Detecting Secure Configuration of Linux-based EC2 Instances

Correct Answer : B.

Option A is incorrect because you have to create a Lambda function and configure a schedule to run the Lambda function.

It is not the easiest method.

Option B is CORRECT because the “Security Best Practices-1.0 rule package” in Amazon Inspector includes the required checks.

Amazon Inspector can run an assessment on all the required EC2 instances periodically.

Option C is incorrect because there is no existing AWS Config rule that can do this task.

You have to create a custom rule with a Lambda function.

It is not as easy as option.

B.Option D is incorrect because there are a big number of instances and some of them may use Redhat, Ubuntu or other operating systems.

It would be not realistic to use Amazon AMIs for all these EC2 instances.

Reference:

https://docs.aws.amazon.com/inspector/latest/userguide/inspector_security-best-practices.html

The best method to automatically detect whether the instances are configured securely with regards to SSH authentication is Option B, which is to create an Amazon Inspector assessment and include the “Security Best Practices-1.0 rule package” which can determine if root login over SSH and password authentication over SSH are disabled.

Here's why Option B is the best choice, along with an explanation of why the other options may not be the easiest or most efficient:

Option A: Creating a Lambda function that loops through all Linux-based instances and checks the file /etc/ssh/sshd_config to see if SSH root login and password authentication over SSH are disabled.

While this option is possible, it is not the easiest method. This is because creating a Lambda function to check each instance one by one is not scalable and can be quite complex to set up. Additionally, if there are many instances, this method can take a long time to execute. Furthermore, this option can be error-prone as it relies on accurate and up-to-date file paths, and assumes that there are no custom configurations that might be in place.

Option C: Configuring a rule in AWS Config to check if root login over SSH and password authentication over SSH are disabled in EC2 instances. Raise an SNS notification if the rule is not-compliant.

This option is closer to the ideal solution than Option A, but it is still not as efficient as Option B. AWS Config provides a way to evaluate the compliance of instances and resources against a set of predefined or custom rules. However, creating and managing custom rules in AWS Config can be a complex and time-consuming process. In addition, this method may also be prone to errors, as it depends on the accuracy of the rule configuration and the compliance evaluation process.

Option D: Making sure that the Amazon Linux AMIs are used for EC2 instances. By default, root login over SSH and password authentication over SSH are disabled in Amazon issued AMIs.

This option is not the easiest method, as it does not provide an automated way to check the current configuration of instances. It only guarantees that the Amazon Linux AMIs come with secure SSH authentication configurations by default. However, if instances are launched from custom AMIs or non-Amazon Linux AMIs, this option would not be effective.

In summary, Option B is the best choice because it provides an automated and scalable method to check the SSH authentication configuration of instances. The Security Best Practices-1.0 rule package can easily be included in Amazon Inspector assessments to check for compliance, and it provides an easy way to generate reports and notifications when instances are not configured securely.