Security updates and features - Amazon Linux 2022
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China.

Amazon Linux 2022 is in preview release and is subject to change.

Security updates and features

Amazon Linux 2022 (AL2022) provides many security updates and solutions.

Manage updates

Apply security updates using DNF and repository versions. For more information, see Managing packages and operating system updates.

Security in the cloud

Understand how to apply the shared responsibility model for security in the cloud and of the cloud when using Amazon Linux 2022. For more information, see Security in Amazon Linux 2022.

SELinux modes

By default, SELinux is enabled and set to permissive mode in Amazon Linux 2022. In permissive mode, permission denials are logged but not enforced.

The SELinux policies define permissions for users, processes, programs, files, and devices. With SELinux, you can choose one of two policies. The policies are targeted or multi-level security (MLS).

For more information about SELinux modes and policy, see Setting SELinux modes and the SELinux Project Wiki.

Compliance program

Independent auditors assess the security and compliance of Amazon Linux 2022 along with many Amazon compliance programs. For more information, see Compliance validation for Amazon Linux 2022.

SSH server default

Amazon Linux 2022 includes OpenSSH 8.7. OpenSSH 8.7 by default disables the ssh-rsa key exchange algorithm. For more information, see Default SSH server configuration.

Major features of OpenSSL 3

  • The Certificate Management Protocol (CMP, RFC 4210) includes both CRMF (RFC 4211) and HTTP transfer (RFC 6712).

  • A HTTP or HTTPS client in libcrypto supports GET and POST actions, redirection, plain and ASN.1-encoded content, proxies, and timeouts.

  • The EVP_KDF works with Key Derivation Functions.

  • The EVP_MAC API works with MACs.

  • Linux Kernel TLS support.

For more information, see the OpenSSL migration guide.

For more information about compliance and security in the cloud, see Security in Amazon Linux 2022.