Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Ubuntu 16.04 Xenial AMI contents

Here is what a freshly Ubuntu 16.04 Xenial AWS Machine Image (specifically ami-0181f8d9b6f098ec4) contains.

First and most importantly, only SSH daemon and DHCP client is running:

ubuntu@ip-172-1-2-3$ netstat -tupln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1240/sshd       
tcp6       0      0 :::22                   :::*                    LISTEN      1240/sshd       
udp        0      0 0.0.0.0:68              0.0.0.0:*                           883/dhclient    

Then, let's see what processes are running, leaving out most of the internal kernel processes:

ubuntu@ip-172-1-2-3$ ps axf
  PID TTY      STAT   TIME COMMAND
    2 ?        S      0:00 [kthreadd]
    3 ?        S      0:00  \_ [ksoftirqd/0]
    4 ?        S      0:00  \_ [kworker/0:0]
  ...          ...    ...   ...
 1657 ?        S<     0:00  \_ [loop1]
    1 ?        Ss     0:02 /sbin/init
  391 ?        Ss     0:00 /lib/systemd/systemd-journald
  428 ?        Ss     0:00 /sbin/lvmetad -f
  459 ?        Ss     0:00 /lib/systemd/systemd-udevd
  674 ?        Ssl    0:00 /lib/systemd/systemd-timesyncd
  883 ?        Ss     0:00 /sbin/dhclient -1 -v -pf /run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases -I -df /var/lib/dhcp/dhclient6.eth0.leases eth0
 1032 ?        Ss     0:00 /sbin/iscsid
 1033 ?        S<Ls   0:00 /sbin/iscsid
 1041 ?        Ss     0:00 /usr/sbin/atd -f
 1046 ?        Ss     0:00 /lib/systemd/systemd-logind
 1055 ?        Ss     0:00 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
 1064 ?        Ssl    0:00 /usr/lib/accountsservice/accounts-daemon
 1066 ?        Ssl    0:00 /usr/sbin/rsyslogd -n
 1075 ?        Ss     0:00 /usr/sbin/cron -f
 1086 ?        Ss     0:00 /usr/sbin/acpid
 1088 ?        Ssl    0:00 /usr/bin/lxcfs /var/lib/lxcfs/
 1136 ?        Ss     0:00 /sbin/mdadm --monitor --pid-file /run/mdadm/monitor.pid --daemonise --scan --syslog
 1146 ?        Ssl    0:00 /usr/lib/policykit-1/polkitd --no-debug
 1216 ttyS0    Ss+    0:00 /sbin/agetty --keep-baud 115200 38400 9600 ttyS0 vt220
 1221 tty1     Ss+    0:00 /sbin/agetty --noclear tty1 linux
 1240 ?        Ss     0:00 /usr/sbin/sshd -D
 1262 ?        Ss     0:00  \_ sshd: ubuntu [priv]
 1516 ?        S      0:00      \_ sshd: ubuntu@pts/0
 1520 pts/0    Ss     0:00          \_ -bash
 1809 pts/0    R+     0:00              \_ ps axf
 1450 ?        Ss     0:00 /lib/systemd/systemd --user
 1454 ?        S      0:00  \_ (sd-pam)
 1529 ?        Ssl    0:00 /usr/lib/snapd/snapd
 1717 ?        Ssl    0:00 /snap/amazon-ssm-agent/295/amazon-ssm-agent

So, except for the hardware management processes, logging, login & acounting, and the SSH connection that connects me to the VM, we have the following:

Process Purpose
systemd-timesyncd Time synchonisation (NTP)
atd Scheduler for tasks in the future
crond Scheduler for recurrent tasks
polkitd Controller for interprocess communitation
snapd Low level package management
amazon-ssm-agent Interfacing to the underlying AWS system
SSH daemon Secure Shell access

With respect to user accounts, we have

ubuntu@ip-172-1-2-3$ cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
systemd-timesync:x:100:102:systemd Time Synchronization,,,:/run/systemd:/bin/false
systemd-network:x:101:103:systemd Network Management,,,:/run/systemd/netif:/bin/false
systemd-resolve:x:102:104:systemd Resolver,,,:/run/systemd/resolve:/bin/false
systemd-bus-proxy:x:103:105:systemd Bus Proxy,,,:/run/systemd:/bin/false
syslog:x:104:108::/home/syslog:/bin/false
_apt:x:105:65534::/nonexistent:/bin/false
lxd:x:106:65534::/var/lib/lxd/:/bin/false
messagebus:x:107:111::/var/run/dbus:/bin/false
uuidd:x:108:112::/run/uuidd:/bin/false
dnsmasq:x:109:65534:dnsmasq,,,:/var/lib/misc:/bin/false
sshd:x:110:65534::/var/run/sshd:/usr/sbin/nologin
pollinate:x:111:1::/var/cache/pollinate:/bin/false
ubuntu:x:1000:1000:Ubuntu:/home/ubuntu:/bin/bash

which means that only root and ubuntu are real users that potentially can log in. The only way to login, however, is through SSH, and it is configured so that only public-key authentication is allowed. For both root and ubuntu, the only allowed key is the one that was baked into the image at startup, and any root login with that key will be rejected and referred to login as user ubuntu.

The set of installed packages is also very limited, just enough to install and configure more software when needed, eg.

Package Purpose
apt Package manager
bash Shell scripting
bsdutils Standard utilities
cryptsetup Disk encryption
curl Fetch file from the web
ftp FTP client
git Revision control system
gnupg PGP
gzip Zip
lxd Container hypervisor
mawk Text processing
nano Editor
python3 Scripting language
rsync File synchronisation
strace System call tracer
sed Text stream editor
tar Archiver
vim Editor
wget Fetch file from the web

So, all in all, it seems like Ubuntu Cloud image is close to minimal.

Kernel:

ubuntu@ip-172-1-2-3$ uname -a
Linux ip-192-168-40-105 4.4.0-1070-aws #80-Ubuntu SMP Thu Oct 4 13:56:07 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment