Hi all,

I'm very happy with my new Joomla Turnkeylinux/Amazon set-up, but one thing that's bugging me as I set my websites loose on the world, and that is that security seems to have been severely downgraded from the default set-up that Amazon employ with their distros. 

To start with they require keypairs to be used even for things like FTP, they don't have a root user by default and your security groups are open to the whole world, for everyone from everywhere, upon firing the system up. 

Surely this means that brute force attacks are virtually being invited. 

Is there a list of things to do to harden the systems and how to do it using the software you supply in your lovely distro?

Cheers,

Openg