissive mode in AL2023. In permissive mode, permission denials are logged but not enforced.

The SELinux policies define permissions for users, processes, programs, files, and devices. With SELinux, you can choose one of two policies. The policies are targeted or multi-level security (MLS).

For more information about SELinux modes and policy, see Setting SELinux modes and the SELinux Project Wiki.

Compliance program

Independent auditors assess the security and compliance of AL2023 along with many AWS compliance programs.

SSH server default

AL2023 includes OpenSSH 8.7. OpenSSH 8.7 by default disables the ssh-rsa key exchange algorithm. For more information, see Default SSH server configuration.

Major features of OpenSSL 3

  • The Certificate Management Protocol (CMP, RFC 4210) includes both CRMF (RFC 4211) and HTTP transfer (RFC 6712).

  • A HTTP or HTTPS client in libcrypto supports GET and POST actions, redirection, plain and ASN.1-encoded content, proxies, and timeouts.

  • The EVP_KDF works with Key Derivation Functions.

  • The EVP_MAC API works with MACs.

  • Linux Kernel TLS support.

For more information, see the OpenSSL migration guide.

For more information about compliance and security in the cloud, see Security and Compliance in Amazon Linux 2023.