Aside from easy deployments, security is another topic that we’re really concerned about. That’s why this AMI is also provisioned with some extra components that will let you secure, prevent and monitor your EC2 instance for attacks, intrusions, FS modification attempts, etc…
SSH hardening - SSH login using root has been disabled. Only key-based logins are enabled. Only v2 of SSH protocol is enabled.
RKHunter - Daily scanning and automatic updates.
Fail2ban - Block any IP trying to brute-force your EC2 instance.
Auditd and ACCT - Any suspicious activity will be recorded. This includes tampering Auditd itself, configuration files and logs, kernel modprobing, kexec usage, mount operations, time and date modification attempts, user/group operations, logins, access failure (unauthenticated file access/modification/deletion), power state changes, DAC modifications, any 32 API usage, ptrace-based code injections/debugs, any commands executed by root, etc…