feat: reduce attack surface due to packages#2006
Draft
Conversation
Contributor
|
Important Review skippedDraft detected. Please check the settings in the CodeRabbit UI or the You can disable this status message by setting the Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
samrose
changed the title
samrose
force-pushed
the
image-strip
branch
2 times, most recently
from
4822454 to
efd4e6b
Compare
…ler, and is required
…move cloud-init was being removed during Ansible package cleanup despite autoremove being disabled. Rather than debug further, explicitly reinstall both critical packages before apt-mark and autoremove.
Key changes: - Set multi-user.target as default boot target to prevent graphical boot issues - Move apt-get update/upgrade to after autoremove (matching qemu script order) - Protect libevent-2.1-7t64 from autoremove (needed by PgBouncer) - Add journalctl cleanup commands for proper log rotation - Add fstrim at end to optimize disk These changes align the AWS AMI cleanup script with the QEMU cleanup script which has been working. The most critical fix is setting multi-user.target as default, which ensures the system boots properly for SSH access.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Removing packages that are not needed, with priority on items that could be security attack vector