AWS Security ChangesHomeSearch

AWS imagebuilder documentation change

Service: imagebuilder · 2026-05-13 · Documentation low

File: imagebuilder/latest/userguide/security-best-practices.md

Summary

Added commands to securely delete systemd random-seed file in Linux hardening script

Security assessment

This change enhances security documentation by adding a hardening measure to delete sensitive system files. While it improves security posture, it doesn't address a specific known vulnerability or security incident.

Diff

diff --git a/imagebuilder/latest/userguide/security-best-practices.md b/imagebuilder/latest/userguide/security-best-practices.md
index cdf4191e3..e18178cf3 100644
--- a//imagebuilder/latest/userguide/security-best-practices.md
+++ b//imagebuilder/latest/userguide/security-best-practices.md
@@ -240,0 +241,6 @@ If you override **User data** in your recipe, the script doesn't run. In that ca
+    if [[ -f "/var/lib/systemd/random-seed" ]]; then
+            echo "Deleting /var/lib/systemd/random-seed"
+            sudo shred -zuf /var/lib/systemd/random-seed
+            sudo rm -f /var/lib/systemd/random-seed
+    fi
+