Security updates and features - Amazon Linux 2023
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Security updates and features

AL2023 provides many security updates and solutions.

Manage updates

Apply security updates using DNF and repository versions. For more information, see Manage package and operating system updates in AL2023.

Security in the cloud

Security is a shared responsibility between Amazon and you. The shared responsibility model describes this as security of the cloud and security in the cloud. For more information, see Security and Compliance in Amazon Linux 2.

SELinux modes

By default, SELinux is enabled and set to permissive mode in AL2023. In permissive mode, permission denials are logged but not enforced.

The SELinux policies define permissions for users, processes, programs, files, and devices. With SELinux, you can choose one of two policies. The policies are targeted or multi-level security (MLS).

For more information about SELinux modes and policy, see Setting SELinux modes for AL2023 and the SELinux Project Wiki.

Compliance program

Independent auditors assess the security and compliance of AL2023 along with many Amazon compliance programs.

SSH server default

AL2023 includes OpenSSH 8.7. OpenSSH 8.7 by default disables the ssh-rsa key exchange algorithm. For more information, see Default SSH server configuration.

Major features of OpenSSL 3

  • The Certificate Management Protocol (CMP, RFC 4210) includes both CRMF (RFC 4211) and HTTP transfer (RFC 6712).

  • A HTTP or HTTPS client in libcrypto supports GET and POST actions, redirection, plain and ASN.1-encoded content, proxies, and timeouts.

  • The EVP_KDF works with Key Derivation Functions.

  • The EVP_MAC API works with MACs.

  • Linux Kernel TLS support.

For more information, see the OpenSSL migration guide.