Security updates and features
AL2023 provides many security updates and solutions.
Topics
Manage updates
Apply security updates using DNF and repository versions. For more information, see Manage package and operating system updates in AL2023.
Security in the cloud
Security is a shared responsibility between AWS and you. The shared responsibility model
SELinux modes
By default, SELinux is enabled and set to permissive mode in AL2023. In permissive mode, permission denials are logged but not enforced.
The SELinux policies define permissions for users, processes, programs, files, and devices. With SELinux, you can choose one of two policies. The policies are targeted or multi-level security (MLS).
For more information about SELinux modes and policy, see Setting SELinux modes for AL2023 and the SELinux Project
Wiki
Compliance program
Independent auditors assess the security and compliance of AL2023 along with many AWS compliance programs.
SSH server default
AL2023 includes OpenSSH 8.7. OpenSSH 8.7 by default disables the ssh-rsa
key exchange algorithm.
For more information, see Default SSH server configuration.
Major features of OpenSSL 3
-
The Certificate Management Protocol (CMP, RFC 4210) includes both CRMF (RFC 4211) and HTTP transfer (RFC 6712).
-
A HTTP or HTTPS client in libcrypto supports GET and POST actions, redirection, plain and ASN.1-encoded content, proxies, and timeouts.
-
The EVP_KDF works with Key Derivation Functions.
-
The EVP_MAC API works with MACs.
-
Linux Kernel TLS support.
For more information, see the OpenSSL
migration guide